Security News
Crates.io Implements Trusted Publishing Support
Crates.io adds Trusted Publishing support, enabling secure GitHub Actions-based crate releases without long-lived API tokens.
By Sarah Gooding - Jul 16, 2025
You're Invited:Meet the Socket Team at BlackHat and DEF CON in Las Vegas, Aug 4-6.RSVP →
@hint/hint-manifest-file-extension
Advanced tools
@hint/hint-manifest-file-extension
hint that that checks if the web app manifest file has the correct file extension
Correct manifest extension (manifest-file-extension)
manifest-file-extension warns against using non-standard file
extensions for the web app manifest file.
Why is this important?
While the .webmanifest file extension is not
enforced by the specification, nor is it required by browsers, using
it makes it:
- easier to set custom server configurations for the web app manifest file
- possible to benefit from existing configurations
What does the hint check?
The hint checks if the recommended .webmanifest
file extension is used for the web app manifest file.
Examples that trigger the hint
<link rel="manifest" href="site.json">
<link rel="manifest" href="site.manifest">
Examples that pass the hint
<link rel="manifest" href="site.webmanifest">
How to use this hint?
This package is installed automatically by webhint:
npm install hint --save-dev
To use it, activate it via the .hintrc configuration file:
{
"connector": {...},
"formatters": [...],
"hints": {
"manifest-file-extension": "error",
...
},
"parsers": [...],
...
}
Note: The recommended way of running webhint is as a devDependency of
your project.
Further Reading
FAQs
hint that that checks if the web app manifest file has the correct file extension
The npm package @hint/hint-manifest-file-extension receives a total of 25,925 weekly downloads. As such, @hint/hint-manifest-file-extension popularity was classified as popular.
We found that @hint/hint-manifest-file-extension demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 5 open source maintainers collaborating on the project.
Package last updated on 29 Aug 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Tracking Protestware Spread: 28 npm Packages Affected by Payload Targeting Russian-Language Users
Undocumented protestware found in 28 npm packages disrupts UI for Russian-language users visiting Russian and Belarusian domains.
By Olivia Brown - Jul 15, 2025
Research
/Security News
Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader
North Korean threat actors deploy 67 malicious npm packages using the newly discovered XORIndex malware loader.
By Kirill Boychenko - Jul 14, 2025