Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
gulp-htmlhint-inline
Advanced tools
gulp-htmlhint-inline
Usage
First, install gulp-htmlhint-inline as a development dependency:
npm install --save-dev gulp-htmlhint-inline
Then, add it to your gulpfile.js:
var gulp = require('gulp'),
htmlhint_inline = require('gulp-htmlhint-inline');
gulp.task('htmlhint', function () {
var options = {
htmlhintrc: './.htmlhintrc',
ignores: {
'<?php': '?>'
},
patterns: [
{
match: /hoge/g,
replacement: 'fuga'
}
]
};
gulp.src('test/*.phtml')
.pipe(htmlhint_inline(options))
.pipe(htmlhint_inline.reporter())
.pipe(htmlhint_inline.reporter('fail'));
});
Options
htmlhintrc
Type: String Default value: null
htmlhintrc file must be a valid JSON.
If you specify this file, options that have been defined in it will be used in the global.
If there is specified in the task options, the options in this file will be overwritten.
{
"tagname-lowercase": true
}
ignores
Type: Object Default: {}
Remove program tag pairs.
patterns
Type: Array Default: []
Enable the replacement by the pattern
patterns.match
Type: RegExp|String
Indicates the matching expression.
patterns.replacement
Type: String | Function
reporter
Default Reporter
var gulp = require('gulp'),
htmlhint_inline = require('gulp-htmlhint-inline');
gulp.task('htmlhint', function () {
var options = {
htmlhintrc: './.htmlhintrc',
ignores: {
'<?php': '?>'
}
};
gulp.src('test/*.phtml')
.pipe(htmlhint_inline(options))
.pipe(htmlhint_inline.reporter());
});
Fail Reporter
In order to end the task when your task happened error of HTMLHint, please use this reporter.
var gulp = require('gulp'),
htmlhint_inline = require('gulp-htmlhint-inline');
gulp.task('htmlhint', function () {
var options = {
htmlhintrc: './.htmlhintrc',
ignores: {
'<?php': '?>'
}
};
gulp.src('test/*.phtml')
.pipe(htmlhint_inline(options))
.pipe(htmlhint_inline.reporter('fail'));
});
Custom Reporter
You can also use the custom reporter that you have created.
var gulp = require('gulp'),
htmlhint_inline = require('gulp-htmlhint-inline');
gulp.task('htmlhint', function () {
var options = {
htmlhintrc: './.htmlhintrc',
ignores: {
'<?php': '?>'
}
};
var cutomReporter = function (file) {
if (!file.htmlhint_inline.success) {
console.log('custom reporter: htmlhint-inline fail in '+ file.path);
}
}
return gulp.src('test/*.phtml')
.pipe(htmlhint_inline(options))
.pipe(htmlhint_inline.reporter())
.pipe(htmlhint_inline.reporter(cutomReporter));
});
License
Keywords
FAQs
Gulp plugin for linting inline html
We found that gulp-htmlhint-inline demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 08 Sep 2018
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025
Application Security
/Research
/Security News
Updated and Ongoing Supply Chain Attack Targets CrowdStrike npm Packages
Socket detected multiple compromised CrowdStrike npm packages, continuing the "Shai-Hulud" supply chain attack that has now impacted nearly 500 packages.
By Kush Pandya, Peter van der Zee, Olivia Brown, Socket Research Team - Sep 16, 2025