
Security News
Attackers Are Hunting High-Impact Node.js Maintainers in a Coordinated Social Engineering Campaign
Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.
@lightspeed/eslint-config
Advanced tools
@lightspeed/eslint-configESLint static analysis shareable configs and rules for Lightspeed web and node applications.
For both web and node environments:
For web only:
Install dependencies in your app:
yarn add -D eslint @lightspeed/eslint-config
You need Prettier installed so linting can pick up your configuration as rules:
yarn add prettier -D
Note for monorepos: you do not need to install Prettier if it's installed at the root, see Prettier in a monorepo.
Consume the base ESLint configuration in the extends section of your ESLint configuration.
For web (front-end) projects:
// .eslintrc.js
module.exports = {
extends: '@lightspeed/eslint-config/web',
};
For node (back-end) projects:
// .eslintrc.js
module.exports = {
extends: '@lightspeed/eslint-config/node',
};
Optionally, extend the configuration as you see fit.
// .eslintrc.js
module.exports = {
// Additional, per-project plugins and rules...
extends: ['@lightspeed/eslint-config/node', '...']
rules: {
// ...
},
};
In a monorepo context where Prettier is installed at the root, configure ESLint to pick the top-level configuration:
// .eslintrc.js
module.exports = {
// ...
rules: {
// We need to point to our root prettier config since it's bubbled up there
prettier: [2, '../../prettier.config.js'],
},
};
Create an npm script in your package.json to run linting:
"lint": "eslint '**/*.{js,jsx,ts,tsx}'",
If using VSCode and your repo has a .vscode/settings.json file, we recommend adding the following settings to get a better developer experience:
"editor.codeActionsOnSave": {
"source.fixAll.eslint": true
},
"editor.formatOnSave": true,
"eslint.validate": ["javascript", "javascriptreact", "typescript", "typescriptreact"],
"tslint.enable": false
Jest linting is opt-in. Since eslint-plugin-jest attempts to locate Jest to determine its version for some rules, our ESLint configuration will error out if jest isn't installed in your package.
We already include the plugin in this package's dependencies, but you'll need to manually turn on the shared configuration in your project:
// .eslintrc.js
module.exports = {
extends: [
'@lightspeed/eslint-config',
// Extend our Jest shared configuration
'@lightspeed/eslint-config/shared/jest',
],
};
GraphQL linting is opt-in. You will first need to install the ESLint plugin:
yarn add eslint-plugin-graphql -D
Then, in your ESLint configuration file, add the following:
// .eslintrc.js
module.exports = {
extends: ['@lightspeed/eslint-config', '@lightspeed/eslint-config/shared/graphql'],
};
By default, we tell eslint-plugin-graphql to look for one of these schema files in your project:
src/__generated__/graphql-schema.graphqlsrc/__generated__/schema.graphqlschema.graphqlWhen one is found, GraphQL queries will be linted against that schema.
If your schema path is different than the above, configure this way:
// .eslintrc.js
const fs = require('fs');
module.exports = {
extends: ['@lightspeed/eslint-config', '@lightspeed/eslint-config/shared/graphql'],
rules: {
'graphql/template-strings': [
'error',
{ schemaString: fs.readFileSync('custom/path/to/schema.graphql', 'utf-8') },
],
},
};
See eslint-plugin-graphql's example config for all options.
FAQs
ESLint shareable config and rules for Lightspeed web apps
The npm package @lightspeed/eslint-config receives a total of 1,543 weekly downloads. As such, @lightspeed/eslint-config popularity was classified as popular.
We found that @lightspeed/eslint-config demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Security News
Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.

Security News
Axios compromise traced to social engineering, showing how attacks on maintainers can bypass controls and expose the broader software supply chain.

Security News
Node.js has paused its bug bounty program after funding ended, removing payouts for vulnerability reports but keeping its security process unchanged.