
Security News
Node.js Considers Public Workflow for Security Reports Amid AI-Driven Surge
Node.js is debating whether AI-driven security report volume warrants moving more vulnerability reports into public workflows.
@fedify/lint
Advanced tools
This package is available since Fedify 2.0.0.
This package provides Deno Lint, ESLint, and Oxlint plugins with lint rules specifically designed for Fedify applications. It helps you catch common mistakes and enforce best practices when building federated server apps with Fedify.
The plugin includes rules that check for:
// deno.json
{
"lint": {
"plugins": {
"@fedify/lint": "jsr:@fedify/lint"
},
"rules": {
"@fedify/lint/actor-id-required": "error",
"@fedify/lint/actor-id-mismatch": "error",
"@fedify/lint/actor-inbox-property-required": "warn"
// ... other rules
}
}
}
// eslint.config.ts
import fedifyLint from "@fedify/lint";
export default fedifyLint;
// .oxlintrc.json
{
"jsPlugins": ["@fedify/lint/oxlint"],
"rules": {
"@fedify/lint/actor-id-required": "error",
"@fedify/lint/actor-id-mismatch": "error",
"@fedify/lint/actor-inbox-property-required": "warn"
}
}
The @fedify/lint package provides comprehensive linting rules for Fedify
federation code:
actor-id-required: Ensures all actors have an id propertyactor-id-mismatch: Validates that actor IDs match the expected URI
from Context.getActorUri()actor-public-key-required: Ensures actors have public keys for
HTTP Signaturesactor-assertion-method-required: Validates assertion methods for
Object Integrity Proofsactor-inbox-property-required: Ensures inbox is defined when
setInboxListeners is setactor-inbox-property-mismatch: Validates inbox URI from getInboxUriactor-outbox-property-required: Ensures outbox is defined when
setOutboxDispatcher is setactor-outbox-property-mismatch: Validates outbox URI from
getOutboxUriactor-followers-property-required: Ensures followers is defined when
setFollowersDispatcher is setactor-followers-property-mismatch: Validates followers URI from
getFollowersUriactor-following-property-required: Ensures following is defined when
setFollowingDispatcher is setactor-following-property-mismatch: Validates following URI from
getFollowingUriactor-liked-property-required: Ensures liked is defined when
setLikedDispatcher is setactor-liked-property-mismatch: Validates liked URI from getLikedUriactor-featured-property-required: Ensures featured is defined when
setFeaturedDispatcher is setactor-featured-property-mismatch: Validates featured URI from
getFeaturedUriactor-featured-tags-property-required: Ensures featuredTags is defined
when setFeaturedTagsDispatcher is setactor-featured-tags-property-mismatch: Validates featuredTags URI from
getFeaturedTagsUriactor-shared-inbox-property-required: Ensures sharedInbox is defined
when setInboxListeners is setactor-shared-inbox-property-mismatch: Validates sharedInbox URI from
getInboxUricollection-filtering-not-implemented: Warns about missing collection
filtering implementation (setFollowersDispatcher only for now)::: code-group
deno add jsr:@fedify/lint
npm add -D @fedify/lint
pnpm add -D @fedify/lint
yarn add -D @fedify/lint
bun add -D @fedify/lint
:::
Add the plugin to your deno.json configuration file:
{
"lint": {
"plugins": ["jsr:@fedify/lint"]
}
}
By default, this enables all recommended rules.
You can customize which rules to enable and their severity levels:
{
"lint": {
"plugins": ["jsr:@fedify/lint"],
"rules": {
"tags": ["recommended"],
"include": [
"@fedify/lint/actor-id-required",
"@fedify/lint/actor-id-mismatch"
],
"exclude": [
"@fedify/lint/actor-featured-property-required"
]
}
}
}
After setting up the configuration, run Deno's linter:
deno lint
You can also specify which files to lint:
deno lint federation.ts
deno lint src/federation/
Add the plugin to your ESLint configuration file (e.g., eslint.config.ts or eslint.config.js):
import fedifyLint from "@fedify/lint";
// If your `createFederation` code is in `federation.ts` or `federation/**.ts`
export default fedifyLint;
// Or specify your own federation files
export default {
...fedifyLint,
files: ["my-own-federation.ts"],
};
// If you use other ESLint configurations
export default [
otherConfig,
fedifyLint,
];
The default configuration applies recommended rules to files that match common federation-related patterns (e.g., federation.ts, federation/*.ts).
