Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@studyportals/code-style
Advanced tools
Default linting configurations for the Studyportals repositories
The purpose of this repository is to provide standardized configuration files for the most common linters we use in Studyportals repositories. The main usage is in Super-Linter, which uses these configuration files to run the most important linters on most of our repositories.
Please send pull requests to @stefanklokgieters if you think you want to suggest changes. Never publish changes on NPM without a approval...
You can add CodeStyle as a dependency to your project by running the following command:
npm install @studyportals/code-style --save-dev
ESLint is a linter for JavaScript, as well as TypeScript code. It can help find and fix potential problems in your code. When you install the CodeStyle package you can simply extend from the ESLint configuration file inside it.
// package.json
"eslintConfig": {
"extends": "./node_modules/@studyportals/code-style/.eslintrc.js",
"parserOptions": {
"sourceType": "module"
}
}
When global variables are used in different files than they we're defined in, ESLint will see it as an undefined variable. To solve this problem, you can define the global variables at the top of your file like so:
/* global var1, var2, var3 */
To avoid this you can define your project's global variables in a custom configuration.
To enable linting locally, you can follw the steps below.
ESLint
plugin from the Microsoft Extensions Marketplace in VSCodeCtrl + Shift + P
and search for Preferences: Open Settings (JSON)
settings.json
"editor.codeActionsOnSave": {
"source.fixAll.eslint": true,
},
"eslint.validate": [
"javascript",
"typescript",
]
Ctrl + Shift + P
and running TypeScript: Restart TS Server
With these changes in place, whenever you save any changes, some errors are automatically resolved. For those that aren't you will receive errors or warnings that you can act upon.
Follow the official documentation on how to configure ESLint with PhpStorm.
The example below demonstrates how you can override an existing rule in your .eslintrc.js
.
module.exports = {
extends: "./node_modules/@studyportals/code-style/.eslintrc.js",
rules: {
"@typescript-eslint/array-type": [
"error",
{
default: "generic",
},
],
},
};
You can read more about overriding rules here.
The example below demonstrates how you can ignore files in your .eslintrc.js
.
module.exports = {
extends: "./node_modules/@studyportals/code-style/.eslintrc.js",
ignorePatterns: ["**/tests/"],
};
Otherwise, you can ignore these files by appending them to your .eslintignore
. You can read more about ignoring files here.
StyleLint is our main linter for all styling related files. It can read all types of style related syntax, like SCSS, Sass, Less and SugarSS. When you install the CodeStyle package you can simply extend from the StyleLint configuration file inside it.
// .stylelintrc.json
{
"extends": "./node_modules/@studyportals/code-style/.stylelintrc.json"
}
To enable linting locally, you can follow the steps below.
Stylelint
plugin from the Microsoft Extensions Marketplace in VSCodeCtrl + Shift + P
and search for Preferences: Open Settings (JSON)
settings.json
"editor.codeActionsOnSave": {
"source.fixAll.stylelint": true,
}
With these changes in place, whenever you save any changes, some errors are automatically resolved. For those that aren't you will receive errors or warnings that you can act upon.
Follow the official documentation on how to configure Stylelint with PhpStorm.
The example below demonstrates how you can override an existing rule in your .stylelintrc.json
.
{
"extends": "./node_modules/@studyportals/code-style/.stylelintrc.json",
"rule-empty-line-before": [
"always",
{
"except": "first-nested"
}
]
}
The example below demonstrates how you can ignore files in your .stylelintrc.json
. However, StyleLint recommends you do so with a .stylelintignore
, instead. You can read more about this here.
{
"extends": "./node_modules/@studyportals/code-style/.stylelintrc.json",
"ignoreFiles": ["node_modules/", "**/*.js"]
}
PHP_CodeSniffer is a linter for PHP files. It can both detect and fix coding standard violations. PHP_CodeSniffer can be run from the command line, where the configuration can be referenced. You can extend the PHP_CodeSniffer configuration from the CodeStyle package.
phpcs-run --standard=./node_modules/@studyportals/code-style/phpcs.xml ./
To enable linting locally, you can follow the steps below.
phpcs
plugin from the Microsoft Extensions Marketplace in VSCode.Ctrl + Shift + P
and search for Preferences: Open Settings (JSON)
settings.json
"phpcs.executablePath": "./vendor/bin/phpcs" // or "./vendor/bin/phpcs.bat"
"phpcs.ignorePatterns": [ "*/vendor/*" ]
Follow the official documentation on how to configure PHP_CodeSniffer with PhpStorm.
