Whitelist stylelint ESLint shared config #80
Comments
|
Hi @ntwb, We don't currently support ESLint plugins or shared configs via NPM due to security concerns. We've made a few exceptions for popular plugins that we now include within the engine. What we recommend for now is to keep a shared config within the repo and periodically update it. Here's a good example: https://github.com/sagiegurari/simple-oracledb/blob/master/.codeclimate.yml Here at Code Climate we have a separate repo which holds our shared configs. Sorry I don't have a better approach to suggest but that's what we can support today. Thanks! |
|
So, I can use any ESLint 2.x rule, including the latest ESLint v2.11.1 rules and rule options? What I can't do though is load that above configuration from a separate repo? The repo I want to test is https://github.com/stylelint/stylelint |
|
This isn't specific to ESLint, but is about writing a new Code Climate engine Over here stylelint/stylelint#1341 we have been thinking/wanting to write a stylelint engine for Code Climate, maybe not replace the existing CSSLint CSS Code Climate engine, but to start with as an alternative for sure 😏 Devon, you wrote #86 (comment):
If we were to write a stylelint Code Climate engine stylelint would also be affected by the above in that Code Climate wouldn't allow us to load stylelint shared plugins or shared configs to be used with the stylelint engine correct? |
|
Hey @ntwb!
Yep! As long as you opt-in to the
That's correct. We don't currently install project dependencies nor allow network access during engine analysis, so any ESLint plugins or shared styles that aren't vendored within the engine itself will be unavailable on codeclimate.com.
That's fantastic! We've chatted about stylelint here at Code Climate HQ and it would be great to have an engine available. stylelint would make a great native engine! Let me or @mrb know if you have any more questions regarding the engine submission process. We have a codeclimate-community slack organization where members hang out to discuss engine ideas and development. If you're interested, you can join our Developer Program to get an invite.
That's true. A stylelint Code Climate engine would also be affected by the same issue in that stylelint plugins or shared configs that aren't explicitly vendored within the engine itself would be unavailable during analysis on codeclimate.com. We would be happy to work with you as an engine author to figure out which plugins/styles should be vendored into a stylelint engine and available to any Code Climate user either via the CLI or on codeclimate.com. |
|
Thanks for the reply @dblandin, appreciated 👍 |
https://github.com/stylelint/eslint-config-stylelint
After reading a couple of other issues in this repo I see your working on a solution per the executing arbitrary code issue for ESLint plugins, as this request here is a shared config, rather than a shared plugin creating new rules any chance this could be whitelisted earlier, rather than later?
The text was updated successfully, but these errors were encountered: