Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
eslint-config-scratch
Advanced tools
Install the config along with its peer dependencies, eslint and babel-eslint.
npm install -DE eslint-config-scratch eslint@^8 @babel/eslint-parser@^7
If you're using the React config, also install the dependency for that
npm install -DE eslint-plugin-react@^7
The configuration is split up into several modules:
scratch
: The base configuration. Always extend this.scratch/node
: Rules for node, e.g., server-side code, tests, and scriptsscratch/es6
: Rules for ES6, for use when you're transpiling with webpackscratch/react
: Rules for React projectsUsually web projects have a mix of node and web environment files. To lint both
with the appropriate rules, set up a base .eslintrc.js
with the rules for node
and then override the node configuration in src
(where web code usually lives).
E.g., with a file structure like this:
scratch-project
- .eslintrc.js
- package.json
- src
- .eslintrc.js
- index.js
Your config files should be set up like
// scratch-project/.eslintrc.js
module.exports = {
extends: ['scratch', 'scratch/es6', 'scratch/node']
};
// scratch-project/src/.eslintrc.js
module.exports = {
root: true,
extends: ['scratch', 'scratch/es6', 'scratch/react'],
env: {
browser: true
}
};
This will set up all the files in the project for linting as Node.js by default,
except for those in src/
, which will be linted as ES6 and React files.
If you're linting React, also make sure your lint script lints .jsx
files:
"scripts": {
"lint": "eslint . --ext .js,.jsx"
}
This project uses semantic release to ensure version bumps follow semver so that projects using the config don't break unexpectedly.
In order to automatically determine the type of version bump necessary, semantic release expects commit messages to be formatted following conventional-changelog.
<type>(<scope>): <subject>
<BLANK LINE>
<body>
<BLANK LINE>
<footer>
subject
and body
are your familiar commit subject and body. footer
is
where you would include BREAKING CHANGE
and ISSUES FIXED
sections if
applicable.
type
is one of:
fix
: A bug fix Causes a patch release (0.0.x)feat
: A new feature Causes a minor release (0.x.0)docs
: Documentation only changesstyle
: Changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc)refactor
: A code change that neither fixes a bug nor adds a featureperf
: A code change that improves performance May or may not cause a minor release. It's not clear.test
: Adding missing tests or correcting existing testsci
: Changes to our CI configuration files and scripts (example scopes: Travis, Circle, BrowserStack, SauceLabs)chore
: Other changes that don't modify src or test filesrevert
: Reverts a previous commitUse the commitizen CLI to make commits formatted in this way:
npm install -g commitizen
npm install
Now you're ready to make commits using git cz
.
If you're committing a change that makes the linter more strict, or will otherwise require changes to existing code, ensure your commit specifies a breaking change. In your commit body, prefix the changes with "BREAKING CHANGE: " This will cause a major version bump so downstream projects must choose to upgrade the config and will not break the build unexpectedly.
FAQs
Shareable ESLint config for Scratch
We found that eslint-config-scratch demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.