{"id":35277403,"url":"https://github.com/hjylewis/esplint","last_synced_at":"2025-12-30T14:04:53.376Z","repository":{"id":32916140,"uuid":"123234612","full_name":"hjylewis/esplint","owner":"hjylewis","description":":face_with_head_bandage: An ESLint warning tracker to help introduce rules into a legacy code base","archived":false,"fork":false,"pushed_at":"2025-11-18T12:39:53.000Z","size":2835,"stargazers_count":38,"open_issues_count":7,"forks_count":9,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-11-19T19:08:53.322Z","etag":null,"topics":["eslint","javascript","linting"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hjylewis.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-02-28T05:34:47.000Z","updated_at":"2025-09-04T17:35:00.000Z","dependencies_parsed_at":"2023-02-15T11:01:22.653Z","dependency_job_id":"500ef094-8d24-49ed-aeac-014bf030ca70","html_url":"https://github.com/hjylewis/esplint","commit_stats":{"total_commits":158,"total_committers":11,"mean_commits":"14.363636363636363","dds":0.5316455696202531,"last_synced_commit":"a770b8f625c425f405495995a1424ec4ca302595"},"previous_names":[],"tags_count":27,"template":false,"template_full_name":null,"purl":"pkg:github/hjylewis/esplint","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hjylewis%2Fesplint","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hjylewis%2Fesplint/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hjylewis%2Fesplint/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hjylewis%2Fesplint/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hjylewis","download_url":"https://codeload.github.com/hjylewis/esplint/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hjylewis%2Fesplint/sbom","scorecard":{"id":466047,"data":{"date":"2025-08-11","repo":{"name":"github.com/hjylewis/esplint","commit":"461a676bb7c302c9d966143702f1079093ee20e5"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.7,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Code-Review","score":2,"reason":"Found 4/16 approved changesets -- score normalized to 2","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/validate.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":4,"reason":"dependency not pinned by hash detected -- score normalized to 4","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/validate.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/hjylewis/esplint/validate.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/validate.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/hjylewis/esplint/validate.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/validate.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/hjylewis/esplint/validate.yml/master?enable=pin","Info:   0 out of   2 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 third-party GitHubAction dependencies pinned","Info:   1 out of   1 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 23 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":4,"reason":"6 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-fjxv-7rqg-78g4","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv","Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-19T12:32:05.528Z","repository_id":32916140,"created_at":"2025-08-19T12:32:05.529Z","updated_at":"2025-08-19T12:32:05.529Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28127989,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-12-30T02:00:05.476Z","response_time":64,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["eslint","javascript","linting"],"created_at":"2025-12-30T14:02:37.218Z","updated_at":"2025-12-30T14:04:53.362Z","avatar_url":"https://github.com/hjylewis.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# esplint\n\n[![npm](https://img.shields.io/npm/v/esplint.svg?style=flat-square)](https://www.npmjs.com/package/esplint)\n[![Build Status](https://img.shields.io/github/workflow/status/hjylewis/esplint/Validation%20CI?label=CI\u0026style=flat-square)](https://github.com/hjylewis/esplint/actions/workflows/validate.yml)\n[![codecov](https://img.shields.io/codecov/c/github/hjylewis/esplint/master?style=flat-square)](https://codecov.io/gh/hjylewis/esplint)\n[![npm](https://img.shields.io/npm/l/esplint.svg?style=flat-square)](https://github.com/hjylewis/esplint/blob/master/LICENSE)\n\nAn ESLint warning tracker to help introduce rules into a legacy code base\n\n## About\n\nLinting is a powerful way to catch bad code and enforce best practices. That said, turning a rule on for an existing project can be difficult. It can surface hidden violations that you must fix before you can use the rule at all.