eslint-plugin-sonarjs
Version:
283 lines (246 loc) β’ 157 kB
Markdown
# eslint-plugin-sonarjs [](https://badge.fury.io/js/eslint-plugin-sonarjs)
eslint-plugin-sonarjs is an ESLint plugin maintained by [Sonar](https://www.sonarsource.com/), designed to help developers write [Clean Code](https://www.sonarsource.com/solutions/clean-code/). This plugin exposes to ESLint users all original JS/TS rules from [SonarJS](https://github.com/SonarSource/SonarJS), an analyzer for JavaScript and TypeScript within the Sonar ecosystem. This plugin offers general-purpose rules for detecting code smells and bugs, as well as rules for other aspects of code quality, including testing, accessibility, and more. Additionally, it enhances code security by providing rules to report potential security vulnerabilities.
This ESLint plugin does not contain all the rules from the SonarQube JS/TS analyzer. Aside of the rules available here, SonarQube uses rules from other ESLint plugins ([some](#eslint-rules) used as they are, [some others](#improved-eslint-rules) have been modified). We recommend installing those ESLint plugins and enabling those rules if you are looking for similar results to SonarQube using ESLint.
If you are a [SonarQube Server](https://www.sonarsource.com/products/sonarqube/) or a [SonarQube Cloud](https://www.sonarsource.com/products/sonarcloud/) user, to lint your code locally, we suggest using the [SonarQube for IDE](https://www.sonarsource.com/products/sonarlint/) extension (available for VSCode, JetBrains IDEs and Eclipse). You can connect SonarQube for IDE to your Server or Cloud project to synchronize rules configuration, issue statuses, etc.
## Table of Contents
- [Prerequisites](#prerequisites)
- [Installation](#installation)
- [Usage](#usage)
- [SonarQube for IDE](#sonarqube-for-ide)
- [Feedback](#feedback)
- [Rules](#rules)
- [ESLint rules](#eslint-rules)
- [Improved ESLint rules](#improved-eslint-rules)
## [Changelog](https://github.com/SonarSource/SonarJS/blob/master/packages/analysis/src/jsts/rules/CHANGELOG.md)
## Prerequisites
The prerequisites for using this plugin depend on the ESLint version you are using:
- For ESLint 8, you need Node.js version >= 18.
- For ESLint 9, you need Node.js version that complies with (^18.18.0 || ^20.9.0 || >=21).
## Installation
First, ensure that your project is configured with ESLint. If it is not, please follow the [ESLint instructions](https://github.com/eslint/eslint#installation-and-usage) to set it up.
To install `eslint-plugin-sonarjs`, use the following `npm` command (or `yarn` equivalent):
```sh
npm install eslint-plugin-sonarjs --save-dev # locally
npm install eslint-plugin-sonarjs -g # globally
```
## Usage
The usage of `eslint-plugin-sonarjs` depends on the ESLint version used by your project.
### For ESLint 9
This plugin provides a single configuration named `recommended`. This configuration enables most of the rules except for a few exceptions, and the rules are enabled with the error severity. You can enable the `recommended` configuration in your `eslint.config.js` file:
```javascript
import sonarjs from 'eslint-plugin-sonarjs';
export default [sonarjs.configs.recommended];
```
If you don't use the `recommended` configuration, you need to declare the plugin manually in the `plugins` field. Enable or disable rules using the `rules` field:
```javascript
import sonarjs from 'eslint-plugin-sonarjs';
export default [
{
plugins: { sonarjs },
rules: {
'sonarjs/no-implicit-dependencies': 'error',
},
},
];
```
### For ESLint 8
We include a `recommended-legacy` configuration to be backward compatible with ESLint v8, equivalent to the `recommended` configuration for ESLint 9.
Add `sonarjs` to your `.eslintrc` file:
```json
{
"plugins": ["sonarjs"],
"extends": ["plugin:sonarjs/recommended-legacy"]
}
```
You can enable some rules manually:
```json
{
"rules": {
"sonarjs/cognitive-complexity": "error",
"sonarjs/no-identical-expressions": "error"
}
}
```
### TypeScript ESLint parser
Several rules are designed for linting both JavaScript and TypeScript code, and some even rely on type checking through TypeScript. Therefore, you will need to install the `@typescript-eslint/parser` dependency and [instruct ESLint to use this parser](https://eslint.org/docs/latest/use/configure/parser) through the `parserOptions` property.
