Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@springernature/eslint-config
Advanced tools
ESLint shareable config used at Springer Nature.
This package requires:
eslint
version 8.38.0 or greater (due to eslint-plugin-unicorn v47.0.0).With version 6.0.0, eslint-config-springernature
switches to ESlint version 8, which is a major update. Up to version 5.x, eslint-config-springernature
worked fine together with the module gulp-eslint
. From version 6 on, gulp-eslint
will fail with the error message
Environment key "es2024" is unknown
which is related to the upgrade to ESlint 8.
gulp-eslint
has not been maintained for several years now and seems to be dead. Luckily, there's an updated version of that module called gulp-eslint-new
, which works well with ESlint 8.
So if you are using gulp-eslint
and want to update eslint-config-springernature
to version 6, then you should replace gulp-eslint
with gulp-eslint-new
.
Our default export contains all of our ESLint rules, and includes the following plugins:
eslint-plugin-import
(core)eslint-plugin-promise
(core)eslint-plugin-unicorn
(core)eslint-plugin-no-use-extend-native
(core & legacy)eslint-plugin-node
(optional)eslint-plugin-jest
(optional)These plugins are defined as peerDependencies
in eslint-config-springernature
, which means that you will need to add these to your own project's devDependencies
.
You can find the correct version of each dependency by using npm info
:
npm info "@springernature/eslint-config@latest" peerDependencies
There are several ways to do install this without effort using the install-peerdeps tool.
Run yarn add --dev <dependency>@<version>
for each peerDependency listed by the npm info
command above.
If you have npx
available (included with npm 5+) then you can run npx install-peerdeps --dev @springernature/eslint-config
to install the dependencies automatically. This will detect and use Yarn if available.
If you're using npm 5+, then you can use npx
to install the dependencies automatically:
npx install-peerdeps --dev @springernature/eslint-config
If you're using an older version of npm where npx
is not available, you can manually install and run install-peerdeps
.
npm install -g install-peerdeps
install-peerdeps --dev @springernature/eslint-config
The cli will produce and run a command like:
npm install --save-dev @springernature/eslint-config eslint@^#.#.# eslint-plugin-node@^#.#.# eslint-plugin-import@^#.#.# eslint-plugin-no-use-extend-native@^#.#.# eslint-plugin-promise@^#.#.# eslint-plugin-unicorn@^#.#.#
Alternatively, you can use the following shell script:
(
export PKG=@springernature/eslint-config;
npm info "$PKG@latest" peerDependencies --json | command sed 's/[\{\},]//g ; s/: /@/g' | xargs npm install --save-dev "$PKG@latest"
)
Add one of the following to your .eslintrc
file:
core
- The core Springer Nature code style (with ES6 support)legacy
- For legacy JS environments (without ES6 support)These optional extensions can be added in addition to one of the above configurations:
// Core configuration
{
"extends": "@springernature/eslint-config",
"rules": {
// Additional, per-project rules...
},
"overrides": [
// Overrides for specific files or directories
]
}
// Legacy configuration
{
"extends": "@springernature/eslint-config/legacy",
"rules": {
// Additional, per-project rules...
},
"overrides": [
// Overrides for specific files or directories
]
}
// Core with optional extensions
{
"extends": [
"@springernature/eslint-config",
"@springernature/eslint-config/node",
"@springernature/eslint-config/jest"
],
"rules": {
// Additional, per-project rules...
},
"overrides": [
// Overrides for specific files or directories
]
}
// Core config extended with node config for subset of files
// Useful if you use both node and browser js in the same repo
{
"extends": "@springernature/eslint-config",
"overrides": [
{
"files": [
"path/to/app/files/*.js"
],
"extends": "@springernature/eslint-config/node"
}
]
}
You can optionally create an .eslintignore
file to ignore file paths. The .eslintignore
file is a plain text file where each line is a glob pattern indicating which paths should be omitted from linting. For example, the following will ignore all files in the tests
and coverage
folders:
**/tests/*
**/coverage/*
If you want to ignore the same files and folders contained in the .gitignore
file, you can do so by omitting the creation of the .eslintignore
file and using the following command for linting instead:
eslint --ignore-path .gitignore **/*.js
We've chosen a sensible set of rules and plugins that helps us catch the most common errors while writing JavaScript. Using a unified linting configuration across Springer Nature makes it easier to share code and resources between different teams and projects.
In certain situations it may be necessary to specify per-project rules. A typical use case is when migrating an old project using a different linter to this eslint config, where it may not be possible to fix all the issues raised by eslint in one go and we opt instead for an iterative approach.
If you need to add per-project rules, consider changing them from error
to warn
instead of disabling them completely. This will allow any tests to pass, but will help you remember that a rule has been overwritten:
"rules": {
"block-scoped-var": "warn",
}
If the problem is in one specific line of code, consider using the eslint-disable-line
or eslint-disable-next-line
directives, instead of disabling a rule for your whole project. For example:
// eslint-disable-next-line no-unassigned-import
require('polyfill');
const zero; // eslint-disable-line no-unused-vars
Please use per-project rules and eslint-disable-line
and eslint-disable-next-line
directives sparingly and only when strictly necessary.
It's common to have specific files or directories that require different settings. For example, a folder in your project may contains tests that use mocha
. Instead of defining the global variables that mocha
expects manually, you can use environments
and overrides
. You can also change specific rules for these files.
"overrides": [
{
"files": "tests/**/*.js",
"env": {
"browser": true,
"jquery": true,
"mocha": true
},
"rules": {
"no-console": "warn"
}
}
]
This package is used by many active Springer Nature projects. We always welcome issues and pull requests, but we may not always be able to merge your suggestions.
If we decide that we can't merge your PR or act on your issue, it's nothing personal! We love to see new contributors, and we strive to provide a welcoming and inclusive environment.
6.1.0 (2024-04-23)
node
environments we still want to support commonJS
unicorn/prefer-module
rule for the node
config'use strict';
at top of file.FAQs
ESLint shareable config used at Springer Nature
The npm package @springernature/eslint-config receives a total of 8,208 weekly downloads. As such, @springernature/eslint-config popularity was classified as popular.
We found that @springernature/eslint-config demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 17 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.