Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
@lightbase/eslint-config
Advanced tools
Opinionated but configurable ESLint config. Fully includes linting and formatting.
npm install --save-dev --exact @lightbase/eslint-config
Some configurations require manually installed plugins. For example
npm install --save-dev --exact eslint-plugin-react eslint-plugin-react-hooks
This is documented below.
This package builds a config, compatible with
ESLint Flat Config.
To use the config, create the following eslint.config.js
file:
import { defineConfig } from "@lightbase/eslint-config";
export default defineConfig({});
Add the following scripts to your package.json
:
{
"scripts": {
"lint": "eslint . --fix --cache --cache-location .cache/eslint/",
"lint:ci": "eslint ."
}
}
Make sure to add
.cache
to your .gitignore
[!NOTE]
In a CommonJS project, make sure to name your file
eslint.config.mjs
instead.
Prettier is configured to run on all Markdown, JSON, YAML, JavaScript and TypeScript files. We support the following configuration to override this:
import { defineConfig } from "@lightbase/eslint-config";
export default defineConfig({
prettier: {
globalOverride: {
// Override Prettier options for all supported files.
},
languageOverrides: {
ts: {
// Override Prettier options for a specific file
// group.
},
},
},
});
Typescript ESLint is automatically enabled if a
tsconfig.json
is present.
import { defineConfig } from "@lightbase/eslint-config";
export default defineConfig(
{},
{
// Apply custom rules
files: ["**/*.ts"],
rules: {
"@typescript-eslint/no-unused-vars": "off",
},
},
);
Or explicitly disabling Typescript support can be done with:
import { defineConfig } from "@lightbase/eslint-config";
export default defineConfig({
typescript: false,
});
By default, we enable the recommended type checked rules from typescript-eslint. To disable these rules, use:
import { defineConfig } from "@lightbase/eslint-config";
export default defineConfig({
typescript: {
disableTypeCheckedRules: true,
},
});
A Markdown processor is installed by default. Its purpose is to extract code-blocks and present them as virtual files. This means that markdown code-blocks can receive custom rules as follows:
import { defineConfig } from "@lightbase/eslint-config";
export default defineConfig(
{},
{
files: ["**/*.md/*.js"],
rules: {
"no-unused-vars": "off",
},
},
);
The config optionally supports enabling React and Next.js specific rules. Add the following dependencies:
npm install --save-dev --exact eslint-plugin-react eslint-plugin-react-hooks eslint-plugin-jsx-a11y eslint-plugin-no-relative-import-paths
If you use Next.js, make sure to also add @next/eslint-plugin-next
via:
npm install --save-dev --exact @next/eslint-plugin-next
React is only support in combination with Typescript (see above), and can be enabled as follows:
import { defineConfig } from "@lightbase/eslint-config";
export default defineConfig({
react: {
withNextJs: true,
},
});
This enables all Next.js rules and various recommended rules for React, hooks usage, and JSX accessibility.
The config by default includes all globals for Node.js, Browser, and ES2021. You can use other predefined presets via
import { defineConfig } from "@lightbase/eslint-config";
export default defineConfig({
// Make sure to include the full setup.
globals: ["browser", "serviceworker"],
});
This enables environment-specific globals for all files. For a stricter setup, use custom configuration as explained below
import globals from "globals";
import { defineConfig } from "@lightbase/eslint-config";
export default defineConfig(
{},
{
files: ["**/*.js"],
languageOptions: {
globals: {
...globals.es2015,
},
},
},
);
ESLint will by default ignore everything as defined in your .gitignore
. You can add new
directories like so.
import { defineConfig } from "@lightbase/eslint-config";
export default defineConfig(
{
// Define config options, explained above.
},
{
// Ignore the packages/ directory.
ignores: ["packages/**"],
},
);
Make sure that nested directory ignores contain the proper wildcards for them to work.
# works
.cache
**/src/generated
# doesn't work
src/generated
defineConfig
accepts custom ESLint configuration as the 'rest' parameter. This allows
you to configure rules for specific file patterns.
import { defineConfig } from "@lightbase/eslint-config";
export default defineConfig(
{
// Define config options, explained above.
},
{
// Ignore the packages/ directory.
ignores: ["packages/**"],
},
{
// Add rules for specific files.
file: ["**/*.ts"],
rules: {
"no-console": "off",
},
},
);
Configuring Webstorm to use this config can be done as follows:
Languages & Frameworks
-> JavaScript
-> Code Quality Tools
-> ESLint
Automatic ESLint configuration
Run for files
to **/*.*
Run eslint --fix on save
Apply
& OK
Since this config is configured to automatically cleanup imports, and runs Prettier as
part of ESLint, you can disable these settings in the Actions on Save
-settings of
WebStorm.
[!NOTE]
WebStorm sometimes doesn't pick up on an updated ESLint configuration. A restart of the background services fixes this.
- In versions
2023.3
and below, go to the ESLint settings in your preferences according to the steps above. SelectDisable ESLint configuration
, click onApply
and selectAutomatic ESLint configuration
again.- In versions
20241.1
and above useHelp
->Find action
->Restart ESLint Service
.
Inspired by Dirkdev98's initial design, solidified with @antfu/eslint-config.
FAQs
ESLint based linting and formatting configuration
The npm package @lightbase/eslint-config receives a total of 334 weekly downloads. As such, @lightbase/eslint-config popularity was classified as not popular.
We found that @lightbase/eslint-config demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.