Gathering detailed insights and metrics for eslint-config-xo
Gathering detailed insights and metrics for eslint-config-xo
Installations
npm install eslint-config-xoDeveloper Guide
BETA
Typescript
No
Module System
ESM
Min. Node Version
>=18.18
Node Version
23.6.1
NPM Version
10.9.2
Score
91.2
Supply Chain
85.3
Quality
75.5
Maintenance
100
Vulnerability
98.6
License
Releases
27
Languages
1
JavaScript
JavaScript (100%)
Developer
Download Statistics
Total Downloads
63,871,530
Last Day
31,730
Last Week
367,849
Last Month
1,545,132
Last Year
14,795,339
GitHub Statistics
MIT License
275 Stars
346 Commits
43 Forks
16 Watchers
1 Branches
24 Contributors
Updated on May 18, 2025
Bundle Size
838.25 kB
Minified
219.03 kB
Minified + Gzipped
Sponsor this package
Maintainers
1
Package Meta Information
Latest Version
0.47.0
Package Id
eslint-config-xo@0.47.0
Unpacked Size
21.13 kB
Size
6.39 kB
File Count
7
NPM Version
10.9.2
Node Version
23.6.1
Published on
Apr 24, 2025
Total Downloads
Cumulative downloads
Total Downloads
63,871,530
Last Day
-17.6%
31,730
Compared to previous day
Last Week
-5.7%
367,849
Compared to previous week
Last Month
10.9%
1,545,132
Compared to previous month
Last Year
10.3%
14,795,339
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Peer Dependencies
1
eslint-config-xo
ESLint shareable config for XO
This is for advanced users. You probably want to use XO directly.
See eslint-plugin-unicorn for some additional useful rules.
Use the XO issue tracker instead of this one.
Install
1npm install --save-dev eslint-config-xo
Usage
1// eslint.config.js 2import xo from 'eslint-config-xo'; 3 4export default [ 5 ...xo, 6];
This package also exposes eslint-config-xo/browser if you're in the browser:
1import xoBrowser from 'eslint-config-xo/browser'; 2 3export default [ 4 ...xoBrowser, 5];
This package also exposes eslint-config-xo/space if you're in favor of 2-space indent:
1import xoSpace from 'eslint-config-xo/space'; 2 3export default [ 4 ...xoSpace, 5];
This package also exposes eslint-config-xo/space/browser if you're in favor of 2-space indent and in browser:
1import xoSpaceBrowser from 'eslint-config-xo/space/browser'; 2 3export default [ 4 ...xoSpaceBrowser, 5];
Use the XO CLI instead
XO is an ESLint wrapper with great defaults.
Here are some reason why you should use the XO CLI instead of this config:
- XO comes bundled with this config.
- Beautiful output.
- Bundles many useful plugins, like
eslint-plugin-unicorn,eslint-plugin-import,eslint-plugin-ava, and more. - No need to specify file paths to lint. It will lint all JS files except commonly ignored paths.
- Super simple to add XO to a project with
$ npm init xo. - Specify
indentandsemicolonpreferences easily without messing with the rule config. - Config/rule overrides per files/globs.
- Can open all files with errors at the correct line in your editor. (See the
--openflag) - The editor plugins are IMHO better than the ESLint ones. (Subjective)
tl;dr You miss out on a lot by just using this config.
Related
- eslint-config-xo-space - ESLint shareable config for XO with 2-space indent
- eslint-config-xo-typescript - ESLint shareable config for TypeScript to be used with this config
- eslint-config-xo-react - ESLint shareable config for React to be used with this config
No vulnerabilities found.
Reason
security policy file detected
Details
- Info: security policy file detected: .github/security.md:1
- Info: Found linked content: .github/security.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: .github/security.md:1
- Info: Found text in security policy: .github/security.md:1
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
- Info: project has a license file: license:0
- Info: FSF or OSI recognized license: MIT License: license:0
Reason
Found 8/30 approved changesets -- score normalized to 2
Reason
3 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 2
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/main.yml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/xojs/eslint-config-xo/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/xojs/eslint-config-xo/main.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/main.yml:22
- Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 npmCommand dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'main'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 8 are checked with a SAST tool
Score
4.4
/10
Last Scanned on 2025-06-23
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More