Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
eslint-config-xo
Advanced tools
eslint-config-xo is a shareable ESLint configuration package that enforces the XO style guide. XO is a strict and opinionated code style guide for JavaScript and TypeScript, which aims to enforce best practices and consistency in codebases.
Enforcing Code Style
By extending the 'xo' configuration in your ESLint configuration file, you can enforce the XO style guide in your project. This includes rules for code formatting, best practices, and potential errors.
{
"extends": "xo"
}
TypeScript Support
eslint-config-xo provides support for TypeScript by allowing you to extend the 'xo-typescript' configuration. This ensures that TypeScript-specific rules and best practices are enforced.
{
"extends": "xo",
"overrides": [
{
"files": "*.ts",
"extends": "xo-typescript"
}
]
}
React Support
For projects using React, you can extend the 'xo-react' configuration to enforce React-specific linting rules and best practices.
{
"extends": [
"xo",
"xo-react"
]
}
eslint-config-airbnb is a popular ESLint configuration that follows the Airbnb JavaScript style guide. It is widely used and provides a comprehensive set of rules for JavaScript and React. Compared to eslint-config-xo, it is less strict and more flexible, making it suitable for a broader range of projects.
eslint-config-standard is another popular ESLint configuration that follows the JavaScript Standard Style. It is less opinionated than eslint-config-xo and focuses on simplicity and ease of use. It is a good choice for projects that prefer a more relaxed coding style.
eslint-config-prettier is an ESLint configuration that disables all rules that are unnecessary or might conflict with Prettier. It is often used in combination with other configurations like eslint-config-airbnb or eslint-config-standard to ensure code formatting is handled by Prettier while still enforcing other linting rules.
ESLint shareable config for XO
This is for advanced users. You probably want to use XO directly.
See eslint-plugin-unicorn for some additional useful rules.
$ npm install --save-dev eslint-config-xo
Add some ESLint config to your package.json
:
{
"name": "my-awesome-project",
"eslintConfig": {
"extends": "xo"
}
}
Or to .eslintrc
:
{
"extends": "xo"
}
Supports parsing ES2015+, but doesn't enforce it by default.
This package also exposes xo/esnext
if you want ES2015+ rules:
{
"extends": "xo/esnext"
}
And xo/browser
if you're in the browser:
{
"extends": "xo/browser"
}
XO is an ESLint wrapper with great defaults.
Here are some reason why you should use the XO CLI instead of this config:
eslint-plugin-unicorn
, eslint-plugin-import
, eslint-plugin-ava
, and more.$ xo --init
indent
and semicolon
preferences easily without messing with the rule config.--open
flag)tl;dr You miss out on a lot by just using this config.
MIT © Sindre Sorhus
FAQs
ESLint shareable config for XO
The npm package eslint-config-xo receives a total of 240,147 weekly downloads. As such, eslint-config-xo popularity was classified as popular.
We found that eslint-config-xo demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.