Gathering detailed insights and metrics for eslint-plugin-unicorn
Gathering detailed insights and metrics for eslint-plugin-unicorn
Installations
npm install eslint-plugin-unicornDeveloper Guide
BETA
Typescript
Yes
Module System
ESM
Min. Node Version
^18.20.0 || ^20.10.0 || >=21.0.0
Node Version
23.6.1
NPM Version
10.9.2
Score
91.5
Supply Chain
93.7
Quality
84.5
Maintenance
100
Vulnerability
98.9
License
Releases
106
Languages
2
JavaScript
EJS
JavaScript (99.84%)
EJS (0.16%)
Developer
sindresorhus
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
4,624 Stars
1,508 Commits
406 Forks
22 Watchers
2 Branches
165 Contributors
Updated on Jul 03, 2025
Sponsor this package
Maintainers
2
Package Meta Information
Latest Version
59.0.1
Package Id
eslint-plugin-unicorn@59.0.1
Unpacked Size
743.95 kB
Size
169.43 kB
File Count
240
NPM Version
10.9.2
Node Version
23.6.1
Published on
May 06, 2025
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
17
Peer Dependencies
1
Dev Dependencies
32
@babel/code-frame@babel/core@babel/eslint-parser@eslint/eslintrc@lubien/fixture-beta-package@typescript-eslint/parseravac8enquirereslinteslint-ava-rule-testereslint-config-xoeslint-doc-generatoreslint-plugin-eslint-plugineslint-plugin-jsdoceslint-remote-testereslint-remote-tester-repositoriesespreelistr2lodash-esmarkdownlint-climemoizenano-spawnnode-style-textnpm-package-json-lintnpm-run-all2open-editoroutdentpretty-mstypescriptvue-eslint-parseryaml
eslint-plugin-unicorn 
More than 100 powerful ESLint rules
You might want to check out XO, which includes this plugin.
Propose or contribute a new rule ➡
Install
1npm install --save-dev eslint eslint-plugin-unicorn
Requires ESLint >=9.20.0, flat config, and ESM.
Usage
Use a preset config or configure each rule in eslint.config.js.
If you don't use the preset, ensure you use the same languageOptions config as below.
1import eslintPluginUnicorn from 'eslint-plugin-unicorn'; 2import globals from 'globals'; 3 4export default [ 5 { 6 languageOptions: { 7 globals: globals.builtin, 8 }, 9 plugins: { 10 unicorn: eslintPluginUnicorn, 11 }, 12 rules: { 13 'unicorn/better-regex': 'error', 14 'unicorn/…': 'error', 15 }, 16 }, 17 // … 18];
Rules
💼 Configurations enabled in.
✅ Set in the recommended configuration.
🔧 Automatically fixable by the --fix CLI option.
💡 Manually fixable by editor suggestions.
| Name | Description | 💼 | 🔧 | 💡 |
|---|---|---|---|---|
| better-regex | Improve regexes by making them shorter, consistent, and safer. | 🔧 | ||
| catch-error-name | Enforce a specific parameter name in catch clauses. | ✅ | 🔧 | |
| consistent-assert | Enforce consistent assertion style with node:assert. | ✅ | 🔧 | |
| consistent-date-clone | Prefer passing Date directly to the constructor when cloning. | ✅ | 🔧 | |
| consistent-destructuring | Use destructured variables over properties. | 🔧 | 💡 | |
| consistent-empty-array-spread | Prefer consistent types when spreading a ternary in an array literal. | ✅ | 🔧 | |
| consistent-existence-index-check | Enforce consistent style for element existence checks with indexOf(), lastIndexOf(), findIndex(), and findLastIndex(). | ✅ | 🔧 | |
| consistent-function-scoping | Move function definitions to the highest possible scope. | ✅ | ||
| custom-error-definition | Enforce correct Error subclassing. | 🔧 | ||
| empty-brace-spaces | Enforce no spaces between braces. | ✅ | 🔧 | |
| error-message | Enforce passing a message value when creating a built-in error. | ✅ | ||
| escape-case | Require escape sequences to use uppercase or lowercase values. | ✅ | 🔧 | |
| expiring-todo-comments | Add expiration conditions to TODO comments. | ✅ | ||
| explicit-length-check | Enforce explicitly comparing the length or size property of a value. | ✅ | 🔧 | 💡 |
| filename-case | Enforce a case style for filenames. | ✅ | ||
