React-specific linting rules for ESLint
Installations
npm install eslint-plugin-react
Developer Guide
Typescript
Yes
Module System
CommonJS
Min. Node Version
>=4
Node Version
22.10.0
NPM Version
10.9.0
Score
63.2
Supply Chain
94.8
Quality
89.2
Maintenance
100
Vulnerability
98.2
License
Releases
Contributors
Languages
JavaScript (100%)
Developer
jsx-eslint
Download Statistics
Total Downloads
3,570,507,720
Last Day
1,839,432
Last Week
16,057,279
Last Month
83,829,607
Last Year
955,030,441
GitHub Statistics
9,032 Stars
3,386 Commits
2,765 Forks
80 Watching
11 Branches
529 Contributors
Bundle Size
514.17 kB
Minified
137.86 kB
Minified + Gzipped
Package Meta Information
Latest Version
7.37.3
Package Id
eslint-plugin-react@7.37.3
Unpacked Size
913.93 kB
Size
181.46 kB
File Count
406
NPM Version
10.9.0
Node Version
22.10.0
Publised On
24 Dec 2024
Total Downloads
Cumulative downloads
Total Downloads
3,570,507,720
Last day
-51.2%
1,839,432
Compared to previous day
Last week
-19.7%
16,057,279
Compared to previous week
Last month
-1.2%
83,829,607
Compared to previous month
Last year
18.5%
955,030,441
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
18
Peer Dependencies
1
Dev Dependencies
31
eslint-plugin-react
===================
React specific linting rules for eslint
Installation
1npm install eslint eslint-plugin-react --save-dev
It is also possible to install ESLint globally rather than locally (using npm install -g eslint
). However, this is not recommended, and any plugins or shareable configs that you use must be installed locally in either case.
Configuration (legacy: .eslintrc*
)
Use our preset to get reasonable defaults:
1 "extends": [ 2 "eslint:recommended", 3 "plugin:react/recommended" 4 ]
If you are using the new JSX transform from React 17, extend react/jsx-runtime
in your eslint config (add "plugin:react/jsx-runtime"
to "extends"
) to disable the relevant rules.
You should also specify settings that will be shared across all the plugin rules. (More about eslint shared settings)
1{ 2 "settings": { 3 "react": { 4 "createClass": "createReactClass", // Regex for Component Factory to use, 5 // default to "createReactClass" 6 "pragma": "React", // Pragma to use, default to "React" 7 "fragment": "Fragment", // Fragment to use (may be a property of <pragma>), default to "Fragment" 8 "version": "detect", // React version. "detect" automatically picks the version you have installed. 9 // You can also use `16.0`, `16.3`, etc, if you want to override the detected value. 10 // Defaults to the "defaultVersion" setting and warns if missing, and to "detect" in the future 11 "defaultVersion": "", // Default React version to use when the version you have installed cannot be detected. 12 // If not provided, defaults to the latest React version. 13 "flowVersion": "0.53" // Flow version 14 }, 15 "propWrapperFunctions": [ 16 // The names of any function used to wrap propTypes, e.g. `forbidExtraProps`. If this isn't set, any propTypes wrapped in a function will be skipped. 17 "forbidExtraProps", 18 {"property": "freeze", "object": "Object"}, 19 {"property": "myFavoriteWrapper"}, 20 // for rules that check exact prop wrappers 21 {"property": "forbidExtraProps", "exact": true} 22 ], 23 "componentWrapperFunctions": [ 24 // The name of any function used to wrap components, e.g. Mobx `observer` function. If this isn't set, components wrapped by these functions will be skipped. 25 "observer", // `property` 26 {"property": "styled"}, // `object` is optional 27 {"property": "observer", "object": "Mobx"}, 28 {"property": "observer", "object": "<pragma>"} // sets `object` to whatever value `settings.react.pragma` is set to 29 ], 30 "formComponents": [ 31 // Components used as alternatives to <form> for forms, eg. <Form endpoint={ url } /> 32 "CustomForm", 33 {"name": "SimpleForm", "formAttribute": "endpoint"}, 34 {"name": "Form", "formAttribute": ["registerEndpoint", "loginEndpoint"]}, // allows specifying multiple properties if necessary 35 ], 36 "linkComponents": [ 37 // Components used as alternatives to <a> for linking, eg. <Link to={ url } /> 38 "Hyperlink", 39 {"name": "MyLink", "linkAttribute": "to"}, 40 {"name": "Link", "linkAttribute": ["to", "href"]}, // allows specifying multiple properties if necessary 41 ] 42 } 43}
If you do not use a preset you will need to specify individual rules and add extra configuration.
