Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
ESLint is a static code analysis tool for identifying problematic patterns found in JavaScript code. It is primarily used for finding and fixing problems in JavaScript code, enforcing coding standards, and improving code quality.
Linting JavaScript Files
Run ESLint on all JavaScript files in the 'src' directory and its subdirectories.
eslint 'src/**/*.js'
Fixing Problems Automatically
Automatically fix problems in JavaScript files that ESLint is capable of fixing.
eslint --fix 'src/**/*.js'
Customizable Configuration
Customize ESLint rules and extend from recommended presets in the ESLint configuration file.
{ 'extends': 'eslint:recommended', 'rules': { 'eqeqeq': 'warn', 'no-unused-vars': 'error' } }
Integrating with Build Tools
Integrate ESLint with build tools like Grunt by using the corresponding plugin.
grunt.loadNpmTasks('grunt-eslint');
Using Plugins
Extend ESLint's capabilities with plugins for specific libraries or frameworks, such as React.
{ 'plugins': ['react'], 'rules': { 'react/jsx-uses-vars': 'error' } }
JSHint is a community-driven tool that detects errors and potential problems in JavaScript code. It is less configurable than ESLint and does not support custom rule creation.
JSCS is a code style linter for programmatically enforcing your style guide. It has been deprecated and merged with ESLint, which now covers its functionality.
Prettier is an opinionated code formatter that supports many languages and integrates with most editors. Unlike ESLint, it does not check for code errors but focuses on maintaining a consistent code style.
TSLint was a linter for TypeScript, providing similar functionality to ESLint but specifically for TypeScript code. It has been deprecated in favor of typescript-eslint, which allows ESLint to be used with TypeScript.
Standard is a JavaScript style guide, linter, and formatter with a set of predefined rules. It enforces a strict coding standard but is less configurable than ESLint.
Website | Configuring | Rules | Contributing | Reporting Bugs | Code of Conduct | Twitter | Mailing List | Chat Room
ESLint is a tool for identifying and reporting on patterns found in ECMAScript/JavaScript code. In many ways, it is similar to JSLint and JSHint with a few exceptions:
Prerequisites: Node.js (>=6.14), npm version 3+.
There are two ways to install ESLint: globally and locally.
If you want to include ESLint as part of your project's build system, we recommend installing it locally. You can do so using npm:
$ npm install eslint --save-dev
You should then setup a configuration file:
$ ./node_modules/.bin/eslint --init
After that, you can run ESLint on any file or directory like this:
$ ./node_modules/.bin/eslint yourfile.js
Any plugins or shareable configs that you use must also be installed locally to work with a locally-installed ESLint.
If you want to make ESLint available to tools that run across all of your projects, we recommend installing ESLint globally. You can do so using npm:
$ npm install -g eslint
You should then setup a configuration file:
$ eslint --init
After that, you can run ESLint on any file or directory like this:
$ eslint yourfile.js
Any plugins or shareable configs that you use must also be installed globally to work with a globally-installed ESLint.
Note: eslint --init
is intended for setting up and configuring ESLint on a per-project basis and will perform a local installation of ESLint and its plugins in the directory in which it is run. If you prefer using a global installation of ESLint, any plugins used in your configuration must also be installed globally.
After running eslint --init
, you'll have a .eslintrc
file in your directory. In it, you'll see some rules configured like this:
{
"rules": {
"semi": ["error", "always"],
"quotes": ["error", "double"]
}
}
The names "semi"
and "quotes"
are the names of rules in ESLint. The first value is the error level of the rule and can be one of these values:
"off"
or 0
- turn the rule off"warn"
or 1
- turn the rule on as a warning (doesn't affect exit code)"error"
or 2
- turn the rule on as an error (exit code will be 1)The three error levels allow you fine-grained control over how ESLint applies rules (for more configuration options and details, see the configuration docs).
ESLint adheres to the JS Foundation Code of Conduct.
Before filing an issue, please be sure to read the guidelines for what you're reporting:
Maybe, depending on how much you need it. JSCS has reached end of life, but if it is working for you then there is no reason to move yet. There are still a few issues pending. We’ll announce when all of the changes necessary to support JSCS users in ESLint are complete and will start encouraging JSCS users to switch to ESLint at that time.
If you are having issues with JSCS, you can try to move to ESLint. Have a look at our migration guide.
No, ESLint does both traditional linting (looking for problematic patterns) and style checking (enforcement of conventions). You can use ESLint for everything, or you can combine both using Prettier to format your code and ESLint to catch possible errors.
ESLint can be globally or locally installed. If you install ESLint globally, your plugins must also be installed globally; if you install ESLint locally, your plugins must also be installed locally.
If you are trying to run globally, make sure your plugins are installed globally (use npm ls -g
).
If you are trying to run locally:
package.json
as devDependencies (or dependencies, if your project uses ESLint at runtime).npm install
and all your dependencies are installed.In all cases, make sure your plugins' peerDependencies have been installed as well. You can use npm view eslint-plugin-myplugin peerDepencies
to see what peer dependencies eslint-plugin-myplugin
has.
Yes, ESLint natively supports parsing JSX syntax (this must be enabled in configuration). Please note that supporting JSX syntax is not the same as supporting React. React applies specific semantics to JSX syntax that ESLint doesn't recognize. We recommend using eslint-plugin-react if you are using React and want React semantics.
ESLint has full support for ECMAScript 3, 5 (default), 2015, 2016, 2017, and 2018. You can set your desired ECMAScript syntax (and other settings, like global variables or your target environments) through configuration.
ESLint's parser only officially supports the latest final ECMAScript standard. We will make changes to core rules in order to avoid crashes on stage 3 ECMAScript syntax proposals (as long as they are implemented using the correct experimental ESTree syntax). We may make changes to core rules to better work with language extensions (such as JSX, Flow, and TypeScript) on a case-by-case basis.
In other cases (including if rules need to warn on more or fewer cases due to new syntax, rather than just not crashing), we recommend you use other parsers and/or rule plugins. If you are using Babel, you can use the babel-eslint parser and eslint-plugin-babel to use any option available in Babel.
Once a language feature has been adopted into the ECMAScript standard (stage 4 according to the TC39 process), we will accept issues and pull requests related to the new feature, subject to our contributing guidelines. Until then, please use the appropriate parser and plugin(s) for your experimental feature.
Join our Mailing List or Chatroom.
We have scheduled releases every two weeks on Friday or Saturday. You can follow a release issue for updates about the scheduling of any particular release.
ESLint follows semantic versioning. However, due to the nature of ESLint as a code quality tool, it's not always clear when a minor or major version bump occurs. To help clarify this for everyone, we've defined the following semantic versioning policy for ESLint:
eslint:recommended
is updated.According to our policy, any minor update may report more errors than the previous release (ex: from a bug fix). As such, we recommend using the tilde (~
) in package.json
e.g. "eslint": "~3.1.0"
to guarantee the results of your builds.
These folks keep the project moving and are resources for help.
Nicholas C. Zakas |
Ilya Volodin |
Brandon Mills |
Gyandeep Singh |
Toru Nagashima |
Alberto Rodríguez |
Kai Cataldo |
Teddy Katz |
Kevin Partington |
FAQs
An AST-based pattern checker for JavaScript.
The npm package eslint receives a total of 33,235,716 weekly downloads. As such, eslint popularity was classified as popular.
We found that eslint demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.