UNPKG

eslint-plugin-sonarjs

Version:

SonarJS rules for ESLint

github.com/SonarSource/SonarJS/blob/master/packages/jsts/src/rules/README.md

SonarSource/SonarJS

284 lines (247 loc) β€’ 137 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
# eslint-plugin-sonarjs [![npm version](https://badge.fury.io/js/eslint-plugin-sonarjs.svg)](https://badge.fury.io/js/eslint-plugin-sonarjs) eslint-plugin-sonarjs is an ESLint plugin maintained by [Sonar](https://www.sonarsource.com/), designed to help developers write [Clean Code](https://www.sonarsource.com/solutions/clean-code/). This plugin exposes to ESLint users all original JS/TS rules from [SonarJS](https://github.com/SonarSource/SonarJS), an analyzer for JavaScript and TypeScript within the Sonar ecosystem. This plugin offers general-purpose rules for detecting code smells and bugs, as well as rules for other aspects of code quality, including testing, accessibility, and more. Additionally, it enhances code security by providing rules to report potential security vulnerabilities. This ESLint plugin does not contain all the rules from the SonarQube JS/TS analyzer. Aside of the rules available here, SonarQube uses rules from other ESLint plugins ([some](#eslint-rules) used as they are, [some others](#improved-eslint-rules) have been modified). We recommend installing those ESLint plugins and enabling those rules if you are looking for similar results to SonarQube using ESLint. If you are a [SonarQube](https://www.sonarqube.org) or [SonarCloud](https://sonarcloud.io) user, to lint your code locally, we suggest using [SonarLint](https://www.sonarlint.org) IDE extension (available for VSCode, JetBrains IDEs and Eclipse). You can connect SonarLint to your SonarQube/SonarCloud project to synchronize rules configuration, issue statuses, etc. ## Table of Contents - [Prerequisites](#prerequisites) - [Installation](#installation) - [Usage](#usage) - [SonarLint](#sonarlint) - [Feedback](#feedback) - [Rules](#rules) - [ESLint rules](#eslint-rules) - [Improved ESLint rules](#improved-eslint-rules) ## [Changelog](https://github.com/SonarSource/SonarJS/blob/master/packages/jsts/src/rules/CHANGELOG.md) ## Prerequisites The prerequisites for using this plugin depend on the ESLint version you are using: - For ESLint 8, you need Node.js version >= 16. - For ESLint 9, you need Node.js version that complies with (^18.18.0 || ^20.9.0 || >=21). ## Installation First, ensure that your project is configured with ESLint. If it is not, please follow the [ESLint instructions](https://github.com/eslint/eslint#installation-and-usage) to set it up. To install `eslint-plugin-sonarjs`, use the following `npm` command (or `yarn` equivalent): ```sh npm install eslint-plugin-sonarjs --save-dev # locally npm install eslint-plugin-sonarjs -g # globally ``` ## Usage The usage of `eslint-plugin-sonarjs` depends on the ESLint version used by your project. ### For ESLint 9 This plugin provides a single configuration named `recommended`. This configuration enables most of the rules except for a few exceptions, and the rules are enabled with the error severity. You can enable the `recommended` configuration in your `eslint.config.js` file: ```javascript import sonarjs from 'eslint-plugin-sonarjs'; export default [sonarjs.configs.recommended]; ``` If you don't use the `recommended` configuration, you need to declare the plugin manually in the `plugins` field. Enable or disable rules using the `rules` field: ```javascript import sonarjs from 'eslint-plugin-sonarjs'; export default [ { plugins: { sonarjs }, rules: { 'sonarjs/no-implicit-dependencies': 'error', }, }, ]; ``` ### For ESLint 8 We include a `recommended-legacy` configuration to be backward compatible with ESLint v8, equivalent to the `recommended` configuration for ESLint 9. Add `sonarjs` to your `.eslintrc` file: ```json { "plugins": ["sonarjs"], "extends": ["plugin:sonarjs/recommended-legacy"] } ``` You can enable some rules manually: ```json { "rules": { "sonarjs/cognitive-complexity": "error", "sonarjs/no-identical-expressions": "error" } } ``` ### TypeScript ESLint parser Several rules are designed for linting