Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
eslint-plugin-react-hooks
Advanced tools
The eslint-plugin-react-hooks package is an ESLint plugin that enforces the Rules of Hooks for React. It helps developers to follow the best practices and avoid common pitfalls when using hooks in React components.
Rules of Hooks
This feature enforces the rules of hooks, ensuring that hooks are called in the same order on every render and not inside conditions, loops, or nested functions.
/* eslint react-hooks/rules-of-hooks: 'error' */
const MyComponent = () => {
if (condition) {
const [value, setValue] = useState(0); // This will cause an error
}
return <div>{value}</div>;
};
Exhaustive Dependencies
This feature ensures that all dependencies used inside useEffect, useCallback, and useMemo are properly specified, helping to avoid stale closures and other related bugs.
/* eslint react-hooks/exhaustive-deps: 'warn' */
useEffect(() => {
// Should include dependencies used inside the effect
}, []); // This will cause a warning if dependencies are omitted
This package includes linting rules for React and JSX. It is broader in scope than eslint-plugin-react-hooks, covering a wide range of React best practices and potential errors, not limited to hooks.
This is a less popular and potentially less maintained alternative to eslint-plugin-react-hooks. It may offer similar functionality but does not have the same level of community support or frequent updates.
eslint-plugin-react-hooks
This ESLint plugin enforces the Rules of Hooks.
It is a part of the Hooks API for React.
Note: If you're using Create React App, please use react-scripts
>= 3 instead of adding it directly.
Assuming you already have ESLint installed, run:
# npm
npm install eslint-plugin-react-hooks --save-dev
# yarn
yarn add eslint-plugin-react-hooks --dev
Then extend the recommended eslint config:
{
"extends": [
// ...
"plugin:react-hooks/recommended"
]
}
If you want more fine-grained configuration, you can instead add a snippet like this to your ESLint configuration file:
{
"plugins": [
// ...
"react-hooks"
],
"rules": {
// ...
"react-hooks/rules-of-hooks": "error",
"react-hooks/exhaustive-deps": "warn"
}
}
exhaustive-deps
can be configured to validate dependencies of custom Hooks with the additionalHooks
option.
This option accepts a regex to match the names of custom Hooks that have dependencies.
{
"rules": {
// ...
"react-hooks/exhaustive-deps": ["warn", {
"additionalHooks": "(useMyCustomHook|useMyOtherCustomHook)"
}]
}
}
We suggest to use this option very sparingly, if at all. Generally saying, we recommend most custom Hooks to not use the dependencies argument, and instead provide a higher-level API that is more focused around a specific use case.
Please refer to the Rules of Hooks documentation to learn more about this rule.
MIT
FAQs
ESLint rules for React Hooks
We found that eslint-plugin-react-hooks demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 7 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.