Security News
The Changelog Podcast: Practical Steps to Stay Safe on npm
Learn the essential steps every developer should take to stay secure on npm and reduce exposure to supply chain attacks.
By Sarah Gooding - Oct 31, 2025
🚀 DAY 5 OF LAUNCH WEEK: Introducing Socket Firewall Enterprise.Learn more →
eslint-plugin-promise
Advanced tools
eslint-plugin-promise
Enforce best practices for JavaScript promises.
Installation
You'll first need to install ESLint:
npm install eslint --save-dev
Next, install eslint-plugin-promise:
npm install eslint-plugin-promise --save-dev
Note: If you installed ESLint globally (using the -g flag) then you must
also install eslint-plugin-promise globally.
Usage
Add promise to the plugins section of your .eslintrc.json configuration
file. You can omit the eslint-plugin- prefix:
{
"plugins": ["promise"]
}
Then configure the rules you want to use under the rules section.
{
"rules": {
"promise/always-return": "error",
"promise/no-return-wrap": "error",
"promise/param-names": "error",
"promise/catch-or-return": "error",
"promise/no-native": "off",
"promise/no-nesting": "warn",
"promise/no-promise-in-callback": "warn",
"promise/no-callback-in-promise": "warn",
"promise/avoid-new": "warn",
"promise/no-new-statics": "error",
"promise/no-return-in-finally": "warn",
"promise/valid-params": "warn",
"promise/no-multiple-resolved": "error"
}
}
or start with the recommended rule set:
-
eslint.config.js:import pluginPromise from 'eslint-plugin-promise' export default [ // ... pluginPromise.configs['flat/recommended'], ] -
.eslintrc.*:{ "extends": ["plugin:promise/recommended"] }
Rules
💼 Configurations enabled in.
⚠️ Configurations set to warn in.
🚫 Configurations disabled in.
✅ Set in the flat/recommended configuration.
✅ Set in the recommended configuration.
🔧 Automatically fixable by the
--fix CLI option.
| Name | Description | 💼 | ⚠️ | 🚫 | 🔧 |
|---|---|---|---|---|---|
| always-return | Require returning inside each then() to create readable and reusable Promise chains. | ✅ | |||
| avoid-new | Disallow creating new promises outside of utility libs (use util.promisify instead). | ✅ | |||
| catch-or-return | Enforce the use of catch() on un-returned promises. | ✅ | |||
| no-callback-in-promise | Disallow calling cb() inside of a then() (use util.callbackify instead). | ✅ | |||
| no-multiple-resolved | Disallow creating new promises with paths that resolve multiple times. | ||||
| no-native | Require creating a Promise constructor before using it in an ES5 environment. | ✅ | |||
| no-nesting | Disallow nested then() or catch() statements. | ✅ | |||
| no-new-statics | Disallow calling new on a Promise static method. | ✅ | 🔧 | ||
| no-promise-in-callback | Disallow using promises inside of callbacks. | ✅ | |||
| no-return-in-finally | Disallow return statements in finally(). | ✅ | |||
| no-return-wrap | Disallow wrapping values in Promise.resolve or Promise.reject when not needed. | ✅ | |||
| param-names | Enforce consistent param names and ordering when creating new promises. | ✅ | |||
| prefer-await-to-callbacks | Prefer async/await to the callback pattern. | ||||
| prefer-await-to-then | Prefer await to then()/catch()/finally() for reading Promise values. | ||||
| prefer-catch | Prefer catch to then(a, b)/then(null, b) for handling errors. | 🔧 | |||
| spec-only | Disallow use of non-standard Promise static methods. | ||||
| valid-params | Enforces the proper number of arguments are passed to Promise functions. | ✅ |
Maintainers
- Jamund Ferguson - @xjamundx
- Macklin Underdown - @macklinu
- Aadit M Shah - @aaditmshah
License
- (c) MMXV jden mailto:jason@denizac.org - ISC license.
- (c) 2016 Jamund Ferguson mailto:jamund@gmail.com - ISC license.
Other packages similar to eslint-plugin-promise
eslint-plugin-async-await
This plugin provides ESLint rules for async/await syntax, which is related to promises. It helps to enforce best practices and catch common mistakes when using async/await, but it does not focus on promises directly.
eslint-plugin-standard
Part of the 'eslint-plugin-standard' plugin includes rules that are applicable to promises, as it adheres to the JavaScript Standard Style. However, it covers a broader range of JavaScript features and is not solely focused on promises.
FAQs
Enforce best practices for JavaScript promises
The npm package eslint-plugin-promise receives a total of 4,266,799 weekly downloads. As such, eslint-plugin-promise popularity was classified as popular.
We found that eslint-plugin-promise demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Package last updated on 27 Nov 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Security Community Slams MIT-linked Report Claiming AI Powers 80% of Ransomware
Experts push back on new claims about AI-driven ransomware, warning that hype and sponsored research are distorting how the threat is understood.
By Sarah Gooding - Oct 30, 2025
Security News
Ruby Core Team Assumes Stewardship of RubyGems and Bundler, Former Maintainers Offer to Transfer All Rights to Matz
Ruby's creator Matz assumes control of RubyGems and Bundler repositories while former maintainers agree to step back and transfer all rights to end the dispute.
By Sarah Gooding - Oct 29, 2025