The example below demonstrates how you can override an existing rule in your phpcs.xml
to exclude it.
<?xml version="1.0"?>
<ruleset name="Custom">
<rule ref="./node_modules/@studyportals/code-style/phpcs.xml">
<exclude name="Generic.Files.LineEndings"/>
<rule/>
</ruleset>
The example below demonstrates how you can ignore files in your phpcs.xml
<?xml version="1.0"?>
<ruleset name="Custom">
<rule ref="./node_modules/@studyportals/code-style/phpcs.xml" />
<exclude-pattern>tests/**/*.php</exclude-pattern>
</ruleset>
PHP Mess Detector (PHPMD) is a linter for PHP files. It takes a given PHP source code base and look for several potential problems within that source. When you install the CodeStyle package you can reference the PHPMD configuration file inside it.
<!-- phpmd.xml -->
<rule ref="./node_modules/@studyportals/code-style/phpmd.xml" />
To enable linting locally, you can follow the steps below.
PHP Mess Detector
plugin from the Microsoft Extensions Marketplace in VSCode.Ctrl + Shift + P
and search for Preferences: Open Settings (JSON)
settings.json
"phpmd.rules": "${workspaceFolder}/phpmd.xml",
Follow the official documentation on how to configure PHPMD with PhpStorm.
The example below demonstrates how you can override an existing rule in your phpmd.xml
to exclude it.
<?xml version="1.0"?>
<ruleset name="Custom">
<rule ref="./node_modules/@studyportals/code-style/phpcs.xml">
<exclude name="Generic.Files.LineEndings"/>
<rule/>
</ruleset>
The example below demonstrates how you can ignore files in your phpmd.xml
<?xml version="1.0"?>
<ruleset name="Custom">
<rule ref="./node_modules/@studyportals/code-style/phpmd.xml" />
<exclude-pattern>tests/**/*.php</exclude-pattern>
</ruleset>
PHP Static Analysis Tool is a linter for PHP files. PHPStan can be run from the command line, where the configuration can be referenced. The phpstan.neon
configuration from CodeStyle can be included as follows.
includes:
- ./node_modules/@studyportals/code-style/phpstan.neon
To run PHPStan
phpstan analyse -c phpstan.neon
To enable linting locally, you can follow the steps below.
phpstan
plugin from the Microsoft Extensions Marketplace in VSCode.Follow the official documentation on how to configure PHPStan with PhpStorm.
The example below demonstrates how you can override an existing rule in your phpstan.neon
.
includes:
- ./node_modules/@studyportals/code-style/phpstan.neon
- phpstan-baseline.neon
parameters:
level: 8
The example below demonstrates how you can ignore files in your phpstan.xml
includes:
- ./node_modules/@studyportals/code-style/phpstan.neon
- phpstan-baseline.neon
parameters:
excludePaths:
- Modules/RankingXDiscipline/ChartBase/rankings_disciplines.php
- TestSuites\PHPUnit\Integration\Router\Handlers\Error\DebugErrorHandlerTest.php
- TestSuites\PHPUnit\Integration\Router\Handlers\Error\DebugXhrErrorHandlerTest.php
- TestSuites\PHPUnit\Integration\Router\IndexTest.php
It is possible to run the Super-Linter GitHub workflow using Docker containers. In some cases, this can be useful. To do so, follow the instructions below.
act
installation instructions and choose the option that best suits your environmentrepo
scope.secrets
file (or equivalent) and add it to your .gitignore
SUPERLINTER=<value>
to the .secrets
file by pasting the value of the access token created in step 2package.json
called superlinter
(or equivalent), which executes the command act workflow_dispatch -W [path-to-linter-workflow] --secret-file [path-to-secret-file] --rm
docker login
npm run superlinter
[!IMPORTANT]
If you are using Windows (not WSL), you might need to add the argument-P <platform>=<docker-image>
when runningact
. You can identify theplatform
based on theruns-on
property of the job in thelinter.yml
. For thedocker-image
, you can select the relevant medium-sized image from the documentation.
It is recommended to read the act
documentation.
FAQs
Default linting configurations for the Studyportals repositories
We found that @studyportals/code-style demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.