Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

@biomejs/biome

Package Overview
Dependencies
Maintainers
5
Versions
79
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@biomejs/biome - npm Package Versions

23
8

1.9.5-nightly.81fdedb

Diff

dominionl
published 1.9.5-nightly.c0cccb2 •

dominionl
published 1.9.5-nightly.ff02a0b •

dominionl
published 1.9.5-nightly.4713c52 •

dominionl
published 1.9.5-nightly.92879ae •

dominionl
published 1.9.4 •

Changelog

Source

v1.9.4 (2024-10-17)

Analyzer

Bug fixes
  • Implement GraphQL suppression action. Contributed by @vohoanglong0107

  • Improved the message for unused suppression comments. Contributed by @dyc3

  • Fix #4228, where the rule a11y/noInteractiveElementToNoninteractiveRole incorrectly reports a role for non-interactive elements. Contributed by @eryue0220

  • noSuspiciousSemicolonInJsx now catches suspicious semicolons in React fragments. Contributed by @vasucp1207

  • The syntax rule noTypeOnlyImportAttributes now ignores .cts files (#4361).

    Since TypeScript 5.3, type-only imports can be associated to an import attribute in CommonJS-enabled files. See the TypeScript docs.

    The following code is no longer reported as a syntax error:

    import type { TypeFromRequire } from "pkg" with {
        "resolution-mode": "require"
    };
    

    Note that this is only allowed in files ending with the cts extension.

    Contributed by @Conaclos

CLI

Enhancements
  • The --summary reporter now reports parsing diagnostics too. Contributed by @ematipico

  • Improved performance of GritQL queries by roughly 25-30%. Contributed by @arendjr

Configuration

Bug fixes
  • Fix an issue where the JSON schema marked lint rules options as mandatory. Contributed by @ematipico

Editors

Formatter

Bug fixes
  • Fix #4121. Respect line width when printing multiline strings. Contributed by @ah-yu
  • Fix #4384. Keep @charset dobule quote under any situation for css syntax rule. Contributed by @fireairforce

JavaScript APIs

Linter

New features
Bug Fixes
  • Biome no longer crashes when it encounters a string that contain a multibyte character (#4181).

    This fixes a regression introduced in Biome 1.9.3 The regression affected the following linter rules:

    • nursery/useSortedClasses
    • nursery/useTrimStartEnd
    • style/useTemplate
    • suspicious/noMisleadingCharacterClass

    Contributed by @Conaclos

  • Fix #4190, where the rule noMissingVarFunction wrongly reported a variable as missing when used inside a var() function that was a newline. Contributed by @ematipico

  • Fix #4041. Now the rule useSortedClasses won't be triggered if className is composed only by inlined variables. Contributed by @ematipico

  • useImportType and useExportType now report useless inline type qualifiers (#4178).

    The following fix is now proposed:

    - import type { type A, B } from "";
    + import type { A, B } from "";
    
    - export type { type C, D };
    + export type { C, D };
    

    Contributed by @Conaclos

  • useExportType now reports ungrouped export from.

    The following fix is now proposed:

    - export { type A, type B } from "";
    + export type { A, B } from "";
    

    Contributed by @Conaclos

  • noVoidTypeReturn now accepts void expressions in return position (#4173).

    The following code is now accepted:

    function f(): void {
      return void 0;
    }
    

    Contributed by @Conaclos

  • noUselessFragments now correctly handles fragments containing HTML escapes (e.g.  ) inside expression escapes { ... } (#4059).

    The following code is no longer reported:

    function Component() {
      return (
        <div key={index}>{line || <>&nbsp;</>}</div>
      )
    }
    

    Contributed by @fireairforce

  • noUnusedFunctionParameters and noUnusedVariables no longer reports a parameter as unused when another parameter has a constructor type with the same parameter name (#4227).

    In the following code, the name parameter is no longer reported as unused.

    export class Foo {
      bar(name: string, _class: new (name: string) => any) {
        return name
      }
    }
    

    Contributed by @Conaclos

  • noUndeclaredDependencies now accepts dependency names with dots. Contributed by @Conaclos

  • useFilenamingConvention now correctly handles renamed exports (#4254).