Add "react" to the plugins section.
1{ 2 "plugins": [ 3 "react" 4 ] 5}
Enable JSX support.
With eslint
2+
1{ 2 "parserOptions": { 3 "ecmaFeatures": { 4 "jsx": true 5 } 6 } 7}
Enable the rules that you would like to use.
1 "rules": { 2 "react/jsx-uses-react": "error", 3 "react/jsx-uses-vars": "error", 4 }
Shareable configs
Recommended
This plugin exports a recommended
configuration that enforces React good practices.
To enable this configuration use the extends
property in your .eslintrc
config file:
1{ 2 "extends": ["eslint:recommended", "plugin:react/recommended"] 3}
See eslint
documentation for more information about extending configuration files.
All
This plugin also exports an all
configuration that includes every available rule.
This pairs well with the eslint:all
rule.
1{ 2 "plugins": [ 3 "react" 4 ], 5 "extends": ["eslint:all", "plugin:react/all"] 6}
Note: These configurations will import eslint-plugin-react
and enable JSX in parser options.
Configuration (new: eslint.config.js
)
From v8.21.0
, eslint announced a new config system.
In the new system, .eslintrc*
is no longer used. eslint.config.js
would be the default config file name.
In eslint v8
, the legacy system (.eslintrc*
) would still be supported, while in eslint v9
, only the new system would be supported.
And from v8.23.0
, eslint CLI starts to look up eslint.config.js
.
So, if your eslint is >=8.23.0
, you're 100% ready to use the new config system.
You might want to check out the official blog posts,
- https://eslint.org/blog/2022/08/new-config-system-part-1/
- https://eslint.org/blog/2022/08/new-config-system-part-2/
- https://eslint.org/blog/2022/08/new-config-system-part-3/
and the official docs.
Plugin
The default export of eslint-plugin-react
is a plugin object.
1const react = require('eslint-plugin-react'); 2const globals = require('globals'); 3 4module.exports = [ 5 … 6 { 7 files: ['**/*.{js,jsx,mjs,cjs,ts,tsx}'], 8 plugins: { 9 react, 10 }, 11 languageOptions: { 12 parserOptions: { 13 ecmaFeatures: { 14 jsx: true, 15 }, 16 }, 17 globals: { 18 ...globals.browser, 19 }, 20 }, 21 rules: { 22 // ... any rules you want 23 'react/jsx-uses-react': 'error', 24 'react/jsx-uses-vars': 'error', 25 }, 26 // ... others are omitted for brevity 27 }, 28 … 29];
Configuring shared settings
Refer to the official docs.
The schema of the settings.react
object would be identical to that of what's already described above in the legacy config section.
Flat Configs
This plugin exports 3 flat configs:
flat.all
flat.recommended
flat['jsx-runtime']
The flat configs are available via the root plugin import. They will configure the plugin under the react/
namespace and enable JSX in languageOptions.parserOptions
.
1const reactPlugin = require('eslint-plugin-react'); 2 3module.exports = [ 4 … 5 reactPlugin.configs.flat.recommended, // This is not a plugin object, but a shareable config object 6 reactPlugin.configs.flat['jsx-runtime'], // Add this if you are using React 17+ 7 … 8];
You can of course add/override some properties.