## SonarQube for IDE
As an alternative to using this ESLint plugin, you can use [SonarQube for IDE](https://www.sonarsource.com/products/sonarlint/). SonarQube for IDE is an IDE extension that helps you detect and fix quality issues as you write code. It provides a broader set of rules compared to the ESLint plugin, improved versions of ESLint rules, and additional [features](https://github.com/SonarSource/SonarJS/tree/master?tab=readme-ov-file#features) that enhance your linting experience.
## Feedback
If you have any questions, encounter any bugs, or have feature requests, please reach out to us through the [Sonar Community Forum](https://community.sonarsource.com/). Your messages will reach the maintainers of this GitHub repository.
## Rules
<!-- begin auto-generated rules list -->
πΌ Configurations enabled in.\
β
Set in the `recommended` configuration.\
π§ Automatically fixable by the [`--fix` CLI option](https://eslint.org/docs/user-guide/command-line-interface#--fix).\
π‘ Manually fixable by [editor suggestions](https://eslint.org/docs/latest/use/core-concepts#rule-suggestions).\
π Requires [type information](https://typescript-eslint.io/linting/typed-linting).\
β Deprecated.
| NameΒ Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β Β | Description | πΌ | π§ | π‘ | π | β |
| :--------------------------------------------------------------------------------------------------- | :----------------------------------------------------------------------------------------------------------------------------- | :-- | :-- | :-- | :-- | :-- |
| [anchor-precedence](https://sonarsource.github.io/rspec/#/rspec/S5850/javascript) | Alternatives in regular expressions should be grouped when used with anchors | β
| | | π | |
| [argument-type](https://sonarsource.github.io/rspec/#/rspec/S3782/javascript) | Arguments to built-in functions should match documented types | β
| | | π | |
| [arguments-order](https://sonarsource.github.io/rspec/#/rspec/S2234/javascript) | Parameters should be passed in the correct order | β
| | | π | |
| [arguments-usage](https://sonarsource.github.io/rspec/#/rspec/S3513/javascript) | "arguments" should not be accessed directly | | | | | |
| [array-callback-without-return](https://sonarsource.github.io/rspec/#/rspec/S3796/javascript) | Callbacks of array methods should have return statements | β
| | | π | |
| [array-constructor](https://sonarsource.github.io/rspec/#/rspec/S1528/javascript) | Array constructors should not be used | | | π‘ | | |
| [arrow-function-convention](https://sonarsource.github.io/rspec/#/rspec/S3524/javascript) | Braces and parentheses should be used consistently with arrow functions | | | | | |
| [assertions-in-test-cases](https://sonarsource.github.io/rspec/#/rspec/S8784/javascript) | Assertions should be placed inside test cases or hooks | β
| | | | |
| [assertions-in-tests](https://sonarsource.github.io/rspec/#/rspec/S2699/javascript) | Tests should include assertions | β
| | | π | |
| [async-test-assertions](https://sonarsource.github.io/rspec/#/rspec/S8780/javascript) | Async test assertions should be awaited or returned | β
| | | | |
| [aws-apigateway-public-api](https://sonarsource.github.io/rspec/#/rspec/S6333/javascript) | AWS API Gateway should require authentication | β
| | | | |
| [aws-ec2-rds-dms-public](https://sonarsource.github.io/rspec/#/rspec/S6329/javascript) | Public network access to cloud resources should be disabled | β
| | | | |
| [aws-ec2-unencrypted-ebs-volume](https://sonarsource.github.io/rspec/#/rspec/S6275/javascript) | EBS volumes should be encrypted | β
| | | | |
| [aws-efs-unencrypted](https://sonarsource.github.io/rspec/#/rspec/S6332/javascript) | Amazon EFS file systems should be encrypted | β
| | | | |
| [aws-iam-all-privileges](https://sonarsource.github.io/rspec/#/rspec/S6302/javascript) | Policies should not grant all privileges | β
| | | | |
| [aws-iam-all-resources-accessible](https://sonarsource.github.io/rspec/#/rspec/S6304/javascript) | IAM policies should not grant access to all account resources | | | | | |
