![Understanding the Security Concerns of npm Shrinkwrap](https://cdn.sanity.io/images/cgdhsj6q/production/37156cfb4523f411022d98b3b06138985ac81496-1024x1024.webp?w=400&fit=max&auto=format)
Security News
Understanding the Security Concerns of npm Shrinkwrap
Explore the security risks of using npm shrinkwrap, the potential for outdated dependencies, and best practices for mitigating these concerns in your projects.
@biomejs/biome
Advanced tools
Changelog
1.2.0 (2023-09-15)
--json-formatter-enabled
--json-formatter-indent-style
--json-formatter-indent-size
--json-formatter-line-width
--javascript-formatter-enabled
--javascript-formatter-indent-style
--javascript-formatter-indent-size
--javascript-formatter-line-width
--errors-on-warning
didn't work when running biome ci
command.json.formatter.enabled
json.formatter.indentStyle
json.formatter.indentSize
json.formatter.lineWidth
javascript.formatter.enabled
javascript.formatter.indentStyle
javascript.formatter.indentSize
javascript.formatter.lineWidth
New rules are incubated in the nursery group. Once stable, we promote them to a stable group. The following rules are promoted:
void
type. Contributed by @shulandmimiRemove noConfusingArrow
Code formatters, such as prettier and Biome, always adds parentheses around the parameter or the body of an arrow function. This makes the rule useless.
Contributed by @Conaclos
noFallthroughSwitchClause now relies on control flow analysis to report most of the switch clause fallthrough. Contributed by @Conaclos
noAssignInExpressions no longer suggest code fixes. Most of the time the suggestion didn't match users' expectations. Contributed by @Conaclos
noUselessConstructor no longer emits safe code fixes. Contributed by @Conaclos
All code fixes are now emitted as unsafe code fixes. Removing a constructor can change the behavior of a program.
useCollapsedElseIf now only provides safe code fixes. Contributed by @Conaclos
noUnusedVariables now reports more cases.
The rule is now able to ignore self-writes. For example, the rule reports the following unused variable:
let a = 0;
a++;
a += 1;
The rule is also capable of detecting an unused declaration that uses itself. For example, the rule reports the following unused interface:
interface I {
instance(): I
}
Finally, the rule now ignores all TypeScript declaration files, including global declaration files.
Contributed by @Conaclos
Fix #182, making useLiteralKeys retains optional chaining. Contributed by @denbezrukov
Fix #168, fix useExhaustiveDependencies false positive case when stable hook is on a new line. Contributed by @denbezrukov
Fix #137, fix noRedeclare false positive case with TypeScript module declaration:
declare module '*.gif' {
const src: string;
}
declare module '*.bmp' {
const src: string;
}
Contributed by @denbezrukov
Fix #258, fix noUselessFragments the case where the rule removing an assignment. Contributed by @denbezrukov
Fix #266, where complexity/useLiteralKeys
emitted a code action with
an invalid AST. Contributed by @ematipico
Fix #105, removing false positives reported by noUnusedVariables.
The rule no longer reports the following used variable:
const a = f(() => a);
Contributed by @Conaclos
Improve server binary resolution when using certain package managers, notably pnpm.
The new strategy is to point to node_modules/.bin/biome
path,
which is consistent for all package managers.
Readme
Biome formats and lints your code in a fraction of a second.
Biome supports JavaScript, TypeScript, JSON, and CSS. It aims to support all main languages of modern web development.
Biome has sane defaults and requires minimal configuration. Biome helps you as much as possible by displaying detailed and contextualized diagnostics. Read more about our project philosophy.
Biome unifies functionality that has previously been separate tools. Building upon a shared base allows us to provide a cohesive experience for processing code, displaying errors, parallelizing work, caching, and configuration.
Biome is designed to eventually replace Babel, ESLint, webpack, Prettier, Jest, and others.
Biome has first-class IDE support, with a sophisticated parser that represents the source text in full fidelity and top-notch error recovery.
Biome is MIT licensed and moderated under the Contributor Covenant Code of Conduct.
Check out our homepage to learn more about Biome, or directly head to the Getting Started guide to start using Biome.
FAQs
Biome is a toolchain for the web: formatter, linter and more
The npm package @biomejs/biome receives a total of 571,975 weekly downloads. As such, @biomejs/biome popularity was classified as popular.
We found that @biomejs/biome demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Explore the security risks of using npm shrinkwrap, the potential for outdated dependencies, and best practices for mitigating these concerns in your projects.
Security News
Node.js is taking steps towards removing Corepack from its distribution, aiming for changes in the next major release.
Security News
OpenSSF has released a guide to help package repositories adopt Trusted Publishers, which enhances security by using short-lived identity tokens for authentication, reducing the risks associated with long-lived secrets.