JS-0002 · Avoid using `console` in code that runs on browser

Avoid using console in code that runs on browser JS-0002

Bug risk

Major

a year ago — 2 years old

Avoid using console in code that runs on the browser

18
19const init = async () => { 
20  const browserSyncData = await waitForSyncData();
21  console.log(browserSyncData);22  const renderOptions = browserSyncData.iconRenderOptions;
23
24  document.getElementById("render-size").value = renderOptions.size;

Avoid using console in code that runs on the browser

inject/90-run/1-functions.js

 71    logger.debug(`update browser local data`, browserLocalData);
 72  })
 73  .catch(err => {
 74    console.trace(err); 75    logger.error(err);
 76  })
 77}

Avoid using console in code that runs on the browser

background.js

 69    }
 70
 71    chrome.storage.sync.set(result, () => {
 72      console.log(`Hello, Welcome! data installed to your sync storage: `, result); 73    });
 74  });
 75}

Avoid using console in code that runs on the browser

background.js

177    }
178
179    chrome.storage.sync.set(newSyncData, () => {
180      console.log(`Refresh done!: sync data`, newSyncData);181    });
182    chrome.storage.local.set(newLocalData, () => {
183      console.log(`Refresh done!: local data`, newLocalData);

Avoid using console in code that runs on the browser

background.js

135///////////////////////////////////////////////////
136
137const cronjob = async () => {
138  console.log(`Execute refresh job!`);139
140  const streamers = await getStreamerList();
141

Description

It is considered a best practice to avoid the use of any console methods in JavaScript code that will run on the browser.

NOTE: If your repository contains a server side project, you can add "nodejs" to the environment property of analyzer meta in .deepsource.toml. This will prevent this issue from getting raised. Documentation for the analyzer meta can be found here. Alternatively, you can silence this issue for your repository as shown here.

If a specific console call is meant to stay for other reasons, you can add a skipcq comment to that line. This will inform other developers about the reason behind the log's presence, and prevent DeepSource from flagging it.

Usually, console methods are only used for debugging, and can leak internal info to the client. Removing the console call will fix this issue.

Bad Practice

if (!secure(data)) {
  console.log("data is not secure", data) // `data` is visible to the client
}

console.table(tableObj)

drowsy-probius / twitch-icon-selector

Bad Practice

Recommended