SiteShadow
Back to vulnerability library
Detected byEngineering-practice checks (QP)Pro

QP18 ESLint Configuration Presence

What this means

SiteShadow flagged missing ESLint configuration (or missing enforcement) in a JavaScript/TypeScript project.

Why it matters

Linting helps catch errors and enforce secure patterns.

Safer examples

1) Add ESLint + TypeScript rules

Enable recommended rules and security-minded plugins where appropriate.

2) Run ESLint in CI and locally

Fail PRs when lint fails; add a lint script in package.json.

3) Keep configuration consistent across packages

In monorepos, share a base config to avoid drift.

How SiteShadow detects it (high level)

References

---

← Back to Vulnerability Library

Catch this with SiteShadow Pro.

This vulnerability class is detected by SiteShadow's Pro-tier engines, two-pass interprocedural taint analysis, heuristic flow checks, AI-context scanning, and cross-file detection. The free tier catches OWASP Top 10 single-file patterns; Pro adds the data-flow depth that finds this class of bug.