# Eslint Plugin Security > In this post we are going to learn about the proper way to call a system command using node.js to avoid a common security flaw, command injection. ## Pages - [Avoiding Command Injection in Node.js](avoid-command-injection-node.md): In this post we are going to learn about the proper way to call a system command using node.js to avoid a common secu... - [Bypass Connect CSRF protection by abusing methodOverride Middleware](bypass-connect-csrf-protection-by-abusing.md): Since our platform isn't setup for advisories that are not specific to a particular module version, but rather a use ... - [Regular Expression DoS and Node.js](regular-expression-dos-and-node.md): Imagine you are trying to buy a ticket to your favorite JavaScript conference, and instead of getting the ticket page... - [Detects trojan source attacks that employ unicode bidi attacks to inject malicious code (`security/detect-bidi-characters`)](rules-detect-bidi-characters.md): ⚠️ This rule _warns_ in the ✅`recommended`config. - [Detects calls to "buffer" with "noAssert" flag set (`security/detect-buffer-noassert`)](rules-detect-buffer-noassert.md): ⚠️ This rule _warns_ in the ✅`recommended`config. - [Detects instances of "child_process" & non-literal "exec()" calls (`security/detect-child-process`)](rules-detect-child-process.md): ⚠️ This rule _warns_ in the ✅`recommended`config. - [Detects "object.escapeMarkup = false", which can be used with some template engines to disable escaping of HTML entities (`security/detect-disable-mustache-escape`)](rules-detect-disable-mustache-escape.md): ⚠️ This rule _warns_ in the ✅`recommended`config. - [Detects "eval(variable)" which can allow an attacker to run arbitrary code inside your process (`security/detect-eval-with-expression`)](rules-detect-eval-with-expression.md): ⚠️ This rule _warns_ in the ✅`recommended`config. - [Detects instances of new Buffer(argument) where argument is any non-literal value (`security/detect-new-buffer`)](rules-detect-new-buffer.md): ⚠️ This rule _warns_ in the ✅`recommended`config. - [Detects Express "csrf" middleware setup before "method-override" middleware (`security/detect-no-csrf-before-method-override`)](rules-detect-no-csrf-before-method-override.md): ⚠️ This rule _warns_ in the ✅`recommended`config. - [Detects variable in filename argument of "fs" calls, which might allow an attacker to access anything on your system (`security/detect-non-literal-fs-filename`)](rules-detect-non-literal-fs-filename.md): ⚠️ This rule _warns_ in the ✅`recommended`config. - [Detects "RegExp(variable)", which might allow an attacker to DOS your server with a long-running regular expression (`security/detect-non-literal-regexp`)](rules-detect-non-literal-regexp.md): ⚠️ This rule _warns_ in the ✅`recommended`config. - [Detects "require(variable)", which might allow an attacker to load and run arbitrary code, or access arbitrary files on disk (`security/detect-non-literal-require`)](rules-detect-non-literal-require.md): ⚠️ This rule _warns_ in the ✅`recommended`config. - [Detects "variable[key]" as a left- or right-hand assignment operand (`security/detect-object-injection`)](rules-detect-object-injection.md): ⚠️ This rule _warns_ in the ✅`recommended`config. - [Detects insecure comparisons (`==`, `!=`, `!==` and `===`), which check input sequentially (`security/detect-possible-timing-attacks`)](rules-detect-possible-timing-attacks.md): ⚠️ This rule _warns_ in the ✅`recommended`config. - [Detects if "pseudoRandomBytes()" is in use, which might not give you the randomness you need and expect (`security/detect-pseudoRandomBytes`)](rules-detect-pseudorandombytes.md): ⚠️ This rule _warns_ in the ✅`recommended`config. - [Detects potentially unsafe regular expressions, which may take a very long time to run, blocking the event loop (`security/detect-unsafe-regex`)](rules-detect-unsafe-regex.md): ⚠️ This rule _warns_ in the ✅`recommended`config. - [The Dangers of Square Bracket Notation](the-dangers-of-square-bracket-notation.md): We are going to be looking at some peculiar and potentially dangerous implications of JavaScript's square bracket not...