Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
eslint-config-adjunct
Advanced tools
A reasonable collection of plugins to use alongside your main esLint configuration
A reasonable collection of plugins to use alongside your main esLint configuration
This config is designed to be used alongside any of the major esLint configs, such as airbnb, standard or eslint:recommended. It provides a range of useful plugins that are often too time-consuming to setup and provides an easy way to install just the plugins you need, based on your project's dependencies.
To install this config, run the following command.
npm install eslint-config-adjunct --save-dev
Extend your .eslintrc
, with adjunct
, which should be the last item in the extends
array. For example if your using eslint-config-airbnb
as your main rule set, your .eslintrc
should look like the following. For more advanced use cases see the example configurations for TypeScript and Vue.
{
"extends": ["airbnb", "adjunct"]
}
You can now include html
, json
and markdown
in the list of files passed to eslint
to lint any JavaScript contained.
{
"scripts": {
"eslint": "eslint --color --ext .html,.js,.json,.jsx,.md *.* src",
"eslint:fix": "npm run eslint -- --fix"
}
}
After you have configured eslint
to include this package, the first time you run eslint
it will output the npm
command to install the dependencies required for your project. Cut'n'paste this command into the console, and you are then ready to start linting.
These two plugins provide a range of code quality rules:
The following plugins expand esLint to work with json files, and lint JavaScript contiained in HTML and MarkDown:
When linting code snippets in Markdown files, a few rules relating to globals and unused vars are disabled.
These plugins will be loaded in based on your project dependencies
in package.json
. If a supported library is part of your project then it's related esLint plugins will be loaded. The following packages are supported:
The following esLint plugins enforce good coding practices:
If prettier is installed, any rules that may conflict with Prettier will be disabled. The plugin should read you Prettier config from your project's root.
The prettier configs for different eslint plugins are also automatically included based on which eslint plugins have been installed into your project.
These plugins add code security rules to esLint:
Test plugins are loaded based on which testing tools you have listed in devDependencies
of package.json
. The following test plugins are supported:
For test files a few rules are turned off, to better to support normal unit test code styles.
In the most part the default rules are used for the plugins listed above, with the following exceptions.
Adds the fallthrough: 'never'
option to the newline-between-switch-case
rule.
// Good
switch (foo) {
case 1:
something()
break
case 2:
case 3:
somethingElse()
break
default:
defaultThing()
}
The following rules are disabled due to them being considered unduly restrictive or unhelpful.
The following rules are disabled due to clashing with other plugins
Copyright © 2019-21 David J. Bradshaw. Licensed under the MIT License.
FAQs
A reasonable collection of plugins to use alongside your main esLint configuration
We found that eslint-config-adjunct demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.