eval can be harmful. Open
eval(`evalResult = ${value}`) // if it doesn't throw it's a valid array or object
- Read upRead up
- Exclude checks
Disallow eval() (no-eval)
JavaScript's eval()
function is potentially dangerous and is often misused. Using eval()
on untrusted code can open a program up to several different injection attacks. The use of eval()
in most contexts can be substituted for a better, alternative approach to a problem.
var obj = { x: "foo" },
key = "x",
value = eval("obj." + key);
Rule Details
This rule is aimed at preventing potentially dangerous, unnecessary, and slow code by disallowing the use of the eval()
function. As such, it will warn whenever the eval()
function is used.
Examples of incorrect code for this rule:
/*eslint no-eval: "error"*/
var obj = { x: "foo" },
key = "x",
value = eval("obj." + key);
(0, eval)("var a = 0");
var foo = eval;
foo("var a = 0");
// This `this` is the global object.
this.eval("var a = 0");
Example of additional incorrect code for this rule when browser
environment is set to true
:
/*eslint no-eval: "error"*/
/*eslint-env browser*/
window.eval("var a = 0");
Example of additional incorrect code for this rule when node
environment is set to true
:
/*eslint no-eval: "error"*/
/*eslint-env node*/
global.eval("var a = 0");
Examples of correct code for this rule:
/*eslint no-eval: "error"*/
/*eslint-env es6*/
var obj = { x: "foo" },
key = "x",
value = obj[key];
class A {
foo() {
// This is a user-defined method.
this.eval("var a = 0");
}
eval() {
}
}
Options
This rule has an option to allow indirect calls to eval
.
Indirect calls to eval
are less dangerous than direct calls to eval
because they cannot dynamically change the scope. Because of this, they also will not negatively impact performance to the degree of direct eval
.
{
"no-eval": ["error", {"allowIndirect": true}] // default is false
}
Example of incorrect code for this rule with the {"allowIndirect": true}
option:
/*eslint no-eval: "error"*/
var obj = { x: "foo" },
key = "x",
value = eval("obj." + key);
Examples of correct code for this rule with the {"allowIndirect": true}
option:
/*eslint no-eval: "error"*/
(0, eval)("var a = 0");
var foo = eval;
foo("var a = 0");
this.eval("var a = 0");
/*eslint no-eval: "error"*/
/*eslint-env browser*/
window.eval("var a = 0");
/*eslint no-eval: "error"*/
/*eslint-env node*/
global.eval("var a = 0");
Known Limitations
- This rule is warning every
eval()
even if theeval
is not global's. This behavior is in order to detect calls of directeval
. Such as:
module.exports = function(eval) {
// If the value of this `eval` is built-in `eval` function, this is a
// call of direct `eval`.
eval("var a = 0");
};
- This rule cannot catch renaming the global object. Such as:
var foo = window;
foo.eval("var a = 0");
Further Reading
Related Rules
- [no-implied-eval](no-implied-eval.md) Source: http://eslint.org/docs/rules/
Function render
has 106 lines of code (exceeds 25 allowed). Consider refactoring. Open
render () {
const state = this.state
const connected = state.tab.connected
const messageInEditor = state.messageInEditor
const messageInEditorObject = state.messageCollection[state.messageInEditor]
File MessageSenderView.js
has 305 lines of code (exceeds 250 allowed). Consider refactoring. Open
/**
* MessageSenderView
*
* Message editor
*/
Method 'changeType' has a complexity of 10. Open
changeType (e) {
- Read upRead up
- Exclude checks
Limit Cyclomatic Complexity (complexity)
Cyclomatic complexity measures the number of linearly independent paths through a program's source code. This rule allows setting a cyclomatic complexity threshold.
function a(x) {
if (true) {
return x; // 1st path
} else if (false) {
return x+1; // 2nd path
} else {
return 4; // 3rd path
}
}
Rule Details
This rule is aimed at reducing code complexity by capping the amount of cyclomatic complexity allowed in a program. As such, it will warn when the cyclomatic complexity crosses the configured threshold (default is 20
).
Examples of incorrect code for a maximum of 2:
/*eslint complexity: ["error", 2]*/
function a(x) {
if (true) {
return x;
} else if (false) {
return x+1;
} else {
return 4; // 3rd path
}
}
Examples of correct code for a maximum of 2:
/*eslint complexity: ["error", 2]*/
function a(x) {
if (true) {
return x;
} else {
return 4;
}
}
Options
Optionally, you may specify a max
object property:
"complexity": ["error", 2]
is equivalent to
"complexity": ["error", { "max": 2 }]
Deprecated: the object property maximum
is deprecated. Please use the property max
instead.
When Not To Use It
If you can't determine an appropriate complexity limit for your code, then it's best to disable this rule.
Further Reading
Related Rules
- [max-depth](max-depth.md)
- [max-len](max-len.md)
- [max-nested-callbacks](max-nested-callbacks.md)
- [max-params](max-params.md)
- [max-statements](max-statements.md) Source: http://eslint.org/docs/rules/
Function changeType
has 44 lines of code (exceeds 25 allowed). Consider refactoring. Open
changeType (e) {
const state = this.state
const messageCollection = state.messageCollection.slice()
const type = e.target.value
let isValid = true
Function handleMessageChange
has 27 lines of code (exceeds 25 allowed). Consider refactoring. Open
handleMessageChange (value) {
const state = this.state
const messageCollection = state.messageCollection.slice()
const messageInEditor = state.messageInEditor
const message = messageCollection[messageInEditor]
Function changeType
has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring. Open
changeType (e) {
const state = this.state
const messageCollection = state.messageCollection.slice()
const type = e.target.value
let isValid = true
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Unexpected lexical declaration in case block. Open
case 'Array':
- Read upRead up
- Exclude checks
Disallow lexical declarations in case/default clauses (no-case-declarations)
This rule disallows lexical declarations (let
, const
, function
and class
)
in case
/default
clauses. The reason is that the lexical declaration is visible
in the entire switch block but it only gets initialized when it is assigned, which
will only happen if the case where it is defined is reached.
To ensure that the lexical declaration only applies to the current case clause wrap your clauses in blocks.
Rule Details
This rule aims to prevent access to uninitialized lexical bindings as well as accessing hoisted functions across case clauses.
Examples of incorrect code for this rule:
/*eslint no-case-declarations: "error"*/
/*eslint-env es6*/
switch (foo) {
case 1:
let x = 1;
break;
case 2:
const y = 2;
break;
case 3:
function f() {}
break;
default:
class C {}
}
Examples of correct code for this rule:
/*eslint no-case-declarations: "error"*/
/*eslint-env es6*/
// Declarations outside switch-statements are valid
const a = 0;
switch (foo) {
// The following case clauses are wrapped into blocks using brackets
case 1: {
let x = 1;
break;
}
case 2: {
const y = 2;
break;
}
case 3: {
function f() {}
break;
}
case 4:
// Declarations using var without brackets are valid due to function-scope hoisting
var z = 4;
break;
default: {
class C {}
}
}
When Not To Use It
If you depend on fall through behavior and want access to bindings introduced in the case block.
Related Rules
- [no-fallthrough](no-fallthrough.md) Source: http://eslint.org/docs/rules/
Empty block statement. Open
} catch ( e ) {}
- Read upRead up
- Exclude checks
disallow empty block statements (no-empty)
Empty block statements, while not technically errors, usually occur due to refactoring that wasn't completed. They can cause confusion when reading code.
Rule Details
This rule disallows empty block statements. This rule ignores block statements which contain a comment (for example, in an empty catch
or finally
block of a try
statement to indicate that execution should continue regardless of errors).
Examples of incorrect code for this rule:
/*eslint no-empty: "error"*/
if (foo) {
}
while (foo) {
}
switch(foo) {
}
try {
doSomething();
} catch(ex) {
} finally {
}
Examples of correct code for this rule:
/*eslint no-empty: "error"*/
if (foo) {
// empty
}
while (foo) {
/* empty */
}
try {
doSomething();
} catch (ex) {
// continue regardless of error
}
try {
doSomething();
} finally {
/* continue regardless of error */
}
Options
This rule has an object option for exceptions:
-
"allowEmptyCatch": true
allows emptycatch
clauses (that is, which do not contain a comment)
allowEmptyCatch
Examples of additional correct code for this rule with the { "allowEmptyCatch": true }
option:
/* eslint no-empty: ["error", { "allowEmptyCatch": true }] */
try {
doSomething();
} catch (ex) {}
try {
doSomething();
}
catch (ex) {}
finally {
/* continue regardless of error */
}
When Not To Use It
If you intentionally use empty block statements then you can disable this rule.
