Gathering detailed insights and metrics for eslint
Gathering detailed insights and metrics for eslint
Gathering detailed insights and metrics for eslint
Gathering detailed insights and metrics for eslint
Find and fix problems in your JavaScript code.
npm install eslint
Typescript
Module System
Min. Node Version
Node Version
NPM Version
86.6
Supply Chain
95.7
Quality
94.2
Maintenance
100
Vulnerability
98.9
License
Updated on 06 Dec 2024
JavaScript (99.54%)
TypeScript (0.41%)
EJS (0.04%)
HTML (0.01%)
Cumulative downloads
Total Downloads
Last day
9.9%
Compared to previous day
Last week
-7.7%
Compared to previous week
Last month
13.7%
Compared to previous month
Last year
20.3%
Compared to previous year
34
1
63
Website | Configure ESLint | Rules | Contribute to ESLint | Report Bugs | Code of Conduct | Twitter | Discord | Mastodon
ESLint is a tool for identifying and reporting on patterns found in ECMAScript/JavaScript code. In many ways, it is similar to JSLint and JSHint with a few exceptions:
Prerequisites: Node.js (^18.18.0
, ^20.9.0
, or >=21.1.0
) built with SSL support. (If you are using an official Node.js distribution, SSL is always built in.)
You can install and configure ESLint using this command:
1npm init @eslint/config@latest
After that, you can run ESLint on any file or directory like this:
1npx eslint yourfile.js
You can configure rules in your eslint.config.js
files as in this example:
1export default [ 2 { 3 files: ["**/*.js", "**/*.cjs", "**/*.mjs"], 4 rules: { 5 "prefer-const": "warn", 6 "no-constant-binary-expression": "error" 7 } 8 } 9];
The names "prefer-const"
and "no-constant-binary-expression"
are the names of rules in ESLint. The first value is the error level of the rule and can be one of these values:
"off"
or 0
- turn the rule off"warn"
or 1
- turn the rule on as a warning (doesn't affect exit code)"error"
or 2
- turn the rule on as an error (exit code will be 1)The three error levels allow you fine-grained control over how ESLint applies rules (for more configuration options and details, see the configuration docs).
The ESLint team provides ongoing support for the current version and six months of limited support for the previous version. Limited support includes critical bug fixes, security issues, and compatibility issues only.
ESLint offers commercial support for both current and previous versions through our partners, Tidelift and HeroDevs.
See Version Support for more details.
ESLint adheres to the OpenJS Foundation Code of Conduct.
Before filing an issue, please be sure to read the guidelines for what you're reporting:
Yes, ESLint natively supports parsing JSX syntax (this must be enabled in configuration). Please note that supporting JSX syntax is not the same as supporting React. React applies specific semantics to JSX syntax that ESLint doesn't recognize. We recommend using eslint-plugin-react if you are using React and want React semantics.
No, ESLint and Prettier have different jobs: ESLint is a linter (looking for problematic patterns) and Prettier is a code formatter. Using both tools is common, refer to Prettier's documentation to learn how to configure them to work well with each other.
ESLint has full support for ECMAScript 3, 5, and every year from 2015 up until the most recent stage 4 specification (the default). You can set your desired ECMAScript syntax and other settings (like global variables) through configuration.
ESLint's parser only officially supports the latest final ECMAScript standard. We will make changes to core rules in order to avoid crashes on stage 3 ECMAScript syntax proposals (as long as they are implemented using the correct experimental ESTree syntax). We may make changes to core rules to better work with language extensions (such as JSX, Flow, and TypeScript) on a case-by-case basis.
In other cases (including if rules need to warn on more or fewer cases due to new syntax, rather than just not crashing), we recommend you use other parsers and/or rule plugins. If you are using Babel, you can use @babel/eslint-parser and @babel/eslint-plugin to use any option available in Babel.
Once a language feature has been adopted into the ECMAScript standard (stage 4 according to the TC39 process), we will accept issues and pull requests related to the new feature, subject to our contributing guidelines. Until then, please use the appropriate parser and plugin(s) for your experimental feature.
ESLint updates the supported Node.js versions with each major release of ESLint. At that time, ESLint's supported Node.js versions are updated to be:
ESLint is also expected to work with Node.js versions released after the Node.js Current release.
Refer to the Quick Start Guide for the officially supported Node.js versions for a given ESLint release.
Open a discussion or stop by our Discord server.
Lock files like package-lock.json
are helpful for deployed applications. They ensure that dependencies are consistent between environments and across deployments.
Packages like eslint
that get published to the npm registry do not include lock files. npm install eslint
as a user will respect version constraints in ESLint's package.json
. ESLint and its dependencies will be included in the user's lock file if one exists, but ESLint's own lock file would not be used.
We intentionally don't lock dependency versions so that we have the latest compatible dependency versions in development and CI that our users get when installing ESLint in a project.
The Twilio blog has a deeper dive to learn more.
We have scheduled releases every two weeks on Friday or Saturday. You can follow a release issue for updates about the scheduling of any particular release.
ESLint takes security seriously. We work hard to ensure that ESLint is safe for everyone and that security issues are addressed quickly and responsibly. Read the full security policy.
ESLint follows semantic versioning. However, due to the nature of ESLint as a code quality tool, it's not always clear when a minor or major version bump occurs. To help clarify this for everyone, we've defined the following semantic versioning policy for ESLint:
eslint:recommended
is updated and will result in strictly fewer linting errors (e.g., rule removals).eslint:recommended
is updated and may result in new linting errors (e.g., rule additions, most rule option updates).According to our policy, any minor update may report more linting errors than the previous release (ex: from a bug fix). As such, we recommend using the tilde (~
) in package.json
e.g. "eslint": "~3.1.0"
to guarantee the results of your builds.
Stylistic rules are frozen according to our policy on how we evaluate new rules and rule changes. This means:
These folks keep the project moving and are resources for help.
The people who manage releases, review feature requests, and meet regularly to ensure ESLint is properly maintained.
Nicholas C. Zakas |
Francesco Trotta |
Milos Djermanovic |
The people who review and implement new features.
唯然 |
Nitin Kumar |
The people who review and fix bugs and help triage issues.
Josh Goldberg ✨ |
Tanuj Kanti |
Team members who focus specifically on eslint.org
Amaresh S M |
Strek |
Percy Ma |
The following companies, organizations, and individuals support ESLint's ongoing maintenance and development. Become a Sponsor to get your logo on our READMEs and website.
Stable Version
1
0/10
Summary
Regular Expression Denial of Service
Affected Versions
< 4.18.2
Patched Versions
4.18.2
Reason
30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
Reason
0 existing vulnerabilities detected
Reason
no binaries found in the repo
Reason
security policy file detected
Details
Reason
SAST tool is run on all commits
Details
Reason
Found 23/30 approved changesets -- score normalized to 7
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
Reason
project is not fuzzed
Details
Score
Last Scanned on 2024-12-02
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More