JSLint

JSLint: The JavaScript Code Quality Tool

©2002 Douglas Crockford


Warning!

JSLint will hurt your feelings.

What is JSLint?

JSLint is a JavaScript program that looks for problems in JavaScript programs. It is a code quality tool.

When C was a young programming language, there were several common programming errors that were not caught by the primitive compilers, so an accessory program called lint was developed that would scan a source file, looking for problems.

As the language matured, the definition of the language was strengthened to eliminate some insecurities, and compilers got better at issuing warnings. lint is no longer needed.

JavaScript is a young-for-its-age language. It was originally intended to do small tasks in webpages, tasks for which Java was too heavy and clumsy. But JavaScript is a very capable language, and it is now being used in larger projects. Many of the features that were intended to make the language easy to use are troublesome for larger projects. A lint for JavaScript is needed: JSLint, a JavaScript syntax checker and validator.

JSLint takes a JavaScript source and scans it. If it finds a problem, it returns a message describing the problem and an approximate location within the source. The problem is not necessarily a syntax error, although it often is. JSLint looks at some style conventions as well as structural problems. It does not prove that your program is correct. It just provides another set of eyes to help spot problems.

JSLint defines a professional subset of JavaScript, a stricter language than that defined by Third Edition of the ECMAScript Programming Language Standard. The subset is related to recommendations found in Code Conventions for the JavaScript Programming Language.

JavaScript is a sloppy language, but inside it there is an elegant, better language. JSLint helps you to program in that better language and to avoid most of the slop.

JSLint can operate on JavaScript source, HTML source, or JSON text.

Global Variables

JavaScript's biggest problem is its dependence on global variables, particularly implied global variables. If a variable is not explicitly declared (usually with the var statement), then JavaScript assumes that the variable was global. This can mask misspelled names and other problems.

JSLint expects that all variables and functions are declared before they are used or invoked. This allows it to detect implied global variables. It is also good practice because it makes programs easier to read.

Sometimes a file is dependent on global variables and functions that are defined elsewhere. You can identify these to JSLint with a var statement that lists the global functions and objects that your program depends on.

A global declaration can look like this:

var getElementByAttribute, breakCycles, hanoi;

The declaration should appears near the top of the file. It must appear before the use of the variables it declares.

It is necessary to use a var statement to declare a variable before that variable is assigned to.

JSLint also recognizes a /*global */ comment that can indicate to JSLint that variables used in this file were defined in other files. The comment can contain a comma separated list of names. Each name can optionally be followed by a colon and either true or false, true indicated that the variable may be assigned to by this file, and false indicating that assignment is not allowed which is the default.

Some globals can be predefined for you. Select the Assume a browser (browser) option to predefine the standard global properties that are supplied by web browsers, such as document and addEventListener. It has the same effect as this comment:

/*global addEventListener: false, blur: false, clearInterval: false, clearTimeout: false, close: false, closed: false, defaultStatus: false, document: false, event: false, focus: false, frames: false, getComputedStyle: false, history: false, Image: false, length: false, location: false, moveBy: false, moveTo: false, name: false, navigator: false, onblur: true, onerror: true, onfocus: true, onload: true, onresize: true, onunload: true, open: false, opener: false, Option: false, parent: false, print: false, resizeBy: false, resizeTo: false, screen: false, scroll: false, scrollBy: false, scrollTo: false, setInterval: false, setTimeout: false, status: false, top: false, XMLHttpRequest: false */

The browser option does not include the aliases of the global object, window and self.

