Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
tslint-immutable
Advanced tools
This repo contains a TSLint version of the eslint-plugin-immutable .
This goal of these TSLint rules are to disable all mutation in TypeScript. Please see the eslint-plugin-immutable version for the rationale beind this.
npm install tslint-immutable --save-dev
There following rules are availavle:
See eslint version for documentation.
See eslint version for documentation.
See eslint version for documentation.
When you call a function and don’t use it’s return value, chances are high that it is being called for its side effect. e.g.
array.push(1)
alert('Hello world!')
This rule checks that the value of an expression is assigned to a variable. However it will still be possible to perform mutations, eg. this rule will not catch these expressions:
const namesWithBar = names.concat([' bar ']) // ok, bound to another variable
return namesWithBar // ok, returned
const newSize = names.push('baz') // maybe `no-unused-vars` can catch this
const newObject = Object.assign(oldObject, { foo: 'bar' }) // tough luck
The rules in this package alone can not eliminate mutation in your TypeScript programs. To go the distance I suggest you also enable the following built-in TSLint rules:
Here's a sample TSLint configuration file (tslint.json) that activates all the recommended rules:
{
"rulesDirectory": "path/to/tslint-immutable/rules",
"rules": {
"no-let": true,
"no-this": true,
"no-mutation": true,
"no-expression-statement": true,
"no-var-keyword": true
}
}
FAQs
TSLint rules to disable mutation in TypeScript.
The npm package tslint-immutable receives a total of 14,927 weekly downloads. As such, tslint-immutable popularity was classified as popular.
We found that tslint-immutable demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.