noUndeclaredDependencies

JavaScript (and super languages)

Note

此规则属于项目域。这意味着启用此功能将激活 Biome Scanner，这可能会影响性能。在 文档页面 中了解更多信息。

¥This rule belongs to the project domain. This means that its activation will activate the Biome Scanner, which might affect the performance. Read more about it in the documentation page

摘要

¥Summary

• 规则生效日期：v1.6.0

  ¥Rule available since: v1.6.0

• 诊断类别：lint/correctness/noUndeclaredDependencies

  ¥Diagnostic Category: lint/correctness/noUndeclaredDependencies

• 此规则没有修复方案。

  ¥This rule doesn’t have a fix.

• 此规则的默认严重级别为 error。

  ¥The default severity of this rule is error.

• 此规则属于以下域：

  ¥This rule belongs to the following domains:

  • project

• 来源：

  ¥Sources:

  • 与 import/no-extraneous-dependencies 相同

    ¥Same as import/no-extraneous-dependencies

如何配置

¥How to configure

biome.json

{
  "linter": {
    "rules": {
      "correctness": {
        "noUndeclaredDependencies": "error"
      }
    }
  }
}

描述

¥Description

禁止使用未在 package.json 中指定的依赖。

¥Disallow the use of dependencies that aren’t specified in the package.json.

间接依赖将触发规则，因为它们未在 package.json 中声明。这意味着，如果包 @org/foo 依赖于 lodash，而你在项目中的某个地方使用了 import "lodash"，则该规则会触发针对此导入的诊断。

¥Indirect dependencies will trigger the rule because they aren’t declared in the package.json. This means that if the package @org/foo has a dependency on lodash, and then you use import "lodash" somewhere in your project, the rule will trigger a diagnostic for this import.

该规则旨在捕获未在最近的 package.json 文件中声明的依赖，而不是检测在其他清单文件中声明的依赖，例如 monorepo 设置中的根 package.json 文件。

¥The rule is meant to catch those dependencies that aren’t declared inside the closest package.json, and isn’t meant to detect dependencies declared in other manifest files, e.g. the root package.json in a monorepo setting.

该规则会忽略无效包名的导入。这包括以 # 和 @/ 开头的内部导入，以及使用 node:、bun:、jsr:、https: 等协议的导入。

¥The rule ignores imports that are not valid package names. This includes internal imports that start with # and @/ and imports with a protocol such as node:, bun:, jsr:, https:.

要确保 Visual Studio Code 在自动导入变量时使用相对导入，你可以将 javascript.preferences.importModuleSpecifier and typescript.preferences.importModuleSpecifier 设置为 relative。

¥To ensure that Visual Studio Code uses relative imports when it automatically imports a variable, you may set javascript.preferences.importModuleSpecifier and typescript.preferences.importModuleSpecifier to relative.

示例

¥Examples

无效

¥Invalid

package.json

{
  "dependencies": {}
}

index.js

import "vite";

/index.js:1:8 lint/correctness/noUndeclaredDependencies ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

  ✖ Dependency vite isn’t specified in /package.json.
  
  > 1 │ import “vite”;
      │        ^^^^^^
    2 │ 
  
  ℹ This could lead to errors.
  
  ℹ Add the dependency in your manifest.
  

有效

¥Valid

package.json

{
  "dependencies": {
    "vite": "*"
  }
}

index.js

import "vite"; // package is correctly declared

import assert from "node:assert"; // Node imports don't need declaration

import { A } from "./local.js"; // relative imports don't trigger the rule
import { B } from "#alias"; // same goes for aliases

选项

¥Options

此规则支持以下选项：

¥This rule supports the following options:

• devDependencies：如果设置为 false，则导入 devDependencies 时规则将显示错误。默认为 true。

  ¥devDependencies: If set to false, then the rule will show an error when devDependencies are imported. Defaults to true.

• peerDependencies：如果设置为 false，则导入 peerDependencies 时规则将显示错误。默认为 true。

  ¥peerDependencies: If set to false, then the rule will show an error when peerDependencies are imported. Defaults to true.

• optionalDependencies：如果设置为 false，则导入 optionalDependencies 时规则将显示错误。默认为 true。

  ¥optionalDependencies: If set to false, then the rule will show an error when optionalDependencies are imported. Defaults to true.

你可以按如下方式设置选项：

¥You can set the options like this:

biome.json

{
  "linter": {
    "rules": {
      "correctness": {
        "noUndeclaredDependencies": {
          "options": {
            "devDependencies": false,
            "peerDependencies": false,
            "optionalDependencies": false
          }
        }
      }
    }
  }
}

你还可以使用 glob 数组代替布尔字面值。使用 glob 数组时，如果被检查的文件名（即非导入的文件/模块）与数组中的单个 glob 匹配，则设置将为 true（不报告错误），否则为 false。

¥You can also use an array of globs instead of literal booleans. When using an array of globs, the setting will be set to true (no errors reported) if the name of the file being linted (i.e. not the imported file/module) matches a single glob in the array, and false otherwise.

使用 devDependencies 选项的示例

¥Example using the devDependencies option

在本例中，只有测试文件可以使用 devDependencies 部分中的依赖。dependencies、peerDependencies 和 optionalDependencies 始终可用。

¥In this example, only test files can use dependencies in the devDependencies section. dependencies, peerDependencies, and optionalDependencies are always available.

biome.json

{
  "linter": {
    "rules": {
      "correctness": {
        "noUndeclaredDependencies": {
          "options": {
            "devDependencies": [
              "**/tests/*.test.js",
              "**/tests/*.spec.js"
            ]
          }
        }
      }
    }
  }
}

package.json

{
  "devDependencies": {
    "vite": "*"
  }
}

src/index.js

// cannot import from a non-test file
import "vite";

/src/index.js:2:8 lint/correctness/noUndeclaredDependencies ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

  ✖ Dependency vite isn’t specified in /package.json.
  
    1 │ // cannot import from a non-test file
  > 2 │ import “vite”;
      │        ^^^^^^
    3 │ 
  
  ℹ vite is part of your devDependencies, but it’s not intended to be used in this file.
  
  ℹ You may want to consider moving it to the dependencies section.
  

tests/foo.test.js

// this works, because the file matches a glob from the options
import "vite";

相关链接

¥Related links

• 禁用规则

  ¥Disable a rule

• 配置代码修复

  ¥Configure the code fix

• 规则选项

  ¥Rule options

• 源代码

  ¥Source Code

• 测试用例

  ¥Test Cases