Select the (devel) option to predefine globals that are useful in development but that should be avoided in production, such as console and alert. It has the same effect as this comment:

/*global alert: false, confirm: false, console: false, Debug: false, opera: false, prompt: false */

Select the Assume Rhino (rhino) option to predefine the global properties provided by the Rhino environment. It has the same effect as this statement:

/*global defineClass: false, deserialize: false, gc: false, help: false, load: false, loadClass: false, print: false, quit: false, readFile: false, readUrl: false, runCommand: false, seal: false, serialize: false, spawn: false, sync: false, toint32: false, version: false */

Select the Assume a Yahoo Widget (widget) option to predefine the global properties provided by the Yahoo! Widgets environment. It has the same effect as this statement:

/*global alert: true, animator: true, appleScript: true, beep: true, bytesToUIString: true, Canvas: true, chooseColor: true, chooseFile: true, chooseFolder: true, closeWidget: true, COM: true, convertPathToHFS: true, convertPathToPlatform: true, CustomAnimation: true, escape: true, FadeAnimation: true, filesystem: true, Flash: true, focusWidget: true, form: true, FormField: true, Frame: true, HotKey: true, Image: true, include: true, isApplicationRunning: true, iTunes: true, konfabulatorVersion: true, log: true, md5: true, MenuItem: true, MoveAnimation: true, openURL: true, play: true, Point: true, popupMenu: true, preferenceGroups: true, preferences: true, print: true, prompt: true, random: true, Rectangle: true, reloadWidget: true, ResizeAnimation: true, resolvePath: true, resumeUpdates: true, RotateAnimation: true, runCommand: true, runCommandInBg: true, saveAs: true, savePreferences: true, screen: true, ScrollBar: true, showWidgetPreferences: true, sleep: true, speak: true, Style: true, suppressUpdates: true, system: true, tellWidget: true, Text: true, TextArea: true, Timer: true, unescape: true, updateNow: true, URL: true, Web: true, widget: true, Window: true, XMLDOM: true, XMLHttpRequest: true, yahooCheckLogin: true, yahooLogin: true, yahooLogout: true */

Select the Assume Windows (windows) option to predefine the global properties provided by Microsoft Windows. It has the same effect as this statement:

/*global ActiveXObject: false, CScript: false, Debug: false, Enumerator: false, System: false, VBArray: false, WScript: false */

Semicolon

JavaScript uses a C-like syntax which requires the use of semicolons to delimit statements. JavaScript attempts to make semicolons optional with a semicolon insertion mechanism. This is dangerous.

Like C, JavaScript has ++ and -- and ( operators which can be prefixes or suffixes. The disambiguation is done by the semicolon.

In JavaScript, a linefeed can be whitespace or it can act as a semicolon. This replaces one ambiguity with another.

JSLint expects that every statement be followed by ; except for for, function, if, switch, try, and while. JSLint does not expect to see unnecessary semicolons or the empty statement.

Line Breaking

As a further defense against the semicolon insertion mechanism, JSLint expects long statements to be broken only after one of these punctuation characters or operators:

, ; : { } ( [ = < > ? ! + - * / % ~ ^ | &

== != <= >= += -= *= /= %= ^= |= &= << >> || &&

=== !== <<= >>= >>> >>>=

JSLint does not expect to see a long statement broken after an identifier, a string, a number, closer, or a suffix operator:

. ) ] ++ --

JSLint allows you to turn on the Tolerate sloppy line breaking (laxbreak) option.

Semicolon insertion can mask copy/paste errors. If you always break lines after infix operators, then JSLint can do better at finding errors.

Comma

The comma operator can lead to excessively tricky expressions. It can also mask some programming errors.

JSLint expects to see the comma used as a separator, but not as an operator (except in the initialization and incrementation parts of the for statement). It does not expect to see elided elements in array literals. Extra commas should not be used. A comma should not appear after the last element of an array literal or object literal because it can be misinterpreted by some browsers.

Scope

In many languages, a block introduces a scope. Variables introduced in a block are not visible outside of the block.

In JavaScript, blocks do not introduce a scope. There is only function-scope. A variable introduced anywhere in a function is visible everywhere in the function. JavaScript's blocks confuse experienced programmers and lead to errors because the familiar syntax makes a false promise.

JSLint expects blocks with function, if, switch, while, for, do, and try statements and nowhere else.

In languages with block scope, it is usually recommended that variables be declared at the site of first use. But because JavaScript does not have block scope, it is wiser to declare all of a function's variables at the top of the function. It is recommended that a single var statement be used per function. This can be enforced with the onevar option.