| import-style | Enforce specific import styles per module. | ✅ | ||
| new-for-builtins | Enforce the use of new for all builtins, except String, Number, Boolean, Symbol and BigInt. | ✅ | 🔧 | 💡 |
| no-abusive-eslint-disable | Enforce specifying rules to disable in eslint-disable comments. | ✅ | ||
| no-accessor-recursion | Disallow recursive access to this within getters and setters. | ✅ | ||
| no-anonymous-default-export | Disallow anonymous functions and classes as the default export. | ✅ | 💡 | |
| no-array-callback-reference | Prevent passing a function reference directly to iterator methods. | ✅ | 💡 | |
| no-array-for-each | Prefer for…of over the forEach method. | ✅ | 🔧 | 💡 |
| no-array-method-this-argument | Disallow using the this argument in array methods. | ✅ | 🔧 | 💡 |
| no-array-reduce | Disallow Array#reduce() and Array#reduceRight(). | ✅ | ||
| no-await-expression-member | Disallow member access from await expression. | ✅ | 🔧 | |
| no-await-in-promise-methods | Disallow using await in Promise method parameters. | ✅ | 💡 | |
| no-console-spaces | Do not use leading/trailing space between console.log parameters. | ✅ | 🔧 | |
| no-document-cookie | Do not use document.cookie directly. | ✅ | ||
| no-empty-file | Disallow empty files. | ✅ | ||
| no-for-loop | Do not use a for loop that can be replaced with a for-of loop. | ✅ | 🔧 | 💡 |
| no-hex-escape | Enforce the use of Unicode escapes instead of hexadecimal escapes. | ✅ | 🔧 | |
| no-instanceof-builtins | Disallow instanceof with built-in objects | ✅ | 🔧 | 💡 |
| no-invalid-fetch-options | Disallow invalid options in fetch() and new Request(). | ✅ | ||
| no-invalid-remove-event-listener | Prevent calling EventTarget#removeEventListener() with the result of an expression. | ✅ | ||
| no-keyword-prefix | Disallow identifiers starting with new or class. | |||
| no-lonely-if | Disallow if statements as the only statement in if blocks without else. | ✅ | 🔧 | |
| no-magic-array-flat-depth | Disallow a magic number as the depth argument in Array#flat(…). | ✅ | ||
| no-named-default | Disallow named usage of default import and export. | ✅ | 🔧 | |
| no-negated-condition | Disallow negated conditions. | ✅ | 🔧 | |
| no-negation-in-equality-check | Disallow negated expression in equality check. | ✅ | 💡 | |
| no-nested-ternary | Disallow nested ternary expressions. | ✅ | 🔧 | |
| no-new-array | Disallow new Array(). | ✅ | 🔧 | 💡 |
| no-new-buffer | Enforce the use of Buffer.from() and Buffer.alloc() instead of the deprecated new Buffer(). | ✅ | 🔧 | 💡 |
| no-null | Disallow the use of the null literal. | ✅ | 🔧 | 💡 |
| no-object-as-default-parameter | Disallow the use of objects as default parameters. | ✅ | ||
| no-process-exit | Disallow process.exit(). | ✅ | ||
| no-single-promise-in-promise-methods | Disallow passing single-element arrays to Promise methods. | ✅ | 🔧 | 💡 |
| no-static-only-class | Disallow classes that only have static members. | ✅ | 🔧 | |
| no-thenable | Disallow then property. | ✅ | ||
| no-this-assignment | Disallow assigning this to a variable. | ✅ | ||
| no-typeof-undefined | Disallow comparing undefined using typeof. | ✅ | 🔧 | 💡 |
| no-unnecessary-array-flat-depth | Disallow using 1 as the depth argument of Array#flat(). | ✅ | 🔧 | |
| no-unnecessary-array-splice-count | Disallow using .length or Infinity as the deleteCount or skipCount argument of Array#{splice,toSpliced}(). | ✅ | 🔧 | |
| no-unnecessary-await | Disallow awaiting non-promise values. | ✅ | 🔧 | |
| no-unnecessary-polyfills | Enforce the use of built-in methods instead of unnecessary polyfills. | ✅ | ||
| no-unnecessary-slice-end | Disallow using .length or Infinity as the end argument of {Array,String,TypedArray}#slice(). | ✅ | 🔧 | |
