Gathering detailed insights and metrics for eslint-plugin-vtex
Gathering detailed insights and metrics for eslint-plugin-vtex
Installations
npm install eslint-plugin-vtexReleases
Unable to fetch releases
Developer
vtex
Developer Guide
BETA
Module System
CommonJS
Min. Node Version
Typescript Support
Yes
Node Version
20.12.2
NPM Version
lerna/3.22.1/node@v20.12.2+x64 (linux)
Statistics
55 Stars
296 Commits
7 Forks
113 Watching
12 Branches
35 Contributors
Updated on 22 Sept 2024
Languages
JavaScript (64.01%)
TypeScript (35.52%)
Shell (0.47%)
Total Downloads
Cumulative downloads
Total Downloads
1,465,651
Last day
102.9%
1,804
Compared to previous day
Last week
39.3%
10,596
Compared to previous week
Last month
11.4%
38,508
Compared to previous month
Last year
-7.3%
379,754
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
1
Peer Dependencies
1
Versions
Typescript Standards
Main repository for VTEX's Typescript standards. Issues should be used to start discussions about standards and patterns. PRs are welcome after being rightfully discussed.
Content
docs/
- Style Guide - VTEX Javascript/Typescript style guide
- Getting Started - Getting starting guide to configure and automate our tooling process
- Browser Support - VTEX browser support documentation
packages/
- eslint-config-vtex - base eslint rule preset
- eslint-config-vtex-react - eslint rule preset for react projects
- eslint-plugin-vtex - eslint plugin with VTEX custom rules
- prettier-config - prettier preset of all front-end projects
- tsconfig - base tsconfig for all typescript projects
Add these packages to a new project
Bootstrap on a new node and typescript project
If you're not using Bash, change
/bin/bashto your shell's executable path.
1/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/vtex/typescript/master/scripts/bootstrap-typescript.sh)"
Warning: This will override the following configuration files:
.prettierrc,.eslintrcandtsconfig.json.
Contributing
Nothing is written in stone, so if there's some kind of rule or pattern that you wish to discuss or implement, we encourage an open discussion via this repository issues. The project use labels to keep everything organized and easy-to-find:
discussion- discussion thread;style- related to code style, something that there's no wrong or right;practices/patterns- related to good coding practices that should be standardized and documented;documentation- a generic documentation issue;todo- common TODO item, with no explicit SLA.
Feel free to use more than one label in an issue, but try keeping them semantic to help developers.
Working with the packages
This project uses lerna with yarn workspaces, so it's highly recommended to read at least the Lerna documentation.
Bootstrap the repository
Running yarn will automatically install all the dependencies for all packages and link them together when needed.
1yarn
Executing commands
To run a package.json script on all packages, you can use:
1lerna run {scriptName} 2# will run the scriptName script on all package directories
If you want to only run on some packages, pass a --scope=package-name to the command above. For more instructions, see the lerna run documentation.
1lerna run --scope="eslint-*" test 2# run the test script on all packages that match the pattern above
The same can be done for regular shell programs with the lerna exec command:
1lerna exec "pwd" 2# will print the pwd of all package directories
Note: The quotes are not needed if your command doesn't have a string with spaces.
Releasing new versions
For every release, there should be at least one new changelog entry for every modified package. This repository follows the keep a changelog format. The chan CLI can be used to help adding changelog entries:
1chan fixed "Fix that nasty potato bug"
It's also possible to run the command on multiple packages with the lerna exec command:
1lerna exec "chan fixed 'Fix that nasty potato bug'" 2# note the quotes
Every package has a version script that will automatically update their changelog with the new version and entries whenever lerna publish or lerna version is used.
Relevant commands:
lerna version- Only update versions without publishing the packages.lerna publish- Update the version and publish the packages.
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
Found 6/12 approved changesets -- score normalized to 5
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/ci.yml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/vtex/typescript/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/vtex/typescript/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/vtex/typescript/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/vtex/typescript/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/vtex/typescript/ci.yml/main?enable=pin
- Info: 0 out of 5 GitHub-owned GitHubAction dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 25 are checked with a SAST tool
Reason
31 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq
- Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j
- Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw
- Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
- Warn: Project is vulnerable to: GHSA-rp65-9cf3-cjxr
- Warn: Project is vulnerable to: GHSA-3j8f-xvm3-ffx4
- Warn: Project is vulnerable to: GHSA-4p35-cfcx-8653
- Warn: Project is vulnerable to: GHSA-7f3x-x4pr-wqhj
- Warn: Project is vulnerable to: GHSA-jpp7-7chh-cf67
- Warn: Project is vulnerable to: GHSA-q6wq-5p59-983w
- Warn: Project is vulnerable to: GHSA-j9fq-vwqv-2fm2
- Warn: Project is vulnerable to: GHSA-pqw5-jmp5-px4v
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-w5p7-h5w8-2hfq
- Warn: Project is vulnerable to: GHSA-7p7h-4mm5-852v
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
- Warn: Project is vulnerable to: GHSA-p9pc-299p-vxgp
Score
3.3
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More