| [aws-iam-privilege-escalation](https://sonarsource.github.io/rspec/#/rspec/S6317/javascript) | AWS IAM policies should limit the scope of permissions given | β
| | | | |
| [aws-iam-public-access](https://sonarsource.github.io/rspec/#/rspec/S6270/javascript) | AWS resource-based policies should not grant public access | β
| | | | |
| [aws-opensearchservice-domain](https://sonarsource.github.io/rspec/#/rspec/S6308/javascript) | OpenSearch domains should have encryption at rest enabled | β
| | | | |
| [aws-rds-unencrypted-databases](https://sonarsource.github.io/rspec/#/rspec/S6303/javascript) | Amazon RDS resources should be encrypted at rest | β
| | | | |
| [aws-restricted-ip-admin-access](https://sonarsource.github.io/rspec/#/rspec/S6321/javascript) | Administration services access should be restricted to specific IP addresses | β
| | | | |
| [aws-s3-bucket-granted-access](https://sonarsource.github.io/rspec/#/rspec/S6265/javascript) | S3 buckets should not grant access to all users or authenticated users | β
| | | | |
| [aws-s3-bucket-insecure-http](https://sonarsource.github.io/rspec/#/rspec/S6249/javascript) | S3 buckets should enforce HTTPS-only access | β
| | | | |
| [aws-s3-bucket-public-access](https://sonarsource.github.io/rspec/#/rspec/S6281/javascript) | Amazon S3 bucket public access should be fully blocked | β
| | | | |
| [aws-s3-bucket-versioning](https://sonarsource.github.io/rspec/#/rspec/S6252/javascript) | Amazon S3 buckets should have versioning enabled | β
| | | | |
| [aws-sagemaker-unencrypted-notebook](https://sonarsource.github.io/rspec/#/rspec/S6319/javascript) | SageMaker notebook instances should be encrypted at rest | β
| | | | |
| [aws-sns-unencrypted-topics](https://sonarsource.github.io/rspec/#/rspec/S6327/javascript) | Amazon SNS topics should be encrypted at rest | β
| | | | |
| [aws-sqs-unencrypted-queue](https://sonarsource.github.io/rspec/#/rspec/S6330/javascript) | SQS queues should be encrypted | β
| | | | |
| [bitwise-operators](https://sonarsource.github.io/rspec/#/rspec/S1529/javascript) | Bitwise operators should not be used in boolean contexts | β
| | | π | |
| [block-scoped-var](https://sonarsource.github.io/rspec/#/rspec/S2392/javascript) | Variables should be used in the blocks where they are declared | β
| | | | |
| [bool-param-default](https://sonarsource.github.io/rspec/#/rspec/S4798/javascript) | Optional boolean parameters should have default value | | | | | |
| [call-argument-line](https://sonarsource.github.io/rspec/#/rspec/S1472/javascript) | Function call arguments should not start on new lines | β
| | | | |
| [chai-determinate-assertion](https://sonarsource.github.io/rspec/#/rspec/S6092/javascript) | Chai assertions should have only one reason to succeed | β
| | | | |
| [class-name](https://sonarsource.github.io/rspec/#/rspec/S101/javascript) | Class names should comply with a naming convention | β
| | | | |
| [class-prototype](https://sonarsource.github.io/rspec/#/rspec/S3525/javascript) | Class methods should be used instead of "prototype" assignments | | | | π | |
| [code-eval](https://sonarsource.github.io/rspec/#/rspec/S1523/javascript) | Dynamic code execution should not use user-controlled data | β
| | | | |
| [cognitive-complexity](https://sonarsource.github.io/rspec/#/rspec/S3776/javascript) | Cognitive Complexity of functions should not be too high | β
| | | | |
| [comma-or-logical-or-case](https://sonarsource.github.io/rspec/#/rspec/S3616/javascript) | Comma and logical OR operators should not be used in switch cases | β
| | | | |
| [comment-regex](https://sonarsource.github.io/rspec/#/rspec/S124/javascript) | Track comments matching a regular expression | | | | | |
| [concise-regex](https://sonarsource.github.io/rspec/#/rspec/S6353/javascript) | Regular expression quantifiers and character classes should be used concisely | β
| | | π | |
