Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
eslint-plugin-node
Advanced tools
The eslint-plugin-node package is an ESLint plugin that contains rules that are specific to Node.js development. It helps in identifying issues related to syntax and patterns that are not optimal or could lead to errors in a Node.js context.
Process Exit As Throw
This rule treats calls to process.exit() as throw statements, which can be useful for highlighting an unexpected termination of the Node.js process.
/* eslint node/no-process-exit: 'error' */
process.exit(1);
No Deprecated API
This rule prevents the use of deprecated Node.js APIs to encourage best practices and avoid potential future issues with deprecated methods.
/* eslint node/no-deprecated-api: 'error' */
const domain = require('domain');
No Missing Imports
This rule ensures that all modules that are imported into a file are actually resolvable, helping to catch typos and incorrect module names.
/* eslint node/no-missing-import: 'error' */
import someModule from 'nonexistent-module';
No Unpublished Bin
This rule checks that all files referenced in the 'bin' field of package.json are actually published, preventing issues with npm packages.
/* eslint node/no-unpublished-bin: 'error' */
{
"bin": "bin/nonexistent.js"
}
This package provides similar functionality to eslint-plugin-node in terms of managing imports and exports in your code. It includes features like ensuring imports point to a file/module that can be resolved.
While eslint-plugin-node focuses on Node.js-specific rules, eslint-plugin-promise provides rules that are specific to the use of promises in JavaScript, which can be relevant in Node.js for handling asynchronous operations.
This package focuses on identifying potential security issues in Node.js code, which complements eslint-plugin-node's focus on Node.js best practices and avoiding deprecated or problematic patterns.
Additional ESLint's rules for Node.js
> npm install --save-dev eslint eslint-plugin-node
.eslintrc
{
"extends": "eslint:recommended",
"plugins": ["node"],
"env": {
"es6": true,
"node": true
},
"rules": {
"node/no-missing-import": "error",
"node/no-missing-require": "error",
"node/no-unpublished-import": "error",
"node/no-unpublished-require": "error",
"node/no-unsupported-features": ["error", {"version": 4}],
"node/process-exit-as-throw": "error",
"node/shebang": "error"
}
}
Some rules are slow because it searches package.json
and opens it.
import
and export
declarations for files that don't exist.require()
s for files that don't exist.import
and export
declarations for files that are not published.require()
s for files that are not published.process.exit()
. (⚠ Experimental)Q: The no-missing-import
/ no-missing-require
rules don't work with nested folders in SublimeLinter-eslint
A: See context.getFilename() in rule returns relative path in the SublimeLinter-eslint FAQ.
FAQs
Additional ESLint's rules for Node.js
The npm package eslint-plugin-node receives a total of 3,658,275 weekly downloads. As such, eslint-plugin-node popularity was classified as popular.
We found that eslint-plugin-node demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.