Security News
Research
Destructive npm Packages Disguised as Utilities Enable Remote System Wipe
Socket uncovered two npm packages that register hidden HTTP endpoints to delete all files on command.
By Kush Pandya - Jun 05, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
@alibaba-aero/eslint-plugin-json
Advanced tools
eslint-plugin-json
Lint JSON files
Installation
You'll first need to install ESLint:
$ npm i eslint --save-dev
Next, install @alibaba-aero/eslint-plugin-json:
$ npm install @alibaba-aero/eslint-plugin-json --save-dev
Note: If you installed ESLint globally (using the -g flag) then you must also install @alibaba-aero/eslint-plugin-json globally.
Usage
Add @alibaba-aero/eslint-plugin-json to the plugins section of your .eslintrc configuration file. You can omit the eslint-plugin- prefix:
{
"plugins": [
"@alibaba-aero/json"
]
}
You can run ESLint on individual JSON files or you can use the --ext flag to add JSON files to the list.
eslint . --ext .json --ext .js
eslint example.json
FAQs
How does eslint-plugin-json work?
Starting from version 1.3, this plugin relies on what VSCode uses for its implementation of JSON validation. This plugin used to use JSHint, however due to the large size of this dependency, it was replaced.
Why doesn't this plugin use eslint itself or just JSON.parse?
eslint's parser is a JavaScript parser. JSON is a stricter subset and things
that are valid JavaScript are not valid JSON. This is why something more specific
is more appropriate.
While JSON.parse seems ideal, it is not designed to continue after the first error.
So if you have a missing trailing comma in the start of the file, the rest of the file
will go unlinted. A smarter parser that can self-correct after seeing errors is needed
which the VSCode implementation provides by leveraging the
jsonc-parser module.
Will this plugin provide more configuration?
Now that we have moved to a different implementation for our validation, a lot more things are possible. Optional support for JSON comments, trailing commas and schemas are possible.
Additionally, support for autofixing common errors is also possible.
Is eslint really the best tool to lint my JSON?
Not really. eslint plugin interface wasn't designed to lint a completely different language but
its interface is flexible enough to allow it. So this plugin is certainly unusual.
Ideally, your editor would natively supports linting JSON. If it doesn't though, then might as well use this plugin. Hacky linting is better than no linting :)
FAQs
Lint JSON files
We found that @alibaba-aero/eslint-plugin-json demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Package last updated on 16 Jul 2019
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Security News
Malicious Ruby Gems Exfiltrate Telegram Tokens and Messages Following Vietnam Ban
Malicious Ruby gems typosquat Fastlane plugins to steal Telegram bot tokens, messages, and files, exploiting demand after Vietnam’s Telegram ban.
By Kirill Boychenko - Jun 03, 2025
Research
Security News
Malicious npm Packages Target BSC and Ethereum to Drain Crypto Wallets
Socket uncovered four malicious npm packages that exfiltrate up to 85% of a victim’s Ethereum or BSC wallet using obfuscated JavaScript.
By Olivia Brown - Jun 02, 2025