chore: consolidate ESLint to flat config, remove legacy .eslintrc files

[ulises-jeremias]

Summary

• Remove 3 legacy .eslintrc files (root, create-node-app-core, create-awesome-node-app) that were being ignored by ESLint v9 in favor of the flat eslint.config.cjs
• Remove unused devDependencies that only served the legacy config chain: @create-node-app/eslint-config, @eslint/eslintrc, eslint-config-turbo, eslint-plugin-turbo
• The internal eslint-config-* packages (published to npm for scaffolded projects) are unchanged

What changed

File	Change
.eslintrc	Deleted — legacy, extends @create-node-app/eslint-config
packages/create-node-app-core/.eslintrc	Deleted — legacy, extends @create-node-app/eslint-config-ts
packages/create-awesome-node-app/.eslintrc	Deleted — legacy, extends @create-node-app/eslint-config-ts
package.json	Remove @create-node-app/eslint-config, @eslint/eslintrc, eslint-config-turbo from devDeps
packages/create-awesome-node-app/package.json	Remove @create-node-app/eslint-config-ts, eslint-config-turbo, eslint-plugin-turbo from devDeps
packages/create-node-app-core/package.json	Remove @create-node-app/eslint-config-ts, eslint-config-turbo, eslint-plugin-turbo from devDeps
package-lock.json	Regenerated (removed 15 unused packages)

Verification

• npm run lint — ✅ passes (2/2 packages)
• npm run type-check — ✅ passes (2/2 packages)
• npm run test:all — 20/21 pass (1 pre-existing smoke test failure, requires TTY)

[coderabbitai]

Warning

Rate limit exceeded

@ulises-jeremias has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 33 minutes and 4 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 33 minutes and 4 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 0411c495-ff8a-41cb-a23d-fb1a2f507396

📥 Commits

Reviewing files that changed from the base of the PR and between 975c1f6 and d354073.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (6)

• .eslintrc
• package.json
• packages/create-awesome-node-app/.eslintrc
• packages/create-awesome-node-app/package.json
• packages/create-node-app-core/.eslintrc
• packages/create-node-app-core/package.json

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/consolidate-eslint-config

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

❌MegaLinter analysis: Error

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
✅ EDITORCONFIG	editorconfig-checker	4		0	0	0.01s
✅ JSON	jsonlint	4		0	0	0.45s
✅ JSON	npm-package-json-lint	yes		no	no	0.25s
✅ JSON	prettier	4	0	0	0	0.32s
✅ JSON	v8r	4		0	0	8.22s
✅ REPOSITORY	gitleaks	yes		no	no	4.13s
✅ REPOSITORY	git_diff	yes		no	no	0.01s
❌ REPOSITORY	osv-scanner	yes		22	no	3.34s
✅ REPOSITORY	secretlint	yes		no	no	0.86s
✅ REPOSITORY	syft	yes		no	no	4.04s
✅ REPOSITORY	trufflehog	yes		no	no	4.3s
❌ SPELL	cspell	5		4	0	2.5s

Detailed Issues

❌ SPELL / cspell - 4 errors

packages/create-awesome-node-app/package.json:20:16     - Unknown word (Ulises)     -- "name": "Ulises Jeremias Cornejo Fandos
	 Suggestions: [Luis's, Filses, Plisse, Uses, Ukases]
packages/create-awesome-node-app/package.json:20:32     - Unknown word (Cornejo)    -- name": "Ulises Jeremias Cornejo Fandos",
	 Suggestions: [Cornea, Corned, Cornel, Corner, Cornet]
packages/create-awesome-node-app/package.json:20:40     - Unknown word (Fandos)     -- Ulises Jeremias Cornejo Fandos",
	 Suggestions: [Fandom, Fandoms, Fantods, Fado, Fads]
packages/create-node-app-core/package.json:56:6      - Unknown word (readdirp)   -- "readdirp": "^4.1.2",
	 Suggestions: [readdir, readDir, redip, reader, readers]
CSpell: Files checked: 4, Issues found: 4 in 2 files.


You can skip this misspellings by defining the following .cspell.json file at the root of your repository
Of course, please correct real typos before :)

{
    "version": "0.2",
    "language": "en",
    "ignorePaths": [
        "**/node_modules/**",
        "**/vscode-extension/**",
        "**/.git/**",
        "**/.pnpm-lock.json",
        ".vscode",
        "package-lock.json",
        "megalinter-reports"
    ],
    "words": [
        "Cornejo",
        "Fandos",
        "Ulises",
        "readdirp"
    ]
}


You can also copy-paste megalinter-reports/.cspell.json at the root of your repository

❌ REPOSITORY / osv-scanner - 22 errors

Scanning dir .
Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding.
Starting filesystem walk for root: /
Scanned tools/danger/package-lock.json file and found 161 packages
Scanned package-lock.json file and found 587 packages
End status: 47 dirs visited, 217 inodes visited, 2 Extract calls, 36.792505ms elapsed, 36.792771ms wall time
Filtered 7 local/unscannable package/s from the scan.

