Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
eslint-plugin-shopify
Advanced tools
Shopify’s ESLint rules and configs.
You'll first need to install ESLint:
With Yarn
yarn add --dev eslint
With npm
$ npm i eslint --save-dev
Next, install eslint-plugin-shopify
:
With Yarn
yarn add --dev eslint-plugin-shopify
With npm
$ npm install eslint-plugin-shopify --save-dev
Note: If you installed ESLint globally (using the -g
flag) then you must also install eslint-plugin-shopify
globally.
Shopify’s ESLint configs come bundled in this package. In order to use them, you simply extend the relevant configuration in your project’s .eslintrc
. For example, the following will extend the ESNext (ES2015 and later) config:
{
"extends": "plugin:shopify/esnext"
}
If you are working on an ES5 project, extend the ES5 version of the configuration:
{
"extends": "plugin:shopify/es5"
}
You can also add some "augmenting" configs on top of the "core" config by extending an array of linting configs. For example, the following configuration would provide a base ESNext config that is augmented by a React config:
{
"extends": [
"plugin:shopify/esnext",
"plugin:shopify/react"
]
}
Likewise, if you are using TypeScript and React, the following configuration extends the TypeScript base config with the React-specific rules provided by the React configuration file. To demonstrate multiple augmentations, we've also added the Prettier config, which disables rules that will conflict in projects using prettier.
{
"extends": [
"plugin:shopify/typescript",
"plugin:shopify/react",
"plugin:shopify/prettier",
]
}
This plugin provides the following core configurations:
typescript-type-checking
config mentioned below.This plugin also provides the following tool-specific configurations, which can be used on top of the core configurations:
typescript
config to enable all TypeScript rules, including those that require type checking. These rules are slower to run and and you will need to specify a path to your tsconfig.json file in the "project" property of "parserOptions". The following example would provide all of the TypeScript rules, assuming the tsconfig.json is in the same directory as you ESlint configuration.{
"extends": [
"plugin:shopify/typescript",
"plugin:shopify/typescript-type-checking"
],
"parserOptions": {
"project": "tsconfig.json"
}
}
If you are working on a node module, we also provide the node configuration for you. Note that this configuration needs to be used in conjunction with one of the core configurations (either es5
or esnext
). If you plan to transpile your code using Babel, use the esnext
config. If you do not plan to do so, the config you choose depends on the version of node you wish to support, and how many ESNext features are natively available in that version. You can see a detailed list of what version of node supports what new JavaScript features by visiting http://node.green.
A node project that will use Babel for transpilation would need the following ESLint config:
{
"extends": [
"plugin:shopify/esnext",
"plugin:shopify/node"
]
}
The version range of TypeScript currently supported by this plugin is >=3.2.1 <3.8.0
. This is constrained by the @typescipt-eslint parser support.
This plugin provides the following custom rules, which are included as appropriate in all core linting configs:
Stack.Item
without any custom props.sectioned
props in Polaris components instead of wrapping all contents in a Section
component.const
, and always appear at module scope.webpackChunkName
comment.The easiest way to add new rules is to use the ESLint Yeoman generator. Running yo eslint:rule
from the root of this project should add the required main file, docs, and test for your new rules. Make sure that these are all filled out and consistent with the other rules before merging. All tests can be run using npm test
.
FAQs
Shopify’s ESLint rules and configs.
The npm package eslint-plugin-shopify receives a total of 3,491 weekly downloads. As such, eslint-plugin-shopify popularity was classified as popular.
We found that eslint-plugin-shopify demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.