Files
ESLint will run on files with the following extensions:.js.ts.cjs.mjs.d.cts.d.mts.jsx.tsx.css.vue.svelte.astro.graphql.gql
Configuration
- ESLint configuration is read from the repository and is used as is. No additional configuration is required.
- Please ensure that all ESLint dependencies are defined in your
package.jsonfile(s). - Yarn and PNPM workspaces are supported.
- Private ESLint plugins or configurations are not supported at the moment. Please reach out to us on Discord if you would like us to add support for this.
- For
@typescript-eslint, linting with type information at the moment. The type checking rules are disabled. - For
eslint-plugin-import, the following rules are disabled:import/no-unresolved
- For the
eslint-plugin-n, the following rules are disabled:n/no-missing-importn/no-missing-require
- For the
eslint-plugin-node, the following rules are disabled:node/no-missing-importnode/no-missing-require
What CodeRabbit runs
ESLint runs in a sandbox. We scan ESLint config files before anynpm/yarn/pnpm installs. Only a curated allow-list of plugins is permitted.
Security policy and restrictions
- We extract referenced plugins from configs (the
pluginsarray,extends: "plugin:...",eslint-plugin-...mentions). - If any plugin outside our allow-list is referenced, we skip ESLint for the run.
- We do not install or execute arbitrary third-party plugins from the repository.
- The following plugins are currently allowed:
@typescript-eslinteslint-commentsimportjestjsx-a11ynnodepromisereactreact-hookssecuritysonarjsunicornprettiervitesttesting-libraryturbohydrogentailwindcsssveltenuxt
When we skip ESLint
CodeRabbit will skip running ESLint when:- The config references a plugin not in the allow-list.
- The config can’t be parsed or is otherwise unsafe.