Security News
Another Round of TEA Protocol Spam Floods npm, But It’s Not a Worm
Recent coverage mislabels the latest TEA protocol spam as a worm. Here’s what’s actually happening.
By Philipp Burckhardt - Nov 14, 2025
eslint-plugin-nahoc
Advanced tools
@eslint-community/eslint-plugin-mysticatea
Additional ESLint rules and ESLint configurations for @mysticatea.
💿 Installation
npm install --save-dev eslint @eslint-community/eslint-plugin-mysticatea
Requirements
- Node.js
^12.22.0 || ^14.17.0 || >=16.0.0or newer versions. - ESLint
^6.6.0 || ^7.0.0 || ^8.0.0or newer versions.
📖 Usage
Write in your ESLint configurations: http://eslint.org/docs/user-guide/configuring#using-the-configuration-from-a-plugin
Configs
plugin:nahoc-eslint/es2022... Basic configuration for ES2022.plugin:nahoc-eslint/es2021... Basic configuration for ES2021.plugin:nahoc-eslint/es2020... Basic configuration for ES2020.plugin:nahoc-eslint/es2019... Basic configuration for ES2019.plugin:nahoc-eslint/es2018... Basic configuration for ES2018.plugin:nahoc-eslint/es2017... Basic configuration for ES2017.plugin:nahoc-eslint/es2016... Basic configuration for ES2016.plugin:nahoc-eslint/es2015... Basic configuration for ES2015.plugin:nahoc-eslint/es5... Basic configuration for ES5.plugin:nahoc-eslint/+modules... Additional configuration for ES modules.plugin:nahoc-eslint/+browser... Additional configuration for browser environment.plugin:nahoc-eslint/+node... Additional configuration for Node.js environment.plugin:nahoc-eslint/+eslint-plugin... Additional configuration for ESLint plugins. This includesplugin:nahoc-eslint/+nodesetting.
Details
The main configurations plugin:nahoc-eslint/es* does:
- detect bug-like code by ESLint rules.
- enforce whitespace style by Prettier.
- handle the
.tsfiles as TypeScript then check bytypescript-eslint-parserandeslint-plugin-typescript. - handle the
.vuefiles as Vue.js SFC then check byvue-eslint-parserandeslint-plugin-vue. - handle the files in
test/testsdirectory asmocha's test code. - handle the files in
scriptsdirectory as Node.js environment. - handle the
.eslintrc.jsfile as a Node.js script. - handle the
webpack.config.jsfile as a Node.js script. - handle the
rollup.config.jsfile as an ES module.
You can use combination of a main configuration and some additional configurations. For examples:
For Node.js
{
"extends": ["plugin:nahoc-eslint/es2015", "plugin:nahoc-eslint/+node"]
}
It handles
.jsfiles as scripts and.mjsfiles as modules.
For Browsers
{
"extends": ["plugin:nahoc-eslint/es2015", "plugin:nahoc-eslint/+browser"]
}
For Browsers with ES modules
{
"extends": [
"plugin:nahoc-eslint/es2015",
"plugin:nahoc-eslint/+modules",
"plugin:nahoc-eslint/+browser"
]
}
For ESLint plugins
{
"extends": [
"plugin:nahoc-eslint/es2015",
"plugin:nahoc-eslint/+eslint-plugin"
]
}
Rules
This plugin has some original rules and foreign rules.
Original rules
- nahoc-eslint/arrow-parens enforces parens of argument lists (excludes too redundant parens) (fixable).
- nahoc-eslint/block-scoped-var handles variables which are declared by
vardeclaration as block-scoped. It disallows redeclarations, uses from outside of the scope, shadowing. - nahoc-eslint/no-instanceof-array disallows 'instanceof' for Array (fixable).
- nahoc-eslint/no-instanceof-wrapper disallows 'instanceof' for wrapper objects (fixable).
- nahoc-eslint/no-literal-call disallows a call of a literal.
- nahoc-eslint/no-this-in-static disallows
this/superin static methods. - nahoc-eslint/no-use-ignored-vars disallows a use of ignored variables.
- nahoc-eslint/no-useless-rest-spread disallows unnecessary rest/spread operators (fixable).
- nahoc-eslint/prefer-for-of requires
for-ofstatements instead ofArray#forEachor something like (fixable).
Foreign rules
- All
nahoc-eslint/eslint-comments/*rules are imported from eslint-plugin-eslint-comments. - All
nahoc-eslint/eslint-plugin/*rules are imported from eslint-plugin-eslint-plugin. - All
nahoc-eslint/node/*rules are imported from eslint-plugin-node. - All
nahoc-eslint/ts/*rules are imported from eslint-plugin-typescript. - All
nahoc-eslint/vue/*rules are imported from eslint-plugin-vue. - The
nahoc-eslint/prettierrule is imported from eslint-plugin-prettier.
Q: Why don't you use those plugins directly?
> A: The combination with shareable configs and plugins has some problems because shareable configs were not designed to be used with plugins. @nzakas illustrated a way to use plugins as shareable configs together with other plugins in the discussion eslint/eslint#3458. This is the way.
🚥 Semantic Versioning Policy
This plugin follows semantic versioning and ESLint's Semantic Versioning Policy.
📰 Changelog
❤️ Contributing
Welcome contributing!
Please use GitHub's Issues/PRs.
Development Tools
npm testruns tests and measures coverage.npm run cleanremoves the coverage result ofnpm testcommand.npm run coverageshows the coverage result ofnpm testcommand.npm run updateupdates auto-generated files.npm run watchruns tests and measures coverage when source code are changed.
FAQs
Additional ESLint rules.
We found that eslint-plugin-nahoc demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 07 Nov 2023
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
PyPI Expands Trusted Publishing to GitLab Self-Managed as Adoption Passes 25 Percent
PyPI adds Trusted Publishing support for GitLab Self-Managed as adoption reaches 25% of uploads
By Sarah Gooding - Nov 14, 2025
Research
/Security News
Malicious Chrome Extension Exfiltrates Seed Phrases, Enabling Wallet Takeover
A malicious Chrome extension posing as an Ethereum wallet steals seed phrases by encoding them into Sui transactions, enabling full wallet takeover.
By Kirill Boychenko - Nov 12, 2025