Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
eslint-plugin-n
Advanced tools
forked from eslint-plugin-node v11.1.0. as the original repository seems no longer maintained.
Additional ESLint rules for Node.js
npm install --save-dev eslint eslint-plugin-n
>=16.0.0
>=7.0.0
Note: It recommends a use of the "engines" field of package.json. The "engines" field is used by n/no-unsupported-features/*
rules.
{
"extends": ["eslint:recommended", "plugin:n/recommended"],
"parserOptions": {
"ecmaVersion": 2021
},
"rules": {
"n/exports-style": ["error", "module.exports"]
}
}
eslint.config.js
(requires eslint>=v8.23.0)const nodePlugin = require("eslint-plugin-n")
module.exports = [
nodePlugin.configs["flat/recommended-script"],
{
rules: {
"n/exports-style": ["error", "module.exports"]
}
}
]
package.json (An example)
{
"name": "your-module",
"version": "1.0.0",
"type": "commonjs",
"engines": {
"node": ">=8.10.0"
}
}
The rules get the supported Node.js version range from the following, falling back to the next if unspecified:
version
node.version
package.json
[engines
] field>=16.0.0
If you omit the [engines] field, this rule chooses >=16.0.0
as the configured Node.js version since 16
is the maintained lts (see also Node.js Release Working Group).
For Node.js packages, using the [engines
] field is recommended because it's the official way to indicate support:
{
"name": "your-module",
"version": "1.0.0",
"engines": {
"node": ">=16.0.0"
}
}
For Shareable Configs or packages with a different development environment (e.g. pre-compiled, web package, etc.), you can configure ESLint with settings.node.version
to specify support.
💼 Configurations enabled in.
☑️ Set in the flat/recommended
configuration.
🟢 Set in the flat/recommended-module
configuration.
✅ Set in the flat/recommended-script
configuration.
☑️ Set in the recommended
configuration.
🟢 Set in the recommended-module
configuration.
✅ Set in the recommended-script
configuration.
🔧 Automatically fixable by the --fix
CLI option.
❌ Deprecated.
Name | Description | 💼 | 🔧 | ❌ |
---|---|---|---|---|
callback-return | require return statements after callbacks | |||
exports-style | enforce either module.exports or exports | 🔧 | ||
file-extension-in-import | enforce the style of file extensions in import declarations | 🔧 | ||
global-require | require require() calls to be placed at top-level module scope | |||
handle-callback-err | require error handling in callbacks | |||
no-callback-literal | enforce Node.js-style error-first callback pattern is followed | |||
no-deprecated-api | disallow deprecated APIs | ☑️ 🟢 ✅ ☑️ 🟢 ✅ | ||
no-exports-assign | disallow the assignment to exports | ☑️ 🟢 ✅ ☑️ 🟢 ✅ | ||
no-extraneous-import | disallow import declarations which import extraneous modules | ☑️ 🟢 ✅ ☑️ 🟢 ✅ | ||
no-extraneous-require | disallow require() expressions which import extraneous modules | ☑️ 🟢 ✅ ☑️ 🟢 ✅ | ||
no-hide-core-modules | disallow third-party modules which are hiding core modules | ❌ | ||
no-missing-import | disallow import declarations which import non-existence modules | ☑️ 🟢 ✅ ☑️ 🟢 ✅ | ||
no-missing-require | disallow require() expressions which import non-existence modules | ☑️ 🟢 ✅ ☑️ 🟢 ✅ | ||
no-mixed-requires | disallow require calls to be mixed with regular variable declarations | |||
no-new-require | disallow new operators with calls to require | |||
no-path-concat | disallow string concatenation with __dirname and __filename | |||
no-process-env | disallow the use of process.env | |||
no-process-exit | disallow the use of process.exit() | ☑️ 🟢 ✅ ☑️ 🟢 ✅ | ||
no-restricted-import | disallow specified modules when loaded by import declarations | |||
no-restricted-require | disallow specified modules when loaded by require | |||
no-sync | disallow synchronous methods | |||
no-unpublished-bin | disallow bin files that npm ignores | ☑️ 🟢 ✅ ☑️ 🟢 ✅ | ||
no-unpublished-import | disallow import declarations which import private modules | ☑️ 🟢 ✅ ☑️ 🟢 ✅ | ||
no-unpublished-require | disallow require() expressions which import private modules | ☑️ 🟢 ✅ ☑️ 🟢 ✅ | ||
no-unsupported-features | disallow unsupported ECMAScript features on the specified version | ❌ | ||
no-unsupported-features/es-builtins | disallow unsupported ECMAScript built-ins on the specified version | ☑️ 🟢 ✅ ☑️ 🟢 ✅ | ||
no-unsupported-features/es-syntax | disallow unsupported ECMAScript syntax on the specified version | ☑️ 🟢 ✅ ☑️ 🟢 ✅ | ||
no-unsupported-features/node-builtins | disallow unsupported Node.js built-in APIs on the specified version | ☑️ 🟢 ✅ ☑️ 🟢 ✅ | ||
prefer-global/buffer | enforce either Buffer or require("buffer").Buffer | |||
prefer-global/console | enforce either console or require("console") | |||
prefer-global/process | enforce either process or require("process") | |||
prefer-global/text-decoder | enforce either TextDecoder or require("util").TextDecoder | |||
prefer-global/text-encoder | enforce either TextEncoder or require("util").TextEncoder | |||
prefer-global/url | enforce either URL or require("url").URL | |||
prefer-global/url-search-params | enforce either URLSearchParams or require("url").URLSearchParams | |||
prefer-promises/dns | enforce require("dns").promises | |||
prefer-promises/fs | enforce require("fs").promises | |||
process-exit-as-throw | require that process.exit() expressions use the same code path as throw | ☑️ 🟢 ✅ ☑️ 🟢 ✅ | ||
shebang | require correct usage of shebang | ☑️ 🟢 ✅ ☑️ 🟢 ✅ | 🔧 |
This plugin provides three configs:
Name | Description |
---|---|
plugin:n/recommended | Considers both CommonJS and ES Modules. If "type":"module" field existed in package.json then it considers files as ES Modules. Otherwise it considers files as CommonJS. In addition, it considers *.mjs files as ES Modules and *.cjs files as CommonJS. |
plugin:n/recommended-module | Considers all files as ES Modules. |
plugin:n/recommended-script | Considers all files as CommonJS. |
These preset configs:
process.exit()
.{ecmaVersion: 2021}
and etc into parserOptions
.globals
.plugins
.Q: The no-missing-import
/ no-missing-require
rules don't work with nested folders in SublimeLinter-eslint
A: See context.getFilename() in rule returns relative path in the SublimeLinter-eslint FAQ.
Q: How to use the flat eslint config with mixed commonjs and es modules?
A: You can use the new exported flat config flat/mixed-esm-and-cjs
, an example:
const nodePlugin = require("eslint-plugin-n");
module.exports = [
...nodePlugin.configs["flat/mixed-esm-and-cjs"],
{
rules: {
"n/exports-style": ["error", "module.exports"],
},
},
]
eslint-plugin-n
follows semantic versioning and ESLint's Semantic Versioning Policy.
Deprecated rules follow ESLint's deprecation policy.
Welcome contributing!
Please use GitHub's Issues/PRs.
npm test
runs tests and measures coverage.npm run coverage
shows the coverage result of npm test
command.npm run clean
removes the coverage result of npm test
command.FAQs
Additional ESLint's rules for Node.js
The npm package eslint-plugin-n receives a total of 2,463,606 weekly downloads. As such, eslint-plugin-n popularity was classified as popular.
We found that eslint-plugin-n demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.