Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@aidenlx/eslint-config
Advanced tools
<img alt="build" src="https://img.shields.io/github/workflow/status/belgattitude/nextjs-monorepo-example/CI-web-app/ma
Example of composable eslint config bases that can be easily shared and fine-tuned by apps and packages that lives in a monorepo.
Add the following devDependencies to workspace (apps/packages in monorepo) or main project package.json.
$ yarn add --dev eslint
$ yarn add --dev @your-org/eslint-config-bases:"workspace:^"
Tip the workspace:^ is supported by yarn and pnpm.
In your app or package, create an ./apps/my-app/.eslintrc.js
file that extends any of the
existing base configs. For example:
// Workaround for https://github.com/eslint/eslint/issues/3458 (re-export of @rushstack/eslint-patch)
require("@your-org/eslint-config-bases/patch/modern-module-resolution");
module.exports = {
// Be sure to set root to true in monorepo.
root: true,
// Will help typescript extended rules.
parserOptions: {
tsconfigRootDir: __dirname,
project: "tsconfig.json",
},
ignorePatterns: ["**/node_modules", "**/.cache", "build", ".next"],
extends: [
"@your-org/eslint-config-bases/typescript",
"@your-org/eslint-config-bases/sonar",
"@your-org/eslint-config-bases/regexp",
"@your-org/eslint-config-bases/react",
"@your-org/eslint-config-bases/jest",
"@your-org/eslint-config-bases/rtl",
"@your-org/eslint-config-bases/graphql-schema",
"@your-org/eslint-config-bases/storybook",
"@your-org/eslint-config-bases/playwright",
// Add specific rules for your framework if needed.
// ie:
// - nextjs: 'plugin:@next/next/core-web-vitals',
// - remix: '@remix-run/eslint-config',
// ...
// Post configure the prettier base so there won't be
// any conficts between eslint / prettier
"@your-org/eslint-config-bases/prettier",
],
rules: {
// Specific global rules for your app or package
},
overrides: [
// Specific file rules for your app or package
],
};
Tip: "@your-org/eslint-config-bases/prettier" must be set at the end to disable any conflicting rules.
You can find the bases in ./src/bases.
Base | Match convention | Scope |
---|---|---|
typescript | all | Naming conventions, consistent imports, import sorting... |
sonar | *.{js,jsx,ts,tsx} | Keep levels of code complexity sane. (excl test and stories) |
regexp | *.{js,jsx,jsx,tsx} | Keep regexp consistent and safer. |
react | *.{jsx,tsx} | Recommendations for react, react-hooks and jsx projects. |
jest | **/?(*.)+(test).{js,jsx,ts,tsx} | Catch inconsistencies or error in jest tests. |
rtl | **/?(*.)+(test).{js,jsx,ts,tsx} | Potential errors / deprecations in react-testing-library tests. |
graphql-schema | *.graphql | Ensure validity of graphql schema files. |
storybook | *.stories.{ts,tsx,mdx} | Potential errors / deprecations in stories. |
playwright | **/e2e/**/*.test.{js,ts} | Post configure eslint for prettier compatibility. |
prettier | all | Post configure eslint for prettier compatibility. |
Notes:
The order is important. Some bases will disable or tune previously defined rules. For example the react base will tune the naming conventions for function components and increase recommended cognitive complexity. The typescript base will also relax conventions for javascript files.
Based on filename conventions some rules are relaxed or disabled to avoid false positives and keep a good level of performance. For example the sonar base won't run on test and storybook files. If you work on different conventions the patterns must be updated.
To prevent conflicts between prettier and eslint, you must re-export the prettier base from @your-org/eslint-config-bases
.
const { getPrettierConfig } = require("@your-org/eslint-config-bases/helpers");
module.exports = {
...prettierConfig,
overrides: [
// whatever you need
],
};
Tip: You can tune the provided prettier.base.config for your own needs.
Generic typescript project, mostly based on
Type/Plugin | Comment |
---|---|
eslint:recommended | The basics for code linting. |
@typescript-eslint/recommended | The basics for typescript. |
@typescript-eslint/consistent-type | Use TS 3.8+ imports/exports, helps with esbuild |
@typescript-eslint/naming-convention | |
eslint-plugin-import | Order imports |
Type/Plugin | Comment |
---|---|
eslint-plugin-sonarjs/recommended | Help to keep complexity sane |
Type/Plugin | Comment |
---|---|
eslint-plugin-react/recommended | |
eslint-plugin-react-hooks/recommended | |
eslint-plugin-jsx-a11y/recommended | Helps to produce accessibility-ready jsx |
Type/Plugin | Comment |
---|---|
eslint-plugin-jest/recommended | Jest recommended practices. |
Type/Plugin | Comment |
---|---|
eslint-plugin-testing-library/recommended | Ease when using react-testing-library |
Type/Plugin | Comment |
---|---|
eslint-plugin-regexp/recommended |
...
FAQs
<img alt="build" src="https://img.shields.io/github/workflow/status/belgattitude/nextjs-monorepo-example/CI-web-app/ma
The npm package @aidenlx/eslint-config receives a total of 2 weekly downloads. As such, @aidenlx/eslint-config popularity was classified as not popular.
We found that @aidenlx/eslint-config demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.