Security News
NIST Misses 2024 Deadline to Clear NVD Backlog
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.
@biomejs/biome
Advanced tools
Biome is a performant toolchain for web projects, it aims to provide developer tools to maintain the health of said projects.
Biome is a fast formatter for JavaScript, TypeScript, JSX, JSON, CSS and GraphQL that scores 97% compatibility with Prettier.
Biome is a performant linter for JavaScript, TypeScript, JSX, CSS and GraphQL that features more than 270 rules from ESLint, typescript-eslint, and other sources. It outputs detailed and contextualized diagnostics that help you to improve your code and become a better programmer!
Biome is designed from the start to be used interactively within an editor. It can format and lint malformed code as you are writing it.
npm install --save-dev --save-exact @biomejs/biome
# format files
npx @biomejs/biome format --write ./src
# lint files and apply the safe fixes
npx @biomejs/biome lint --write ./src
# run format, lint, etc. and apply the safe fixes
npx @biomejs/biome check --write ./src
# check all files against format, lint, etc. in CI environments
npx @biomejs/biome ci ./src
If you want to give Biome a run without installing it, use the online playground, compiled to WebAssembly.
Check out our homepage to learn more about Biome, or directly head to the Getting Started guide to start using Biome.
Biome has sane defaults and it doesn't require configuration.
Biome aims to support all main languages of modern web development.
Biome doesn't require Node.js to function.
Biome has first-class LSP support, with a sophisticated parser that represents the source text in full fidelity and top-notch error recovery.
Biome unifies functionality that has previously been separate tools. Building upon a shared base allows us to provide a cohesive experience for processing code, displaying errors, parallelize work, caching, and configuration.
Read more about our project philosophy.
Biome is MIT licensed or Apache 2.0 licensed and moderated under the Contributor Covenant Code of Conduct.
You can fund the project in different ways
You can sponsor or fund the project via Open collective or GitHub sponsors
Biome offers a simple sponsorship program that allows companies to get visibility and recognition among various developers.
We use Polar.sh to up-vote and promote specific features that you would like to see and implement. Check our backlog and help us:
v1.9.3 (2024-10-01)
GritQL queries that match functions or methods will now match async functions or methods as well.
If this is not what you want, you can capture the async
keyword (or its absence) in a metavariable and assert its emptiness:
$async function foo() {} where $async <: .
Contributed by @arendjr
Fix #4077: Grit queries no longer need to match the statement's trailing semicolon. Contributed by @arendjr
Fix #4102. Now the CLI command lint
doesn't exit with an error code when using --write
/--fix
. Contributed by @ematipico
noLabelWithoutControl
options where incorrectly marked as mandatory. Contributed by @ematipicoFix #3924 where GraphQL formatter panics in block comments with empty line. Contributed by @vohoanglong0107
Fix a case where raw values inside url()
functions weren't properly trimmed.
.value {
- background: url(
- whitespace-around-string
- );
+ background: url(whitespace-around-string);
}
Contributed by @ematipico
Fixed #4076, where a media query wasn't correctly formatted:
.class {
- @media (1024px <= width <=1280px) {
+ @media (1024px <= width <= 1280px) {
color: red;
}
}
Contributed by @blaze-d83
Add noDescendingSpecificity. Contributed by @tunamaguro
Add noNestedTernary. Contributed by @kaykdm
Add noTemplateCurlyInString. Contributed by @fireairforce
Add noOctalEscape. Contributed by @fireairforce
Add an option reportUnnecessaryDependencies
to useExhaustiveDependencies.
Defaults to true. When set to false, errors will be suppressed for React hooks that declare dependencies but do not use them.
Contributed by @simon-paris
Add an option reportMissingDependenciesArray
to useExhaustiveDependencies. Contributed by @simon-paris
noControlCharactersInRegex no longer panics on regexes with incomplete escape sequences. Contributed by @Conaclos
noMisleadingCharacterClass no longer reports issues outside of character classes.
The following code is no longer reported:
/[a-z]👍/;
Contributed by @Conaclos
noUndeclaredDependencies no longer reports Node.js builtin modules as undeclared dependencies.
The rule no longer reports the following code:
import * as fs from "fs";
Contributed by @Conaclos
noUnusedVariables no longer panics when suggesting the renaming of a variable at the start of a file (#4114). Contributed by @Conaclos
noUselessEscapeInRegex no longer panics on regexes that start with an empty character class. Contributed by @Conaclos
noUselessStringConcat no longer panics when it encounters malformed code. Contributed by @Conaclos
noUnusedFunctionParameters no longer reports unused parameters inside an object pattern with a rest parameter.
In the following code, the rule no longer reports a
as unused.
function f({ a, ...rest }) {
return rest;
}
This matches the behavior of noUnusedVariables.
Contributed by @Conaclos
useButtonType no longer reports dynamically created button with a valid type (#4072).
The following code is no longer reported:
React.createElement("button", { type: "button" }, "foo")
Contributed by @Conaclos
useSemanticElements now ignores elements with the img
role (#3994).
MDN recommends using role="img"
for grouping images or creating an image from other elements.
The following code is no longer reported:
<div role="img" aria-label="That cat is so cute">
<p>🐈 😂</p>
</div>
Contributed by @Conaclos
useSemanticElements now ignores alert
and alertdialog
roles (#3858). Contributed by @Conaclos
noUselessFragments don't create invaild JSX code when Fragments children contains JSX Expression and in a LogicalExpression. Contributed by @fireairforce
FAQs
Biome is a toolchain for the web: formatter, linter and more
The npm package @biomejs/biome receives a total of 675,096 weekly downloads. As such, @biomejs/biome popularity was classified as popular.
We found that @biomejs/biome demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.
Security News
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
Security News
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.