Linting isn't going to catch most malicious implementation patterns. You still need to sniff test what was written.