    The rule allows the filename to be named as one of the exports of the module. For instance, the file containing the following export can be named Button.

    class Button {}
    export { Button }
    

    The rule now correctly handles the renaming of an export. For example, the file containing the following export can only be named Button. Previously the rule expected the file to be named A.

    class A {}
    export { A as Button }
    

    Contributed by @Conaclos

  • useConsistentMemberAccessibility now ignore private class members such as #property (#4276). Contributed by @Conaclos

  • noUnknownFunction correctly handles calc-size function (#4212).

    The following code calc-size is no longer reported as unknown:

    .a { height: calc-size(0px); }
    

    Contributed by @fireairforce

  • useNamingConvention now allows configuring conventions for readonly index signatures.

Contributed by @sepruko

  • noDuplicateCustomProperties now correctly handles custom properties and ignores non-custom properties. Previously, the rule incorrectly reported duplicates for all properties, including non-custom ones. Contributed by @togami2864

Parser

Bug Fixes
  • The CSS parser now accepts more emoji in identifiers (#3627).

    Browsers accept more emoji than the standard allows. Biome now accepts these additional emojis.

    The following code is now correctly parsed:

    p {
      --✨-color: red;
      color: var(--✨-color);
    }
    

    Contributed by @Conaclos

  • Add support for parsing typescript's resolution-mode in Import Types(#2115)

    export type Fs = typeof import('fs', { with: { 'resolution-mode': 'import' } });
    export type TypeFromRequire =
      import("pkg", { with: { "resolution-mode": "require" } }).TypeFromRequire;
    export type TypeFromImport =
      import("pkg", { with: { "resolution-mode": "import" } }).TypeFromImport;
    

    Contributed by @fireairforce

dominionl
published 1.9.3 •

Changelog

Source

v1.9.3 (2024-10-01)

CLI

New features
  • GritQL queries that match functions or methods will now match async functions or methods as well.

    If this is not what you want, you can capture the async keyword (or its absence) in a metavariable and assert its emptiness:

    $async function foo() {} where $async <: .
    

    Contributed by @arendjr

Bug fixes
  • Fix #4077: Grit queries no longer need to match the statement's trailing semicolon. Contributed by @arendjr

  • Fix #4102. Now the CLI command lint doesn't exit with an error code when using --write/--fix. Contributed by @ematipico

Configuration

Bug fixes
  • Fix #4125, where noLabelWithoutControl options where incorrectly marked as mandatory. Contributed by @ematipico

Editors

  • Fix a case where CSS files weren't correctly linted using the default configuration. Contributed by @ematipico
Bug fixes
  • Fix #4116. Unify LSP code action kinds. Contributed by @vitallium

Formatter

Bug fixes
  • Fix #3924 where GraphQL formatter panics in block comments with empty line. Contributed by @vohoanglong0107

  • Fix #3364 where the useSelfClosingElements rule forces the script tag to be self-closing. Previously, this rule applies to all elements and cannot be disabled for native HTML elements.

    Now, this rule accepts a ignoreHtmlElements option, which when set to true, ignores native HTML elements and allows them to be non-self-closing.

    Contributed by @abidjappie

  • Fix a case where raw values inside url() functions weren't properly trimmed.

    .value {
    -  background: url(
    -   whitespace-around-string
    -  );
    + background: url(whitespace-around-string);
    }
    

    Contributed by @ematipico

  • Fixed #4076, where a media query wasn't correctly formatted:

    .class {
    -  @media (1024px <= width <=1280px) {
    +  @media (1024px <= width <= 1280px) {
       color: red;
       }
    }
    

    Contributed by @blaze-d83

JavaScript API

Bug fixes
  • Fix #3881, by updating the APIs to use the latest WASM changes. Contributed by @ematipico

Linter

New features
Enhancements
  • Add an option reportUnnecessaryDependencies to useExhaustiveDependencies.

    Defaults to true. When set to false, errors will be suppressed for React hooks that declare dependencies but do not use them.

    Contributed by @simon-paris

  • Add an option reportMissingDependenciesArray to useExhaustiveDependencies. Contributed by @simon-paris

Bug fixes
  • noControlCharactersInRegex no longer panics on regexes with incomplete escape sequences. Contributed by @Conaclos

  • noMisleadingCharacterClass no longer reports issues outside of character classes.

    The following code is no longer reported:

    /[a-z]👍/;
    

    Contributed by @Conaclos

  • noUndeclaredDependencies no longer reports Node.js builtin modules as undeclared dependencies.

