diff --git a/.eslintrc.json b/.eslintrc.json
index 0deecb34..c98dbde3 100644
--- a/.eslintrc.json
+++ b/.eslintrc.json
@@ -1,3 +1,11 @@
 {
-  "extends": "eslint-config-populist"
+  "extends": "eslint-config-populist",
+  "rules": {
+    "strict": "warn",
+    "indent": ["warn", 2],
+    "valid-jsdoc": "warn",
+    "no-undefined": "warn",
+    "comma-dangle": "warn",
+    "callback-return": ["warn", ["next"]]
+  }
 }
diff --git a/lib/core/index.js b/lib/core/index.js
index 35a4136d..3d8e48f7 100644
--- a/lib/core/index.js
+++ b/lib/core/index.js
@@ -55,7 +55,7 @@ function shouldCompressBrotli(req) {
 
 function hasGzipId12(gzipped, cb) {
   const stream = fs.createReadStream(gzipped, { start: 0, end: 1 });
-  let buffer = Buffer('');
+  let buffer = Buffer.from('');
   let hasBeenCalled = false;
 
   stream.on('data', (chunk) => {
@@ -222,7 +222,6 @@ module.exports = function createMiddleware(_dir, _options) {
       // and brotli special case.
       const defaultType = opts.contentType || 'application/octet-stream';
       let contentType = mime.lookup(file, defaultType);
-      let charSet;
       const range = (req.headers && req.headers.range);
       const lastModified = (new Date(stat.mtime)).toUTCString();
       const etag = generateEtag(stat, weakEtags);
diff --git a/lib/core/show-dir/last-modified-to-string.js b/lib/core/show-dir/last-modified-to-string.js
index 8e0854dc..917d3801 100644
--- a/lib/core/show-dir/last-modified-to-string.js
+++ b/lib/core/show-dir/last-modified-to-string.js
@@ -2,9 +2,9 @@
 
 module.exports = function lastModifiedToString(stat) {
   const t = new Date(stat.mtime);
-  return (("0" + (t.getDate())).slice(-2) + '-' +
-          t.toLocaleString('default', { month: 'short' }) + '-' + 
+  return (('0' + (t.getDate())).slice(-2) + '-' +
+          t.toLocaleString('default', { month: 'short' }) + '-' +
           t.getFullYear() + ' ' +
-          ("0" + t.getHours()).slice(-2) + ':' +
-          ("0" + t.getMinutes()).slice(-2));
+          ('0' + t.getHours()).slice(-2) + ':' +
+          ('0' + t.getMinutes()).slice(-2));
 };
diff --git a/lib/http-server.js b/lib/http-server.js
index 996db6fd..3f332110 100644
--- a/lib/http-server.js
+++ b/lib/http-server.js
@@ -1,13 +1,12 @@
 'use strict';
 
 var fs = require('fs'),
-    union = require('union'),
-    httpServerCore = require('./core'),
-    auth = require('basic-auth'),
-    httpProxy = require('http-proxy'),
-    corser = require('corser'),
-    path = require('path'),
-    secureCompare = require('secure-compare');
+  union = require('union'),
+  httpServerCore = require('./core'),
+  auth = require('basic-auth'),
+  httpProxy = require('http-proxy'),
+  corser = require('corser'),
+  secureCompare = require('secure-compare');
 
 //
 // Remark: backwards compatibility for previous
@@ -33,13 +32,12 @@ function HttpServer(options) {
 
   if (options.root) {
     this.root = options.root;
-  }
-  else {
+  } else {
     try {
+      // eslint-disable-next-line no-sync
       fs.lstatSync('./public');
       this.root = './public';
-    }
-    catch (err) {
+    } catch (err) {
       this.root = './';
     }
   }
@@ -48,11 +46,12 @@ function HttpServer(options) {
   this.headers['Accept-Ranges'] = 'bytes';
 
   this.cache = (
+    // eslint-disable-next-line no-nested-ternary
     options.cache === undefined ? 3600 :
     // -1 is a special case to turn off caching.
     // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control#Preventing_caching
-    options.cache === -1 ? 'no-cache, no-store, must-revalidate' :
-    options.cache // in seconds.
+      options.cache === -1 ? 'no-cache, no-store, must-revalidate' :
+        options.cache // in seconds.
   );
   this.showDir = options.showDir !== 'false';
   this.autoIndex = options.autoIndex !== 'false';
@@ -104,7 +103,7 @@ function HttpServer(options) {
     this.headers['Access-Control-Allow-Headers'] = 'Origin, X-Requested-With, Content-Type, Accept, Range';
     if (options.corsHeaders) {
       options.corsHeaders.split(/\s*,\s*/)
-          .forEach(function (h) { this.headers['Access-Control-Allow-Headers'] += ', ' + h; }, this);
+        .forEach(function (h) { this.headers['Access-Control-Allow-Headers'] += ', ' + h; }, this);
     }
     before.push(corser.create(options.corsHeaders ? {
       requestHeaders: this.headers['Access-Control-Allow-Headers'].split(/\s*,\s*/)
@@ -146,7 +145,7 @@ function HttpServer(options) {
       proxy.web(req, res, {
         target: options.proxy,
         changeOrigin: true
-      }, function (err, req, res, target) {
+      }, function (err, req, res) {
         if (options.logFn) {
           options.logFn(req, res, {
             message: err.message,