Security News
Cloudflare Adds Security.txt Setup Wizard
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
By Sarah Gooding - Sep 30, 2024
neostandard
Advanced tools
Table of Contents
- Quick Start
- Configuration options
- Additional exports
- Missing for 1.0.0 release
- Differences to standard / eslint-config-standard 17.x
- Config helper
- Readme badges
Quick Start
Migrate from standard
npm install -D neostandard eslintnpx neostandard --migrate > eslint.config.js(uses our config helper)- Replace
standardwitheslintin all places where you runstandard, eg."scripts"and.github/workflows/(neostandardCLI tracked in #2) - (Add ESLint editor integration, eg. VS Code ESLint extension)
- Cleanup:
npm uninstall standard- Remove unused
"standard"top level key from yourpackage.json - Deactivate
standardspecific integrations if you no longer use them (eg. vscode-standard))
Add to new project
-
npm install -D neostandard eslint -
Add an
eslint.config.js:Using config helper:
npx neostandard --esm > eslint.config.jsOr to get CommonJS:
npx neostandard > eslint.config.jsOr manually create the file as ESM:
import { neostandard } from 'neostandard' export default neostandard({ // options })Or as CommonJS:
module.exports = require('neostandard')({ // options }) -
Run
neostandardby running ESLint, eg. usingnpx eslint,npx eslint --fixor similar
Configuration options
env-string[]- adds additional globals by importing them from the globals npm modulefiles-string[]- additional file patterns to match. Uses the same shape as ESLintfilesfilesTs-string[]- additional file patterns for the TypeScript configs to match. Uses the same shape as ESLintfilesglobals-string[] | object- an array of names of globals or an object of the same shape as ESLintlanguageOptions.globalsignores-string[]- an array of glob patterns for files that the config should not apply to, see ESLint documentation for detailsnoStyle-boolean- if set, no style rules will be added. Especially useful when combined with Prettier, dprint or similarsemi-boolean- if set, enforce rather than forbid semicolons (same assemistandarddid)ts-boolean- if set, TypeScript syntax will be supported and*.ts(including*.d.ts) will be checked. To add additional file patterns to the TypeScript checks, usefilesTs
Additional exports
resolveIgnoresFromGitignore()
Finds a .gitignore file that resides in the same directory as the ESLint config file and returns an array of ESLint ignores that matches the same files.
ESM:
import neostandard, { resolveIgnoresFromGitignore } from 'neostandard'
export default neostandard({
ignores: resolveIgnoresFromGitignore(),
})
CommonJS:
module.exports = require('neostandard')({
ignores: require('neostandard').resolveIgnoresFromGitignore(),
})
Exported plugins
neostandard exports all the ESLint plugins that it uses. This to ensure that users who need to reference the plugin themselves will use the exact same instance of the plugin, which is a necessity when a plugin prefix is defined in multiple places.
List of exported plugins
@stylistic- export of@stylistic/eslint-plugin@typescript-eslint- export of@typescript-eslint/eslint-pluginn- export ofeslint-plugin-npromise- export ofeslint-plugin-promise
Usage of exported plugin
If one eg. wants to add the eslint-plugin-n recommended config, then one can do:
import neostandard, { plugins } from 'neostandard'
export default [
...neostandard({
ignores: resolveIgnoresFromGitignore(),
}),
plugins.n.configs['flat/recommended'],
]
Missing for 1.0.0 release
- Add JSX/TSX support: #11
- Migrate
eslint-plugin-importrules fromstandard: #15 - Investigate a dedicated
neostandardrunner: #33 / #2
Full list in 1.0.0 milestone
Differences to standard / eslint-config-standard 17.x
- Uses ESLint flat configs to bundle plugins rather than relying on
standard-engine - Built upon ESLint 9
- Support for
.tsas option in main package - Contains
semistandardas option in main package - Uses
eslint-stylisticinstead of deprecated ESLint style rules - Enables opting out of style rules (no need for eg.
eslint-config-prettieranymore)
Changed rules
@stylistic/comma-dangle– changed – set to prefer dangling commas in everything but functions and is it set towarnrather thanerror
Relaxed rules
@stylistic/no-multi-spaces– changed – setsignoreEOLCommentstotrue, useful for aligning comments across multiple linedot-notation– deactivated – clashes with thenoPropertyAccessFromIndexSignaturecheck in TypeScriptn/no-deprecated-api– changed – changed towarninstead oferroras they are not urgent to fix
Missing bits
- Some plugins are not yet supporting ESLint 9 or flat configs and has thus not yet been added. These are:
eslint-plugin-import
- JSX parsing is not supported out of the box
Config helper
You can use the provided CLI tool to generate a config for you:
neostandard --semi --ts > eslint.config.js
To see all available flags, run:
neostandard --help
Config migration
The CLI tool can also migrate an existing "standard" configuration from package.json:
neostandard --migrate > eslint.config.js
Migrations can also be extended, so to eg. migrate a semistandard setup, do:
neostandard --semi --migrate > eslint.config.js
Readme badges
Yes! If you use neostandard in your project, you can include one of these badges in
your readme to let people know that your code is using the neostandard style.
[](https://github.com/neostandard/neostandard)
[](https://github.com/neostandard/neostandard)
[](https://github.com/neostandard/neostandard)
FAQs
A modern successor to standard
The npm package neostandard receives a total of 11,258 weekly downloads. As such, neostandard popularity was classified as popular.
We found that neostandard demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Package last updated on 01 Jul 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Malicious “express-dompurify” npm Package Steals Browser and Cryptocurrency Wallet Data
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.
By Socket Research Team - Sep 27, 2024
Security News
ENISA 2024 Threat Landscape Report Warns of Increasing State-Sponsored Supply Chain Attacks on Open Source Software
ENISA’s 2024 report highlights the EU’s top cybersecurity threats, including rising DDoS attacks, ransomware, supply chain vulnerabilities, and weaponized AI.
By Sarah Gooding - Sep 27, 2024