may be due to downtime on deployment host

Description

Using .bind() or passing local callback functions as props to react component incurs a performance overhead. Consider using React.useCallback, or if possible, moving the callback definition outside the component. EXCEPTIONS: This rule may not apply if your react component is only rendered once, or if your application is not performance …

Occurrences

There are 27 occurrences of this issue in the repository.

See all occurrences on DeepSource → app.deepsource.com/gh/raspberri05/todo-list/issue/JS-0417/occurrences/

Description

Variables that aren't defined, but accessed may throw reference errors at runtime. > NOTE: In browser applications, DeepSource recommends the use of ESModules over regular text/javascript scripts. > Using variables that are injected by scripts included in an HTML file is currently not supported.

Occurrences

There are 6 occurrences of this issue in the repository.

See all occurrences on DeepSource → app.deepsource.com/gh/raspberri05/todo-list/issue/JS-0125/occurrences/

Description

The process.exit() method in Node.js is used to immediately stop the Node.js process and exit. This is a dangerous operation because it can occur in any method at any point in time, potentially stopping a Node.js application completely when an error occurs. For example:

Occurrences

There are 2 occurrences of this issue in the repository.

See all occurrences on DeepSource → app.deepsource.com/gh/raspberri05/todo-list/issue/JS-0263/occurrences/

Description

It is recommended to use a variable only after it is defined as it might produce errors at runtime.

Occurrences

There is 1 occurrence of this issue in the repository.

See all occurrences on DeepSource → app.deepsource.com/gh/raspberri05/todo-list/issue/JS-0129/occurrences/

Description

It is recommended to have documentation comments above, or right inside a function/class declaration. This helps developers, users and even the author understand the purpose of a code snippet or API function in the future. NOTE: If you want to stop this issue from getting raised on certain constructs (arrow …

Occurrences

There are 31 occurrences of this issue in the repository.

See all occurrences on DeepSource → app.deepsource.com/gh/raspberri05/todo-list:react-auth/issue/JS-D1001/occurrences/

Description

Having empty functions hurts readability, and is considered a code-smell. There's almost always a way to avoid using them. If you must use one, consider adding a comment to inform the reader of its purpose.

Occurrences

There are 2 occurrences of this issue in the repository.

See all occurrences on DeepSource → app.deepsource.com/gh/raspberri05/todo-list/issue/JS-0321/occurrences/

Description

Using non-null assertions cancels out the benefits of strict null-checking, and introduces the possibility of runtime errors. Avoid non-null assertions unless absolutely necessary. If you still need to use one, write a skipcq comment to explain why it is safe.

Occurrences

There is 1 occurrence of this issue in the repository.

See all occurrences on DeepSource → app.deepsource.com/gh/raspberri05/todo-list/issue/JS-0339/occurrences/

Description

It is recommended to have documentation comments above, or right inside a function/class declaration. This helps developers, users and even the author understand the purpose of a code snippet or API function in the future. NOTE: If you want to stop this issue from getting raised on certain constructs (arrow …

Occurrences

There are 35 occurrences of this issue in the repository.

See all occurrences on DeepSource → app.deepsource.com/gh/raspberri05/todo-list/issue/JS-D1001/occurrences/

Description

Variables that are never re-assigned a new value after their initial declaration should be declared with the const keyword. This prevents the programmer from erroneously re-assigning to a read-only variable, and informs those reading the code that a variable is a constant value.

Occurrences

There are 9 occurrences of this issue in the repository.

See all occurrences on DeepSource → app.deepsource.com/gh/raspberri05/todo-list:react-auth/issue/JS-0242/occurrences/

i shouldn't have to npm install with the --force flag

Description

A function that does not contain any await expressions should not be async (except for some edge cases in TypeScript which are discussed below). Asynchronous functions in JavaScript behave differently than other functions in two important ways:

Occurrences

There is 1 occurrence of this issue in the repository.

See all occurrences on DeepSource → app.deepsource.com/gh/raspberri05/todo-list/issue/JS-0116/occurrences/

Description

Fragments are a syntax that allow you to build a react component with multiple nodes or subcomponents, without requiring a wrapper element. A fragment is considered to be redundant if: - it contains only one child, - it is the child of a html element, - it is not a …

Occurrences

There are 2 occurrences of this issue in the repository.