You can customize which files to lint and which rules to enable:
import { plugin } from "@fedify/lint";
export default [{
files: ["src/federation/**/*.ts"], // Your federation code location
plugins: {
"@fedify/lint": plugin,
},
rules: {
"@fedify/lint/actor-id-required": "error",
"@fedify/lint/actor-id-mismatch": "error",
"@fedify/lint/actor-inbox-property-required": "warn",
// ... other rules
},
}];
The plugin provides two preset configurations:
Enables critical rules as errors and optional rules as warnings:
import fedifyLint from "@fedify/lint";
export default fedifyLint;
Enables all rules as errors:
import { plugin } from "@fedify/lint";
export default [{
files: ["**/*.ts"],
...plugin.configs.strict,
}];
Here's an example of code that would trigger lint errors:
// ❌ Wrong: Using relative URL for actor ID
import { createFederation, Person } from "@fedify/fedify";
const federation = createFederation({ /* ... */ });
federation.setActorDispatcher(
"/{identifier}",
(_ctx, identifier) => {
return new Person({
id: new URL(`/${identifier}`), // ❌ Should use ctx.getActorUri()
name: "Example User",
});
},
);
Corrected version:
// ✅ Correct: Using Context.getActorUri() for actor ID
import { createFederation, Person } from "@fedify/fedify";
const federation = createFederation({ /* ... */ });
federation.setActorDispatcher(
"/{identifier}",
(ctx, identifier) => {
return new Person({
id: ctx.getActorUri(identifier), // ✅ Correct
name: "Example User",
inbox: ctx.getInboxUri(identifier),
outbox: ctx.getOutboxUri(identifier),
followers: ctx.getFollowersUri(identifier),
// ... other required properties
});
},
);
Run Deno's linter with the plugin enabled:
deno lint
You can also specify which files or directories to lint:
deno lint federation.ts
deno lint src/federation/
Set up your ESLint configuration as shown above and add a follwing script on
package.json:
{
"scripts": {
"lint": "eslint ."
}
}
After setting up the configuration, run ESLint on your codebase:
::: code-group
npm run lint
pnpm lint
yarn lint
bun lint
:::
or run the linter directly via command line:
::: code-group
npx eslint .
pnpx eslint .
yarn eslint .
bunx eslint .
:::
Oxlint is a fast Rust-based linter that supports ESLint-compatible JS plugins.
The @fedify/lint/oxlint subpath export plugs the Fedify rules into Oxlint's
JS plugin API.
[!NOTE] Oxlint's JS plugin API is currently in alpha and not subject to semver.
Add the plugin and the rules you want to enable to your .oxlintrc.json:
{
"$schema": "https://raw.githubusercontent.com/oxc-project/oxc/main/npm/oxlint/configuration_schema.json",
"jsPlugins": ["@fedify/lint/oxlint"],
"rules": {
"@fedify/lint/actor-id-required": "error",
"@fedify/lint/actor-id-mismatch": "error"
}
}
Rule IDs are namespaced under @fedify/lint/, matching the ESLint
configuration above.
Enable any subset of the rules listed in the Features section above. Each
rule can be set to "error", "warn", or "off":
{
"jsPlugins": ["@fedify/lint/oxlint"],
"rules": {
"@fedify/lint/actor-id-required": "error",
"@fedify/lint/actor-id-mismatch": "error",
"@fedify/lint/actor-inbox-property-required": "warn",
"@fedify/lint/actor-outbox-property-required": "warn",
"@fedify/lint/actor-followers-property-required": "warn",
"@fedify/lint/actor-public-key-required": "warn",
"@fedify/lint/actor-assertion-method-required": "warn",
"@fedify/lint/collection-filtering-not-implemented": "warn"
}
}
Add a script to package.json:
{
"scripts": {
"lint": "oxlint ."
}
}
Then run:
::: code-group
npm run lint
pnpm lint
yarn lint
bun lint
:::
Or invoke Oxlint directly:
::: code-group
npx oxlint .
pnpx oxlint .
yarn oxlint .
bunx oxlint .
:::
FAQs
Fedify linting rules and plugins
The npm package @fedify/lint receives a total of 1,275 weekly downloads. As such, @fedify/lint popularity was classified as popular.
We found that @fedify/lint demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Security News
Node.js is debating whether AI-driven security report volume warrants moving more vulnerability reports into public workflows.

Security News
PolinRider expands across npm, Packagist, Go modules, and Chrome extensions, using hidden loaders to target developer environments.

Security News
Open source attacks are accelerating as AI coding agents pull in dependencies faster, with less human review.