Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
eslint-config-onelint
Advanced tools
This sharable eslint config is derived from the style which the JavaScript developers at One.com use for internal as well as open source projects.
If you write React code, consider including eslint-config-onelint-react
To start using the linter in a project start by installing eslint and this module:
$ npm install --save-dev eslint eslint-config-onelint
Then add a eslint config file to your project, named .eslintrc.js
:
module.exports = {
extends: [
'onelint'
]
};
Now you can lint your files by running the following command in the root of your project.
$ eslint .
... or if eslint is not on your path:
$ ./node_modules/.bin/eslint .
For convenience, you can add it as a script in package.json's scripts section,
to make it available as npm run lint
.
Code like the following will break in es6 parser mode, but work just fine in es5:
loadingQueue.await(...)
It can be handled by setting the following options in .eslintrc.js
:
module.exports = {
extends: [
'onelint'
],
env: {
es6: false
},
parserOptions: null
};
It's not always that it causes problems, so I'll not make the default es5 now. If it turns out to be a major problem, we could release an es5 version of this package too, with the above configuration extended on top.
The above fix is also necessary when you're code will not work in mode. ES6 modules are enabled in the parsing options, which implicitly enables strict mode. That will cause, among other things, cause octals to be considered invalid:
var someOctalValue = 0200;
Obviously, the goal is to deviate as little as possible from the presets given in this configuration. But sometimes your projects may have global variables that are specific to that particular project, or maybe large parts of legacy code that you don't want to rewrite.
Because onelint is shipping as a sharable eslint configuration, you can extend
it by adding new rules, overwriting rules or defining new globals in the
.eslintrc.js
just as you would, if you used eslint exclusively.
See Configuring ESLint in the eslint docs.
Setting up eslint integration in your editor is all that is needed. You can find a guide most editor in the integrations section of the eslint user guide. Recommended settings for common editors can be found below.
The Atom editor plugin is called linter-eslint and is built on the AtomLinter framework. It is available directly in your editor, or in the package archives on atom.io.
Eslint is supported out of the box in Syntastic. Add this in your .vimrc to let Syntastic pick the right configuration for your project.
function SetSyntasticEsLint()
let g:syntastic_javascript_checkers = ['eslint']
let g:syntastic_javascript_eslint_exec = '/{{root of your project}}/node_modules/.bin/eslint'
endfunction
au BufRead,BufNewFile /home/dpi/Documents/professional-services/* call SetSyntasticEsLint()
(Probably works for Sublime Text 2 as well...)
FAQs
eslint configuration for one.com code style
The npm package eslint-config-onelint receives a total of 1,259 weekly downloads. As such, eslint-config-onelint popularity was classified as popular.
We found that eslint-config-onelint demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.