The False Positive Tax: a 1:1 TP:FP analysis of eslint-plugin-security

Skip to: Results Table | eslint-plugin-security | SonarJS | Microsoft SDL | Interlace | Methodology This is the false-positive deep dive companion to I Benchmarked 17 ESLint Security Plugins . That overview ranks plugins by recall; this one drills into the FP code samples that drive alert fatigue. TL;DR I built a comprehensive benchmark with 40 vulnerable code patterns across 14 security categories and 38 safe patterns that should NOT trigger warnings. Then I ran six ESLint security plugins agai