| no-unreadable-array-destructuring | Disallow unreadable array destructuring. | ✅ | 🔧 | |
| no-unreadable-iife | Disallow unreadable IIFEs. | ✅ | ||
| no-unused-properties | Disallow unused object properties. | |||
| no-useless-fallback-in-spread | Disallow useless fallback when spreading in object literals. | ✅ | 🔧 | |
| no-useless-length-check | Disallow useless array length check. | ✅ | 🔧 | |
| no-useless-promise-resolve-reject | Disallow returning/yielding Promise.resolve/reject() in async functions or promise callbacks | ✅ | 🔧 | |
| no-useless-spread | Disallow unnecessary spread. | ✅ | 🔧 | |
| no-useless-switch-case | Disallow useless case in switch statements. | ✅ | 💡 | |
| no-useless-undefined | Disallow useless undefined. | ✅ | 🔧 | |
| no-zero-fractions | Disallow number literals with zero fractions or dangling dots. | ✅ | 🔧 | |
| number-literal-case | Enforce proper case for numeric literals. | ✅ | 🔧 | |
| numeric-separators-style | Enforce the style of numeric separators by correctly grouping digits. | ✅ | 🔧 | |
| prefer-add-event-listener | Prefer .addEventListener() and .removeEventListener() over on-functions. | ✅ | 🔧 | |
| prefer-array-find | Prefer .find(…) and .findLast(…) over the first or last element from .filter(…). | ✅ | 🔧 | 💡 |
| prefer-array-flat | Prefer Array#flat() over legacy techniques to flatten arrays. | ✅ | 🔧 | |
| prefer-array-flat-map | Prefer .flatMap(…) over .map(…).flat(). | ✅ | 🔧 | |
| prefer-array-index-of | Prefer Array#{indexOf,lastIndexOf}() over Array#{findIndex,findLastIndex}() when looking for the index of an item. | ✅ | 🔧 | 💡 |
| prefer-array-some | Prefer .some(…) over .filter(…).length check and .{find,findLast,findIndex,findLastIndex}(…). | ✅ | 🔧 | 💡 |
| prefer-at | Prefer .at() method for index access and String#charAt(). | ✅ | 🔧 | 💡 |
| prefer-blob-reading-methods | Prefer Blob#arrayBuffer() over FileReader#readAsArrayBuffer(…) and Blob#text() over FileReader#readAsText(…). | ✅ | ||
| prefer-code-point | Prefer String#codePointAt(…) over String#charCodeAt(…) and String.fromCodePoint(…) over String.fromCharCode(…). | ✅ | 💡 | |
| prefer-date-now | Prefer Date.now() to get the number of milliseconds since the Unix Epoch. | ✅ | 🔧 | |
| prefer-default-parameters | Prefer default parameters over reassignment. | ✅ | 🔧 | 💡 |
| prefer-dom-node-append | Prefer Node#append() over Node#appendChild(). | ✅ | 🔧 | |
| prefer-dom-node-dataset | Prefer using .dataset on DOM elements over calling attribute methods. | ✅ | 🔧 | |
| prefer-dom-node-remove | Prefer childNode.remove() over parentNode.removeChild(childNode). | ✅ | 🔧 | 💡 |
| prefer-dom-node-text-content | Prefer .textContent over .innerText. | ✅ | 💡 | |
| prefer-event-target | Prefer EventTarget over EventEmitter. | ✅ | ||
| prefer-export-from | Prefer export…from when re-exporting. | ✅ | 🔧 | 💡 |
| prefer-global-this | Prefer globalThis over window, self, and global. | ✅ | 🔧 | |
| prefer-import-meta-properties | Prefer import.meta.{dirname,filename} over legacy techniques for getting file paths. | 🔧 | ||
| prefer-includes | Prefer .includes() over .indexOf(), .lastIndexOf(), and Array#some() when checking for existence or non-existence. | ✅ | 🔧 | 💡 |
| prefer-json-parse-buffer | Prefer reading a JSON file as a buffer. | 🔧 | ||
| prefer-keyboard-event-key | Prefer KeyboardEvent#key over KeyboardEvent#keyCode. | ✅ | 🔧 | |
| prefer-logical-operator-over-ternary | Prefer using a logical operator over a ternary. | ✅ | 💡 | |
| prefer-math-min-max | Prefer Math.min() and Math.max() over ternaries for simple comparisons. | ✅ | 🔧 | |
| prefer-math-trunc | Enforce the use of Math.trunc instead of bitwise operators. | ✅ | 🔧 | 💡 |
| prefer-modern-dom-apis | Prefer .before() over .insertBefore(), .replaceWith() over .replaceChild(), prefer one of .before(), .after(), .append() or .prepend() over insertAdjacentText() and insertAdjacentElement(). | ✅ | 🔧 | |