Required Blocks

JSLint expects that if, while, do and for statements will be made with blocks {that is, with statements enclosed in braces}.

JavaScript allows an if to be written like this:

if (condition)
    statement;

That form is known to contribute to mistakes in projects where many programmers are working on the same code. That is why JSLint expects the use of a block:

if (condition) {
    statements;
}

Experience shows that this form is more resilient.

Expression Statements

An expression statement is expected to be an assignment or a function/method call or delete. All other expression statements are considered to be errors.

for in

The for in statement allows for looping through the names of all of the properties of an object. Unfortunately, it also loops through all of the members which were inherited through the prototype chain. This has the bad side effect of serving up method functions when the interest is in data members.

The body of every for in statement should be wrapped in an if statement that does filtering. It can select for a particular type or range of values, or it can exclude functions, or it can exclude properties from the prototype. For example,

for (name in object) {
    if (object.hasOwnProperty(name)) {
        ....
    }

}

switch

A common error in switch statements is to forget to place a break statement after each case, resulting in unintended fall-through. JSLint expects that the statement before the next case or default is one of these: break, return, or throw.

var

JavaScript allows var definitions to occur anywhere within a function. JSLint is more strict.

JSLint expects that a var will be declared only once, and that it will be declared before it is used.

JSLint expects that a function will be declared before it is used.

JSLint expects that parameters will not also be declared as vars.

JSLint does not expect the arguments array to be declared as a var.

JSLint does not expect that a var will be defined in a block. This is because JavaScript blocks do not have block scope. This can have unexpected consequences. Define all variables at the top of the function.

with

The with statement was intended to provide a shorthand in accessing members in deeply nested objects. Unfortunately, it behaves very badly when setting new members. Never use the with statement. Use a var instead.

JSLint does not expect to see a with statement.

=

JSLint does not expect to see an assignment statement in the condition part of an if or for or while or do statement. This is because it is more likely that

if (a = b) {
    ...
}

was intended to be

if (a == b) {
    ...
}

It is difficult to write correct programs while using idioms that are hard to distinguish from obvious errors. If you really intend an assignment, wrap it in another set of parens:

if ((a = b)) {
    ...
}

== and !=

The == and != operators do type coercion before comparing. This is bad because it causes ' \t\r\n' == 0 to be true. This can mask type errors.

When comparing to any of the following values, use the === or !== operators (which do not do type coercion): 0 '' undefined null false true

If you only care that a value is truthy or falsy, then use the short form. Instead of

(foo != 0)

just say

(foo)

and instead of

(foo == 0)

say

(!foo)

The === and !== operators are preferred. There is an eqeqeq option that requires the use of === and !== in all cases.

Labels

JavaScript allows any statement to have a label, and labels have a separate name space. JSLint is more strict.

JSLint expects labels only on statements that interact with break: switch, while, do, and for. JSLint expects that labels will be distinct from vars and parameters.

Unreachable Code

JSLint expects that a return, break, continue, or throw statement will be followed by a } or case or default.

Confusing Pluses and Minuses

JSLint expects that + will not be followed by + or ++, and that - will not be followed by - or --. A misplaced space can turn + + into ++, an error that is difficult to see. Use parens to avoid confusion..

++ and --

The ++ (increment) and -- (decrement) operators have been known to contribute to bad code by encouraging excessive trickiness. They are second only to faulty architecture in enabling to viruses and other security menaces. There is a plusplus option that prohibits the use of these operators.

Bitwise Operators

JavaScript does not have an integer type, but it does have bitwise operators. The bitwise operators convert their operands from floating point to integers and back, so they are not as efficient as in C or other languages. They are rarely useful in browser applications. The similarity to the logical operators can mask some programming errors. The bitwise option prohibits the use of these operators: << >> >>> ~ & |.

eval is evil

The eval function (and its relatives, Function, setTimeout, and setInterval) provide access to the JavaScript compiler. This is sometimes necessary, but in most cases it indicates the presence of extremely bad coding. The eval function is the most misused feature of JavaScript.

void

In most C-like languages, void is a type. In JavaScript, void is a prefix operator that always returns undefined. JSLint does not expect to see void because it is confusing and not very useful.

