eslint/no-new-func Style

What it does

The rule disallow new operators with the Function object.

Why is this bad?

Using new Function or Function can lead to code that is difficult to understand and maintain. It can introduce security risks similar to those associated with eval because it generates a new function from a string of code, which can be a vector for injection attacks. Additionally, it impacts performance negatively as these functions are not optimized by the JavaScript engine.

Examples

Examples of incorrect code for this rule:

var x = new Function("a", "b", "return a + b");
var x = Function("a", "b", "return a + b");
var x = Function.call(null, "a", "b", "return a + b");
var x = Function.apply(null, ["a", "b", "return a + b"]);
var x = Function.bind(null, "a", "b", "return a + b")();
var f = Function.bind(null, "a", "b", "return a + b");

Examples of correct code for this rule:

let x = function (a, b) {
  return a + b;
};

How to use

To enable this rule using the config file or in the CLI, you can use:

Config (.oxlintrc.json)Config (oxlint.config.ts)CLI

json

{
  "rules": {
    "no-new-func": "error"
  }
}

import { defineConfig } from "oxlint";

export default defineConfig({
  rules: {
    "no-new-func": "error",
  },
});

bash

oxlint --deny no-new-func

Version

This rule was added in v0.9.2.

What it does ​

Why is this bad? ​

Examples ​

How to use ​

Version ​

References ​

What it does

Why is this bad?

Examples

How to use

Version

References