npmpackage.info

eslint

Find and fix problems in your JavaScript code.

9.15.0

25,171

MIT

JavaScript

360.26 kB

7,036,038,256 6.9

Installations

npm install eslint

Score

86.2

Supply Chain

95.7

Quality

92.8

Maintenance

100

Vulnerability

98.9

License

Pull Requests

Open

10

Total

7,627

Closed

1,351

Merged

6,266

Issues

Open

82

Total

10,383

Closed

10,301

Releases

336

v9.15.0

Published on 15 Nov 2024

v9.14.0

Published on 01 Nov 2024

v9.13.0

Published on 18 Oct 2024

v9.12.0

Published on 04 Oct 2024

v9.11.1

Published on 23 Sept 2024

v9.11.0

Published on 20 Sept 2024

View all 336 releases

Developer

eslint

Developer Guide

BETA

Module System

CommonJS, ESM

Min. Node Version

^18.18.0 || ^20.9.0 || >=21.1.0

Typescript Support

Yes

Node Version

20.9.0

NPM Version

10.1.0 Statistics

25,171 Stars

9,838 Commits

4,554 Forks

315 Watching

83 Branches

1,032 Contributors

Updated on 28 Nov 2024

Bundle Size

1.33 MB

Minified

360.26 kB

Minified + Gzipped

Bundlephobia

Languages

JavaScript (99.54%)

TypeScript (0.41%)

EJS (0.04%)

HTML (0.01%)

Total Downloads

Cumulative downloads

Total Downloads

7,036,038,256

Last day

-8.8%

8,582,578

Compared to previous day

Last week

0.5%

51,122,062

Compared to previous week

Last month

15.8%

206,312,499

Compared to previous month

Last year

20.3%

1,976,576,914

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

Peer Dependencies

jiti

Dev Dependencies

Versions

ESLint

ESLint is a tool for identifying and reporting on patterns found in ECMAScript/JavaScript code. In many ways, it is similar to JSLint and JSHint with a few exceptions:

ESLint uses Espree for JavaScript parsing.
ESLint uses an AST to evaluate patterns in code.
ESLint is completely pluggable, every single rule is a plugin and you can add more at runtime.

Installation and Usage
Configuration
Version Support
Code of Conduct
Filing Issues
Frequently Asked Questions
Releases
Security Policy
Semantic Versioning Policy
Stylistic Rule Updates
License
Team
Sponsors
Technology Sponsors

Installation and Usage

Prerequisites: Node.js (^18.18.0, ^20.9.0, or >=21.1.0) built with SSL support. (If you are using an official Node.js distribution, SSL is always built in.)

You can install and configure ESLint using this command:

1npm init @eslint/config@latest

After that, you can run ESLint on any file or directory like this:

1npx eslint yourfile.js

Configuration

You can configure rules in your eslint.config.js files as in this example:

1export default [
2    {
3        files: ["**/*.js", "**/*.cjs", "**/*.mjs"],
4        rules: {
5            "prefer-const": "warn",
6            "no-constant-binary-expression": "error"
7        }
8    }
9];

The names "prefer-const" and "no-constant-binary-expression" are the names of rules in ESLint. The first value is the error level of the rule and can be one of these values:

"off" or 0 - turn the rule off
"warn" or 1 - turn the rule on as a warning (doesn't affect exit code)
"error" or 2 - turn the rule on as an error (exit code will be 1)

The three error levels allow you fine-grained control over how ESLint applies rules (for more configuration options and details, see the configuration docs).

Version Support

The ESLint team provides ongoing support for the current version and six months of limited support for the previous version. Limited support includes critical bug fixes, security issues, and compatibility issues only.

ESLint offers commercial support for both current and previous versions through our partners, Tidelift and HeroDevs.

See Version Support for more details.

Code of Conduct

ESLint adheres to the OpenJS Foundation Code of Conduct.

Filing Issues

Before filing an issue, please be sure to read the guidelines for what you're reporting:

Frequently Asked Questions

Does ESLint support JSX?

