@weahead/eslint-config-tool - npm Package Compare versions

Comparing version 0.3.0 to 0.4.0

index.js

 module.exports = {
   parserOptions: {
-    ecmaVersion: 6,
+    ecmaVersion: 8,
   },
@@ -9,3 +9,32 @@ env: {
   },
+  plugins: ['import'],
   extends: 'eslint:recommended',
+  overrides: [
+    {
+      files: ['**/*.test.js'],
+      env: {
+        jest: true, // now **/*.test.js files' env has both es6 *and* jest
+      },
+      // Can't extend in overrides: https://github.com/eslint/eslint/issues/8813
+      // "extends": ["plugin:jest/recommended"]
+      plugins: ['jest'],
+      rules: {
+        'jest/no-disabled-tests': 'warn',
+        'jest/no-focused-tests': 'error',
+        'jest/no-identical-title': 'error',
+        'jest/prefer-to-have-length': 'warn',
+        'jest/valid-expect': 'error',
+      },
+    },
+  ],
+  rules: {
+    'sort-imports': 'off',
+    'import/first': 'error',
+    'import/newline-after-import': 'error',
+    'import/no-duplicates': 'error',
+    'import/no-useless-path-segments': ['error', { commonjs: true }],
+    'import/export': 'error',
+    'import/no-mutable-exports': 'error',
+    'import/order': 'error',
+  },
 };

package.json

 {
   "name": "@weahead/eslint-config-tool",
-  "version": "0.3.0",
+  "version": "0.4.0",
   "description": "We aheads shareable eslint config for tool projects.",
@@ -12,3 +12,3 @@ "main": "index.js",
     "prettier": "prettier --write '*.js' '*.json'",
-    "postinstall": "./scripts/postinstall.sh"
+    "postinstall": "node scripts/postinstall.js"
   },
@@ -36,2 +36,3 @@ "files": [
     "eslint": "6.3.0",
+    "eslint-plugin-import": "2.19.1",
     "husky": "3.0.1",
@@ -44,4 +45,6 @@ "lint-staged": "9.2.5",
   "peerDependencies": {
-    "eslint": ">=5"
+    "eslint": ">=5",
+    "eslint-plugin-jest": ">=23",
+    "eslint-plugin-import": ">=2"
   }
 }

README.md

@@ -7,2 +7,9 @@ # @weahead/eslint-config-tool
 
+This config and its dependencies are included in We ahead's tooling packages and don't need to be installed in new We ahead projects. Instead use one of the tooling packages that have all configs and dependencies needed for its use.
+
+- For **non-React** projects use [@weahead/tooling](https://github.com/weahead/tooling)
+- For **React** projects use [@weahead/tooling-react](https://github.com/weahead/tooling-react)
+
+### Install the config by its own
+
 `npx install-peerdeps -d -x '-E' @weahead/eslint-config-tool`
@@ -9,0 +16,0 @@

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Install scripts

Supply chain risk

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Install scripts

Supply chain risk

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Found 1 instance in 1 package

Trivial Package

Supply chain risk

Packages less than 10 lines of code are easily copied into your own project and may not warrant the additional supply chain risk of an external dependency.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

3613

increased by82.94%

Lines of code

48

increased by380%

Number of lines in readme file

29

increased by31.82%

Worsened metrics

Dependency count

3

increased by200%

Dev dependency count

14

increased by7.69%

Number of low supply chain risk alerts

2

increased byInfinity%

No dependency changes