Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
eslint-plugin-n8n-nodes-base
Advanced tools
[![NPM version](https://img.shields.io/npm/v/eslint-plugin-n8n-nodes-base.svg?style=flat)](https://npmjs.org/package/eslint-plugin-n8n-nodes-base)
ESLint plugin for linting n8n nodes.
Install this plugin:
pnpm i -D eslint-plugin-n8n-nodes-base
Create an ESLint configuration file and decide how to set up the plugin.
If you specify only the plugin, all rules in the plugin are disabled by default and must be individually enabled:
{
plugins: [ "eslint-plugin-n8n-nodes-base" ],
rules: {
"n8n-nodes-base/node-param-array-type-assertion": "warn",
"n8n-nodes-base/node-param-default-wrong-for-collection": "error"
}
}
If you specify both the plugin and a config, all config rules are enabled by default and must be individually disabled:
{
plugins: [ "eslint-plugin-n8n-nodes-base" ],
extends: [ "plugin:n8n-nodes-base/nodes" ],
rules: {
"n8n-nodes-base/node-param-array-type-assertion": "off",
"n8n-nodes-base/node-param-default-wrong-for-collection": "off"
}
}
Config | Content |
---|---|
nodes | Ruleset for n8n nodes |
credentials | Ruleset for n8n credentials |
community | Ruleset for package.json in n8n community package |
In the community
ruleset, the five *-still-default
rules allow you to define your own default values:
{
plugins: [ "eslint-plugin-n8n-nodes-base" ],
extends: [ "plugin:n8n-nodes-base/nodes" ],
rules: {
"n8n-nodes-base/community-package-json-author-name-still-default": [
"error",
{ authorName: "Neil Armstrong" }, // user-defined default
],
}
}
Name | Description | Autofixable |
---|---|---|
community-package-json-author-email-still-default | The author.email value in the package.json of a community package must be different from the default value '' (empty string) or a user-defined default. | No |
community-package-json-author-missing | The author key must be present in the package.json of a community package. | No |
community-package-json-author-name-missing | The author.name key must be present in the package.json of a community package. | No |
community-package-json-author-name-still-default | The author.name value in the package.json of a community package must be different from the default value '' (empty string) or a user-defined default. | No |
community-package-json-description-missing | The description key must be present in the package.json of a community package. | No |
community-package-json-description-still-default | The description value in the package.json of a community package must be different from the default value '' (empty string) or a user-defined default. | No |
community-package-json-keywords-missing | The keywords key must be present in the package.json of a community package. | No |
community-package-json-keywords-without-official-tag | The keywords value in the package.json of a community package must be an array containing the value 'n8n-community-node-package' . | No |
community-package-json-license-missing | The description key must be present in the package.json of a community package. | No |
community-package-json-license-not-default | The license key in the package.json of a community package must be the default value MIT . | No |
community-package-json-n8n-api-version-missing | The n8n.n8nNodesApiVersion key must be present in the package.json of a community package. | No |
community-package-json-n8n-api-version-not-number | The n8n.n8nNodesApiVersion value in the package.json of a community package must be a number. | No |
community-package-json-n8n-missing | The n8n key must be present in the package.json of a community package. | No |
community-package-json-n8n-nodes-empty | The n8n.nodes value in the package.json of a community package must contain at least one filepath. | No |
community-package-json-n8n-nodes-missing | The n8n.nodes key must be present in the package.json of a community package. | No |
community-package-json-name-missing | The name key must be present in the package.json of a community package. | No |
community-package-json-name-still-default | The name key in the package.json of a community package must be different from the default value n8n-nodes-<...> or a user-defined default. | No |
community-package-json-repository-url-still-default | The repository.url value in the package.json of a community package must be different from the default value https://github.com/<...>/n8n-nodes-<...>.git or a user-defined default. | No |
community-package-json-version-missing | The version key must be present in the package.json of a community package. | No |
cred-class-field-authenticate-type-assertion | In a credential class, the field authenticate must be typed IAuthenticateGeneric | Yes |
cred-class-field-display-name-miscased | displayName field in credential class must be title cased, except for n8n API and E-goi API | Yes |
cred-class-field-display-name-missing-api | displayName field in credential class must be end with API . | Yes |
cred-class-field-display-name-missing-oauth2 | displayName field in credential class must mention OAuth2 if the credential is OAuth2. | No |
cred-class-field-documentation-url-miscased | documentationUrl field in credential class must be camel cased. Only applicable to nodes in the main repository. | Yes |
cred-class-field-documentation-url-missing | documentationUrl field in credential class must be present. | Yes |
cred-class-field-documentation-url-not-http-url | documentationUrl field in credential class must be an HTTP URL. Only applicable to community credentials. | No |
cred-class-field-name-missing-oauth2 | name field in credential class must mention OAuth2 if the credential is OAuth2. | No |
