Linting

8 open source tools compared. Sorted by stars. Scroll down for our analysis.

Tool	Stars	Velocity	Language	License	Score
Prettier Opinionated code formatter	52.1k	+57/wk	JavaScript	MIT License	88
ShellCheck Static analysis for shell scripts	39.6k	+32/wk	Haskell	GNU General Public License v3.0	76
ESLint Find and fix problems in your JavaScript code	27.4k	+38/wk	JavaScript	MIT License	85
knip ✂️ Find unused files, dependencies and exports in your JavaScript and TypeScript projects. Knip it before you ship it!	11.6k	+76/wk	TypeScript	-	55
sonarqube Continuous Inspection	10.7k	+30/wk	Java	-	71
eslint-config Anthony's ESLint config preset	6.2k	+4/wk	JavaScript	MIT License	77
qlty	3.1k	+6/wk	Rust	MIT License	69
django-stubs PEP-484 stubs for Django	1.9k	+4/wk	Python	MIT License	69

Stay ahead of the category

New tools and momentum shifts, every Wednesday.

Our Analysis

Prettier52.1k★

Prettier ends the formatting debate by automatically formatting JavaScript, TypeScript, CSS, HTML, JSON, and Markdown. It's opinionated on purpose: fewer config options means everyone's code looks the same. MIT license, JavaScript. The most widely adopted code formatter in the JS ecosystem. Supports JS, TS, JSX, CSS, SCSS, Less, HTML, Vue, Angular, GraphQL, Markdown, YAML, and more. Integrates with every editor, runs in CI, and has plugins for additional languages. Fully free. No paid tier, no premium plugins, no hosted service. Every language, every integration, every feature: $0. Every JavaScript/TypeScript team should use this. That's not a suggestion, it's the industry default at this point. Solo to enterprise: install it, add it to your editor's format-on-save, add it to CI. Done. The catch: "opinionated" means you don't get to customize much. If you hate Prettier's formatting choices (and some people really do), your options are limited to a handful of config flags. It also doesn't lint; it formats. You still need ESLint for catching actual bugs. And occasionally a new Prettier version reformats your entire codebase, creating massive diffs that pollute git history.

ShellCheck39.6k★

ShellCheck finds bugs in your shell scripts before they bite you in production. It's a linter that reads your shell scripts and tells you about quoting errors, unsafe variable expansions, and portability issues. The kind of bugs that work fine on your machine and explode on the server. GPL v3. Written in Haskell but you don't need to know or care about that; it's a standalone binary. Integrates with every major editor (VS Code, Vim, Emacs), runs in CI, and has a web version at shellcheck.net for quick checks. Fully free. No paid tier, no premium rules, no hosted service beyond the free web checker. Every rule, every check, every integration, $0. Every team that writes shell scripts should use this. Solo or enterprise, the answer is the same: install it, add it to CI, stop shipping broken bash. Takes 5 minutes to set up. The catch: ShellCheck only handles sh/bash/dash/ksh. If you're writing Zsh scripts, coverage is limited. And it catches syntax and common pitfalls but won't validate your script's logic; it'll tell you your variable is unquoted, not that your deployment script deletes the wrong directory. Also, GPL v3 means you can't embed it in proprietary tools without licensing implications.

ESLint27.4k★

ESLint catches bugs, enforces code standards, and fixes problems automatically before your JavaScript or TypeScript code ever runs. It's a spell checker for code. It reads your files, finds problems (unused variables, missing error handling, inconsistent formatting), and can auto-fix many of them. What's free: Everything. MIT license. The core linter, every built-in rule, the plugin system, the flat config format. All free, forever. ESLint is funded by donations and sponsorships, not by gating features. ESLint is non-negotiable for JavaScript projects. Used in essentially every professional JS/TS codebase. The plugin ecosystem covers React, Vue, TypeScript, accessibility, import ordering. Whatever your stack, there's an ESLint plugin for it. The catch: configuration. ESLint recently moved to a 'flat config' system that's simpler than the old `.eslintrc` approach, but migrating existing configs takes effort. The sheer number of rules and plugins can be overwhelming. And for pure formatting (tabs vs spaces, semicolons), Prettier is better. Use both together: ESLint for logic bugs, Prettier for formatting.

