mcp-server-semgrep/semgrep-rules/javascript/lang/best-practice/zlib-async-loop.yaml

MCP Server for Semgrep Integration - static code analysis with AI

rules:
  - id: zlib-async-loop
    patterns:
      - pattern-either:
          - pattern-inside: |
              for (...) {
                  ...
              }
          - pattern-inside: |
              while (...) {
                  ...
              }
          - pattern-inside: |
              do {
                  ...
              } while (...)
          - pattern-inside: |
              $SMTH.forEach(...)
          - pattern-inside: |
              $SMTH.map(...)
          - pattern-inside: |
              $SMTH.reduce(...)
          - pattern-inside: |
              $SMTH.reduceRight(...)
      - pattern: zlib.$METHOD(...);
      - metavariable-regex:
          metavariable: $METHOD
          regex: ^.+$(?<!Sync)
    message: >-
      Creating and using a large number of zlib objects simultaneously
      can cause significant memory fragmentation. It is strongly recommended
      that the results of compression operations be cached or made synchronous
      to avoid duplication of effort.
    metadata:
      references:
        - https://nodejs.org/api/zlib.html#zlib_threadpool_usage_and_performance_considerations
      category: best-practice
      technology:
        - javascript
    severity: WARNING
    languages: [javascript, typescript]