Research
Two Malicious Rust Crates Impersonate Popular Logger to Steal Wallet Keys
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
By Kirill Boychenko - Sep 24, 2025
eslint-config-qx
Advanced tools
eslint-config-qx
ESLint shareable config for Qooxdoo
This depends on eslint-plugins-qx-rules
Install
$ npm install --save-dev eslint-config-qx
For the esnext version you'll also need Babel's ESLint parser and plugin:
$ npm install --save-dev babel-eslint eslint-plugin-babel
This will let you use ES2016 features like async/await and decorators. For a full list of features see Babel's experimental features and their Learn ES2015.
Install in a existing Qooxdoo Project
If you don't have a package.json
Create a new file package.json with the following contents in your project:
{
"name": "<appname>",
"description": "<appdesc>",
"author": "Your Name <your@email.com>",
"version": "0.0.1",
"license": "MIT",
"dependencies": {},
"devDependencies": {
"eslint-config-qx": "^0.0.7"
},
"engine": "node >= 4.5",
"eslintConfig": {
"extends": [
"qx"
]
},
"scripts": {
"eslint": "eslint --cache"
}
}
Replace name, description and author ofc.
If you have a package.json
Add these lines to it:
{
"devDependencies": {
"eslint-config-qx": "^0.0.7"
},
"eslintConfig": {
"extends": [
"qx/browser"
]
},
"scripts": {
"eslint": "eslint --cache"
}
}
Adjust your .gitingore
Add .eslintcache to it.
Now install eslint and eslint-config-qx
$ npm install
And finaly lint your files
$ npm run eslint -- .
Or lint AND fix:
$ npm run eslint -- --fix .
Handling globals
Normaly your app has its own globals, like qxl for Qooxdoo Contribs,
for that you need to extend qx/browser with your own config.
Create a file .eslintrc-qx:
{
"globals": {
"qxl": false
}
}
This file tells eslint to ignore qxl but don't allow writes to it.
Now you need to tell eslint about it in package.json:
{
"eslintConfig": {
"extends": [
"qx/browser",
".eslintrc-qx"
]
}
}
Thats all.
Ignore compiled stuff in .eslintignore
ESLint has its own .eslintignore file, when you run npm run eslint . it will lint
all JS files found including generated ones, to exclude them you can create a
.eslintignore and files/directories to it like in .gitignore.
This is mine:
build/
gh-pages/
node_modules/
source/script/
source/resource/
# No need for lint
Gruntfile.js
Usage
Supports parsing ES2015, but doesn't enforce it by default.
This package also exposes qx/esnext if you want ES2015+ rules:
{
"extends": "qx/esnext"
}
And qx/browser if you're in the browser:
{
"extends": "qx/browser"
}
If you want only check for safety-errors then extend qx/safety:
{
"extends": "qx/safety"
}
Authors
- Original XO Author: Sindre Sorhus
- Changes for Qooxdoo by: René Jochum
License
MIT
Keywords
FAQs
ESLint shareable config for Qooxdoo
The npm package eslint-config-qx receives a total of 31 weekly downloads. As such, eslint-config-qx popularity was classified as not popular.
We found that eslint-config-qx demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 6 open source maintainers collaborating on the project.
Package last updated on 25 Feb 2019
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025