npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@apsphysics/eslint-config

v1.2.10

Published

ESLint configuration for APS Physics projects.

Downloads

34

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

digioidigioijust214just214doylemddoylemd

Keywords

Readme

@apsphysics/eslint-config

ESLint configuration for React and TypeScript projects

Features

Linting rules for:

  • TypeScript
  • React and React Hooks
  • A11y with React
  • Testing with Jest
  • Import statements
  • Functional patterns
  • Prettier/ESLint integration
  • Environment variables

Setup (required for installation)

This package is published as a scoped public package on NPM.

Installation

npm i -D @apsphysics/eslint-config eslint prettier typescript

Usage

Once the library and all required dependencies are installed, you can use the package by simply specifying this library in the extends property of your .eslintrc or .eslintrc.js file.

{
  "extends": ["@apsphysics"]
}

Overwriting Rules

Any rule that is included with this library can be easily overwritten using the rules property in your .eslintrc or .eslintrc.js file:

{
  "extends": ["@apsphysics"],
  "rules": {
    "functional/no-mixed-type": "warn"
  }
}

Please refer to the documentation for each dependency to learn what options are available for each rule.

Here are some details about a few of our specific rules:

ban-ts-comment rule

@ts-ignore allow errors to sneak into our code that could otherwise have been caught be TypeScript. It can be helpful during dev just to get things working, but it should never enter production code.

However, ignoring errors can be useful in rare cases. Some examples include:

  • Third party libraries with incorrect types, but valid code
  • Testing that incorrect arguments to a function are handled correctly or throw an Error

In these cases, we should use @ts-expect-error. The primary difference is that @ts-ignore will always ignore the error, but @ts-expect-error will notify developers if the underlying error has been resolved, e.g. if the external library updates its types. In this case, the code will still display a TS error, but this one indicating that the unused @ts-expect-error should be removed.

Additionally, the @ts-expect-error comment must include a description, so that future developers can understand what the underlying issue was and how it might have been resolved.

no-public-secrets rule

Explanation

It's possible to expose secrets through the env with NextJS, Gatsby, Vite, and Astro by prepending the env with a term specific to the framework, NEXT_PUBLIC_, GATSBY_, VITE_, and PUBLIC_, respectively. If such an env is used in client-side code, the framework replaces the term, process.env.PUBLIC_KEY with the value at build time MY_KEY_IN_PLAINTEXT.

This rule checks any such variable names for red flags that hint that sensitive material is being sent to the browser, i.e. variable names containing the terms SECRET, PASSWORD, or PW. For example, process.env.CLIENT_SECRET would not be caught by the linter, since it cannot be used client-side, while process.env.NEXT_PUBLIC_CLIENT_SECRET or process.env.NEXT_PUBLIC_DATABASE_PW would.

Usage

{
  "plugins": ["local-rules"],
  "rules": {
    "local-rules/no-public-secrets": "error",
  }
}

Handling Errors

There are three options for handling an error from this rule:

  1. Remove the prepend (recommended) - If the var does not need to be available server-side, remove the prepend
  2. Rename the var - If the var does need to be available server-side, it probably shouldn't include terms like SECRET. Consider removing the problematic term AFTER confirming that the key should not be secret. Most likely, it should.
  3. Disable the rule - Avoid this at all costs. Public secrets and/or passwords should never be allowed.

Caveats

Cannot Catch Every Secret Key Leak

This is not a perfect linting rule. For example, NEXT_PUBLIC_TOTALLY_SAFE_KEY could in fact contain a private key, but there's no way to know that. This rule attempts to supplement, not replace, developer judgement for when to send information to the browser.

Contributing

Committing Code to GitHub

This repo uses Husky and @commitlint to enforce commit messages that follow the Conventional Commit specification.

Publishing to GitHub Packages

This package is published to npm using the popular np library. To publish, simply run npm run release from the root directory and follow the prompts.