Edit this page

Prettier configuration

For most people, Prettifier will work out of the box since it uses Prettier’s configuration files, in particular .prettierrc and .prettierignore. These files must be in the root directory of your repository

For security reasons, Prettifier only looks at configuration files in data formats:

  • .prettierrc
  • .prettierrc.json
  • .prettierrc.json5
  • .prettierrc.toml
  • .prettierrc.yml
  • .prettierrc.yaml
  • prettier key in package.json

This means Prettifier ignores programmatic configuration files like

  • .prettierrc.js
  • .prettierrc.cjs
  • prettier.config.js
  • prettier.config.cjs

Making configuration files turing-complete is a security anti-pattern. A Prettier configuration file written in JavaScript can load code from the internet, run it with full access to your hard drive and network, and do many harmful things besides formatting your code. Or simply hang in an infinite loop. This is not something people expect when running a tool like Prettier. It is especially problematic for a tool like Prettifier that executes other people’s code (for free) on a public cloud server.