Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
@jsdevtools/eslint-config-modular
Advanced tools
ESLint Modular is a shareable config for ESLint that's broken-up into different modules that can be mixed-and-matched to match the needs of your project.
Each module defines rules that are meant to be reasonable defaults and best practices, but you can easily extend or override any of the rules to suit your needs.
Run the following npm command to install ESLint and ESLint Modular as dev-dependencies of your project:
npm install eslint @jsdevtools/eslint-config-modular --save-dev
Shareable configs are designed to work with the extends
feature of .eslintrc
files. You can learn more about
Shareable Configs on the official ESLint website.
To use ESLint Modular in your project, create an .eslintrc.yml
file with the following contents:
.eslintrc.yml
extends:
# These modules would be good for a Node.js project written in ES5
- "@jsdevtools/modular/best-practices"
- "@jsdevtools/modular/style"
- "@jsdevtools/modular/node"
- "@jsdevtools/modular/es5"
rules:
# You can override or extend any rules here
Modular ESLint Configuration includes the following modules. Mix-and-match them as applicable to your project.
@jsdevtools/modular/best-practices
(source)This module contains rules that prevent accidental bugs, insecure code, and bad coding practices. You can use this module directly, or use any/all of its sub-modules.
@jsdevtools/modular/best-practices/bugs
(source)The rules in this module prevent syntax that is likely to lead to accidental bugs or runtime errors. Examples include not reassigning native objects, and using ===
instead of ==
for comparisons. Most of the rules in this file will raise an error if violated, but some less-severe ones will only raise warnings.
@jsdevtools/modular/best-practices/security
(source)These rules help enforce security best-practices such as avoiding the eval()
statement and requiring "use strict"
directives.
@jsdevtools/modular/browser
(source)This module configures ESLint to recognize browser globals, such as window
, document
, navigator
, etc. It also contains rules that are specific to projects that are intended to run in web browsers, such as avoiding the alert()
statement and requiring the use strict
directive within a function.
@jsdevtools/modular/browser/jsx
(source)This module configures ESLint to parse JSX syntax. It also contains JSX-specific rules, such as enforcing the use of double-quotes in JSX attributes.
@jsdevtools/modular/es5
(source)This module configures ESLint to parse EcmaScript 5 code. It also disables ES6-specific rules, such as using let
instead of var
.
@jsdevtools/modular/es6
(source)This module configures ESLint to parse EcmaScript 6 (and newer) code. It also contains ES6-specific rules, such as not assigning to constants, calling super()
in constructors, and using let
instead of var
.
@jsdevtools/modular/modules/cjs
(source)This module configures ESLint to parse your JavaScript files with script semantics rather than ES6 module semantics, since CommonJS modules are not "true" JavaScript modules.
@jsdevtools/modular/modules/esm
(source)This module configures ESLint to parse your JavaScript files with ES6 module semantics rather than script semantics. It also disallows the use strict
directive, since ES6 modules are always strict.
@jsdevtools/modular/node
(source)This module configures ESLint to recognize Node.js globals, such as process
, __dirname
, Buffer
, etc. It also contains rules that are specific to Node.js projects, such as avoding new require()
syntax and disallowing concatenation with __dirname
.
@jsdevtools/modular/style
(source)This module contains code-styling and consistency rules. You can use this module directly, or use any/all of its sub-modules.
@jsdevtools/modular/style/conventions
(source)The rules in this module enforce an opinionated set of conventions, such as using double-quotes and semi-colons.
@jsdevtools/modular/style/naming
(source)These rules enforce JavaScript naming conventions, such as camel-case variables and capitialized classes.
@jsdevtools/modular/style/syntax
(source)These rules disallow outdated, nonstandard, and confusing syntax. Examples include labels, the comma operator, and nonstandard multiline strings.
@jsdevtools/modular/style/whitespace
(source)This module enforces opinionated whitespace rules, such as two-space indentation, Stroustrup style opening braces, and commas at the end of the line.
@jsdevtools/modular/test
(source)This module configures ESLint to recognize globals that are defined by common test frameworks, such as describe
, it
, beforeEach
, etc. It also disables rules that tend to cause problems with certain test frameworks.
Note: We recommend that you create a separate
.eslintrc.yml
file in your test folder. That way, it can use different modules and rules than the rest of your codebase.
Thanks to these awesome companies for their support of Open Source developers ❤
FAQs
Modular ESLint configuration
The npm package @jsdevtools/eslint-config-modular receives a total of 6 weekly downloads. As such, @jsdevtools/eslint-config-modular popularity was classified as not popular.
We found that @jsdevtools/eslint-config-modular demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.