CodeQL documentation

Assignment to constant

ID: js/assignment-to-constant
Kind: problem
Security severity: 
Severity: error
Precision: very-high
Tags:
   - reliability
   - correctness
Query suites:
   - javascript-security-and-quality.qls

Click to see the query in the CodeQL repository

Most popular JavaScript platforms support const declarations, although this feature is not part of the ECMAScript 5 standard. Assigning a new value to a variable that is declared const does not result in an error on current platforms, and simply has no effect. Relying on this behavior is error-prone, particularly since ECMAScript 2015 prohibits such assignments.

Recommendation

If the variable genuinely needs to be reassigned, change its declaration from const to var, or merge the assignment into the variable declaration, if possible. Otherwise, remove the spurious assignment.

Example

In the following example, loc is initialized to null, and then set to either "here" or "there", depending on the value of variable dist. Most current platforms, however, will ignore the assignments entirely, so loc will retain its original value null.

const loc = null;
if (dist < 10)
    loc = "here";
else
    loc = "there";

Instead, the assignments to loc can be merged into its declaration like this:

const loc = dist < 10 ? "here" : "there";

References

  • Mozilla Developer Network: const.

  • © GitHub, Inc.
  • Terms
  • Privacy