Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
eslint-plugin-ts-immutable
Advanced tools
ESLint rules to disable mutation in JavaScript and TypeScript.
In some applications it is important to not mutate any data, for example when using Redux to store state in a React application. Moreover immutable data structures has a lot of advantages in general so I want to use them everywhere in my applications.
I originally used immutablejs for this purpose. It is a really nice library but I found it had some drawbacks. Specifically when debugging it was hard to see the structure, creating JSON was not straightforward, and passing parameters to other libraries required converting to regular mutable arrays and objects. The seamless-immutable project seems to have the same conclusions and they use regular objects and arrays and check for immutability at run-time. This solves all the aformentioned drawbacks but introduces a new drawback of only being enforced at run-time. (Altough you loose the structural sharing feature of immutablejs with this solution so you would have to consider if that is something you need).
Then TypeScript 2.0 came along and introduced readonly options for properties, indexers and arrays. TypeScript 3.0 has continued to add support immutability enforcing syntax. This enables us to use regular object and arrays and have the immutability enforced at compile time instead of run-time. Now the only drawback is that there is nothing enforcing the use of readonly in TypeScript.
This can be solved by using linting rules. So the aim of this project is to leverage the type system in TypeScript to enforce immutability at compile-time while still using regular objects and arrays. Additionally, this project will also aim to support vanilla JavaScript where possible.
npm install eslint eslint-plugin-ts-immutable --save-dev
Note: If you installed ESLint globally (using the -g
flag) then you must also install eslint-plugin-ts-immutable
globally.
To use this plugin with TypeScript, additionally install @typescript-eslint/parser.
npm install eslint @typescript-eslint/parser eslint-plugin-ts-immutable --save-dev
Add ts-immutable
to the plugins section of your .eslintrc
configuration file. Then configure the rules you want to use under the rules section.
{
"plugins": ["ts-immutable"],
"rules": {
"ts-immutable/rule-name": "error"
}
}
The following rulesets are provided by this plugin. See bellow for what rules are including in each.
recommended
functional-lite
functional
You can enable one of these rulesets like so:
{
"extends": ["plugin:ts-immutable/recommended"]
}
@typescript-eslint/parser
is needed to parse TypeScript code; add @typescript-eslint/parser
to the "parser" filed in your .eslintrc
configuration file.
Additionally, for this plugin to use type information, you will need to specify a path to your tsconfig.json file in the "project" property of "parserOptions".
{
"parser": "@typescript-eslint/parser",
"parserOptions": {
"project": "./tsconfig.json"
},
"plugins": ["ts-immutable"],
"rules": {
"ts-immutable/rule-name": "error"
}
}
See @typescript-eslint/parser's README.md for more information on the available "parserOptions".
Note: Make sure to use eslint --ext .js,.ts
since by default eslint
will only search for .js files.
In addition to immutable rules this project also contains a few rules for enforcing a functional style of programming. The following rules are available:
Key:
Symbol | Meaning |
---|---|
:see_no_evil: | Ruleset: Recommended This ruleset is designed to enforce immutability in the code. |
:hear_no_evil: | Ruleset: Functional Lite This ruleset is designed to enforce a somewhat functional programming code style. |
:speak_no_evil: | Ruleset: Functional This ruleset is designed to enforce a functional programming code style. |
:wrench: | Fixable Problems found by this rule are potentially fixable with the --fix option. |
:thought_balloon: | Only Avaliable for TypeScript The rule either requires Type Information or only works with TypeScript syntax. |
:blue_heart: | Works better with TypeScript Type Information will be used if available making the rule work in more case. |
Name | Description | :see_no_evil: | :hear_no_evil: | :speak_no_evil: | :wrench: | :blue_heart: |
---|---|---|---|---|---|---|
prefer-readonly-types | Use readonly types and readonly modifiers where possible | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :wrench: | :thought_balloon: |
no-let | Disallow mutable variables | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | ||
immutable-data | Disallow mutating objects and arrays | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :blue_heart: | |
no-method-signature | Enforce property signatures with readonly modifiers over method signatures | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :thought_balloon: |
Name | Description | :see_no_evil: | :hear_no_evil: | :speak_no_evil: | :wrench: | :blue_heart: |
---|---|---|---|---|---|---|
no-this | Disallow this access | :heavy_check_mark: | :heavy_check_mark: | |||
no-class | Disallow classes | :heavy_check_mark: | :heavy_check_mark: | |||
no-mixed-interface | Restrict interfaces so that only members of the same kind are allowed in them | :heavy_check_mark: | :heavy_check_mark: | :thought_balloon: | ||
no-expression-statement | Disallow expressions to cause side-effects | :heavy_check_mark: | ||||
no-conditional-statement | Disallow conditional statements (if and switch statements) | :heavy_check_mark: | ||||
no-loop-statement | Disallow imperative loops | :heavy_check_mark: | :heavy_check_mark: | |||
no-return-void | Disallow function that return nothing | :heavy_check_mark: | :heavy_check_mark: | :thought_balloon: | ||
functional-parameters | Functions must have functional parameter | :heavy_check_mark: | :heavy_check_mark: | |||
no-throw | Disallow throwing exceptions | :heavy_check_mark: | :heavy_check_mark: | |||
no-try | Disallow try-catch[-finally] and try-finally patterns | :heavy_check_mark: | ||||
no-reject | Disallow rejecting Promises |
In addition to the immutability rules above, there are a few standard rules that needs to be enabled to achieve immutability.
Each of these rules are enabled by default in the rulesets this plugin provides.
Without this rule, it is still possible to create var
variables that are mutable.
Without this rule, function parameters are mutable.
This rule is helpful when converting from an imperative code style to a functional one.
For performance reasons, tslint-immutable does not check implicit return types. So for example this function will return an mutable array but will not be detected:
function foo() {
return [1, 2, 3];
}
To avoid this situation you can enable @typescript-eslint/explicit-function-return-type
. Now the above function is forced to declare the return type and the mutability will be detected.
For new features file an issue. For bugs, file an issue and optionally file a PR with a failing test.
To execute the tests run yarn test
.
To learn about eslint plugin development se the relevant section of the eslit docs. You can also checkout the typescript-eslint repo which has some more information specific to typescript.
In order to know which AST nodes are created for a snippet of TypeScript code you can use ast explorer with options JavaScript and @typescript-eslint/parser.
yarn version --patch
yarn version --minor
yarn version --major
This project started off as a port of tslint-immutable which was originally inspired by eslint-plugin-immutable.
v0.3.0 - 2019-07-19
#30
#29
#28
#27
#26
#23
#21
#22
#16
FAQs
ESLint rules to disable mutation in TypeScript.
The npm package eslint-plugin-ts-immutable receives a total of 12 weekly downloads. As such, eslint-plugin-ts-immutable popularity was classified as not popular.
We found that eslint-plugin-ts-immutable demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.