New, high-signal rules for the JavaScript ecosystem

The Semgrep registry has introduced three new rulesets for the JavaScript ecosystem to address the diverse needs of developers using JavaScript in various environments. These include an upgraded JavaScript ruleset, a Node.js-specific ruleset, and an Express.js ruleset, each designed to target specific vulnerabilities and misconfigurations. The JavaScript ruleset focuses on both client-side and server-side vulnerabilities, such as prototype pollution and hardcoded secrets, while the Node.js ruleset addresses issues like weak random number generators and TLS misconfigurations. The Express.js ruleset aims to mitigate common security risks like CORS misconfigurations and XSS vulnerabilities. By creating distinct rulesets, Semgrep seeks to provide more targeted and effective security coverage, allowing developers to apply these rules within their local or CI/CD environments.