Installations
npm install eslint-plugin-node-dependenciesDeveloper
Developer Guide
Module System
CommonJS
Min. Node Version
>=14.17.0
Typescript Support
No
Node Version
18.20.1
NPM Version
10.5.0
Statistics
15 Stars
217 Commits
3 Watching
7 Branches
2 Contributors
Updated on 05 Nov 2024
Languages
TypeScript (96.63%)
JavaScript (2.24%)
Dockerfile (1.12%)
Total Downloads
Cumulative downloads
Total Downloads
418,700
Last day
-41.6%
1,669
Compared to previous day
Last week
-39%
8,869
Compared to previous week
Last month
160.1%
49,003
Compared to previous month
Last year
86.2%
229,290
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Peer Dependencies
1
Dev Dependencies
45
Introduction
eslint-plugin-node-dependencies is ESLint plugin to check Node.js dependencies.
::: This Plugin is still in an EXPERIMENTAL STATE :::
:name_badge: Features
This ESLint plugin checks package.json and provides linting rules related to dependencies problems.
:book: Documentation
See documents.
:cd: Installation
1npm install --save-dev eslint eslint-plugin-node-dependencies
Requirements
- ESLint v6.0.0 and above
- Node.js v14.16.0 and above
:book: Usage
Add node-dependencies to the plugins section of your eslint.config.js or .eslintrc configuration file (you can omit the eslint-plugin- prefix)
and either use one of the two configurations available (recommended) or configure the rules you want:
The recommended configuration (New Config)
The plugin.configs["flat/recommended"] config enables a subset of the rules that should be most useful to most users.
See lib/configs/rules/recommended.ts for more details.
1// eslint.config.js 2import * as nodeDependenciesPlugin from "eslint-plugin-node-dependencies" 3 4export default [ 5 ...nodeDependenciesPlugin.configs["flat/recommended"], 6];
The recommended configuration (Legacy Config)
The plugin:node-dependencies/recommended config enables a subset of the rules that should be most useful to most users.
See lib/configs/rules/recommended.ts for more details.
1// .eslintrc.js 2module.exports = { 3 "plugins": [ 4 "node-dependencies" 5 ], 6 "extends": [ 7 // add more generic rulesets here, such as: 8 // 'eslint:recommended', 9 "plugin:node-dependencies/recommended" 10 ] 11}
Advanced Configuration
Override/add specific rules configurations. See also: http://eslint.org/docs/user-guide/configuring.
1// eslint.config.js 2import * as nodeDependenciesPlugin from "eslint-plugin-node-dependencies" 3 4export default [ 5 { 6 plugins: { "node-dependencies": nodeDependenciesPlugin } 7 rules: { 8 // Override/add rules settings here, such as: 9 "node-dependencies/rule-name": "error" 10 } 11 } 12];
1// .eslintrc.js 2module.exports = { 3 "plugins": [ 4 "node-dependencies" 5 ], 6 "rules": { 7 // Override/add rules settings here, such as: 8 "node-dependencies/rule-name": "error" 9 } 10}
Parser Configuration
If you have specified a parser, you need to configure a parser for .json.
For example, if you are using the "@babel/eslint-parser", configure it as follows:
1module.exports = { 2 // ... 3 extends: [ "plugin:node-dependencies/recommended"], 4 // ... 5 parser: "@babel/eslint-parser", 6 // Add an `overrides` section to add a parser configuration for json. 7 overrides: [ 8 { 9 files: ["*.json", "*.json5"], 10 parser: "jsonc-eslint-parser", 11 }, 12 ], 13 // ... 14};
:white_check_mark: Rules
The --fix option on the command line automatically fixes problems reported by rules which have a wrench :wrench: below.
The rules with the following star :star: are included in the plugin:node-dependencies/recommended config.
Possible Errors
| Rule ID | Description | |
|---|---|---|
| node-dependencies/compat-engines | enforce the versions of the engines of the dependencies to be compatible. | :star: |
| node-dependencies/no-dupe-deps | disallow duplicate dependencies. | :star: |
| node-dependencies/valid-semver | enforce versions that is valid as a semantic version. | :star: |
Best Practices
| Rule ID | Description | |
|---|---|---|
| node-dependencies/absolute-version | require or disallow absolute version of dependency. | |
| node-dependencies/no-deprecated | disallow having dependencies on deprecate packages. | |
| node-dependencies/no-restricted-deps | Disallows dependence on the specified package. |
Stylistic Issues
| Rule ID | Description | |
|---|---|---|
| node-dependencies/prefer-caret-range-version | require caret(^) version instead of range version. | :wrench: |
| node-dependencies/prefer-tilde-range-version | require tilde(~) version instead of range version. | :wrench: |
Deprecated
- :warning: We're going to remove deprecated rules in the next major release. Please migrate to successor/new rules.
- :innocent: We don't fix bugs which are in deprecated rules since we don't have enough resources.
| Rule ID | Replaced by |
|---|---|
| node-dependencies/valid-engines | node-dependencies/compat-engines |
:rocket: To Do More Verification
Verify JSON
You can verify the JSON files by checking and installing eslint-plugin-jsonc.
