Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@assemble-inc/eslint-config-assemble
Advanced tools
Assemble front-end linting rules
This package contains Assemble Inc's ESLint configurations for both Typescript and JavaScript projects. ESLint is used for enforcement of code quality across Assemble Inc projects.
All ESLint rules enforcing code style have been disabled in favor of using prettier for code formatting. Refer to the prettier-config for integrating prettier into your application.
From the root of your package, install the Assemble Inc. configuration:
yarn add --dev eslint-config-assemble
You will also need to install the following peer dependencies:
yarn add --dev eslint prettier eslint-plugin-prettier
Add the following scripts to your package.json
.
"scripts": {
"lint": "eslint \"src/**/*.{jsx,js,ts,tsx}\"",
"lint:fix": "eslint \"src/**/*.{jsx,js,ts,tsx}\" --fix"
}
The lint:fix
script will automatically attempt to fix reported errors. Leaving this off will report errors/warnings without attempting to fix them.
You can update the file extensions list to suit the particular files you would like to lint.
The Assemble Inc. configuration needs to be imported into ESLint. Add the following to your package.json
.
"eslintConfig": {
"extends": [
"eslint-config-assemble"
],
"env": {
"browser": true,
"node": true
}
}
To lint all typescript files in your project, run yarn lint
.
To automatically fix linting errors in your project, run yarn lint:fix
or yarn lint --fix
.
FAQs
Assemble front-end linting rules
We found that @assemble-inc/eslint-config-assemble demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.