Merged
Conversation
🦋 Changeset detectedLatest commit: 1e5108c The changes in this PR will be included in the next version bump. This PR includes changesets to release 13 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
Contributor
WalkthroughA Changeset is added to publish a patch for Possibly related PRs
Suggested labels
Suggested reviewers
🚥 Pre-merge checks | ✅ 2✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Warning Review ran into problems🔥 ProblemsGit: Failed to clone repository. Please run the Comment |
Contributor
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (1)
.changeset/tidy-shirts-cut.md (1)
5-5: Changeset text is a bit maintainer-facingLine 5 reads like internal metadata. Please rephrase it in user-impact terms and include the
recommended: truechange so release notes are clearer.Possible wording
-Updated the metadata for `noImpliedEval` to include `no-new-func` as a rule source. +Updated `noImpliedEval` to recognise ESLint's `no-new-func` during migration, and marked the rule as recommended (applies when using unstable nursery rules).As per coding guidelines, ".changeset/*.md: Write changeset descriptions for end users, not developers."
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.changeset/tidy-shirts-cut.md at line 5, Update the changeset description so it speaks to end users: replace the maintainer-facing metadata mention of "noImpliedEval" and "no-new-func as a rule source" with a user-facing sentence explaining the change (e.g., "Add no-new-func as a source for noImpliedEval rule to improve detection of new Function() and eval-like usage") and add the recommended: true flag to the changeset metadata so the release notes clearly state this rule is recommended.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@crates/biome_js_analyze/src/lint/nursery/no_implied_eval.rs`:
- Around line 80-83: The mapping claims coverage of ESLint's "no-new-func" but
this rule (in no_implied_eval.rs) only inspects
setTimeout/setInterval/setImmediate calls, so either remove
RuleSource::Eslint("no-new-func").inspired() from the list or extend the lint to
detect Function constructor usage; to fix, either delete the
RuleSource::Eslint("no-new-func").inspired() entry in the rule's sources array,
or add AST checks in the no_implied_eval lint for NewExpression and
CallExpression nodes whose callee is an Identifier named "Function" (and also
handle possible MemberExpression cases if needed) and emit the same diagnostic
so the rule truly covers Function(...) / new Function(...).
---
Nitpick comments:
In @.changeset/tidy-shirts-cut.md:
- Line 5: Update the changeset description so it speaks to end users: replace
the maintainer-facing metadata mention of "noImpliedEval" and "no-new-func as a
rule source" with a user-facing sentence explaining the change (e.g., "Add
no-new-func as a source for noImpliedEval rule to improve detection of new
Function() and eval-like usage") and add the recommended: true flag to the
changeset metadata so the release notes clearly state this rule is recommended.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: 4a449b4e-bdcf-4ba9-8b6d-61317bdb253f
⛔ Files ignored due to path filters (1)
crates/biome_cli/src/execute/migrate/eslint_any_rule_to_biome.rsis excluded by!**/migrate/eslint_any_rule_to_biome.rsand included by**
📒 Files selected for processing (2)
.changeset/tidy-shirts-cut.mdcrates/biome_js_analyze/src/lint/nursery/no_implied_eval.rs
Merging this PR will not alter performance
Comparing Footnotes
|
no-new-func as a rule source for noImpliedEvalnew Function(...)
b2c221d to
ef02635
Compare
new Function(...)new Function(...)
Contributor
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@crates/biome_js_analyze/src/lint/nursery/no_implied_eval.rs`:
- Around line 107-130: The string-argument branch currently runs for both
JsNewExpression and JsCallExpression (because Query is JsNewOrCallExpression)
causing false positives for constructs like new setTimeout("..."); restrict that
branch to call expressions only: after resolving node (in run) verify the node
is a call expression (e.g., via node.as_call_expression() /
node.is_call_expression() or pattern-match the JsNewOrCallExpression into a
JsCallExpression) before checking args and calling is_string_argument, and only
return Some(NoImpliedEvalState::StringArgument) when the node is a call
expression.
