[Feature] Possible Rules

[iranreyes]

List of rules to add:

• Lighthouse
• Webhint

[craighillwood]

@iranreyes I was thinking of a rule that checked that there is only one h1 per page.

[njam3]

Lighthouse[in-progress]: https://github.com/Jam3/adviser-plugin-lighthouse

[iranreyes]

Idea

Create a plugin called adviser-plugin-privacy and create a rule that scans looking for hardcoded credentials.
Before creating this rule I would like to test what GitHub detects out of the box and use the tools to detect the rest.

Rule Specifications

Name: secrets

References

https://github.com/awslabs/git-secrets
https://github.com/Yelp/detect-secrets
https://www.npmjs.com/package/detect-secrets
https://geekflare.com/github-credentials-scanner/
https://securitytrails.com/blog/github-dorks
https://github.blog/2018-10-17-behind-the-scenes-of-github-token-scanning/

Notes

Create documentation for the rule within /docs/rules
Add metadata to the rule
Update the Plugin general README and add the new rule

Another possible rule

Avoid pushing .env files

[iranreyes]

SEO Combo:

Ideas:
h1
sitemap.xml
robots.txt
img alts
broken links
etc

[iranreyes]

Security combo:

Headers, CSP
Extra checkings
HTTPS implementation
External anchors should use noopnener, noreferrer
Run Owasp-zap, wp-scan, skipfish and others

[iranreyes]

Dependencies:

• Suspicious dependency (downloads, updated, maintainers, number of open issues, number of stars) (https://duo.com/decipher/hunting-malicious-npm-packages)

[iranreyes]

What is not covered by LightHouse or WebHint but it's in one of the frontend checklists:

https://github.com/thedaviddias/Front-End-Checklist
https://github.com/thedaviddias/Front-End-Design-Checklist#front-end-design-checklist\
https://codeburst.io/the-front-end-performance-checklist-speeds-up-your-web-developments-b68e1c7a0276