Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
eslint-plugin-yml
Advanced tools
eslint-plugin-yml is an ESLint plugin that provides linting rules for YAML files. It helps ensure consistency and correctness in YAML files by enforcing specific coding standards and best practices.
Indentation
This rule enforces consistent indentation in YAML files. The example configuration sets the indentation to 2 spaces.
module.exports = {
'yml/indent': ['error', 2]
};
Key Sorting
This rule enforces sorted keys within YAML mappings. The example configuration sorts keys in ascending order, case-insensitively, and using natural sort order.
module.exports = {
'yml/sort-keys': ['error', 'asc', { 'caseSensitive': false, 'natural': true }]
};
No Empty Mapping Values
This rule disallows empty values in YAML mappings. The example configuration treats any empty mapping value as an error.
module.exports = {
'yml/no-empty-mapping-value': 'error'
};
yaml-lint is a simple linter for YAML files that checks for syntax errors. Unlike eslint-plugin-yml, it does not integrate with ESLint and offers fewer customization options.
eslint-plugin-yml is ESLint plugin provides linting rules for YAML.
This ESLint plugin provides linting rules for YAML.
<i18n lang="yaml">
.vue-eslint-parser
v7.3.0 and above.# eslint-disable-next-line
You can check on the Online DEMO.
e.g. eslint-plugin-yaml
These plugins use the processor to parse and return the results independently, without providing the ESLint engine with AST and source code text.
Plugins don't provide AST, so you can't use directive comments (e.g. # eslint-disable
).
Plugins don't provide source code text, so you can't use it with plugins and rules that use text (e.g. eslint-plugin-prettier, eol-last).
eslint-plugin-yml works by providing AST and source code text to ESLint.
See documents.
npm install --save-dev eslint eslint-plugin-yml
Requirements
- ESLint v6.0.0 and above
- Node.js v14.17.x, v16.x and above
Use .eslintrc.*
file to configure rules. See also: https://eslint.org/docs/user-guide/configuring.
Example .eslintrc.js:
module.exports = {
extends: [
// add more generic rulesets here, such as:
// 'eslint:recommended',
"plugin:yml/standard",
],
rules: {
// override/add rules settings here, such as:
// 'yml/rule-name': 'error'
},
};
This plugin provides configs:
plugin:yml/base
... Configuration to enable correct YAML parsing.plugin:yml/recommended
... Above, plus rules to prevent errors or unintended behavior.plugin:yml/standard
... Above, plus rules to enforce the common stylistic conventions.plugin:yml/prettier
... Turn off rules that may conflict with Prettier.See the rule list to get the rules
that this plugin provides.
If you have specified a parser, you need to configure a parser for .yaml
.
For example, if you are using the "@babel/eslint-parser"
, configure it as follows:
module.exports = {
// ...
extends: ["plugin:yml/standard"],
// ...
parser: "@babel/eslint-parser",
// Add an `overrides` section to add a parser configuration for YAML.
overrides: [
{
files: ["*.yaml", "*.yml"],
parser: "yaml-eslint-parser",
},
],
// ...
};
The following parser options for yaml-eslint-parser
are available by specifying them in parserOptions in the ESLint configuration file.
module.exports = {
// ...
overrides: [
{
files: ["*.yaml", "*.yml"],
parser: "yaml-eslint-parser",
// Options used with yaml-eslint-parser.
parserOptions: {
defaultYAMLVersion: "1.2",
},
},
],
// ...
};
See also https://github.com/ota-meshi/yaml-eslint-parser#readme.
If you want to run eslint
from the command line, make sure you include the .yaml
extension using the --ext
option or a glob pattern, because ESLint targets only .js
files by default.
Examples:
eslint --ext .js,.yaml,.yml src
eslint "src/**/*.{js,yaml,yml}"
Use the dbaeumer.vscode-eslint extension that Microsoft provides officially.
You have to configure the eslint.validate
option of the extension to check .yaml
files, because the extension targets only *.js
or *.jsx
files by default.
