Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@goodhello/eslint-config
Advanced tools
This package provides shareable ESLint configurations for JavaScript projects that conform with Good Hello's coding style.
To make use of this config, install ESLint (>= 4.0) and this package as a development dependency of your project:
npm install eslint @goodhello/eslint-config --save-dev
Next, add an eslintConfig
member to your project's package.json
. At a minimum, this config file must include an extends
member:
{
"eslintConfig": {
"extends": "@goodhello"
}
}
See the ESLint configuration guide for details on additional configuration options. Any rules configured in your package.json
file will override those provided by the @goodhello/eslint-config
package.
You should run the linter as part of (or before) your tests. Assuming tests are run before any proposed changes are merged, this will ensure coding standards are maintained in your default branch. Using npm scripts is the preferred way to run the linter without requiring it to be a global dependency. Assuming you want to lint all JavaScript files in your project, add the following entry to your package.json
:
{
"scripts": {
"pretest": "eslint src"
}
}
With this pretest
entry in your package.json
, ESLint will run on all JavaScript files in the src
directory of your project using your .eslintrc
config when tests are run:
npm test
See the ESLint CLI guide for additional options when running ESLint.
In addition to running the linter when your tests are run, you should configure your editor to run the linter as well. See the ESLint integration page to find details on configuring your editor to warn you of ESLint errors.
See the examples directory for more usage examples.
After modifying the config or an example, run npm test
to test your changes and publish a new version of the package. Adding a new "error" level rule constitutes a major release. A new profile or non-breaking modification to an existing profile (e.g. a "warning" level rule) can be a minor release.
Publishing a new minor release would look like this:
# commit and push any changes first
npm version minor # this bumps the package.json version number and tags
git push --tags origin master
npm publish
FAQs
ESLint config for Good Hello projects
We found that @goodhello/eslint-config demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.