both JavaScript and TypeScript code, and some even rely on type checking through TypeScript. Therefore, you will need to install the `@typescript-eslint/parser` dependency and [instruct ESLint to use this parser](https://eslint.org/docs/latest/use/configure/parser) through the `parserOptions` property. ## SonarLint As an alternative to using this ESLint plugin, you can use [SonarLint](https://www.sonarsource.com/products/sonarlint/). SonarLint is an IDE extension that helps you detect and fix quality issues as you write code. It provides a broader set of rules compared to the ESLint plugin, improved versions of ESLint rules, and additional [features](https://github.com/SonarSource/SonarJS/tree/master?tab=readme-ov-file#features) that enhance your linting experience. ## Feedback If you have any questions, encounter any bugs, or have feature requests, please reach out to us through the [Sonar Community Forum](https://community.sonarsource.com/). Your messages will reach the maintainers of this GitHub repository. ## Rules <!-- begin auto-generated rules list --> πŸ’Ό Configurations enabled in.\ βœ… Set in the `recommended` configuration.\ πŸ”§ Automatically fixable by the [`--fix` CLI option](https://eslint.org/docs/user-guide/command-line-interface#--fix).\ πŸ’‘ Manually fixable by [editor suggestions](https://eslint.org/docs/latest/use/core-concepts#rule-suggestions).\ πŸ’­ Requires [type information](https://typescript-eslint.io/linting/typed-linting).\ ❌ Deprecated. | NameΒ Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β  | Description | πŸ’Ό | πŸ”§ | πŸ’‘ | πŸ’­ | ❌ | | :--------------------------------------------------------------------------------------------------- | :----------------------------------------------------------------------------------------------------------------------------- | :-- | :-- | :-- | :-- | :-- | | [anchor-precedence](https://sonarsource.github.io/rspec/#/rspec/S5850/javascript) | Alternatives in regular expressions should be grouped when used with anchors | βœ… | | | πŸ’­ | | | [argument-type](https://sonarsource.github.io/rspec/#/rspec/S3782/javascript) | Arguments to built-in functions should match documented types | βœ… | | | πŸ’­ | | | [arguments-order](https://sonarsource.github.io/rspec/#/rspec/S2234/javascript) | Parameters should be passed in the correct order | βœ… | | | πŸ’­ | | | [arguments-usage](https://sonarsource.github.io/rspec/#/rspec/S3513/javascript) | "arguments" should not be accessed directly | | | | | | | [array-callback-without-return](https://sonarsource.github.io/rspec/#/rspec/S3796/javascript) | Callbacks of array methods should have return statements | βœ… | | | πŸ’­ | | | [array-constructor](https://sonarsource.github.io/rspec/#/rspec/S1528/javascript) | Array constructors should not be used | | | πŸ’‘ | | | | [arrow-function-convention](https://sonarsource.github.io/rspec/#/rspec/S3524/javascript) | Braces and parentheses should be used consistently with arrow functions | | | | | | | [assertions-in-tests](https://sonarsource.github.io/rspec/#/rspec/S2699/javascript) | Tests should include assertions | βœ… | | | | | | [aws-apigateway-public-api](https://sonarsource.github.io/rspec/#/rspec/S6333/javascript) | Creating public APIs is security-sensitive | βœ… | | | | | | [aws-ec2-rds-dms-public](https://sonarsource.github.io/rspec/#/rspec/S6329/javascript) | Allowing public network access to cloud resources is security-sensitive | βœ… | | | | | | [aws-ec2-unencrypted-ebs-volume](https://sonarsource.github.io/rspec/#/rspec/S6275/javascript) | Using unencrypted EBS volumes is security-sensitive | βœ… | | | | | | [aws-efs-unencrypted](https://sonarsource.github.io/rspec/#/rspec/S6332/javascript) | Using unencrypted EFS file systems is security-sensitive | βœ… | | | | | | [aws-iam-all-privileges](https://sonarsource.github.io/rspec/#/rspec/S6302/javascript) | Policies granting all privileges are security-sensitive | βœ… | | | | | | [aws-iam-all-resources-accessible](https://sonarsource.github.io/rspec/#/rspec/S6304/javascript) | Policies granting access to all resources of an account are security-sensitive | | | | | | | [aws-iam-privilege-escalation](https://sonarsource.github.io/rspec/#/rspec/S6317/javascript) | AWS IAM policies should limit the scope of permissions given | βœ… | | | | | | [aws-iam-public-access](https://sonarsource.github.io/rspec/#/rspec/S6270/javascript) | Policies authorizing public access to resources are security-sensitive | βœ… | | | | | | [aws-opensearchservice-domain](https://sonarsource.github.io/rspec/#/rspec/S6308/javascript) | Using unencrypted Elasticsearch domains is security-sensitive | βœ… | | | | | | [aws-rds-unencrypted-databases](https://sonarsource.github.io/rspec/#/rspec/S6303/javascript) | Using unencrypted RDS DB resources is security-sensitive | βœ… | | | | | | [aws-restricted-ip-admin-access](https://sonarsource.github.io/rspec/#/rspec/S6321/javascript) | Administration services access should be restricted to specific IP addresses | βœ… | | | | | | [aws-s3-bucket-granted-access](https://sonarsource.github.io/rspec/#/rspec/S6265/javascript) | Granting access to S3 buckets to all or authenticated users is security-sensitive | βœ… | | | | | | [aws-s3-bucket-insecure-http](https://sonarsource.github.io/rspec/#/rspec/S6249/javascript) | Authorizing HTTP communications with S3 buckets is security-sensitive | βœ… | | | | | | [aws-s3-bucket-public-access](https://sonarsource.github.io/rspec/#/rspec/S6281/javascript) | Allowing public ACLs or policies on a S3 bucket is security-sensitive | βœ… | | | | | | [aws-s3-bucket-server-encryption](https://sonarsource.github.io/rspec/#/rspec/S6245/javascript) | Disabling server-side encryption of S3 buckets is security-sensitive | | | | | ❌ | | [aws-s3-bucket-versioning](https://sonarsource.github.io/rspec/#/rspec/S6252/javascript) | Disabling versioning of S3 buckets is security-sensitive | βœ… | | | | | | [aws-sagemaker-unencrypted-notebook](https://sonarsource.github.io/rspec/#/rspec/S6319/javascript) | Using unencrypted SageMaker notebook instances is security-sensitive | βœ… | | | | | | [aws-sns-unencrypted-topics](https://sonarsource.github.io/rspec/#/rspec/S6327/javascript) | Using unencrypted SNS topics is security-sensitive | βœ… | | | | | | [aws-sqs-unencrypted-queue](https://sonarsource.github.io/rspec/#/rspec/S6330/javascript) | Using unencrypted SQS queues is security-sensitive | βœ… | | | | | | [bitwise-operators](https://sonarsource.github.io/rspec/#/rspec/S1529/javascript) | Bitwise operators should not be used in boolean contexts | βœ… | | | | | | [block-scoped-var](https://sonarsource.github.io/rspec/#/rspec/S2392/javascript) | Variables should be used in the blocks where they are declared | βœ… | | | | | | [bool-param-default](https://sonarsource.github.io/rspec/#/rspec/S4798/javascript) | Optional boolean parameters should have default value | | | | | | | [call-argument-line](https://sonarsource.github.io/rspec/#/rspec/S1472/javascript) | Function call arguments should not start on new lines | βœ… | | | | | | [certificate-transparency](https://sonarsource.github.io/rspec/#/rspec/S5742/javascript) | Disabling Certificate Transparency monitoring is security-sensitive | βœ… | | | | | | [chai-determinate-assertion](https://sonarsource.github.io/rspec/#/rspec/S6092/javascript) | Chai assertions should have only one reason to succeed | βœ… | | | | | | [class-name](https://sonarsource.github.io/rspec/#/rspec/S101/javascript) | Class names should comply with a naming convention | βœ… | | | | | | [class-prototype](https://sonarsource.github.io/rspec/#/rspec/S3525/javascript) | Class methods should be used instead of "prototype" assignments | | | | πŸ’­ | | | [code-eval](https://sonarsource.github.io/rspec/#/rspec/S1523/javascript) | Dynamically executing code is security-sensitive | βœ… | | | | | | [cognitive-complexity](https://sonarsource.github.io/rspec/#/rspec/S3776/javascript) | Cognitive Complexity of functions should not be too high | βœ… | | | | | | [comma-or-logical-or-case](https://sonarsource.github.io/rspec/#/rspec/S3616/javascript) | Comma and logical OR operators should not be used in switch cases | βœ… | | | | | | [comment-regex](https://sonarsource.github.io/rspec/#/rspec/S124/javascript) | Track