Security News
Opengrep Adds Apex Support and New Rule Controls in Latest Updates
The latest Opengrep releases add Apex scanning, precision rule tuning, and performance gains for open source static code analysis.
By Sarah Gooding - Aug 12, 2025
eslint-config-groupon
Advanced tools
JavaScript at Groupon
This repository contains tools & guidelines for using JavaScript at Groupon. It represents the best effort to capture the current practices.
Writing NPM Packages
ES5 or ES2021?
For client-side code we depend on babel-preset-env to ensure that both application-
and library code is compiled down to whatever our targeted browsers support.
Versioning and Publishing
We use nlm to manage our libraries.
This ensures that:
- Every library has a usable
CHANGELOG.mdfile as part of its git history. - Releases are never tied to a single person.
- We can easily share best practices across projects.
Groupon JavaScript Style Guide
Fortunately there already is a great and well-documented style guide for JavaScript over at airbnb/javascript. It definitely is worth a read and in many ways we're staying fairly close to it.
There's some important differences that are mostly around our focus on sticking to
features natively supported by Node where possible, and a higher bar for rules that
don't support --fix: If a rule isn't clearly preventing bugs, it has to support
--fix to be enabled.
Additionally, our file naming convention is kabab-case. File names should be entirely
in lowercase to avoid any renaming issues with file systems.
Regarding code organization, we generally structure code by domain, not by layer
(todos/model.js instead of models/todo.js).
To ensure good automation support, we're also dropping any rules that conflict with prettier's formatting.
The Longer Answer
We split our rules into three categories:
- Mistakes: Things that should only appear because the developer made a mistake,
99% of the time.
If these errors aren't fixed, we wouldn't expect the program to work correctly.
This is the only category where we allow "error" even for rules that don't support
--fix. - Conventions: Points out patterns that we believe could lead to confusion or maintenance issues down the line. If a rule isn't fixable, there should be a high bar for it to be enabled to not cause noise. Even if a rule is enabled, it may at most warn.
- Opinions: Things that are arbitrary choices. Most whitespace and formatting rules
fall into this category.
Everything in here must support
--fixand shouldn't require human intervention.
Groupon TypeScript Style Guide
You may have your .eslintrc extend groupon/typescript to get a set of
configs based on our JavaScript lint configs, but with tweaks to work better
with TypeScript (parsing, defaults, etc.).
FAQs
ESLint configuration used by Groupon
The npm package eslint-config-groupon receives a total of 20 weekly downloads. As such, eslint-config-groupon popularity was classified as not popular.
We found that eslint-config-groupon demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Package last updated on 01 Apr 2022
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
npm Adopts OIDC for Trusted Publishing in CI/CD Workflows
npm now supports Trusted Publishing with OIDC, enabling secure package publishing directly from CI/CD workflows without relying on long-lived tokens.
By Sarah Gooding - Aug 08, 2025
Research
/Security News
60 Malicious Ruby Gems Used in Targeted Credential Theft Campaign
A RubyGems malware campaign used 60 malicious packages posing as automation tools to steal credentials from social media and marketing tool users.
By Kirill Boychenko - Aug 07, 2025