Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
svelte-check
Advanced tools
The svelte-check npm package is a command-line tool designed to provide type checking and linting for Svelte projects. It leverages TypeScript and Svelte's own compiler to ensure that your Svelte components are free of type errors and adhere to best practices.
Type Checking
This command runs type checking on your Svelte project, ensuring that all TypeScript code within your Svelte components is type-safe. It helps catch type errors early in the development process.
npx svelte-check
Linting
This command runs linting on your Svelte project using the specified TypeScript configuration file. It helps enforce coding standards and best practices within your Svelte components.
npx svelte-check --tsconfig ./tsconfig.json
Watch Mode
This command runs svelte-check in watch mode, continuously checking your Svelte project for type errors and linting issues as you make changes. It provides real-time feedback during development.
npx svelte-check --watch
ESLint is a widely-used linting tool for JavaScript and TypeScript projects. While it is not specific to Svelte, it can be configured to work with Svelte projects using plugins like eslint-plugin-svelte3. Compared to svelte-check, ESLint offers more extensive linting rules and customization options but requires additional configuration for Svelte.
TypeScript is a superset of JavaScript that adds static typing. The TypeScript compiler (tsc) can be used to type-check Svelte projects, but it does not provide Svelte-specific linting. svelte-check combines TypeScript's type-checking capabilities with Svelte-specific linting, making it more tailored for Svelte projects.
Prettier is an opinionated code formatter that can be used to format Svelte files. While it does not provide type checking or linting, it ensures consistent code style across your project. svelte-check focuses on type checking and linting, whereas Prettier focuses on code formatting.
Provides CLI diagnostics checks for:
Requires Node 12 or later.
Installation:
npm i svelte-check --save-dev
Package.json:
{
// ...
"scripts": {
"svelte-check": "svelte-check"
// ...
},
// ...
"devDependencies": {
"svelte-check": "..."
// ...
}
}
Usage:
npm run svelte-check
Installation:
npm i svelte-check -g
Usage:
svelte-check
--workspace <path>
Path to your workspace. All subdirectories except node_modules and those listed in --ignore are checked
--output <human|human-verbose|machine>
--watch
Will not exit after one pass but keep watching files for changes and rerun diagnostics
--ignore <path1,path2>
Files/folders to ignore - relative to workspace root, comma-separated, inside quotes. Example: --ignore "dist,build"
--fail-on-warnings
Will also exit with error code when there are warnings
--compiler-warnings <code1:error|ignore,code2:error|ignore>
A list of Svelte compiler warning codes. Each entry defines whether that warning should be ignored or treated as an error. Warnings are comma-separated, between warning code and error level is a colon; all inside quotes. Example: --compiler-warnings "css-unused-selector:ignore,unused-export-let:error"
--diagnostic-sources <js,svelte,css>
A list of diagnostic sources which should run diagnostics on your code. Possible values are js
(includes TS), svelte
, css
. Comma-separated, inside quotes. By default all are active. Example: --diagnostic-sources "js,svelte"
Setting the --output
to machine
will format output in a way that is easier to read
by machines, e.g. inside CI pipelines, for code quality checks, etc.
Each row corresponds to a new record. Rows are made up of columns that are separated by a single space character. The first column of every row contains a timestamp in milliseconds which can be used for monitoring purposes. The second column gives us the "row type", based on which the number and types of subsequent columns may differ.
The first row is of type START
and contains the workspace folder (wrapped in quotes).
1590680325583 START "/home/user/language-tools/packages/language-server/test/plugins/typescript/testfiles"
Any number of ERROR
or WARNING
records may follow. Their structure is identical and tells
us the filename, the line and column numbers, and the error message. The filename is relative
to the workspace directory. The filename and the message are both wrapped in quotes.
1590680326283 ERROR "codeactions.svelte" 1:16 "Cannot find module 'blubb' or its corresponding type declarations."
1590680326778 WARNING "imported-file.svelte" 0:37 "Component has unused export property 'prop'. If it is for external reference only, please consider using `export const prop`"
The output concludes with a COMPLETED
message that summarizes total numbers of files, errors,
and warnings that were encountered during the check.
1590680326807 COMPLETED 20 FILES 21 ERRORS 1 WARNINGS
If the application experiences a runtime error, this error will appear as a FAILURE
record.
1590680328921 FAILURE "Connection closed"
svelte-check
FAQs
Svelte Code Checker Terminal Interface
The npm package svelte-check receives a total of 321,906 weekly downloads. As such, svelte-check popularity was classified as popular.
We found that svelte-check demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.