Note: Our shareable configs does not preconfigure files
or languageOptions.globals
.
For most of the cases, you probably want to configure some properties by yourself.
1const reactPlugin = require('eslint-plugin-react'); 2const globals = require('globals'); 3 4module.exports = [ … { files: ['**/*.{js,mjs,cjs,jsx,mjsx,ts,tsx,mtsx}'], 5 ...reactPlugin.configs.flat.recommended, 6 languageOptions: { 7 ...reactPlugin.configs.flat.recommended.languageOptions, 8 globals: { 9 ...globals.serviceworker, 10 ...globals.browser, 11 }, 12 }, 13 }, 14 … 15];
The above example is same as the example below, as the new config system is based on chaining.
1const reactPlugin = require('eslint-plugin-react'); 2const globals = require('globals'); 3 4module.exports = [ … { files: ['**/*.{js,mjs,cjs,jsx,mjsx,ts,tsx,mtsx}'], 5 ...reactPlugin.configs.flat.recommended, 6 }, 7 { 8 files: ['**/*.{js,mjs,cjs,jsx,mjsx,ts,tsx,mtsx}'], 9 languageOptions: { 10 globals: { 11 ...globals.serviceworker, 12 ...globals.browser, 13 }, 14 }, 15 }, 16 … 17];
List of supported rules
💼 Configurations enabled in.
🚫 Configurations disabled in.
🏃 Set in the jsx-runtime
configuration.
☑️ Set in the recommended
configuration.
🔧 Automatically fixable by the --fix
CLI option.
💡 Manually fixable by editor suggestions.
❌ Deprecated.
Name | Description | 💼 | 🚫 | 🔧 | 💡 | ❌ |
---|---|---|---|---|---|---|
boolean-prop-naming | Enforces consistent naming for boolean props | |||||
button-has-type | Disallow usage of button elements without an explicit type attribute | |||||
checked-requires-onchange-or-readonly | Enforce using onChange or readonly attribute when checked is used | |||||
default-props-match-prop-types | Enforce all defaultProps have a corresponding non-required PropType | |||||
destructuring-assignment | Enforce consistent usage of destructuring assignment of props, state, and context | 🔧 | ||||
display-name | Disallow missing displayName in a React component definition | ☑️ | ||||
forbid-component-props | Disallow certain props on components | |||||
forbid-dom-props | Disallow certain props on DOM Nodes | |||||
forbid-elements | Disallow certain elements | |||||
forbid-foreign-prop-types | Disallow using another component's propTypes | |||||
forbid-prop-types | Disallow certain propTypes | |||||
forward-ref-uses-ref | Require all forwardRef components include a ref parameter | 💡 | ||||
function-component-definition | Enforce a specific function type for function components | 🔧 | ||||
hook-use-state | Ensure destructuring and symmetric naming of useState hook value and setter variables | 💡 | ||||
iframe-missing-sandbox | Enforce sandbox attribute on iframe elements | |||||
jsx-boolean-value | Enforce boolean attributes notation in JSX | 🔧 | ||||
jsx-child-element-spacing | Enforce or disallow spaces inside of curly braces in JSX attributes and expressions | |||||
jsx-closing-bracket-location | Enforce closing bracket location in JSX | 🔧 | ||||
jsx-closing-tag-location | Enforce closing tag location for multiline JSX | 🔧 | ||||
jsx-curly-brace-presence | Disallow unnecessary JSX expressions when literals alone are sufficient or enforce JSX expressions on literals in JSX children or attributes | 🔧 | ||||
jsx-curly-newline | Enforce consistent linebreaks in curly braces in JSX attributes and expressions | 🔧 | ||||
jsx-curly-spacing | Enforce or disallow spaces inside of curly braces in JSX attributes and expressions | 🔧 | ||||
