Gathering detailed insights and metrics for eslint-plugin-html
Gathering detailed insights and metrics for eslint-plugin-html
Gathering detailed insights and metrics for eslint-plugin-html
Gathering detailed insights and metrics for eslint-plugin-html
An ESLint plugin to extract and lint scripts from HTML files.
npm install eslint-plugin-html
Typescript
Module System
Min. Node Version
Node Version
NPM Version
55.8
Supply Chain
100
Quality
79
Maintenance
100
Vulnerability
100
License
Updated on 05 Dec 2024
Minified
Minified + Gzipped
JavaScript (95.84%)
HTML (3.03%)
Shell (1.13%)
Cumulative downloads
Total Downloads
Last day
8.5%
Compared to previous day
Last week
-0%
Compared to previous week
Last month
13.1%
Compared to previous month
Last year
24.7%
Compared to previous year
1
Simply install via npm install --save-dev eslint-plugin-html
and add the plugin to your ESLint
configuration. See
ESLint documentation.
1import html from "eslint-plugin-html" 2 3export default [ 4 { 5 files: ["**/*.html"], 6 plugins: { html }, 7 }, 8]
1{ 2 "plugins": ["html"] 3}
To temporarily disable ESLint, use the <!-- eslint-disable -->
HTML comment. Re-enable it with
<!-- eslint enable -->
. Example:
1<!-- eslint-disable --> 2<script> 3 var foo = 1 4</script> 5<!-- eslint-enable -->
To disable ESLint for the next script tag only, use the <!-- eslint-disable-next-script -->
HTML
comment. Example:
1<!-- eslint-disable-next-script --> 2<script> 3 var foo = 1 4</script>
Disabled script tags are completely ignored: their content will not be parsed as JavaScript. You can use this to disable script tags containing template syntax.
This plugin focuses on applying ESLint rules on inline scripts contained in HTML. It does not
provide any rule related to HTML. For that, you can use other plugins like
@eslint-html
or
@angular-eslint. eslint-plugin-html
is
compatible with those plugins and can be used along them.
When linting a HTML with multiple script tags, this plugin tries to emulate the browser behavior by
sharing the global scope between scripts by default. This behavior doesn't apply to "module"
scripts (ie: <script type="module">
and most transpiled code), where each script tag gets its own
top-level scope.
ESLint has already an
option to tell the parser
if the script are modules. eslint-plugin-html
will use this option as well to know if the scopes
should be shared (the default) or not. To change this, just set it in your ESLint configuration:
1export default [ 2 { 3 // ... 4 languageOptions: { 5 sourceType: "module", 6 }, 7 }, 8]
1{ 2 "parserOptions": { 3 "sourceType": "module" 4 } 5}
To illustrate this behavior, consider this HTML extract:
1<script> 2 var foo = 1 3</script> 4 5<script> 6 alert(foo) 7</script>
This is perfectly valid by default, and the ESLint rules no-unused-vars
and no-undef
shouldn't
complain. But if those scripts are considerated as ES modules, no-unused-vars
should report an
error in the first script, and no-undef
should report an error in the second script.
In eslint-plugin-html
v1 and v2, script code were concatenated and linted in a single pass, so
the scope were always shared. This caused some issues, so in v3 all scripts
were linted separately, and scopes were never shared. In v4, the plugin still lint scripts
separately, but makes sure global variables are declared and used correctly in the non-module case.
This plugin parses HTML and XML markup slightly differently, mainly when considering CDATA
sections:
CDATA
section will be considered as raw text (not XML) and the CDATA
delimiter will be droped ;<script>
tags: the CDATA
delimiter is considered as normal
text and thus, part of the script.Note: all settings can be written either as
"html/key": value
or in a nested object"html": { "key": value }
html/html-extensions
By default, this plugin will only consider files ending with those extensions as HTML: .erb
,
.handlebars
, .hbs
, .htm
, .html
, .mustache
, .nunjucks
, .php
, .tag
, .twig
, .we
.
You can set your own list of HTML extensions by using this setting. Example:
1export default [ 2 { 3 files: ["**/*.html", "**/*.we"], 4 plugins: { html }, 5 settings: { 6 "html/html-extensions": [".html", ".we"], // consider .html and .we files as HTML 7 }, 8 }, 9]
Note: you need to specify extensions twice, which is not ideal. This should be imporved in the future.
1{ 2 "plugins": ["html"], 3 "settings": { 4 "html/html-extensions": [".html", ".we"] // consider .html and .we files as HTML 5 } 6}
html/xml-extensions
By default, this plugin will only consider files ending with those extensions as XML: .xhtml
,
.xml
. You can set your own list of XML extensions by using this setting. Example:
1export default [ 2 { 3 files: ["**/*.html"], 4 plugins: { html }, 5 settings: { 6 "html/xtml-extensions": [".html"], // consider .html files as XML 7 }, 8 }, 9]
Note: you need to specify extensions twice, which is not ideal. This should be imporved in the future.
