Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
lint-fix-nodemon
Advanced tools
Watch your files and run ESLint + fix + nodemon on save
WHY DO YOU NEED THIS?
npm install lint-fix-nodemon --save-dev
or yarn add lint-fix-nodemon -D
You can run it with npx lint-fix-nodemon
or normally you should just add a script to your package.json file.
I usually name it "dev" ("dev": "lint-fix-nodemon"
) so you can run npm run dev
By default, it will assume nodemon should run the script specified as your "main" in your package.json file.
Otherwise you can also pass it in as an argument -- for example: lint-fix-nodemon ./api/start.js
Other configuration in terms of what files to watch and lint will be read from the nodemonConfig entry in your package.json file
It will automatically ignore your node_modules folder and any files/folders that start with "."
Normally when running eslint from the cli, you must specify the extensions you wish to run on, or it will automatically just default to .js files only.
To avoid having to set it again, we copy the extension settings from the nodemon config set in package.json file. This may mean you need to add some ignore rules in your eslintrc file, to ignore certain file types that you don't want to lint, but you do want changes to cause a nodemon restart.
{
...
"scripts": {
"dev": "lint-fix-nodemon api/start.js",
...
},
"nodemonConfig": {
"watch": ["api/"],
"ignore": ["api/scripts"],
"ext": "js,json,ts"
},
...
}
FAQs
watch files and run eslint+fix+nodemon without double restarts
The npm package lint-fix-nodemon receives a total of 1 weekly downloads. As such, lint-fix-nodemon popularity was classified as not popular.
We found that lint-fix-nodemon demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.