Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
@transferwise/eslint-config
Advanced tools
This is an extensible ESLint config used at Wise :money_with_wings:
It uses Create React App's as a base, has Prettier baked in, and overrides some rules we've seen ourselves having to change often :heart:
We also use the Rush Stack ESLint patch so that consumers don't need to install this config's ESLint dependencies as peer dependencies - as used by eslint-config-next
and eslint-config-react-app
.
yarn add eslint @transferwise/eslint-config -D
You will also need jest
and typescript
installed, even if you aren't using them.
@transferwise
.eslintrc.js
module.exports = {
extends: '@transferwise',
};
Your own config can extend and override it however you want. If you find yourself changing a certain rule often, consider contributing.
For the best developer experience, all of the following are recommended.
package.json
scriptsExample:
"lint": "eslint '**/*.{ts,tsx,js,jsx}' --ignore-path .gitignore",
"lint:fix": "yarn lint --fix"
VS Code
settings.json
"editor.codeActionsOnSave": {
"source.fixAll.eslint": true
},
"eslint.validate": [
"javascript",
"javascriptreact",
"typescript",
"typescriptreact",
]
yarn add --dev lint-staged husky
npm set-script prepare "husky install"
npm run prepare
npx husky add .husky/pre-commit "yarn lint-staged"
package.json
"lint-staged": {
"*.{ts,tsx,js,jsx}": [
"yarn lint:fix"
]
},
The ESLint config already auto-formats JS files based on Prettier rules, so you only need this when your editor does not support ESLint auto-fixing or you want to use Prettier with file types other than JS.
To use the configuration, add the following line to your package.json
:
package.json
"prettier": "@transferwise/eslint-config/.prettierrc.js"
Read more about shared configs here, especially if you need to extend/override the default configuration.
If you think a rule should be added or changed, create a pull request. The change will be discussed, and if people agree, it can be merged. Every merge automatically releases to GitHub and npm.
Bear in mind that you'll need to bump the version in package.json
(major for breaking rules, minor for additions, patch for bugfixes) and add a CHANGELOG.md
entry.
FAQs
TransferWise ESLint & Prettier configuration
The npm package @transferwise/eslint-config receives a total of 43 weekly downloads. As such, @transferwise/eslint-config popularity was classified as not popular.
We found that @transferwise/eslint-config demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.