CodeQL documentation

Repeated dependency injection

ID: js/angular/repeated-dependency-injection
Kind: problem
Security severity: 
Severity: warning
Precision: high
   - maintainability
   - frameworks/angularjs
Query suites:
   - javascript-security-and-quality.qls

Click to see the query in the CodeQL repository

AngularJS components can have a $inject property that specifies the dependencies to inject. You can assign this property multiple times, but doing so is confusing since later assignments overwrite earlier ones, and only the dependencies specified in the last assignment are actually injected.


Only specify dependencies once for each component.


The following example shows an AngularJS controller that has its dependencies specified twice.

function myController($scope, $filter) {
    // ...
myController.$inject = ["$scope", "$cookies"]; // BAD: always overridden
// ...
myController.$inject = ["$scope", "$filter"];
angular.module('myModule', []).controller('MyController', myController);

This is problematic, since the second specification always overrides the first one.

Instead, the dependencies should only be specified once:

function myController($scope, $filter) {
    // ...
myController.$inject = ["$scope", "$filter"]; // GOOD: specified once
angular.module('myModule', []).controller('MyController', myController);


  • © GitHub, Inc.
  • Terms
  • Privacy