
Research
/Security News
Critical Vulnerability in NestJS Devtools: Localhost RCE via Sandbox Escape
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
eslint-plugin-mozilla
Advanced tools
A collection of rules that help enforce JavaScript coding standard in the Mozilla project.
A collection of rules that help enforce JavaScript coding standard in the Mozilla project.
These are primarily developed and used within the Firefox build system (mozilla-central), but are made available for other related projects to use as well.
$ ./mach eslint --setup
Install ESLint ESLint:
$ npm i eslint --save-dev
Next, install eslint-plugin-mozilla
:
$ npm install eslint-plugin-mozilla --save-dev
import mozilla from "eslint-plugin-mozilla"
export default [
...mozilla.configs["flat/recommended"];
]
The recommended configuration does not set up globals for all files. It only sets the globals in the environment for Mozilla specific files, e.g. system modules, sjs files and workers.
If you use some of the other configurations, note that they are objects rather than arrays.
{
"extends": ["plugin:mozilla/recommended"]
}
If you use prettier in your setup, you may need to extend from eslint-config-prettier to ensure that any rules that conflict with prettier are disabled. See here for more information.
For details about the rules, please see the firefox documentation page.
The sources can be found at:
Please file bugs in Bugzilla in the Lint and Formatting component of the Developer Infrastructure product.
The tests can only be run from within mozilla-central. To run the tests:
$ ./mach npm --prefix tools/lint/eslint/eslint-plugin-mozilla ci
$ ./mach npm --prefix tools/lint/eslint/eslint-plugin-mozilla test
FAQs
A collection of rules that help enforce JavaScript coding standard in the Mozilla project.
The npm package eslint-plugin-mozilla receives a total of 6,850 weekly downloads. As such, eslint-plugin-mozilla popularity was classified as popular.
We found that eslint-plugin-mozilla demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
Product
Customize license detection with Socket’s new license overlays: gain control, reduce noise, and handle edge cases with precision.
Product
Socket now supports Rust and Cargo, offering package search for all users and experimental SBOM generation for enterprise projects.