Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@biomejs/cli-linux-x64
Advanced tools
v1.9.4 (2024-10-17)
Implement GraphQL suppression action. Contributed by @vohoanglong0107
Improved the message for unused suppression comments. Contributed by @dyc3
Fix #4228, where the rule a11y/noInteractiveElementToNoninteractiveRole
incorrectly reports a role
for non-interactive elements. Contributed by @eryue0220
noSuspiciousSemicolonInJsx
now catches suspicious semicolons in React fragments. Contributed by @vasucp1207
The syntax rule noTypeOnlyImportAttributes
now ignores .cts
files (#4361).
Since TypeScript 5.3, type-only imports can be associated to an import attribute in CommonJS-enabled files. See the TypeScript docs.
The following code is no longer reported as a syntax error:
import type { TypeFromRequire } from "pkg" with {
"resolution-mode": "require"
};
Note that this is only allowed in files ending with the cts
extension.
Contributed by @Conaclos
The --summary
reporter now reports parsing diagnostics too. Contributed by @ematipico
Improved performance of GritQL queries by roughly 25-30%. Contributed by @arendjr
@charset
dobule quote under any situation for css syntax rule. Contributed by @fireairforceBiome no longer crashes when it encounters a string that contain a multibyte character (#4181).
This fixes a regression introduced in Biome 1.9.3 The regression affected the following linter rules:
nursery/useSortedClasses
nursery/useTrimStartEnd
style/useTemplate
suspicious/noMisleadingCharacterClass
Contributed by @Conaclos
Fix #4190, where the rule noMissingVarFunction
wrongly reported a variable as missing when used inside a var()
function that was a newline. Contributed by @ematipico
Fix #4041. Now the rule useSortedClasses
won't be triggered if className
is composed only by inlined variables. Contributed by @ematipico
useImportType and useExportType now report useless inline type qualifiers (#4178).
The following fix is now proposed:
- import type { type A, B } from "";
+ import type { A, B } from "";
- export type { type C, D };
+ export type { C, D };
Contributed by @Conaclos
useExportType now reports ungrouped export from
.
The following fix is now proposed:
- export { type A, type B } from "";
+ export type { A, B } from "";
Contributed by @Conaclos
noVoidTypeReturn now accepts void
expressions in return position (#4173).
The following code is now accepted:
function f(): void {
return void 0;
}
Contributed by @Conaclos
noUselessFragments now correctly handles fragments containing HTML escapes (e.g.
) inside expression escapes { ... }
(#4059).
The following code is no longer reported:
function Component() {
return (
<div key={index}>{line || <> </>}</div>
)
}
Contributed by @fireairforce
noUnusedFunctionParameters and noUnusedVariables no longer reports a parameter as unused when another parameter has a constructor type with the same parameter name (#4227).
In the following code, the name
parameter is no longer reported as unused.
export class Foo {
bar(name: string, _class: new (name: string) => any) {
return name
}
}
Contributed by @Conaclos
noUndeclaredDependencies now accepts dependency names with dots. Contributed by @Conaclos
useFilenamingConvention now correctly handles renamed exports (#4254).
The rule allows the filename to be named as one of the exports of the module.
For instance, the file containing the following export can be named Button
.
class Button {}
export { Button }
The rule now correctly handles the renaming of an export.
For example, the file containing the following export can only be named Button
.
Previously the rule expected the file to be named A
.
class A {}
export { A as Button }
Contributed by @Conaclos
useConsistentMemberAccessibility now ignore private class members such as #property
(#4276). Contributed by @Conaclos
noUnknownFunction correctly handles calc-size
function (#4212).
The following code calc-size
is no longer reported as unknown:
.a { height: calc-size(0px); }
Contributed by @fireairforce
useNamingConvention now allows configuring conventions for readonly index signatures.
Contributed by @sepruko
The CSS parser now accepts more emoji in identifiers (#3627).
Browsers accept more emoji than the standard allows. Biome now accepts these additional emojis.
The following code is now correctly parsed:
p {
--✨-color: red;
color: var(--✨-color);
}
Contributed by @Conaclos
Add support for parsing typescript's resolution-mode
in Import Types(#2115)
export type Fs = typeof import('fs', { with: { 'resolution-mode': 'import' } });
export type TypeFromRequire =
import("pkg", { with: { "resolution-mode": "require" } }).TypeFromRequire;
export type TypeFromImport =
import("pkg", { with: { "resolution-mode": "import" } }).TypeFromImport;
Contributed by @fireairforce
FAQs
Unknown package
The npm package @biomejs/cli-linux-x64 receives a total of 1,259,608 weekly downloads. As such, @biomejs/cli-linux-x64 popularity was classified as popular.
We found that @biomejs/cli-linux-x64 demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.