Installations
npm install @zhcode/eslint-config-alloyDeveloper Guide
Typescript
No
Module System
CommonJS
Node Version
14.17.4
NPM Version
8.0.0
Releases
Contributors
Unable to fetch Contributors
Languages
JavaScript (73.11%)
TypeScript (15.93%)
Vue (10.03%)
CSS (0.72%)
HTML (0.17%)
Shell (0.05%)
Love this project? Help keep it running — sponsor us today! 🚀
Developer
Download Statistics
Total Downloads
785
Last Day
1
Last Week
5
Last Month
18
Last Year
183
GitHub Statistics
2,652 Stars
459 Commits
314 Forks
41 Watchers
6 Branches
16 Contributors
Updated on Feb 05, 2025
Bundle Size
175.00 B
Minified
151.00 B
Minified + Gzipped
Maintainers
Package Meta Information
Latest Version
1.0.0
Package Id
@zhcode/eslint-config-alloy@1.0.0
Unpacked Size
923.39 kB
Size
167.08 kB
File Count
931
NPM Version
8.0.0
Node Version
14.17.4
Total Downloads
Cumulative downloads
Total Downloads
785
Last Day
0%
1
Compared to previous day
Last Week
-44.4%
5
Compared to previous week
Last Month
100%
18
Compared to previous month
Last Year
-30.2%
183
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dev Dependencies
35
eslint-config-alloy
English / 简体中文
The AlloyTeam ESLint config is not only a progressive ESLint config for your React/Vue/TypeScript projects but also the best reference for configuring your personalized ESLint rules.
Quick start
Please choose the following configuration based on the technology stack used by your project:
Philosophy
- Let Prettier handle style-related rules
- Inherit ESLint's philosophy and help everyone build their own rules
- High degree of automation: advanced rules management, test as a document, as a website
- Keep up with the times, follow up the latest rules as soon as possible
Let Prettier handle style-related rules
Prettier is a code formatting tool that offers fewer options but is more professional than the style-related rules in ESLint.
Now that Prettier has become a necessary tool in front-end projects, eslint-config-alloy does not need to maintain the style-related rules in ESLint anymore, so we completely removed all Prettier related rules in the v3 version, and use ESLint to check logical errors which it's good at.
As for whether two spaces or four spaces are used for indentation and whether there is a semicolon at the end, you can configure it in the project's .prettierrc.js. Of course, we also provide a recommended Prettier configuration for your reference.
Inherit ESLint's philosophy and help everyone build their own rules
Don't you remember how ESLint defeated JSHint and became the most popular JS code inspection tool? It is because of the plugin and configuration that ESLint advocates, which meets the individual needs of different technology stacks of different teams.
Therefore, eslint-config-alloy also inherits the philosophy of ESLint. It will not emphasize the need to use our config. Instead, we help you to make your config by reference our completed documents, examples, tests, websites, etc.
High degree of automation: advanced rules management, test as a document, as a website
Relentless push automation
eslint-config-alloy uses a high degree of automation to hand over all processes that can be managed automatically, including:
- Through greenkeeper and travis-ci, automatically check whether ESLint and related plugins have new versions and if there are new rules in the new version which we need to add
- Automatically check if our rules include Prettier rules
- Automatically check if our rules include deprecated rules
Also, through automated scripts, we can even divide and conquer thousands of ESLint configuration files, and each rule is managed in a separate directory:
- Integrate single configurations into a final configuration through a script
- The description and reason in single configurations are built into a website by a script for everyone to view
- The
bad.jsandgood.jsin a single configuration are output to website by script, and you can even see the error message (which are run in a real ESLint script) in thebad.jsof website
The benefits of this are very obvious — test as a document, as a website. We can maintain the rules and tests in one place. Other tasks are handed over to an automated script, which greatly reduces the maintenance cost. In short, when we have a new rule to add, we only need to write three files test/index/another-rule/.eslintrc.js, test/index/another-rule/bad.js, test/index/another-rule/good.js.
Keep up with the times, follow up the latest rules as soon as possible
ESLint is updated very quickly, there is a new version almost every week, sometimes there are new rules, sometimes existing rules are deprecated, and related plug-ins (React/Vue/TypeScript) will be updated from time to time. Without automation tools, it is difficult to follow up.
And eslint-config-alloy can receive the [greenkeeper issue] (https://github.com/AlloyTeam/eslint-config-alloy/issues/127) as soon as possible through the above automation tools, tell us which plugin has been updated, and the travis-ci build log will tell us which rules need to be added:
In this way, we can follow the latest rules in a time when the front-end community is changing rapidly, and always keep the vitality and advanced of eslint-config-alloy.
