Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

eslint-plugin-mongodb

Package Overview
Dependencies
Maintainers
5
Versions
11
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

eslint-plugin-mongodb

Lint your MongoDB queries.

  • 1.0.0
  • latest
  • Source
  • npm
  • Socket score
Version published
Weekly downloads
281
decreased by-17.11%
Maintainers
5
Weekly downloads
 
Created
Source

eslint-plugin-mongodb

Eslint rules for the NodeJS MongoDB native driver 2.0 syntax and best practices.

NPM version Build status Dependency Status devDependency Status Coverage Status Code Climate

Disclaimer: This is a work in progress. Use it only if you wish to be involved in this project evolution by reporting bugs or even sending PRs.

The first stable release will be 1.0.0.

Usage

  1. Install eslint as a dev-dependency:
npm install --save-dev eslint
  1. Install eslint-plugin-mongodb as a dev-dependency:
npm install --save-dev eslint-plugin-mongodb
  1. Enable the plugin by adding it to your .eslintrc:
plugins:
  - mongodb

  1. You can also configure these rules in your .eslintrc. All rules defined in this plugin have to be prefixed by 'mongodb/'

    plugins:
  - mongodb
rules:
  - mongodb/no-replace: 0

Settings

In order to recognize MongoDB native driver queries, this plugin check for function calls. By using shared settings you can specify your own patterns, here are the defaults:

{
    "settings": {
        "mongodb": {
          "callPatterns": {
            "query": [
              "(\\.|^)db\\.collection\\([^\\)]+\\)\\.(find|findOne|)$",
            ],
            "update": [
              "(\\.|^)db\\.collection\\([^\\)]+\\)\\.(findOneAndUpdate|updateOne|updateMany)$",
            ],
            "insert": [
              "(\\.|^)db\\.collection\\([^\\)]+\\)\\.(insertOne|insertMany)$",
            ],
            "remove": [
              "(\\.|^)db\\.collection\\([^\\)]+\\)\\.(findOneAndDelete|deleteOne|deleteMany)$",
            ],
            "deprecated": [
              "(\\.|^)db\\.collection\\([^\\)]+\\)\\.(remove|update|findAndModify|ensureIndex|findAndRemove|insert|dropAllIndexes)$",
            ]
          }
        }
    }
})

Note that the above are strings representing regular expressions. It will be cast with the RegExp constructor so you have to escape your escapes ;).

Rules

check-insert-calls

Default: 'check-insert-calls': 2

Check insertOne/insertMany calls to ensure their arguments are well formed.

check-query-calls

Default: 'check-query-calls': 2

Check find/findOne calls to ensure their arguments are well formed.

check-update-calls

Default: 'check-update-calls': 2

Check update calls to ensure their arguments are well formed.

check-remove-calls

Default: 'check-remove-calls': 2

Check remove calls to ensure their arguments are well formed.

check-deprecated-calls

Default: 'check-deprecated-calls': 2

Check collection calls and warn in case of deprecated methods usage.

no-replace

Default: 'no_replace': 1

Check update queries to ensure no raw replace is done.

check-rename-updates

Default: 'check-rename-updates': 2

Check $rename update operator usage.

check-unset-updates

Default: 'check-unset-updates': 2

Check $unset update operator usage.

check-current-date-updates

Default: 'check-current-date-updates': 2

Check $currentDate update operator usage.

check-numeric-updates

Default: 'check-numeric-updates': 2

Check update queries to ensure numeric operators like $mul and $inc contain numeric values.

check-minmax-updates

Default: 'check-minmax-updates': 2

Check $min and $max update operators usage.

check-set-updates

Default: 'check-set-updates': 2

Check $set and $setOnInsert update operators usage.

check-push-updates

Default: 'check-push-updates': 2

Check $push update operator usage and its modifiers.

check-pull-updates

Default: 'check-pull-updates': 2

Check $pull update operator usage.

check-pop-updates

Default: 'check-pop-updates': 2

Check $pop update operator usage.

check-addtoset-updates

Default: 'check-addtoset-updates': 2

Check $addToSet update operator usage and common misuses.

check-deprecated-updates

Default: 'check-deprecated-updates': 2

Check deprecated update operator usage.

Contributing

Feel free to push your code if you agree with publishing under the MIT license.

How to create a new rule

Avoid wasting your time and follow those steps to suggest a new rule:

  • create and issue prefixed by [rule] and followed by it's name
  • OR create the rule tests file in the src/lib/rules directory directly, create a branch whose name is the proposed rule name. Finally create a pull request.
  • let's discuss about the feature and its implementation details.
  • implement the feature.

Changing a specific rule behavior

Create and issue prefixed by [rule] and let us know what should change.

Stats

NPM NPM

Keywords

FAQs

Package last updated on 15 Feb 2018

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries

Research

Security News

Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries

Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.

By Kirill Boychenko  -  Nov 22, 2024
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc