mcp-server-semgrep/semgrep-rules/javascript/lang/best-practice/leftover_debugging.yaml

MCP Server for Semgrep Integration - static code analysis with AI

rules:
  - id: javascript-alert
    message: found alert() call; should this be in production code?
    languages:
      - javascript
      - typescript
    severity: WARNING
    pattern-either:
      - pattern: alert()
      - pattern: alert($X)
    metadata:
      category: best-practice
      technology:
        - javascript
  - id: javascript-debugger
    pattern: debugger;
    message: found debugger call; should this be in production code?
    languages:
      - javascript
      - typescript
    severity: WARNING
    metadata:
      category: best-practice
      technology:
        - javascript
  - id: javascript-confirm
    pattern: confirm(...)
    message: found confirm() call; should this be in production code?
    languages:
      - javascript
      - typescript
    severity: WARNING
    metadata:
      category: best-practice
      technology:
        - javascript
  - id: javascript-prompt
    message: found prompt() call; should this be in production code?
    languages:
      - javascript
      - typescript
    severity: WARNING
    pattern-either:
      - pattern: prompt()
      - pattern: prompt($X)
      - pattern: prompt($X, $Y)
    metadata:
      category: best-practice
      technology:
        - javascript