Related Rules
- [no-empty-function](./no-empty-function.md) Source: http://eslint.org/docs/rules/
Empty block statement. Open
} catch ( e ) {}
- Read upRead up
- Exclude checks
disallow empty block statements (no-empty)
Empty block statements, while not technically errors, usually occur due to refactoring that wasn't completed. They can cause confusion when reading code.
Rule Details
This rule disallows empty block statements. This rule ignores block statements which contain a comment (for example, in an empty catch
or finally
block of a try
statement to indicate that execution should continue regardless of errors).
Examples of incorrect code for this rule:
/*eslint no-empty: "error"*/
if (foo) {
}
while (foo) {
}
switch(foo) {
}
try {
doSomething();
} catch(ex) {
} finally {
}
Examples of correct code for this rule:
/*eslint no-empty: "error"*/
if (foo) {
// empty
}
while (foo) {
/* empty */
}
try {
doSomething();
} catch (ex) {
// continue regardless of error
}
try {
doSomething();
} finally {
/* continue regardless of error */
}
Options
This rule has an object option for exceptions:
-
"allowEmptyCatch": true
allows emptycatch
clauses (that is, which do not contain a comment)
allowEmptyCatch
Examples of additional correct code for this rule with the { "allowEmptyCatch": true }
option:
/* eslint no-empty: ["error", { "allowEmptyCatch": true }] */
try {
doSomething();
} catch (ex) {}
try {
doSomething();
}
catch (ex) {}
finally {
/* continue regardless of error */
}
When Not To Use It
If you intentionally use empty block statements then you can disable this rule.
Related Rules
- [no-empty-function](./no-empty-function.md) Source: http://eslint.org/docs/rules/
Value of 'e' may be overwritten in IE 8 and earlier. Open
} catch ( e ) {
- Read upRead up
- Exclude checks
Disallow Shadowing of Variables Inside of catch (no-catch-shadow)
In IE 8 and earlier, the catch clause parameter can overwrite the value of a variable in the outer scope, if that variable has the same name as the catch clause parameter.
var err = "x";
try {
throw "problem";
} catch (err) {
}
console.log(err) // err is 'problem', not 'x'
Rule Details
This rule is aimed at preventing unexpected behavior in your program that may arise from a bug in IE 8 and earlier, in which the catch clause parameter can leak into outer scopes. This rule will warn whenever it encounters a catch clause parameter that has the same name as a variable in an outer scope.
Examples of incorrect code for this rule:
/*eslint no-catch-shadow: "error"*/
var err = "x";
try {
throw "problem";
} catch (err) {
}
function err() {
// ...
};
try {
throw "problem";
} catch (err) {
}
Examples of correct code for this rule:
/*eslint no-catch-shadow: "error"*/
var err = "x";
try {
throw "problem";
} catch (e) {
}
function err() {
// ...
};
try {
throw "problem";
} catch (e) {
}
When Not To Use It
If you do not need to support IE 8 and earlier, you should turn this rule off. Source: http://eslint.org/docs/rules/
Value of 'e' may be overwritten in IE 8 and earlier. Open
} catch ( e ) { // if it throws we know it's not a JSON string already and we have to stringify it
- Read upRead up
- Exclude checks
Disallow Shadowing of Variables Inside of catch (no-catch-shadow)
In IE 8 and earlier, the catch clause parameter can overwrite the value of a variable in the outer scope, if that variable has the same name as the catch clause parameter.
var err = "x";
try {
throw "problem";
} catch (err) {
}
console.log(err) // err is 'problem', not 'x'
Rule Details
This rule is aimed at preventing unexpected behavior in your program that may arise from a bug in IE 8 and earlier, in which the catch clause parameter can leak into outer scopes. This rule will warn whenever it encounters a catch clause parameter that has the same name as a variable in an outer scope.
Examples of incorrect code for this rule:
/*eslint no-catch-shadow: "error"*/
var err = "x";
try {
throw "problem";
} catch (err) {
}
function err() {
// ...
};
try {
throw "problem";
} catch (err) {
}
Examples of correct code for this rule:
/*eslint no-catch-shadow: "error"*/
var err = "x";
try {
throw "problem";
} catch (e) {
}
function err() {
// ...
};
try {
throw "problem";
} catch (e) {
}
When Not To Use It
If you do not need to support IE 8 and earlier, you should turn this rule off. Source: http://eslint.org/docs/rules/