search

montagejs / collections

This package contains JavaScript implementations of common data structures with idiomatic interfaces.
http://www.collectionsjs.com
Other
2.09k stars 185 forks source link

Bugs in negated `in` expressions #252

Open gorosgobe opened 11 months ago

gorosgobe commented 11 months ago

in and instanceof expressions in JS

a in obj;
a instanceof C;

can be negated by grouping them and applying the ! operator, i.e.

!(a in obj);
!(a instanceof C);

Applying the ! operator incorrectly (on the LHS operand) leads to bugs:

!a in obj; // will evaluate to false, unless obj has a "true" or "false" key
!a instanceof C; // will evaluate to false, unless C overrides instanceof with a @@hasInstance method

For more information, please see these MDN docs and the no-unsafe-negation recommended Eslint rule.

I have found a potentially problematic instance of the above bugs in your codebase: https://github.com/montagejs/collections/blob/4e19cc48904dbc6313dbe9199f347969843d2308/shim-array.js#L106