ESLint
The dominant JavaScript/TypeScript static analysis and linting tool. ESLint identifies code issues — potential bugs, style violations, deprecated patterns, security anti-patterns — using configurable rules and a rich plugin ecosystem. Most rules are auto-fixable. Supports TypeScript via @typescript-eslint, React via eslint-plugin-react, and hundreds of community plugins for frameworks and security.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
Local analysis tool. Security plugins (eslint-plugin-security, eslint-plugin-no-secrets) add security-focused rules. ESLint itself has no external calls or data exfiltration risk.
⚡ Reliability
Best When
Any JavaScript or TypeScript project needing code quality enforcement, consistent coding standards, and security anti-pattern detection.
Avoid When
You've switched to Biome (which replaces ESLint + Prettier with faster Rust implementation) — don't run both unless migrating.
Use Cases
- • Enforce code quality standards across agent codebases — catch undefined variables, unused imports, and potential runtime errors before CI
- • Configure TypeScript type-aware linting rules via @typescript-eslint for type-safety enforcement beyond TypeScript's own compiler checks
- • Add security-focused ESLint rules (eslint-plugin-security, no-eval, no-unsafe-regex) to agent code review pipelines
- • Auto-fix formatting and style issues in CI pipelines using eslint --fix to maintain consistent code style across agent repositories
- • Create custom ESLint rules for project-specific patterns — enforce agent API usage conventions, warn on forbidden dependencies
Not For
- • Code formatting — use Prettier alongside ESLint (not instead of); ESLint handles code quality, Prettier handles formatting
- • TypeScript type checking — ESLint doesn't replace tsc; run both eslint and tsc --noEmit for complete coverage
- • Python, Rust, or other non-JavaScript languages — ESLint is JS/TS only; use language-specific linters
Interface
Authentication
No authentication — local development tool.
Pricing
ESLint is open source and free.
Agent Metadata
Known Gotchas
- ⚠ ESLint 9.x uses a new flat config format (eslint.config.js) that replaces .eslintrc — existing .eslintrc configs must be migrated; the two systems are not compatible simultaneously
- ⚠ @typescript-eslint type-aware rules require parserOptions.project pointing to tsconfig.json — without this, type-aware rules throw 'must be included in at least one of the projects'
- ⚠ Type-aware linting is 10-100x slower than syntax-only linting — separate fast (no type-check) and slow (type-aware) lint scripts for pre-commit vs CI
- ⚠ ESLint plugin version compatibility with ESLint core — @typescript-eslint/eslint-plugin@8.x requires eslint@9; check plugin peer dependency compatibility before upgrading
- ⚠ eslint --fix modifies files in place — run in CI with --fix-dry-run or --fix combined with git diff check to fail on unfixed issues without file modification
- ⚠ Parser errors from JSX/TSX files require @typescript-eslint/parser — without it, ESLint fails to parse JSX syntax even with jsx: 'react' in tsconfig
Alternatives
Full Evaluation Report
Detailed scoring breakdown, competitive positioning, security analysis, and improvement recommendations for ESLint.
Scores are editorial opinions as of 2026-03-06.