javascript.lang.best-practice.leftover_debugging.javascript-debugger

profile photo of semgrepsemgrep
Author
4,397
Download Count*

found debugger call; should this be in production code?

Run Locally

Run in CI

Defintion

rules:
  - id: javascript-debugger
    pattern: debugger;
    message: found debugger call; should this be in production code?
    languages:
      - javascript
      - typescript
    severity: WARNING
    metadata:
      category: best-practice
      technology:
        - javascript
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]

Examples

leftover_debugging.js


// ruleid:javascript-prompt
var name = prompt('what is your name');
// ruleid: javascript-alert
alert('your name is ' + name);
alert('not', 'a', 'valid', 'alert')
// ruleid: javascript-confirm
if ( confirm("pushem!") == true) {
    r = "x";
} else {
    r = "Y";
    // ruleid: javascript-debugger
    debugger;
}