Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
eslint-config-planet
Advanced tools
This package provides shareable ESLint configurations for JavaScript projects that conform with Planet Labs' coding style.
To make use of this config, install ESLint (>= 7.9) and this package as a development dependency of your project:
npm install eslint eslint-config-planet --save-dev
Next, add an eslintConfig
member to your project's package.json
. At a minimum, this config file must include an extends
member:
{
"eslintConfig": {
"extends": "planet"
}
}
See the ESLint configuration guide for details on additional configuration options. Any rules configured in your package.json
file will override those provided by the eslint-config-planet
package.
You should run the linter as part of (or before) your tests. Assuming tests are run before any proposed changes are merged, this will ensure coding standards are maintained in your default branch. Using npm scripts is the preferred way to run the linter without requiring it to be a global dependency. Assuming you want to lint all JavaScript files in your project, add the following entry to your package.json
:
{
"scripts": {
"pretest": "eslint src"
}
}
With this pretest
entry in your package.json
, ESLint will run on all JavaScript files in the src
directory of your project using your .eslintrc
config when tests are run:
npm test
See the ESLint CLI guide for additional options when running ESLint.
In addition to running the linter when your tests are run, you should configure your editor to run the linter as well. See the ESLint integration page to find details on configuring your editor to warn you of ESLint errors.
See the examples directory for more usage examples.
The eslint-config-planet
package includes a number of ESLint configuration profiles for different types of projects.
planet
(base config)The "base" config is suitable for Node projects or browser-based projects using a CommonJS module loader (e.g. Browserify or Webpack).
Example configuration in package.json
:
{
"eslintConfig": {
"extends": "planet"
}
}
planet/react
The planet/react
config is suitable for projects using React. This extends the base config to include the React plugin, enable JSX parsing, and run React specific rules.
To use the planet/react
profile, add the following to your package.json
:
{
"eslintConfig": {
"extends": "planet/react"
}
}
To add another configuration profile, add a new config script to the root of the repository directory (e.g. new-config.js
). This script should export an ESLint config object and should have an extends: './index.js' property
. People using this config will add extends/new-config
to their own ESLint config.
You should add and example for your new profile and ensure that tests pass with any changes.
npm test
After adding a new config profile or modifying an existing one, publish a new version of the package. Adding a new "error" level rule constitutes a major release. A new profile or non-breaking modification to an existing profile (e.g. a "warning" level rule) can be a minor release.
Publishing a new minor release would look like this:
# commit and push any changes first
npm version minor # this bumps the package.json version number and tags
git push --tags origin main
npm publish
© Planet Labs, Inc.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License.
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
FAQs
ESLint config for Planet projects
The npm package eslint-config-planet receives a total of 365 weekly downloads. As such, eslint-config-planet popularity was classified as not popular.
We found that eslint-config-planet demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.