IntroducingPrivJs Safe ESLint plugin

We created an ESLint plugin @privjs/eslint-plugin-safe to warn developers while importing vulnerable dependencies. This plugin integrates seamlessly with any existing development workflows using eslint and can be configured to either throw errors or warnings based on the usage.

How it works

The ESLint plugin @privjs/eslint-plugin-safe contains a database of vulnerable Javascript packages which is used to identify vulnerable imports in your codebase.

  • Default imports catch all the vulnerabilities.
  • Named imports will be caught if the imported method is vulnerable*.
  • This plugin also catches vulnerable imports while using `require()` statements.

The plugin is actively maintained in order to keep up fixes and new vulnerabilities and to refine previously-known bugs.


This plugin @privjs/eslint-plugin-safe is free to use for the development of open-source projects. However, if you intend to use this plugin in an organization or for business purposes, a commercial license is required for the same. This helps us to support active development of the plugin. If you have an active subscription to PrivJs Safe - then purchasing a license separately is not required.

Pricing & Purchase

You can purchase the plugin on our javascript marketplace: The pricing for commercial license starts at $10 per team member (or developer). If you are purchasing for a team containing of 10 or more developers, the price is reduced to $9 per developer. If you are purchasing for a team containing 50 or more developers, the price is reduced to $8 per developer. If you are purchasing for a team containing more than 100 developers, the price is reduced to $7 per developer.


After purchasing a license from PrivJs Marketplace, you can continue to install the package either from our public npm registry or from PrivJs Registry. The purchase provides you with the license to use the ESLint plugin for building proprietary software.

To Install the plugin run the following command in your terminal:

$ npm install @privjs/eslint-plugin-safe

Terms of use

Team member / developer

Commercial license is priced per team member. A team member or developer is an individual person permitted to make modifications for your applications that uses @privjs/eslint-plugin-safe, whether such person is your employee or a consultant or contractor providing services to you.

Free updates

You are entitled to receive all updates up to the major version of@privjs/eslint-plugin-safe as well as later versions as long as the subscription is active.


@privjs/eslint-plugin-safe cannot be used in a product offered for sale or for free, where @privjs/eslint-plugin-safe contributes to the core value of the product being sold.

@privjs/eslint-plugin-safe may not be used for re-selling, sub-licensing, or sharing purposes, and cannot otherwise be redistributed on its own (even for free).

No exclusivity

The commercial License is not exclusive and other buyers may purchase @privjs/eslint-plugin-safe.


We offer email & in-chat support service. For email support, contact us at You can also use the live-chat available on our website.