Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
The 'globals' npm package provides a collection of global identifiers for various JavaScript environments. It's useful for linting purposes to define a set of global variables that are considered to be legal and expected in a given environment, such as browser, Node.js, or other environments like testing frameworks.
Environment-specific globals
This feature allows you to specify a set of globals for browser environments. When set to true, it includes all the global variables that are expected to be available in a browser context, such as 'window', 'document', etc.
{"browser": true}
Node.js globals
This feature provides a list of global variables specific to Node.js, such as 'global', 'process', 'Buffer', etc. It's useful when you're working in a Node.js environment and want to ensure your linting tools are aware of these globals.
{"node": true}
CommonJS globals
This feature includes globals related to the CommonJS module system, such as 'require', 'exports', and 'module'. It's helpful when working with CommonJS modules to avoid linting errors related to these global identifiers.
{"commonjs": true}
ES6 globals
This feature includes new global variables introduced in ES6/ES2015, like 'Promise', 'Set', 'Map', etc. It's useful for projects that are using ES6 features and want to ensure that these new globals are recognized by linting tools.
{"es6": true}
Testing framework globals
This feature provides globals for the Mocha testing framework, such as 'describe', 'it', 'beforeEach', etc. It's useful for projects that use Mocha for testing to prevent linting errors related to Mocha's global variables.
{"mocha": true}
ESLint is a popular linting tool for JavaScript and JSX. While not a direct alternative to 'globals', it uses the concept of environments, which can be configured to include global variables for specific environments, similar to what 'globals' provides. ESLint is more comprehensive as it includes not only global variable definitions but also a wide range of linting rules for code quality and style.
JSHint is another linting tool that can be configured to recognize global variables in different environments. Like 'globals', it allows you to specify which global variables are allowed in your code to prevent linting errors. JSHint is less customizable than ESLint but serves a similar purpose in managing global variables for linting.
Tern is a stand-alone code-analysis engine for JavaScript that, among other features, can be used to recognize global variables in different environments. While it is not a linting tool per se, it provides functionality that overlaps with 'globals' by understanding the scope and context of code, including global variables.
Global identifiers from different JavaScript environments
Extracted from JSHint and ESLint and merged.
It's just a JSON file, so use it in whatever environment you like.
$ npm install --save globals
var globals = require('globals');
console.log(globals.browser);
/*
{
addEventListener: false,
applicationCache: false,
ArrayBuffer: false,
atob: false,
...
}
*/
Each global is given a value of true
or false
. A value of true
indicates that the variable may be overwritten. A value of false
indicates that the variable should be considered read-only. This information is used by static analysis tools to flag incorrect behavior. We assume all variables should be false
unless we hear otherwise.
MIT © Sindre Sorhus
FAQs
Global identifiers from different JavaScript environments
The npm package globals receives a total of 17,583,486 weekly downloads. As such, globals popularity was classified as popular.
We found that globals demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.