Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@fimbul/mimir
Advanced tools
Core rules, formatters and configurations of the Fimbullinter project.
Make sure to also read the full documentation of all available modules.
This library contains all core rules, formatters and configuration presets of the Fimbullinter project. It's used internally by Wotan.
Rule | Description | Difference to TSLint rule / Why you should use it |
---|---|---|
await-async-result | Warns about not using the result of a call to an async function inside async functions. requires type information | TSLint's no-floating-promises requires you to specify a list of Promise names, it checks outside of async functions and only requires you to register the onrejected callback. |
await-only-promise | Finds uses of await on non-Promise values. Also checks for await loops. requires type information | Works for all PromiseLike and Thenable types out of the box without any configuration. |
generator-require-yield | Require at least one yield inside generator functions. | There's no similar TSLint rule. |
new-parens | Require parentheses when invoking constructors. | Performance! |
no-case-declaration | Disallow let , class and enum in case blocks. These are visible within the whole switch statement body but not defined in other case clauses. The compiler currently doesn't warn about such uses. You should use a block to restrict the scope of the declarations. | TSLint has no similar rule, ESLint has no-case-declarations which forbids function declarations as well. |
no-debugger | Ban debugger; statements from your production code. | Performance! |
no-duplicate-case | Detects switch statements where multiple case clauses check for the same value. | This implementation tries to infer the value instead of just comparing the source code. |
no-fallthrough | Prevents unintentional fallthough in switch statements from one case to another. If the fallthrough is intended, add a comment that matches /^\s*falls? ?through\b/i . | Allows more comment variants such as fallthrough or fall through . |
no-inferred-empty-object | Warns if a type parameter is inferred as {} because the compiler cannot find any inference site. | Really checks every type parameter of function, method and constructor calls. Correctly handles type parameters from JSDoc comments. Recognises type parameter defaults on all merged declarations. |
no-misused-generics | Detects generic type parameters that cannot be inferred from the functions parameters. It also detects generics that don't enforce any constraint between types. | There's no similar TSLint rule. |
no-nan-compare | Don't compare with NaN , use isNaN(number) or Number.isNaN(number) instead. | Performance! |
no-return-await | Warns for unnecesary return await foo; when you can simply return foo; | The same as TSLint's rule. I wrote both, but this one is faster. |
no-unassigned-variable | Detects variables that are not initialized and never assigned a value. | There's no similar TSLint rule. |
no-unreachable-code | Warns about statements that will never be executed. Works like TypeScript's dead code detection but doesn't fail compilation because it's a lint error. | TSLint removed their no-unreachable rule in v4.0.0. |
no-unsafe-finally | Forbids control flow statements return , throw , break and continue inside the finally block of a try statement. | Performance! |
no-unstable-api-use | Finds uses of deprecated and experimental variables, classes, properties, functions, signatures, ... requires type information | This rule checks element accesses (foo[bar] ), JSX elements, chained function calls (getFn()() ) in addition to what TSLint's deprecation rule does and has more useful error reporting. |
no-unused-expression | Warns about side-effect free expressions whose value is not used | This one is a bit stricter than TSLint's no-unused-expression and checks for loops in addition. |
no-unused-label | Warns about labels that are never used or at the wrong position. | TSLint only has label-position which doesn't check for unused labels. |
no-useless-assertion | Detects type assertions that don't change the type or are not necessary in the first place. requires type information | TSLint's no-unnecessary-type-assertion does not detect assertions needed to silence the compiler warning Variable ... is used before being assigned. The Wotan builtin rule also checks whether the assertion is necessary at all or the receiver accepts the original type. |
no-useless-initializer | Detects unnecessary initialization with undefined . | TSLint's rule no-unnecessary-initializer doesn't fix all parameter initializers and gives false positives for destructuring. |
no-useless-jump-label | Detects continue label; and break label; where the label is not necessary. | There's no similar TSLint rule. |
no-useless-predicate | Detects redundant conditions that are either always true or always false. requires type information | Combination of TSLint's strict-type-predicates , typeof-compare and parts of strict-boolean-expressions . |
prefer-const | Prefer const for variables that are never reassigned. Use option {destructuring: "any"} if you want to see failures for each identifier of a destructuring, even if not all of them can be constants. The default is {destructuring: "all"} . | TSLint's prefer-const rule gives some false positives for merged declarations and variables used in before being declared which results in a compiler error after fixing. |
prefer-dot-notation | Prefer obj.foo over obj['foo'] where possible. | Same as TSLint's no-string-literal rule, but more performant. |
prefer-for-of | Prefer for-of loops over regular for loops where possible. requires type information | Avoids the false positives of TSLint's prefer-for-of rule. |
prefer-number-isnan | Prefer ES2015's Number.isNaN over the global isNaN mainly for performance. requires type information | No similar rule in TSLint. |
prefer-object-spread | Prefer object spread over Object.assign for copying properties to a new object. requires type information | Performance, and better handling of parens in fixer and avoids false positives that would cause a compile error when fixed. |
syntaxcheck | Reports syntax errors as lint errors. This rule is not enabled in wotan:recommended . requires type information | Used to be part of the deprecated tslint --type-check |
trailing-newline | Requires a line break at the end of each file. | Nothing fancy here :( |
try-catch-return-await | Companion of no-return-await because inside a try-catch block you should await returned promises to correctly enter the catch on rejection and/or the finally block after completion. | TSLint has no similar rule. |
typecheck | TypeScript's compiler errors as lint errors. This rule is not enabled in wotan:recommended . requires type information | Like the deprecated tslint --type-check but formatted and can be disabled like any other rule. |
stylish
json
wotan:recommended
contains recommended builtin rules. This configuration only adds new rules in major versions.wotan:latest
contains recommended builtin rules and is updated in minor versions. Be aware that this might cause your build to break.Apache-2.0 © Klaus Meinhardt
FAQs
Core rules of the Fimbullinter project
The npm package @fimbul/mimir receives a total of 282 weekly downloads. As such, @fimbul/mimir popularity was classified as not popular.
We found that @fimbul/mimir demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.