Verify using JSON Schema
You can verify using JSON Schema by checking and installing eslint-plugin-json-schema-validator.
:beers: Contributing
Welcome contributing!
Please use GitHub's Issues/PRs.
Development Tools
npm testruns tests and measures coverage.npm run updateruns in order to update readme and recommended configuration.npm run new [new rule name]runs to create the files needed for the new rule.npm run docs:watchstarts the website locally.
:couple: Related Packages
- eslint-plugin-jsonc ... ESLint plugin for JSON, JSON with comments (JSONC) and JSON5.
- eslint-plugin-json-schema-validator ... ESLint plugin that validates data using JSON Schema Validator.
- jsonc-eslint-parser ... JSON, JSONC and JSON5 parser for use with ESLint plugins.
:lock: License
See the LICENSE file for license rights and limitations (MIT).
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
7 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5
Reason
Found 0/24 approved changesets -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: topLevel 'contents' permission set to 'read': .github/workflows/GHPages.yml:10
- Warn: no topLevel permission defined: .github/workflows/NodeCI.yml:1
- Warn: no topLevel permission defined: .github/workflows/Release.yml:1
- Warn: no topLevel permission defined: .github/workflows/format.yml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/GHPages.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/ota-meshi/eslint-plugin-node-dependencies/GHPages.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/GHPages.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/ota-meshi/eslint-plugin-node-dependencies/GHPages.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/GHPages.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/ota-meshi/eslint-plugin-node-dependencies/GHPages.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/GHPages.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/ota-meshi/eslint-plugin-node-dependencies/GHPages.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/GHPages.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/ota-meshi/eslint-plugin-node-dependencies/GHPages.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/NodeCI.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/ota-meshi/eslint-plugin-node-dependencies/NodeCI.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/NodeCI.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/ota-meshi/eslint-plugin-node-dependencies/NodeCI.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/NodeCI.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/ota-meshi/eslint-plugin-node-dependencies/NodeCI.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/NodeCI.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/ota-meshi/eslint-plugin-node-dependencies/NodeCI.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/NodeCI.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/ota-meshi/eslint-plugin-node-dependencies/NodeCI.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/NodeCI.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/ota-meshi/eslint-plugin-node-dependencies/NodeCI.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/NodeCI.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/ota-meshi/eslint-plugin-node-dependencies/NodeCI.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/NodeCI.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/ota-meshi/eslint-plugin-node-dependencies/NodeCI.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/NodeCI.yml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/ota-meshi/eslint-plugin-node-dependencies/NodeCI.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/NodeCI.yml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/ota-meshi/eslint-plugin-node-dependencies/NodeCI.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/NodeCI.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/ota-meshi/eslint-plugin-node-dependencies/NodeCI.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/NodeCI.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/ota-meshi/eslint-plugin-node-dependencies/NodeCI.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/Release.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/ota-meshi/eslint-plugin-node-dependencies/Release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/Release.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/ota-meshi/eslint-plugin-node-dependencies/Release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/Release.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/ota-meshi/eslint-plugin-node-dependencies/Release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/format.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/ota-meshi/eslint-plugin-node-dependencies/format.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/format.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/ota-meshi/eslint-plugin-node-dependencies/format.yml/main?enable=pin
- Warn: containerImage not pinned by hash: .devcontainer/Dockerfile:3
- Warn: containerImage not pinned by hash: .devcontainer/base.Dockerfile:3
- Warn: npmCommand not pinned by hash: .github/workflows/GHPages.yml:31
- Warn: npmCommand not pinned by hash: .github/workflows/NodeCI.yml:90
- Warn: npmCommand not pinned by hash: .github/workflows/NodeCI.yml:94
- Warn: npmCommand not pinned by hash: .github/workflows/NodeCI.yml:17
- Warn: npmCommand not pinned by hash: .github/workflows/NodeCI.yml:34
- Warn: npmCommand not pinned by hash: .github/workflows/NodeCI.yml:45
- Warn: npmCommand not pinned by hash: .github/workflows/NodeCI.yml:47
- Warn: npmCommand not pinned by hash: .github/workflows/NodeCI.yml:61
- Warn: npmCommand not pinned by hash: .github/workflows/NodeCI.yml:63
- Warn: npmCommand not pinned by hash: .github/workflows/NodeCI.yml:75
- Warn: npmCommand not pinned by hash: .github/workflows/Release.yml:24
- Warn: npmCommand not pinned by hash: .github/workflows/format.yml:17
- Info: 0 out of 21 GitHub-owned GitHubAction dependencies pinned
- Info: 1 out of 2 third-party GitHubAction dependencies pinned
- Info: 0 out of 2 containerImage dependencies pinned
- Info: 0 out of 12 npmCommand dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'main'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 25 are checked with a SAST tool
Score
3.9
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn MoreOther packages similar to eslint-plugin-node-dependencies
eslint-import-resolver-node
Node default behavior import resolution plugin for eslint-plugin-import.
eslint-plugin-node
Additional ESLint's rules for Node.js
eslint-config-standard
JavaScript Standard Style - ESLint Shareable Config
eslint-plugin-react-hooks
ESLint rules for React Hooks