Dear ESLint team, I am from Security Team of Microsoft 365. Our team is trying to add a new feature for ESLint.
ESLint is a great and famous tool for identifying and reporting on patterns found in ECMAScript/JavaScript code. It helps a lot in our development. Sometimes we developers have to suppress warnings/errors in the code by adding `eslint-disable`, `eslint-disable-line` and `eslint-disable-next-line` comments, according to disabling-rules<https://github.com/eslint/eslint/blob/master/docs/user-guide/configuring/rules.md#disabling-rules>. We can also use `.\node_modules\.bin\eslint.cmd 1.js -f @microsoft/eslint-formatter-sarif -o 1.sarif --no-inline-config` to dump all information including suppressed ones into a SARIF file. However in our scenarios, Security Development Lifecycle (SDL) tools, such as ESLint, are expected to export suppression justifications when warnings/errors are disabled. For example, a developer use `eslint-disable-line no-console` to suppress a warning: console.log('foo'); // eslint-disable-line no-console -- Just for debug. Then in DevOps, ESLint could record this message and dump it into file (The highlight part below is what we are expected): "results": [ { "level": "warning", "message": { "text": "foobar" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "file:///C:/Users/test/1.js", "index": 0 }, "region": { "startLine": 1, "startColumn": 1 } } } ], "ruleId": "no-console", "ruleIndex": 0, "suppressions": [ { "kind": "inSource", "justification": "Just for debug." } ] }, ] This suppression info would trigger a signal to our team, and thus we could judge whether the suppression is reasonable by the justification. I think this could be a useful feature not only for our team but also more other users of ESLint. And we are willing to implement the changes, create a related issue and a PR as necessary. What do you think about it? Look forward to your reply. Best regards, Yiwei Ding -- You received this message because you are subscribed to the Google Groups "ESLint" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/eslint/PSAP153MB0456A617760144FFD6AE40D4AE199%40PSAP153MB0456.APCP153.PROD.OUTLOOK.COM.
