MCP Server Semgrep

MIT License
OverviewInspectSchema Related Servers Reviews Score
examples
rules
rules:
  - id: console-log-infestation
    pattern-either:
      - pattern: "console.log($...)"
      - pattern: "console.debug($...)"
      - pattern: "console.info($...)"
    message: "🪳 CONSOLE.LOG INFESTATION! 🪳 A console.log has nested into your production code. These multiply quickly if left unchecked. Consider using a proper logger that can be disabled in production."
    languages: [javascript, typescript, jsx, tsx]
    severity: INFO
    metadata:
      category: best-practice
      impact: "Console logs pollute browser consoles and may expose sensitive information"
      fix: "Replace with proper logger or remove"
      examples:
        - before: |
            function processUserData(user) {
              console.log('Processing user:', user);
              // User object could contain PII or sensitive data!
            }
        - after: |
            import logger from './logger';
            
            function processUserData(user) {
              logger.debug('Processing user ID:', user.id);
              // Logs only necessary information, can be disabled in production
            }