packages/compiler-core/src/parse.ts rule:ajinabraham.njsscan.regex_dos.regex_dos: Ensure that the regex used to compare with user supplied input is safe from regular expression denial of service. Details: https://sg.run/eLgR 418: __TEST__ && assert(/^<[a-z]/i.test(context.source)) -------------------------------------------------------------------------------- 520: __TEST__ && assert(/^<\/?[a-z]/i.test(context.source)) -------------------------------------------------------------------------------- 650: /^[A-Z]/.test(tag) || -------------------------------------------------------------------------------- 735: if (/^[^\t\r\n\f />]/.test(context.source)) { -------------------------------------------------------------------------------- 747: __TEST__ && assert(/^[^\t\r\n\f />]/.test(context.source)) -------------------------------------------------------------------------------- 779: if (/^[\t\r\n\f ]*=/.test(context.source)) { packages/compiler-core/src/transforms/vOn.ts rule:ajinabraham.njsscan.regex_dos.regex_dos: Ensure that the regex used to compare with user supplied input is safe from regular expression denial of service. Details: https://sg.run/eLgR 68: let exp: ExpressionNode | undefined = dir.exp as 69: | SimpleExpressionNode 70: | undefined 71: if (exp && !exp.content.trim()) { 72: exp = undefined 73: } 74: let shouldCache: boolean = context.cacheHandlers && !exp && !context.inVOnce 75: if (exp) { 76: const isMemberExp = isMemberExpression(exp.content, context) 77: const isInlineStatement = !(isMemberExp || fnExpRE.test(exp.content)) -------- [hid 69 additional lines, adjust with --max-lines-per-finding] -------- packages/compiler-core/src/validateExpression.ts rule:ajinabraham.njsscan.eval_node.eval_nodejs: User controlled data in eval() or similar functions may result in Server Side Injection or Remote Code Injection Details: https://sg.run/3x6D 35: const exp = node.content 36: 37: // empty expressions are validated per-directive since some directives 38: // do allow empty expressions. 39: if (!exp.trim()) { 40: return 41: } 42: 43: try { 44: new Function( -------- [hid 21 additional lines, adjust with --max-lines-per-finding] -------- packages/compiler-dom/src/transforms/stringifyStatic.ts rule:ajinabraham.njsscan.regex_dos.regex_dos: Ensure that the regex used to compare with user supplied input is safe from regular expression denial of service. Details: https://sg.run/eLgR 149: : false) || dataAriaRE.test(name) packages/compiler-sfc/__tests__/parse.spec.ts rule:ajinabraham.njsscan.crypto_node.node_insecure_random_generator: crypto.pseudoRandomBytes()/Math.random() is a cryptographically weak random number generator. Details: https://sg.run/1Zlk 9: const padding = Math.round(Math.random() * 10) -------------------------------------------------------------------------------- 24: const padding = Math.round(Math.random() * 10) -------------------------------------------------------------------------------- 38: const padding = Math.round(Math.random() * 10) packages/compiler-sfc/src/compileScript.ts rule:ajinabraham.njsscan.regex_dos.regex_dos: Ensure that the regex used to compare with user supplied input is safe from regular expression denial of service. Details: https://sg.run/eLgR 615: const argumentStr = source.slice( 616: argumentStart + startOffset, 617: node.argument.end! + startOffset 618: ) 619: 620: const containsNestedAwait = /\bawait\b/.test(argumentStr) packages/compiler-sfc/src/parse.ts rule:ajinabraham.njsscan.regex_dos.regex_dos: Ensure that the regex used to compare with user supplied input is safe from regular expression denial of service. Details: https://sg.run/eLgR 355: if (!emptyRE.test(line)) { packages/runtime-core/__tests__/rendererChildren.spec.ts rule:ajinabraham.njsscan.crypto_node.node_insecure_random_generator: crypto.pseudoRandomBytes()/Math.random() is a cryptographically weak random number generator. Details: https://sg.run/1Zlk 29: randomIndex = Math.floor(Math.random() * currentIndex) -------------------------------------------------------------------------------- 337: opacities[i] = Math.random().toFixed(5).toString() rollup.config.js rule:ajinabraham.njsscan.regex_dos.regex_dos: Ensure that the regex used to compare with user supplied input is safe from regular expression denial of service. Details: https://sg.run/eLgR 85: const isBundlerESMBuild = /esm-bundler/.test(format) -------------------------------------------------------------------------------- 86: const isBrowserESMBuild = /esm-browser/.test(format) -------------------------------------------------------------------------------- 88: const isGlobalBuild = /global/.test(format) -------------------------------------------------------------------------------- 121: let entryFile = /runtime$/.test(format) ? `src/runtime.ts` : `src/index.ts` -------------------------------------------------------------------------------- 127: entryFile = /runtime$/.test(format) -------------------------------------------------------------------------------- 209: if (!/Circular/.test(msg)) {