Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@bmearns/eslint-config
Advanced tools
My eslint styling rules for NodeJS projects.
# > npm install --save-dev git+https://github.com/mearns/eslint-config-mearns.git
> npm install --save-dev @bmearns/eslint-config
> npm install --save-dev eslint@8
Set your .eslintrc.json as follows:
{
"extends": ["@bmearns/eslint-config"]
}
Optionally, but recommended:
> npm install --save-dev prettier pretty-quick husky
And merge the following into your package.json:
{
"scripts": {
"lint": "mearns-lint .",
"pretty": "pretty-quick --staged"
},
"husky": {
"hooks": {
"pre-commit": "npm run pretty -s"
}
}
}
Parses ECMA Version 12, rules based on "JavaScript Standard Style" and Prettier (v3), but with semicolons.
The rules start with "standard" but we put semicolons back in because some people are really adverse to relying on ASI. Our rules require the use of semicolons to terminate statements, require a space after a semicolon and prohibit a space before a semicolon, and prohibit the use of extra-semicolons (semicolons that create empty statements).
We also use the "prettier/recommended" configuration and specifically set all prettier rules to "error" level (some default to "warning").
Finally, we add a "no-warning-comments" rule which will fail if any comment contains strings "FIXME", "TODO", or "XXX" (case-insensitive in all cases). This isn't to imply you shouldn't use comments like this, these rules allow you to use them to flag things that you need to fix before you merge or publish. However, these rules do imply that there shouldn't be any long-lived use of these comments: use an issue tracker for that.
If you're using jest, you might want to extends "@bmearns/eslint-config/jest"; this will set appropriate overrides for files under the test/
directory.
Or if you're using jest with your test files adjacent to the source files they test, use "@bmearns/eslint-config/jest-adjacent" instead. This assumes your
files are named like "foobar.test.ext".
If you're writing in typescript, you probably want to use "@bmearns/eslint-config/typescript", which will set appropriate overrides for typescript files (based on ".ts" extension). Note that you'll want to have this after the jest variant if you're using both.
FAQs
Standard linter config for me.
The npm package @bmearns/eslint-config receives a total of 0 weekly downloads. As such, @bmearns/eslint-config popularity was classified as not popular.
We found that @bmearns/eslint-config demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.