Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@putout/plugin-new
Advanced tools
🐊Putout plugin adds ability to remove useless and add missing operator 'new'
The
new
operator lets developers create an instance of a user-defined object type or of one of the built-in object types that has a constructor function.(c) MDN
🐊Putout plugin adds ability to add missing and remove useless operator new
.
npm i @putout/plugin-new
{
"rules": {
"new/remove-useless": "on",
"new/add-missing": "on"
}
}
Operator new
has no sense for Boolean
, String
, Number
, Object
, RegExp
, Math
, Reflect
, Error
, TypeError
:
Thus the function call
Error(…)
is equivalent to the object creation expressionnew Error(…)
with the same arguments.(c) https://262.ecma-international.org/12.0/#sec-error-constructor
And Symbol
, BigInt
cannot be used with new
, as it is primitive.
new Error('Something whent wrong');
new new Boolean()();
Error('Something whent wrong');
Boolean();
The
Set
constructor lets you create Set objects that store unique values of any type, whether primitive values or object references.(c) MDN
Missing operator new
should be added since built-in objects:
Set
;WeakSet
;Map
;WeakMap
;Int8Array
;Uint8Array
;Uint8ClampedArray
;Int16Array
;Uint16Array
;Int32Array
;Uint32Array
;Float32Array
;Float64Array
;BigInt64Array
;BigUint64Array
;Produces TypeError
when called without new
:
Uncaught TypeError: Constructor Set requires 'new'
const map = Map();
const map = new Map();
Linter | Rule | Fix |
---|---|---|
🐊 Putout | remove-useless-new | ✅ |
⏣ ESLint | no-new-wrappers | ❌ |
⠀ | no-new-object | ❌ |
⠀ | no-array-constructor | ❌ |
⠀ | no-new-symbol | ❌ |
⠀ | no-new-native-constructor | ❌ |
MIT
FAQs
🐊Putout plugin adds ability to remove useless and add missing operator 'new'
We found that @putout/plugin-new demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.