That's very cool - using a linter as a standardization system removes a lot of the guesswork out of submitting! But it's an unenviable challenge to guard against bad actors here - there's now an open-source oracle that an attacker could use to see if their technique would sneak by the review process, and they can have a coding agent iterate until successful.
replyI might encourage adding things like https://ofriperetz.dev/articles/eslint-plugin-security-is-un... or https://github.com/mozilla/eslint-plugin-no-unsanitized as things that flag for further review - and likely adding even more that you might not publicize as part of the eslint-plugin repository, so there's a more obscure level of protection that might catch a would-be attacker!
The system consists of a few different parts, the linter is only one part and is responsible for surfacing issues to the dev during development.
replyWe have additional checks that also check the release assets to catch issues in dependencies etc, that part is not public.
Longtime (early adopter) Obsidian user here. Thank you for such an amazing tool. And congrats on the launch!
replyCurious if you considered oxlint^1? (It's a a faster, simpler, near drop-in replacement for eslint.)
It's the first I am hearing about it, but I'll take a look!
reply