Research
Recent Trends in Malicious Packages Targeting Discord
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
@darraghor/eslint-plugin-nestjs-typed
Advanced tools
Readme
5.x
supports Eslint version >=8.x
and typescript eslint parser ^7
4.x
supports Eslint version >=8.x
and typescript eslint parser ^6
3.x
supports Eslint version >=8.x
and typescript eslint parser ^5
2.x
supports Eslint version <=7.x
and typescript eslint parser ^4
There are breaking changes between versions ofr ts-eslint.
typescript eslint parser supports a range of typescript versions but there can be a delay in supporting the latest versions.
This plugin only supports typescript up to the version typescript eslint parser supports. See https://github.com/typescript-eslint/typescript-eslint#supported-typescript-version for the versions.
Awsome! Click here to submit a new issue!
The "recommended" ruleset are the default rules that are turned on when you configure the plugin as described in this document.
The name "recommended" is an eslint convention. Some rules in this plugin are opinionated and have to be turned on explicitly in your eslintrc file.
If you use NestJs (https://nestjs.com/) these ESLint rules will help you to prevent common bugs and issues in NestJs applications.
They mostly check that you are using decorators correctly.
The primary groupings of rules in this plugin are...
The Nest DI is declarative and if you forget to provide an injectable you wont see an error until run time. Nest is good at telling you where these are but sometimes it's not.
In particular if you're using custom providers the errors can be really tricky to figure out because they won't explicitly error about mismatched injected items, you will just get unexpected operation.
These are described in the "Common Errors" section of the nest js docs.
When working with NestJS I generate my front end client and models using the swagger/Open API specification generated directly from the nest controllers and models.
I have a bunch of rules here that enforce strict Open API typing with decorators for NestJs controllers and models.
These rules are opinionated, but necessary for clean model generation if using an Open Api client generator later in your build.
There are some tightly coupled but untyped decorators and things like that in nest that will catch you out if your not careful. There are some rules to help prevent issues that have caught me out before.
There is a CVE for class-transformer when using random javascript objects. You need to be careful about configuring the ValidationPipe in NestJs. See https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18413 https://github.com/typestack/class-validator/issues/438
The plugin is on npm here: https://www.npmjs.com/package/@darraghor/eslint-plugin-nestjs-typed You can see how the rules are used in this NestJS project: https://github.com/darraghoriordan/use-miller
npm install --save-dev @darraghor/eslint-plugin-nestjs-typed
// or
yarn add -D @darraghor/eslint-plugin-nestjs-typed
// or
pnpm add -D @darraghor/eslint-plugin-nestjs-typed
If you don't already have class-validator
you should install that
npm install class-validator
// or
yarn add class-validator
// or
pnpm add class-validator
Update your eslint with the plugin import and add the recommended rule set
module.exports = {
env: {
es6: true,
},
extends: ["plugin:@darraghor/nestjs-typed/recommended"],
parser: "@typescript-eslint/parser",
parserOptions: {
project: ["./tsconfig.json"],
sourceType: "module",
ecmaVersion: "es2019",
},
plugins: ["@darraghor/nestjs-typed"],
};
Note: the injectables test scans your whole project. It's best to filter out ts things that don't matter - use filterFromPaths
configuration setting for this. See the rule documentation for more info.
There are some defaults already applied.
Note: You can easily turn off all the swagger rules if you don't use swagger by adding the no-swagger
rule set AFTER the recommended rule set.
// all the other config
extends: ["plugin:@darraghor/nestjs-typed/recommended",
"plugin:@darraghor/nestjs-typed/no-swagger"
],
// more config
Disable a single rule with the full name e.g. in your eslint configuration...
rules: {
"@darraghor/nestjs-typed/api-property-returning-array-should-set-array":
"off",
}
FAQs
Eslint rules for nestjs projects
The npm package @darraghor/eslint-plugin-nestjs-typed receives a total of 23,974 weekly downloads. As such, @darraghor/eslint-plugin-nestjs-typed popularity was classified as popular.
We found that @darraghor/eslint-plugin-nestjs-typed demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
Security News
Socket CEO Feross Aboukhadijeh joins a16z partners to discuss how modern, sophisticated supply chain attacks require AI-driven defenses and explore the challenges and solutions in leveraging AI for threat detection early in the development life cycle.
Security News
NIST's new AI Risk Management Framework aims to enhance the security and reliability of generative AI systems and address the unique challenges of malicious AI exploits.