Description of the issue

The rule 'js/hardcoded-passwords' often returns false positives for our developers, often in their test code. This is somewhat expected, since the rule can't be expected to find every possible dummy/stub value added to unit tests.

Internally the rule depends on isDummyPassword from the PasswordHeuristics module to avoid triggering on the most common dummy/stub values.

Would it be possible to add some of these example dummy passwords to the documentation for the rule? That way, when our developers get an alert for 'js/hardcoded-passwords' for unit tests they can immediately see a fix - e.g. using sample, example, or fake as the value to avoid the alert from being detected in the first place.

Thank you for the suggestion. I have forwarded this to the relevant team and they are working on it!

This should be fixed by #16417 once that pull request is merged.

Hi Eric (nice name 😉)

I just un-drafted #16417, which should fix this issue, and your related issue (#16360).
I tested the effect of the change, and the change in results look OK.

Your points (in both of these issues) are definitely reasonable, and it seems like the right thing to do.

Thanks for the reports.