Security News
New React Server Components Vulnerabilities: DoS and Source Code Exposure
New DoS and source code exposure bugs in React Server Components and Next.js: whatβs affected and how to update safely.
By Sarah GoodingΒ - Β Dec 12, 2025
π¨ Shai-Hulud Strikes Again:834 Packages Compromised.Technical Analysis β
@eslint-react/eslint-plugin
Advanced tools
@eslint-react/eslint-plugin
A unified plugin that combines all individual plugins from the eslint-react monorepo into one.
ESLint React
4-7x faster composable ESLint rules for React and friends.
Table of Contents
- Table of Contents
- Features
- Public Packages
- Installation
- Presets
- General Purpose
- TypeScript Specialized
- Rules
- Benchmark
- FAQ
- Roadmap
- Disclaimer
- Contributing
- License
Features
- Modern: First-class support for TypeScript, React 19, and more.
- Flexible: Fully customizable rule severity levels, allowing you to enforce or relax rules as needed.
- Performant: Built with performance in mind, optimized for large codebases, 4-7x faster than other ESLint plugins.
- Context-aware Linting: Rules that understand the context of your code and project configuration to provide more accurate linting.
Public Packages
Unified ESLint Plugin
@eslint-react/eslint-plugin- A unified plugin that combines all individual plugins into one.
Modular ESLint Plugins
eslint-plugin-react-x- X Rules (renderer-agnostic, compatible with x-platform).eslint-plugin-react-dom- DOM specific rules for React DOM.eslint-plugin-react-web-api- Rules for interacting with Web APIs.eslint-plugin-react-hooks-extra- Extra React Hooks rules.eslint-plugin-react-naming-convention- Naming convention rules.
[!NOTE]
Don't know which one to use? See our FAQ for guidance.
Installation
[!NOTE]
ESLint React requires the following minimum versions:
- Node.js: 20.19.0
- ESLint: 9.36.0
- TypeScript: 5.0.0
Install
npm install --save-dev typescript-eslint @eslint-react/eslint-plugin
Setup
// eslint.config.js
import eslintReact from "@eslint-react/eslint-plugin";
import eslintJs from "@eslint/js";
import { defineConfig } from "eslint/config";
import tseslint from "typescript-eslint";
export default defineConfig(
{
files: ["**/*.ts", "**/*.tsx"],
// Extend recommended rule sets from:
// 1. ESLint JS's recommended rules
// 2. TypeScript ESLint recommended rules
// 3. ESLint React's recommended-typescript rules
extends: [
eslintJs.configs.recommended,
tseslint.configs.recommended,
eslintReact.configs["recommended-typescript"],
],
// Configure language/parsing options
languageOptions: {
// Use TypeScript ESLint parser for TypeScript files
parser: tseslint.parser,
parserOptions: {
// Enable project service for better TypeScript integration
projectService: true,
tsconfigRootDir: import.meta.dirname,
},
},
// Custom rule overrides (modify rule levels or disable rules)
rules: {
"@eslint-react/no-missing-key": "warn",
},
},
);
Presets
Bare Bones
x
Enable rules for"react".dom
Enable rules for"react-dom".web-api
Enable rules for interacting with Web APIs.
General Purpose
-
recommended
Enforce rules that are recommended by ESLint React for general purpose React + React DOM projects.
This preset includes thex,dom, andweb-apipresets. -
strict
Same as therecommendedpreset but enables additional strict rules.
TypeScript Specialized
-
recommended-typescript
Same as therecommendedpreset but disables rules that can be enforced by TypeScript. -
recommended-type-checked
Same as therecommended-typescriptpreset but enables additional rules that require type information. -
strict-typescript
Same as thestrictpreset but disables rules that can be enforced by TypeScript. -
strict-type-checked
Same as thestrict-typescriptpreset but enables additional rules that require type information.
Other
disable-dom
Disable rules in thedompreset.disable-web-api
Disable rules in theweb-apipreset.disable-type-checked
Disable rules that require type information.disable-conflict-eslint-plugin-react
Disable rules ineslint-plugin-reactthat conflict with rules in our plugins.off
Disable all rules in this plugin except for debug rules.
Rules
Benchmark
FAQ
Frequently Asked Questions β
Roadmap
Disclaimer
This project is not affiliated with Meta Corporation or facebook/react project or team, nor is it endorsed or sponsored by them.
This project is and will continue to maintain that 90% of the code is written by humans.
Contributing
Contributions are welcome!
Please follow our contributing guidelines.
License
This project is licensed under the MIT License - see the LICENSE file for details.
FAQs
A unified plugin that combines all individual plugins from the eslint-react monorepo into one.
The npm package @eslint-react/eslint-plugin receives a total of 351,082 weekly downloads. As such, @eslint-react/eslint-plugin popularity was classified as popular.
We found that @eslint-react/eslint-plugin demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago.Β It has 1 open source maintainer collaborating on the project.
Package last updated on 21 Nov 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Software Engineering Daily Podcast: Feross on AI, Open Source, and Supply Chain Risk
Socket CEO Feross Aboukhadijeh joins Software Engineering Daily to discuss modern software supply chain attacks and rising AI-driven security risks.
By Sarah GoodingΒ - Β Dec 11, 2025
Security News
npm Revokes Classic Tokens, as OpenJS Warns Maintainers About OIDC Gaps
GitHub has revoked npm classic tokens for publishing; maintainers must migrate, but OpenJS warns OIDC trusted publishing still has risky gaps for critical projects.
By Sarah GoodingΒ - Β Dec 10, 2025