    The rule no longer reports the following code:

    import * as fs from "fs";
    

    Contributed by @Conaclos

  • noUnusedVariables no longer panics when suggesting the renaming of a variable at the start of a file (#4114). Contributed by @Conaclos

  • noUselessEscapeInRegex no longer panics on regexes that start with an empty character class. Contributed by @Conaclos

  • noUselessStringConcat no longer panics when it encounters malformed code. Contributed by @Conaclos

  • noUnusedFunctionParameters no longer reports unused parameters inside an object pattern with a rest parameter.

    In the following code, the rule no longer reports a as unused.

    function f({ a, ...rest }) {
      return rest;
    }
    

    This matches the behavior of noUnusedVariables.

    Contributed by @Conaclos

  • useButtonType no longer reports dynamically created button with a valid type (#4072).

    The following code is no longer reported:

    React.createElement("button", { type: "button" }, "foo")
    

    Contributed by @Conaclos

  • useSemanticElements now ignores elements with the img role (#3994).

    MDN recommends using role="img" for grouping images or creating an image from other elements. The following code is no longer reported:

    <div role="img" aria-label="That cat is so cute">
      <p>&#x1F408; &#x1F602;</p>
    </div>
    

    Contributed by @Conaclos

  • useSemanticElements now ignores alert and alertdialog roles (#3858). Contributed by @Conaclos

  • noUselessFragments don't create invaild JSX code when Fragments children contains JSX Expression and in a LogicalExpression. Contributed by @fireairforce

Parser

Bug fixes
  • Forbid undefined as type name for typescript parser. Contributed by @fireairforce
dominionl
published 1.9.3-nightly.75b4387 •

dominionl
published 1.9.2 •

Changelog

Source

v1.9.2 (2024-09-19)

CLI

New features
  • Added support for custom GritQL definitions, including:

    • Pattern and predicate definitions: https://docs.grit.io/guides/patterns
    • Function definitions: https://docs.grit.io/language/functions#function-definitions

    Contributed by @arendjr

Bug fixes
  • Fix #3917, where the fixed files were incorrectly computed. Contributed by @ematipico
  • Fixed an issue that caused GritQL contains queries to report false positives when the matched node appeared inside a sibling node. Contributed by @arendjr

Editors

Bug fixes
  • Fix #3923. Now the .editorconfig is correctly parsed by the LSP, and the options are correctly applied to files when formatting is triggered. Plus, the Biome LSP now watches for any change to the .editorconfig, and updates the formatting settings.

  • Reduced the number of log files generated by the LSP server. Now the maximum number of logs saved on disk is seven. Contributed by @ematipico

  • Fix the code actions capabilities available in the LSP Biome server. Before, the LSP was using the default capabilities, which resulted in pulling code actions even when they were disabled by the editor.

    This means that the code actions are pulled by the client only when the editor enables quickfix.biome, source.organizeImports.biome and source.fixAll.biome.

    Now, if you enable organizeImports.enabled: true in the biome.json, and then you configure your editor with the following code action source.organizeImports.biome: false, the editor won't sort the imports.

    Contributed by @ematipico

Linter

New features
Bug fixes
  • noLabelWithoutControl now accept JSX expression as label value (#3875). Contributed by @Conaclos

  • useFilenamingConvention no longer suggests names with a disallowed case (#3952). Contributed by @Conaclos

  • useFilenamingConvention now recognizes file names starting with ASCII digits as lowercase (#3952).

    Thus, 2024-09-17-filename, 2024_09_17_filename and 20240917FileName are in kebab-case, snake_case, and camelCase respectively.

    Contributed by @Conaclos

  • useFilenamingConvention now applies the configured formats to the file extensions (#3650). Contributed by @Conaclos

Parser

Bug fixes
  • useStrictMode now reports Script files with some directives, but without the use strict directive. Contributed by @Conaclos

  • The CSS parser now accepts the characters U+FFDCF and U+FFFD in identifiers. Contributed by @Conaclos

dominionl
published 1.9.1 •

Changelog

Source

v1.9.1 (2024-09-15)

CLI

Bug fixes
  • useEditorConfig now loads the editorconfig when running biome ci #3864. Contributed by @dyc3

Editors

Bug fixes
  • Revert #3731 to fix broken quick fixes and code actions. Contributed by @nhedger

Linter

New Features
Bug fixes
  • noUndeclaredDependencies now ignores @/ imports and recognizes type imports from Definitely Typed and bun imports. Contributed by @Conaclos
23
8
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc