Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@lint-todo/utils
Advanced tools
![CI Build](https://github.com/lint-todo/utils/workflows/CI%20Build/badge.svg) [![npm version](https://badge.fury.io/js/%40lint-todo%2Futils.svg)](https://badge.fury.io/js/%40lint-todo%2Futils) [![License](https://img.shields.io/npm/l/@checkup/cli.svg)](h
A collection of utilities to generate and store lint item metadata.
Those utilities are:
Adapts a LintResult to a TodoData. FilePaths are absolute when received from a lint result, so they're converted to relative paths for stability in serializing the contents to disc.
Determines if the .lint-todo storage file exists.
Creates, or ensures the creation of, the .lint-todo file.
Determines if the .lint-todo storage file has conflicts.
Resolves git conflicts in todo operations by removing any lines that match conflict markers.
Reads the .lint-todo storage file.
Writes the operations to the .lint-todo storage file to the path provided by todoStorageFilePath.
Writes files for todo lint violations. One file is generated for each violation, using a generated hash to identify each.
Given a list of todo lint violations, this function will also delete existing files that no longer have a todo lint violation.
Reads all todo files in the .lint-todo file.
Reads todo files in the .lint-todo file for a specific filePath.
Reads todos in the .lint-todo file and returns Todo data in an array.
Reads todos for a single filePath in the .lint-todo file and returns Todo data in an array.
Gets 4 data structures containing todo items to add, remove, those that are expired, and those that are stable (not to be modified).
Gets 4 data structures containing todo items to add, remove, those that are expired, and those that are stable (not to be modified).
Applies todo changes, either adding or removing, based on batches from getTodoBatches
.
Compacts the .lint-todo storage file.
Gets the todo configuration from one of a number of locations.
Validates whether we have a unique config in a single location.
Returns the correct severity level based on the todo data's decay dates.
Evaluates whether a date is expired (earlier than today)
Converts a date to include year, month, and day values only (time is zeroed out).
Returns the difference in days between two dates.
Formats the date in short form, eg. 2021-01-01
Converts node positional numbers into a Range object.
Reads a source file, optionally caching it if it's already been read.
Extracts a source fragment from a file's contents based on the provided Range.
Adapts a LintResult to a TodoData. FilePaths are absolute when received from a lint result, so they're converted to relative paths for stability in serializing the contents to disc.
Kind: global function
Returns: - A TodoData object.
Param | Description |
---|---|
lintResult | The lint result object. |
lintMessage | A lint message object representing a specific violation for a file. |
todoConfig | An object containing the warn or error days, in integers. |
Determines if the .lint-todo storage file exists.
Kind: global function
Returns: - true if the todo storage file exists, otherwise false.
Param | Description |
---|---|
baseDir | The base directory that contains the .lint-todo storage file. |
Creates, or ensures the creation of, the .lint-todo file.
Kind: global function
Returns: - The todo storage file path.
Param | Description |
---|---|
baseDir | The base directory that contains the .lint-todo storage file. |
Kind: global function
Returns: - The todo storage file path.
Param | Description |
---|---|
baseDir | The base directory that contains the .lint-todo storage file. |
Determines if the .lint-todo storage file has conflicts.
Kind: global function
Returns: true if the file has conflicts, otherwise false.
Param | Description |
---|---|
todoContents | The unparsed contents of the .lint-todo file. |
Resolves git conflicts in todo operations by removing any lines that match conflict markers.
Kind: global function
Returns: An array of string operations excluding any operations that were identified as git conflict lines.
Param | Description |
---|---|
operations | An array of string operations that are used to recreate todos. |
Reads the .lint-todo storage file.
Kind: global function
Returns: A array of todo operations.
Param | Description |
---|---|
todoStorageFilePath | The .lint-todo storage file path. |
Writes the operations to the .lint-todo storage file to the path provided by todoStorageFilePath.
Kind: global function
Param | Description |
---|---|
todoStorageFilePath | The .lint-todo storage file path. |
operations | An array of string operations that are used to recreate todos. |
Writes files for todo lint violations. One file is generated for each violation, using a generated hash to identify each.
Given a list of todo lint violations, this function will also delete existing files that no longer have a todo lint violation.
Kind: global function
Returns: - The counts of added and removed todos.
Param | Description |
---|---|
baseDir | The base directory that contains the .lint-todo storage file. |
maybeTodos | The linting data, converted to TodoData format. |
options | An object containing write options. |
Reads all todo files in the .lint-todo file.
Kind: global function
Returns: - A Map of FilePath/TodoMatcher.
Param | Default | Description |
---|---|---|
baseDir | The base directory that contains the .lint-todo storage file. | |
options | An object containing read options. | |
shouldLock | true | True if the .lint-todo storage file should be locked, otherwise false. Default: true. |
Reads todo files in the .lint-todo file for a specific filePath.
Kind: global function
Returns: - A Map of FilePath/TodoMatcher.
