QP18 ESLint Configuration Presence
What this means
SiteShadow flagged missing ESLint configuration (or missing enforcement) in a JavaScript/TypeScript project.
Why it matters
Linting helps catch errors and enforce secure patterns.
- Common mistakes slip in (unsafe eval usage, unsafe regexes, inconsistent input handling).
- Insecure patterns persist because nobody gets fast feedback.
- Review burden increases without automated checks.
Safer examples
1) Add ESLint + TypeScript rules
Enable recommended rules and security-minded plugins where appropriate.
2) Run ESLint in CI and locally
Fail PRs when lint fails; add a lint script in package.json.
3) Keep configuration consistent across packages
In monorepos, share a base config to avoid drift.
How SiteShadow detects it (high level)
- Detects absence of ESLint config and whether linting appears integrated into CI/dev workflow.
- Flags repos where JS/TS quality checks are missing.
References
- OWASP Top 10: https://owasp.org/Top10/
---
← Back to Vulnerability Library
Catch this with SiteShadow Pro.
This vulnerability class is detected by SiteShadow's Pro-tier engines, two-pass interprocedural taint analysis, heuristic flow checks, AI-context scanning, and cross-file detection. The free tier catches OWASP Top 10 single-file patterns; Pro adds the data-flow depth that finds this class of bug.