| prefer-modern-math-apis | Prefer modern Math APIs over legacy patterns. | ✅ | 🔧 | |
| prefer-module | Prefer JavaScript modules (ESM) over CommonJS. | ✅ | 🔧 | 💡 |
| prefer-native-coercion-functions | Prefer using String, Number, BigInt, Boolean, and Symbol directly. | ✅ | 🔧 | |
| prefer-negative-index | Prefer negative index over .length - index when possible. | ✅ | 🔧 | |
| prefer-node-protocol | Prefer using the node: protocol when importing Node.js builtin modules. | ✅ | 🔧 | |
| prefer-number-properties | Prefer Number static properties over global ones. | ✅ | 🔧 | 💡 |
| prefer-object-from-entries | Prefer using Object.fromEntries(…) to transform a list of key-value pairs into an object. | ✅ | 🔧 | |
| prefer-optional-catch-binding | Prefer omitting the catch binding parameter. | ✅ | 🔧 | |
| prefer-prototype-methods | Prefer borrowing methods from the prototype instead of the instance. | ✅ | 🔧 | |
| prefer-query-selector | Prefer .querySelector() over .getElementById(), .querySelectorAll() over .getElementsByClassName() and .getElementsByTagName() and .getElementsByName(). | ✅ | 🔧 | |
| prefer-reflect-apply | Prefer Reflect.apply() over Function#apply(). | ✅ | 🔧 | |
| prefer-regexp-test | Prefer RegExp#test() over String#match() and RegExp#exec(). | ✅ | 🔧 | 💡 |
| prefer-set-has | Prefer Set#has() over Array#includes() when checking for existence or non-existence. | ✅ | 🔧 | 💡 |
| prefer-set-size | Prefer using Set#size instead of Array#length. | ✅ | 🔧 | |
| prefer-single-call | Enforce combining multiple Array#push(), Element#classList.{add,remove}(), and importScripts() into one call. | ✅ | 🔧 | 💡 |
| prefer-spread | Prefer the spread operator over Array.from(…), Array#concat(…), Array#{slice,toSpliced}() and String#split(''). | ✅ | 🔧 | 💡 |
| prefer-string-raw | Prefer using the String.raw tag to avoid escaping \. | ✅ | 🔧 | |
| prefer-string-replace-all | Prefer String#replaceAll() over regex searches with the global flag. | ✅ | 🔧 | |
| prefer-string-slice | Prefer String#slice() over String#substr() and String#substring(). | ✅ | 🔧 | |
| prefer-string-starts-ends-with | Prefer String#startsWith() & String#endsWith() over RegExp#test(). | ✅ | 🔧 | 💡 |
| prefer-string-trim-start-end | Prefer String#trimStart() / String#trimEnd() over String#trimLeft() / String#trimRight(). | ✅ | 🔧 | |
| prefer-structured-clone | Prefer using structuredClone to create a deep clone. | ✅ | 💡 | |
| prefer-switch | Prefer switch over multiple else-if. | ✅ | 🔧 | |
| prefer-ternary | Prefer ternary expressions over simple if-else statements. | ✅ | 🔧 | |
| prefer-top-level-await | Prefer top-level await over top-level promises and async function calls. | ✅ | 💡 | |
| prefer-type-error | Enforce throwing TypeError in type checking conditions. | ✅ | 🔧 | |
| prevent-abbreviations | Prevent abbreviations. | ✅ | 🔧 | |
| relative-url-style | Enforce consistent relative URL style. | ✅ | 🔧 | 💡 |
| require-array-join-separator | Enforce using the separator argument with Array#join(). | ✅ | 🔧 | |
| require-number-to-fixed-digits-argument | Enforce using the digits argument with Number#toFixed(). | ✅ | 🔧 | |
| require-post-message-target-origin | Enforce using the targetOrigin argument with window.postMessage(). | 💡 | ||
| string-content | Enforce better string content. | 🔧 | 💡 | |
| switch-case-braces | Enforce consistent brace style for case clauses. | ✅ | 🔧 | |
| template-indent | Fix whitespace-insensitive template indentation. | ✅ | 🔧 | |
| text-encoding-identifier-case | Enforce consistent case for text encoding identifiers. | ✅ | 🔧 | 💡 |
| throw-new-error | Require new when creating an error. | ✅ | 🔧 |
Deleted and deprecated rules
See the list.
