Skip to content

chore(eslint): enable @eslint-react/no-array-index-key rule#1060

Draft
carlosthe19916 wants to merge 5 commits into
guacsec:mainfrom
carlosthe19916:hotfix/enable-no-array-index-key
Draft

chore(eslint): enable @eslint-react/no-array-index-key rule#1060
carlosthe19916 wants to merge 5 commits into
guacsec:mainfrom
carlosthe19916:hotfix/enable-no-array-index-key

Conversation

@carlosthe19916

@carlosthe19916 carlosthe19916 commented May 27, 2026

Copy link
Copy Markdown
Collaborator

Summary

  • Remove the @eslint-react/no-array-index-key override from ESLint config
  • Replace array index keys with stable identifiers (string templates, file metadata, or map entry keys)

Test plan

  • npm run lint passes with 0 warnings

🤖 Generated with Claude Code

Summary by Sourcery

Enable ESLint enforcement against using array indexes as React keys and update existing components to use stable identifiers for list keys.

Enhancements:

  • Replace array index-based React keys with stable identifiers in package list, SBOM vulnerabilities, table header controls, and file upload components to comply with linting rules.

Build:

  • Remove the ESLint override that disabled the @eslint-react/no-array-index-key rule.

@sourcery-ai

sourcery-ai Bot commented May 27, 2026

Copy link
Copy Markdown
Contributor
Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

Enables the @eslint-react/no-array-index-key rule by replacing all React list keys that used array indices with stable identifiers derived from domain data or iteration metadata, and removes the rule override from the ESLint configuration.

Flow diagram for enabling no-array-index-key rule and updating React list keys

flowchart TD
  EslintConfig --> EslintReactNoArrayIndexKey
  EslintReactNoArrayIndexKey --> PackageTable
  EslintReactNoArrayIndexKey --> VulnerabilitiesBySbom
  EslintReactNoArrayIndexKey --> TableHeaderContentWithControls
  EslintReactNoArrayIndexKey --> UploadFiles
  EslintReactNoArrayIndexKey --> UploadFileForAnalysis

  PackageTable -->|use key license.license_name| ReactListItem_PackageTable
  VulnerabilitiesBySbom -->|use key orphan-purl.parentName| ReactRow_Vulnerabilities
  TableHeaderContentWithControls -->|use key before-data-i after-data-i| ReactHeaderCells
  UploadFiles -->|use key file.name-file.size-file.lastModified| ReactUploadItem
  UploadFileForAnalysis -->|use key file.name-file.size-cancelled| ReactUploadErrorState

  EslintReactNoArrayIndexKey:::rule

  classDef rule fill:#fee2e2,stroke:#b91c1c,stroke-width:1px;
Loading

File-Level Changes

Change Details Files
Use license name as stable React key instead of array index for license list items in the package table.
  • Update licenses map callback to drop the index argument
  • Set ListItem key to license.license_name for each license entry
client/src/app/pages/package-list/package-table.tsx
Use map entry keys and other stable identifiers for React keys in vulnerability and table header rendering instead of array indices.
  • Iterate over item.purls using entries() instead of values() to access the map key alongside the value
  • Change orphan vulnerability row key template to use a stable prefix combined with purl.parentName
  • Update placeholder header columns before/after data to use string-based keys derived from their position
client/src/app/pages/sbom-details/vulnerabilities-by-sbom.tsx
client/src/app/components/TableControls/TableHeaderContentWithControls.tsx
Use file metadata-based stable keys for upload status components instead of array index.
  • Iterate uploads map entries without using the index parameter in UploadFiles
  • Set MultipleFileUploadStatusItem key to a combination of file.name, file.size, and file.lastModified
  • Remove the index argument from uploads.entries() in UploadFileForAnalysis and change the cancelled state key to use file.name and file.size
client/src/app/components/UploadFiles.tsx
client/src/app/pages/sbom-scan/components/UploadFileForAnalysis.tsx
Enable linting for @eslint-react/no-array-index-key by removing its override.
  • Delete the @eslint-react/no-array-index-key: "off" rule override from the ESLint configuration
eslint.config.mjs

Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

@sourcery-ai sourcery-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey - I've found 1 issue, and left some high level feedback:

