Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
eslint-formatter-summary
Advanced tools
ESLint formatter aggregating results by rule
This formatter simply aggregates the ESLint results by rule and shows the following output:
It can also be configured to sort results by rule, errors or warnings using env vars e.g.
SORT_BY=rule DESC=true eslint -f summary ./src
(see details below).
If you're using yarn
just run
yarn add -D eslint-formatter-summary
otherwise with npm
run
npm i --save-dev eslint-formatter-summary
When you run ESLint just specify eslint-formatter-summary
as the formatter:
eslint -f summary [file|dir|glob]*
or if you use an older version of ESLint:
eslint -f node_modules/eslint-formatter-summary [file|dir|glob]*
See http://eslint.org/docs/user-guide/command-line-interface#-f---format
It is a matter of minutes to add ESLint to a new project, however it can be quite challenging to introduce it (or just add a stricter rule set) to existing projects, already large codebases.
Possibly hundreds if not thousands of errors will pop up which can seem overwhelming to be fixed when we see the default formatted output, forcing us to back up from making our code base better / more consistent.
This package provides a custom ESLint formatter to help in these situations to make the right decisions by showing the linting results aggregated by rule. It gives an overview of all rules failing showing the total number of errors and warnings summed up by rule.
Having this summary overview can give us the opportunity e.g. to consider suppressing certain rules for now and bringing them back in later when we are ready to fix them.
With the default ESLint formatter you might get several thousands of lines of failing rules in various files in the output e.g.:
The Summary Formatter simply aggregates the ESLint results by rule and shows the following output instead:
In the above example we can notice that the comma-dangle
rule is responsible for about 2/3 of the failures, so we can consider turning it off or just suppressing it to a warning for now as we can do so with the other failing rules.
Default sorting is by
rule
in anascending
order
Configuration options can be passed to the formatter to alter the output.
Using theSORT_BY
env var the aggregated results can be sorted by either rule
, errors
or warnings
e.g.
SORT_BY=rule eslint -f summary ./src
the sorted results are shown in ASCENDING order by default but the order can also be reversed using DESC=true
:
SORT_BY=rule DESC=true eslint -f summary ./src
The project came alive with the specific intention to support all Node.js version from v4.x
as this formatter is supposed to be an enabler for most projects and does not want to stand in the way by supporting only the latest Node.js versions.
Supported Node.js versions are the latest:
The distribution version targets Node.js v4
and should work on this version and above.
ESLint
versions are supported from v4
onwards, although eslint-formatter-summary
may also work with lower versions of ESLint. Please open an issue if you need support for other versions of ESLint.
Please feel free to submit an issue describing your proposal you would like to discuss. PRs are also welcome!
yarn
yarn test
The project's code is written using the latest EcmaScript standard's features, some of which needs to be polyfilled in older Node.js versions e.g. Array.prototype.includes
and String.prototype.padLeft
etc., for that core-js
is being used.
When changing code, you might want to run unit tests and re-build the project on file changes:
yarn test --watch
and
yarn dev
yarn build
This will use babel-cli
to transpile the source code targeting node v4
(the lowest supported Node.js version) to dist
folder.
The transpiled code is generated under the dist/
folder and it is the one used to generate the summary output of ESLint rather than the original ES7+ source code under lib/
.
Once the project is built the distribution version can be tested via passing a .js
file to yarn try
.
For example:
yarn try test.js
The project is built on Travis-ci.org targeting each supported Node.js versions (see the list above).
During the CI build all source files are linted and all unit tests need to pass resulting in a coverage report.
The project uses semantic versioning.
patch
versions are used to fix bugs and upgrade dependencies. minor
versions are used to add new non-breaking features. major
version is bumped when there are significant changes which could break projects already using eslint-formatter-summary
.
To publish a new version we use np
yarn release 1.2.3
See https://github.com/sindresorhus/np for more options.
.eslintrc
MIT
FAQs
ESLint summary formatter aggregating results by rule
The npm package eslint-formatter-summary receives a total of 54,211 weekly downloads. As such, eslint-formatter-summary popularity was classified as popular.
We found that eslint-formatter-summary demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.