Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
uber-standard
Advanced tools
No decisions to make. No .eslintrc
, .jshintrc
, or .jscsrc
files to manage. It just
works.
This module saves you (and others!) time in two ways:
npm install uber-standard
The easiest way to use JavaScript Standard Style to check your code is to install it
globally as a Node command line program. To do so, simply run the following command in
your terminal (flag -g
installs standard
globally on your system, omit it if you want
to install in the current working directory):
npm install uber-standard -g
After you've done that you should be able to use the standard
program. The simplest use
case would be checking the style of all JavaScript files in the current working directory:
$ standard
Error: Use Uber JavaScript Standard Style (https://github.com/uber/standard)
lib/torrent.js:950:11: Expected '===' and instead saw '=='.
First, install standard
. Then, install the appropriate plugin for your editor:
let g:syntastic_javascript_checkers = ['standard']
to your .vimrc
.package.json
{
"name": "my-cool-package",
"devDependencies": {
"uber-standard": "^3.6.0"
},
"scripts": {
"test": "standard && node my-tests.js"
}
}
npm test
$ npm test
Error: Use Uber JavaScript Standard Style (https://github.com/uber/standard)
lib/torrent.js:950:11: Expected '===' and instead saw '=='.
The beauty of Uber JavaScript Standard Style is that it's simple. No one wants to maintain multiple hundred-line style configuration files for every module/project they work on. Enough of this madness!
This module saves you time in two ways:
Adopting standard
style means ranking the importance of code clarity and community
conventions higher than personal style. This might not make sense for 100% of projects and
development cultures, however open source can be a hostile place for newbies. Setting up
clear, automated contributor expectations makes a project healthier.
No. The the whole point of standard
is to avoid bikeshedding about
style. There are lots of debates online about tabs vs. spaces, etc. that will never be
resolved. These debates just distract from getting stuff done. At the end of the day you
have to 'just pick something', and that's the whole philosophy of standard
-- its a
bunch of sensible 'just pick something' opinions. Hopefully, users see the value in that
over defending their own opinions.
Of course it's not! The style laid out here is not affiliated with any official web
standards groups, which is why this repo is called uber/standard
and not
ECMA/standard
.
The word "standard" has more meanings than just "web standard" :-) For example:
Yes! Just run standard --format filename.js
. This uses the Uber fork of
Max Ogden's automatic formatter standard-format
,
which can automatically fix most code issues.
While most issues can be fixed, some, like not handling errors in node-style callbacks, must be fixed manually.
The paths node_modules/**
, *.min.js
, bundle.js
, coverage/**
, and hidden
files/folders (beginning with .
) are automatically excluded when looking for .js
files
to style check.
Sometimes you need to ignore additional folders or specific minfied files. To do that, add
a standard.ignore
property to package.json
:
"standard": {
"ignore": [
"**/out/**",
"**/lib/select2/**",
"**/lib/ckeditor/**"
]
}
In rare cases, you'll need to break a rule and hide the warning generated by standard
.
JavaScript Standard Style uses eslint
under-the-hood and you can
hide warnings as you normally would if you used eslint
directly.
Use the eslint inline directives like: /*eslint no-console:0*/
or /*eslint-disable*/
To get verbose output (so you can find the particular rule name to ignore), run:
$ standard --verbose
Error: Use JavaScript Standard Style
routes/error.js:20:36: 'file' was used before it was defined. (no-use-before-define)
Disable all rules on a specific line:
file = 'I know what I am doing' // eslint-disable-line
Or, disable only the "no-use-before-define"
rule:
file = 'I know what I am doing' // eslint-disable-line no-use-before-define
Or, disable the "no-use-before-define"
rule for multiple lines:
/*eslint-disable no-use-before-define */
// offending code here...
// offending code here...
// offending code here...
/*eslint-enable no-use-before-define */
No. Use eslint
directly if you want to configure hundreds of options individually.
Pro tip: Just use standard
and move on. There are actual real problems that you could
spend your time solving! :P
Web workers have a magic global variable called self
. In regular JS files, standard
won't let you use self
directly, as it wants to prevent accidental use of
window.self
. But standard
has no way of knowing when you are in a worker
and
therefore does not know when to allow usage of self
directly.
Until we figure out a better solution, we recommend adding this to the top of workers:
/* global self */
This lets standard
(as well as humans reading your code) know that self
is a global
in web worker code.
pre-commit
hook for standard
?Funny you should ask!
#!/bin/sh
# Ensure all javascript files staged for commit pass standard code style
git diff --name-only --cached --relative | grep '\.js$' | xargs standard
exit $?
"disallowKeywords"
feature to eslint.MIT. Copyright (c) Feross Aboukhadijeh.
FAQs
JavaScript Standard Style
The npm package uber-standard receives a total of 21 weekly downloads. As such, uber-standard popularity was classified as not popular.
We found that uber-standard demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.