Research
PyPI Package Disguised as Instagram Growth Tool Harvests User Credentials
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
By Kush Pandya - Jun 06, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
eslint-config-sparkpost
Advanced tools
eslint-config-sparkpost
ESLint configuration for Javascript and TypeScript based SparkPost projects
Upgrading from 2.x to 3.x
There were several breaking changes including moving from ESLint 5.x to ESLint 8.x. This change alone caused some minimal breaking changes. Since
we ultimately extend eslint:recommended in our base configuration, the upgrade from eslint 5.x to 8.x changed that 'recommended' config and the
rules between versions have definitely changed. We compensated to match our existing config as best we could, but you may find other changes when
running ESLint in your projects.
We also moved several specific configs from overrides in the base config to their own specific configs. Mocha and TypeScript are used by some projects, however they are not used by every project so we have separated them to their own configs and moved their dependencies to optional peer dependencies so that we no longer need to install and maintain them in projects that don't use them.
Special Concerns for Mocha Based Projects
Traditionally we've setup special rules for mocha based projects, however not all projects use mocha. This would lead to dependencies being
installed that were unrelated to the project. For this reason, we have split mocha configuration into its own configuration. You can take
advantage of it by extending sparkpost/mocha from this package. This will require you to install the plugin eslint-plugin-mocha in the project's
dev dependencies.
Example:
npm i -D eslint-plugin-mocha
In your .eslintrc file:
{
"normal": "stuff <- comment",
"overrides": [
{
"files": ["test/**/*.spec.js"],
"extends": ["sparkpost/mocha"]
}
]
}
Special Concerns for TypeScript Projects
We have several typescript based projects, however not all projects use typescript. This would lead to dependencies being
installed that were unrelated to the project. For this reason, we have split typescript configuration into its own configuration. You can take
advantage of it by extending sparkpost/typescript from this package. This will require you to install several plugins and configs in the project's
dev dependencies.
Example:
npm i -D @typescript-eslint/eslint-plugin @typescript-eslint/parser eslint-config-prettier eslint-plugin-prettier
In your .eslintrc file:
{
"normal": "stuff <- comment",
"extends": ["sparkpost/typescript"],
"rules": {
"other": "rules that override the base typescript config <- comment"
}
}
Docs in Libraries
This config has extra rules specifically around JSDocs to help have better documentation in our libraries.
This can help in knowledge sharing and will hopefully promote better docs in our shared JS modules.
To use, add the following to your .eslintrc file:
{
"extends": "sparkpost/lib"
}
Automation for Checking Changelogs
Add the npm scripts
{
"chk-changelog": "grep `node -e 'console.log(require(\"./package.json\").version);'` CHANGELOG.md || echo 'Please update CHANGELOG.md with your updates'; exit 255",
"prepublishOnly": "npm run chk-changelog"
}
This will check your changelog for an entry for your current version when you publish.
[3.0.0 - 2022-01-27][3.0.0]
Added
- Mocha specific config for linting testing files. This can be utilized by adding an
.eslintrcfile to your tests directory or adding an overrides section and extendingsparkpost/mochawithin it. - TypeScript specific config for linting TypeScript projects. Typescript projects can now extend
sparkpost/typescript.
Updated
- Updated the required version of ESLint to be 8.7 or above
Removed
- Removed TypeScript(TS) specific rules from the default config since they add TS dependencies to non-TS projects.
This will be followed by a TS specific linting config for TS projects that will potentially inherit base JS settings from this configuration. - Moved Mocha specific plugins to be optional peer dependencies. This allows non-Mocha based projects to not install the Mocha plugins if they're not
needed. This has been replaced with a mocha specific config
sparkpost/mochawhich can be added to an.eslintrcfile in the tests directory of Mocha based projects.
Keywords
FAQs
ESLint configuration for SparkPost
The npm package eslint-config-sparkpost receives a total of 119 weekly downloads. As such, eslint-config-sparkpost popularity was classified as not popular.
We found that eslint-config-sparkpost demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 31 Jan 2022
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Socket Now Supports pylock.toml Files
Socket now supports pylock.toml, enabling secure, reproducible Python builds with advanced scanning and full alignment with PEP 751's new standard.
By Trevor Norris - Jun 05, 2025
Security News
Research
Destructive npm Packages Disguised as Utilities Enable Remote System Wipe
Socket uncovered two npm packages that register hidden HTTP endpoints to delete all files on command.
By Kush Pandya - Jun 05, 2025