You're Invited:Meet the Socket Team at BlackHat and DEF CON in Las Vegas, Aug 7-8.RSVP
Socket
Socket
Sign inDemoInstall

@namics/env-linter

Package Overview
Dependencies
0
Maintainers
7
Versions
9
Alerts
File Explorer

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

@namics/env-linter

Ensures that all developers on your project use the same node version, install dependencies in an unambiguous manner and utilize githooks.


Version published
Maintainers
7
Created

Changelog

Source

0.5.0 (2021-08-14)

Features

  • hooks: add support for husky v6 (32d9ab5)
  • hooks: adjust detection of hooks for husky 7 (e0570df)
  • log-messages: show npm version in wrong npm version log message (a58df21)
  • log-messages: show why is this link next to the warnings (f94fa41)
  • security: add option to check for secure node version (902ba3b)
  • security: Check for higher minor security version inside used major version; adjust error and success messages; adjust security tests; (9504086)
  • security: Create security check based on lts; add test; (86096b7)

Bug Fixes

  • hooks: change detection of husky 6 hooks (f57c732)

Readme

Source

env-linter

Ensures that all developers on your project use the same, secure LTS version of node, install dependencies in an unambiguous manner and utilize githooks.

npm Travis License

env-linter screencast

Usage example

Feel free to use env-linter in any way that makes sense for your project. Here is an example of how env-linter could be applied as part of your package.json:

{
	"postinstall": "env-linter -s -se -d -vs 'node=14.x.x,npm=7.x.x'",
	"prestart": "env-linter -h -vs 'node=14.x.x,npm=7.x.x'",
	"lint-staged": {
		"**/package.json": ["env-linter -s -d"]
	}
}

You can skip all env-linter checks by using the environment variable ENV_LINTER_SKIP=true. This could be useful on certain CI environments which are not automatically detected by env-linter.

API usage

const { api } = require('@namics/env-linter');

await api({
	versions: 'node=14.x.x,npm=7.x.x',
	hooksInstalled: true,
	saveExact: true,
	dependenciesExactVersion: true,
	lts: true,
	security: true,
});

Options

-vs, --versions [string]

Checks the installed versions of global packages or programs like node, npm, yo, etc. against a required version. For example calling env-linter --versions 'node=14.x.x' will ensure that version 14 of node is being used. Multiple versions can be checked by separating them with a comma (eg. --versions 'node=14.x.x,npm=7.x.x,yo=4.x.x'). env-linter will stop any further process-execution if a package or program does not satisfy the required version.

Calling env-linter with --versions but without any arguments will compare the installed node-version with the node-version from the .node-version file.

In any case, the used node version is compared to the list of official node-releases and process-execution is stopped if the used npm version is older than the npm version that node comes with.

-h, --hooksInstalled

Checks if git-hooks are installed (i.e. husky installed). env-linter will stop any further process-execution if git-hooks are not installed.

-se, --security

Checks if the used node version is considered secure according to the current list of node releases. If a newer node-version is available which was released due to a security concern, env-linter will stop any further process-execution. Find out more about the security-flag in this github issue.

-s, --saveExact

Checks if the npm option save-exact is enabled, either through a .npmrc file in the project or in the user-directory. env-linter will stop any further process-execution if save-exact is disabled.

-d, --dependenciesExactVersion

Checks if the version definitions of the dependencies and devDependencies in the package.json (or in a monorepository all available packages) are fitting our standards, which means; no approximate versions eg. tilde ~ or caret ^, no star * wildcard and no tarball embeds via https://*.

-l, --lts

Checks if the used node version is a LTS version. Here is some more information why it might be a good idea to use an LTS version.

License

MIT License

Keywords

FAQs

Package last updated on 14 Aug 2021

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc