Research
Security News
Malicious npm Packages Use Telegram to Exfiltrate BullX Credentials
Socket uncovers an npm Trojan stealing crypto wallets and BullX credentials via obfuscated code and Telegram exfiltration.
By Kush Pandya - May 08, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
eslint-plugin-use-effect-no-deps
Advanced tools
eslint-plugin-use-effect-no-deps
Warns a user when the react hook useEffect is called with no dependency array
eslint-plugin-use-effect-no-deps
Warns a user when the react hook useEffect is called with no dependency array.
My team found that we rarely needed the behavior of useEffect without a dependency array as the second argument. Among the 60 usages of useEffect in our codebase, none needed the effect to run on every render of the component. This rule makes an author ensure that the behavior of useEffect with one argument is what they intended.
Installation
You'll first need to install ESLint:
$ npm i eslint --save-dev
Next, install eslint-plugin-use-effect-no-deps:
$ npm install eslint-plugin-use-effect-no-deps --save-dev
Note: If you installed ESLint globally (using the -g flag) then you must also install eslint-plugin-use-effect-no-deps globally.
Usage
Add use-effect-no-deps to the plugins section of your .eslintrc configuration file. You can omit the eslint-plugin- prefix:
{
"plugins": [
"use-effect-no-deps"
]
}
Then configure the rules you want to use under the rules section.
{
"rules": {
"use-effect-no-deps/use-effect-no-deps": "warn"
}
}
Supported Rules
- use-effect-no-deps
Attributions
The code for this rule is based on the exhaustive-deps rule that Facebook publishes under the MIT License. You can find the source code for that rule here: https://github.com/facebook/react/blob/master/packages/eslint-plugin-react-hooks/src/ExhaustiveDeps.js
Keywords
FAQs
Warns a user when the react hook useEffect is called with no dependency array
The npm package eslint-plugin-use-effect-no-deps receives a total of 7,125 weekly downloads. As such, eslint-plugin-use-effect-no-deps popularity was classified as popular.
We found that eslint-plugin-use-effect-no-deps demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 22 Nov 2019
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Security News
Backdooring the IDE: Malicious npm Packages Hijack Cursor Editor on macOS
Malicious npm packages posing as developer tools target macOS Cursor IDE users, stealing credentials and modifying files to gain persistent backdoor access.
By Kirill Boychenko - May 07, 2025
Security News
AI Slop Is Polluting Bug Bounty Platforms with Fake Vulnerability Reports
AI-generated slop reports are making bug bounty triage harder, wasting maintainer time, and straining trust in vulnerability disclosure programs.
By Sarah Gooding - May 06, 2025