
Research
PyPI Package Disguised as Instagram Growth Tool Harvests User Credentials
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
eslint-plugin-extra-rules
Advanced tools
My custom eslint rules in addition to the ones provided at http://eslint.org/
Additional rules for eslint
npm install --save-dev eslint-plugin-extra-rules
Add to your .eslintrc
:
{
"plugins": ["extra-rules"],
"rules": {
"extra-rules/no-commented-out-code": "warn",
// Your other rules...
}
}
Detects code in the single or multiline comments
/* eslint extra-rules/no-commented-out-code: "warn" */
/*
function foo() {
return 'foo';
}*/
// this is normal comment
function baz() {
'use strict';
// and this is another normal comment
// var bar = 'bar';
return 'baz';
}
Produces the following output:
2:0 warning commented out code "function foo() {" (4 lines) no-commented-out-code
10:2 warning commented out code "var bar = 'bar';" (1 line) no-commented-out-code
Detect source files with too many lines
first argument: rule severity (0 - no check, 1 - warning, 2 - error)
second argument: max number of allowed lines
"no-long-files": [2, 70]
Prints something like
potential-point-free.js
0:0 error file line count 51 exceeded line limit 50 no-long-files
ESLint rule for enforcing camelCame names but allowing _ in property names
We want to use camelCase in variable names, but want to still allow underscores in JSON objects:
var goodObject = {
property_name: 1,
another_property: 2
};
jshint has camelcase rule that forces EVERY name to be camelCased
$ jshint index.js
index.js: line 2, col 0, Identifier 'property_name' is not in camel case.
index.js: line 3, col 0, Identifier 'another_property' is not in camel case.
2 errors
There are manual workarounds:
// jshint ignore:lint
or // jshint -W106
'property_name': 1
Both workarounds are hacky.
I wrote a more flexible rule called camel_case
for eslint. The rule looks one character after
the identifier to see if it is followed by colon :
character.
If yes, this is a property name inside an object, and underscore character _
is allowed.
Warns or errors if you use for loops in your code. I consider for loops harmful for their side effects,
and even consider .forEach
dangerous, see Avoid forEach.
Does not allow you to nest objects into single line. Single property object can be single line
// allowed
var foo = { foo: 'foo' };
// not allowed
var foo = { foo: 'foo', bar: 'bar' };
var foo = { foo: { bar: 'bar' } };
Warns if a function just calls another function passing arguments and can potentially become point-free. Point-free programming eliminates complexity and superfluous variables. Only functions with single call expression are considered. The arguments must match exactly.
/* eslint extra-rules/potential-point-free: "warn" */
function print(x) {
console.log(x);
}
[1, 2, 3].forEach(function printX(x) {
print(x);
});
// output 7:18 warning printX potential-point-free
Note: due to signatures and optional arguments, sometimes functions should not be point free directly.
For example the array iterators pass item, index and the array itself, which causes problems for parseInt
['1', '2', '3'].forEach(parseInt);
// [1, 'NaN', 'NaN']
In this case, you can use unary adaptor or 3rd party iterator with simpler signature, R.forEach.
Author: Gleb Bahmutov © 2014
License: MIT - do anything with the code, but don't blame me if it does not work.
Spread the word: tweet, star on github, etc.
Support: if you find any problems with this module, email / tweet / open issue on Github
Copyright (c) 2014 Gleb Bahmutov
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
FAQs
My custom eslint rules in addition to the ones provided at http://eslint.org/
The npm package eslint-plugin-extra-rules receives a total of 13,666 weekly downloads. As such, eslint-plugin-extra-rules popularity was classified as popular.
We found that eslint-plugin-extra-rules demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
Product
Socket now supports pylock.toml, enabling secure, reproducible Python builds with advanced scanning and full alignment with PEP 751's new standard.
Security News
Research
Socket uncovered two npm packages that register hidden HTTP endpoints to delete all files on command.