jsx-equals-spacing | Enforce or disallow spaces around equal signs in JSX attributes | 🔧 | ||||
jsx-filename-extension | Disallow file extensions that may contain JSX | |||||
jsx-first-prop-new-line | Enforce proper position of the first property in JSX | 🔧 | ||||
jsx-fragments | Enforce shorthand or standard form for React fragments | 🔧 | ||||
jsx-handler-names | Enforce event handler naming conventions in JSX | |||||
jsx-indent | Enforce JSX indentation | 🔧 | ||||
jsx-indent-props | Enforce props indentation in JSX | 🔧 | ||||
jsx-key | Disallow missing key props in iterators/collection literals | ☑️ | ||||
jsx-max-depth | Enforce JSX maximum depth | |||||
jsx-max-props-per-line | Enforce maximum of props on a single line in JSX | 🔧 | ||||
jsx-newline | Require or prevent a new line after jsx elements and expressions. | 🔧 | ||||
jsx-no-bind | Disallow .bind() or arrow functions in JSX props | |||||
jsx-no-comment-textnodes | Disallow comments from being inserted as text nodes | ☑️ | ||||
jsx-no-constructed-context-values | Disallows JSX context provider values from taking values that will cause needless rerenders | |||||
jsx-no-duplicate-props | Disallow duplicate properties in JSX | ☑️ | ||||
jsx-no-leaked-render | Disallow problematic leaked values from being rendered | 🔧 | ||||
jsx-no-literals | Disallow usage of string literals in JSX | |||||
jsx-no-script-url | Disallow usage of javascript: URLs | |||||
jsx-no-target-blank | Disallow target="_blank" attribute without rel="noreferrer" | ☑️ | 🔧 | |||
jsx-no-undef | Disallow undeclared variables in JSX | ☑️ | ||||
jsx-no-useless-fragment | Disallow unnecessary fragments | 🔧 | ||||
jsx-one-expression-per-line | Require one JSX element per line | 🔧 | ||||
jsx-pascal-case | Enforce PascalCase for user-defined JSX components | |||||
jsx-props-no-multi-spaces | Disallow multiple spaces between inline JSX props | 🔧 | ||||
jsx-props-no-spread-multi | Disallow JSX prop spreading the same identifier multiple times | |||||
jsx-props-no-spreading | Disallow JSX prop spreading | |||||
jsx-sort-default-props | Enforce defaultProps declarations alphabetical sorting | ❌ | ||||
jsx-sort-props | Enforce props alphabetical sorting | 🔧 | ||||
jsx-space-before-closing | Enforce spacing before closing bracket in JSX | 🔧 | ❌ | |||
jsx-tag-spacing | Enforce whitespace in and around the JSX opening and closing brackets | 🔧 | ||||
jsx-uses-react | Disallow React to be incorrectly marked as unused | ☑️ | 🏃 | |||
jsx-uses-vars | Disallow variables used in JSX to be incorrectly marked as unused | ☑️ | ||||
jsx-wrap-multilines | Disallow missing parentheses around multiline JSX | 🔧 | ||||
no-access-state-in-setstate | Disallow when this.state is accessed within setState | |||||
no-adjacent-inline-elements | Disallow adjacent inline elements not separated by whitespace. | |||||
no-array-index-key | Disallow usage of Array index in keys | |||||
no-arrow-function-lifecycle | Lifecycle methods should be methods on the prototype, not class fields | 🔧 | ||||
no-children-prop | Disallow passing of children as props | ☑️ | ||||
no-danger | Disallow usage of dangerous JSX properties | |||||
no-danger-with-children | Disallow when a DOM element is using both children and dangerouslySetInnerHTML | ☑️ | ||||
no-deprecated | Disallow usage of deprecated methods | ☑️ | ||||
no-did-mount-set-state | Disallow usage of setState in componentDidMount | |||||