Yes, ESLint natively supports parsing JSX syntax (this must be enabled in configuration). Please note that supporting JSX syntax is not the same as supporting React. React applies specific semantics to JSX syntax that ESLint doesn't recognize. We recommend using eslint-plugin-react if you are using React and want React semantics.

Does Prettier replace ESLint?

No, ESLint and Prettier have different jobs: ESLint is a linter (looking for problematic patterns) and Prettier is a code formatter. Using both tools is common, refer to Prettier's documentation to learn how to configure them to work well with each other.

What ECMAScript versions does ESLint support?

ESLint has full support for ECMAScript 3, 5, and every year from 2015 up until the most recent stage 4 specification (the default). You can set your desired ECMAScript syntax and other settings (like global variables) through configuration.

What about experimental features?

ESLint's parser only officially supports the latest final ECMAScript standard. We will make changes to core rules in order to avoid crashes on stage 3 ECMAScript syntax proposals (as long as they are implemented using the correct experimental ESTree syntax). We may make changes to core rules to better work with language extensions (such as JSX, Flow, and TypeScript) on a case-by-case basis.

In other cases (including if rules need to warn on more or fewer cases due to new syntax, rather than just not crashing), we recommend you use other parsers and/or rule plugins. If you are using Babel, you can use @babel/eslint-parser and @babel/eslint-plugin to use any option available in Babel.

Once a language feature has been adopted into the ECMAScript standard (stage 4 according to the TC39 process), we will accept issues and pull requests related to the new feature, subject to our contributing guidelines. Until then, please use the appropriate parser and plugin(s) for your experimental feature.

Which Node.js versions does ESLint support?

ESLint updates the supported Node.js versions with each major release of ESLint. At that time, ESLint's supported Node.js versions are updated to be:

The most recent maintenance release of Node.js
The lowest minor version of the Node.js LTS release that includes the features the ESLint team wants to use.
The Node.js Current release

ESLint is also expected to work with Node.js versions released after the Node.js Current release.

Refer to the Quick Start Guide for the officially supported Node.js versions for a given ESLint release.

Where to ask for help?

Open a discussion or stop by our Discord server.

Why doesn't ESLint lock dependency versions?

Lock files like package-lock.json are helpful for deployed applications. They ensure that dependencies are consistent between environments and across deployments.

Packages like eslint that get published to the npm registry do not include lock files. npm install eslint as a user will respect version constraints in ESLint's package.json. ESLint and its dependencies will be included in the user's lock file if one exists, but ESLint's own lock file would not be used.

We intentionally don't lock dependency versions so that we have the latest compatible dependency versions in development and CI that our users get when installing ESLint in a project.

The Twilio blog has a deeper dive to learn more.

Releases

We have scheduled releases every two weeks on Friday or Saturday. You can follow a release issue for updates about the scheduling of any particular release.

Security Policy

ESLint takes security seriously. We work hard to ensure that ESLint is safe for everyone and that security issues are addressed quickly and responsibly. Read the full security policy.

Semantic Versioning Policy

ESLint follows semantic versioning. However, due to the nature of ESLint as a code quality tool, it's not always clear when a minor or major version bump occurs. To help clarify this for everyone, we've defined the following semantic versioning policy for ESLint:

Patch release (intended to not break your lint build)
- A bug fix in a rule that results in ESLint reporting fewer linting errors.
- A bug fix to the CLI or core (including formatters).
- Improvements to documentation.
- Non-user-facing changes such as refactoring code, adding, deleting, or modifying tests, and increasing test coverage.
- Re-releasing after a failed release (i.e., publishing a release that doesn't work for anyone).
Minor release (might break your lint build)
- A bug fix in a rule that results in ESLint reporting more linting errors.
- A new rule is created.
- A new option to an existing rule that does not result in ESLint reporting more linting errors by default.
- A new addition to an existing rule to support a newly-added language feature (within the last 12 months) that will result in ESLint reporting more linting errors by default.
- An existing rule is deprecated.
- A new CLI capability is created.
- New capabilities to the public API are added (new classes, new methods, new arguments to existing methods, etc.).
- A new formatter is created.
- eslint:recommended is updated and will result in strictly fewer linting errors (e.g., rule removals).
Major release (likely to break your lint build)
- eslint:recommended is updated and may result in new linting errors (e.g., rule additions, most rule option updates).
- A new option to an existing rule that results in ESLint reporting more linting errors by default.
- An existing formatter is removed.
- Part of the public API is removed or changed in an incompatible way. The public API includes:
  - Rule schemas
  - Configuration schema
  - Command-line options
  - Node.js API
  - Rule, formatter, parser, plugin APIs

