DEP-005 recommended language-tooling

Linting rules follow best practices

ESLint extends recommended configs, critical rules not disabled

Question to ask

"How many eslint-disable comments are hiding real problems?"

Verification guide

Severity: Recommended

Check automatically:

Find ESLint config:

ls -la .eslintrc* eslint.config.* 2>/dev/null

Check for recommended/standard base configs:

# Look for extends with recommended configs
cat .eslintrc.json 2>/dev/null | jq '.extends' 2>/dev/null
cat .eslintrc.js 2>/dev/null | grep -A5 "extends"
cat eslint.config.js 2>/dev/null | grep -E "(recommended|standard|airbnb)"

Check for overly permissive rule overrides:

# Rules set to "off" or 0
cat .eslintrc.json 2>/dev/null | jq '.rules | to_entries[] | select(.value == "off" or .value == 0)' 2>/dev/null
grep -E '"(off|0)"' .eslintrc* 2>/dev/null

Check for critical rules disabled:

# Security and quality rules that shouldn't be off
grep -E "(no-eval|no-implied-eval|no-new-func|no-unused-vars|no-undef|eqeqeq|no-var)" .eslintrc* eslint.config.* 2>/dev/null | grep -E "(off|0)"

For TypeScript projects, check TS-specific rules:

cat .eslintrc.json 2>/dev/null | jq '.extends[]' 2>/dev/null | grep -i typescript
grep -E "@typescript-eslint" .eslintrc* eslint.config.* 2>/dev/null

Cross-reference with:

GIT-010 (Linting configured): That checks linting exists; this checks it's configured well

Pass criteria:

Extends a recommended base config (eslint:recommended, airbnb, standard, etc.)
TypeScript projects use @typescript-eslint
No critical security rules disabled
Rule overrides are minimal and justified

Fail criteria:

No base config extended (rules from scratch)
Critical rules disabled: no-eval, no-unused-vars, no-undef, eqeqeq
TypeScript project without @typescript-eslint rules
Excessive rules turned off (10+ rules disabled)

If many rules disabled, ask user: "Found [X] ESLint rules disabled. Are these intentional? Disabling [list critical ones] may hide bugs or security issues."

Evidence to capture:

Base config(s) extended
List of disabled rules
Whether TypeScript-specific rules are configured
Any critical rules that are off

Section

02. Dependencies & Code Quality

Infrastructure & Setup