ESLint plugin to detect vulnerable javascript packages & methods



PrivJs Safe - ESLint plugin

This is an ESLint plugin to detect vulnerable imports/packages. This is developed by the team at PrivJs Safe.

Use PrivJs Safe to secure your organization from malicious open-source packages.


Run the following command to install this plugin:

npm config set @privjs:registry https://r.privjs.com
npm install @privjs/eslint-plugin-safe


Add the following to .eslintrc

plugins: ['@privjs/safe'],
rules: {
  '@privjs/safe/vulnerabilities-scan': [2],

How it works

PrivJs Safe database is parsed to identify relevant vulnerabilities. This database is compiled into a json file - which acts as the source of truth for this plugin. The JSON file needs to be updated regularly as new vulnerabilities are found. Hence, this package frequent updates.


  • Detect vulnerable packages in ES6 imports
  • Detect vulnerable functions in ES6 imports
  • Detect vulnerable packages when imported as Default in ES6 imports
  • Detect vulnerabilities while using require syntax
  • Detect vulnerable functions while using require syntax


Commercial license

If you want to use this plugin @privjs/eslint-plugin-safe to develop commercial projects, applications or to use it in an organization, the Commercial license is required. With this license, your source code can be kept proprietary. Read more about the commercial license

Open source license

If you are creating an open source application under a license compatible with the GNU GPL license v3, you may use this project under the terms of the GPLv3.


If you have any questions, suggestions, feedback, please reach out to contact@privjs.com.

Monetize your
open-source work

Supercharge your OSS projects by selling npm packages. Get started in just 5 minutes.