comments matching a regular expression | | | | | | | [concise-regex](https://sonarsource.github.io/rspec/#/rspec/S6353/javascript) | Regular expression quantifiers and character classes should be used concisely | βœ… | | | πŸ’­ | | | [conditional-indentation](https://sonarsource.github.io/rspec/#/rspec/S3973/javascript) | A conditionally executed single line should be denoted by indentation | | | | | ❌ | | [confidential-information-logging](https://sonarsource.github.io/rspec/#/rspec/S5757/javascript) | Allowing confidential information to be logged is security-sensitive | βœ… | | | | | | [constructor-for-side-effects](https://sonarsource.github.io/rspec/#/rspec/S1848/javascript) | Objects should not be created to be dropped immediately without being used | βœ… | | | | | | [content-length](https://sonarsource.github.io/rspec/#/rspec/S5693/javascript) | Allowing requests with excessive content length is security-sensitive | βœ… | | | | | | [content-security-policy](https://sonarsource.github.io/rspec/#/rspec/S5728/javascript) | Disabling content security policy fetch directives is security-sensitive | βœ… | | | | | | [cookie-no-httponly](https://sonarsource.github.io/rspec/#/rspec/S3330/javascript) | Creating cookies without the "HttpOnly" flag is security-sensitive | βœ… | | | | | | [cookies](https://sonarsource.github.io/rspec/#/rspec/S2255/javascript) | Writing cookies is security-sensitive | | | | | ❌ | | [cors](https://sonarsource.github.io/rspec/#/rspec/S5122/javascript) | Having a permissive Cross-Origin Resource Sharing policy is security-sensitive | βœ… | | | | | | [csrf](https://sonarsource.github.io/rspec/#/rspec/S4502/javascript) | Disabling CSRF protections is security-sensitive | βœ… | | | | | | [cyclomatic-complexity](https://sonarsource.github.io/rspec/#/rspec/S1541/javascript) | Cyclomatic Complexity of functions should not be too high | | | | | | | [declarations-in-global-scope](https://sonarsource.github.io/rspec/#/rspec/S3798/javascript) | Variables and functions should not be declared in the global scope | | | | | | | [deprecation](https://sonarsource.github.io/rspec/#/rspec/S1874/javascript) | Deprecated APIs should not be used | βœ… | | | πŸ’­ | | | [destructuring-assignment-syntax](https://sonarsource.github.io/rspec/#/rspec/S3514/javascript) | Destructuring syntax should be used for assignments | | | | | | | [different-types-comparison](https://sonarsource.github.io/rspec/#/rspec/S3403/javascript) | Strict equality operators should not be used with dissimilar types | βœ… | | πŸ’‘ | πŸ’­ | | | [disabled-auto-escaping](https://sonarsource.github.io/rspec/#/rspec/S5247/javascript) | Disabling auto-escaping in template engines is security-sensitive | βœ… | | | πŸ’­ | | | [disabled-resource-integrity](https://sonarsource.github.io/rspec/#/rspec/S5725/javascript) | Using remote artifacts without integrity checks is security-sensitive | βœ… | | | πŸ’­ | | | [disabled-timeout](https://sonarsource.github.io/rspec/#/rspec/S6080/javascript) | Disabling Mocha timeouts should be explicit | βœ… | | | | | | [dns-prefetching](https://sonarsource.github.io/rspec/#/rspec/S5743/javascript) | Allowing browsers to perform DNS prefetching is security-sensitive | | | | | ❌ | | [duplicates-in-character-class](https://sonarsource.github.io/rspec/#/rspec/S5869/javascript) | Character classes in regular expressions should not contain the same character twice | βœ… | | | πŸ’­ | | | [elseif-without-else](https://sonarsource.github.io/rspec/#/rspec/S126/javascript) | "if ... else if" constructs should end with "else" clauses | | | | | | | [empty-string-repetition](https://sonarsource.github.io/rspec/#/rspec/S5842/javascript) | Repeated patterns in regular expressions should not match the empty string | βœ… | | | πŸ’­ | | | [encryption](https://sonarsource.github.io/rspec/#/rspec/S4787/javascript) | Encrypting data is security-sensitive | | | | | ❌ | | [encryption-secure-mode](https://sonarsource.github.io/rspec/#/rspec/S5542/javascript) | Encryption algorithms should be used with secure mode and padding scheme | βœ… | | | | | | [enforce-trailing-comma](https://sonarsource.github.io/rspec/#/rspec/S3723/javascript) | Trailing