npmpackage.info

Gathering detailed insights and metrics for @adobe/eslint-config-aio-lib-config

@adobe/eslint-config-aio-lib-config

Shareable ESLint config for AIO libs

4.0.0

Apache-2.0

JavaScript

138,307 4.8

Installations

npm install @adobe/eslint-config-aio-lib-config

Pull Requests

Open

2

Total

47

Closed

26

Merged

19

Issues

Open

1

Total

8

Closed

7

Releases

4.0.0

Published on 26 Feb 2024

3.0.0

Published on 02 Feb 2024

2.0.2

Published on 12 Sept 2023

2.0.1

Published on 02 Aug 2023

2.0.0

Published on 11 May 2022

1.4.0

Published on 09 Dec 2021

View all 12 releases

Developer

adobe

Developer Guide

BETA

Module System

CommonJS

Min. Node Version

Typescript Support

No

Node Version

18.19.1

NPM Version

10.2.4 Statistics

2 Stars

57 Commits

3 Forks

24 Watching

5 Branches

236 Contributors

Updated on 06 Jan 2023

Languages

JavaScript (100%)

Total Downloads

Cumulative downloads

Total Downloads

138,307

Last day

85.8%

877

Compared to previous day

Last week

-5.2%

6,488

Compared to previous week

Last month

235.4%

25,204

Compared to previous month

Last year

217.8%

73,854

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Peer Dependencies

eslint eslint-plugin-n eslint-plugin-jest eslint-plugin-node eslint-plugin-jsdoc eslint-plugin-import eslint-plugin-promise eslint-config-standard

Dev Dependencies

jest eslint eslint-plugin-n eslint-plugin-jest eslint-plugin-node eslint-plugin-jsdoc eslint-plugin-import eslint-plugin-promise eslint-config-standard

Versions

eslint-config-aio-lib-config

Shareable ESLint config for AIO libs

Publishing (!!!!)

Any update to a dependency/peer dependency must be a major version update, if not a lot of tests will break during npm install because of a version mismatch. Use of semver is warranted here so users can choose when to update their config instead of it being forced on them. The 2.x update broke a lot of tests.

Installation

To install, use npm 5 or greater:

1npm install --save-dev @adobe/eslint-config-aio-lib-config
2npx install-peerdeps --dev @adobe/eslint-config-aio-lib-config

Add to the root `.eslintrc.json` file

Add this to your .eslintrc.json file in the root of your module:

1{
2  "extends": "@adobe/eslint-config-aio-lib-config"
3}

Exclude test/e2e folders from the `node/no-unpublished-require` rule

The node/no-unpublished-require rule prevents using a module when it hasn't been added in the dependencies key in package.json. This setting excludes this rule for test folders, where the module may have been added in the devDependencies key in package.json only.

Add this setting to a .eslintrc.json file in the affected folder:

1{
2    "rules": {
3        "node/no-unpublished-require": 0
4    }
5}

No vulnerabilities found.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

10

License

Determines if the project has defined a license.

10

Security-Policy

Determines if the project has published a security policy.

2

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

1

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 1

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node.js.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/eslint-config-aio-lib-config/node.js.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node.js.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/eslint-config-aio-lib-config/node.js.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/node.js.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/eslint-config-aio-lib-config/node.js.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/on-push-publish-to-npm.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/eslint-config-aio-lib-config/on-push-publish-to-npm.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/on-push-publish-to-npm.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/eslint-config-aio-lib-config/on-push-publish-to-npm.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/on-push-publish-to-npm.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/eslint-config-aio-lib-config/on-push-publish-to-npm.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/version-bump-publish.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/eslint-config-aio-lib-config/version-bump-publish.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/version-bump-publish.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/eslint-config-aio-lib-config/version-bump-publish.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/version-bump-publish.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/adobe/eslint-config-aio-lib-config/version-bump-publish.yml/master?enable=pin
Warn: npmCommand not pinned by hash: .github/workflows/node.js.yml:29
Warn: npmCommand not pinned by hash: .github/workflows/on-push-publish-to-npm.yml:18
Warn: npmCommand not pinned by hash: .github/workflows/version-bump-publish.yml:27
Info: 0 out of 6 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 3 third-party GitHubAction dependencies pinned
Info: 1 out of 4 npmCommand dependencies pinned

0

Maintained

Determines if the project is "actively maintained".

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Fuzzing

Determines if the project uses fuzzing.

0

SAST

Determines if the project uses static code analysis.

Score

4.8

/10

Last Scanned on 2024-11-25

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More

@adobe/eslint-config-aio-lib-config

Installations

Pull Requests

2

47

26

19

Issues

1

8

7

Releases

Developer

adobe

Developer Guide

CommonJS

No

18.19.1

10.2.4

Statistics

Languages

Total Downloads

138,307

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Peer Dependencies

Dev Dependencies

eslint-config-aio-lib-config

Publishing (!!!!)

Installation

Add to the root .eslintrc.json file

Exclude test/e2e folders from the node/no-unpublished-require rule

10

10

10

10

10

2

1

0

0

0

0

0

4.8

/10

Add to the root `.eslintrc.json` file

Exclude test/e2e folders from the `node/no-unpublished-require` rule