See all occurrences on DeepSource → app.deepsource.com/gh/raspberri05/todo-list/issue/JS-0424/occurrences/

Description

Having empty functions hurts readability, and is considered a code-smell. There's almost always a way to avoid using them. If you must use one, consider adding a comment to inform the reader of its purpose.

Occurrences

There is 1 occurrence of this issue in the repository.

See all occurrences on DeepSource → app.deepsource.com/gh/raspberri05/todo-list:react-auth/issue/JS-0321/occurrences/

Description

The issue is raised because of missing or unescaped JSX escape characters. These characters would be injected as a text node in JSX statements, which might not be intentional. These won't throw any syntax or runtime errors, but the rendered output will not be the same as expected.

Occurrences

There are 6 occurrences of this issue in the repository.

See all occurrences on DeepSource → app.deepsource.com/gh/raspberri05/todo-list/issue/JS-0454/occurrences/

Description

Nesting JSX elements too deeply can confuse developers reading the code. To make maintenance and refactoring easier, DeepSource recommends limiting the maximum JSX tree depth to 4.

Occurrences

There are 4 occurrences of this issue in the repository.

See all occurrences on DeepSource → app.deepsource.com/gh/raspberri05/todo-list/issue/JS-0415/occurrences/

Description

Using non-null assertions cancels out the benefits of strict null-checking, and introduces the possibility of runtime errors. Avoid non-null assertions unless absolutely necessary. If you still need to use one, write a skipcq comment to explain why it is safe.

Occurrences

There is 1 occurrence of this issue in the repository.

See all occurrences on DeepSource → app.deepsource.com/gh/raspberri05/todo-list:react-auth/issue/JS-0339/occurrences/

Description

The any type can sometimes leak into your codebase. TypeScript compiler skips the type checking of the any typed variables, so it creates a potential safety hole, and source of bugs in your codebase. We recommend using unknown or never type variable.

Occurrences

There are 8 occurrences of this issue in the repository.

See all occurrences on DeepSource → app.deepsource.com/gh/raspberri05/todo-list:react-auth/issue/JS-0323/occurrences/

Description

In ES2015 (ES6), we can use template literals instead of string concatenation.

Occurrences

There are 17 occurrences of this issue in the repository.

See all occurrences on DeepSource → app.deepsource.com/gh/raspberri05/todo-list/issue/JS-0246/occurrences/

Description

Any code paths that do not have explicit returns will return undefined. It is recommended to replace any implicit dead-ends that return undefined with a return null statement.

Occurrences

There are 2 occurrences of this issue in the repository.

See all occurrences on DeepSource → app.deepsource.com/gh/raspberri05/todo-list/issue/JS-0045/occurrences/

Description

Some builtin types have aliases, some types are considered dangerous or harmful. It's often a good idea to ban certain types to help with consistency and safety.

Occurrences

There are 6 occurrences of this issue in the repository.

See all occurrences on DeepSource → app.deepsource.com/gh/raspberri05/todo-list/issue/JS-0296/occurrences/

Description

Variables that are never re-assigned a new value after their initial declaration should be declared with the const keyword. This prevents the programmer from erroneously re-assigning to a read-only variable, and informs those reading the code that a variable is a constant value.

Occurrences

There are 13 occurrences of this issue in the repository.