commas should be used | | πŸ”§ | | | ❌ | | [existing-groups](https://sonarsource.github.io/rspec/#/rspec/S6328/javascript) | Replacement strings should reference existing regular expression groups | βœ… | | | πŸ’­ | | | [expression-complexity](https://sonarsource.github.io/rspec/#/rspec/S1067/javascript) | Expressions should not be too complex | | | | | | | [file-header](https://sonarsource.github.io/rspec/#/rspec/S1451/javascript) | Track lack of copyright and license headers | | | | | | | [file-name-differ-from-class](https://sonarsource.github.io/rspec/#/rspec/S3317/javascript) | Default export names and file names should match | | | | | | | [file-permissions](https://sonarsource.github.io/rspec/#/rspec/S2612/javascript) | Setting loose POSIX file permissions is security-sensitive | βœ… | | | | | | [file-uploads](https://sonarsource.github.io/rspec/#/rspec/S2598/javascript) | File uploads should be restricted | βœ… | | | | | | [fixme-tag](https://sonarsource.github.io/rspec/#/rspec/S1134/javascript) | Track uses of "FIXME" tags | βœ… | | | | | | [for-in](https://sonarsource.github.io/rspec/#/rspec/S1535/javascript) | "for...in" loops should filter properties before acting on them | | | | | | | [for-loop-increment-sign](https://sonarsource.github.io/rspec/#/rspec/S2251/javascript) | A "for" loop update clause should move the counter in the right direction | βœ… | | | | | | [frame-ancestors](https://sonarsource.github.io/rspec/#/rspec/S5732/javascript) | Disabling content security policy frame-ancestors directive is security-sensitive | βœ… | | | | | | [function-inside-loop](https://sonarsource.github.io/rspec/#/rspec/S1515/javascript) | Functions should not be defined inside loops | βœ… | | | | | | [function-name](https://sonarsource.github.io/rspec/#/rspec/S100/javascript) | Function and method names should comply with a naming convention | | | | | | | [function-return-type](https://sonarsource.github.io/rspec/#/rspec/S3800/javascript) | Functions should always return the same type | βœ… | | | πŸ’­ | | | [future-reserved-words](https://sonarsource.github.io/rspec/#/rspec/S1527/javascript) | Future reserved words should not be used as identifiers | βœ… | | | | | | [generator-without-yield](https://sonarsource.github.io/rspec/#/rspec/S3531/javascript) | Generators should explicitly "yield" a value | βœ… | | | | | | [hashing](https://sonarsource.github.io/rspec/#/rspec/S4790/javascript) | Using weak hashing algorithms is security-sensitive | βœ… | | | | | | [hidden-files](https://sonarsource.github.io/rspec/#/rspec/S5691/javascript) | Statically serving hidden files is security-sensitive | βœ… | | | | | | [in-operator-type-error](https://sonarsource.github.io/rspec/#/rspec/S3785/javascript) | "in" should not be used with primitive types | βœ… | | | πŸ’­ | | | [inconsistent-function-call](https://sonarsource.github.io/rspec/#/rspec/S3686/javascript) | Functions should be called consistently with or without "new" | βœ… | | | | | | [index-of-compare-to-positive-number](https://sonarsource.github.io/rspec/#/rspec/S2692/javascript) | "indexOf" checks should not be for positive numbers | βœ… | | | πŸ’­ | | | [insecure-cookie](https://sonarsource.github.io/rspec/#/rspec/S2092/javascript) | Creating cookies without the "secure" flag is security-sensitive | βœ… | | | | | | [insecure-jwt-token](https://sonarsource.github.io/rspec/#/rspec/S5659/javascript) | JWT should be signed and verified with strong cipher algorithms | βœ… | | | | | | [inverted-assertion-arguments](https://sonarsource.github.io/rspec/#/rspec/S3415/javascript) | Assertion arguments should be passed in the correct order | βœ… | | πŸ’‘ | | | | [jsx-no-leaked-render](https://sonarsource.github.io/rspec/#/rspec/S6439/javascript) | React components should not render non-boolean condition values | βœ… | | πŸ’‘ | πŸ’­ | | | [label-position](https://sonarsource.github.io/rspec/#/rspec/S1439/javascript) | Only "while", "do", "for" and "switch" statements should be labelled | βœ… | | | | | | [link-with-target-blank](https://sonarsource.github.io/rspec/#/rspec/S5148/javascript) | Authorizing an