In `@crates/biome_js_analyze/tests/specs/nursery/noImpliedEval/valid.js`:
- Around line 68-79: The file has two top-level declarations named Function (a
class at the top and a later function), causing a syntax error; split them into
separate scopes so both shadowing cases are valid—e.g., wrap one of the
top-level cases in its own block or IIFE (or move the later function into the
existing nestedClass or another function scope) so the class declaration `class
Function {}` and the function declaration `function Function() {}` are not in
the same top-level scope; ensure the `new Function()` calls remain in scope that
sees the intended shadowed binding so the rule tests still exercise both
shadowing scenarios.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: 5cdf02e4-33a5-47d2-82d8-7d6a8527595b
⛔ Files ignored due to path filters (3)
crates/biome_cli/src/execute/migrate/eslint_any_rule_to_biome.rsis excluded by!**/migrate/eslint_any_rule_to_biome.rsand included by**crates/biome_js_analyze/tests/specs/nursery/noImpliedEval/invalid.js.snapis excluded by!**/*.snapand included by**crates/biome_js_analyze/tests/specs/nursery/noImpliedEval/valid.js.snapis excluded by!**/*.snapand included by**
📒 Files selected for processing (4)
.changeset/tidy-shirts-cut.mdcrates/biome_js_analyze/src/lint/nursery/no_implied_eval.rscrates/biome_js_analyze/tests/specs/nursery/noImpliedEval/invalid.jscrates/biome_js_analyze/tests/specs/nursery/noImpliedEval/valid.js
✅ Files skipped from review due to trivial changes (1)
- .changeset/tidy-shirts-cut.md
ematipico
approved these changes
Apr 7, 2026
Member
ematipico
left a comment
There was a problem hiding this comment.
The changeset needs more love
| expression: &AnyJsExpression, | ||
| model: &biome_js_semantic::SemanticModel, | ||
| ) -> bool { | ||
| let Some((reference, name)) = global_identifier(&expression.clone().omit_parentheses()) else { |
Member
There was a problem hiding this comment.
This function already removes the parentheses, no need to do it here
ef02635 to
1e5108c
Compare
Contributor
There was a problem hiding this comment.
🧹 Nitpick comments (1)
crates/biome_js_analyze/src/lint/nursery/no_implied_eval.rs (1)
218-227: Remove unnecessary.clone()call.
expressionis already&AnyJsExpression, so the clone is redundant here.♻️ Proposed fix
fn is_global_function_constructor( expression: &AnyJsExpression, model: &biome_js_semantic::SemanticModel, ) -> bool { - let Some((reference, name)) = global_identifier(&expression.clone()) else { + let Some((reference, name)) = global_identifier(expression) else { return false; }; name.text() == "Function" && model.binding(&reference).is_none() }🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@crates/biome_js_analyze/src/lint/nursery/no_implied_eval.rs` around lines 218 - 227, The .clone() on expression is unnecessary; in is_global_function_constructor call global_identifier with the existing reference rather than cloning—replace global_identifier(&expression.clone()) with global_identifier(expression) (referencing the function is_global_function_constructor, the parameter expression, and the global_identifier call).
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Nitpick comments:
In `@crates/biome_js_analyze/src/lint/nursery/no_implied_eval.rs`:
- Around line 218-227: The .clone() on expression is unnecessary; in
is_global_function_constructor call global_identifier with the existing
reference rather than cloning—replace global_identifier(&expression.clone())
with global_identifier(expression) (referencing the function
is_global_function_constructor, the parameter expression, and the
global_identifier call).
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: 869f746f-4c5e-40c5-b330-16b3d1142f5f
⛔ Files ignored due to path filters (3)
crates/biome_cli/src/execute/migrate/eslint_any_rule_to_biome.rsis excluded by!**/migrate/eslint_any_rule_to_biome.rsand included by**crates/biome_js_analyze/tests/specs/nursery/noImpliedEval/invalid.js.snapis excluded by!**/*.snapand included by**crates/biome_js_analyze/tests/specs/nursery/noImpliedEval/valid.js.snapis excluded by!**/*.snapand included by**
📒 Files selected for processing (4)
.changeset/tidy-shirts-cut.mdcrates/biome_js_analyze/src/lint/nursery/no_implied_eval.rscrates/biome_js_analyze/tests/specs/nursery/noImpliedEval/invalid.jscrates/biome_js_analyze/tests/specs/nursery/noImpliedEval/valid.js
✅ Files skipped from review due to trivial changes (1)
- .changeset/tidy-shirts-cut.md
🚧 Files skipped from review as they are similar to previous changes (2)
- crates/biome_js_analyze/tests/specs/nursery/noImpliedEval/invalid.js
- crates/biome_js_analyze/tests/specs/nursery/noImpliedEval/valid.js
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This extends
noImpliedEvalto cover the functionality of https://eslint.org/docs/latest/rules/no-new-funcThe functionality of
no-new-funcis a subset ofno-implied-eval(at least for the typescript-eslint version of the rule), so it makes sense to add it as a rule source.I also took the chance to make the rule recommended. This has no effect on end users because nursery rules can't be activated when using recommended rules.
Test Plan
CI should be green
Docs