Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
eslint-config-zillow
Advanced tools
Zillow's ESLint config, following our code conventions
To install with all necessary peerDependencies
, use install-peerdeps:
npx install-peerdeps --dev eslint-config-zillow
All exported configs should be added to your ESlint configuration file extends
.
For example, in a JSON .eslintrc
:
{
"extends": "zillow"
}
"extends": "zillow"
Lint all the things, including ECMAScript 6+, React, and Prettier.
If you don't need React, use eslint-config-zillow-base.
"extends": ["zillow", "zillow/jest]
Jest-specific rules and environment added to the default export.
"extends": ["zillow", "zillow/mocha]
Mocha-specific rules and environment added to the default export.
prettier
Editor Plugin IntegrationUnfortunately, super-useful editor plugins like prettier-atom
and prettier-vscode
do not load Prettier settings from ESLint config, which is where we load our Prettier options from. To workaround this, add a .prettierrc.js
or prettier.config.js
file to your root with the following content:
module.exports = require('prettier-config-zillow');
Consider adding test cases if you're making complicated rules changes, like anything involving regexes. Perhaps in a distant future, we could use literate programming to structure our README as test cases for our .eslintrc?
You can run tests (from the repo root) with npm test
.
You can make sure this module lints with itself using npm run lint
(from the repo root).
FAQs
Zillow's ESLint config, following our code conventions
The npm package eslint-config-zillow receives a total of 614 weekly downloads. As such, eslint-config-zillow popularity was classified as not popular.
We found that eslint-config-zillow demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.