Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@biomejs/cli-win32-x64
Advanced tools
v1.9.3 (2024-10-01)
GritQL queries that match functions or methods will now match async functions or methods as well.
If this is not what you want, you can capture the async
keyword (or its absence) in a metavariable and assert its emptiness:
$async function foo() {} where $async <: .
Contributed by @arendjr
Fix #4077: Grit queries no longer need to match the statement's trailing semicolon. Contributed by @arendjr
Fix #4102. Now the CLI command lint
doesn't exit with an error code when using --write
/--fix
. Contributed by @ematipico
noLabelWithoutControl
options where incorrectly marked as mandatory. Contributed by @ematipicoFix #3924 where GraphQL formatter panics in block comments with empty line. Contributed by @vohoanglong0107
Fix #3364 where the useSelfClosingElements
rule forces the script
tag to be self-closing. Previously, this rule applies to all elements and cannot be disabled for native HTML elements.
Now, this rule accepts a ignoreHtmlElements
option, which when set to true
, ignores native HTML elements and allows them to be non-self-closing.
Contributed by @abidjappie
Fix a case where raw values inside url()
functions weren't properly trimmed.
.value {
- background: url(
- whitespace-around-string
- );
+ background: url(whitespace-around-string);
}
Contributed by @ematipico
Fixed #4076, where a media query wasn't correctly formatted:
.class {
- @media (1024px <= width <=1280px) {
+ @media (1024px <= width <= 1280px) {
color: red;
}
}
Contributed by @blaze-d83
Add noDescendingSpecificity. Contributed by @tunamaguro
Add noNestedTernary. Contributed by @kaykdm
Add noTemplateCurlyInString. Contributed by @fireairforce
Add noOctalEscape. Contributed by @fireairforce
Add an option reportUnnecessaryDependencies
to useExhaustiveDependencies.
Defaults to true. When set to false, errors will be suppressed for React hooks that declare dependencies but do not use them.
Contributed by @simon-paris
Add an option reportMissingDependenciesArray
to useExhaustiveDependencies. Contributed by @simon-paris
noControlCharactersInRegex no longer panics on regexes with incomplete escape sequences. Contributed by @Conaclos
noMisleadingCharacterClass no longer reports issues outside of character classes.
The following code is no longer reported:
/[a-z]👍/;
Contributed by @Conaclos
noUndeclaredDependencies no longer reports Node.js builtin modules as undeclared dependencies.
The rule no longer reports the following code:
import * as fs from "fs";
Contributed by @Conaclos
noUnusedVariables no longer panics when suggesting the renaming of a variable at the start of a file (#4114). Contributed by @Conaclos
noUselessEscapeInRegex no longer panics on regexes that start with an empty character class. Contributed by @Conaclos
noUselessStringConcat no longer panics when it encounters malformed code. Contributed by @Conaclos
noUnusedFunctionParameters no longer reports unused parameters inside an object pattern with a rest parameter.
In the following code, the rule no longer reports a
as unused.
function f({ a, ...rest }) {
return rest;
}
This matches the behavior of noUnusedVariables.
Contributed by @Conaclos
useButtonType no longer reports dynamically created button with a valid type (#4072).
The following code is no longer reported:
React.createElement("button", { type: "button" }, "foo")
Contributed by @Conaclos
useSemanticElements now ignores elements with the img
role (#3994).
MDN recommends using role="img"
for grouping images or creating an image from other elements.
The following code is no longer reported:
<div role="img" aria-label="That cat is so cute">
<p>🐈 😂</p>
</div>
Contributed by @Conaclos
useSemanticElements now ignores alert
and alertdialog
roles (#3858). Contributed by @Conaclos
noUselessFragments don't create invaild JSX code when Fragments children contains JSX Expression and in a LogicalExpression. Contributed by @fireairforce
FAQs
Unknown package
The npm package @biomejs/cli-win32-x64 receives a total of 111,893 weekly downloads. As such, @biomejs/cli-win32-x64 popularity was classified as popular.
We found that @biomejs/cli-win32-x64 demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.