Security News
AI Agent Lands PRs in Major OSS Projects, Targets Maintainers via Cold Outreach
An AI agent is merging PRs into major OSS projects and cold-emailing maintainers to drum up more work.
By Sarah Gooding - Feb 14, 2026
Latest Threat Research:Malicious dYdX Packages Published to npm and PyPI After Maintainer Compromise.Details →
@map-colonies/eslint-plugin
Advanced tools
@map-colonies/eslint-plugin
Custom ESLint rules for MapColonies projects. This plugin provides specialized rules to enforce best practices and prevent common mistakes.
Installation
npm install --save-dev @map-colonies/eslint-plugin
Usage
Quick Start with Recommended Config
Add the plugin to your ESLint configuration:
// eslint.config.mjs
import mapColoniesPlugin from '@map-colonies/eslint-plugin';
export default [
mapColoniesPlugin.configs['pino-safety'],
// ... your other configs
];
Manual Configuration
Or configure rules individually:
// eslint.config.mjs
import mapColoniesPlugin from '@map-colonies/eslint-plugin';
export default [
{
plugins: {
'@map-colonies': mapColoniesPlugin,
},
rules: {
'@map-colonies/pino-safety/no-swallowed-args': 'error',
'@map-colonies/pino-safety/prefer-standard-error-key': 'warn',
},
},
];
Rules
Pino Safety Rules
pino-safety/no-swallowed-args
Prevents Pino from silently swallowing objects when arguments don't match the message format placeholders.
Problem: Pino uses printf-style formatting. If you pass extra arguments without corresponding placeholders (%s, %d, etc.), they are silently ignored.
Examples:
// ❌ Bad - object is swallowed (no placeholder)
logger.info('User logged in', { userId: 123 });
// ❌ Bad - second argument is swallowed (only one %s placeholder)
logger.info('User %s logged in', username, { extra: 'data' });
// ✅ Good - merge object pattern (object first)
logger.info({ userId: 123 }, 'User logged in');
// ✅ Good - placeholders match argument count
logger.info('User %s logged in at %d', username, timestamp);
// ✅ Good - no extra arguments
logger.info('Simple message');
Supported placeholders: %s, %d, %f, %i, %j, %o, %O
pino-safety/prefer-standard-error-key
Ensures errors are serialized correctly by using Pino's standard err key instead of error.
Problem: Pino's default error serializer looks for the err key. Using error means the error won't be properly serialized with stack traces.
Examples:
// ❌ Bad - "error" key won't be serialized properly
logger.error({ error: new Error('Failed') }, 'Operation failed');
// ✅ Good - "err" key uses Pino's error serializer
logger.error({ err: new Error('Failed') }, 'Operation failed');
// ✅ Good - other property names are fine
logger.info({ userId: 123, status: 'active' }, 'User info');
Configuration Presets
pino-safety (recommended)
Enables all Pino safety rules with recommended severity levels:
pino-safety/no-swallowed-args:errorpino-safety/prefer-standard-error-key:warn
Development
Building
pnpm run build
Testing
pnpm run test
Linting
pnpm run lint
Related Packages
- @map-colonies/js-logger - Pino-based logger for MapColonies services
- @map-colonies/eslint-config - Base ESLint configuration
License
MIT
FAQs
Custom ESLint rules for MapColonies projects
We found that @map-colonies/eslint-plugin demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 11 open source maintainers collaborating on the project.
Package last updated on 20 Jan 2026
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Malicious Chrome Extension Steals Meta Business Manager Exports and TOTP 2FA Seeds
Chrome extension CL Suite by @CLMasters neutralizes 2FA for Facebook and Meta Business accounts while exfiltrating Business Manager contact and analytics data.
By Kirill Boychenko - Feb 13, 2026
Security News
AI Agent Submits PR to Matplotlib, Publishes Angry Blog Post After Rejection
After Matplotlib rejected an AI-written PR, the agent fired back with a blog post, igniting debate over AI contributions and maintainer burden.
By Sarah Gooding - Feb 12, 2026