Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
eslint-config-zillow
Advanced tools
Zillow's ESLint config, following our code conventions
To install with all necessary peerDependencies
, use install-peerdeps:
npx install-peerdeps --dev eslint-config-zillow
All exported configs should be added to your ESlint configuration file extends
.
For example, in a JSON .eslintrc
:
{
"extends": "zillow"
}
"extends": "zillow"
Lint all the things, including ECMAScript 6+, React, and Prettier.
If you don't need React, use eslint-config-zillow-base.
"extends": ["zillow", "zillow/jest]
Jest-specific rules and environment added to the default export.
"extends": ["zillow", "zillow/mocha]
Mocha-specific rules and environment added to the default export.
prettier
Editor Plugin IntegrationUnfortunately, super-useful editor plugins like prettier-atom
and prettier-vscode
do not load Prettier settings from ESLint config, which is where we load our Prettier options from. To workaround this, add a .prettierrc.js
or prettier.config.js
file to your root with the following content:
module.exports = require('prettier-config-zillow');
Consider adding test cases if you're making complicated rules changes, like anything involving regexes. Perhaps in a distant future, we could use literate programming to structure our README as test cases for our .eslintrc?
You can run tests (from the repo root) with npm test
.
You can make sure this module lints with itself using npm run lint
(from the repo root).
FAQs
Zillow's ESLint config, following our code conventions
The npm package eslint-config-zillow receives a total of 507 weekly downloads. As such, eslint-config-zillow popularity was classified as not popular.
We found that eslint-config-zillow demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.