no-did-update-set-state | Disallow usage of setState in componentDidUpdate | |||||
no-direct-mutation-state | Disallow direct mutation of this.state | ☑️ | ||||
no-find-dom-node | Disallow usage of findDOMNode | ☑️ | ||||
no-invalid-html-attribute | Disallow usage of invalid attributes | 💡 | ||||
no-is-mounted | Disallow usage of isMounted | ☑️ | ||||
no-multi-comp | Disallow multiple component definition per file | |||||
no-namespace | Enforce that namespaces are not used in React elements | |||||
no-object-type-as-default-prop | Disallow usage of referential-type variables as default param in functional component | |||||
no-redundant-should-component-update | Disallow usage of shouldComponentUpdate when extending React.PureComponent | |||||
no-render-return-value | Disallow usage of the return value of ReactDOM.render | ☑️ | ||||
no-set-state | Disallow usage of setState | |||||
no-string-refs | Disallow using string references | ☑️ | ||||
no-this-in-sfc | Disallow this from being used in stateless functional components | |||||
no-typos | Disallow common typos | |||||
no-unescaped-entities | Disallow unescaped HTML entities from appearing in markup | ☑️ | 💡 | |||
no-unknown-property | Disallow usage of unknown DOM property | ☑️ | 🔧 | |||
no-unsafe | Disallow usage of unsafe lifecycle methods | ☑️ | ||||
no-unstable-nested-components | Disallow creating unstable components inside components | |||||
no-unused-class-component-methods | Disallow declaring unused methods of component class | |||||
no-unused-prop-types | Disallow definitions of unused propTypes | |||||
no-unused-state | Disallow definitions of unused state | |||||
no-will-update-set-state | Disallow usage of setState in componentWillUpdate | |||||
prefer-es6-class | Enforce ES5 or ES6 class for React Components | |||||
prefer-exact-props | Prefer exact proptype definitions | |||||
prefer-read-only-props | Enforce that props are read-only | 🔧 | ||||
prefer-stateless-function | Enforce stateless components to be written as a pure function | |||||
prop-types | Disallow missing props validation in a React component definition | ☑️ | ||||
react-in-jsx-scope | Disallow missing React when using JSX | ☑️ | 🏃 | |||
require-default-props | Enforce a defaultProps definition for every prop that is not a required prop | |||||
require-optimization | Enforce React components to have a shouldComponentUpdate method | |||||
require-render-return | Enforce ES5 or ES6 class for returning value in render function | ☑️ | ||||
self-closing-comp | Disallow extra closing tags for components without children | 🔧 | ||||
sort-comp | Enforce component methods order | |||||
sort-default-props | Enforce defaultProps declarations alphabetical sorting | |||||
sort-prop-types | Enforce propTypes declarations alphabetical sorting | 🔧 | ||||
state-in-constructor | Enforce class component state initialization style | |||||
static-property-placement | Enforces where React component static properties should be positioned. | |||||
style-prop-object | Enforce style prop value is an object | |||||
void-dom-elements-no-children | Disallow void DOM elements (e.g. <img /> , <br /> ) from receiving children |
Other useful plugins
- Rules of Hooks: eslint-plugin-react-hooks
- JSX accessibility: eslint-plugin-jsx-a11y
- React Native: eslint-plugin-react-native
License
eslint-plugin-react
is licensed under the MIT License.
No vulnerabilities found.
