Lint Your Phishing Templates Like You Lint Your Code

You spent two hours crafting a convincing IT helpdesk pretext. You ship the campaign. The click rate is 2%. It's not because employees got more savvy. It's because half your emails landed in spam, your tracking pixel was broken so you never saw the opens, and your {{.FirstName}} was actually {{.first_name}} and rendered as a literal string in every recipient's inbox. I built @hailbytes/phishing-template-linter after the third campaign in a row where this happened. Lint a directory of templates npx @hailbytes/phishing-template-linter ./templates/ You get a per-template report of: Broken or unknown merge tags Missing tracking pixel / link rewrite hooks Spam-trigger phrases (the obvious ones, but also Gmail's newer heuristics) Deliverability red flags (mismatched display names, suspicious from-domain handling, bare URLs in plaintext) Missing or malformed HTML/text alternatives Use it programmatically import { lint } from '@hailbytes/phishing-templa