Param | Default | Description |
---|---|---|
baseDir | The base directory that contains the .lint-todo storage file. | |
options | An object containing read options. | |
shouldLock | true | True if the .lint-todo storage file should be locked, otherwise false. Default: true. |
Reads todos in the .lint-todo file and returns Todo data in an array.
Kind: global function
Returns: An array of TodoData
Param | Description |
---|---|
baseDir | The base directory that contains the .lint-todo storage file. |
options | An object containing read options. |
Reads todos for a single filePath in the .lint-todo file and returns Todo data in an array.
Kind: global function
Returns: An array of TodoData
Param | Description |
---|---|
baseDir | The base directory that contains the .lint-todo storage file. |
options | An object containing read options. |
Gets 4 data structures containing todo items to add, remove, those that are expired, and those that are stable (not to be modified).
Kind: global function
Returns: - An object of TodoBatches.
Param | Description |
---|---|
baseDir | The base directory that contains the .lint-todo storage file. |
maybeTodos | The linting data for violations. |
options | An object containing write options. |
Gets 4 data structures containing todo items to add, remove, those that are expired, and those that are stable (not to be modified).
Kind: global function
Returns: - An object of TodoBatches.
Param | Description |
---|---|
maybeTodos | The linting data for violations. |
existing | Existing todo lint data. |
options | An object containing write options. |
Applies todo changes, either adding or removing, based on batches from getTodoBatches
.
Kind: global function
Param | Default | Description |
---|---|---|
baseDir | The base directory that contains the .lint-todo storage file. | |
add | Batch of todos to add. | |
remove | Batch of todos to remove. | |
shouldLock | true | True if the .lint-todo storage file should be locked, otherwise false. Default: true. |
Compacts the .lint-todo storage file.
Kind: global function
Returns: The count of compacted todos.
Param | Description |
---|---|
baseDir | The base directory that contains the .lint-todo storage file. |
Gets the todo configuration from one of a number of locations.
Kind: global function
Returns: - The todo config object.
Param | Description |
---|---|
baseDir | The base directory that contains the project's package.json. |
engine | The engine for this configuration, eg. eslint |
customDaysToDecay | The optional custom days to decay configuration. |
Example
Using the package.json
{
"lintTodo": {
"some-engine": {
"daysToDecay": {
"warn": 5,
"error": 10
},
"daysToDecayByRule": {
"no-bare-strings": { "warn": 10, "error": 20 }
}
}
}
}
Example
Using the .lint-todorc.js file
module.exports = {
"some-engine": {
"daysToDecay": {
"warn": 5,
"error": 10
},
"daysToDecayByRule": {
"no-bare-strings": { "warn": 10, "error": 20 }
}
}
}
Example
Using environment variables (`TODO_DAYS_TO_WARN` or `TODO_DAYS_TO_ERROR`)
- Env vars override package.json config
Example
Passed in directly, such as from command line options.
- Passed in options override both env vars and package.json config
Validates whether we have a unique config in a single location.
Kind: global function
Returns: A ConfigValidationResult that indicates whether a config is unique
Param | Description |
---|---|
baseDir | The base directory that contains the project's package.json. |
Returns the correct severity level based on the todo data's decay dates.
Kind: global function
Returns: Severity - the lint severity based on the evaluation of the decay dates.
Param | Description |
---|---|
todo | The todo data. |
today | A number representing a date (UNIX Epoch - milliseconds) |
Evaluates whether a date is expired (earlier than today)
Kind: global function
Returns: true if the date is earlier than today, otherwise false
Param | Description |
---|---|
date | The date to evaluate |
today | A number representing a date (UNIX Epoch - milliseconds) |
Converts a date to include year, month, and day values only (time is zeroed out).
Kind: global function
Returns: Date - A date with the time zeroed out eg. '2021-01-01T08:00:00.000Z'
Param | Description |
---|---|
date | The date to convert |
Returns the difference in days between two dates.
Kind: global function
Returns: a number representing the days between the dates
Param | Description |
---|---|
startDate | The start date |
endDate | The end date |
Formats the date in short form, eg. 2021-01-01
Kind: global function
Returns: A string representing the formatted date
Param | Description |
---|---|
date | The date to format |
Converts node positional numbers into a Range object.
Kind: global function
Returns: A range object.
Param | Description |
---|---|
line | The source start line. |
column | The source start column. |
endLine | The source end line. |
endColumn | The source end column. |
Reads a source file, optionally caching it if it's already been read.
Kind: global function
Returns: The file contents.
Param | Description |
---|---|
filePath | The path to the source file. |
Extracts a source fragment from a file's contents based on the provided Range.
Kind: global function
Returns: The source fragment.
Param | Description |
---|---|
source | The file contents. |
range | A Range object representing the range to extract from the file contents. |
FAQs
![CI Build](https://github.com/lint-todo/utils/workflows/CI%20Build/badge.svg) [![npm version](https://badge.fury.io/js/%40lint-todo%2Futils.svg)](https://badge.fury.io/js/%40lint-todo%2Futils) [![License](https://img.shields.io/npm/l/@checkup/cli.svg)](h
We found that @lint-todo/utils demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.