Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
@preco21/eslint-config
Advanced tools
ESLint shareable config for
@preco21
This package provides @preco21's ESLint rules as an extensible shared config.
npm install --save-dev @preco21/eslint-config
If you are only interested in the core rules (e.g. rules/base
), you are good to go and you don’t need to follow installation instructions below.
There are configs that work with various plugins like typescript
, import
, react
, and so on. (import
, react
rules are not yet supported)
To use those, you will need to install all its peer dependencies.
By default, to prevent installing unnecessary peer dependencies, all listed peer dependencies (except the eslint
itself) are marked as optional via peerDependenciesMeta
field in the package.json
. And it's recommended to install only peer dependencies that you are going to use.
Install the correct versions of each package, which are listed by the command:
npm info "@preco21/eslint-config@latest" peerDependencies
If using npm 5+, use this shortcut:
npx install-peerdeps --dev @preco21/eslint-config
For more details about the installation, please refer to Airbnb's ESLint config documentation.
Add some ESLint config to your package.json
:
{
"eslintConfig": {
"root": true,
"extends": "@preco21/eslint-config"
}
}
Or to .eslintrc
:
{
"root": true,
"extends": "@preco21/eslint-config"
}
You can find more details about ESLint configuration here.
The package exposes two types of the config: top-level
and individual
.
Top-level configs work in a zero-configuration manner, which you don't need extra configuration to use the config:
{
"extends": "@preco21/eslint-config"
}
Every top-level config has ECMAScript modules support and latest ECMAScript features enabled by default.
If the top-level configs don't fit in your use-cases, you may assemble your own config by mixing individual configs exposed from the rules
folder:
{
"extends": [
"@preco21/eslint-config/rules/base",
"@preco21/eslint-config/rules/typescript",
...
]
}
It's recommended to use other configs upon the base
config, since it contains sensible default rules to work with.
Please note that you may need to configure extra options like env
or parserOptions
as needed.
For example:
{
"env": {
"es6": true,
"node": true
},
"parserOptions": {
"ecmaVersion": 2019,
"sourceType": "module"
},
"extends": [
"@preco21/eslint-config/rules/base",
"@preco21/eslint-config/rules/typescript"
]
}
Also, you may need to install optional plugins to use some config. (see install section)
If you are in browser environment, you can add browser
option to env
field:
{
"env": {
"browser": true
}
}
As ESLint makes no assumptions about what global variables exist in your execution environment, you will need to provide knowledge of what global variables are available. (e.g. referring external library at runtime)
You can define global variables in your configuration as follows:
{
"globals": {
"$": "readonly"
}
}
For each global variable key, set the corresponding value equal to writable
to allow the variable to be overwritten or readonly
to disallow overwriting.
See here for more details.
script
source typeEvery top-level config treats your code are in ECMAScript modules enabled environment by default. Add this to your configuration if you want to disable it:
{
"parserOptions": {
"sourceType": "script"
}
}
Although this is not generally recommended, you can fallback to ECMAScript 5 by adding this to your configuration:
{
"extends": [
"@preco21/eslint-config/rules/base",
"@preco21/eslint-config/rules/with-es5"
]
}
Please note that the with-es5
config automatically enables strict
rule.
Note: However, ESLint might still show unexpected errors or warnings because the rules in this config were defined under the assumption that users will be writing ES2015+ code. In this case, you can safely disable the problematic rules manually.
We don't enable the strict
rule by default for reason: Today, we all use tooling like webpack
, Babel
, and languages like TypeScript
. And these tools automatically insert a 'use strict'
directive for each source to ensure your code is in strict mode
.
Also, ECMAScript modules enabled environments are strict mode
by default.
So, enabling strict
rule to ensure if the 'use strict'
directive is properly placed in your source doesn't really help but redundant.
But, often you do need the rule for writing non-compiled code like CLI scripts.
Then, you can optionally enable the rule for the specific case:
{
"overrides": [
{
"files": ["bin/**/*.js"],
"parserOptions": {
"sourceType": "script",
"ecmaFeatures": {
"jsx": false
}
},
"rules": {
"strict": "error"
}
}
]
}
If you are in Electron environment, you may need to add electron
to import/core-modules
setting. So that eslint-import-plugin
can consider the electron
module as a core
module like path
:
{
"settings": {
"import/core-modules": ["electron"]
}
}
For more details, see here.
FAQs
ESLint shareable config for @preco21
We found that @preco21/eslint-config demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.