Usage
Built-in
1npm install --save-dev eslint @babel/eslint-parser eslint-config-alloy
Create an .eslintrc.js in the root directory of your project, then copy the following content into it:
1module.exports = { 2 extends: [ 3 'alloy', 4 ], 5 env: { 6 // Your environments (which contains several predefined global variables) 7 // 8 // browser: true, 9 // node: true, 10 // mocha: true, 11 // jest: true, 12 // jquery: true 13 }, 14 globals: { 15 // Your global variables (setting to false means it's not allowed to be reassigned) 16 // 17 // myGlobal: false 18 }, 19 rules: { 20 // Customize your rules 21 }, 22};
React
1npm install --save-dev eslint @babel/eslint-parser eslint-plugin-react eslint-config-alloy
Create an .eslintrc.js in the root directory of your project, then copy the following content into it:
1module.exports = { 2 extends: [ 3 'alloy', 4 'alloy/react', 5 ], 6 env: { 7 // Your environments (which contains several predefined global variables) 8 // 9 // browser: true, 10 // node: true, 11 // mocha: true, 12 // jest: true, 13 // jquery: true 14 }, 15 globals: { 16 // Your global variables (setting to false means it's not allowed to be reassigned) 17 // 18 // myGlobal: false 19 }, 20 rules: { 21 // Customize your rules 22 }, 23};
Vue
1npm install --save-dev eslint @babel/eslint-parser vue-eslint-parser eslint-plugin-vue eslint-config-alloy
Create an .eslintrc.js in the root directory of your project, then copy the following content into it:
1module.exports = { 2 extends: [ 3 'alloy', 4 'alloy/vue', 5 ], 6 env: { 7 // Your environments (which contains several predefined global variables) 8 // 9 // browser: true, 10 // node: true, 11 // mocha: true, 12 // jest: true, 13 // jquery: true 14 }, 15 globals: { 16 // Your global variables (setting to false means it's not allowed to be reassigned) 17 // 18 // myGlobal: false 19 }, 20 rules: { 21 // Customize your rules 22 }, 23};
TypeScript
1npm install --save-dev eslint typescript @typescript-eslint/parser @typescript-eslint/eslint-plugin eslint-config-alloy
Create an .eslintrc.js in the root directory of your project, then copy the following content into it:
1module.exports = { 2 extends: [ 3 'alloy', 4 'alloy/typescript', 5 ], 6 env: { 7 // Your environments (which contains several predefined global variables) 8 // 9 // browser: true, 10 // node: true, 11 // mocha: true, 12 // jest: true, 13 // jquery: true 14 }, 15 globals: { 16 // Your global variables (setting to false means it's not allowed to be reassigned) 17 // 18 // myGlobal: false 19 }, 20 rules: { 21 // Customize your rules 22 }, 23};
TypeScript React
1npm install --save-dev eslint typescript @typescript-eslint/parser @typescript-eslint/eslint-plugin eslint-plugin-react eslint-config-alloy
Create an .eslintrc.js in the root directory of your project, then copy the following content into it:
1module.exports = { 2 extends: [ 3 'alloy', 4 'alloy/react', 5 'alloy/typescript', 6 ], 7 env: { 8 // Your environments (which contains several predefined global variables) 9 // 10 // browser: true, 11 // node: true, 12 // mocha: true, 13 // jest: true, 14 // jquery: true 15 }, 16 globals: { 17 // Your global variables (setting to false means it's not allowed to be reassigned) 18 // 19 // myGlobal: false 20 }, 21 rules: { 22 // Customize your rules 23 }, 24};
Troubleshooting
With VSCode
ESLint will not lint .vue, .ts or .tsx files in VSCode by default, you need to set your .vscode/settings.json like this:
1{ 2 "eslint.validate": [ 3 "javascript", 4 "javascriptreact", 5 "vue", 6 "typescript", 7 "typescriptreact" 8 ] 9}
Autofix ESLint errors on save
If you want to enable auto-fix-on-save, you need to set your .vscode/settings.json like this:
1{ 2 "eslint.validate": ["javascript", "javascriptreact", "vue", "typescript", "typescriptreact"], 3 "editor.codeActionsOnSave": { 4 "source.fixAll.eslint": true 5 }, 6}
With Prettier
eslint-config-alloy does not include all style-related rules in v3, so there is no need to install eslint-config-prettier. Just install prettier and related VSCode plugins.
