Security News
JSR Working Group Kicks Off with Ambitious Roadmap and Plans for Open Governance
At its inaugural meeting, the JSR Working Group outlined plans for an open governance model and a roadmap to enhance JavaScript package management.
eslint-plugin-mongodb
Advanced tools
Eslint rules for the NodeJS MongoDB native driver 2.0 syntax and best practices.
Disclaimer: This is a work in progress. Use it only if you wish to be involved in this project evolution by reporting bugs or even sending PRs.
The first stable release will be 1.0.0.
eslint
as a dev-dependency:npm install --save-dev eslint
eslint-plugin-mongodb
as a dev-dependency:npm install --save-dev eslint-plugin-mongodb
.eslintrc
:plugins:
- mongodb
You can also configure these rules in your .eslintrc
. All rules defined in
this plugin have to be prefixed by 'mongodb/'
plugins:
- mongodb
rules:
- mongodb/no-replace: 0
In order to recognize MongoDB native driver queries, this plugin check for function calls. By using shared settings you can specify your own patterns, here are the defaults:
{
"settings": {
"mongodb": {
"callPatterns": {
"query": [
"(\\.|^)db\\.collection\\([^\\)]+\\)\\.(find|findOne|)$",
],
"update": [
"(\\.|^)db\\.collection\\([^\\)]+\\)\\.(findOneAndUpdate|updateOne|updateMany)$",
],
"insert": [
"(\\.|^)db\\.collection\\([^\\)]+\\)\\.(insertOne|insertMany)$",
],
"remove": [
"(\\.|^)db\\.collection\\([^\\)]+\\)\\.(findOneAndDelete|deleteOne|deleteMany)$",
],
"deprecated": [
"(\\.|^)db\\.collection\\([^\\)]+\\)\\.(remove|update|findAndModify|ensureIndex|findAndRemove|insert|dropAllIndexes)$",
]
}
}
}
})
Note that the above are strings representing regular expressions. It will be
cast with the RegExp
constructor so you have to escape your escapes ;).
Default: 'check-insert-calls': 2
Check insertOne
/insertMany
calls to ensure their arguments are well formed.
Default: 'check-query-calls': 2
Check find
/findOne
calls to ensure their arguments are well formed.
Default: 'check-update-calls': 2
Check update
calls to ensure their arguments are well formed.
Default: 'check-remove-calls': 2
Check remove
calls to ensure their arguments are well formed.
Default: 'check-deprecated-calls': 2
Check collection calls and warn in case of deprecated methods usage.
Default: 'no_replace': 1
Check update queries to ensure no raw replace is done.
Default: 'check-rename-updates': 2
Check $rename
update operator usage.
Default: 'check-unset-updates': 2
Check $unset
update operator usage.
Default: 'check-current-date-updates': 2
Check $currentDate
update operator usage.
Default: 'check-numeric-updates': 2
Check update queries to ensure numeric operators like $mul
and $inc
contain
numeric values.
Default: 'check-minmax-updates': 2
Check $min
and $max
update operators usage.
Default: 'check-set-updates': 2
Check $set
and $setOnInsert
update operators usage.
Default: 'check-push-updates': 2
Check $push
update operator usage and its modifiers.
Default: 'check-pull-updates': 2
Check $pull
update operator usage.
Default: 'check-pop-updates': 2
Check $pop
update operator usage.
Default: 'check-addtoset-updates': 2
Check $addToSet
update operator usage and common misuses.
Default: 'check-deprecated-updates': 2
Check deprecated update operator usage.
Feel free to push your code if you agree with publishing under the MIT license.
Avoid wasting your time and follow those steps to suggest a new rule:
Create and issue prefixed by [rule] and let us know what should change.
FAQs
Lint your MongoDB queries.
We found that eslint-plugin-mongodb demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
At its inaugural meeting, the JSR Working Group outlined plans for an open governance model and a roadmap to enhance JavaScript package management.
Security News
Research
An advanced npm supply chain attack is leveraging Ethereum smart contracts for decentralized, persistent malware control, evading traditional defenses.
Security News
Research
Attackers are impersonating Sindre Sorhus on npm with a fake 'chalk-node' package containing a malicious backdoor to compromise developers' projects.