ofri peretzEngineering Leader & Open Source Creator
Ofri Peretz
Building Products That Matter. Architect of the Interlace ESLint Ecosystem — 332+ security rules across 18 specialized plugins, designed for the AI/Agentic era.
Impact
The numbers behind the work
Cumulative totals across code, writing, and community engagement. Source-of-truth: Supabase v_* views, written by a daily ingest cron and cached for ~12 hours.
- npm downloads
- 0
- Packages published
- 0
- GitHub stars
- 0
- Contributions
- 0
- Articles published
- 0
- Article views
- 0
- Reactions
- 0
- Comments
- 0
Aggregate display values: npm downloads: 105.1K, Packages published: 20, GitHub stars: 10, Contributions: 0, Articles published: 47, Article views: 5.0K, Reactions: 34, Comments: 22
About
Building products that matter
Engineering Leader with a decade of experience shipping production JavaScript at scale. Currently focused on AI-native developer tools — building static analysis that empowers both humans and AI coding assistants to catch security issues before they ship.
Architect of the Interlace ESLint Ecosystem — 18 specialized plugins, 332+ rules, covering OWASP Top 10, LLM Security, and database hardening. Built for the agentic era.
Featured
Interlace ESLint Ecosystem
18 specialized plugins. 332+ security rules. 100% OWASP Top 10 coverage. Built for the AI/Agentic era — LLM-friendly error messages mean Claude / Cursor / Copilot can fix vulnerabilities without context.
- ★ Stars
- 10
- npm downloads
- 105,085
Career
Work experience
- · Built first U.S. engineering team
- · Leading largest distributed team (US/EU)
- · 16+ npm packages, 200+ security rules
- · Deep dives on JS/TS, testing & platform engineering
- · First monetized API platform
- · 25+ shared packages, mono-repo
- · Scaled APIs 100x
- · 1,000+ tests, TypeScript migration
- ·Previous RolesatVarious
- · 6 years of platform engineering across startups and scale-ups
Open Source Philosophy
Open source is the ultimate learning accelerator. By building in public, I stay state-of-the-art, give back to the community, and build trust through transparent, well-documented code.
Writing
Latest articles
Getting Started with eslint-plugin-mongodb-security
How to prevent MongoDB NoSQL injection, operator injection, and hardcoded connection strings with the only ESLint plugin built specifically for MongoDB/Mongoose.
· 5 minSame NestJS Prompt. Claude Got 6 Security Errors. Gemini Got 2. Here's What Both Got Wrong.
Same prompt. Claude Sonnet 4.6 got 6 security errors from eslint-plugin-nestjs-security. Gemini 2.5 Flash got 2. Both missed rate limiting on auth endpoints — and Gemini got guards, validators, and serialization right where Claude didn't.
· 9 min
Claude Wrote a NestJS Service. TypeScript Was Happy. ESLint Found 6 Security Holes.
I gave Claude one prompt and got 200 lines of correct NestJS. TypeScript compiled clean. Then I ran eslint-plugin-nestjs-security. 6 errors, 3 seconds. Here is what it found and why each one is an AI failure mode.
· 10 minimport-next/no-cycle Reported 0 Cycles on Next.js. We Found Why — and Fixed It.
Our cycle detector returned 0 on a 14K-file repo. oxlint found 17. We audited the rule and found two bugs: a 10-hop depth limit that silenced cycles longer than 10 hops, and a cache contamination bug that made results non-deterministic across runs.
· 7 min
5 Cycles Invisible in 14,556 Files. The Cache Bug That Hid Them.
We found 5 import cycles in 33 files that were invisible in 14,556. The cause: a 10-hop depth limit that wrote false non-cyclic entries into a shared cache, poisoning later traversals. Here is the bug, the fix, and how to test if your own cycle detector has the same class of failure.
· 5 min
I Inherited a NestJS Codebase. The First Lint Run Found 6 Vulnerabilities.
The codebase had 2 years of feature PRs and zero security audits. In 30 minutes, a fresh ESLint run surfaced 6 distinct vulnerability classes — auth bypass, sensitive field leaks, brute-force exposure, and three more. Here's what each one looks like and why it survived code review.
· 8 min
Stack
What I work with
Languages
- TypeScript
- JavaScript
- Node.js
Frameworks
- React
- Express
- NestJS
- Next.js
- Nuxt
Backend
- Kafka
- Redis
- PostgreSQL
- MongoDB
- Serverless
Cloud / DevOps
- AWS
- Docker
- Kubernetes
- Vercel
DevEx
- ESLint
- Nx Monorepos
- CLIs
- Static Analysis
AI-Native
- LLM-friendly errors
- MCP servers
- Agentic tooling
FAQ
Common questions
- What is the Interlace ESLint Ecosystem?
- A collection of 18+ production-ready ESLint plugins designed for the AI/Agentic era. LLM-optimized error messages empower both human developers and AI coding assistants to catch and fix security vulnerabilities automatically.
- Why AI-native ESLint plugins?
- Traditional ESLint error messages are designed for humans reading them in an IDE. As AI coding assistants become more prevalent, error messages also need to be machine-parseable with clear remediation guidance. Our plugins bridge that gap.
- Which security standards do the plugins cover?
- Comprehensive coverage for OWASP Top 10 2021, OWASP Mobile 2024, and framework-specific patterns for Express, NestJS, Lambda, Postgres, MongoDB, and more. Each plugin includes detailed docs with Known False Negatives disclosed.
- What technologies do you work with?
- Languages: TypeScript, JavaScript, Node.js. Frameworks: React, Express, NestJS. Backend: Kafka, Redis, Serverless. Cloud: AWS, Docker, Kubernetes. DevEx: ESLint, Nx Monorepos, CLIs.