When writing asynchronous code, it is possible to create subtle race condition bugs. Consider the following example:
It is considered a best practice to avoid 'polluting' the global scope with variables that are intended to be local to the script. Global variables created from a script can produce name collisions with global variables created from another script, which will usually lead to runtime errors or unexpected behavior. It is mostly useful for browser scripts.
Comparing to null
without a type-checking operator (===
or !==
), can have unintended results as the comparison will evaluate to true
when comparing to not just a null
, but also an undefined
value.
In JavaScript, you can extend any object, including builtin or "native" objects. Sometimes people change the behavior of these native objects in ways that break the assumptions made about them in other parts of the code.
Using promises is forbidden in places where the TypeScript compiler allows them but they are not handled properly. These situations can often arise due to a missing await keyword or just a misunderstanding of the way async functions are handled/awaited.
DisplayName allows you to name your component. This name is used by React in debugging messages.
'^([A-Z][a-z0-9]*)+Type$$'
is the default pattern for type alias names.
React components use JSX, not HTML.
So we need to use JSX attributes and React replicate the respective HTML property/attribute while rendering.
Use of HTML property in JSX can sometimes lead to errors.
For example, class
is a keyword in JavaScript (JSX is an extension of JavaScript), so it will throw an error.
However, in HTML it is a valid attribute.
Note: If you use React with Web Components, use the class
attribute instead.
Some code paths are unreachable because the return
, throw
, break
, and continue
statements unconditionally exit a block of code.
The code statements after the above keywords (which exit the code block) will not execute.
__proto__
property is not recommended JS-0084__proto__
property has been deprecated as of ECMAScript 3.1 and shouldn't be used. Use Object.getPrototypeOf
and Object.setPrototypeOf
instead.
target='_blank'
attribute without rel='noopener noreferrer'
JS-0422When creating a JSX element with a tag, it is often desired to have the link open in a new tab using the target='_blank'
attribute. Using this attribute unaccompanied by rel='noreferrer'
, however, is a severe security vulnerability.
The result of a call to String#toUpperCase
should only be compared with an uppercase string. Calls like s.toUpperCase() === "Not-Uppercase"
will always evaluate to false
. Similarly, calls to toLowerCase
should only be compared with lowercase strings.
Located potential errors resulting from misspellings of variable and parameter names, or accidental implicit globals.
Arrow functions should not be used in computed properties because they are unable to access other properties (using this.property
) of the same object. Accidental usage can thus lead to bugs.
.on()
JS-0800Avoid using .on()
in favour of component's lifecycle hooks. The order of execution for on()
is not deterministic.
Nesting JSX elements too deeply can confuse developers reading the code. To make maintenance and refactoring easier, DeepSource recommends limiting the maximum JSX tree depth to 4.
function
or var declarations in nested blocks is not preferred JS-0016Function declarations (with the function
keyword) and variable declarations should preferably be in the root of a program or the body of a function. Having nested function declarations inside blocks may have unexpected results at runtime due to hoisting.
ember-data
to @ember-data
JS-0818ember-data
has been split in multiple packages. For instance, its store is now released in @ember-data/store
package. These packages have been released starting from ember-data
version 3.11.
Why we have to migrate?
Setting webSecurity
property to false
, or allowRunningInsecureContent
to true
in an Electron renderer process like BrowserWindow
or BrowserView
disables crucial security features. By default, the webSecurity
property is always true
and the allowRunningInsecureContent
property is always false
.
Certificate validation is an important aspect of Transport Layer Security (TLS) connections as it helps to ensure the authenticity and integrity of the data being transmitted. Disabling certificate validation can lead to several security risks, including Man-in-the-Middle Attacks. Without certificate validation, it is possible for an attacker to intercept the communication and present a fake certificate to the client.