DevTools Feed

A table showing the performance metrics of various ESLint security plugins, highlighting True Positives (TP) and False Positives (FP).

Security Linters Fail: The False Positive Tax

The promise of automated security checks is under fire. New analysis reveals that popular linters are failing, not just by missing threats, but by overwhelming developers with false alarms.

6 min read 2 hours ago

Nicholas Zakas on Changelog podcast critiquing npm security flaws

DevOps & Platform Eng

ESLint Creator Nicholas Zakas: GitHub's npm Fixes Are Mere Table Stakes

Nicholas Zakas, ESLint's creator, isn't mincing words: GitHub's npm security moves are 'table stakes,' not solutions. One big attack could shatter JavaScript's package empire.

4 min read 1 month, 3 weeks ago

#eslint

Security Linters Fail: The False Positive Tax

ESLint Creator Nicholas Zakas: GitHub's npm Fixes Are Mere Table Stakes