JS-0002 · Avoid using `console` in code that runs on browser

Avoid using console in code that runs on browser JS-0002

Bug risk

Major

3 years ago — 3 years old

Unexpected console statement

102      return getPartHash(filepath).then((hashBlock: HashBlock) => hashBlock.hash === filehash);
103    }
104    if (!hashBlocks) {
105      console.warn(`File ${filepath} should have hash blocks because it's too big`);106    }
107
108    const divider = Math.ceil(stat.size / MB100);

Unexpected console statement

src/common.ts

 97  return io.stat(filepath).then((stat: fse.Stats) => {
 98    if (stat.size < MB20) {
 99      if (hashBlocks) {
100        console.warn(`File ${filepath} should have no hash blocks because it's too small`);101      }
102      return getPartHash(filepath).then((hashBlock: HashBlock) => hashBlock.hash === filehash);
103    }

Unexpected console statement

src/io_context.ts

547      const p0 = cp.spawn('powershell.exe', [cloneFileViaBlockClonePs1, src, dst]);
548      return new Promise((resolve, reject) => {
549        p0.stdout.on('data', (data) => console.log(data.toString()));
550        p0.stderr.on('data', (data) => console.log(data.toString()));551        p0.on('exit', (code) => {
552          if (code === 0) {
553            resolve();

Unexpected console statement

src/io_context.ts

546
547      const p0 = cp.spawn('powershell.exe', [cloneFileViaBlockClonePs1, src, dst]);
548      return new Promise((resolve, reject) => {
549        p0.stdout.on('data', (data) => console.log(data.toString()));550        p0.stderr.on('data', (data) => console.log(data.toString()));
551        p0.on('exit', (code) => {
552          if (code === 0) {

Unexpected console statement

src/io_context.ts

540      } else if (fse.pathExistsSync(join(__dirname, '..', 'resources', cloneFileViaBlockClonePs1))) {
541        cloneFileViaBlockClonePs1 = join(__dirname, '..', 'resources', cloneFileViaBlockClonePs1);
542      } else {
543        console.warn(`unable to locate ${cloneFileViaBlockClonePs1}, fallback to fss.copyFile(..)`);544        return io.copyFile(src, dst, fse.constants.COPYFILE_FICLONE);
545      }
546

Description

It is considered a best practice to avoid the use of any console methods in JavaScript code that will run on the browser.

NOTE: If your repository contains a server side project, you can add "nodejs" to the environment property of analyzer meta in .deepsource.toml. This will prevent this issue from getting raised. Documentation for the analyzer meta can be found here. Alternatively, you can silence this issue for your repository as shown here.

If a specific console call is meant to stay for other reasons, you can add a skipcq comment to that line. This will inform other developers about the reason behind the log's presence, and prevent DeepSource from flagging it.

Usually, console methods are only used for debugging, and can leak internal info to the client. Removing the console call will fix this issue.

Bad Practice

if (!secure(data)) {
  console.log("data is not secure", data) // `data` is visible to the client
}

console.table(tableObj)

snowtrack / snowfs

Bad Practice

Recommended