Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
@bam.tech/eslint-plugin
Advanced tools
This project is an ESLint plugin that gathers all the rules, plugins and parsers that should be used in any new react-native BAM project.
The list of rules and configuration details can be found here
.
Install the plugin and its peer dependencies:
yarn add @bam.tech/eslint-plugin --dev
npx install-peerdeps @bam.tech/eslint-plugin --dev --yarn
Then update your .eslintrc
config file:
// .eslintrc
{
"extends": "plugin:@bam.tech/recommended",
"overrides": [
{
"files": ["*.test.tsx", "*.test.ts"],
"extends": "plugin:@bam.tech/tests"
}
]
}
Update your .vscode/settings.json
by adding the directories of apps using the plugin:
// .vscode/settings.json
{
...
"eslint.workingDirectories": [
"apps/yourFirstApp",
"apps/yourSecondApp"
]
}
The plugin default behavior is to use TypeScript configuration to lint all TypeScript files. However, in your project, there may be files you've chosen to ignore with TypeScript. It's advisable to also disable ESLint checking for these files. To achieve this, add the files you want to ignore with ESLint in the overrides section of your eslintrc.js
. Below is an example illustrating this. The configuration for mock files is overridden: the TypeScript parser is removed, and the behavior of the @typescript-eslint/return-await
rule is modified.
overrides: [
{
files: ["mocks/**/*"],
parserOptions: {
project: null,
},
rules: {
"@typescript-eslint/return-await": "off",
},
},
];
With the introduction of React 18, it's no longer necessary to import React in your JSX files. The ESLint plugin is configured for React version 18 and above, so you won't encounter any errors. However, TypeScript will generate an error if it isn't configured correctly. To resolve this, simply add "jsx": "react-native"
to your tsconfig.json
file.
If your project is using a version of React that's below 18, iyou should upgrade to a newer version of React. If upgrading isn't an option, here's the situation: importing React in your JSX files remains mandatory, but ESLint won't flag any errors, even though it should. This is due to the plugin configuration; the recommended configuration extends the plugin react/jsx-runtime, which disables the following rules:
'react/jsx-uses-react': "error"
'react/react-in-jsx-scope': "error"
These rules are crucial as they trigger an error when React is not in scope. Therefore, you'll need to include them in the rules section of your .eslintrc.js file to ensure an error is flagged whenever someone omits the import for React.
Remember, the recommended solution is to upgrade to a newer version of React. This advice should only be disregarded in exceptional circumstances where upgrading React is not feasible.
This plugin exports multiple configurations that can be used in your .eslintrc
config file:
Name | Description |
---|---|
@bam.tech/recommended | The recommended config for all projects |
@bam.tech/tests | The recommended config for test files. By default this applies to every file: put it in an overrides to filter on your test files. |
@bam.tech/a11y | [beta] Eslint config to check for accessibility. Still in beta to not break existing projects, but will be merged into the recommended config in the future. |
These configs need some peer dependencies. You can list them with:
npm info "@bam.tech/esling-plugin" peerDependencies
If you use npm >= 5 you can automatically install them by running:
npx install-peerdeps @bam.tech/eslint-config -D
This plugin exports some custom rules that you can optionally use in your project:
💼 Configurations enabled in.
🧪 Set in the tests
configuration.
🔧 Automatically fixable by the --fix
CLI option.
Name | Description | 💼 | 🔧 |
---|---|---|---|
await-user-event | Enforces awaiting userEvent calls | 🧪 | 🔧 |
prefer-user-event | Enforces usage of userEvent over fireEvent in tests. | 🔧 | |
require-named-effect | Enforces the use of named functions inside a useEffect |
To use a rule, just declare it in your .eslintrc
:
// .eslintrc
{
"plugins": ["@bam.tech"],
"rules": {
"@bam.tech/require-named-effect": "error"
}
}
Tip: if your config is already extended from a
@bam.tech
config, you don't need to declare the plugin.
You can still customize your ESLint config by adding other configurations, plugins and rules to your .eslintrc
config file.
If you find a useful rule that you feel every project at BAM should use, feel free to contribute.
FAQs
eslint plugin for bam projects
We found that @bam.tech/eslint-plugin demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 19 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.