Skip to main content
Enterprise-Grade Security for JavaScript

Secure your code,
your style.

ESLint Interlace is a comprehensive security & quality plugin ecosystem. Built for modern JavaScript, designed for teams who care about code integrity.

Get Started
GitHub

Runs under

  • ESLintfloor
  • Oxlintautomated peer
  • Biomereserved peer
  • TSC native (Go)watching

Pick the engine your team picks β€” your rules come along, with CI-enforced diagnostic parity. How it works β†’

18
Plugins
355+
Rules
11
Security
7
Quality

See it in action

Clean configuration, powerful protection. Works with ESLint 8 and 9, flat config or legacy.

Install
npm install -D eslint-plugin-browser-security eslint-plugin-jwt
pnpm add -D eslint-plugin-browser-security eslint-plugin-jwt
yarn add --dev eslint-plugin-browser-security eslint-plugin-jwt
bun add -d eslint-plugin-browser-security eslint-plugin-jwt
Configure
eslint.config.js
import browserSecurity from 'eslint-plugin-browser-security';
import jwt from 'eslint-plugin-jwt';

export default [
  browserSecurity.configs.recommended,
  jwt.configs.recommended,
  // Start protecting your code instantly
];

What it catches

Real vulnerabilities in real code. Every rule maps to a CWE so AI agents and humans can act on the same signal.

CWE-89caught bypg/no-unsafe-query

SQL injection

db.query(
  `SELECT * FROM users WHERE id = ${id}`,
)
Read the rule
CWE-347caught byjwt/no-algorithm-none

JWT algorithm confusion

jwt.verify(token, secret, {
  algorithms: ['none'],
})
Read the rule
CWE-79caught bybrowser-security/no-innerhtml

XSS via innerHTML

el.innerHTML = userInput;
Read the rule
See full CWE coverage matrix
Featured in DEV Community Top 7

Trusted by developers

Security insights from teams shipping production JavaScript.

Two Pillars of Excellence

Comprehensive coverage organized into Security and Quality categories.

Security

11 plugins protecting against XSS, injection, insecure tokens, and common vulnerability patterns.

BrowserJWTExpressNode.jsMongoDB
Explore Security

Quality & Architecture

7 plugins enforcing conventions, modularity, reliability, and modern best practices.

ConventionsModularityReliabilityModernization
Explore Quality

How it works

Three short reads that explain the model. Skim before you install β€” or come back when a rule surprises you.

Philosophy

Why an ecosystem of specialized plugins beats a single monolith.

AST Fundamentals

How ESLint reads your code β€” and why understanding the tree unlocks every rule.

Detect β†’ Understand β†’ Fix

The three-step workflow that defines the Interlace experience, for humans and agents.

Our edges

The four places where Interlace pulls ahead of the rest of the JavaScript linting ecosystem.

Compatibility

ESLint 8, 9, and forward to v10. Flat config and legacy. Type-aware where it matters, type-unaware where it doesn't β€” fast by default.

Runtime Portability

One rule library, multiple engines. Runs under ESLint and Oxlint today with CI-enforced parity. Biome and the TSC native plugin host (Go) on the roadmap β€” switch engines without rewriting rules.

Benchmarks

355+ rules across 18+ plugins, with head-to-head data refreshed weekly from real npm download share.

AI Leverage

LLM-optimized error messages, structured CWE metadata, and ESLint MCP support so coding agents fix vulnerabilities without hallucinating.

Ready to Level Up?

Start with one plugin, then expand your coverage. Each plugin works independently or together as a complete security & quality suite.

Not ready yet? Explore

Compare alternativesCWE coverage matrix