This function should have name 'default', I was going to send PR, but somehow I can't make test pass, I tried to reinstall deps serval times, but no luck.

Example: const a = []; a === a will evaluate to false.

This is because getStaticValue evaluates each reference to a variable separately, so we get different objects with the same value each time. However, they should be the same value.

Solution: Cache the value of each variable.

Non-solution: Change the === operator (among others) to not evaluate the equality of non-value types. This solution simply doesn't scale as built-in safe functions might use === under the hood.

ESLint v8.0.0 is released 🎉

It would be awesome to have official ESLint 8 support. 👊
I'm happy to help where I can of course 🙂

try {} catch (error) {}

I don't think error is parenthesized.

ESLint v7.0.0 is released 🎉

It would be awesome to have official ESLint 7 support. 👊
I'm happy to help where I can of course 🙂

When getStaticValue() is called with a scope and encounters an identifier referring to a variable declared with const, it computes that variable's static value based on its const declaration initializer only. If the variable is initialized to a mutable value, it can later be modified, resulting in the return value from getStaticValue() not matching the variable's true value at time of use.

Example:

const mutable = {a: 1};
mutable.b = 2;
mutable;

Calling getStaticValue() on the Identifier node mutable on line 3 returns {value: {a: 1}}, but mutable's actual value is {a: 1, b: 2}.

Minimal working example

This can also result in erroneously identifying identifiers as static. For example:

const mutable = {a: 1};
mutable.b = foo();
mutable;

mutable on line 3 is not static-valued, but getStaticValue() returns {value: {a: 1}}.

Example:

const symbol = Symbol();
(symbol === symbol); // <--

The value of the expression on line 2 is true, but getStaticValue() returns {value: false}.

This is probably because the two recursive calls to getStaticValueR() (evaluating the left and right sides of the BinaryExpression) both invoke Symbol() and so both return different Symbols.

This could be resolved either by removing Symbol from callAllowed or by caching the static values of Identifiers encountered during recursion. However, the latter approach would still produce strange results if the user compared the returned static values of, for example, two different references to const symbol = Symbol();.

getStaticValue evaluates Math.random() which is a problem because it makes the result of getStaticValue non-deterministic.

Currently getPropertyName always return string (bigint is also possible when it's Literal), but property can be a symbol

bar[Symbol.iterator]()

This can be calculated by getStaticValue.

BTW: Similar bug in ESLint core, this will cause foo["Symbol()"] foo[Symbol()] considered as same reference.

I think it should return string | symbol or just return the value as it is, let user convert to string.

v3.0.0 of this package supports the following node versions:

"engines": {
    "node": "^10.0.0 || ^12.0.0 || >= 14.0.0"
  },

Why is node 13 ignored/disabled?

I want to use the eslint-utils with TypeScript. However, the project doesn't have types.

typescript-eslint and eslint-plugin-vue has type themselves.

How about having type for developers who want to use TypeScript?

We would love to have this repo added to the official @eslint-community organization on GitHub.

As you can read in the '@eslint-community GitHub organization' RFC, the goal of this new org is to have a place where community members can help ensure widely depended upon ESLint related packages stay up to date with newer ESLint releases and doesn't hold the wider community back without depending on one person's GitHub/npm account.

Since this plugin is really popular (31M+ download/week), it's used by the main ESLint repo & since it's currently unmaintained (the latest commit is 1y+ old & the latest interaction is 1y+ old as well), we'd love you —@mysticatea— to transfer this repo to a better home, so you're welcome to transfer this repository to the new org.

Similar to getStaticValue, but only tell the type.

For example

`a${foo}` -> string
[...foo] -> array
{foo} -> object
!foo -> boolean
...

It's useful to make some auto-fix, example

Enforce new Array(foo) to Array.from({length: foo}) or [foo], if we can know type of foo is number, we can auto fix to the first one.

i even downloaded the repo and ran the tests

Remediation
Upgrade eslint-utils to version 1.4.1 or later. For example:

"dependencies": {
"eslint-utils": ">=1.4.1"
}
or…
"devDependencies": {
"eslint-utils": ">=1.4.1"
}
Always verify the validity and compatibility of suggestions with your codebase.

Details
GHSA-3gx7-xhv7-5mx3 More information
critical severity
Vulnerable versions: >= 1.2.0, < 1.4.1
Patched version: 1.4.1
'getStaticValue' function can execute arbitrary code
Impact
getStaticValue function can execute arbitrary code.

Patches
This problem has been patched in 1.4.1. Please update eslint-utils.

Workarounds
Don't use getStaticValue function, getStringIfConstant function, and getPropertyName function.

For more information
If you have any questions or comments about this advisory:

Open an issue in eslint-utils