Security News
Cloudflare Adds Security.txt Setup Wizard
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
eslint-plugin-diff
Advanced tools
Run ESLint on your changed lines only.
The feedback your developers get in a pull-request should be focused on the changes they've made, but traditional setups don't allow for this. With this plugin you can run ESLint on your changed lines only, making all warnings and errors relevant to you, and at the same time avoiding becoming overwhelmed with linter errors.
When updating your linter or its dependencies, you often get new linter warnings and errors in your code, which can lead to a huge increase of the cost of your project if you try to fix all of them. This plugin allows you to run ESLint on only the changed lines of your code, so the new errors won't get triggered on the code other developers have already manually reviewed and approved.
Having a healthy and high-quality code-base is a pre-requisite for high velocity and having too many errors in your linter's output can get overwhelming, oftentimes disheartening the developers, at the cost of the quality of the code. Having a linter that runs on only the changed lines of your code will ensure your developers don't get overwhelmed, ensuring your code-base will remain healthy, and your team productive.
Let's face it – Developers are bombarded with errors and notifications about systems being broken, code being wrong and people requiring their attention. If a linter has too much output, it becomes a chore for your developers just to assess whether or not their changes actually caused an issue, or if it's just old code they haven't even touched. With this plugin, all the linter output your developers see will be related to whatever they have personally changed, requiring much less focus on parsing the linter's output.
When creating pull-requests, this plugin will enable you to run ESLint on only the changed lines of your pull-request, increasing the focus of your code review. This is a great way to reduce the amount of time spent on code review while still maintaining a high quality code base and increase the quality of your feedback.
As an added bonus, it also makes introducing new ESLint rules (or updating 3rd party configs) in a large codebase trivial, because you avoid becoming blocked by new ESLint issues in already-approved code.
Install the plugin and extend your ESLint config.
yarn add -D eslint eslint-plugin-diff
Extend your ESLint config with one of our configs.
"plugin:diff/diff"
(recommended)Only lint changes
{
"extends": ["plugin:diff/diff"]
}
"plugin:diff/ci"
In a CI-environment, only lint changes. Locally, skip the plugin (i.e. lint everything).
NOTE: This requires the environment variable
CI
to be defined, which most CI-providers set automatically.
{
"extends": ["plugin:diff/ci"]
}
"plugin:diff/staged"
Only lint the changes you've staged for an upcoming commit.
{
"extends": ["plugin:diff/staged"]
}
To lint all the changes of a pull-request, you only have to set
ESLINT_PLUGIN_DIFF_COMMIT
before running ESLint.
name: Run ESLint on your changes only
on:
pull_request:
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Install modules
run: npm install
- name: Fetch the base branch, so we can use `git diff`
run: git fetch origin ${{ github.event.pull_request.base.ref }}:${{ github.event.pull_request.base.ref }}
- name: Run ESLint on your changes only
env:
ESLINT_PLUGIN_DIFF_COMMIT: ${{ github.event.pull_request.base.ref }}
run: npx --no-install eslint --ext .js,.jsx,.ts,.tsx .
export ESLINT_PLUGIN_DIFF_COMMIT="origin/$BITBUCKET_PR_DESTINATION_BRANCH";
npx --no-install eslint --ext .js,.ts,.tsx .
ESLINT_PLUGIN_DIFF_COMMIT
. See git's official documentation on the syntax"plugin:diff/diff"
) or staged changes only (using "plugin:diff/staged"
)."plugin:diff/diff"
, which is equivalent to running git diff HEAD
."plugin:diff/staged"
is equivalent to running git diff HEAD --staged
FAQs
Run ESLint on your changes only
The npm package eslint-plugin-diff receives a total of 88,603 weekly downloads. As such, eslint-plugin-diff popularity was classified as popular.
We found that eslint-plugin-diff demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
Security News
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.
Security News
ENISA’s 2024 report highlights the EU’s top cybersecurity threats, including rising DDoS attacks, ransomware, supply chain vulnerabilities, and weaponized AI.