Example .vscode/settings.json:
{
"eslint.validate": [
"javascript",
"javascriptreact",
"yaml",
"github-actions-workflow" // for GitHub Actions workflow files
]
}
In any of the JetBrains IDEs you can configure the linting scope. Following the steps in their help document, you can add YAML files to the scope like so:
{**/*,*}.{js,ts,jsx,tsx,html,vue,yaml,yml}
^^^^ ^^^
The --fix
option on the command line automatically fixes problems reported by rules which have a wrench :wrench: below.
The rules with the following star :star: are included in the config.
Rule ID | Description | Fixable | RECOMMENDED | STANDARD |
---|---|---|---|---|
yml/block-mapping-colon-indicator-newline | enforce consistent line breaks after : indicator | :wrench: | ||
yml/block-mapping-question-indicator-newline | enforce consistent line breaks after ? indicator | :wrench: | :star: | |
yml/block-mapping | require or disallow block style mappings. | :wrench: | :star: | |
yml/block-sequence-hyphen-indicator-newline | enforce consistent line breaks after - indicator | :wrench: | :star: | |
yml/block-sequence | require or disallow block style sequences. | :wrench: | :star: | |
yml/file-extension | enforce YAML file extension | |||
yml/indent | enforce consistent indentation | :wrench: | :star: | |
yml/key-name-casing | enforce naming convention to key names | |||
yml/no-empty-document | disallow empty document | :star: | :star: | |
yml/no-empty-key | disallow empty mapping keys | :star: | :star: | |
yml/no-empty-mapping-value | disallow empty mapping values | :star: | :star: | |
yml/no-empty-sequence-entry | disallow empty sequence entries | :star: | :star: | |
yml/no-tab-indent | disallow tabs for indentation. | :star: | :star: | |
yml/no-trailing-zeros | disallow trailing zeros for floats | :wrench: | ||
yml/plain-scalar | require or disallow plain style scalar. | :wrench: | :star: | |
yml/quotes | enforce the consistent use of either double, or single quotes | :wrench: | :star: | |
yml/require-string-key | disallow mapping keys other than strings | |||
yml/sort-keys | require mapping keys to be sorted | :wrench: | ||
yml/sort-sequence-values | require sequence values to be sorted | :wrench: | ||
yml/vue-custom-block/no-parsing-error | disallow parsing errors in Vue custom blocks | :star: | :star: |
Rule ID | Description | Fixable | RECOMMENDED | STANDARD |
---|---|---|---|---|
yml/flow-mapping-curly-newline | enforce consistent line breaks inside braces | :wrench: | :star: | |
yml/flow-mapping-curly-spacing | enforce consistent spacing inside braces | :wrench: | :star: | |
yml/flow-sequence-bracket-newline | enforce linebreaks after opening and before closing flow sequence brackets | :wrench: | :star: | |
yml/flow-sequence-bracket-spacing | enforce consistent spacing inside flow sequence brackets | :wrench: | :star: | |
yml/key-spacing | enforce consistent spacing between keys and values in mapping pairs | :wrench: | :star: | |
yml/no-irregular-whitespace | disallow irregular whitespace | :star: | :star: | |
yml/no-multiple-empty-lines | disallow multiple empty lines | :wrench: | ||
yml/spaced-comment | enforce consistent spacing after the # in a comment | :wrench: | :star: |
You can verify using JSON Schema by checking and installing eslint-plugin-json-schema-validator.
You can verify the message files by checking and installing @intlify/eslint-plugin-vue-i18n.
eslint-plugin-yml follows Semantic Versioning and ESLint's Semantic Versioning Policy.
Welcome contributing!
Please use GitHub's Issues/PRs.
npm test
runs tests and measures coverage.npm run update
runs in order to update readme and recommended configuration.This plugin uses yaml-eslint-parser for the parser. Check here to find out about AST.
See the LICENSE file for license rights and limitations (MIT).
FAQs
This ESLint plugin provides linting rules for YAML.
The npm package eslint-plugin-yml receives a total of 424,657 weekly downloads. As such, eslint-plugin-yml popularity was classified as popular.
We found that eslint-plugin-yml demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.