
Research
NPM targeted by malware campaign mimicking familiar library names
Socket uncovered npm malware campaign mimicking popular Node.js libraries and packages from other ecosystems; packages steal data and execute remote code.
@dooboo/eslint-config-react
Advanced tools
yarn add -D eslint @dooboo/eslint-config-react prettier
Note: We're using
yarn
to install deps. Feel free to change commands to usenpm
3+ andnpx
if you like.
Add to your eslint config (.eslintrc
, or eslintConfig
field in package.json
):
{
"extends": "@dooboo/eslint-config-react"
}
Extra installation required for user who use yarn berry (pnp). They do not install dependencies in packages.
yarn add -D prettier eslint-config-prettier eslint-plugin-prettier eslint-plugin-eslint-comments eslint-plugin-react eslint-plugin-react-hooks @typescript-eslint/eslint-plugin @typescript-eslint/parser
FAQs
ESLint config for React only
The npm package @dooboo/eslint-config-react receives a total of 3 weekly downloads. As such, @dooboo/eslint-config-react popularity was classified as not popular.
We found that @dooboo/eslint-config-react demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Socket uncovered npm malware campaign mimicking popular Node.js libraries and packages from other ecosystems; packages steal data and execute remote code.
Research
Socket's research uncovers three dangerous Go modules that contain obfuscated disk-wiping malware, threatening complete data loss.
Research
Socket uncovers malicious packages on PyPI using Gmail's SMTP protocol for command and control (C2) to exfiltrate data and execute commands.