cred-class-field-name-unsuffixed | name field in credential class must be suffixed with -Api . | Yes |
cred-class-field-name-uppercase-first-char | First char in name in credential class must be lowercase. | Yes |
cred-class-field-placeholder-url-missing-eg | placeholder for a URL in credential class must be prepended with e.g. . | Yes |
cred-class-field-properties-assertion | In a credential class, the field properties must be typed INodeProperties and individual properties must have no assertions. | Yes |
cred-class-field-type-options-password-missing | In a sensitive string-type field, typeOptions.password must be set to true to obscure the input. A field name is sensitive if it contains the strings: secret ,password ,token ,key . See exceptions in source. | Yes |
cred-class-name-missing-oauth2-suffix | Credential class name must mention OAuth2 if the credential is OAuth2. | No |
cred-class-name-unsuffixed | Credential class name must be suffixed with -Api . | Yes |
cred-filename-against-convention | Credentials filename must match credentials class name, excluding the filename suffix. Example: TestApi.credentials.ts matches TestApi in class TestApi implements ICredentialType . | No |
node-class-description-credentials-name-unsuffixed | name under credentials in node class description must be suffixed with -Api . | Yes |
node-class-description-display-name-unsuffixed-trigger-node | displayName in node class description for trigger node must be suffixed with -Trigger . | Yes |
node-class-description-empty-string | description in node class description must be filled out. | No |
node-class-description-icon-not-svg | icon in node class description should be an SVG icon. | No |
node-class-description-inputs-wrong-regular-node | The number of inputs in node class description for regular node should be one, or two for Merge node. | Yes |
node-class-description-inputs-wrong-trigger-node | The number of inputs in node class description for trigger node should be zero. | Yes |
node-class-description-missing-subtitle | subtitle in node class description must be present. | Yes |
node-class-description-name-miscased | name in node class description must be camel cased. | Yes |
node-class-description-name-unsuffixed-trigger-node | name in node class description for trigger node must be suffixed with -Trigger . | Yes |
node-class-description-non-core-color-present | color in node class description is deprecated and must not be present, except for nodes whose icon is a Font Awesome icon - usually core nodes. | Yes |
node-class-description-outputs-wrong | The number of outputs in node class description for any node must be one, or two for If node, or four for Switch node. | Yes |
node-dirname-against-convention | Node dirname must match node filename, excluding the filename suffix. Example: Test node dirname matches Test section of Test.node.ts node filename. | No |
node-execute-block-double-assertion-for-items | In the execute() method there is no need to double assert the type of items.length . | Yes |
node-execute-block-error-missing-item-index | In the operations in the execute() method in a node, NodeApiError and NodeOperationError must specify itemIndex as the third argument. | No |
node-execute-block-missing-continue-on-fail | The execute() method in a node must implement continueOnFail in a try-catch block. | No |
node-execute-block-wrong-error-thrown | The execute() method in a node may only throw ApplicationError , NodeApiError, NodeOperationError, or TriggerCloseError`. | No |
node-filename-against-convention | name in node class description must match the node filename without the .node.ts suffix. Example: If description.name is Test , then filename must be Test.node.ts . Version suffix in filename (e.g. -V2 ) is disregarded. | No |
node-param-array-type-assertion | Array of node parameters must be typed, not type-asserted. | Yes |
node-param-collection-type-item-required | Items in collection-type node parameter must not have a required property. | Yes |
node-param-collection-type-unsorted-items | Items in collection-type node parameter must be alphabetized by name if five or more than five. | No |
node-param-color-type-unused | string -type color-related node parameter must be color -type. | Yes |
node-param-default-missing | default must be present in a node parameter, except in node parameters under modes . | Yes |
node-param-default-wrong-for-boolean | default for boolean-type node parameter must be a boolean. | Yes |
node-param-default-wrong-for-collection | default for collection-type node parameter must be an object. | Yes |
node-param-default-wrong-for-fixed-collection | default for fixed-collection-type node parameter must be an object. | Yes |
node-param-default-wrong-for-limit | default for a Limit node parameter must be 50 . | Yes |
node-param-default-wrong-for-multi-options | default for a multi-options-type node parameter must be an array. | Yes |
node-param-default-wrong-for-number | default for a number-type node parameter must be a number, except for a number-type ID parameter. | Yes |
node-param-default-wrong-for-options | default for an options-type node parameter must be one of the options. | Yes |
node-param-default-wrong-for-simplify | default for a Simplify node parameter must be true . | Yes |
node-param-default-wrong-for-string | default for a string-type node parameter must be a string, unless typeOptions.multipleValues is set to true . | Yes |
node-param-description-boolean-without-whether | description in a boolean node parameter must start with Whether . | No |
node-param-description-comma-separated-hyphen | The string comma-separated in description must be hyphenated. Applicable by extension to description in option in options-type and multi-options-type node parameter. | Yes |
