eslint-plugin-pii

1.0.2 verified Sat Apr 25 auth: no javascript

An ESLint plugin that provides linting rules to prevent Personally Identifiable Information (PII) such as emails, dates of birth, IP addresses, and phone numbers from appearing in comments or string literals. Version 1.0.2 is the latest stable release, last updated in 2023. The plugin offers a recommended configuration via plugin:pii/recommended for easy setup. It uses regex-based checks and is designed for Node.js >=0.10.0 with ESLint >=4.19.1. Compared to similar tools like eslint-plugin-no-secrets, this plugin focuses specifically on PII patterns and provides granular rule control.

Common errors

error ESLint couldn't find the plugin "eslint-plugin-pii". ↓

cause Plugin not installed or not listed in package.json devDependencies.

fix

Run 'npm install eslint-plugin-pii --save-dev' and ensure it is installed in the project.

error Configuration for rule "pii/no-email" is invalid: Severity should be one of the following: 0 = off, 1 = warn, 2 = error. ↓

cause Rule severity set to an invalid value (e.g., string 'error' without quotes in JSON? Actually 'error' is valid). Might be using wrong config format.

fix

Ensure rule value is 'off', 'warn', or 'error' (or numbers 0,1,2). Example: "pii/no-email": "error"

error Parsing error: The keyword 'const' is reserved ↓

cause ESLint parser expecting older ECMAScript version.

fix

Add 'parserOptions': { 'ecmaVersion': 2020 } or higher in .eslintrc.

Warnings

gotcha Rules only check comments and string literals, not variable values or dynamic strings. ↓

fix Manually review runtime data handling; the plugin does not catch PII in variables or function arguments.

gotcha The plugin uses regex patterns that may have false positives or miss certain PII formats. ↓

fix Test thoroughly with your codebase; consider complementing with additional tools or custom rules.

deprecated Node engine >=0.10.0 is very old; newer Node versions may have compatibility issues with ESLint 4. ↓

fix Use ESLint >=4.19.1 and Node >=8.0.0. If using ESLint 8+, upgrade plugin if later version exists.

gotcha The plugin does not support flat config (eslint.config.js); only works with .eslintrc files. ↓

fix Use .eslintrc.json or .eslintrc.yaml format; do not use eslint.config.js.

Install

npm install eslint-plugin-pii

yarn add eslint-plugin-pii

pnpm add eslint-plugin-pii

Imports

plugin
wrong
```
Using require directly in code: const pii = require('eslint-plugin-pii')
```
correct
```
// In .eslintrc: {"plugins": ["pii"]}
```
This is an ESLint plugin, not a library. Configure in .eslintrc or eslint.config.js, not via import/require in source files.
rules
wrong
```
Using wrong rule prefix: {"rules": {"eslint-plugin-pii/no-email": "error"}}
```
correct
```
// In .eslintrc: {"rules": {"pii/no-email": "error"}}
```
Rules are prefixed with 'pii/', not the full plugin name. Available rules: no-email, no-dob, no-ip, no-phone-number.

recommended config

wrong

Extending 'pii/recommended' without 'plugin:' prefix: {"extends": ["pii/recommended"]}

correct

// In .eslintrc: {"extends": ["plugin:pii/recommended"]}

The extends value must include the 'plugin:' prefix to reference the plugin's configuration.

Quickstart

Configures ESLint to use eslint-plugin-pii with four rules enabled and shows example violations.

// .eslintrc.json
{
  "plugins": ["pii"],
  "rules": {
    "pii/no-email": "error",
    "pii/no-dob": "warn",
    "pii/no-ip": "error",
    "pii/no-phone-number": "error"
  }
}

// Sample file with violations:
// const email = 'user@example.com'; // -> error: no-email
// const ip = '192.168.1.1'; // -> error: no-ip