Here is a .prettierrc.js configuration used by AlloyTeam for reference only:
1// .prettierrc.js 2module.exports = { 3 // max 120 characters per line 4 printWidth: 120, 5 // use 2 spaces for indentation 6 tabWidth: 2, 7 // use spaces instead of indentations 8 useTabs: false, 9 // semicolon at the end of the line 10 semi: true, 11 // use single quotes 12 singleQuote: true, 13 // object's key is quoted only when necessary 14 quoteProps: 'as-needed', 15 // use double quotes instead of single quotes in jsx 16 jsxSingleQuote: false, 17 // no comma at the end 18 trailingComma: 'all', 19 // spaces are required at the beginning and end of the braces 20 bracketSpacing: true, 21 // end tag of jsx need to wrap 22 jsxBracketSameLine: false, 23 // brackets are required for arrow function parameter, even when there is only one parameter 24 arrowParens: 'always', 25 // format the entire contents of the file 26 rangeStart: 0, 27 rangeEnd: Infinity, 28 // no need to write the beginning @prettier of the file 29 requirePragma: false, 30 // No need to automatically insert @prettier at the beginning of the file 31 insertPragma: false, 32 // use default break criteria 33 proseWrap: 'preserve', 34 // decide whether to break the html according to the display style 35 htmlWhitespaceSensitivity: 'css', 36 // vue files script and style tags indentation 37 vueIndentScriptAndStyle: false, 38 // lf for newline 39 endOfLine: 'lf', 40 // formats quoted code embedded 41 embeddedLanguageFormatting: 'auto', 42};
A best practice for VSCode is to auto format code with Prettier and autofix errors with ESLint by setting .vscode/settings.json to this:
1{ 2 "files.eol": "\n", 3 "editor.tabSize": 2, 4 "editor.formatOnSave": true, 5 "editor.defaultFormatter": "esbenp.prettier-vscode", 6 "eslint.validate": ["javascript", "javascriptreact", "vue", "typescript", "typescriptreact"], 7 "editor.codeActionsOnSave": { 8 "source.fixAll.eslint": true 9 } 10}
Scripts
1# install dependencies 2npm i 3# build eslintrc like index.js, react.js, etc. 4npm run build 5# run tests 6npm test 7# autofix ESLint errors 8npm run eslint:fix 9# autofix prettier errors 10npm run prettier:fix 11# check if all rules are currently covered 12npm run test:rulesCoverage 13# publish new version 14npm version <major|minor|patch> 15git push --follow-tags 16npm publish
Q & A
Why another ESLint config
Our team initially used Airbnb rules, but because it was too strict, some rules still needed to be personalized, which led to more and more changes in the future and finally decided to maintain a new set. After more than two years of polishing, eslint-config-alloy is now very mature and progressive and has been welcomed by many teams inside and outside the company.
Why not standard
The standard specification believes that everyone should not waste time in personalized specifications, but the entire community should unify a specification. This statement makes some sense, but it runs against the ESLint's design philosophy. Don't you remember how ESLint defeated JSHint and became the most popular JS code inspection tool? It is because of the plugin and configuration that ESLint advocates, which meets the individual needs of different technology stacks of different teams.
Therefore, eslint-config-alloy also inherits the philosophy of ESLint. It will not force you to use our config. Instead, we help you to make your config by referencing our examples, tests, websites and so on.
Why not airbnb
eslint-config-alloyhas officially maintainedvue,typescriptandreact+typescriptrules. In contrast, airbnb'svueandtypescriptare maintained by third parties.- Progressive to ensure that we can keep up with the times, as mentioned earlier
- Convenient personalization, including explanations and website examples
Looks good, but I still choose airbnb
It's okay, eslint-config-alloy believes that different teams and projects can have different configurations from the design concept. Although you choose to use airbnb, you can still come to our website when you have personalized configuration needs.
Reference
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
Found 2/25 approved changesets -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/ci.yml:1
- Warn: no topLevel permission defined: .github/workflows/rulesCoverage.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
license file not detected
Details
- Warn: project does not have a license file
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/AlloyTeam/eslint-config-alloy/ci.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/AlloyTeam/eslint-config-alloy/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/AlloyTeam/eslint-config-alloy/ci.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/AlloyTeam/eslint-config-alloy/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rulesCoverage.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/AlloyTeam/eslint-config-alloy/rulesCoverage.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/rulesCoverage.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/AlloyTeam/eslint-config-alloy/rulesCoverage.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rulesCoverage.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/AlloyTeam/eslint-config-alloy/rulesCoverage.yml/master?enable=pin
- Info: 0 out of 4 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 3 third-party GitHubAction dependencies pinned
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 7 are checked with a SAST tool
Reason
26 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc
- Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
- Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w
- Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
- Warn: Project is vulnerable to: GHSA-353f-5xf4-qw67
- Warn: Project is vulnerable to: GHSA-c24v-8rfc-w8vw
- Warn: Project is vulnerable to: GHSA-8jhw-289h-jh2g
- Warn: Project is vulnerable to: GHSA-64vr-g452-qvp3
- Warn: Project is vulnerable to: GHSA-9cwx-2883-4wfx
- Warn: Project is vulnerable to: GHSA-vg6x-rcgg-rjx6
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Score
2.2
/10
Last Scanned on 2025-02-10
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More