Total 17 packages affected by 22 known vulnerabilities (1 Critical, 6 High, 13 Medium, 2 Low, 0 Unknown) from 1 ecosystem.
21 vulnerabilities can be fixed.

+-------------------------------------+------+-----------+-------------------------------------+---------+---------------+--------------------------------+
| OSV URL                             | CVSS | ECOSYSTEM | PACKAGE                             | VERSION | FIXED VERSION | SOURCE                         |
+-------------------------------------+------+-----------+-------------------------------------+---------+---------------+--------------------------------+
| https://osv.dev/GHSA-3p68-rc4w-qgx5 | 6.3  | npm       | axios                               | 1.13.6  | 1.15.0        | package-lock.json              |
| https://osv.dev/GHSA-fvcv-3m26-pcqx | 4.8  | npm       | axios                               | 1.13.6  | 1.15.0        | package-lock.json              |
| https://osv.dev/GHSA-f886-m6hf-6m8v | 6.5  | npm       | brace-expansion                     | 2.0.2   | 2.0.3         | package-lock.json              |
| https://osv.dev/GHSA-r4q5-vmmm-2653 | 6.9  | npm       | follow-redirects                    | 1.15.11 | 1.16.0        | package-lock.json              |
| https://osv.dev/GHSA-3v7f-55p6-f55p | 5.3  | npm       | picomatch                           | 2.3.1   | 2.3.2         | package-lock.json              |
| https://osv.dev/GHSA-c2c7-rcm5-vvqj | 7.5  | npm       | picomatch                           | 2.3.1   | 2.3.2         | package-lock.json              |
| https://osv.dev/GHSA-3v7f-55p6-f55p | 5.3  | npm       | picomatch (dev)                     | 4.0.3   | 4.0.4         | package-lock.json              |
| https://osv.dev/GHSA-c2c7-rcm5-vvqj | 7.5  | npm       | picomatch (dev)                     | 4.0.3   | 4.0.4         | package-lock.json              |
| https://osv.dev/GHSA-48c2-rrv3-qjmp | 4.3  | npm       | yaml (dev)                          | 2.8.1   | 2.8.3         | package-lock.json              |
| https://osv.dev/GHSA-h5c3-5r3r-rr8q | 5.3  | npm       | @octokit/plugin-paginate-rest (dev) | 2.21.3  | 9.2.2         | tools/danger/package-lock.json |
| https://osv.dev/GHSA-rmvr-2pp2-xj38 | 5.3  | npm       | @octokit/request (dev)              | 5.6.3   | 8.4.1         | tools/danger/package-lock.json |
| https://osv.dev/GHSA-xx4v-prfh-6cgc | 5.3  | npm       | @octokit/request-error (dev)        | 2.1.0   | 5.1.1         | tools/danger/package-lock.json |
| https://osv.dev/GHSA-vpq2-c234-7xj6 | 3.3  | npm       | @tootallnate/once (dev)             | 2.0.0   | 3.0.1         | tools/danger/package-lock.json |
| https://osv.dev/GHSA-grv7-fg5c-xmjg | 7.5  | npm       | braces (dev)                        | 3.0.2   | 3.0.3         | tools/danger/package-lock.json |
| https://osv.dev/GHSA-fjxv-7rqg-78g4 | 9.4  | npm       | form-data (dev)                     | 4.0.0   | 4.0.4         | tools/danger/package-lock.json |
| https://osv.dev/GHSA-869p-cjfg-cm3x | 7.5  | npm       | jws (dev)                           | 3.2.2   | 3.2.3         | tools/danger/package-lock.json |
| https://osv.dev/GHSA-952p-6rrq-rcjv | 5.3  | npm       | micromatch (dev)                    | 4.0.5   | 4.0.8         | tools/danger/package-lock.json |
| https://osv.dev/GHSA-8g77-54rh-46hx | 8.9  | npm       | parse-git-config (dev)              | 2.0.3   | --            | tools/danger/package-lock.json |
| https://osv.dev/GHSA-3v7f-55p6-f55p | 5.3  | npm       | picomatch (dev)                     | 2.3.1   | 2.3.2         | tools/danger/package-lock.json |
| https://osv.dev/GHSA-c2c7-rcm5-vvqj | 7.5  | npm       | picomatch (dev)                     | 2.3.1   | 2.3.2         | tools/danger/package-lock.json |
| https://osv.dev/GHSA-6rw7-vpxm-498p | 6.3  | npm       | qs (dev)                            | 6.12.0  | 6.14.1        | tools/danger/package-lock.json |
| https://osv.dev/GHSA-w7fw-mjwx-w883 | 3.7  | npm       | qs (dev)                            | 6.12.0  | 6.14.2        | tools/danger/package-lock.json |
+-------------------------------------+------+-----------+-------------------------------------+---------+---------------+--------------------------------+

See detailed reports in MegaLinter artifacts
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

Show us your support by starring ⭐ the repository