According to our policy, any minor update may report more linting errors than the previous release (ex: from a bug fix). As such, we recommend using the tilde (~) in package.json e.g. "eslint": "~3.1.0" to guarantee the results of your builds.

Stylistic Rule Updates

Stylistic rules are frozen according to our policy on how we evaluate new rules and rule changes. This means:

Bug fixes: We will still fix bugs in stylistic rules.
New ECMAScript features: We will also make sure stylistic rules are compatible with new ECMAScript features.
New options: We will not add any new options to stylistic rules unless an option is the only way to fix a bug or support a newly-added ECMAScript feature.

License

Team

These folks keep the project moving and are resources for help.

Technical Steering Committee (TSC)

The people who manage releases, review feature requests, and meet regularly to ensure ESLint is properly maintained.

Nicholas C. Zakas

Francesco Trotta

Milos Djermanovic

Reviewers

The people who review and implement new features.

唯然	Nitin Kumar

Committers

The people who review and fix bugs and help triage issues.

Josh Goldberg ✨

Tanuj Kanti

Website Team

Team members who focus specifically on eslint.org

Amaresh S M

Strek

Percy Ma

9.15.0

MODERATE

0/10

Summary

Regular Expression Denial of Service

Affected Versions

< 4.18.2

Patched Versions

4.18.2

10

Maintained

Determines if the project is "actively maintained".

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

License

Determines if the project has defined a license.

10

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

Security-Policy

Determines if the project has published a security policy.

10

SAST

Determines if the project uses static code analysis.

