diff --git a/.eslintrc.js b/.eslintrc.js
index 0144e742..49b4a92d 100644
--- a/.eslintrc.js
+++ b/.eslintrc.js
@@ -1,7 +1,7 @@
 module.exports = {
-  extends: ['plugin:@typescript-eslint/recommended', 'plugin:prettier/recommended'],
+  extends: ['plugin:@typescript-eslint/recommended', 'plugin:prettier/recommended', 'plugin:security/recommended'],
   parser: '@typescript-eslint/parser',
-  plugins: ['import', 'notice', '@typescript-eslint'],
+  plugins: ['import', 'notice', '@typescript-eslint', 'security'],
   env: {
     browser: true,
     es6: true,
diff --git a/packages/app/client/package.json b/packages/app/client/package.json
index 653e2a6e..958f2ad0 100644
--- a/packages/app/client/package.json
+++ b/packages/app/client/package.json
@@ -114,6 +114,7 @@
     "botframework-webchat-core": "4.14.0",
     "core-js": "^3.6.5",
     "eslint-plugin-react": "^7.12.3",
+    "eslint-plugin-security": "^1.4.0",
     "markdown-it": "^8.4.2",
     "monaco-editor": "^0.21.2",
     "monaco-editor-webpack-plugin": "^2.0.0",
diff --git a/packages/app/main/package.json b/packages/app/main/package.json
index 2a5e53ef..7caa555f 100644
--- a/packages/app/main/package.json
+++ b/packages/app/main/package.json
@@ -141,6 +141,7 @@
     "chokidar": "^2.0.2",
     "command-line-args": "^5.0.2",
     "electron-updater": "4.3.5",
+    "eslint-plugin-security": "^1.4.0",
     "formidable": "^1.1.1",
     "fs-extra": "^6.0.1",
     "got": "^7.1.0",
diff --git a/packages/app/shared/package.json b/packages/app/shared/package.json
index 38190bdf..5ab2660f 100644
--- a/packages/app/shared/package.json
+++ b/packages/app/shared/package.json
@@ -44,6 +44,7 @@
     "@bfemulator/sdk-shared": "^1.0.0",
     "botframework-config": "4.4.0",
     "botframework-schema": "4.14.0",
+    "eslint-plugin-security": "^1.4.0",
     "tslib": "^1.9.0"
   },
   "jest": {
diff --git a/packages/extensions/json/package.json b/packages/extensions/json/package.json
index fb42914d..b83a48a7 100644
--- a/packages/extensions/json/package.json
+++ b/packages/extensions/json/package.json
@@ -7,12 +7,13 @@
   "license": "ISC",
   "dependencies": {
     "@babel/runtime": "^7.1.5",
-    "@bfemulator/ui-react": "^1.0.0",
-    "@bfemulator/sdk-shared": "^1.0.0",
     "@bfemulator/app-shared": "^1.0.0",
     "@bfemulator/sdk-client": "^1.0.0",
+    "@bfemulator/sdk-shared": "^1.0.0",
+    "@bfemulator/ui-react": "^1.0.0",
     "botframework-schema": "4.14.0",
     "deep-diff": "^1.0.2",
+    "eslint-plugin-security": "^1.4.0",
     "react": "16.8.6",
     "react-dom": "16.8.6",
     "react-json-tree": "^0.11.2"
@@ -42,16 +43,16 @@
     "@typescript-eslint/parser": "^4.14.2",
     "babel-eslint": "^10.0.1",
     "babel-jest": "24.8.0",
-    "babel-preset-react-app": "^3.1.1",
     "babel-loader": "^8.0.6",
+    "babel-preset-react-app": "^3.1.1",
     "copy-webpack-plugin": "5.0.5",
     "css-loader": "^1.0.1",
+    "enzyme": "^3.3.0",
     "eslint": "7.19.0",
     "eslint-config-prettier": "^3.5.0",
     "eslint-plugin-import": "2.20.0",
     "eslint-plugin-notice": "^0.7.7",
     "eslint-plugin-prettier": "^3.0.1",
-    "enzyme": "^3.3.0",
     "file-loader": "^1.1.11",
     "jest": "24.8.0",
     "jest-enzyme": "^7.0.0",
@@ -64,7 +65,9 @@
     "webpack-dev-server": "^3.4.1"
   },
   "jest": {
-    "setupFilesAfterEnv": ["../../../../testSetup.js"],
+    "setupFilesAfterEnv": [
+      "../../../../testSetup.js"
+    ],
     "transform": {
       "^.+\\.(tsx?|jsx?)$": "babel-jest"
     },
diff --git a/packages/extensions/luis/client/package.json b/packages/extensions/luis/client/package.json
index 991fd4a2..e7e06af5 100644