| [conditional-indentation](https://sonarsource.github.io/rspec/#/rspec/S3973/javascript) | A conditionally executed single line should be denoted by indentation | | | | | β |
| [confidential-information-logging](https://sonarsource.github.io/rspec/#/rspec/S5757/javascript) | Confidential information should not be logged | | | | | β |
| [constructor-for-side-effects](https://sonarsource.github.io/rspec/#/rspec/S1848/javascript) | Objects should not be created to be dropped immediately without being used | β
| | | | |
| [content-length](https://sonarsource.github.io/rspec/#/rspec/S5693/javascript) | HTTP request content length should be limited | β
| | | | |
| [content-security-policy](https://sonarsource.github.io/rspec/#/rspec/S5728/javascript) | Content security policy fetch directives should not be disabled | β
| | | | |
| [cookie-no-httponly](https://sonarsource.github.io/rspec/#/rspec/S3330/javascript) | Cookies should have the "HttpOnly" flag | β
| | | | |
| [cors](https://sonarsource.github.io/rspec/#/rspec/S5122/javascript) | Cross-Origin Resource Sharing (CORS) policy should be restricted to trusted origins | β
| | | | |
| [csrf](https://sonarsource.github.io/rspec/#/rspec/S4502/javascript) | CSRF protections should not be disabled | β
| | | | |
| [cyclomatic-complexity](https://sonarsource.github.io/rspec/#/rspec/S1541/javascript) | Cyclomatic Complexity of functions should not be too high | | | | | |
| [declarations-in-global-scope](https://sonarsource.github.io/rspec/#/rspec/S3798/javascript) | Variables and functions should not be declared in the global scope | | | | | |
| [deprecation](https://sonarsource.github.io/rspec/#/rspec/S1874/javascript) | Deprecated APIs should not be used | β
| | | π | |
| [destructuring-assignment-syntax](https://sonarsource.github.io/rspec/#/rspec/S3514/javascript) | Destructuring syntax should be used for assignments | | | | | |
| [different-types-comparison](https://sonarsource.github.io/rspec/#/rspec/S3403/javascript) | Strict equality operators should not be used with dissimilar types | β
| | π‘ | π | |
| [disabled-auto-escaping](https://sonarsource.github.io/rspec/#/rspec/S5247/javascript) | Auto-escaping in HTML template engines should not be disabled | β
| | | π | |
| [disabled-resource-integrity](https://sonarsource.github.io/rspec/#/rspec/S5725/javascript) | Remote artifacts should not be used without integrity checks | β
| | | π | |
| [disabled-timeout](https://sonarsource.github.io/rspec/#/rspec/S6080/javascript) | Disabling Mocha timeouts should be explicit | β
| | | | |
| [dompurify-unsafe-config](https://sonarsource.github.io/rspec/#/rspec/S8479/javascript) | DOMPurify configuration should not be bypassable | β
| | | π | |
| [duplicates-in-character-class](https://sonarsource.github.io/rspec/#/rspec/S5869/javascript) | Character classes in regular expressions should not contain the same character twice | β
| | | π | |
| [dynamically-constructed-templates](https://sonarsource.github.io/rspec/#/rspec/S7790/javascript) | Templates should not be constructed dynamically | β
| | | | |
| [elseif-without-else](https://sonarsource.github.io/rspec/#/rspec/S126/javascript) | "if ... else if" constructs should end with "else" clauses | | | | | |
| [empty-string-repetition](https://sonarsource.github.io/rspec/#/rspec/S5842/javascript) | Repeated patterns in regular expressions should not match the empty string | β
| | | π | |
| [encryption-secure-mode](https://sonarsource.github.io/rspec/#/rspec/S5542/javascript) | Encryption algorithms should be used with secure mode and padding scheme | β
| | | | |
| [existing-groups](https://sonarsource.github.io/rspec/#/rspec/S6328/javascript) | Replacement strings should reference existing regular expression groups | β
| | | π | |
| [explicit-test-skip](https://sonarsource.github.io/rspec/#/rspec/S8968/javascript) | Tests should be skipped explicitly | β
| | π‘ | | |
| [expression-complexity](https://sonarsource.github.io/rspec/#/rspec/S1067/javascript) | Expressions should not be too complex | | | | | |
