Why this matters
Using eval to execute code can lead to security vulnerabilities and is not allowed in environments with Content Security Policies. Avoid eval and use safer alternatives.
Detect the use of eval(). Eval allows execution of arbitrary code, leading to security vulnerabilities such as code injection. Recommend safer alternatives like function execution.
Using eval to execute code can lead to security vulnerabilities and is not allowed in environments with Content Security Policies. Avoid eval and use safer alternatives.
Side-by-side examples engineers can pattern-match during review.
const userInput = 'alert("Hacked!")';
eval(userInput);const userInput = 'alert("Hacked!")';
// Avoid eval usage; parse or sanitize input appropriately
console.log('Safe execution:', userInput);const userInput = 'alert("Hacked!")';
eval(userInput);const userInput = 'alert("Hacked!")';
// Avoid eval usage; parse or sanitize input appropriately
console.log('Safe execution:', userInput);From the same buckets as this rule.