\n\nInstead, esplint allows you to turn new rules on as “warnings,” and prevent further violations. esplint tracks the number of eslint “warnings” in each file and prevents the number of “warnings” from increasing. When the number of “warnings” decreases, esplint records the new lower number. This way you can fix existing, legacy violations over time while avoiding further violations.\n\nFor more information about the motivation behind esplint, read this [post](http://hjylewis.com/posts/how-to-painlessly-turn-on-eslint-rules/).\n\n## Getting Started\n\nInstall esplint as a dev dependency of your project.\n\n```sh\n$ npm install esplint --save-dev\n```\n\nCreate `.esplintrc.js` and add your [configurations](#configuration).\n\n```js\nmodule.exports = {\n  surfaceArea: [ ... ],\n  rules: [ ...the rules you wish to track... ]\n};\n```\n\nRun\n\n```sh\n$ ./node_modules/.bin/esplint\n```\n\nThis will create a `.esplint.rec.json` record file that stores the number of eslint warnings per file. Add this file to your git repository.\n\n\u003e NOTE: This record file will only include files _with_ warnings. If a file is included in the esplint \"surfaceArea\" but not present in the record file then it has none of the tracked warnings.\n\nNow add this esplint check to your validation on commit hooks (using [lint-staged](https://github.com/okonet/lint-staged)) or CI.\n\nHere's an example using lint-staged:\n\n```js\n// package.json\n\n{\n  ...\n  \"scripts\": {\n    \"precommit\": \"lint-staged\"\n  },\n  \"lint-staged\": {\n    \"*.js\": [\n      \"esplint --stage-record-file\"\n    ]\n  },\n  ...\n}\n```\n\nSee a full example [here](example).\n\n## Command line\n\n```\n$ ./node_modules/.bin/esplint --help\n\nesplint [files..]\n\nRun check and update record\n\nCommands:\n  esplint [files..]                  Run check and update record      [default]\n  esplint stats                      Print stats about eslint violations\n  esplint suppress \u003crule\u003e [files..]  Disable eslint on specific lines to\n                                      suppress a rule\n\nPositionals:\n  files  Paths to files or directories to run esplint on           [default: []]\n\nOptions:\n  --version    Show version number                                     [boolean]\n  --help       Show help                                               [boolean]\n  --overwrite  Ignore existing record file            [boolean] [default: false]\n  --no-write   Don't update record file               [boolean] [default: false]\n  --stage-record-file  Git add record file. Helpful when running esplint on a\n                       pre-commit hook.               [boolean] [default: false]\n```\n\n### `esplint`\n\nRun check and update record.\n\nThe options are:\n\n- `--overwrite` — Ignore existing record file. Useful to bypass the esplint check and force an increase in the number of warnings.\n- `--no-write` — Only perform warning count check and don't update the record file if the warning count goes down.\n- `--stage-record-file` — After esplint succeeds, this will git add the record file. This is helpful when running esplint on a pre-commit hook.\n\n### `esplint stats`\n\nPrint stats about eslint violations.\n\n### `esplint suppress`\n\nWill suppress all existing violations of a eslint rule. It does this by inserting `disable-eslint-next-line` comments into your code.\n\n\u003e NOTE: `esplint suppress` doesn't work very well with JSX because comments in JSX are very [finicky](https://github.com/eslint/eslint/issues/7030). If you have an idea, let me know and open an issue.\n\n## Configuration\n\n```js\n// .esplintrc.js\n\nmodule.exports = {\n  surfaceArea: [ ... ],\n  eslint: { ... },\n  rules: [ ... ],\n  write: true,\n};\n```\n\nThe options are:\n\n- `surfaceArea` — An array of files and/or directories to track. Use `[ \".\" ]` to track all Javascript files in the current directory. These files and directories are used if no files or directories are specified from the CLI\n- `eslint` — ESLint class [options](https://eslint.org/docs/developer-guide/nodejs-api#-new-eslintoptions).\n- `rules` — An array of eslint rule names to track.\n- `write` — Corresponds to the negation of the `--no-write` CLI option. See [Command line options](#command-line-options).\n\n## Git Conflicts\n\nGit conflicts can sometimes occur in the record file. If that happens, running `esplint` should fix most cases.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhjylewis%2Fesplint","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhjylewis%2Fesplint","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhjylewis%2Fesplint/lists"}