opened window to access back to the originating window is security-sensitive | βœ… | | | | | | [max-lines](https://sonarsource.github.io/rspec/#/rspec/S104/javascript) | Files should not have too many lines of code | | | | | | | [max-lines-per-function](https://sonarsource.github.io/rspec/#/rspec/S138/javascript) | Functions should not have too many lines of code | | | | | | | [max-switch-cases](https://sonarsource.github.io/rspec/#/rspec/S1479/javascript) | "switch" statements should not have too many "case" clauses | βœ… | | | | | | [max-union-size](https://sonarsource.github.io/rspec/#/rspec/S4622/javascript) | Union types should not have too many elements | | | | | | | [misplaced-loop-counter](https://sonarsource.github.io/rspec/#/rspec/S1994/javascript) | "for" loop increment clauses should modify the loops' counters | βœ… | | | | | | [nested-control-flow](https://sonarsource.github.io/rspec/#/rspec/S134/javascript) | Control flow statements "if", "for", "while", "switch" and "try" should not be nested too deeply | | | | | | | [new-operator-misuse](https://sonarsource.github.io/rspec/#/rspec/S2999/javascript) | "new" should only be used with functions and classes | βœ… | | | πŸ’­ | | | [no-all-duplicated-branches](https://sonarsource.github.io/rspec/#/rspec/S3923/javascript) | All branches in a conditional structure should not have exactly the same implementation | βœ… | | | | | | [no-alphabetical-sort](https://sonarsource.github.io/rspec/#/rspec/S2871/javascript) | "Array.prototype.sort()" and "Array.prototype.toSorted()" should use a compare function | βœ… | | πŸ’‘ | πŸ’­ | | | [no-angular-bypass-sanitization](https://sonarsource.github.io/rspec/#/rspec/S6268/javascript) | Disabling Angular built-in sanitization is security-sensitive | βœ… | | | | | | [no-array-delete](https://sonarsource.github.io/rspec/#/rspec/S2870/javascript) | "delete" should not be used on arrays | βœ… | | | πŸ’­ | | | [no-associative-arrays](https://sonarsource.github.io/rspec/#/rspec/S3579/javascript) | Array indexes should be numeric | βœ… | | | πŸ’­ | | | [no-async-constructor](https://sonarsource.github.io/rspec/#/rspec/S7059/javascript) | Constructors should not contain asynchronous operations | βœ… | | | | | | [no-built-in-override](https://sonarsource.github.io/rspec/#/rspec/S2424/javascript) | Built-in objects should not be overridden | | | | | | | [no-case-label-in-switch](https://sonarsource.github.io/rspec/#/rspec/S1219/javascript) | "switch" statements should not contain non-case labels | βœ… | | | | | | [no-clear-text-protocols](https://sonarsource.github.io/rspec/#/rspec/S5332/javascript) | Using clear-text protocols is security-sensitive | βœ… | | | | | | [no-code-after-done](https://sonarsource.github.io/rspec/#/rspec/S6079/javascript) | Tests should not execute any code after "done()" is called | βœ… | | | | | | [no-collapsible-if](https://sonarsource.github.io/rspec/#/rspec/S1066/javascript) | Mergeable "if" statements should be combined | | | | | | | [no-collection-size-mischeck](https://sonarsource.github.io/rspec/#/rspec/S3981/javascript) | Collection size and array length comparisons should make sense | βœ… | | πŸ’‘ | πŸ’­ | | | [no-commented-code](https://sonarsource.github.io/rspec/#/rspec/S125/javascript) | Sections of code should not be commented out | βœ… | | πŸ’‘ | | | | [no-control-regex](https://sonarsource.github.io/rspec/#/rspec/S6324/javascript) | Regular expressions should not contain control characters | βœ… | | | πŸ’­ | | | [no-dead-store](https://sonarsource.github.io/rspec/#/rspec/S1854/javascript) | Unused assignments should be removed | βœ… | | | | | | [no-delete-var](https://sonarsource.github.io/rspec/#/rspec/S3001/javascript) | "delete" should be used only with object properties | βœ… | | | | | | [no-duplicate-in-composite](https://sonarsource.github.io/rspec/#/rspec/S4621/javascript) | Union and intersection types should not include duplicated constituents | βœ… | | πŸ’‘ | | | | [no-duplicate-string](https://sonarsource.github.io/rspec/#/rspec/S1192/javascript) | String literals should not be duplicated | | | | | | | [no-duplicated-branches](https://sonarsource.github.io/rspec/#/rspec/S1871/javascript) | Two