mattcollier
commented
4 years ago This particular project looks to be unmaintained as there has not been a release in 3+ years. Coupled with the warning about false positives, I think we should stay away from this one.
This project will help identify potential security hotspots, but finds a lot of false positives which need triage by a human.I think a well maintained plugin along these lines would be valuable however so I'll leave this open for a while longer.
https://www.npmjs.com/package/eslint-plugin-security
This adds linting rules that catch well know potential security issues in javascript.