1. How often are security issues found that are already fixed compared to security issues that are still in the latest version and require an even newer version to fix?
2. What are the security issues that can be found in a local tool which has as its only input your own code and it's output is only printed in tooltips for human review? Even if you had a way for specially formed code to run other code in eslint, it's a bit like saying bash has an RCE because you can type a command into it.
2. What are the security issues that can be found in a local tool which has as its only input your own code and it's output is only printed in tooltips for human review? Even if you had a way for specially formed code to run other code in eslint, it's a bit like saying bash has an RCE because you can type a command into it.