npmpackage.info

@untitled-engineer/eslint-plugin-lit-a11y

Open Web Components: guides, tools and libraries for developing web components.

1.1.0-next.2-dev

2,283

MIT

JavaScript

231.68 kB

451 3.9

Installations

npm install @untitled-engineer/eslint-plugin-lit-a11y

Developer Guide

BETA

Typescript

No

Module System

CommonJS

Node Version

14.17.0

NPM Version

7.16.0 Score

Supply Chain

94.6

Quality

69.8

Maintenance

100

Vulnerability

96.1

License

Pull Requests

Open

34

Total

1,801

Closed

378

Merged

1,389

Issues

Open

143

Total

976

Closed

833

Releases

199

eslint-plugin-lit-a11y@4.1.4

Published on 11 Jul 2024

eslint-plugin-lit-a11y@4.1.3

Published on 26 Jun 2024

@open-wc/testing-helpers@3.0.1

Published on 23 Apr 2024

@open-wc/lit-helpers@0.7.0

Published on 20 Feb 2024

eslint-plugin-lit-a11y@4.1.2

Published on 30 Jan 2024

@open-wc/scoped-elements@3.0.5

Published on 24 Jan 2024

View all 199 releases

Contributors

221

View all 221 contributors

Languages

JavaScript

TypeScript

HTML

MDX

Shell

JavaScript (95.73%)

TypeScript (2.46%)

HTML (1.68%)

MDX (0.12%)

Shell (0.01%)

Developer

open-wc

Download Statistics

Total Downloads

451

Last Day

Last Week

Last Month

Last Year

GitHub Statistics

2,283 Stars

2,563 Commits

424 Forks

48 Watching

84 Branches

221 Contributors

Maintainers

Package Meta Information

Latest Version

1.1.0-next.2-dev

Package Id

@untitled-engineer/eslint-plugin-lit-a11y@1.1.0-next.2-dev

Unpacked Size

231.68 kB

Size

40.85 kB

File Count

NPM Version

7.16.0

Node Version

14.17.0

Total Downloads

Cumulative downloads

Total Downloads

451

Last day

Compared to previous day

Last week

Compared to previous week

Last month

-50%

Compared to previous month

Last year

-52.3%

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

aria-query axe-core axobject-query dom5 emoji-regex eslint eslint-rule-extender intl-list-format parse5 parse5-htmlparser2-tree-adapter requireindex

Peer Dependencies

eslint

Versions

Linting >> EsLint Plugin Lit A11y >> Overview || -5

Accessibility linting plugin for lit-html.

Most of the rules are ported from eslint-plugin-jsx-a11y, and made to work with lit-html templates and custom elements.

Installation

You'll first need to install ESLint:

$ npm i eslint --save-dev

Next, install eslint-plugin-lit-a11y:

$ npm install eslint-plugin-lit-a11y@next --save-dev

Note: If you installed ESLint globally (using the -g flag) then you must also install eslint-plugin-lit-a11y globally.

Usage

Add lit-a11y to the plugins section of your .eslintrc configuration file. You can omit the eslint-plugin- prefix:

1{
2  "plugins": ["lit-a11y"]
3}

Then configure the rules you want to use under the rules section.

1{
2  "rules": {
3    "lit-a11y/rule-name": 2
4  }
5}

Configuration

You may also extend the recommended configuration like so:

1{
2  "extends": ["plugin:lit-a11y/recommended"]
3}

By default, any tagged template literal that starts with html is linted. Example:

1html` <img /> `;

It could be the case, however, that you're using multiple rendering libraries in a project, like for example htm, which also uses a html tagged template literal, but has a slightly different syntax than lit-html. In this case you can specify the following option, to make sure only lit-html tagged template literals are linted:

1{
2  "settings": {
3    "litHtmlSources": true
4  }
5}

This will cause the plugin to lint only html tagged template literals that are imported from either 'lit', 'lit-element' or 'lit-html'.

If you're importing lit-html from a package that re-exports lit-html, like for example @apollo-elements/lit-apollo, you can specify @apollo-elements/lit-apollo as a valid litHtmlSource like so:

1{
2  "settings": {
3    "litHtmlSources": ["@apollo-elements/lit-apollo"]
4  }
5}

Supported Rules

No vulnerabilities found.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

License

Determines if the project has defined a license.

7

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

6

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 6

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/canary.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/open-wc/open-wc/canary.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/canary.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/open-wc/open-wc/canary.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/canary.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/open-wc/open-wc/canary.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/open-wc/open-wc/lint.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/open-wc/open-wc/lint.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/preview.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/open-wc/open-wc/preview.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/preview.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/open-wc/open-wc/preview.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/preview.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/open-wc/open-wc/preview.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/open-wc/open-wc/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/open-wc/open-wc/release.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/open-wc/open-wc/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/verify-node.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/open-wc/open-wc/verify-node.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/verify-node.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/open-wc/open-wc/verify-node.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/verify-node.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/open-wc/open-wc/verify-node.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/verify-node.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/open-wc/open-wc/verify-node.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/verify-node.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/open-wc/open-wc/verify-node.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/verify-node.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/open-wc/open-wc/verify-node.yml/master?enable=pin
Info: 0 out of 15 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 2 third-party GitHubAction dependencies pinned
Info: 7 out of 7 npmCommand dependencies pinned

0

Maintained

Determines if the project is "actively maintained".

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Security-Policy

Determines if the project has published a security policy.

0

Fuzzing

Determines if the project uses fuzzing.

0

SAST

Determines if the project uses static code analysis.

0

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

Reason

39 existing vulnerabilities detected

Details

Warn: Project is vulnerable to: GHSA-28mc-g557-92m7
Warn: Project is vulnerable to: GHSA-wf5p-g6vw-rhxx
Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq
Warn: Project is vulnerable to: GHSA-phwq-j96m-2c2q
Warn: Project is vulnerable to: GHSA-ghr5-ch3p-vcr6
Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc
Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
Warn: Project is vulnerable to: GHSA-rrr8-f88r-h8q6
Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc
Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp
Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
Warn: Project is vulnerable to: GHSA-9pv7-vfvm-6vr7
Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j
Warn: Project is vulnerable to: GHSA-c7qv-q95q-8v27
Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
Warn: Project is vulnerable to: GHSA-45rm-2893-5f49
Warn: Project is vulnerable to: GHSA-6vfc-qv3f-vr6c
Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w
Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
Warn: Project is vulnerable to: GHSA-p493-635q-r6gr
Warn: Project is vulnerable to: GHSA-3965-hpx2-q597
Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
Warn: Project is vulnerable to: GHSA-gp95-ppv5-3jc5
Warn: Project is vulnerable to: GHSA-54xq-cgqr-rpm3
Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
Warn: Project is vulnerable to: GHSA-w5p7-h5w8-2hfq
Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q

Score

3.9

/10

Last Scanned on 2024-12-23

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More