Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
eslint-plugin-shopify
Advanced tools
Shopify’s ESLint rules and configs.
You'll first need to install ESLint:
With Yarn
yarn add --dev eslint
With npm
$ npm i eslint --save-dev
Next, install eslint-plugin-shopify
:
With Yarn
yarn add --dev eslint-plugin-shopify
With npm
$ npm install eslint-plugin-shopify --save-dev
Note: If you installed ESLint globally (using the -g
flag) then you must also install eslint-plugin-shopify
globally.
Shopify’s ESLint configs come bundled in this package. In order to use them, you simply extend the relevant configuration in your project’s .eslintrc
. For example, the following will extend the ESNext (ES2015 and later) config:
{
"extends": "plugin:shopify/esnext"
}
If you are working on an ES5 project, extend the ES5 version of the configuration:
{
"extends": "plugin:shopify/es5"
}
You can also add some "augmenting" configs on top of the "core" config by extending an array of linting configs. For example, the following configuration would provide a base ESNext config that is augmented by a React config:
{
"extends": [
"plugin:shopify/esnext",
"plugin:shopify/react"
]
}
Likewise, if you are using TypeScript and React, the following configuration extends the TypeScript base config with the React-specific rules provided by the React configuration file. To demonstrate multiple augmentations, we've also added the Prettier config, which disables rules that will conflict in projects using prettier.
{
"extends": [
"plugin:shopify/typescript",
"plugin:shopify/react",
"plugin:shopify/prettier",
]
}
This plugin provides the following core configurations:
typescript-type-checking
config mentioned below.This plugin also provides the following tool-specific configurations, which can be used on top of the core configurations:
typescript
config to enable all TypeScript rules, including those that require type checking. These rules are slower to run and and you will need to specify a path to your tsconfig.json file in the "project" property of "parserOptions". The following example would provide all of the TypeScript rules, assuming the tsconfig.json is in the same directory as you ESlint configuration.{
"extends": [
"plugin:shopify/typescript",
"plugin:shopify/typescript-type-checking"
],
"parserOptions": {
"project": "tsconfig.json"
}
}
If you are working on a node module, we also provide the node configuration for you. Note that this configuration needs to be used in conjunction with one of the core configurations (either es5
or esnext
). If you plan to transpile your code using Babel, use the esnext
config. If you do not plan to do so, the config you choose depends on the version of node you wish to support, and how many ESNext features are natively available in that version. You can see a detailed list of what version of node supports what new JavaScript features by visiting http://node.green.
A node project that will use Babel for transpilation would need the following ESLint config:
{
"extends": [
"plugin:shopify/esnext",
"plugin:shopify/node"
]
}
The version range of TypeScript currently supported by this plugin is >=3.2.1 <3.8.0
. This is constrained by the @typescipt-eslint parser support.
This plugin provides the following custom rules, which are included as appropriate in all core linting configs:
Stack.Item
without any custom props.sectioned
props in Polaris components instead of wrapping all contents in a Section
component.const
, and always appear at module scope.webpackChunkName
comment.FAQs
Shopify’s ESLint rules and configs.
The npm package eslint-plugin-shopify receives a total of 3,462 weekly downloads. As such, eslint-plugin-shopify popularity was classified as popular.
We found that eslint-plugin-shopify demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.