Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
ESLint is a static code analysis tool for identifying problematic patterns found in JavaScript code. It is primarily used for finding and fixing problems in JavaScript code, enforcing coding standards, and improving code quality.
Linting JavaScript Files
Run ESLint on all JavaScript files in the 'src' directory and its subdirectories.
eslint 'src/**/*.js'
Fixing Problems Automatically
Automatically fix problems in JavaScript files that ESLint is capable of fixing.
eslint --fix 'src/**/*.js'
Customizable Configuration
Customize ESLint rules and extend from recommended presets in the ESLint configuration file.
{ 'extends': 'eslint:recommended', 'rules': { 'eqeqeq': 'warn', 'no-unused-vars': 'error' } }
Integrating with Build Tools
Integrate ESLint with build tools like Grunt by using the corresponding plugin.
grunt.loadNpmTasks('grunt-eslint');
Using Plugins
Extend ESLint's capabilities with plugins for specific libraries or frameworks, such as React.
{ 'plugins': ['react'], 'rules': { 'react/jsx-uses-vars': 'error' } }
JSHint is a community-driven tool that detects errors and potential problems in JavaScript code. It is less configurable than ESLint and does not support custom rule creation.
JSCS is a code style linter for programmatically enforcing your style guide. It has been deprecated and merged with ESLint, which now covers its functionality.
Prettier is an opinionated code formatter that supports many languages and integrates with most editors. Unlike ESLint, it does not check for code errors but focuses on maintaining a consistent code style.
TSLint was a linter for TypeScript, providing similar functionality to ESLint but specifically for TypeScript code. It has been deprecated in favor of typescript-eslint, which allows ESLint to be used with TypeScript.
Standard is a JavaScript style guide, linter, and formatter with a set of predefined rules. It enforces a strict coding standard but is less configurable than ESLint.
Website | Configuring | Rules | Contributing | Twitter | Mailing List
ESLint is a tool for identifying and reporting on patterns found in ECMAScript/JavaScript code. In many ways, it is similar to JSLint and JSHint with a few exceptions:
You can install ESLint using npm:
npm install -g eslint
If it's your first time using ESLint, you should set up a config file using --init
:
eslint --init
After that, you can run ESLint on any JavaScript file:
eslint test.js test2.js
These folks keep the project moving and are resources for help:
I do like JSHint. And I like Anton and Rick. Neither of those were deciding factors in creating this tool. The fact is that I've had a dire need for a JavaScript tool with pluggable linting rules. I had hoped JSHint would be able to do this, however after chatting with Anton, I found that the planned plugin infrastructure wasn't going to suit my purpose.
That's not really a question, but I got it. I'm not trying to convince you that ESLint is better than JSHint. The only thing I know is that ESLint is better than JSHint for what I'm doing. In the off chance you're doing something similar, it might be better for you. Otherwise, keep using JSHint, I'm certainly not going to tell you to stop using it.
ESLint is slower than JSHint, usually 2-3x slower on a single file. This is because ESLint uses Espree to construct an AST before it can evaluate your code whereas JSHint evaluates your code as it's being parsed. The speed is also based on the number of rules you enable; the more rules you enable, the slower the process.
Despite being slower, we believe that ESLint is fast enough to replace JSHint without causing significant pain.
ESLint is faster than JSCS, as ESLint uses a single-pass traversal for analysis whereas JSCS using a querying model.
If you are using both JSHint and JSCS on your files, then using just ESLint will be faster.
ESLint does both traditional linting (looking for problematic patterns) and style checking (enforcement of conventions). You can use it for both.
The following projects are using ESLint to validate their JavaScript:
In addition, the following companies are using ESLint internally to validate their JavaScript:
ESLint has full support for ECMAScript 6. By default, this support is off. You can enable ECMAScript 6 support through configuration.
Yes, ESLint natively supports parsing JSX syntax (this must be enabled in configuration.). Please note that supporting JSX syntax is not the same as supporting React. React applies specific semantics to JSX syntax that ESLint doesn't recognize. We recommend using eslint-plugin-react if you are using React and want React semantics.
ESLint doesn't natively support experimental ECMAScript language features. You can use babel-eslint to use any option available in Babel.
Join our Mailing List or Chatroom
FAQs
An AST-based pattern checker for JavaScript.
The npm package eslint receives a total of 42,463,241 weekly downloads. As such, eslint popularity was classified as popular.
We found that eslint demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.