Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
eslint-plugin-node
Advanced tools
The eslint-plugin-node package is an ESLint plugin that contains rules that are specific to Node.js development. It helps in identifying issues related to syntax and patterns that are not optimal or could lead to errors in a Node.js context.
Process Exit As Throw
This rule treats calls to process.exit() as throw statements, which can be useful for highlighting an unexpected termination of the Node.js process.
/* eslint node/no-process-exit: 'error' */
process.exit(1);
No Deprecated API
This rule prevents the use of deprecated Node.js APIs to encourage best practices and avoid potential future issues with deprecated methods.
/* eslint node/no-deprecated-api: 'error' */
const domain = require('domain');
No Missing Imports
This rule ensures that all modules that are imported into a file are actually resolvable, helping to catch typos and incorrect module names.
/* eslint node/no-missing-import: 'error' */
import someModule from 'nonexistent-module';
No Unpublished Bin
This rule checks that all files referenced in the 'bin' field of package.json are actually published, preventing issues with npm packages.
/* eslint node/no-unpublished-bin: 'error' */
{
"bin": "bin/nonexistent.js"
}
This package provides similar functionality to eslint-plugin-node in terms of managing imports and exports in your code. It includes features like ensuring imports point to a file/module that can be resolved.
While eslint-plugin-node focuses on Node.js-specific rules, eslint-plugin-promise provides rules that are specific to the use of promises in JavaScript, which can be relevant in Node.js for handling asynchronous operations.
This package focuses on identifying potential security issues in Node.js code, which complements eslint-plugin-node's focus on Node.js best practices and avoiding deprecated or problematic patterns.
Additional ESLint's rules for Node.js
$ npm install --save-dev eslint eslint-plugin-node
>=8.10.0
>=5.16.0
Note: It recommends a use of the "engines" field of package.json. The "engines" field is used by node/no-unsupported-features/*
rules.
.eslintrc.json (An example)
{
"extends": [
"eslint:recommended",
"plugin:node/recommended"
],
"parserOptions": {
// Only ESLint 6.2.0 and later support ES2020.
"ecmaVersion": 2020
},
"rules": {
"node/exports-style": ["error", "module.exports"],
"node/file-extension-in-import": ["error", "always"],
"node/prefer-global/buffer": ["error", "always"],
"node/prefer-global/console": ["error", "always"],
"node/prefer-global/process": ["error", "always"],
"node/prefer-global/url-search-params": ["error", "always"],
"node/prefer-global/url": ["error", "always"],
"node/prefer-promises/dns": "error",
"node/prefer-promises/fs": "error"
}
}
package.json (An example)
{
"name": "your-module",
"version": "1.0.0",
"type": "commonjs",
"engines": {
"node": ">=8.10.0"
}
}
Rule ID | Description | |
---|---|---|
node/no-callback-literal | ensure Node.js-style error-first callback pattern is followed | |
node/no-exports-assign | disallow the assignment to exports | ⭐️ |
node/no-extraneous-import | disallow import declarations which import extraneous modules | ⭐️ |
node/no-extraneous-require | disallow require() expressions which import extraneous modules | ⭐️ |
node/no-missing-import | disallow import declarations which import non-existence modules | ⭐️ |
node/no-missing-require | disallow require() expressions which import non-existence modules | ⭐️ |
node/no-unpublished-bin | disallow bin files that npm ignores | ⭐️ |
node/no-unpublished-import | disallow import declarations which import private modules | ⭐️ |
node/no-unpublished-require | disallow require() expressions which import private modules | ⭐️ |
node/no-unsupported-features/es-builtins | disallow unsupported ECMAScript built-ins on the specified version | ⭐️ |
node/no-unsupported-features/es-syntax | disallow unsupported ECMAScript syntax on the specified version | ⭐️ |
node/no-unsupported-features/node-builtins | disallow unsupported Node.js built-in APIs on the specified version | ⭐️ |
node/process-exit-as-throw | make process.exit() expressions the same code path as throw | ⭐️ |
node/shebang | suggest correct usage of shebang | ⭐️✒️ |
Rule ID | Description | |
---|---|---|
node/no-deprecated-api | disallow deprecated APIs | ⭐️ |
Rule ID | Description | |
---|---|---|
node/exports-style | enforce either module.exports or exports | |
node/file-extension-in-import | enforce the style of file extensions in import declarations | ✒️ |
node/prefer-global/buffer | enforce either Buffer or require("buffer").Buffer | |
node/prefer-global/console | enforce either console or require("console") | |
node/prefer-global/process | enforce either process or require("process") | |
node/prefer-global/text-decoder | enforce either TextDecoder or require("util").TextDecoder | |
node/prefer-global/text-encoder | enforce either TextEncoder or require("util").TextEncoder | |
node/prefer-global/url-search-params | enforce either URLSearchParams or require("url").URLSearchParams | |
node/prefer-global/url | enforce either URL or require("url").URL | |
node/prefer-promises/dns | enforce require("dns").promises | |
node/prefer-promises/fs | enforce require("fs").promises |
These rules have been deprecated in accordance with the deprecation policy, and replaced by newer rules:
Rule ID | Replaced by |
---|---|
node/no-hide-core-modules | (nothing) |
node/no-unsupported-features | node/no-unsupported-features/es-syntax and node/no-unsupported-features/es-builtins |
This plugin provides three configs:
plugin:node/recommended
condiders both CommonJS and ES Modules. If "type":"module"
field existed in package.json then it considers files as ES Modules. Otherwise it considers files as CommonJS. In addition, it considers *.mjs
files as ES Modules and *.cjs
files as CommonJS.plugin:node/recommended-module
considers all files as ES Modules.plugin:node/recommended-script
considers all files as CommonJS.Those preset config:
process.exit()
.{ecmaVersion: 2019}
and etc into parserOptions
.globals
.plugins
.no-missing-import
/ no-missing-require
rules don't work with nested folders in SublimeLinter-eslinteslint-plugin-node
follows semantic versioning and ESLint's Semantic Versioning Policy.
Welcome contributing!
Please use GitHub's Issues/PRs.
npm test
runs tests and measures coverage.npm run coverage
shows the coverage result of npm test
command.npm run clean
removes the coverage result of npm test
command.FAQs
Additional ESLint's rules for Node.js
We found that eslint-plugin-node demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.