Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
eslint-config-neo
Advanced tools
Official Neo Financial ESLint configuration
This package includes 4 different ESLint configs:
config-backend
config-frontend
config-backend-next
config-frontend-next
The next
versions include some rules that are being considered for inclusion in future versions of the base config. The next
configs also require you to specify the project
setting in parserOptions
for TypeScript projects. The will make ESLint run slower in TypeScript projects.
flowchart LR
A[config-base]
B[config-base-next]
C[config-backend]
D[config-frontend]
E[config-backend-next]
F[config-frontend-next]
A --> C
A --> D
A --> B
B --> E
B --> F
The arrows from left to right illustrate which configs are extended by another config.
npm install --save-dev eslint-config-neo
You can also install a specific version of the package by appending the version tag. For example, to install version 1.0.0
npm install --save-dev eslint-config-neo@1.0.0
npm install -D eslint prettier lint-staged husky typescript
Add .eslintrc
to project root
{
"extends": "eslint-config-neo/config-backend"
}
Use eslint-config-neo/config-frontend
for frontend projects
parserOptions
with next
configsIf you're using one of the next
configs you must set the project
option to include all of your tsconfig.json
files:
{
"extends": "eslint-config-neo/config-backend",
"parserOptions": {
"project": ["tsconfig.json", "test/tsconfig.json"]
}
}
Add .prettierrc
to project root
{
"printWidth": 120,
"singleQuote": true
}
Optional: If there are any files you want to exclude from Prettier add .prettierignore
to project root
Add .editorconfig
to project root
# http://editorconfig.org
root = true
[*]
charset = utf-8
end_of_line = lf
indent_size = 2
indent_style = space
insert_final_newline = true
max_line_length = 120
[*.md]
max_line_length = 0
trim_trailing_whitespace = false
[COMMIT_EDITMSG]
max_line_length = 0
Add the engines field to package.json
"engines": {
"node": "^12.0.0"
}
Add scripts for linting and formatting to package.json
"scripts": {
"lint": "eslint .",
"format": "prettier --write \"**/*.{ts,tsx,js,json,graphql,md}\"",
"format:check": "prettier --debug-check \"**/*.{ts,tsx,js,json,graphql,md}\""
}
Add a precommit hook to package.json
to automatically lint and format any files staged for commit
"husky": {
"hooks": {
"pre-commit": "lint-staged"
}
},
"lint-staged": {
"concurrent": false,
"linters": {
"*.{ts,tsx,js}": [
"eslint --quiet",
"git add"
],
"*.{ts,tsx,js,json,graphql,md}": [
"prettier --write",
"git add"
]
}
}
If you've added Prettier to an existing project you will want to format all the code. The precommit hook only updates files that have been changed and staged for commit. To format the entire codebase run
npm run format
npm install -D eslint@latest eslint-config-neo@latest
eslintrc
Should I override the rule X? I don't like it.
No. If you want to do this, you have to ask the team. If a rule really doesn't make sense then we should remove or disable it.
Can I disable the rule on one line in my code, I have a good reason.
Yes. That's ok. Use a single-line disable.
package.json
CHANGELOG
entrynpm pack --dry-run
to see what will be publishednpm publish
1.0.0
the tag and release name would be v1.0.0
. Add the CHANGELOG
details to the release.package.json
to be postfixed with -next.x
where x
is a number0.7.1-next.0
, second test version would have next.1
, etcnpm publish --canary --exact --preid canary --tag=canary
npm i eslint-config-neo@canary
FAQs
Official Neo Financial ESLint configuration
The npm package eslint-config-neo receives a total of 4,822 weekly downloads. As such, eslint-config-neo popularity was classified as popular.
We found that eslint-config-neo demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.