Linting is good. It reduces time spent finding bugs, reviewing pull requests, and enforcing conventions. It sets a better focus for maintainers than fighting about styles. And in its essence, it enforces best-practices.

Yet, linting is not always good. It becomes dangerous with the “linting trap”. Linting trap happens when linting tools enforce insecure code or code that’s hard to change. The trap is not necessarily set-up by the tools themselves as default, but by those who configure them.

This article gives you guidance for escaping linting traps in ESLint. This way, it protects your software from maintainability and security challenges. It does not discuss different subjective and aesthetic preferences. It considers two aspects as more prioritized than others:

  1. Smaller security vulnerability surface.
  2. Easier future changes.

ESLint is a linter released in 2013. It lints mainly JavaScript but it’s extensible to lint more (such as TypeScript , JSX or even YAML ) with plugin support. Being a damn good linter made it the most popular tool in a short amount of time with 12 million downloads a week . It’s used and recommended by Microsoft , Facebook and a lot of open-source projects. It does not lint before you choose your rules. Users often start with existing collections (baselines), and by trusting that there will be no traps.

Some style guides configure bad rules, and unknowingly force you into a linting trap. All traps stated here are enforced by Airbnb  style guide. Dangerously, it’s the most popular rule collection, typically configured as default by development tools like React and Vue CLI. Its traps introduce maintainability and security risks to millions of projects weekly . Other risky guides include standard , eslint-config-alloy , Facebook ( create-react-app , facebook/fbjs ), Canonical , Spotify , Wikimedia  and XO  among others. This guide highlights those traps, maps them to popular rule collections, and gives you justification to disable bad ESLint rules.

💡 I have released an open-source project, eslint-config-disable-bad-rules  that you can use to automatically turn off what you read here.