1{ 2 "plugins": ["html"], 3 "settings": { 4 "html/xml-extensions": [".html"] // consider .html files as XML 5 } 6}
html/indent
By default, the code between <script>
tags is dedented according to the first non-empty line. The
setting html/indent
allows to ensure that every script tags follow an uniform indentation. Like
the indent
rule, you can pass a number of spaces, or "tab"
to indent with one tab. Prefix this
value with a +
to be relative to the <script>
tag indentation. Example:
1export default [ 2 { 3 files: ["**/*.html"], 4 plugins: { html }, 5 settings: { 6 "html/indent": "0", // code should start at the beginning of the line (no initial indentation). 7 "html/indent": "+2", // indentation is the <script> indentation plus two spaces. 8 "html/indent": "tab", // indentation is one tab at the beginning of the line. 9 }, 10 }, 11]
1{ 2 "plugins": ["html"], 3 "settings": { 4 "html/indent": "0", // code should start at the beginning of the line (no initial indentation). 5 "html/indent": "+2", // indentation is the <script> indentation plus two spaces. 6 "html/indent": "tab" // indentation is one tab at the beginning of the line. 7 } 8}
html/report-bad-indent
By default, this plugin won't warn if it encounters a problematic indentation (ex: a line is under
indented). If you want to make sure the indentation is correct, use the html/report-bad-indent
in
conjunction with the indent
rule. Pass "warn"
or 1
to display warnings, "error"
or 2
to
display errors. Example:
1export default [ 2 { 3 files: ["**/*.html"], 4 plugins: { html }, 5 settings: { 6 "html/report-bad-indent": "error", 7 }, 8 }, 9]
1{ 2 "plugins": ["html"], 3 "settings": { 4 "html/report-bad-indent": "error" 5 } 6}
html/javascript-tag-names
By default, the code between <script>
tags is considered as JavaScript. You can customize which
tags should be considered JavaScript by providing one or multiple tag names.
Example:
1export default [ 2 { 3 files: ["**/*.html"], 4 plugins: { html }, 5 settings: { 6 "html/javascript-tag-names": ["script", "customscript"], 7 }, 8 }, 9]
1{ 2 "plugins": ["html"], 3 "settings": { 4 "html/javascript-tag-names": ["script", "customscript"] 5 } 6}
html/javascript-mime-types
By default, the code between <script>
tags is considered as JavaScript code only if there is no
type
attribute or if its value matches the pattern
(application|text)/(x-)?(javascript|babel|ecmascript-6)
or module
(case insensitive). You can
customize the types that should be considered as JavaScript by providing one or multiple MIME types.
If a MIME type starts with a /
, it will be considered as a regular expression. Example:
1export default [ 2 { 3 files: ["**/*.html"], 4 plugins: { html }, 5 settings: { 6 "html/javascript-mime-types": ["text/javascript", "text/jsx"], // also use script tags with a "text/jsx" type attribute 7 "html/javascript-mime-types": "/^text\\/(javascript|jsx)$/", // same thing 8 }, 9 }, 10]
1{ 2 "plugins": ["html"], 3 "settings": { 4 "html/javascript-mime-types": ["text/javascript", "text/jsx"], // also use script tags with a "text/jsx" type attribute 5 "html/javascript-mime-types": "/^text\\/(javascript|jsx)$/" // same thing 6 } 7}
html/ignore-tags-without-type
By default, the code between <script>
tags is considered JavaScript if there is no type
attribute. You can set this setting to true
to ignore script tags without a type
attribute.
Example:
1export default [ 2 { 3 files: ["**/*.html"], 4 plugins: { html }, 5 settings: { 6 "html/ignore-tags-without-type": true, 7 }, 8 }, 9]
1{ 2 "plugins": ["html"], 3 "settings": { 4 "html/ignore-tags-without-type": true 5 } 6}
eslint
on a directoryBy default, when executing the eslint
command on a directory, only .js
files will be linted. You
will have to specify extra extensions with the --ext
option. Example: eslint --ext .html,.js src
will lint both .html
and .js
files in the src
directory. See ESLint
documentation.
eslint-plugin-html
won't evaluate or remove your template markup. If you have template markup in
your script tags, the resulting script may not be valid JavaScript, so ESLint
will fail to parse
it. Here are some workarounds:
You can use HTML comments to disable ESLint for specific script tags.
For PHP, you can use
eslint-plugin-php-markup
to lint php
files, it use a same way to process php markup like eslint-plugin-html
.
Another possible hacky workaround to make sure the code is valid JavaScript is to put your template markup inside a comment. When the template is rendered, the generated JS code must start with a new line, so it will be written below the comment. PHP example:
1<script> 2 var mydata 3 // <?= "\n mydata = " . json_encode($var) . ";" ?> 4 console.log(mydata) 5</script>
Initially, eslint-plugin-vue
was using
eslint-plugin-html
to lint code inside script tags. Since v3, eslint-plugin-vue
is using its
own parser, so it is incompatible with eslint-plugin-html
. You should use eslint-plugin-vue
exclusively and remove eslint-plugin-html
from your dependencies if you still have it.
eslint-plugin-html
v4 requires at least ESLint v4.7. This is because a lot of internal changes
occured in ESLint v4.7, including a new API to support autofixing in
preprocessors.
If you are still using an older version of ESLint, please consider upgrading, or keep using
eslint-plugin-html
v3.
The big feature (and breaking change) in eslint-plugin-html
v4 is the ability to choose how scopes
are shared between script tags in the same HTML file.
If you are considering upgrading to v3, please read this guide.
A big thank you to @kuceb for the logo image!
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
Reason
7 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 8
Reason
2 existing vulnerabilities detected
Details
Reason
dependency not pinned by hash detected -- score normalized to 2
Details
Reason
branch protection is not maximal on development and all release branches
Details
Reason
Found 1/19 approved changesets -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
Reason
project is not fuzzed
Details
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
Score
Last Scanned on 2024-12-02
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More