  • In UploadFileForAnalysis, the .map callback signature was changed to map((\1) => { but the body still references file and upload, which will now be undefined; restore destructuring of the map entry (e.g. ([file, upload])) so the variables used in the body exist.
  • For the orphan purl rows in VulnerabilitiesBySbom, consider including the map entry key (e.g. purlKey) in the key prop instead of only purl.parentName to avoid potential key collisions when multiple orphan entries share the same parent name.
Prompt for AI Agents
Please address the comments from this code review:

## Overall Comments
- In `UploadFileForAnalysis`, the `.map` callback signature was changed to `map((\1) => {` but the body still references `file` and `upload`, which will now be undefined; restore destructuring of the map entry (e.g. `([file, upload])`) so the variables used in the body exist.
- For the orphan purl rows in `VulnerabilitiesBySbom`, consider including the map entry key (e.g. `purlKey`) in the `key` prop instead of only `purl.parentName` to avoid potential key collisions when multiple orphan entries share the same parent name.

## Individual Comments

### Comment 1
<location path="client/src/app/pages/sbom-details/vulnerabilities-by-sbom.tsx" line_range="393-395" />
<code_context>
                               <Tbody>
-                                {Array.from(item.purls.values()).map(
-                                  (purl, index) => {
+                                {Array.from(item.purls.entries()).map(
+                                  ([purlKey, purl]) => {
                                     if (!purl.isOrphan) {
</code_context>
<issue_to_address>
**suggestion (bug_risk):** The orphan row key based only on `parentName` may not be unique across purls.

Previously the index in the key guaranteed uniqueness. With `key={`orphan-${purl.parentName}`}` you can get duplicate keys when multiple orphans share the same `parentName`. Now that you have `purlKey` from `entries()`, please use that (e.g. `key={`orphan-${purlKey}`}`) to ensure keys remain unique and stable without relying on the index.

```suggestion
                                        <Tr
                                          key={`orphan-${purlKey}`}
                                        >
```
</issue_to_address>

Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

Comment on lines 393 to 395
<Tr
key={`${purl.parentName}-${index}-name`}
key={`orphan-${purl.parentName}`}
>

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

suggestion (bug_risk): The orphan row key based only on parentName may not be unique across purls.

Previously the index in the key guaranteed uniqueness. With key={orphan-${purl.parentName}} you can get duplicate keys when multiple orphans share the same parentName. Now that you have purlKey from entries(), please use that (e.g. key={orphan-${purlKey}}) to ensure keys remain unique and stable without relying on the index.

Suggested change
<Tr
key={`${purl.parentName}-${index}-name`}
key={`orphan-${purl.parentName}`}
>
<Tr
key={`orphan-${purlKey}`}
>

@carlosthe19916 carlosthe19916 marked this pull request as draft May 27, 2026 12:14
@codecov

codecov Bot commented May 28, 2026

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 41.66667% with 7 lines in your changes missing coverage. Please review.
✅ Project coverage is 53.04%. Comparing base (319e799) to head (a709bb6).
⚠️ Report is 5 commits behind head on main.

Files with missing lines Patch % Lines
...app/pages/sbom-details/vulnerabilities-by-sbom.tsx 37.50% 4 Missing and 1 partial ⚠️
...nts/csaf-vulnerabilities-tab/VulnerabilityCard.tsx 50.00% 1 Missing ⚠️
...ges/sbom-scan/components/UploadFileForAnalysis.tsx 0.00% 1 Missing ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##             main    #1060      +/-   ##
==========================================
+ Coverage   52.70%   53.04%   +0.33%     
==========================================
  Files         270      270              
  Lines        5868     5884      +16     
  Branches     1839     1855      +16     
==========================================
+ Hits         3093     3121      +28     
+ Misses       2466     2459       -7     
+ Partials      309      304       -5     
Flag Coverage Δ
e2e 70.67% <71.42%> (-0.25%) ⬇️
unit 6.97% <0.00%> (+3.72%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

carlosthe19916 and others added 3 commits June 1, 2026 13:18
Replace array index keys with stable identifiers: use string
templates, file metadata, or map entry keys instead.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Fix UploadFileForAnalysis.tsx corrupted by sed (restore destructuring,
  replace index keys with file.size)
- Suppress no-array-index-key for filler Th cells that have no identity
  beyond position

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@carlosthe19916 carlosthe19916 force-pushed the hotfix/enable-no-array-index-key branch from 711b6af to c3e126e Compare June 1, 2026 11:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

Status: No status

Development

Successfully merging this pull request may close these issues.

1 participant