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
no dangerous workflow patterns detected
Reason
26 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
0 existing vulnerabilities detected
Reason
Found 10/28 approved changesets -- score normalized to 3
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/npm-publish.yml:97
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release.yml:15
- Warn: no topLevel permission defined: .github/workflows/node-18+.yml:1
- Warn: no topLevel permission defined: .github/workflows/node-minors.yml:1
- Warn: no topLevel permission defined: .github/workflows/node-pretest.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/npm-publish.yml:10
- Warn: no topLevel permission defined: .github/workflows/rebase.yml:1
- Warn: no topLevel permission defined: .github/workflows/release.yml:1
- Warn: no topLevel permission defined: .github/workflows/require-allow-edits.yml:1
- Warn: no topLevel permission defined: .github/workflows/smoke-test.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/type-check.yml:6
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node-18+.yml:101: update your workflow using https://app.stepsecurity.io/secureworkflow/jsx-eslint/eslint-plugin-react/node-18+.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/node-18+.yml:102: update your workflow using https://app.stepsecurity.io/secureworkflow/jsx-eslint/eslint-plugin-react/node-18+.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/node-18+.yml:112: update your workflow using https://app.stepsecurity.io/secureworkflow/jsx-eslint/eslint-plugin-react/node-18+.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/node-18+.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/jsx-eslint/eslint-plugin-react/node-18+.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/node-minors.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/jsx-eslint/eslint-plugin-react/node-minors.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node-minors.yml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/jsx-eslint/eslint-plugin-react/node-minors.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/node-minors.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/jsx-eslint/eslint-plugin-react/node-minors.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/node-minors.yml:110: update your workflow using https://app.stepsecurity.io/secureworkflow/jsx-eslint/eslint-plugin-react/node-minors.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node-pretest.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/jsx-eslint/eslint-plugin-react/node-pretest.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/node-pretest.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/jsx-eslint/eslint-plugin-react/node-pretest.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node-pretest.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/jsx-eslint/eslint-plugin-react/node-pretest.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/node-pretest.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/jsx-eslint/eslint-plugin-react/node-pretest.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/npm-publish.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/jsx-eslint/eslint-plugin-react/npm-publish.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/npm-publish.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/jsx-eslint/eslint-plugin-react/npm-publish.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/npm-publish.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/jsx-eslint/eslint-plugin-react/npm-publish.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/npm-publish.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/jsx-eslint/eslint-plugin-react/npm-publish.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/npm-publish.yml:100: update your workflow using https://app.stepsecurity.io/secureworkflow/jsx-eslint/eslint-plugin-react/npm-publish.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/npm-publish.yml:109: update your workflow using https://app.stepsecurity.io/secureworkflow/jsx-eslint/eslint-plugin-react/npm-publish.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/npm-publish.yml:113: update your workflow using https://app.stepsecurity.io/secureworkflow/jsx-eslint/eslint-plugin-react/npm-publish.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/npm-publish.yml:124: update your workflow using https://app.stepsecurity.io/secureworkflow/jsx-eslint/eslint-plugin-react/npm-publish.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/jsx-eslint/eslint-plugin-react/release.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/jsx-eslint/eslint-plugin-react/release.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/jsx-eslint/eslint-plugin-react/release.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/jsx-eslint/eslint-plugin-react/release.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/jsx-eslint/eslint-plugin-react/release.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/require-allow-edits.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/jsx-eslint/eslint-plugin-react/require-allow-edits.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/smoke-test.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/jsx-eslint/eslint-plugin-react/smoke-test.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/smoke-test.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/jsx-eslint/eslint-plugin-react/smoke-test.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/smoke-test.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/jsx-eslint/eslint-plugin-react/smoke-test.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/type-check.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/jsx-eslint/eslint-plugin-react/type-check.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/type-check.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/jsx-eslint/eslint-plugin-react/type-check.yml/master?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/type-check.yml:61
- Warn: npmCommand not pinned by hash: .github/workflows/type-check.yml:65
- Info: 0 out of 11 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 20 third-party GitHubAction dependencies pinned
- Info: 0 out of 2 npmCommand dependencies pinned
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 1 commits out of 12 are checked with a SAST tool
Score
5.8
/10
Last Scanned on 2024-12-16
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn MoreOther packages similar to eslint-plugin-react
eslint-plugin-react-hooks
ESLint rules for React Hooks
eslint-plugin-react-refresh
Validate that your components can safely be updated with Fast Refresh
eslint-plugin-react-native
React Native specific linting rules for ESLint
eslint-plugin-react-native-globals
ESLint Environment for React Native