Preset configs
See the ESLint docs for more information about extending config files.
Note: Preset configs will also enable the correct language options.
Recommended config
This plugin exports a recommended config that enforces good practices.
1import eslintPluginUnicorn from 'eslint-plugin-unicorn'; 2 3export default [ 4 // … 5 eslintPluginUnicorn.configs.recommended, 6 { 7 rules: { 8 'unicorn/better-regex': 'warn', 9 }, 10 }, 11];
All config
This plugin exports an all that makes use of all rules (except for deprecated ones).
1import eslintPluginUnicorn from 'eslint-plugin-unicorn'; 2 3export default [ 4 // … 5 eslintPluginUnicorn.configs.all, 6 { 7 rules: { 8 'unicorn/better-regex': 'warn', 9 }, 10 }, 11];
Maintainers
Former
No vulnerabilities found.
Reason
30 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: license:0
- Info: FSF or OSI recognized license: MIT License: license:0
Reason
security policy file detected
Details
- Info: security policy file detected: .github/security.md:1
- Info: Found linked content: .github/security.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: .github/security.md:1
- Info: Found text in security policy: .github/security.md:1
Reason
0 existing vulnerabilities detected
Reason
no binaries found in the repo
Reason
Found 28/30 approved changesets -- score normalized to 9
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'main'
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: topLevel 'contents' permission set to 'read': .github/workflows/main.yml:6
- Warn: no topLevel permission defined: .github/workflows/smoke-test.yml:1
- Warn: no topLevel permission defined: .github/workflows/title-formatter.yml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/sindresorhus/eslint-plugin-unicorn/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:88: update your workflow using https://app.stepsecurity.io/secureworkflow/sindresorhus/eslint-plugin-unicorn/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/sindresorhus/eslint-plugin-unicorn/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/sindresorhus/eslint-plugin-unicorn/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/sindresorhus/eslint-plugin-unicorn/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/sindresorhus/eslint-plugin-unicorn/main.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/sindresorhus/eslint-plugin-unicorn/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/sindresorhus/eslint-plugin-unicorn/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/sindresorhus/eslint-plugin-unicorn/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/smoke-test.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/sindresorhus/eslint-plugin-unicorn/smoke-test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/smoke-test.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/sindresorhus/eslint-plugin-unicorn/smoke-test.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/smoke-test.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/sindresorhus/eslint-plugin-unicorn/smoke-test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/title-formatter.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/sindresorhus/eslint-plugin-unicorn/title-formatter.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/title-formatter.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/sindresorhus/eslint-plugin-unicorn/title-formatter.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/main.yml:33
- Warn: npmCommand not pinned by hash: .github/workflows/main.yml:48
- Warn: npmCommand not pinned by hash: .github/workflows/main.yml:67
- Warn: npmCommand not pinned by hash: .github/workflows/main.yml:90
- Warn: npmCommand not pinned by hash: .github/workflows/smoke-test.yml:15
- Info: 0 out of 11 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 3 third-party GitHubAction dependencies pinned
- Info: 0 out of 5 npmCommand dependencies pinned
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 28 are checked with a SAST tool
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Score
5.8
/10
Last Scanned on 2025-06-23
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More