Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
eslint-plugin-jsonc
Advanced tools
eslint-plugin-jsonc is an ESLint plugin that provides linting rules for JSON and JSONC (JSON with comments) files. It helps ensure consistency and correctness in JSON files by enforcing specific coding standards and best practices.
Enforce Consistent Indentation
This rule enforces consistent indentation in JSON files. The example configures the rule to use 2 spaces for indentation.
{
"rules": {
"jsonc/indent": ["error", 2]
}
}
Disallow Trailing Commas
This rule disallows trailing commas in JSON files, which can help prevent syntax errors in environments that do not support them.
{
"rules": {
"jsonc/no-trailing-comma": "error"
}
}
Require Property Keys to be in CamelCase
This rule enforces that property keys in JSON files are written in camelCase, promoting a consistent naming convention.
{
"rules": {
"jsonc/camelcase": "error"
}
}
Disallow Comments
This rule disallows comments in JSON files, ensuring that the files remain pure JSON without any additional annotations.
{
"rules": {
"jsonc/no-comments": "error"
}
}
eslint-plugin-json is another ESLint plugin for linting JSON files. It provides basic rules for JSON file validation but does not support JSONC (JSON with comments). It is simpler and may be more suitable for projects that do not require JSONC support.
jsonlint is a standalone JSON parser and validator. It can be used to check the syntax of JSON files and ensure they are valid. Unlike eslint-plugin-jsonc, jsonlint is not an ESLint plugin and does not integrate with ESLint's rule system.
eslint-plugin-jsonc is ESLint plugin for JSON, JSONC and JSON5 files.
This ESLint plugin provides linting rules relate to better ways to help you avoid problems when using JSON, JSONC and JSON5.
"plugin:jsonc/auto-config"
provided by this plugin.You can check on the Online DEMO.
ESLint is a great linter for JavaScript.
Since JSON is a subset of JavaScript, the same parser and rules can be applied to JSON.
Also, JSONC and JSON5, which are variants of JSON, are more similar to JavaScript than JSON. Applying a JavaScript linter to JSON is more rational than creating a JSON-specific linter.
eslint-plugin-jsonc
work?This plugin parses .json
with its own parser, but this parser just converts AST parsed by espree
(ESLint standard parser) into AST with another name. However, ASTs that do not exist in JSON and the superset of JSON syntaxes are reported as parsing errors. By converting the AST to another name, we prevent false positives from ESLint core rules.
Moreover, You can do the same linting using the extended rules of the ESLint core rules provided by this plugin.
See documents.
npm install --save-dev eslint eslint-plugin-jsonc
Requirements
- ESLint v6.0.0 and above
- Node.js v8.10.0 and above
Use .eslintrc.*
file to configure rules. See also: https://eslint.org/docs/user-guide/configuring.
Example .eslintrc.js:
module.exports = {
extends: [
// add more generic rulesets here, such as:
// 'eslint:recommended',
'plugin:jsonc/recommended-with-jsonc'
],
rules: {
// override/add rules settings here, such as:
// 'jsonc/rule-name': 'error'
}
}
This plugin provides configs:
plugin:jsonc/base
... Configuration to enable correct JSON parsing.plugin:jsonc/recommended-with-json
... Recommended configuration for JSON.plugin:jsonc/recommended-with-jsonc
... Recommended configuration for JSONC.plugin:jsonc/recommended-with-json5
... Recommended configuration for JSON5.plugin:jsonc/auto-config
... Automatically apply jsonc rules similar to your configured ESLint core rules to JSON.See the rule list to get the rules
that this plugin provides.
If you want to run eslint
from the command line, make sure you include the .json
extension using the --ext
option or a glob pattern, because ESLint targets only .js
files by default.
Examples:
eslint --ext .js,.json src
eslint "src/**/*.{js,json}"
Use the dbaeumer.vscode-eslint extension that Microsoft provides officially.
You have to configure the eslint.validate
option of the extension to check .json
files, because the extension targets only *.js
or *.jsx
files by default.
Example .vscode/settings.json:
{
"eslint.validate": [
"javascript",
"javascriptreact",
"json",
"jsonc",
"json5"
]
}
The --fix
option on the command line automatically fixes problems reported by rules which have a wrench :wrench: below.
The rules with the following star :star: are included in the config.
Rule ID | Description | Fixable | JSON | JSONC | JSON5 |
---|---|---|---|---|---|
jsonc/no-bigint-literals | disallow BigInt literals | :star: | :star: | :star: | |
jsonc/no-comments | disallow comments | :star: | |||
jsonc/no-number-props | disallow number property keys | :wrench: | :star: | :star: | :star: |
jsonc/no-regexp-literals | disallow RegExp literals | :star: | :star: | :star: | |
jsonc/no-template-literals | disallow template literals | :wrench: | :star: | :star: | :star: |
jsonc/no-undefined-value | disallow undefined | :star: | :star: | :star: | |
jsonc/valid-json-number | disallow invalid number for JSON | :wrench: | :star: | :star: |
Rule ID | Description | Fixable | JSON | JSONC | JSON5 |
---|---|---|---|---|---|
jsonc/array-bracket-newline | enforce line breaks after opening and before closing array brackets | :wrench: | |||
jsonc/array-bracket-spacing | disallow or enforce spaces inside of brackets | :wrench: | |||
jsonc/array-element-newline | enforce line breaks between array elements | :wrench: | |||
jsonc/comma-dangle | require or disallow trailing commas | :wrench: | :star: | ||
jsonc/comma-style | enforce consistent comma style | :wrench: | |||
jsonc/indent | enforce consistent indentation | :wrench: | |||
jsonc/key-spacing | enforce consistent spacing between keys and values in object literal properties | :wrench: | |||
jsonc/no-dupe-keys | disallow duplicate keys in object literals | :star: | :star: | :star: | |
jsonc/no-multi-str | disallow multiline strings | :star: | :star: | ||
jsonc/no-octal-escape | disallow octal escape sequences in string literals | ||||
jsonc/no-sparse-arrays | disallow sparse arrays | :star: | :star: | :star: | |
jsonc/no-useless-escape | disallow unnecessary escape usage | :star: | :star: | :star: | |
jsonc/object-curly-newline | enforce consistent line breaks inside braces | :wrench: | |||
jsonc/object-curly-spacing | enforce consistent spacing inside braces | :wrench: | |||
jsonc/object-property-newline | enforce placing object properties on separate lines | :wrench: | |||
jsonc/quote-props | require quotes around object literal property names | :wrench: | :star: | :star: | |
jsonc/quotes | enforce use of double or single quotes | :wrench: | :star: | :star: | |
jsonc/sort-keys | require object keys to be sorted | ||||
jsonc/space-unary-ops | disallow spaces after unary operators | :wrench: | :star: | :star: | :star: |
Welcome contributing!
Please use GitHub's Issues/PRs.
npm test
runs tests and measures coverage.npm run update
runs in order to update readme and recommended configuration.See the LICENSE file for license rights and limitations (MIT).
FAQs
ESLint plugin for JSON, JSONC and JSON5 files.
The npm package eslint-plugin-jsonc receives a total of 381,503 weekly downloads. As such, eslint-plugin-jsonc popularity was classified as popular.
We found that eslint-plugin-jsonc demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.