Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@devoxa/eslint-config
Advanced tools
The shareable configuration for ESLint used in all Devoxa projects
Installation • Usage • Extending • Contributors • License
yarn add --dev eslint @devoxa/eslint-config
The configuration also has a peer dependency on typescript@^3.9.2
.
To enable the rules, add a eslint.config.js
file to your project. See the
ESLint configuration docs for more details.
const config = require('@devoxa/eslint-config')
module.exports = config({
// (Recommended) Files (in gitignore syntax) that will be transformed into ignore configs
ignoreFiles: ['.gitignore'],
// (Optional) Additional configs that will be spread into the main config
// See https://typescript-eslint.io/packages/typescript-eslint#config
configs: [
/* ... */
],
})
Since the ESLint configuration is for TypeScript projects it is also required that you have a
tsconfig.json
file configured.
It is also recommended to add the following script to your package.json
for easy usage.
"lint": "eslint '{src,tests}/**/*.{ts,tsx}'"
Additionally, it is recommended to install the VS Code Extension to get in-editor warnings.
This configuration is not intended to be changed, but if you have a setup where modification is
required, it is possible. To extend a configuration you can use the configs
option as described
above.
Thanks goes to these wonderful people (emoji key):
David Reeß 💻 📖 ⚠️ |
This project follows the all-contributors specification. Contributions of any kind welcome!
MIT
FAQs
The shareable configuration for ESLint used in all Devoxa projects
We found that @devoxa/eslint-config demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.