Regular Expressions

Regular expressions are written in a terse and cryptic notation. JSLint looks for problems that may cause portability problems. It also attempts to resolve visual ambiguities by recommending explicit escapement.

JavaScript's syntax for regular expression literals overloads the / character. To avoid ambiguity, JSLint expects that the character preceding a regular expression literal is a ( or = or : or , character.

Constructors and new

Constructors are functions that are designed to be used with the new prefix. The new prefix creates a new object based on the function's prototype, and binds that object to the function's implied this parameter. If you neglect to use the new prefix, no new object will be made and this will be bound to the global object. This is a serious mistake.

JSLint enforces the convention that constructor functions be given names with initial uppercase. JSLint does not expect to see a function invocation with an initial uppercase name unless it has the new prefix. JSLint does not expect to see the new prefix used with functions whose names do not start with initial uppercase. This can be controlled with the newcap option.

JSLint does not expect to see the wrapper forms new Number, new String, new Boolean.

JSLint does not expect to see new Object (use {} instead).

JSLint does not expect to see new Array (use [] instead).

Unsafe Characters

There are characters that are handled inconsistently in browsers, and so must be escaped when placed in strings.

\u0000-\u001f
\u007f-\u009f
\u00ad
\u0600-\u0604
\u070f
\u17b4
\u17b5
\u200c-\u200f
\u2028-\u202f
\u2060-\u206f
\ufeff
\ufff0-\uffff

Not Looked For

JSLint does not do flow analysis to determine that variables are assigned values before used. This is because variables are given a value (undefined) which is a reasonable default for many applications.

JSLint does not do any kind of global analysis. It does not attempt to determine that functions used with new are really constructors (except by enforcing capitalization conventions), or that property names are spelled correctly (except for matching against the /*members */ comment).

HTML

JSLint is able to handle HTML text. It can inspect the JavaScript content contained within <script>...</script> tags. It also inspects the HTML content, looking for problems that are known to interfere with JavaScript:

JSLint is less anal than the sycophantic conformity demanded by XHTML, but more strict than the popular browsers.

JSLint also checks for the occurrence of '</' in string literals. You should always write '<\/' instead. The extra backslash is ignored by the JavaScript compiler but not by the HTML parser. Tricks like this should not be necessary, and yet they are.

There is a cap option that allows use of upper case tag names. There is also an on option that allows the use of inline HTML event handlers.

There is a fragment option that can inspect a well formed HTML fragment. If the adsafe option is also used, then the fragment must be a <div> that conforms to the ADsafe widget rules.

CSS

JSLint can inspect CSS files. It expects the first line of a CSS file to be

@charset "UTF-8";

This feature is experimental. Please report any problems or limitations. There is a css option that will tolerate some of the non-standard-but-customary workarounds.

Options

JSLint provides several options that control its operation and its sensitivity. In the web edition, the options are selected with several checkboxes and two fields. Clicking on the button will give you the ideal settings.

It also provides assistance in constructing /*jslint*/ comments.

When JSLINT is called as a function, it accepts an option object parameter that allows you to determine the subset of JavaScript that is acceptable to you. The web page version of JSLint at http://www.JSLint.com/ does this for you.

Options can also be specified within a script with a /*jslint */ comment:

/*jslint nomen: true, debug: true,
    evil: false, onevar: true */

An option specification starts with /*jslint. Notice that there is no space before the j. The specification contains a sequence of name value pairs, where the names are JSLint options, and the values are true or false. The indent option can take a number. A /*jslint */ comment takes precedence over the option object.

