Research
Two Malicious Rust Crates Impersonate Popular Logger to Steal Wallet Keys
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
By Kirill Boychenko - Sep 24, 2025
eslint-plugin-mocha-no-only
Advanced tools
eslint-plugin-mocha-no-only
Warns when a .only function call is chained to a Mocha JavaScript test
eslint-mocha-no-only
This package contains an ESLint rule which throws an error (or warning) when the only() method is called on describe, context, it, specify, suite and test Mocha test keywords.
Why do I need this?
only() is a useful Mocha feature that lets the test runner run one specific part of a test suite. Often, developers may end up forgetting to remove the only() method before commiting and pushing their code. This results in the CI tool running only one specific test in the suite which may end up in a false-positive build.
By having ESLint throw an error in such cases, you can rest assured your CI tool runs all your test suites.
Installation
You'll first need to install ESLint:
$ npm i eslint --save-dev
Next, install eslint-plugin-mocha-no-only:
$ npm install eslint-plugin-mocha-no-only --save-dev
Note: If you installed ESLint globally (using the -g flag) then you must also install eslint-plugin-mocha-no-only globally.
Usage
Enable the eslint-plugin-mocha-no-only plugin and rules in your eslint.config.js file.
import globals from "globals";
import pluginJs from "@eslint/js";
import mochaNoOnly from "eslint-plugin-mocha-no-only"
export default [
{
languageOptions: { globals: globals.browser },
plugins: { mochaNoOnly },
rules: { "mochaNoOnly/mocha-no-only": ["error"] }
},
pluginJs.configs.recommended,
];
Note: You may want to only enable this rule for files in your tests suite. This can be done by adding an additional config object with a files key.
import globals from "globals";
import pluginJs from "@eslint/js";
import mochaNoOnly from "eslint-plugin-mocha-no-only"
export default [
{
languageOptions: { globals: globals.browser },
plugins: { ... },
rules: { ... }
},
{
files: ["test/**.js"],
plugins: { mochaNoOnly },
rules: { "mochaNoOnly/mocha-no-only": ["error"] }
},
pluginJs.configs.recommended,
];
Examples
Failing
describe("foobar", function() {
var foo;
beforeEach(function() {
foo = new Foo();
});
it.only("should do things", function() {
expect(foo).to.do.things;
});
});
Passing
describe("foobar", function() {
var foo;
beforeEach(function() {
foo = new Foo();
});
it("should do things", function() {
expect(foo).to.do.things;
});
});
FAQs
Warns when a .only function call is chained to a Mocha JavaScript test
We found that eslint-plugin-mocha-no-only demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 16 May 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025