Product
Socket Now Supports pylock.toml Files
Socket now supports pylock.toml, enabling secure, reproducible Python builds with advanced scanning and full alignment with PEP 751's new standard.
By Trevor Norris - Jun 05, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
eslint-config-ali
Advanced tools
eslint-config-ali
本包是《阿里巴巴前端规约》配套的 ESLint 可共享配置,提供了多套配置文件以支持 JavaScript、TypeScript、React、Vue、Node.js 等多种项目类型。
f2elint 接入(推荐)
npx f2elint
手动接入
npm install --save-dev eslint@^9 eslint-config-ali
基础 JavaScript/TypeScript 项目
// eslint.config.mjs
import { base } from 'eslint-config-ali';
export default [...base];
React JavaScript/TypeScript 项目
针对 JS React 项目,继承了默认配置,并启用了 eslint-plugin-react 和 eslint-plugin-react-hooks 的规则。
ESLint 配置:
// eslint.config.mjs
import { react } from 'eslint-config-ali';
export default [...react];
了解更多
- 如果你对 ESLint 还不熟悉,可以阅读官网的 Getting Started 快速入门。
- 了解如何为 IDE 配置 ESLint,可以参考官网的 Integrations。
- 了解如何在继承本包的基础上对项目 ESLint 进行个性化配置,可参考官网的 Configuring ESLint。下面简介下 ESLint 配置中的几个常用字段:
extends: 继承一组规则集。"extends": "eslint-config-ali",表示继承本包定义的规则配置。rules: 配置规则,这里定义的规则会覆盖extends的规则。如果觉得本包开启的某条规则过于严格,你可以暂时在这里将其关闭。parser: 设置 ESLint 的解析器。ESLint 使用 espree 作为默认的解析器,可以通过这个参数指定其他的解析器。比如指定为 @babel/eslint-parser,以解析 Babel 支持但 ESLint 默认解析器不支持的语法(本包不同配置文件使用的解析器可在简介表格中的「依赖 parser」一列查看)。globals: 指定代码中可能用到的全局变量,以免全局变量被 no-undef 规则报错。env: 指定代码的运行环境,每个环境预定义了一组对应的全局变量,本包已开启的环境有 browser、node、jquery、es6 及几个测试框架的环境。
- 了解常用的 ESLint 命令,如
--fix、--ext,可参考官网的 Command Line Interface。
FAQs
ESLint Shareable Config for Alibaba F2E Guidelines
The npm package eslint-config-ali receives a total of 709 weekly downloads. As such, eslint-config-ali popularity was classified as not popular.
We found that eslint-config-ali demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 5 open source maintainers collaborating on the project.
Package last updated on 12 May 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Research
Destructive npm Packages Disguised as Utilities Enable Remote System Wipe
Socket uncovered two npm packages that register hidden HTTP endpoints to delete all files on command.
By Kush Pandya - Jun 05, 2025
Research
Security News
Malicious Ruby Gems Exfiltrate Telegram Tokens and Messages Following Vietnam Ban
Malicious Ruby gems typosquat Fastlane plugins to steal Telegram bot tokens, messages, and files, exploiting demand after Vietnam’s Telegram ban.
By Kirill Boychenko - Jun 03, 2025