eslint-plugin-security is an ESLint plugin that identifies potential security vulnerabilities in JavaScript and TypeScript code. It analyzes code for unsafe practices like regular expressions vulnerable to ReDoS attacks, disabling TLS verification, and the use of dangerous functions. By integrating this plugin into your ESLint configuration, you can proactively detect and address security issues during development, improving the overall security posture of your npm packages and applications. The plugin helps developers write more secure code by highlighting potential risks early in the development lifecycle.
The eslint-plugin-security package shows sporadic release activity. Initial releases occurred in late 2015 and early 2016. Releases were infrequent between 2017 and early 2022. There was a slight increase in release frequency through 2023 and 2024 with multiple releases. The latest release was in June 2024 and no releases in 2025 yet. Overall, the package maintainers don't release the package very often.
Eslint-plugin-security downloads show significant growth from February 2024 to July 2025, peaking at 4.57 million. A notable surge occurred between February and March 2024. August 2025 downloads are currently at 4.04 million, indicating a potential slight decrease this month.