branches in a conditional structure should not have exactly the same implementation | βœ… | | | | | | [no-element-overwrite](https://sonarsource.github.io/rspec/#/rspec/S4143/javascript) | Collection elements should not be replaced unconditionally | βœ… | | | | | | [no-empty-after-reluctant](https://sonarsource.github.io/rspec/#/rspec/S6019/javascript) | Reluctant quantifiers in regular expressions should be followed by an expression that can't match the empty string | βœ… | | | πŸ’­ | | | [no-empty-alternatives](https://sonarsource.github.io/rspec/#/rspec/S6323/javascript) | Alternation in regular expressions should not contain empty alternatives | βœ… | | | πŸ’­ | | | [no-empty-character-class](https://sonarsource.github.io/rspec/#/rspec/S2639/javascript) | Empty character classes should not be used | βœ… | | | πŸ’­ | | | [no-empty-collection](https://sonarsource.github.io/rspec/#/rspec/S4158/javascript) | Empty collections should not be accessed or iterated | βœ… | | | | | | [no-empty-group](https://sonarsource.github.io/rspec/#/rspec/S6331/javascript) | Regular expressions should not contain empty groups | βœ… | | | πŸ’­ | | | [no-empty-test-file](https://sonarsource.github.io/rspec/#/rspec/S2187/javascript) | Test files should contain at least one test case | βœ… | | | | | | [no-equals-in-for-termination](https://sonarsource.github.io/rspec/#/rspec/S888/javascript) | Equality operators should not be used in "for" loop termination conditions | βœ… | | | | | | [no-exclusive-tests](https://sonarsource.github.io/rspec/#/rspec/S6426/javascript) | Exclusive tests should not be commited to version control | βœ… | | πŸ’‘ | | | | [no-extra-arguments](https://sonarsource.github.io/rspec/#/rspec/S930/javascript) | Function calls should not pass extra arguments | βœ… | | | | | | [no-fallthrough](https://sonarsource.github.io/rspec/#/rspec/S128/javascript) | Switch cases should end with an unconditional "break" statement | βœ… | | | | | | [no-for-in-iterable](https://sonarsource.github.io/rspec/#/rspec/S4139/javascript) | "for in" should not be used with iterables | | | | πŸ’­ | | | [no-function-declaration-in-block](https://sonarsource.github.io/rspec/#/rspec/S1530/javascript) | Function declarations should not be made within blocks | | | | | | | [no-global-this](https://sonarsource.github.io/rspec/#/rspec/S2990/javascript) | The global "this" object should not be used | βœ… | | πŸ’‘ | | | | [no-globals-shadowing](https://sonarsource.github.io/rspec/#/rspec/S2137/javascript) | Special identifiers should not be bound or assigned | βœ… | | | | | | [no-gratuitous-expressions](https://sonarsource.github.io/rspec/#/rspec/S2589/javascript) | Boolean expressions should not be gratuitous | βœ… | | | | | | [no-hardcoded-ip](https://sonarsource.github.io/rspec/#/rspec/S1313/javascript) | Using hardcoded IP addresses is security-sensitive | βœ… | | | | | | [no-hardcoded-passwords](https://sonarsource.github.io/rspec/#/rspec/S2068/javascript) | Hard-coded passwords are security-sensitive | βœ… | | | | | | [no-hardcoded-secrets](https://sonarsource.github.io/rspec/#/rspec/S6418/javascript) | Hard-coded secrets are security-sensitive | βœ… | | | | | | [no-hook-setter-in-body](https://sonarsource.github.io/rspec/#/rspec/S6442/javascript) | React's useState hook should not be used directly in the render function or body of a component | βœ… | | | | | | [no-identical-conditions](https://sonarsource.github.io/rspec/#/rspec/S1862/javascript) | "if/else if" chains and "switch" cases should not have the same condition | βœ… | | | | | | [no-identical-expressions](https://sonarsource.github.io/rspec/#/rspec/S1764/javascript) | Identical expressions should not be used on both sides of a binary operator | βœ… | | | | | | [no-identical-functions](https://sonarsource.github.io/rspec/#/rspec/S4144/javascript) | Functions should not have identical implementations | βœ… | | | | | | [no-ignored-exceptions](https://sonarsource.github.io/rspec/#/rspec/S2486/javascript) | Exceptions should not be ignored | βœ… | | | | | | [no-ignored-return](https://sonarsource.github.io/rspec/#/rspec/S2201/javascript) | Return