Research
/Security News
Miasma Mini Shai-Hulud Hits ImmobiliareLabs npm Packages
Miasma Mini Shai-Hulud hits @immobiliarelabs Backstage plugins, targeting GitLab and LDAP auth packages on npm.
By Socket Research Team - Jun 26, 2026
🚀 Socket Launch Week Day 5:Introducing Repository Access Permissions and Custom Roles.Learn more →
@flow-industries/lint
Advanced tools
@flow-industries/lint
Shared Biome configuration and a reusable CI workflow for Flow's TypeScript projects.
This repo is the single source of truth for code-quality rules across auth, site, docs, and ui. Each repo carries only a tiny stub that points here — the actual rules and CI steps live here once.
Biome config
Two presets are published as @flow-industries/lint:
@flow-industries/lint/biome— the self-contained core (formatter + recommended lint, no framework domain)@flow-industries/lint/react— additive: adds only Biome'sreactlint domain on top of the core
Use it
bun add -d @flow-industries/lint @biomejs/biome@2.4.12
Add a biome.json to the repo root. React projects extend both presets (Biome merges them left to right):
{
"extends": [
"@flow-industries/lint/biome",
"@flow-industries/lint/react"
],
"files": { "includes": ["**", "!dist"] }
}
A non-React project extends just the core:
{ "extends": ["@flow-industries/lint/biome"], "files": { "includes": ["**", "!dist"] } }
The react preset is additive on purpose — it carries only the domain, never its own copy of the formatter/core rules. (A relative extends inside a published package does not resolve from a consumer's node_modules, so the core can't be pulled in transitively; listing both presets in the consumer is the reliable pattern.) Per-repo ignores (generated dirs, vendored code) go in the local stub via files.includes — Biome merges these arrays additively with the shared presets. Keep @biomejs/biome pinned to the exact version above so every repo lints with an identical rule set.
Recommended package.json scripts:
{
"lint": "biome check",
"format": "biome format --write",
"check": "biome check --write"
}
Reusable CI workflow
.github/workflows/ts-check.yml is a workflow_call workflow that sets up Bun, installs with a frozen lockfile, then runs bun run lint and a typecheck. Call it from a repo:
name: CI
on:
pull_request:
push:
branches: [main]
concurrency:
group: ci-${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
check:
uses: flow-industries/lint/.github/workflows/ts-check.yml@v1
with:
runner: flow-arc # ubuntu-latest for public repos
typecheck-cmd: "bun run typecheck"
Inputs:
| Input | Default | Notes |
|---|---|---|
runner | ubuntu-latest | Use a self-hosted runner label (e.g. flow-arc) for private repos; public repos stay on ubuntu-latest. |
typecheck-cmd | bun run typecheck | Override for repos whose typecheck needs codegen first. |
run-build | false | Set true to also run bun run build. |
FAQs
Shared Biome configuration for Flow TypeScript projects
We found that @flow-industries/lint demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 11 Jun 2026
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Rolldown Pulls Rust React Compiler Integration After Binary Size Increase
Rolldown paused Rust React Compiler integration after a 5MB binary size increase raised concerns about shipping React-specific code to all Vite users.
By Sarah Gooding - Jun 26, 2026
Security News
/Research
Miasma Mini Shai-Hulud Hits LeoPlatform npm Packages and GitHub Actions, Expands to the Go Ecosystem
Mini Shai-Hulud expands into the Go ecosystem after hitting LeoPlatform npm packages and targeting GitHub Actions workflows.
By Socket Research Team - Jun 25, 2026