CodeQL documentation

Duplicate dependency

ID: js/angular/duplicate-dependency
Kind: problem
Security severity: 
Severity: warning
Precision: very-high
   - maintainability
   - frameworks/angularjs
Query suites:
   - javascript-security-and-quality.qls

Click to see the query in the CodeQL repository

Dependency injection in AngularJS is done by providing the names of the desired dependencies. Providing the same name multiple times is redundant since the AngularJS injector uses a cache for instantiated dependencies.


Only include the name of each dependency once.


The following example shows an AngularJS controller with $cookies as a duplicate dependency.

angular.module('myModule', [])
    .controller('MyController', ['$scope',
                                 '$cookies', // REDUNDANT
                                 function($scope, , $cookies1, $cookies2) {
        // ...

This is problematic, since the programmer could be led to believe that the two parameters $cookies1 and $cookies2 are different instances, which they are not.

Instead, the dependency should only be listed once:

angular.module('myModule', [])
    .controller('MyController', ['$scope',
                                 function($scope, $cookies) {
        // ...


  • © GitHub, Inc.
  • Terms
  • Privacy