values from functions without side effects should not be ignored | βœ… | | | πŸ’­ | | | [no-implicit-dependencies](https://sonarsource.github.io/rspec/#/rspec/S4328/javascript) | Dependencies should be explicit | | | | | | | [no-implicit-global](https://sonarsource.github.io/rspec/#/rspec/S2703/javascript) | Variables should be declared explicitly | βœ… | | | | | | [no-in-misuse](https://sonarsource.github.io/rspec/#/rspec/S4619/javascript) | "in" should not be used on arrays | βœ… | | πŸ’‘ | πŸ’­ | | | [no-incomplete-assertions](https://sonarsource.github.io/rspec/#/rspec/S2970/javascript) | Assertions should be complete | βœ… | | | | | | [no-inconsistent-returns](https://sonarsource.github.io/rspec/#/rspec/S3801/javascript) | Functions should use "return" consistently | | | | | | | [no-incorrect-string-concat](https://sonarsource.github.io/rspec/#/rspec/S3402/javascript) | Strings and non-strings should not be added | | | | πŸ’­ | | | [no-internal-api-use](https://sonarsource.github.io/rspec/#/rspec/S6627/javascript) | Users should not use internal APIs | βœ… | | | | | | [no-intrusive-permissions](https://sonarsource.github.io/rspec/#/rspec/S5604/javascript) | Using intrusive permissions is security-sensitive | βœ… | | | | | | [no-invalid-await](https://sonarsource.github.io/rspec/#/rspec/S4123/javascript) | "await" should only be used with promises | βœ… | | | πŸ’­ | | | [no-invalid-regexp](https://sonarsource.github.io/rspec/#/rspec/S5856/javascript) | Regular expressions should be syntactically valid | βœ… | | | πŸ’­ | | | [no-invariant-returns](https://sonarsource.github.io/rspec/#/rspec/S3516/javascript) | Function returns should not be invariant | βœ… | | | | | | [no-inverted-boolean-check](https://sonarsource.github.io/rspec/#/rspec/S1940/javascript) | Boolean checks should not be inverted | βœ… | πŸ”§ | πŸ’‘ | | | | [no-ip-forward](https://sonarsource.github.io/rspec/#/rspec/S5759/javascript) | Forwarding client IP address is security-sensitive | βœ… | | | | | | [no-labels](https://sonarsource.github.io/rspec/#/rspec/S1119/javascript) | Labels should not be used | βœ… | | | | | | [no-literal-call](https://sonarsource.github.io/rspec/#/rspec/S6958/javascript) | Literals should not be used as functions | βœ… | | | | | | [no-mime-sniff](https://sonarsource.github.io/rspec/#/rspec/S5734/javascript) | Allowing browsers to sniff MIME types is security-sensitive | βœ… | | | | | | [no-misleading-array-reverse](https://sonarsource.github.io/rspec/#/rspec/S4043/javascript) | Array-mutating methods should not be used misleadingly | βœ… | | πŸ’‘ | πŸ’­ | | | [no-misleading-character-class](https://sonarsource.github.io/rspec/#/rspec/S5868/javascript) | Unicode Grapheme Clusters should be avoided inside regex character classes | βœ… | | πŸ’‘ | πŸ’­ | | | [no-mixed-content](https://sonarsource.github.io/rspec/#/rspec/S5730/javascript) | Allowing mixed-content is security-sensitive | βœ… | | | | | | [no-nested-assignment](https://sonarsource.github.io/rspec/#/rspec/S1121/javascript) | Assignments should not be made from within sub-expressions | βœ… | | | | | | [no-nested-conditional](https://sonarsource.github.io/rspec/#/rspec/S3358/javascript) | Ternary operators should not be nested | βœ… | | | | | | [no-nested-functions](https://sonarsource.github.io/rspec/#/rspec/S2004/javascript) | Functions should not be nested too deeply | βœ… | | | | | | [no-nested-incdec](https://sonarsource.github.io/rspec/#/rspec/S881/javascript) | Increment (++) and decrement (--) operators should not be used in a method call or mixed with other operators in an expression | | | | | | | [no-nested-switch](https://sonarsource.github.io/rspec/#/rspec/S1821/javascript) | "switch" statements should not be nested | | | | | | | [no-nested-template-literals](https://sonarsource.github.io/rspec/#/rspec/S4624/javascript) | Template literals should not be nested | βœ… | | | | | | [no-one-iteration-loop](https://sonarsource.github.io/rspec/#/rspec/S1751/javascript) | Loops with at most one iteration should be refactored | βœ… | | | | | | [no-os-command-from-path](https://sonarsourc