eslint/no-eval Restriction

What it does

Disallows referencing the 'eval' function.

Why is this bad?

Calling 'eval' is not supported in some secure contexts and can lead to vulnerabilities.

Example

const someString = "console.log('pwned')";
eval(someString);

How to use

To enable this rule in the CLI or using the config file, you can use:

CLI

oxlint --deny no-eval

Config (.oxlintrc.json)

{
  "rules": {
    "no-eval": "error"
  }
}

References

• Rule Source