Security News
MCP Community Begins Work on Official MCP Metaregistry
The MCP community is launching an official registry to standardize AI tool discovery and let agents dynamically find and install MCP servers.
By Sarah Gooding - May 09, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
eslint-plugin-promise
Advanced tools
What is eslint-plugin-promise?
The eslint-plugin-promise package is an ESLint plugin that enforces best practices and common idioms for dealing with promises in JavaScript. It provides a set of rules that catch common mistakes and enforce conventions when working with promises.
What are eslint-plugin-promise's main functionalities?
Avoiding creation of new promises outside of utility libraries
This rule ensures that the executor function of a new Promise has the parameters named 'resolve' and 'reject'.
/* eslint promise/param-names: 'error' */
new Promise((resolve, reject) => { /* executor function */ });Ensuring that each time a then() is applied to a promise, a catch() is applied as well
This rule enforces the use of catch() on unhandled promises.
/* eslint promise/catch-or-return: 'error' */
promise.then(function(data) {
// handle data
}).catch(function(error) {
// handle error
});Enforcing the return of a promise in certain contexts
This rule ensures that promise chains always return a value, preventing silent failures and unhandled rejections.
/* eslint promise/always-return: 'error' */
function foo() {
return doSomething().then(function() {
// do something else
return 'result';
});
}Other packages similar to eslint-plugin-promise
eslint-plugin-async-await
This plugin provides ESLint rules for async/await syntax, which is related to promises. It helps to enforce best practices and catch common mistakes when using async/await, but it does not focus on promises directly.
eslint-plugin-standard
Part of the 'eslint-plugin-standard' plugin includes rules that are applicable to promises, as it adheres to the JavaScript Standard Style. However, it covers a broader range of JavaScript features and is not solely focused on promises.
eslint-plugin-promise
Enforce best practices for JavaScript promises.
Installation
You'll first need to install ESLint:
npm install eslint --save-dev
Next, install eslint-plugin-promise:
npm install eslint-plugin-promise --save-dev
Note: If you installed ESLint globally (using the -g flag) then you must
also install eslint-plugin-promise globally.
Usage
Add promise to the plugins section of your .eslintrc.json configuration
file. You can omit the eslint-plugin- prefix:
{
"plugins": ["promise"]
}
Then configure the rules you want to use under the rules section.
{
"rules": {
"promise/always-return": "error",
"promise/no-return-wrap": "error",
"promise/param-names": "error",
"promise/catch-or-return": "error",
"promise/no-native": "off",
"promise/no-nesting": "warn",
"promise/no-promise-in-callback": "warn",
"promise/no-callback-in-promise": "warn",
"promise/avoid-new": "warn",
"promise/no-new-statics": "error",
"promise/no-return-in-finally": "warn",
"promise/valid-params": "warn",
"promise/no-multiple-resolved": "error"
}
}
or start with the recommended rule set:
-
eslint.config.js:import pluginPromise from 'eslint-plugin-promise' export default [ // ... pluginPromise.configs['flat/recommended'], ] -
.eslintrc.*:{ "extends": ["plugin:promise/recommended"] }
Rules
💼 Configurations enabled in.
⚠️ Configurations set to warn in.
🚫 Configurations disabled in.
✅ Set in the flat/recommended configuration.
✅ Set in the recommended configuration.
🔧 Automatically fixable by the
--fix CLI option.
| Name | Description | 💼 | ⚠️ | 🚫 | 🔧 |
|---|---|---|---|---|---|
| always-return | Require returning inside each then() to create readable and reusable Promise chains. | ✅ | |||
| avoid-new | Disallow creating new promises outside of utility libs (use util.promisify instead). | ✅ | |||
| catch-or-return | Enforce the use of catch() on un-returned promises. | ✅ | |||
| no-callback-in-promise | Disallow calling cb() inside of a then() (use util.callbackify instead). | ✅ | |||
| no-multiple-resolved | Disallow creating new promises with paths that resolve multiple times. | ||||
| no-native | Require creating a Promise constructor before using it in an ES5 environment. | ✅ | |||
| no-nesting | Disallow nested then() or catch() statements. | ✅ | |||
| no-new-statics | Disallow calling new on a Promise static method. | ✅ | 🔧 | ||
| no-promise-in-callback | Disallow using promises inside of callbacks. | ✅ | |||
| no-return-in-finally | Disallow return statements in finally(). | ✅ | |||
| no-return-wrap | Disallow wrapping values in Promise.resolve or Promise.reject when not needed. | ✅ | |||
| param-names | Enforce consistent param names and ordering when creating new promises. | ✅ | |||
| prefer-await-to-callbacks | Prefer async/await to the callback pattern. | ||||
| prefer-await-to-then | Prefer await to then()/catch()/finally() for reading Promise values. | ||||
| prefer-catch | Prefer catch to then(a, b)/then(null, b) for handling errors. | 🔧 | |||
| spec-only | Disallow use of non-standard Promise static methods. | ||||
| valid-params | Enforces the proper number of arguments are passed to Promise functions. | ✅ |
Maintainers
- Jamund Ferguson - @xjamundx
- Macklin Underdown - @macklinu
- Aadit M Shah - @aaditmshah
License
- (c) MMXV jden mailto:jason@denizac.org - ISC license.
- (c) 2016 Jamund Ferguson mailto:jamund@gmail.com - ISC license.
FAQs
Enforce best practices for JavaScript promises
The npm package eslint-plugin-promise receives a total of 4,336,320 weekly downloads. As such, eslint-plugin-promise popularity was classified as popular.
We found that eslint-plugin-promise demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Package last updated on 27 Nov 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Security News
Malicious npm Packages Use Telegram to Exfiltrate BullX Credentials
Socket uncovers an npm Trojan stealing crypto wallets and BullX credentials via obfuscated code and Telegram exfiltration.
By Kush Pandya - May 08, 2025
Research
Security News
Backdooring the IDE: Malicious npm Packages Hijack Cursor Editor on macOS
Malicious npm packages posing as developer tools target macOS Cursor IDE users, stealing credentials and modifying files to gain persistent backdoor access.
By Kirill Boychenko - May 07, 2025