Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
typescript-strictly-typed
Advanced tools
Enable configurations for strictly typed TypeScript, ESLint or TSLint, and optionally Angular.
Enable configurations for strictly typed TypeScript, ESLint or TSLint, and optionally Angular.
Because TypeScript strict
mode is not enough.
A blog post explains the motivation of this lib.
Going fully strict is a choice to make at the very beginning of a project.
Enabling all strict options at once in an existing project is strongly discouraged, as hundred of errors would appear. Converting an existing project to full strict mode is still possible, but it should be done incrementally, by activating each option one by one.
cd path/to/my-project
npx typescript-strictly-typed
npx
is a command included in Node/npm. In case of problem
(there is a known issue
with npx
on Windows if your user path contains a space, like C:\Users\Hello World
),
just do the full commands:
cd path/to/my-project
npm install typescript-strictly-typed -g
typescript-strictly-typed
Adding configuration for:
strict
(which includes in particular noImplicitAny
and strictNullChecks
)noFallthroughCasesInSwitch
noImplicitReturns
noPropertyAccessFromIndexSignature
forceConsistentCasingInFileNames
@typescript-eslint/no-explicit-any
@typescript-eslint/explicit-module-boundary-types
no-any
typedef
with call-signature
strictInjectionParameters
strictTemplates
strictInputAccessModifiers
@angular-eslint/template/no-any
template-no-any
My open source contributions are done on free time. So if your company earns money with them, it would be nice to consider becoming a sponsor.
You need a LTS version of Node and npm, ie. currently:
Be sure to invoke the command in the root directory of your project,
ie. where your configuration files (like tsconfig.json
) are located.
strict
mode is available in TypeScript >= 2.3.
ESLint must be configured for TypeScript, ie. with:
"parser": "@typescript-eslint/parser"
and "plugins": ["@typescript-eslint"]
"extends": ["@vue/typescript"]
and React uses "extends": "react-app"
)Official getting started documentation of @typescript-eslint
The project must use a LTS version of Angular CLI, ie. with a angular.json
file.
This lib is here to promote good practices. But at the end of the day, it just adds a few lines in configuration files, as explained above in "What does it do?".
It was already a lot of work to support all possible official configuration formats. So if it doesn't work for your project because of a custom configuration, you can just modify the configuration files yourself.
.eslintrc.js
(including Vue)If your project uses a .eslintrc
.js
file (instead of a more classic .eslintrc
.json
file)
you'll have to copy the strict rules newly generated in .eslintrc
.json
file
into the existing .eslintrc
.js
file.
For Vue apps created with vue create
, after running this lib command,
it will work out of the box if you chose one of the following Vue options:
But if you chose ESLint with a dedicated config file,
Vue will create a .eslintrc
.js
file and so you'll have to do the above step.
See issue #3 if you want to help.
MIT
2.8.0 (2021-04-19)
For ESLint:
@typescript-eslint/explicit-module-boundary-types
instead of @typescript-eslint/explicit-function-return-type
override
FAQs
Enable configurations for strictly typed TypeScript, ESLint, and optionally Angular.
We found that typescript-strictly-typed demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.