I Benchmarked 17 ESLint Security Plugins. Only One Found Every Vulnerability.

May 25, 2026 · 2:27 PM UTC ·9 min read · 0 reactions · 0 comments · 12 views

#security #eslint #javascript #benchmark

I Benchmarked 17 ESLint Security Plugins. Only One Found Every Vulnerability.

⚡ TL;DR · AI summary

A recent benchmark of 17 ESLint security plugins revealed that only one plugin successfully detected all vulnerabilities. The majority of the plugins identified less than 50% of the tested patterns, raising concerns about their effectiveness. This highlights a significant detection gap in tools that many Node.js teams rely on for security.

Key facts

▪The benchmark included 40 vulnerable code patterns across 14 CWE categories.
▪Only the Interlace Ecosystem plugin achieved a perfect detection score of 100%.
▪The widely used eslint-plugin-security detected zero vulnerabilities on modern ESLint versions.

Original article

DEV.to (Top)

Read full at DEV.to (Top) →

Opening excerpt (first ~120 words) tap to expand

try { if(localStorage) { let currentUser = localStorage.getItem('current_user'); if (currentUser) { currentUser = JSON.parse(currentUser); if (currentUser.id === 3669992) { document.getElementById('article-show-container').classList.add('current-user-is-article-author'); } } } } catch (e) { console.error(e); } Ofri Peretz Posted on May 25 • Originally published at ofriperetz.dev I Benchmarked 17 ESLint Security Plugins. Only One Found Every Vulnerability. #security #eslint #javascript #benchmark Skip to: Full Results | Category Breakdown | The Leaderboard | Methodology TL;DR I built a benchmark suite with 40 vulnerable code patterns across 14 CWE categories and 38 verified-safe patterns.

…

Excerpt limited to ~120 words for fair-use compliance. The full article is at DEV.to (Top).

Anonymous · no account needed

Discussion

0 comments

I Benchmarked 17 ESLint Security Plugins. Only One Found Every Vulnerability.

Discussion

More from DEV.to (Top)