
Security News
Opengrep Adds Apex Support and New Rule Controls in Latest Updates
The latest Opengrep releases add Apex scanning, precision rule tuning, and performance gains for open source static code analysis.
eslint-config-groupon
Advanced tools
This repository contains tools & guidelines for using JavaScript at Groupon. It represents the best effort to capture the current practices.
For client-side code we depend on babel-preset-env
to ensure that both application-
and library code is compiled down to whatever our targeted browsers support.
We use nlm
to manage our libraries.
This ensures that:
CHANGELOG.md
file as part of its git history.Fortunately there already is a great and well-documented style guide for JavaScript over at airbnb/javascript. It definitely is worth a read and in many ways we're staying fairly close to it.
There's some important differences that are mostly around our focus on sticking to
features natively supported by Node where possible, and a higher bar for rules that
don't support --fix
: If a rule isn't clearly preventing bugs, it has to support
--fix
to be enabled.
Additionally, our file naming convention is kabab-case
. File names should be entirely
in lowercase to avoid any renaming issues with file systems.
Regarding code organization, we generally structure code by domain, not by layer
(todos/model.js
instead of models/todo.js
).
To ensure good automation support, we're also dropping any rules that conflict with prettier's formatting.
We split our rules into three categories:
--fix
.--fix
and shouldn't require human intervention.You may have your .eslintrc
extend groupon/typescript
to get a set of
configs based on our JavaScript lint configs, but with tweaks to work better
with TypeScript (parsing, defaults, etc.).
FAQs
ESLint configuration used by Groupon
The npm package eslint-config-groupon receives a total of 20 weekly downloads. As such, eslint-config-groupon popularity was classified as not popular.
We found that eslint-config-groupon demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
The latest Opengrep releases add Apex scanning, precision rule tuning, and performance gains for open source static code analysis.
Security News
npm now supports Trusted Publishing with OIDC, enabling secure package publishing directly from CI/CD workflows without relying on long-lived tokens.
Research
/Security News
A RubyGems malware campaign used 60 malicious packages posing as automation tools to steal credentials from social media and marketing tool users.