console
in code that runs on browser JS-0002102 return getPartHash(filepath).then((hashBlock: HashBlock) => hashBlock.hash === filehash);
103 }
104 if (!hashBlocks) {
105 console.warn(`File ${filepath} should have hash blocks because it's too big`);106 }
107
108 const divider = Math.ceil(stat.size / MB100);
97 return io.stat(filepath).then((stat: fse.Stats) => {
98 if (stat.size < MB20) {
99 if (hashBlocks) {
100 console.warn(`File ${filepath} should have no hash blocks because it's too small`);101 }
102 return getPartHash(filepath).then((hashBlock: HashBlock) => hashBlock.hash === filehash);
103 }
547 const p0 = cp.spawn('powershell.exe', [cloneFileViaBlockClonePs1, src, dst]);
548 return new Promise((resolve, reject) => {
549 p0.stdout.on('data', (data) => console.log(data.toString()));
550 p0.stderr.on('data', (data) => console.log(data.toString()));551 p0.on('exit', (code) => {
552 if (code === 0) {
553 resolve();
546
547 const p0 = cp.spawn('powershell.exe', [cloneFileViaBlockClonePs1, src, dst]);
548 return new Promise((resolve, reject) => {
549 p0.stdout.on('data', (data) => console.log(data.toString()));550 p0.stderr.on('data', (data) => console.log(data.toString()));
551 p0.on('exit', (code) => {
552 if (code === 0) {
540 } else if (fse.pathExistsSync(join(__dirname, '..', 'resources', cloneFileViaBlockClonePs1))) {
541 cloneFileViaBlockClonePs1 = join(__dirname, '..', 'resources', cloneFileViaBlockClonePs1);
542 } else {
543 console.warn(`unable to locate ${cloneFileViaBlockClonePs1}, fallback to fss.copyFile(..)`);544 return io.copyFile(src, dst, fse.constants.COPYFILE_FICLONE);
545 }
546
It is considered a best practice to avoid the use of any console
methods in JavaScript code that will run on the browser.
NOTE: If your repository contains a server side project, you can add "nodejs"
to the environment
property of analyzer meta in .deepsource.toml
.
This will prevent this issue from getting raised.
Documentation for the analyzer meta can be found here.
Alternatively, you can silence this issue for your repository as shown here.
If a specific console
call is meant to stay for other reasons, you can add a skipcq comment to that line.
This will inform other developers about the reason behind the log's presence, and prevent DeepSource from flagging it.
Usually, console
methods are only used for debugging, and can leak internal info to the client.
Removing the console
call will fix this issue.
if (!secure(data)) {
console.log("data is not secure", data) // `data` is visible to the client
}
console.table(tableObj)
if (!secure(data)) {
// alter the DOM to inform the user that `data` is insecure.
}
console.table(tableObj) // skipcq: JS-0002 Easter egg. Users are meant to see this.