Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
All of the configs for all of the linters and some third party tools.
npm install make-up --save-dev
Any existing eslint ruleset will be removed from the current directory upon installation. You should ignore .eslintrc
and .eslintcache
from your version control system.
This library's functions can be run programmatically:
var makeup = require('make-up');
var options = {
dirs: []
};
makeup.check(options, function(error, results) {
...
});
config: makeup.path( 'scss-lint.yml' )
Not that if you use Make-up with scss-lint, you need version 0.34+
Make-up currently features integrations with:
All integrations are enabled by default. You can use the -i
command line switch to pass a comma separated list of explicitly enabled integrations. For example:
node_modules/.bin/make-up -i eslint
will only run the ESLint integration.
node_modules/.bin/make-up -i eslint,snyk
will run both the ESLint and Snyk integrations.
To lint all the files in specific directories run the following:
node_modules/.bin/make-up directory1 directory2
The current directory is always automatically included.
This will automatically download the lint ruleset from Holiday Extras culture repo and check any JS or JSX files found.
If any errors are found a non zero exit status will be returned equal to the number of errors.
To only check files newer than a specific date, use the following option:
node_modules/.bin/make-up -s 'Sun, 09 Oct 2011 23:24:11 GMT' directory1 directory2
node_modules/.bin/make-up -s 'Tue Jun 09 2015 14:49:57 GMT+0100 (BST)' directory1 directory2
The -s
(since) argument can be in any format that the JS Date constructor supports.
To only check files that were modified in the current git branch compared to a specified git branch (typically master
), use the -b
command line switch followed by the branch name as in the following example:
node_modules/.bin/make-up -b master directory1 directory2
⚠️Note: if the HEAD
branch you're comparing the current branch with is no longer the branch point for the current branch (i.e. new commits were made there meanwhile), this switch will naturally also lint the changed files in the new commits of the branch you're comparing with. You'll need to merge or rebase he compare to branch to go back to linting only the changed files in the current branch.
To add a new integration to this project follow the steps below:
lib/integrations
directory.run
on the new integration object, this will take three arguments; an options
object, a writable stream
and callback
function.run
function will output any detail to the user using the provided stream.run
function will run the given callback in the usual node manner with the first argument being set as an error object and the second being the given writeable stream.checkIntegrations
object in the index.js
file.The script script/calculate_eslint_config.js
can be used to show what exact config is used by eslint, this will include any autogenerated rules. This
script expects one argument, which is a eslint config file.
FAQs
Handle configurations for Holiday Extras
We found that make-up demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.