knip11.6k★

Knip finds the dead weight in your JavaScript and TypeScript projects: files nothing imports, dependencies you installed and forgot, exports nothing else uses. Run it and it tells you exactly what you can delete. It is free and open source under the permissive ISC license, installed as a single npm package. There is a VS Code extension and an MCP server too, so your AI assistant can flag dead code as you write. Running it is one command. The work is in the config. Knip reads simple projects automatically, but monorepos, custom frameworks, and build setups usually need a config file and the right plugins so it stops flagging things that are actually used. It ships plugins for most major tools (Next.js, Jest, Storybook, and dozens more), so tuning is mostly picking the right ones, not writing rules from scratch. This is the tool for shrinking a codebase before a refactor or a dependency audit. Solo or small team: install it, run it in CI, done. Big monorepo: budget an afternoon to dial in the config, then it earns its keep every release by catching cruft before it ships. The catch is false positives. On a complex setup, knip flags things that look unused but get loaded dynamically or by a tool it has no plugin for. Read the report, do not pipe it straight into fix mode. Once it is tuned it is accurate, but the first run on a messy repo is a conversation, not a verdict.

sonarqube10.7k★

SonarQube analyzes your code for bugs, security vulnerabilities, and code smells across 30+ languages. It integrates with every major CI/CD pipeline and gives you a quality gate you can fail builds on. The Community Edition is free and self-hosted. Deploy via Docker or a dedicated server. You need 2GB+ RAM for the process, plus a Postgres database. The Docker Compose setup handles it in minutes. The web interface is comprehensive and developers actually use it without being forced. Quality gates plug directly into your CI pipeline. Solo developers and small teams run the Community Edition free. The Developer Edition adds branch analysis and deeper security rules starting at around 150 USD/year per developer. Enterprise Edition adds datacenter mode and portfolio management. The catch: Community Edition does not do branch analysis. You analyze main only. If your team uses feature branches heavily, you either upgrade to Developer Edition or run multiple SonarQube instances.

eslint-config6.2k★

Anthony Fu's personal ESLint config, published as a preset. One line of setup in your eslint.config.js and you get linting, formatting, sorted imports, and reasonable defaults across TypeScript, JSX, Vue, JSON, YAML, and Markdown. The selling point is that it replaces Prettier entirely. Formatting happens inside ESLint, which means one tool, one config, one CI step. It uses ESLint's flat config format, so you'll need ESLint 9.5 or newer. Framework support for React, Next.js, Svelte, UnoCSS, Astro, Solid, and Angular is opt-in via flags. Vue and TypeScript detection is automatic. The starter wizard at `pnpm dlx @antfu/eslint-config@latest` will scaffold the config and the package.json scripts for you. Use this if you trust Antony Fu's taste, which most of the Vue and Nuxt ecosystem does. Solo: install it. Small teams: install it and commit to the opinions. Large teams with existing style guides: it's a hard rip-and-replace, but worth evaluating if you're tired of the ESLint plus Prettier plus stylelint stack. The catch: it's opinionated. Single quotes, no semicolons, dangling commas, sorted imports, all non-negotiable by default. The README literally says "changes might not always work for everyone." If your team has strong existing conventions, expect arguments.

qlty3.1k★

Qlty orchestrates dozens of existing tools under one CLI. Instead of configuring ESLint, Pylint, Rubocop, and Semgrep separately, qlty runs them all with a single command and unified output. The CLI is free. It auto-detects your languages, installs the right linters, and runs them. Supports 20+ languages and wraps established tools (ESLint, Ruff, Clippy, etc.) rather than reinventing analysis from scratch. That's smart: you get battle-tested rules without learning each tool's config format. The cloud dashboard (qlty.sh) adds PR-level quality gates, trend tracking, and team analytics. Free for open source, paid plans for private repos starting at $30/mo per seat. The catch: qlty is still early. The tool orchestration approach means you're depending on qlty to correctly configure and update the underlying linters. When an underlying tool changes its output format or rules, qlty needs to adapt. And the cloud pricing at $30/seat/mo puts it in SonarCloud territory: you're paying for the unified dashboard, not the analysis itself.

django-stubs1.9k★

Django leans hard on runtime magic. Models grow attributes you never declared, managers appear out of nowhere, Meta options reshape classes on the fly. That magic is also why a plain type checker throws up its hands on Django code. django-stubs is the fix: a full set of type hints plus a mypy plugin that actually understands the ORM, so your editor and your CI can catch a wrong field name or a bad query before it ships. Setup is trivial. It is a dev dependency you pip install and a few lines of mypy config. Nothing to host, nothing to run in production. It tracks current Django and Python versions, and there is a sibling project, djangorestframework-stubs, if you live in DRF. The whole thing is MIT and completely free. There is no paid tier and nothing gated. Solo devs, small teams, large teams: same deal, install it and move on. On Pyright instead of mypy you already get a lot of Django typing for free, so the value here is highest for mypy shops. The catch is the coupling. The mypy plugin is tied to specific mypy and Django versions, so a major upgrade on either side can mean waiting for the stubs to catch up before your type check goes green again.