Roadmap
Upcoming features and development priorities
Development Roadmap
This roadmap outlines the planned features and priorities for the ESLint Interlace ecosystem.
Community Driven
Feature priorities are influenced by community feedback. Open a GitHub issue or discussion to suggest features or vote on existing proposals.
Q1 2026: AI-Native Expansion
Focus on enhancing AI agent integration and structured metadata.
🤖 Enhanced LLM Metadata
Richer fix patterns and multi-step remediation guides for AI agents.
📊 SARIF 2.1 Output
Native SARIF format for GitHub Security tab integration.
⚡ Performance Mode
Lazy rule loading for 50% faster startup in large projects.
Planned Rules
| Plugin | Rule | Status |
|---|---|---|
browser-security | no-postmessage-wildcard | In Development |
secure-coding | no-prototype-pollution | Planning |
vercel-ai-security | no-tool-result-injection | Released ✓ |
Q2 2026: Ecosystem Expansion
New plugins and framework-specific security rules.
🔐 AWS SDK Security
IAM permission validation, S3 bucket policy checks.
🌐 GraphQL Security
Query depth limiting, introspection controls.
💾 Redis Security
Command injection, ACL validation.
New Plugins Planned
| Plugin | Target | Description |
|---|---|---|
eslint-plugin-aws-security | Q2 2026 | AWS SDK security patterns |
eslint-plugin-graphql-security | Q2 2026 | GraphQL query security |
eslint-plugin-redis-security | Q2 2026 | Redis command safety |
Q3 2026: Enterprise Features
Focus on compliance, reporting, and team workflows.
Compliance Mappings
- SOC 2 Type II: Rule mapping to SOC 2 controls
- PCI-DSS: Payment card data security rules
- HIPAA: Healthcare data protection patterns
Enterprise Integration
| Feature | Description |
|---|---|
| Dashboard API | Aggregate security metrics across repos |
| Policy Engine | Enforce org-wide rule configurations |
| Audit Logging | Track rule suppressions and overrides |
Q4 2026: Intelligence Layer
Machine learning-powered security insights.
🧠 Smart Detection
ML-based pattern detection for zero-day vulnerability classes.
📈 Risk Trending
Track security posture over time across the codebase.
🔮 Predictive Fixes
AI-suggested fixes based on codebase patterns.
Recently Completed
✅ Q4 2025
- ESLint 9.x flat config support
- Vercel AI SDK security plugin
- MongoDB injection detection
- 100x faster cycle detection (import-next)
✅ Q3 2025
- PostgreSQL COPY FROM detection
- JWT algorithm confusion rules
- CVSS scoring on all security rules
- React Server Components support
How to Contribute
We welcome community contributions! See the Contributing Guide for:
- Rule development workflow
- Testing requirements
- Documentation standards
- PR checklist
Request a Feature
Feature Requests
Have an idea for a new rule or plugin? Open a GitHub Discussion to propose it.