node-param-description-empty-string | description in node parameter or in option in options-type and multi-options-type param must be filled out or removed. Applicable by extension to description in option in options-type and multi-options-type node parameter. | Yes |
node-param-description-excess-final-period | description in node parameter must end without a final period if a single-sentence description. Applicable by extension to description in option in options-type and multi-options-type node parameter. | Yes |
node-param-description-excess-inner-whitespace | description in node parameter must not contain excess inner whitespace. Applicable by extension to description in option in options-type and multi-options-type node parameter. | Yes |
node-param-description-identical-to-display-name | description in node parameter must not be identical to displayName . | Yes |
node-param-description-line-break-html-tag | description in node parameter must not contain an HTML line break. Applicable by extension to description in option in options-type and multi-options-type node parameter. | Yes |
node-param-description-lowercase-first-char | First char in description in node parameter must be uppercase. Applicable by extension to description in option in options-type and multi-options-type node parameter. | Yes |
node-param-description-miscased-id | ID in description in node parameter must be fully uppercased. Applicable by extension to description in option in options-type and multi-options-type node parameter. | Yes |
node-param-description-miscased-json | JSON in description in node parameter must be fully uppercased. Applicable by extension to description in option in options-type and multi-options-type node parameter. | Yes |
node-param-description-miscased-url | URL in description in node parameter must be fully uppercased. Applicable by extension to description in option in options-type and multi-options-type node parameter. | Yes |
node-param-description-missing-final-period | description in node parameter must end with a final period if a multiple-sentence description, unless ending with </code> . Applicable by extension to description in option in options-type and multi-options-type node parameter. | Yes |
node-param-description-missing-for-ignore-ssl-issues | description for Ignore SSL node parameter must be present. | Yes |
node-param-description-missing-for-return-all | description for Return All node parameter must be present. | Yes |
node-param-description-missing-for-simplify | description for Simplify node parameter must be present. | Yes |
node-param-description-missing-from-dynamic-multi-options | description in dynamic-multi-options-type node parameter must be present. | Yes |
node-param-description-missing-from-dynamic-options | description in dynamic-options-type node parameter must be present. | Yes |
node-param-description-missing-from-limit | description in Limit node parameter must be present. | Yes |
node-param-description-unencoded-angle-brackets | description in node parameter must encode angle brackets for them to render. Applicable by extension to description in option in options-type and multi-options-type node parameter. | Yes |
node-param-description-unneeded-backticks | description in node parameter must not use unneeded backticks. Applicable by extension to description in option in options-type and multi-options-type node parameter. | Yes |
node-param-description-untrimmed | description in node parameter must be trimmed. Applicable by extension to description in option in options-type and multi-options-type node parameter. | Yes |
node-param-description-url-missing-protocol | description in node parameter must include protocol e.g. https:// when containing a URL. Applicable by extension to description in option in options-type and multi-options-type node parameter. | Yes |
node-param-description-weak | description in node parameter must be either useful or omitted. Applicable by extension to description in option in options-type and multi-options-type node parameter. | Yes |
node-param-description-wrong-for-dynamic-multi-options | description in dynamic-multi-options-type node parameter must be Choose from the list, or specify IDs using an <a href="https://docs.n8n.io/code/expressions/">expression</a> | Yes |
node-param-description-wrong-for-dynamic-options | description in dynamic-options-type node parameter must be Choose from the list, or specify an ID using an <a href="https://docs.n8n.io/code/expressions/">expression</a> | Yes |
node-param-description-wrong-for-ignore-ssl-issues | description for Ignore SSL node parameter must be Whether to connect even if SSL certificate validation is not possible | Yes |
node-param-description-wrong-for-limit | description for Limit node parameter must be Max number of results to return | Yes |
node-param-description-wrong-for-return-all | description for Return All node parameter must be Whether to return all results or only up to a given limit | Yes |
node-param-description-wrong-for-simplify | description for Simplify node parameter must be Whether to return a simplified version of the response instead of the raw data | Yes |
node-param-description-wrong-for-upsert | description for Upsert node parameter must be Create a new record, or update the current one if it already exists (upsert) . The resource name e.g. 'contact' is also allowed instead of 'record' . | Yes |
node-param-display-name-excess-inner-whitespace | displayName in node parameter or in fixed collection section must not contain excess inner whitespace. Applicable by extension to name in options-type or multi-options-type node parameter. | Yes |
