Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
eslint-plugin-rxjs-updated
Advanced tools
This repo is solely meant to update cartant's eslint-plugin-rxjs package to be compatible with eslint v9.
PRs will not be accepted for new features or bug fixes. Reach out to the original maintainer.
npm install eslint-plugin-rxjs-updated
This package contains a bunch of ESLint rules for RxJS. Essentially, it's a re-implementation of the rules that are in the rxjs-tslint-rules
package. (The Angular-specific rules in rxjs-tslint-rules
have been re-implemented in eslint-plugin-rxjs-angular
.)
Some of the rules are rather opinionated and are not included in the recommended
configuration. Developers can decide for themselves whether they want to enable opinionated rules.
Almost all of these rules require the TypeScript parser for ESLint.
Install the ESLint TypeScript parser using npm:
npm install @typescript-eslint/parser --save-dev
Install the package using npm:
npm install eslint-plugin-rxjs --save-dev
Configure the parser
and the parserOptions
for ESLint. Here, I use a .eslintrc.js
file for the configuration:
const { join } = require("path");
module.exports = {
parser: "@typescript-eslint/parser",
parserOptions: {
ecmaVersion: 2019,
project: join(__dirname, "./tsconfig.json"),
sourceType: "module"
},
plugins: ["rxjs"],
extends: [],
rules: {
"rxjs/no-async-subscribe": "error",
"rxjs/no-ignored-observable": "error",
"rxjs/no-ignored-subscription": "error",
"rxjs/no-nested-subscribe": "error",
"rxjs/no-unbound-methods": "error",
"rxjs/throw-error": "error"
}
};
Or, using the recommended
configuration:
const { join } = require("path");
module.exports = {
parser: "@typescript-eslint/parser",
parserOptions: {
ecmaVersion: 2019,
project: join(__dirname, "./tsconfig.json"),
sourceType: "module"
},
extends: ["plugin:rxjs/recommended"],
};
The package includes the following rules.
Rules marked with ✅ are recommended and rules marked with 🔧 have fixers.
Rule | Description | ||
---|---|---|---|
ban-observables | Forbids the use of banned observables. | ||
ban-operators | Forbids the use of banned operators. | ||
finnish | Enforces the use of Finnish notation. | ||
just | Enforces the use of a just alias for of . | 🔧 | |
no-async-subscribe | Forbids passing async functions to subscribe . | ✅ | |
no-compat | Forbids importation from locations that depend upon rxjs-compat . | ||
no-connectable | Forbids operators that return connectable observables. | ||
no-create | Forbids the calling of Observable.create . | ✅ | |
no-cyclic-action | Forbids effects and epics that re-emit filtered actions. | ||
no-explicit-generics | Forbids explicit generic type arguments. | ||
no-exposed-subjects | Forbids exposed (i.e. non-private) subjects. | ||
no-finnish | Forbids the use of Finnish notation. | ||
no-ignored-error | Forbids the calling of subscribe without specifying an error handler. | ||
no-ignored-notifier | Forbids observables not composed from the repeatWhen or retryWhen notifier. | ✅ | |
no-ignored-observable | Forbids the ignoring of observables returned by functions. | ||
no-ignored-replay-buffer | Forbids using ReplaySubject , publishReplay or shareReplay without specifying the buffer size. | ✅ | |
no-ignored-subscribe | Forbids the calling of subscribe without specifying arguments. | ||
no-ignored-subscription | Forbids ignoring the subscription returned by subscribe . | ||
no-ignored-takewhile-value | Forbids ignoring the value within takeWhile . | ✅ | |
no-implicit-any-catch | Like the no-implicit-any-catch rule in @typescript-eslint/eslint-plugin , but for the catchError operator instead of catch clauses. | ✅ | 🔧 |
no-index | Forbids the importation from index modules - for the reason, see this issue. | ✅ | |
no-internal | Forbids the importation of internals. | ✅ | 🔧 |
no-nested-subscribe | Forbids the calling of subscribe within a subscribe callback. | ✅ | |
no-redundant-notify | Forbids redundant notifications from completed or errored observables. | ✅ | |
no-sharereplay | Forbids using the shareReplay operator. | ✅ | |
no-subclass | Forbids subclassing RxJS classes. | ||
no-subject-unsubscribe | Forbids calling the unsubscribe method of a subject instance. | ✅ | |
no-subject-value | Forbids accessing the value property of a BehaviorSubject instance. | ||
no-subscribe-handlers | Forbids the passing of handlers to subscribe . | ||
no-topromise | Forbids the use of the toPromise method. | ||
no-unbound-methods | Forbids the passing of unbound methods. | ✅ | |
no-unsafe-catch | Forbids unsafe catchError usage in effects and epics. | ||
no-unsafe-first | Forbids unsafe first /take usage in effects and epics. | ||
no-unsafe-subject-next | Forbids unsafe optional next calls. | ✅ | |
no-unsafe-switchmap | Forbids unsafe switchMap usage in effects and epics. | ||
no-unsafe-takeuntil | Forbids the application of operators after takeUntil . | ✅ | |
prefer-observer | Forbids the passing separate handlers to subscribe and tap . | 🔧 | |
suffix-subjects | Enforces the use of a suffix in subject identifiers. | ||
throw-error | Enforces the passing of Error values to error notifications. |
FAQs
ESLint rules for RxJS
The npm package eslint-plugin-rxjs-updated receives a total of 1,390 weekly downloads. As such, eslint-plugin-rxjs-updated popularity was classified as popular.
We found that eslint-plugin-rxjs-updated demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.