| [file-header](https://sonarsource.github.io/rspec/#/rspec/S1451/javascript) | Track lack of copyright and license headers | | | | | |
| [file-name-differ-from-class](https://sonarsource.github.io/rspec/#/rspec/S3317/javascript) | Default export names and file names should match | | | | | |
| [file-permissions](https://sonarsource.github.io/rspec/#/rspec/S2612/javascript) | File permissions should not be set to world-accessible values | β
| | | | |
| [file-uploads](https://sonarsource.github.io/rspec/#/rspec/S2598/javascript) | File uploads should be restricted | β
| | | | |
| [fixme-tag](https://sonarsource.github.io/rspec/#/rspec/S1134/javascript) | Track uses of "FIXME" tags | β
| | | | |
| [for-in](https://sonarsource.github.io/rspec/#/rspec/S1535/javascript) | "for...in" loops should filter properties before acting on them | | | | | |
| [for-loop-increment-sign](https://sonarsource.github.io/rspec/#/rspec/S2251/javascript) | A "for" loop update clause should move the counter in the right direction | β
| | | | |
| [frame-ancestors](https://sonarsource.github.io/rspec/#/rspec/S5732/javascript) | Content Security Policy frame-ancestors directive should not be disabled | | | | | β |
| [function-inside-loop](https://sonarsource.github.io/rspec/#/rspec/S1515/javascript) | Functions should not be defined inside loops | β
| | | | |
| [function-name](https://sonarsource.github.io/rspec/#/rspec/S100/javascript) | Function and method names should comply with a naming convention | | | | | |
| [function-return-type](https://sonarsource.github.io/rspec/#/rspec/S3800/javascript) | Functions should always return the same type | β
| | | π | |
| [future-reserved-words](https://sonarsource.github.io/rspec/#/rspec/S1527/javascript) | Future reserved words should not be used as identifiers | β
| | | | |
| [generator-without-yield](https://sonarsource.github.io/rspec/#/rspec/S3531/javascript) | Generators should explicitly "yield" a value | β
| | | | |
| [hardcoded-secret-signatures](https://sonarsource.github.io/rspec/#/rspec/S6437/javascript) | Credentials should not be hard-coded | β
| | | | |
| [hashing](https://sonarsource.github.io/rspec/#/rspec/S4790/javascript) | Weak hashing algorithms should not be used | β
| | | | |
| [hidden-files](https://sonarsource.github.io/rspec/#/rspec/S5691/javascript) | Hidden files should not be served statically | | | | | β |
| [hooks-before-test-cases](https://sonarsource.github.io/rspec/#/rspec/S8782/javascript) | Lifecycle hooks should not be interleaved with test cases or nested suites | β
| | | | |
| [in-operator-type-error](https://sonarsource.github.io/rspec/#/rspec/S3785/javascript) | "in" should not be used with primitive types | β
| | | π | |
| [inconsistent-function-call](https://sonarsource.github.io/rspec/#/rspec/S3686/javascript) | Functions should be called consistently with or without "new" | β
| | | | |
| [index-of-compare-to-positive-number](https://sonarsource.github.io/rspec/#/rspec/S2692/javascript) | "indexOf" checks should not be for positive numbers | β
| | | π | |
| [insecure-cookie](https://sonarsource.github.io/rspec/#/rspec/S2092/javascript) | Cookies should have the "secure" flag | β
| | | | |
| [insecure-jwt-token](https://sonarsource.github.io/rspec/#/rspec/S5659/javascript) | JWT should be signed and verified with strong cipher algorithms | β
| | | | |
| [inverted-assertion-arguments](https://sonarsource.github.io/rspec/#/rspec/S3415/javascript) | Assertion arguments should be passed in the correct order | β
| | π‘ | | |
| [jsx-no-leaked-render](https://sonarsource.github.io/rspec/#/rspec/S6439/javascript) | React components should not render non-boolean condition values | β
| | π‘ | π | |
| [label-position](https://sonarsource.github.io/rspec/#/rspec/S1439/javascript) | Only "while", "do", "for" and "switch" statements should be labelled | β
| | | | |
| [link-with-target-blank](https://sonarsource.github.io/rspec/#/rspec/S5148/javascript) | Opened windows should not have access to the originating page | β
| | | | |
