diff --git a/.eslintrc.js b/.eslintrc.js
new file mode 100644
index 00000000..9b125cb1
--- /dev/null
+++ b/.eslintrc.js
@@ -0,0 +1,18 @@
+module.exports = {
+    "env": {
+        "browser": true,
+        "commonjs": true,
+        "es2021": true,
+        "node": true
+    },
+    "extends": "eslint:recommended",
+    "parserOptions": {
+        "ecmaVersion": "latest"
+    },
+    "globals": {
+        "DedicatedWorkerGlobalScope": "readonly",
+    },
+    "rules": {
+        "no-unused-vars": ["error", { "vars": "all", "args": "none" }],
+    }
+}
diff --git a/lib/default.js b/lib/default.js
index b322d8b8..6495a992 100644
--- a/lib/default.js
+++ b/lib/default.js
@@ -233,11 +233,11 @@ var REGEXP_QUOTE_2 = /&quot;/g;
 var REGEXP_ATTR_VALUE_1 = /&#([a-zA-Z0-9]*);?/gim;
 var REGEXP_ATTR_VALUE_COLON = /&colon;?/gim;
 var REGEXP_ATTR_VALUE_NEWLINE = /&newline;?/gim;
-var REGEXP_DEFAULT_ON_TAG_ATTR_3 = /\/\*|\*\//gm;
+// var REGEXP_DEFAULT_ON_TAG_ATTR_3 = /\/\*|\*\//gm;
 var REGEXP_DEFAULT_ON_TAG_ATTR_4 =
-  /((j\s*a\s*v\s*a|v\s*b|l\s*i\s*v\s*e)\s*s\s*c\s*r\s*i\s*p\s*t\s*|m\s*o\s*c\s*h\s*a)\:/gi;
-var REGEXP_DEFAULT_ON_TAG_ATTR_5 = /^[\s"'`]*(d\s*a\s*t\s*a\s*)\:/gi;
-var REGEXP_DEFAULT_ON_TAG_ATTR_6 = /^[\s"'`]*(d\s*a\s*t\s*a\s*)\:\s*image\//gi;
+  /((j\s*a\s*v\s*a|v\s*b|l\s*i\s*v\s*e)\s*s\s*c\s*r\s*i\s*p\s*t\s*|m\s*o\s*c\s*h\s*a):/gi;
+// var REGEXP_DEFAULT_ON_TAG_ATTR_5 = /^[\s"'`]*(d\s*a\s*t\s*a\s*)\:/gi;
+// var REGEXP_DEFAULT_ON_TAG_ATTR_6 = /^[\s"'`]*(d\s*a\s*t\s*a\s*)\:\s*image\//gi;
 var REGEXP_DEFAULT_ON_TAG_ATTR_7 =
   /e\s*x\s*p\s*r\s*e\s*s\s*s\s*i\s*o\s*n\s*\(.*/gi;
 var REGEXP_DEFAULT_ON_TAG_ATTR_8 = /u\s*r\s*l\s*\(.*/gi;
diff --git a/lib/index.js b/lib/index.js
index 9a5eea4d..0536a7fa 100644
--- a/lib/index.js
+++ b/lib/index.js
@@ -23,8 +23,8 @@ function filterXSS(html, options) {
 exports = module.exports = filterXSS;
 exports.filterXSS = filterXSS;
 exports.FilterXSS = FilterXSS;
-for (var i in DEFAULT) exports[i] = DEFAULT[i];
-for (var i in parser) exports[i] = parser[i];
+for (let i in DEFAULT) exports[i] = DEFAULT[i];
+for (let i in parser) exports[i] = parser[i];
 
 // using `xss` on the browser, output `filterXSS` to the globals
 if (typeof window !== "undefined") {
diff --git a/lib/parser.js b/lib/parser.js
index c3a07d2e..06bb2453 100644
--- a/lib/parser.js
+++ b/lib/parser.js
@@ -13,11 +13,12 @@ var _ = require("./util");
  * @return {String}
  */
 function getTagName(html) {
-  var i = _.spaceIndex(html);
+  let i = _.spaceIndex(html);
+  let tagName;
   if (i === -1) {
-    var tagName = html.slice(1, -1);
+    tagName = html.slice(1, -1);
   } else {
-    var tagName = html.slice(1, i + 1);
+    tagName = html.slice(1, i + 1);
   }
   tagName = _.trim(tagName).toLowerCase();
   if (tagName.slice(0, 1) === "/") tagName = tagName.slice(1);
@@ -112,7 +113,7 @@ function parseTag(html, onTag, escapeHtml) {
   return rethtml;
 }
 
-var REGEXP_ILLEGAL_ATTR_NAME = /[^a-zA-Z0-9_:\.\-]/gim;
+var REGEXP_ILLEGAL_ATTR_NAME = /[^a-zA-Z0-9_:.-]/gim;
 
 /**
  * parse input attributes and returns processed attributes
diff --git a/lib/xss.js b/lib/xss.js
index b72a8f3a..136bface 100644
--- a/lib/xss.js
+++ b/lib/xss.js
@@ -134,7 +134,7 @@ FilterXSS.prototype.process = function (html) {
   // if enable stripIgnoreTagBody
   var stripIgnoreTagBody = false;
   if (options.stripIgnoreTagBody) {
-    var stripIgnoreTagBody = DEFAULT.StripTagBody(
+    stripIgnoreTagBody = DEFAULT.StripTagBody(
       options.stripIgnoreTagBody,
       onIgnoreTag
     );
@@ -148,7 +148,7 @@ FilterXSS.prototype.process = function (html) {
         sourcePosition: sourcePosition,
         position: position,
         isClosing: isClosing,
-        isWhite: whiteList.hasOwnProperty(tag),
+        isWhite: Object.prototype.hasOwnProperty.call(whiteList, tag),
       };
 
       // call `onTag()`
@@ -178,21 +178,21 @@ FilterXSS.prototype.process = function (html) {
             }
           } else {
             // call `onIgnoreTagAttr()`
-            var ret = onIgnoreTagAttr(tag, name, value, isWhiteAttr);
+            ret = onIgnoreTagAttr(tag, name, value, isWhiteAttr);
             if (!isNull(ret)) return ret;
             return;
           }
         });
 
         // build new tag html
-        var html = "<" + tag;
+        html = "<" + tag;
         if (attrsHtml) html += " " + attrsHtml;
         if (attrs.closing) html += " /";
         html += ">";
         return html;
       } else {
         // call `onIgnoreTag()`
-        var ret = onIgnoreTag(tag, html, info);
+        ret = onIgnoreTag(tag, html, info);
         if (!isNull(ret)) return ret;
         return escapeHtml(html);
       }
diff --git a/package.json b/package.json
index c47eda7b..07217051 100644
--- a/package.json
+++ b/package.json
@@ -20,6 +20,7 @@
     "browserify": "^17.0.0",
     "coveralls": "^3.1.0",
     "debug": "^4.1.1",
+    "eslint": "^8.10.0",
     "mocha": "^8.3.2",
     "nyc": "^15.1.0",
     "uglify-js": "^3.9.4"
@@ -34,6 +35,7 @@
     "xss": "./bin/xss"
   },
   "scripts": {
+    "lint": "eslint lib/**",
     "test": "export DEBUG=xss:* && mocha -t 5000",
     "test-cov": "nyc --reporter=lcov mocha --exit \"test/*.js\" && nyc report",
     "coveralls": "cat ./coverage/lcov.info | ./node_modules/coveralls/bin/coveralls.js",