Engineering Leader & Open Source Creator
Ofri Peretz
Building Products That Matter. Architect of the Interlace ESLint Ecosystem — 332+ security rules across 18 specialized plugins, designed for the AI/Agentic era.
Impact
The numbers behind the work
Cumulative totals across code, writing, and community engagement. Source-of-truth: Supabase v_* views, written by a daily ingest cron and cached for ~12 hours.
- npm downloads
- 0
- Packages published
- 0
- GitHub stars
- 0
- Contributions
- 0
- Articles published
- 0
- Article views
- 0
- Reactions
- 0
- Comments
- 0
Aggregate display values: npm downloads: 200.2K, Packages published: 24, GitHub stars: 11, Contributions: 0, Articles published: 50, Article views: 6.0K, Reactions: 53, Comments: 39
About
Building products that matter
Engineering Leader with a decade of experience shipping production JavaScript at scale. Currently focused on AI-native developer tools — building static analysis that empowers both humans and AI coding assistants to catch security issues before they ship.
Architect of the Interlace ESLint Ecosystem — 18 specialized plugins, 332+ rules, covering OWASP Top 10, LLM Security, and database hardening. Built for the agentic era.
Featured
Interlace ESLint Ecosystem
18 specialized plugins. 332+ security rules. 100% OWASP Top 10 coverage. Built for the AI/Agentic era — LLM-friendly error messages mean Claude / Cursor / Copilot can fix vulnerabilities without context.
- ★ Stars
- 11
- npm downloads
- 200,214
Career
Work experience
- · Built first U.S. engineering team
- · Leading largest distributed team (US/EU)
- · 16+ npm packages, 200+ security rules
- · Deep dives on JS/TS, testing & platform engineering
- · First monetized API platform
- · 25+ shared packages, mono-repo
- · Scaled APIs 100x
- · 1,000+ tests, TypeScript migration
- ·Previous RolesatVarious
- · 6 years of platform engineering across startups and scale-ups
Open Source Philosophy
Open source is the ultimate learning accelerator. By building in public, I stay state-of-the-art, give back to the community, and build trust through transparent, well-documented code.
Writing
Latest articles

The AI Hydra Problem: Fix One AI Bug, Get Two More
When AI models fix security vulnerabilities, they sometimes introduce entirely new ones. I tested this across 3 remediation rounds with Claude Opus 4.6 using two approaches — ESLint-guided feedback vs. prompt engineering alone. The results expose a fundamental limit of 'fix it again' workflows.
· 12 minMicrosoft's ESLint Security Plugin Catches 10% of Vulnerabilities. Here's What It Misses.
A head-to-head benchmark between @microsoft/eslint-plugin-sdl and the Interlace security ecosystem. Microsoft's SDL standard covers 1 of 14 security categories.
· 10 min· ❤ 1SonarJS Has 269 Rules. It Still Misses 65% of Security Vulnerabilities.
A head-to-head benchmark between eslint-plugin-sonarjs and the Interlace security ecosystem. 269 rules vs 201 rules — more isn't better when 65% of vulnerabilities slip through.
· 12 min
eslint-plugin-security Is Unmaintained. Here's What Nobody Tells You.
eslint-plugin-security has 1.5M weekly downloads but only 13 rules and no meaningful updates since 2020. Learn why it misses 90% of vulnerabilities—including SQL injection, JWT attacks, and AI/LLM security—and what modern ESLint security plugins to use instead.
· 8 min
I Let Claude Write 80 Functions. 65-75% Had Security Vulnerabilities.
AI coding assistants are incredible—until they introduce security holes. I ran an experiment asking Claude (Haiku 3.5, Sonnet 4.5, Opus 4.5, Opus 4.6) to generate 80 common Node.js functions with zero security context using my Claude Pro subscription. 65-75% had vulnerabilities. Then I tested if static analysis could help the models fix their own mistakes.
· 11 min
Exploit Analysis: PostgreSQL COPY FROM Filesystem Access
A deep dive into PostgreSQL filesystem exploits. Learn how to engineer static analysis guards to prevent unauthorized database-level file access.
· 4 min
Stack
What I work with
Languages
- TypeScript
- JavaScript
- Node.js
Frameworks
- React
- Express
- NestJS
- Next.js
- Nuxt
Backend
- Kafka
- Redis
- PostgreSQL
- MongoDB
- Serverless
Cloud / DevOps
- AWS
- Docker
- Kubernetes
- Vercel
DevEx
- ESLint
- Nx Monorepos
- CLIs
- Static Analysis
AI-Native
- LLM-friendly errors
- MCP servers
- Agentic tooling
FAQ
Common questions
- What is the Interlace ESLint Ecosystem?
- A collection of 18+ production-ready ESLint plugins designed for the AI/Agentic era. LLM-optimized error messages empower both human developers and AI coding assistants to catch and fix security vulnerabilities automatically.
- Why AI-native ESLint plugins?
- Traditional ESLint error messages are designed for humans reading them in an IDE. As AI coding assistants become more prevalent, error messages also need to be machine-parseable with clear remediation guidance. Our plugins bridge that gap.
- Which security standards do the plugins cover?
- Comprehensive coverage for OWASP Top 10 2021, OWASP Mobile 2024, and framework-specific patterns for Express, NestJS, Lambda, Postgres, MongoDB, and more. Each plugin includes detailed docs with Known False Negatives disclosed.
- What technologies do you work with?
- Languages: TypeScript, JavaScript, Node.js. Frameworks: React, Express, NestJS. Backend: Kafka, Redis, Serverless. Cloud: AWS, Docker, Kubernetes. DevEx: ESLint, Nx Monorepos, CLIs.