| [max-lines](https://sonarsource.github.io/rspec/#/rspec/S104/javascript) | Files should not have too many lines of code | | | | | |
| [max-lines-per-function](https://sonarsource.github.io/rspec/#/rspec/S138/javascript) | Functions should not have too many lines of code | | | | | |
| [max-switch-cases](https://sonarsource.github.io/rspec/#/rspec/S1479/javascript) | "switch" statements should not have too many "case" clauses | β
| | | | |
| [max-union-size](https://sonarsource.github.io/rspec/#/rspec/S4622/javascript) | Union types should not have too many elements | | | | | |
| [memoize-cache-key](https://sonarsource.github.io/rspec/#/rspec/S8932/javascript) | Lodash and Underscore.js `memoize` calls on functions with multiple parameters should use an explicit cache key function | β
| | | | |
| [misplaced-loop-counter](https://sonarsource.github.io/rspec/#/rspec/S1994/javascript) | "for" loop increment clauses should modify the loops' counters | β
| | | | |
| [nested-control-flow](https://sonarsource.github.io/rspec/#/rspec/S134/javascript) | Control flow statements "if", "for", "while", "switch" and "try" should not be nested too deeply | | | | | |
| [new-operator-misuse](https://sonarsource.github.io/rspec/#/rspec/S2999/javascript) | "new" should only be used with functions and classes | β
| | | π | |
| [no-all-duplicated-branches](https://sonarsource.github.io/rspec/#/rspec/S3923/javascript) | All branches in a conditional structure should not have exactly the same implementation | β
| | | | |
| [no-alphabetical-sort](https://sonarsource.github.io/rspec/#/rspec/S2871/javascript) | "Array.prototype.sort()" and "Array.prototype.toSorted()" should use a compare function | β
| | π‘ | π | |
| [no-angular-bypass-sanitization](https://sonarsource.github.io/rspec/#/rspec/S6268/javascript) | Angular built-in sanitization should not be disabled | β
| | | | |
| [no-array-delete](https://sonarsource.github.io/rspec/#/rspec/S2870/javascript) | "delete" should not be used on arrays | β
| | | π | |
| [no-associative-arrays](https://sonarsource.github.io/rspec/#/rspec/S3579/javascript) | Array indexes should be numeric | β
| | | π | |
| [no-async-constructor](https://sonarsource.github.io/rspec/#/rspec/S7059/javascript) | Constructors should not contain asynchronous operations | β
| | | π | |
| [no-built-in-override](https://sonarsource.github.io/rspec/#/rspec/S2424/javascript) | Built-in objects should not be overridden | | | | | |
| [no-case-label-in-switch](https://sonarsource.github.io/rspec/#/rspec/S1219/javascript) | "switch" statements should not contain non-case labels | β
| | | | |
| [no-clear-text-protocols](https://sonarsource.github.io/rspec/#/rspec/S5332/javascript) | Clear-text protocols should not be used | β
| | | | |
| [no-code-after-done](https://sonarsource.github.io/rspec/#/rspec/S6079/javascript) | Tests should not execute any code after "done()" is called | β
| | | | |
| [no-collapsible-if](https://sonarsource.github.io/rspec/#/rspec/S1066/javascript) | Mergeable "if" statements should be combined | | | | | |
| [no-collection-size-mischeck](https://sonarsource.github.io/rspec/#/rspec/S3981/javascript) | Collection size and array length comparisons should make sense | β
| | π‘ | π | |
| [no-commented-code](https://sonarsource.github.io/rspec/#/rspec/S125/javascript) | Sections of code should not be commented out | | | π‘ | | |
| [no-control-regex](https://sonarsource.github.io/rspec/#/rspec/S6324/javascript) | Regular expressions should not contain control characters | β
| | | π | |
| [no-dead-store](https://sonarsource.github.io/rspec/#/rspec/S1854/javascript) | Unused assignments should be removed | β
| | | | |
| [no-debug-commands-in-ui-tests](https://sonarsource.github.io/rspec/#/rspec/S8959/javascript) | UI test debug commands should not be committed to version control | β
| π§ | | | |
| [no-default-utility-imports](https://sonarsource.github.io/rspec/#/rspec/S8927/javascript) | Default imports from modular utility libraries should not be used | β
| | | | |
| [no-delete-var](https://sonarsource.github.io/rspec/#/rspec/S3001/javascript) | "delete" should be used only with object properties | β
| | | | |
| [no-duplicate-in-composite](https://sonarsource.github.io/rspec/#/rspec/S4621/javascript) | Union and intersection types should not include duplicated constituents | β
| | π‘ | | |
| [no-duplicate-string](https://sonarsource.github.io/rspec/#/rspec/S1192/javascript) | String literals should not be duplicated | | | | | |
| [no-duplicate-test-title](https://sonarsource.github.io/rspec/#/rspec/S8754/javascript) | Test titles should be unique within the same suite | β
| | | | |
| [no-duplicated-branches](https://sonarsource.github.io/rspec/#/rspec/S1871/javascript) | Two branches in a conditional structure should not have exactly the same implementation | β
| | | | |
| [no-element-overwrite](https://sonarsource.github.io/rspec/#/rspec/S4143/javascript) | Collection elements should not be replaced unconditionally | β
| | | | |
| [no-empty-after-reluctant](https://sonarsource.github.io/rspec/#/rspec/S6019/javascript) | Reluctant quantifiers in regular expressions should be followed by an expression that can't match the empty string | β
| | | π | |
| [no-empty-alternatives](https://sonarsource.github.io/rspec/#/rspec/S6323/javascript) | Alternation in regular expressions should not contain empty alternatives | β
| | | π | |
| [no-empty-character-class](https://sonarsource.github.io/rspec/#/rspec/S2639/javascript) | Empty character classes should not be used | β
| | | π | |
| [no-empty-collection](https://sonarsource.github.io/rspec/#/rspec/S4158/javascript) | Empty collections should not be accessed or iterated | β
| | | | |
| [no-empty-group](https://sonarsource.github.io/rspec/#/rspec/S6331/javascript) | Regular expressions should not contain empty groups | β
| | | π | |
| [no-empty-test-file](https://sonarsource.github.io/rspec/#/rspec/S2187/javascript) | Test files should contain at least one test case | β
| | | | |
| [no-empty-test-title](https://sonarsource.github.io/rspec/#/rspec/S8781/javascript) | Test and suite titles should not be empty or whitespace-only | β
| | | | |
| [no-equals-in-for-termination](https://sonarsource.github.io/rspec/#/rspec/S888/javascript) | Equality operators should not be used in "for" loop termination conditions | β
| | | | |
| [no-exclusive-tests](https://sonarsource.github.io/rspec/#/rspec/S6426/javascript) | Exclusive tests should not be committed to version control | β
| | π‘ | | |
| [no-extra-arguments](https://sonarsource.github.io/rspec/#/rspec/S930/javascript) | Function calls should not pass extra arguments | β
| | | | |
| [no-fallthrough](https://sonarsource.github.io/rspec/#/rspec/S128/javascript) | Switch cases should end with an unconditional "break" statement | β
| | | | |
| [no-fixed-wait-in-tests](https://sonarsource.github.io/rspec/#/rspec/S2925/javascript) | Fixed waits should not be used in tests | β
| | | | |
| [no-floating-point-equality](https://sonarsource.github.io/rspec/#/rspec/S1244/javascript) | Floating point numbers should not be tested for equality | β
| | | | |
| [no-for-in-iterable](https://sonarsource.github.io/rspec/#/rspec/S4139/javascript) | "for in" should not be used with iterables | | | | π | |
| [no-forced-browser-interaction](https://sonarsource.github.io/rspec/#/rspec/S8783/javascript) | Forced browser interactions should not bypass actionability checks | β
| | | | |
| [no-function-declaration-in-block](https://sonarsource.github.io/rspec/#/rspec/S1530/javascript) | Function declarations should not be made within blocks | | | | | |
| [no-global-this](https://sonarsource.github.io/rspec/#/rspec/S2990/javascript) | The global "this" object should not be used | β
| | π‘ | | |
| [no-globals-shadowing](https://sonarsource.github.io/rspec/#/rspec/S2137/javascript) | Special identifiers should not be bound or assigned | β
| | | | |
| [no-gratuitous-expressions](https://sonarsource.github.io/rspec/#/rspec/S2589/javascript) | Boolean expressions should not be gratuitous | β
| | | | |
| [no-hardcoded-ip](https://sonarsource.github.io/rspec/#/rspec/S1313/javascript) | IP addresses should not be hardcoded | β
| | | | |
| [no-hardcoded-passwords](https://sonarsource.github.io/rspec/#/rspec/S2068/javascript) | Credentials should not be hard-coded | β
| | | | |
| [no-hardcoded-secrets](https://sonarsource.github.io/rspec/#/rspec/S6418/javascript) | Secrets should not be hard-coded | β
| | | | |
| [no-hook-setter-in-body](https://sonarsource.github.io/rspec/#/rspec/S6442/javascript) | React's useState hook should not be used directly in the render function or body of a component | β
| | | | |
| [no-identical-conditions](https://sonarsource.github.io/rspec/#/rspec/S1862/javascript) | "if/else if" chains and "switch" cases should not have the same condition | β
| | | | |
| [no-identical-expressions](https://sonarsource.github.io/rspec/#/rspec/S1764/javascript) | Identical expressions should not be used on both sides of a binary operator | β
| | | | |
| [no-identical-functions](https://sonarsource.github.io/rspec/#/rspec/S4144/javascript) | Functions should not have identical implementations | β
| | | | |
| [no-ignored-exceptions](https://sonarsource.github.io/rspec/#/rspec/S2486/javascript) | Exceptions should not be ignored | β
| | | | |
| [no-ignored-return](https://sonarsource.github.io/rspec/#/rspec/S2201/javascript) | Return values from functions without side effects should not be ignored | β
| | | π | |
| [no-implicit-dependencies](https://sonarsource.github.io/rspec/#/rspec/S4328/javascript) | Dependencies should be explicit | | | | | |
| [no-implicit-global](https://sonarsource.github.io/rspec/#/rspec/S2703/javascript) | Variables should be declared explicitly | β
| | | | |
| [no-in-misuse](https://sonarsource.github.io/rspec/#/rspec/S4619/javascript) | "in" should not be used on arrays | β
| | π‘ | π | |
| [no-incompatible-assertion-types](https://sonarsource.github.io/rspec/#/rspec/S5845/javascript) | Assertions comparing incompatible types should not be made | β
| | | π | |
| [no-incomplete-assertions](https://sonarsource.github.io/rspec/#/rspec/S2970/javascript) | Assertions should be complete | β
| | | | |
| [no-inconsistent-returns](https://sonarsource.github.io/rspec/#/rspec/S3801/javascript) | Functions should use "return" consistently | | | | π | |
| [no-incorrect-string-concat](https://sonarsource.github.io/rspec/#/rspec/S3402/javascript) | Strings and non-strings should not be added | | | | π | |
| [no-internal-api-use](https://sonarsource.github.io/rspec/#/rspec/S6627/javascript) | Users should not use internal APIs | β
| | | | |
| [no-interpolation-in-inline-snapshots](https://sonarsource.github.io/rspec/#/rspec/S8967/javascript) | Inline snapshots should not contain interpolations | β
| | | | |
| [no-intrusive-permissions](https://sonarsource.github.io/rspec/#/rspec/S5604/javascript) | Sensitive permissions should not be requested unnecessarily | | | | | β |
| [no-invalid-regexp](https://sonarsource.github.io/rspec/#/rspec/S5856/javascript) | Regular expressions should be syntactically valid | β
| | | π | |
| [no-invariant-returns](https://sonarsource.github.io/rspec/#/rspec/S3516/javascript) | Function returns should not be invariant | β
| | | | |
| [no-inverted-boolean-check](https://sonarsource.github.io/rspec/#/rspec/S1940/javascript) | Boolean checks should not be inverted | β
| | π‘ | | |
| [no-ip-forward](https://sonarsource.github.io/rspec/#/rspec/S5759/javascript) | Client IP address should not be forwarded to proxies | | | | | β |
| [no-labels](https://sonarsource.github.io/rspec/#/rspec/S1119/javascript) | Labels should not be used | β
| | | | |
| [no-literal-call](https://sonarsource.github.io/rspec/#/rspec/S6958/javascript) | Literals should not be used as functions | β
| | | | |
| [no-mime-sniff](https://sonarsource.github.io/rspec/#/rspec/S5734/javascript) | Browsers should not be allowed to perform MIME type sniffing