QP18 ESLint Configuration Presence

What this means

SiteShadow flagged missing ESLint configuration (or missing enforcement) in a JavaScript/TypeScript project.

Why it matters

Linting helps catch errors and enforce secure patterns.

• Common mistakes slip in (unsafe eval usage, unsafe regexes, inconsistent input handling).
• Insecure patterns persist because nobody gets fast feedback.
• Review burden increases without automated checks.

Safer examples

1) Add ESLint + TypeScript rules

Enable recommended rules and security-minded plugins where appropriate.

2) Run ESLint in CI and locally

Fail PRs when lint fails; add a lint script in package.json.

3) Keep configuration consistent across packages

In monorepos, share a base config to avoid drift.

How SiteShadow detects it (high level)

• Detects absence of ESLint config and whether linting appears integrated into CI/dev workflow.
• Flags repos where JS/TS quality checks are missing.

References

• OWASP Top 10: https://owasp.org/Top10/

---

← Back to Vulnerability Library