Description option Meaning
ADsafe adsafe true if ADsafe rules should be enforced. See http://www.ADsafe.org/.
Disallow bitwise operators bitwise true if bitwise operators should not be allowed. (more)
Assume a browser browser true if the standard browser globals should be predefined. (more)
Tolerate HTML case cap true if upper case HTML should be allowed.
Tolerate CSS workarounds css true if CSS workarounds should be tolerated. (more)
Tolerate debugger statements debug true if debugger statements should be allowed. Set this option to false before going into production.
Assume console, alert, ... devel true if browser globals that are useful in development should be predefined. (more)
Disallow == and != eqeqeq true if === should be required. (more)
Tolerate ES5 syntax es5 true if ES5 syntax should be allowed.
Tolerate eval evil true if eval should be allowed. (more)
Tolerate unfiltered for in forin true if unfiltered for in statements should be allowed. (more)
Tolerate HTML fragments fragment true if HTML fragments should be allowed. (more)
Require parens around immediate invocations immed true if immediate function invocations must be wrapped in parens
Strict white space indentation indent The number of spaces used for indentation (default is 4)
Tolerate sloppy line breaking laxbreak true if statement breaks should not be checked. (more)
Maximum number of errors maxerr The maximum number of warnings reported (default is 50)
Maximum line length maxlen The maximum number of characters in a line
Disallow dangling _ in identifiers nomen true if names should be checked for initial or trailing underbars
Require Initial Caps for constructors newcap true if Initial Caps must be used with constructor functions. (more)
Tolerate HTML event handlers on true if HTML event handlers should be allowed. (more)
Allow one var statement per function onevar true if only one var statement per function should be allowed. (more)
Stop on first error passfail true if the scan should stop on first error.
Disallow ++ and -- plusplus true if ++ and -- should not be allowed. (more)
Predefined ( , separated) predef An array of strings, the names of predefined global variables. predef is used with the option object, but not with the /*jslint */ comment. Use the var statement to declare global variables in a script file.
Disallow insecure . and [^...]. in /RegExp/ regexp true if . and [^...] should not be allowed in RegExp literals. These forms should not be used when validating in secure applications.
Assume Rhino rhino true if the Rhino environment globals should be predefined. (more)
Safe Subset safe true if the safe subset rules are enforced. These rules are used by ADsafe. It enforces the safe subset rules but not the widget structure rules.
Require "use strict"; strict true if the ES5 "use strict"; pragma is required. Do not use this option carelessly.
Tolerate inefficient subscripting
sub true if subscript notation may be used for expressions better expressed in dot notation.
Disallow undefined variables undef true if variables must be declared before used. (more)
Strict white space white true if strict whitespace rules apply.
Assume a Yahoo Widget widget true if the Yahoo Widgets globals should be predefined. (more)
AssumeWindows windows true if the Windows globals should be predefined. (more)

Members

Since JavaScript is a loosely-typed, dynamic-object language, it is not possible to determine at compile time if property names are spelled correctly. JSLint provides some assistance with this.

At the bottom of its report, JSLint displays a /*members*/ comment. It contains all of the names and string literals that were used with dot notation, subscript notation, and object literals to name the members of objects. You can look through the list for misspellings. Member names that were only used once are shown in italics. This is to make misspellings easier to spot.

You can copy the /*members*/ comment into your script file. JSLint will check the spelling of all property names against the list. That way, you can have JSLint look for misspellings for you.

Report

If JSLint is able to complete its scan, it generates a function report. It lists for each function:

The report will also include a list of all of the member names that were used. There is a list of JSLint messages.

Feedback

Please let me know if JSLint is useful for you. Is it too strict? Is there a check or a report that could help you to improve the quality of your programs? douglas@crockford.com

I intend to continue to adapt JSLint based on your comments. Keep watching for improvements. Updates are announced at http://tech.groups.yahoo.com/group/jslint_com/.

Try it

Try it. Paste your script into the window and click the button. The analysis is done by a script running on your machine. Your script is not sent over the network. You can set the options used. The button in the Options area will preset the best options for you. JSLint is also available in a WSH Command Line version. JSLint is also available in a Rhino Command Line version.

Implementation

JSLint uses a Pratt Parser (Top Down Operator Precedence). It is written in JavaScript. The full source code is available: