Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@biomejs/backend-jsonrpc
Advanced tools
Bindings to the JSON-RPC Workspace API of the Biome daemon
v1.9.4 (2024-10-17)
Implement GraphQL suppression action. Contributed by @vohoanglong0107
Improved the message for unused suppression comments. Contributed by @dyc3
Fix #4228, where the rule a11y/noInteractiveElementToNoninteractiveRole
incorrectly reports a role
for non-interactive elements. Contributed by @eryue0220
noSuspiciousSemicolonInJsx
now catches suspicious semicolons in React fragments. Contributed by @vasucp1207
The syntax rule noTypeOnlyImportAttributes
now ignores .cts
files (#4361).
Since TypeScript 5.3, type-only imports can be associated to an import attribute in CommonJS-enabled files. See the TypeScript docs.
The following code is no longer reported as a syntax error:
import type { TypeFromRequire } from "pkg" with {
"resolution-mode": "require"
};
Note that this is only allowed in files ending with the cts
extension.
Contributed by @Conaclos
The --summary
reporter now reports parsing diagnostics too. Contributed by @ematipico
Improved performance of GritQL queries by roughly 25-30%. Contributed by @arendjr
@charset
dobule quote under any situation for css syntax rule. Contributed by @fireairforceBiome no longer crashes when it encounters a string that contain a multibyte character (#4181).
This fixes a regression introduced in Biome 1.9.3 The regression affected the following linter rules:
nursery/useSortedClasses
nursery/useTrimStartEnd
style/useTemplate
suspicious/noMisleadingCharacterClass
Contributed by @Conaclos
Fix #4190, where the rule noMissingVarFunction
wrongly reported a variable as missing when used inside a var()
function that was a newline. Contributed by @ematipico
Fix #4041. Now the rule useSortedClasses
won't be triggered if className
is composed only by inlined variables. Contributed by @ematipico
useImportType and useExportType now report useless inline type qualifiers (#4178).
The following fix is now proposed:
- import type { type A, B } from "";
+ import type { A, B } from "";
- export type { type C, D };
+ export type { C, D };
Contributed by @Conaclos
useExportType now reports ungrouped export from
.
The following fix is now proposed:
- export { type A, type B } from "";
+ export type { A, B } from "";
Contributed by @Conaclos
noVoidTypeReturn now accepts void
expressions in return position (#4173).
The following code is now accepted:
function f(): void {
return void 0;
}
Contributed by @Conaclos
noUselessFragments now correctly handles fragments containing HTML escapes (e.g.
) inside expression escapes { ... }
(#4059).
The following code is no longer reported:
function Component() {
return (
<div key={index}>{line || <> </>}</div>
)
}
Contributed by @fireairforce
noUnusedFunctionParameters and noUnusedVariables no longer reports a parameter as unused when another parameter has a constructor type with the same parameter name (#4227).
In the following code, the name
parameter is no longer reported as unused.
export class Foo {
bar(name: string, _class: new (name: string) => any) {
return name
}
}
Contributed by @Conaclos
noUndeclaredDependencies now accepts dependency names with dots. Contributed by @Conaclos
useFilenamingConvention now correctly handles renamed exports (#4254).
The rule allows the filename to be named as one of the exports of the module.
For instance, the file containing the following export can be named Button
.
class Button {}
export { Button }
The rule now correctly handles the renaming of an export.
For example, the file containing the following export can only be named Button
.
Previously the rule expected the file to be named A
.
class A {}
export { A as Button }
Contributed by @Conaclos
useConsistentMemberAccessibility now ignore private class members such as #property
(#4276). Contributed by @Conaclos
noUnknownFunction correctly handles calc-size
function (#4212).
The following code calc-size
is no longer reported as unknown:
.a { height: calc-size(0px); }
Contributed by @fireairforce
useNamingConvention now allows configuring conventions for readonly index signatures.
Contributed by @sepruko
The CSS parser now accepts more emoji in identifiers (#3627).
Browsers accept more emoji than the standard allows. Biome now accepts these additional emojis.
The following code is now correctly parsed:
p {
--✨-color: red;
color: var(--✨-color);
}
Contributed by @Conaclos
Add support for parsing typescript's resolution-mode
in Import Types(#2115)
export type Fs = typeof import('fs', { with: { 'resolution-mode': 'import' } });
export type TypeFromRequire =
import("pkg", { with: { "resolution-mode": "require" } }).TypeFromRequire;
export type TypeFromImport =
import("pkg", { with: { "resolution-mode": "import" } }).TypeFromImport;
Contributed by @fireairforce
FAQs
Bindings to the JSON-RPC Workspace API of the Biome daemon
The npm package @biomejs/backend-jsonrpc receives a total of 735 weekly downloads. As such, @biomejs/backend-jsonrpc popularity was classified as not popular.
We found that @biomejs/backend-jsonrpc demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.