ReDoS vulnerabilities in tooling - that's the key point. The "risk" is that if you do something weird in your code, then your linter might take a long time or crash (i.e. by running out memory). The same way that doing crazy things with types can make your compiler take a long time or crash (- type system).
I didn't consider TypeScript tooling. I guess that makes sense since it's usually converted to JavaScript instead of being run directly where errors would affect end users.
