Overview
ESLint rules for operational excellence and deployment readiness
Live from GitHub
This content is fetched directly from README.md on GitHub and cached for 1 hour.
Production Ready
Ensure your code is ready for production with operability best practices.
Operability rules — observability hooks, structured logging, and runtime resilience.
⭐ If this plugin caught a real bug for you, star the repo — it's the signal that keeps these rules maintained.
Description
This plugin provides Operability rules — observability hooks, structured logging, and runtime resilience.
Philosophy
Interlace fosters strength through integration. Instead of stacking isolated rules, we interlace security directly into your workflow to create a resilient fabric of code. We believe tools should guide rather than gatekeep, providing educational feedback that strengthens the developer with every interaction.
Getting Started
- To check out the guide, visit eslint.interlace.tools. 📚
- 要查看中文 指南, 请访问 eslint.interlace.tools. 📚
- 가이드 문서는 eslint.interlace.tools에서 확인하실 수 있습니다. 📚
- ガイドは eslint.interlace.toolsでご確認ください。 📚
- Para ver la guía, visita eslint.interlace.tools. 📚
- للاطلاع على الدليل، قم بزيارة eslint.interlace.tools. 📚
npm install eslint-plugin-operability --save-dev⚙️ Configuration Presets
| Preset | Description |
|---|---|
recommended | Balanced operability checks for production code |
🏢 Usage Example
// eslint.config.js
import operability from 'eslint-plugin-operability';
export default [
operability.configs.recommended,
// Be extra strict in production code
{
files: ['src/**/*.ts'],
ignores: ['**/*.test.ts', '**/*.spec.ts'],
rules: {
'operability/no-console-log': 'error',
},
},
];Why These Rules?
no-console-log
console.log statements are for debugging and shouldn't ship to production.
// ❌ Bad: Debug logging in production
function processPayment(card: Card) {
console.log('Processing payment:', card); // Exposes sensitive data!
return paymentService.charge(card);
}
// ✅ Good: Use proper logging
function processPayment(card: Card) {
logger.info('Processing payment', { cardLast4: card.last4 });
return paymentService.charge(card);
}no-debug-code-in-production
Catches debugger statements and debug-only code paths.
// ❌ Bad: Debugger statement left in code
function calculateTotal(items: Item[]) {
debugger; // Will pause execution in production!
return items.reduce((sum, item) => sum + item.price, 0);
}
// ✅ Good: No debug statements
function calculateTotal(items: Item[]) {
return items.reduce((sum, item) => sum + item.price, 0);
}no-verbose-error-messages
Prevents detailed error messages that could expose system internals.
// ❌ Bad: Verbose error exposes internals (CWE-209)
throw new Error(
`Database connection failed at ${host}:${port} with user ${dbUser}`,
);
// ✅ Good: Generic error with internal logging
logger.error('Database connection failed', { host, port, user: dbUser });
throw new Error('Service temporarily unavailable');📦 Compatibility
| Package | Version |
|---|---|
| ESLint | ^8.0.0 || ^9.0.0 || ^10.0.0 |
| Node.js | >=18.0.0 |
See the ESLint Version Support Policy — current ecosystem share data, the 20% gate, and the forward-looking exception that covers v10.
Rules
Legend
| Icon | Description |
|---|---|
| 💼 | Recommended: Included in the recommended preset. |
| ⚠️ | Warns: Set to warn in recommended preset. |
| 🔧 | Auto-fixable: Automatically fixable by the --fix CLI option. |
| 💡 | Suggestions: Providing code suggestions in IDE. |
| 🚫 | Deprecated: This rule is deprecated. |
| 🟢 | Type-unaware: AST-only, runs in oxlint JS-plugin tier. |
| 🟡 | Type-aware (refining): pure-AST primary path; types refine precision. |
| 🟠 | Type-aware (graceful): requires TS program; silent without it. |
| Rule | CWE | OWASP | CVSS | Description | 🧠 | 💼 | ⚠️ | 🔧 | 💡 | 🚫 |
|---|---|---|---|---|---|---|---|---|---|---|
| no-console-log | CWE-532 | Disallow console.log with configurable remediation strategies and LLM-optimized output. This rule is part o… | 🟢 | ⚠️ | 💡 | |||||
| no-debug-code-in-production | CWE-489 | Detects debug code that should not be present in production builds. | 🟢 | 💼 | 💡 | |||||
| no-process-exit | Prevents direct process.exit() calls to encourage graceful shutdown patterns. This rule is part of eslint-p… | 🟢 | 💡 | |||||||
| no-verbose-error-messages | CWE-209 | A01:2021 | Prevent exposing stack traces to users in API responses | 🟢 | ⚠️ | |||||
| require-code-minification | CWE-656 | Require minification configuration in build tools | 🟢 | |||||||
| require-data-minimization | CWE-213 | Identifies excessive data collection patterns that violate privacy principles | 🟢 | 💡 |
🔗 Related ESLint Plugins
Part of the Interlace ESLint Ecosystem — AI-native security plugins with LLM-optimized error messages:
| Plugin | Downloads | Description |
|---|---|---|
eslint-plugin-secure-coding |  | General security rules & OWASP guidelines. |
eslint-plugin-pg |  | PostgreSQL security & best practices. |
eslint-plugin-node-security |  | Node.js core-module security (fs, child_process, vm, crypto, Buffer). |
eslint-plugin-jwt |  | JWT security & best practices. |
eslint-plugin-browser-security |  | Browser-specific security & XSS prevention. |
eslint-plugin-express-security |  | Express.js security hardening rules. |
eslint-plugin-lambda-security |  | AWS Lambda security best practices. |
eslint-plugin-nestjs-security |  | NestJS security rules & patterns. |
eslint-plugin-mongodb-security |  | MongoDB security best practices. |
eslint-plugin-vercel-ai-security |  | Vercel AI SDK security hardening. |
eslint-plugin-import-next |  | Next-gen import sorting & architecture. |
⭐ Support & follow
If this plugin caught a real bug for you, star the repo — stars are the signal that keeps the Interlace ESLint ecosystem maintained — and follow the writeups on Dev.to for the benchmarks and security research behind these rules.
📄 License
MIT © Ofri Peretz
View README.md on GitHub →