Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
eslint-config-walmart
Advanced tools
This project is the maintained offshoot of eslint-config-defaults with just the Walmart Labs-flavored rules included. It is eslint@2+
-compatible and actively maintained (with love) by the friendly folks at Walmart Labs.
Install this config package and ESLint:
$ npm install --save-dev eslint eslint-config-walmart
Then, install any additional dependencies required by your configuration. (See Dependencies section below.)
e.g.
$ npm install --save-dev eslint-plugin-filenames babel-eslint
This package includes the following complete and ready to use configurations:
walmart
- ES6 configwalmart/configurations/off
- Disable all rules (ESLint's default at 1.0.0+)walmart/configurations/es5-browser
- ES5 + browserwalmart/configurations/es5-node
- ES5 + node < 4.xwalmart/configurations/es5-test
- ES5 + testwalmart/configurations/es5
- ES5 configwalmart/configurations/es6-browser
- ES6 + browserwalmart/configurations/es6-node
- ES6 + node 4.xwalmart/configurations/es6-react-test
- ES6 + react + testwalmart/configurations/es6-react
- ES6 + reactwalmart/configurations/es6-test
- ES6 + testwalmart/configurations/es6
- ES6 configwalmart/configurations/<suffix>
) - eslint-plugin-filenames<prefix>-react
) - eslint-plugin-react, babel-eslintes6-<suffix>
) - babel-eslintTo consume and extend a config in ESLint just add the extends attribute to your .eslintrc
. For
more details about how shareable configs work, see the
ESLint documentation.
---
"extends":
- "walmart"
---
"extends":
- "walmart/configurations/es6-browser"
NOTE: Extending multiple complete configs can cause unexpected results, if you need to do this you should consider a piecemeal config as explained below. See https://github.com/walmartlabs/eslint-config-defaults/issues/38 for details.
ESLint configuration is broken apart in ./rules
containing ESLint's rules and rules for specific ESLint plugins. The full set of ESLint rules (./rules/eslint
) are broken into categories that mirror ESLint's documentation. Under each rule type there are sets of configuration as well as an off.js
file which turns off every rule in the category.
---
"extends":
- "walmart/rules/eslint/best-practices/on",
- "walmart/rules/eslint/es6/off"
- "walmart/rules/eslint/node/off"
"env":
"phantom": true
Due to an issue with ESLint, config extension cannot be called from a globally installed (npm install -g eslint
) eslint. It can however be run properly using eslint installed directly to your package's node_modules
. This can be done by either calling it directly (./node_modules/.bin/eslint .
) or from within an npm script since they automatically check local node_modules
first. This will be tracked in issue #43.
FAQs
A set of default eslint configurations, Walmart Labs style.
The npm package eslint-config-walmart receives a total of 978 weekly downloads. As such, eslint-config-walmart popularity was classified as not popular.
We found that eslint-config-walmart demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.