Security News
Crates.io Implements Trusted Publishing Support
Crates.io adds Trusted Publishing support, enabling secure GitHub Actions-based crate releases without long-lived API tokens.
By Sarah Gooding - Jul 16, 2025
You're Invited:Meet the Socket Team at BlackHat and DEF CON in Las Vegas, Aug 4-6.RSVP →
eslint-plugin-clean-code
Advanced tools
eslint-plugin-clean-code
Clean code ESLint plugin
Installation
You'll first need to install ESLint:
$ npm install --save-dev eslint
Next, install eslint-plugin-clean-code:
$ npm install --save-dev eslint-plugin-clean-code
Note: If you installed ESLint globally (using the -g flag) then you must also install eslint-plugin-clean-code globally.
Usage
Add clean-code to the plugins section of your .eslintrc configuration file. You can omit the eslint-plugin- prefix:
{
"plugins": [
"clean-code"
]
}
Then configure the rules you want to use under the rules section.
{
"rules": {
"clean-code/feature-envy": 2
}
}
Supported Rules
| Rule name | Description |
--------------------------------------------------------------------------------------------------------
| feature-envy | Reports the "Feature Envy" code smell. Feature envy is defined as occurring when |
| | a method calls methods on another class three or more times. Feature envy is |
| | often an indication that functionality is located in the wrong class. |
Todo
-
Allow end-user configuration of object name/class for which feature envy is not reported
-
Chain of 'instanceof' checks
Reports any chains of if-else statements all of whose conditions are instanceof expressions or class equality expressions (e.g. comparison with String.class). Such constructions usually indicate a failure of object-oriented design, which dictates that such type-based dispatch should be done via polymorphic method calls rather than explicit chains of type tests. -
'if' statement with too many branches
Reports if statements with too many branches. Such statements may be confusing, and are often the sign of inadequate levels of design abstraction. -
'switch' statement outside of factory class/method
-
Method call violates Law of Demeter
-
Overly complex boolean expression
Contributing
Feel free to contribute to any of above Todos or supply your own clean code rule not given in Todos.
FAQs
Clean code ESLint plugin
The npm package eslint-plugin-clean-code receives a total of 285 weekly downloads. As such, eslint-plugin-clean-code popularity was classified as not popular.
We found that eslint-plugin-clean-code demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 23 Feb 2020
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Tracking Protestware Spread: 28 npm Packages Affected by Payload Targeting Russian-Language Users
Undocumented protestware found in 28 npm packages disrupts UI for Russian-language users visiting Russian and Belarusian domains.
By Olivia Brown - Jul 15, 2025
Research
/Security News
Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader
North Korean threat actors deploy 67 malicious npm packages using the newly discovered XORIndex malware loader.
By Kirill Boychenko - Jul 14, 2025