--- a/packages/extensions/luis/client/package.json
+++ b/packages/extensions/luis/client/package.json
@@ -12,6 +12,7 @@
     "@bfemulator/ui-react": "^1.0.0",
     "botframework-config": "4.4.0",
     "botframework-schema": "4.14.0",
+    "eslint-plugin-security": "^1.4.0",
     "lscache": "^1.1.0",
     "luis-apis": "2.5.1",
     "react": "16.8.6",
diff --git a/packages/extensions/luis/package.json b/packages/extensions/luis/package.json
index dbdcf080..fd2fcbda 100644
--- a/packages/extensions/luis/package.json
+++ b/packages/extensions/luis/package.json
@@ -14,6 +14,7 @@
     "jest": "24.8.0"
   },
   "dependencies": {
-    "@babel/runtime": "^7.1.5"
+    "@babel/runtime": "^7.1.5",
+    "eslint-plugin-security": "^1.4.0"
   }
 }
diff --git a/packages/extensions/qnamaker/client/package.json b/packages/extensions/qnamaker/client/package.json
index 0a4fc442..3028ee33 100644
--- a/packages/extensions/qnamaker/client/package.json
+++ b/packages/extensions/qnamaker/client/package.json
@@ -11,6 +11,7 @@
     "@uifabric/merge-styles": "^6.2.0",
     "botframework-config": "4.4.0",
     "botframework-schema": "4.14.0",
+    "eslint-plugin-security": "^1.4.0",
     "qnamaker": "^1.3.0",
     "react": "16.8.6",
     "react-dom": "16.8.6"
diff --git a/packages/extensions/qnamaker/package.json b/packages/extensions/qnamaker/package.json
index 76d036c8..4f5fec96 100644
--- a/packages/extensions/qnamaker/package.json
+++ b/packages/extensions/qnamaker/package.json
@@ -16,6 +16,7 @@
     "webpack-cli": "^3.3.2"
   },
   "dependencies": {
-    "@babel/runtime": "^7.1.5"
+    "@babel/runtime": "^7.1.5",
+    "eslint-plugin-security": "^1.4.0"
   }
 }
diff --git a/packages/sdk/client/package.json b/packages/sdk/client/package.json
index 290191a7..54a5ca0e 100644
--- a/packages/sdk/client/package.json
+++ b/packages/sdk/client/package.json
@@ -44,6 +44,7 @@
     "@bfemulator/sdk-shared": "^1.0.0",
     "botframework-config": "4.4.0",
     "botframework-schema": "4.14.0",
+    "eslint-plugin-security": "^1.4.0",
     "tslib": "^1.9.0"
   }
 }
diff --git a/packages/sdk/shared/package.json b/packages/sdk/shared/package.json
index dfff3209..6a55fcca 100644
--- a/packages/sdk/shared/package.json
+++ b/packages/sdk/shared/package.json
@@ -19,8 +19,8 @@
   "devDependencies": {
     "@babel/cli": "^7.1.0",
     "@babel/core": "^7.1.0",
-    "@babel/plugin-proposal-decorators": "^7.4.0",
     "@babel/plugin-proposal-class-properties": "^7.1.0",
+    "@babel/plugin-proposal-decorators": "^7.4.0",
     "@babel/plugin-proposal-object-rest-spread": "^7.0.0",
     "@babel/plugin-transform-react-jsx": "^7.0.0",
     "@babel/plugin-transform-runtime": "^7.4.4",
@@ -45,6 +45,7 @@
     "@babel/runtime": "^7.1.5",
     "botframework-config": "4.4.0",
     "botframework-schema": "4.14.0",
+    "eslint-plugin-security": "^1.4.0",
     "tslib": "^1.9.0",
     "uuid": "^3.3.2"
   },
diff --git a/packages/sdk/ui-react/package.json b/packages/sdk/ui-react/package.json
index 5c0fd1e5..34976d31 100644
--- a/packages/sdk/ui-react/package.json
+++ b/packages/sdk/ui-react/package.json
@@ -57,6 +57,7 @@
   "dependencies": {
     "@babel/runtime": "^7.1.5",
     "@bfemulator/app-shared": "^1.0.0",
+    "eslint-plugin-security": "^1.4.0",
     "react": "16.8.6",
     "react-dom": "16.8.6"
   },
diff --git a/packages/tools/package.json b/packages/tools/package.json
index df1b5e83..dbc151e1 100644
--- a/packages/tools/package.json
+++ b/packages/tools/package.json
@@ -11,6 +11,7 @@
   "dependencies": {
     "botbuilder": "4.5.1",
     "dotenv": "8.0.0",
+    "eslint-plugin-security": "^1.4.0",
     "restify": "8.3.3"
   },
   "devDependencies": {