fix: false negative on critical security related to eslint-plugin-translation-vars #32018
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…nslation-vars Finally addressing false negative npm "critical" issue realted to the `eslint-plugin-translation-vars` in relation to a package that got malicious at some point. It appears that @stephenLYZ fixed it by importing the source from the pre-vulnerability package into our repo under `tools/eslint-plugin-translation-vars`. Now I believe it's been reporting a false negative since then. Anyhow, renaming the `tools/` folder that contains 2 custom lint rules to `eslint-rules`, rename things, point them all to the right place and this is this PR.
![korbit-ai[bot]](https://avatars.githubusercontent.com/in/322216?s=60&v=4){kind=small}
There was a problem hiding this comment.
I've completed my review and didn't find any issues.
Files scanned
| File Path | Reviewed |
|---|---|
| superset-frontend/eslint-rules/eslint-plugin-i18n-strings/index.js | ✅ |
| superset-frontend/eslint-rules/eslint-plugin-theme-colors/colors.js | ✅ |
| superset-frontend/eslint-rules/eslint-plugin-theme-colors/index.js | ✅ |
| superset-frontend/.eslintrc.js | ✅ |
Explore our documentation to understand the languages and file types we support and the files we ignore.
Need a new review? Comment
/korbit-reviewon this PR and I'll review your latest changes.Korbit Guide: Usage and Customization
Interacting with Korbit
- You can manually ask Korbit to review your PR using the
/korbit-reviewcommand in a comment at the root of your PR.- You can ask Korbit to generate a new PR description using the
/korbit-generate-pr-descriptioncommand in any comment on your PR.- Too many Korbit comments? I can resolve all my comment threads if you use the
/korbit-resolvecommand in any comment on your PR.- Chat with Korbit on issues we post by tagging @korbit-ai in your reply.
- Help train Korbit to improve your reviews by giving a 👍 or 👎 on the comments Korbit posts.
Customizing Korbit
- Check out our docs on how you can make Korbit work best for you and your team.
- Customize Korbit for your organization through the Korbit Console.
Current Korbit Configuration
General Settings
Setting Value Review Schedule Automatic excluding drafts Max Issue Count 10 Automatic PR Descriptions ❌ Issue Categories
Category Enabled Naming ✅ Database Operations ✅ Documentation ✅ Logging ✅ Error Handling ✅ Systems and Environment ✅ Objects and Data Structures ✅ Readability and Maintainability ✅ Asynchronous Processing ✅ Design Patterns ✅ Third-Party Libraries ✅ Performance ✅ Security ✅ Functionality ✅ Feedback and Support
Note
Korbit Pro is free for open source projects 🎉
Looking to add Korbit to your team? Get started with a free 2 week trial here
Antonio-RiveroMartnez
approved these changes
Feb 10, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Finally addressing false negative npm "critical" issue realted to the
eslint-plugin-translation-varsin relation to a package that got malicious at some point. It appears that @stephenLYZ fixed it by importing the source from the pre-vulnerability package into our repo undertools/eslint-plugin-translation-vars. Now I believe it's been reporting a false negative since then.Anyhow, renaming the
tools/folder that contains 2 custom lint rules toeslint-rules, rename things, point them all to the right place and this is this PR.