Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
eslint-plugin-zillow
Advanced tools
Zillow's ESLint config bundled into a "zero-conf" plugin
We want shareable configs to have as low of an overhead as possible. Users shouldn't have to know exactly what plugins are required by the config, install them and manage their versions manually. This plugin exposes eslint-config-zillow
for reuse, with plugins automatically installed.
See https://github.com/eslint/eslint/issues/3458 for further discussion on this topic. Approach inspired by
eslint-plugin-react-app
andeslint-plugin-springload
.
Install the plugin and its minimal peer dependencies:
npm i -D eslint prettier eslint-plugin-zillow
Configure ESLint to use this config. For example, in your package.json, this would be:
"eslintConfig": {
"extends": "plugin:zillow/recommended"
},
Jest-specific rules and environment added to the default export.
"eslintConfig": {
"extends": ["plugin:zillow/recommended", "plugin:zillow/jest"]
},
Mocha-specific rules and environment added to the default export.
"eslintConfig": {
"extends": ["plugin:zillow/recommended", "plugin:zillow/mocha"]
},
You can configure the rules like every other eslint
plugin.
Just keep in mind that if you want to change a rule of an included plugin (for example, eslint-plugin-react
) you must prefix the rule with zillow/
(necessary to prevent namespace collisions).
For example:
{
"extends": [
"plugin:zillow/recommended"
],
"rules": {
"zillow/react/react-in-jsx-scope": ["warn"]
}
}
prettier
Editor Plugin IntegrationUnfortunately, super-useful editor plugins like prettier-atom
and prettier-vscode
do not load Prettier settings from ESLint config, which is where we load our Prettier options from. To workaround this, add a .prettierrc.js
or prettier.config.js
file to your root with the following content:
module.exports = require('prettier-config-zillow');
We currently encapsulate the following plugins:
FAQs
Zillow's ESLint config bundled into a "zero-conf" plugin
The npm package eslint-plugin-zillow receives a total of 529 weekly downloads. As such, eslint-plugin-zillow popularity was classified as not popular.
We found that eslint-plugin-zillow demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.