See all occurrences on DeepSource → app.deepsource.com/gh/raspberri05/todo-list/issue/JS-0242/occurrences/

Vulnerable Library - react-scripts-5.0.1.tgz

Path to dependency file: /react-auth/package.json

Path to vulnerable library: /react-auth/node_modules/svgo/node_modules/nth-check/package.json

Found in HEAD commit: 8158cd98fed05d23f1b18f7b2fb743c80afd0c3d

Vulnerabilities

CVE	Severity	CVSS	Dependency	Type	Fixed in (react-scripts version)	Remediation Possible**
CVE-2021-3803	High	7.5	nth-check-1.0.2.tgz	Transitive	N/A*	❌

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2021-3803

Vulnerable Library - nth-check-1.0.2.tgz

performant nth-check parser & compiler

Library home page: https://registry.npmjs.org/nth-check/-/nth-check-1.0.2.tgz

Path to dependency file: /react-auth/package.json

Path to vulnerable library: /react-auth/node_modules/svgo/node_modules/nth-check/package.json

Dependency Hierarchy:

• react-scripts-5.0.1.tgz (Root Library)
  • webpack-5.5.0.tgz
    • plugin-svgo-5.5.0.tgz
      • svgo-1.3.2.tgz
        • css-select-2.1.0.tgz
          • ❌ nth-check-1.0.2.tgz (Vulnerable Library)

Found in HEAD commit: 8158cd98fed05d23f1b18f7b2fb743c80afd0c3d

Found in base branch: main

Vulnerability Details

nth-check is vulnerable to Inefficient Regular Expression Complexity

Publish Date: 2021-09-17

URL: CVE-2021-3803

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2021-09-17

Fix Resolution: nth-check - v2.0.1

Step up your Open Source Security Game with Mend here

Description

The any type can sometimes leak into your codebase. TypeScript compiler skips the type checking of the any typed variables, so it creates a potential safety hole, and source of bugs in your codebase. We recommend using unknown or never type variable.

Occurrences

There are 7 occurrences of this issue in the repository.

See all occurrences on DeepSource → app.deepsource.com/gh/raspberri05/todo-list/issue/JS-0323/occurrences/

Description

Nesting JSX elements too deeply can confuse developers reading the code. To make maintenance and refactoring easier, DeepSource recommends limiting the maximum JSX tree depth to 4.

Occurrences

There are 4 occurrences of this issue in the repository.

See all occurrences on DeepSource → app.deepsource.com/gh/raspberri05/todo-list:react-auth/issue/JS-0415/occurrences/

Description

Variables, functions and types should always be used after they've been defined. This issue will flag any code snippets that use variables or types before definition.

Occurrences

There are 3 occurrences of this issue in the repository.

See all occurrences on DeepSource → app.deepsource.com/gh/raspberri05/todo-list/issue/JS-0357/occurrences/

Description

Using literals like true, 0, and false on either side of a logical operator is unnecessary. For example, true && something will always evaluate to something.

Occurrences

There is 1 occurrence of this issue in the repository.

See all occurrences on DeepSource → app.deepsource.com/gh/raspberri05/todo-list/issue/JS-W1043/occurrences/

Use .env secrets to store local/deployment API endpoints. This will eliminate the need to manage 2 separate branches that are essentially the same.

Description

Found variables that are declared but not used anywhere. > NOTE: In browser applications, DeepSource recommends the use of ESModules over regular text/javascript scripts. > Currently, we don't support variables that are not explicitly exported, > and are injected into other scripts by being included in an HTML file

Occurrences

There are 2 occurrences of this issue in the repository.

See all occurrences on DeepSource → app.deepsource.com/gh/raspberri05/todo-list/issue/JS-0128/occurrences/

Description

In TypeScript, one can access properties using the dot notation (object.property) or square-bracket notation (object["property"]). However, the dot notation is often preferred because it is easier to read and less verbose.

Occurrences

There are 2 occurrences of this issue in the repository.

See all occurrences on DeepSource → app.deepsource.com/gh/raspberri05/todo-list/issue/JS-0303/occurrences/

Description

Two variables can have the same name if they're declared in different scopes. In the example below, the parameter x is said to "shadow" the variable x declared above it. The outer x can no longer be accessed inside the sum function.

Occurrences

There are 2 occurrences of this issue in the repository.

See all occurrences on DeepSource → app.deepsource.com/gh/raspberri05/todo-list/issue/JS-0123/occurrences/

Description

Unused variables are generally considered a code smell and should be avoided.

Occurrences

There are 10 occurrences of this issue in the repository.

See all occurrences on DeepSource → app.deepsource.com/gh/raspberri05/todo-list/issue/JS-0356/occurrences/