node-param-display-name-miscased-id | ID in displayName in node parameter must be fully uppercased. Applicable by extension to name in options-type or multi-options-type node parameter. | Yes |
node-param-display-name-miscased | displayName in node parameter or in fixed collection section must title cased. Applicable by extension to name in options-type or multi-options-type node parameter. | Yes |
node-param-display-name-not-first-position | By convention, displayName in node parameter must be placed first. | Yes |
node-param-display-name-untrimmed | displayName in node parameter or in fixed collection section must be trimmed. Applicable by extension to name in options-type or multi-options-type node parameter. | Yes |
node-param-display-name-wrong-for-dynamic-multi-options | displayName for dynamic-multi-options-type node parameter must end with Names or IDs | Yes |
node-param-display-name-wrong-for-dynamic-options | displayName for dynamic-options-type node parameter must end with Name or ID | Yes |
node-param-display-name-wrong-for-simplify | displayName for Simplify node parameter must be Simplify | Yes |
node-param-display-name-wrong-for-update-fields | displayName for Update operation node parameter must be Update Fields | Yes |
node-param-fixed-collection-type-unsorted-items | Items in a fixed-collection-type node parameter section must be alphabetized by displayName if five or more than five, unless the items are address fields. | Yes |
node-param-hint-untrimmed | hint in node parameter must be trimmed. | Yes |
node-param-hint-url-missing-protocol | hint in node parameter must include protocol e.g. https:// when containing a URL. | Yes |
node-param-min-value-wrong-for-limit | minValue for Limit node parameter must be a positive integer. | Yes |
node-param-multi-options-type-unsorted-items | Items in a multi-options-type node parameter must be alphabetized by name if five or more than five. | No |
node-param-name-untrimmed | name in node parameter or in fixed collection section must be trimmed. | Yes |
node-param-operation-option-action-miscased | The property action in an option in an Operation node parameter must be sentence-cased. | Yes |
node-param-operation-option-action-wrong-for-get-many | The property action in a Get Many option in an Operation node parameter must start with Get many . | Yes |
node-param-operation-option-description-wrong-for-get-many | The property description in a Get Many option in an Operation node parameter must mention many instead of all . | Yes |
node-param-operation-option-without-action | An option in an Operation node parameter must have an action property. The action property may or may not be identical to the description property. | Yes |
node-param-operation-without-no-data-expression | noDataExpression in an Operation node parameter must be present and enabled. | Yes |
node-param-option-description-identical-to-name | description in option in options-type node parameter must not be identical to name . | Yes |
node-param-option-name-containing-star | Option name in options-type node parameter must not contain * . Use [All] instead. | Yes |
node-param-option-name-duplicate | Option name in options-type node parameter must not be a duplicate. | Yes |
node-param-option-name-wrong-for-get-many | Option name for Get Many node parameter must be Get Many | Yes |
node-param-option-name-wrong-for-upsert | Option name for Upsert node parameter must be Create or Update . | Yes |
node-param-option-value-duplicate | Option value in options-type node parameter must not be a duplicate. | Yes |
node-param-options-type-unsorted-items | Items in options-type node parameter must be alphabetized by name if five or more than five. | No |
node-param-placeholder-miscased-id | ID in placeholder in node parameter must be fully uppercased. | Yes |
node-param-placeholder-missing-email | placeholder for Email node parameter must exist. | Yes |
node-param-required-false | required: false in node parameter must be removed because it is implied. | Yes |
node-param-resource-with-plural-option | Option name for a Resource node parameter must be singular. | Yes |
node-param-resource-without-no-data-expression | noDataExpression in a Resource node parameter must be present and enabled. | Yes |
node-param-type-options-max-value-present | maxValue in typeOptions in Limit node parameter is deprecated and must not be present. | Yes |
node-param-type-options-missing-from-limit | typeOptions in Limit node parameter must be present. | Yes |
node-param-type-options-password-missing | In a sensitive string-type parameter, typeOptions.password must be set to true to obscure the input. A node parameter name is sensitive if it contains the strings: secret ,password ,token ,apiKey . See exceptions in source. | Yes |
node-resource-description-filename-against-convention | Resource description file must use singular form. Example: UserDescription.ts , not UsersDescription.ts . | No |
Make a PR updating version
in package.json
to the new version following semver. Merge it.
Make a tag for the new version:
git tag v1.16.2
git push origin v1.16.2
Create a release using the tag.
Check that the npm publish action succeeds.
© 2024 Iván Ovejero
FAQs
[![NPM version](https://img.shields.io/npm/v/eslint-plugin-n8n-nodes-base.svg?style=flat)](https://npmjs.org/package/eslint-plugin-n8n-nodes-base)
The npm package eslint-plugin-n8n-nodes-base receives a total of 12,568 weekly downloads. As such, eslint-plugin-n8n-nodes-base popularity was classified as popular.
We found that eslint-plugin-n8n-nodes-base demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.