7

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 0

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/annotate_pr.yaml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/eslint/eslint/annotate_pr.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/annotate_pr.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/eslint/eslint/annotate_pr.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/eslint/eslint/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/eslint/eslint/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/eslint/eslint/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/eslint/eslint/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/eslint/eslint/ci.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/eslint/eslint/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:82: update your workflow using https://app.stepsecurity.io/secureworkflow/eslint/eslint/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/eslint/eslint/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/eslint/eslint/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:100: update your workflow using https://app.stepsecurity.io/secureworkflow/eslint/eslint/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:109: update your workflow using https://app.stepsecurity.io/secureworkflow/eslint/eslint/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:120: update your workflow using https://app.stepsecurity.io/secureworkflow/eslint/eslint/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:121: update your workflow using https://app.stepsecurity.io/secureworkflow/eslint/eslint/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/eslint/eslint/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/eslint/eslint/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/eslint/eslint/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/eslint/eslint/codeql-analysis.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs-ci.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/eslint/eslint/docs-ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs-ci.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/eslint/eslint/docs-ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr-labeler.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/eslint/eslint/pr-labeler.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rebuild-docs-sites.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/eslint/eslint/rebuild-docs-sites.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/stale.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/eslint/eslint/stale.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/types-integration.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/eslint/eslint/types-integration.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/types-integration.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/eslint/eslint/types-integration.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/types-integration.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/eslint/eslint/types-integration.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/types-integration.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/eslint/eslint/types-integration.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/types-integration.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/eslint/eslint/types-integration.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/types-integration.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/eslint/eslint/types-integration.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/types-integration.yml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/eslint/eslint/types-integration.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/types-integration.yml:88: update your workflow using https://app.stepsecurity.io/secureworkflow/eslint/eslint/types-integration.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/types-integration.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/eslint/eslint/types-integration.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/types-integration.yml:116: update your workflow using https://app.stepsecurity.io/secureworkflow/eslint/eslint/types-integration.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/types-integration.yml:121: update your workflow using https://app.stepsecurity.io/secureworkflow/eslint/eslint/types-integration.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/types-integration.yml:126: update your workflow using https://app.stepsecurity.io/secureworkflow/eslint/eslint/types-integration.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/types-integration.yml:135: update your workflow using https://app.stepsecurity.io/secureworkflow/eslint/eslint/types-integration.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/types-integration.yml:155: update your workflow using https://app.stepsecurity.io/secureworkflow/eslint/eslint/types-integration.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/types-integration.yml:159: update your workflow using https://app.stepsecurity.io/secureworkflow/eslint/eslint/types-integration.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-readme.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/eslint/eslint/update-readme.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/update-readme.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/eslint/eslint/update-readme.yml/main?enable=pin
Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:22
Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:26
Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:88
Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:105
Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:126
Warn: npmCommand not pinned by hash: .github/workflows/docs-ci.yml:29
Warn: npmCommand not pinned by hash: .github/workflows/docs-ci.yml:32
Warn: npmCommand not pinned by hash: .github/workflows/types-integration.yml:133
Warn: npmCommand not pinned by hash: .github/workflows/types-integration.yml:143
Warn: npmCommand not pinned by hash: .github/workflows/types-integration.yml:144
Warn: npmCommand not pinned by hash: .github/workflows/types-integration.yml:166
Warn: npmCommand not pinned by hash: .github/workflows/types-integration.yml:34
Warn: npmCommand not pinned by hash: .github/workflows/types-integration.yml:38
Warn: npmCommand not pinned by hash: .github/workflows/types-integration.yml:39
Warn: npmCommand not pinned by hash: .github/workflows/types-integration.yml:67
Warn: npmCommand not pinned by hash: .github/workflows/types-integration.yml:71
Warn: npmCommand not pinned by hash: .github/workflows/types-integration.yml:72
Warn: npmCommand not pinned by hash: .github/workflows/types-integration.yml:100
Warn: npmCommand not pinned by hash: .github/workflows/types-integration.yml:104
Warn: npmCommand not pinned by hash: .github/workflows/types-integration.yml:105
Warn: npmCommand not pinned by hash: .github/workflows/update-readme.yml:21
Info: 0 out of 35 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 6 third-party GitHubAction dependencies pinned
Info: 0 out of 21 npmCommand dependencies pinned

0

Fuzzing

Determines if the project uses fuzzing.

Score

6.9

/10

Last Scanned on 2024-11-25

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More

Other packages similar to eslint

@typescript-eslint/eslint-plugin

8.16.0

TypeScript plugin for ESLint

@eslint-community/eslint-utils

4.4.1

Utilities for ESLint plugins.

@eslint/js

9.15.0

ESLint JavaScript language implementation

eslint-utils

3.0.0

Utilities for ESLint plugins.

eslint

Installations

Score

Pull Requests

10

7,627

1,351

6,266

Issues

82

10,383

10,301

Releases

Developer

Developer Guide

CommonJS, ESM

^18.18.0 || ^20.9.0 || >=21.1.0

Yes

20.9.0

10.1.0

Statistics

Bundle Size

1.33 MB

360.26 kB

Languages

Total Downloads

7,036,038,256

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

Peer Dependencies

Dev Dependencies

ESLint

Table of Contents

Installation and Usage

Configuration

Version Support

Code of Conduct

Filing Issues

Frequently Asked Questions

Does ESLint support JSX?

Does Prettier replace ESLint?

What ECMAScript versions does ESLint support?

What about experimental features?

Which Node.js versions does ESLint support?

Where to ask for help?

Why doesn't ESLint lock dependency versions?

Releases

Security Policy

Semantic Versioning Policy

Stylistic Rule Updates

License

Team

Technical Steering Committee (TSC)

Reviewers

Committers

Website Team

Sponsors

Platinum Sponsors

Gold Sponsors

Silver Sponsors

Bronze Sponsors

Technology Sponsors

Stable Version

9.15.0

MODERATE

10

10

10

10

10

10

10

7

0

0

0

0