feat(biome_js_analyze): implement noProto rule

[ghost]

Summary

This PR adds the noProto rule, which disallows the use of the __proto__ property for getting or setting the prototype of an object.

Closes #8198.

Test Plan

Added:

• crates/biome_js_analyze/tests/specs/nursery/noProto/invalid.js
• crates/biome_js_analyze/tests/specs/nursery/noProto/invalid.js.snap
• crates/biome_js_analyze/tests/specs/nursery/noProto/valid.js
• crates/biome_js_analyze/tests/specs/nursery/noProto/valid.js.snap

[changeset-bot]

🦋 Changeset detected

Latest commit: bab8876

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 13 packages

Name	Type
@biomejs/biome	Patch
@biomejs/cli-win32-x64	Patch
@biomejs/cli-win32-arm64	Patch
@biomejs/cli-darwin-x64	Patch
@biomejs/cli-darwin-arm64	Patch
@biomejs/cli-linux-x64	Patch
@biomejs/cli-linux-arm64	Patch
@biomejs/cli-linux-x64-musl	Patch
@biomejs/cli-linux-arm64-musl	Patch
@biomejs/wasm-web	Patch
@biomejs/wasm-bundler	Patch
@biomejs/wasm-nodejs	Patch
@biomejs/backend-jsonrpc	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[coderabbitai]

Walkthrough

Adds a new nursery lint rule noProto that flags uses of the __proto__ property (both static and computed member access) and emits diagnostics recommending Object.getPrototypeOf / Object.setPrototypeOf. Introduces rule implementation, a public NoProtoQuery node union, options type, module registration, and test fixtures for invalid and valid cases. No existing exported APIs were modified.

Suggested reviewers

• dyc3
• ematipico

Pre-merge checks and finishing touches

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: implementing the noProto rule for the Biome JavaScript linter.
Description check	✅ Passed	The description clearly relates to the changeset, explaining the noProto rule addition, linked issue closure, and test plan.
Linked Issues check	✅ Passed	The PR successfully implements the ESLint no-proto rule port for Biome as required by issue #8198, with appropriate rule logic and test coverage.
Out of Scope Changes check	✅ Passed	All changes are scoped to implementing the noProto rule: new files for the rule logic, options, and tests. No unrelated modifications present.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

Tip

📝 Customizable high-level summaries are now available in beta!

You can now customize how CodeRabbit generates the high-level summary in your pull requests — including its content, structure, tone, and formatting.

• Provide your own instructions using the high_level_summary_instructions setting.
• Format the summary however you like (bullet lists, tables, multi-section layouts, contributor stats, etc.).
• Use high_level_summary_in_walkthrough to move the summary from the description to the walkthrough section.

Example instruction:

"Divide the high-level summary into five sections:

1. 📝 Description — Summarize the main change in 50–60 words, explaining what was done.
2. 📓 References — List relevant issues, discussions, documentation, or related PRs.
3. 📦 Dependencies & Requirements — Mention any new/updated dependencies, environment variable changes, or configuration updates.
4. 📊 Contributor Summary — Include a Markdown table showing contributions:
   | Contributor | Lines Added | Lines Removed | Files Changed |
5. ✔️ Additional Notes — Add any extra reviewer context.
   Keep each section concise (under 200 words) and use bullet or numbered lists for clarity."

Note: This feature is currently in beta for Pro-tier users, and pricing will be announced later.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

crates/biome_js_analyze/tests/specs/nursery/noProto/invalid.js (1)

1-4: Consider adding more edge cases to strengthen test coverage.

The current tests cover the basic patterns well. Consider adding:

• Nested access: obj.foo.__proto__
• Template literal syntax: obj[\proto`]`
• Usage in expressions: return obj.__proto__; or fn(obj.__proto__)

crates/biome_js_analyze/tests/specs/nursery/noProto/valid.js (1)

1-3: Consider adding more valid cases to prevent false positives.

The current valid cases are good. Consider adding edge cases that should NOT trigger the rule:

• Variables named __proto__: const __proto__ = "value";
• String literals in other contexts: if (key === "__proto__") { }
• Comments containing proto

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ac0fb2d and c817a2e.

⛔ Files ignored due to path filters (8)

• crates/biome_cli/src/execute/migrate/eslint_any_rule_to_biome.rs is excluded by !**/migrate/eslint_any_rule_to_biome.rs and included by **
• crates/biome_configuration/src/analyzer/linter/rules.rs is excluded by !**/rules.rs and included by **
• crates/biome_diagnostics_categories/src/categories.rs is excluded by !**/categories.rs and included by **
• crates/biome_js_analyze/src/lint/nursery.rs is excluded by !**/nursery.rs and included by **
• crates/biome_js_analyze/tests/specs/nursery/noProto/invalid.js.snap is excluded by !**/*.snap and included by **
• crates/biome_js_analyze/tests/specs/nursery/noProto/valid.js.snap is excluded by !**/*.snap and included by **
• packages/@biomejs/backend-jsonrpc/src/workspace.ts is excluded by !**/backend-jsonrpc/src/workspace.ts and included by **
• packages/@biomejs/biome/configuration_schema.json is excluded by !**/configuration_schema.json and included by **

📒 Files selected for processing (6)

• .changeset/wicked-papers-reply.md (1 hunks)
• crates/biome_js_analyze/src/lint/nursery/no_proto.rs (1 hunks)
• crates/biome_js_analyze/tests/specs/nursery/noProto/invalid.js (1 hunks)
• crates/biome_js_analyze/tests/specs/nursery/noProto/valid.js (1 hunks)
• crates/biome_rule_options/src/lib.rs (1 hunks)
• crates/biome_rule_options/src/no_proto.rs (1 hunks)

🧰 Additional context used

📓 Path-based instructions (2)

**/*.rs

📄 CodeRabbit inference engine (CONTRIBUTING.md)

**/*.rs: Use the Rust dbg!() macro for debugging output during test execution, and pass the --show-output flag to cargo test to display debug output.
Use snapshot testing with the insta crate for testing in Rust projects. Accept or reject snapshots using cargo insta accept, cargo insta reject, or cargo insta review.
Write doc comments as doc tests in Rust using code blocks with assertions that will be executed during the testing phase.
Use rustdoc inline documentation for rules, assists, and their options. Create corresponding documentation PRs for other documentation updates against the next branch of the website repository.
Set the version metadata field in linter rule implementations to 'next' for newly created rules. Update this field to the new version number when releasing a minor or major version.

Files:

• crates/biome_rule_options/src/lib.rs
• crates/biome_rule_options/src/no_proto.rs
• crates/biome_js_analyze/src/lint/nursery/no_proto.rs

**/.changeset/*.md

📄 CodeRabbit inference engine (CONTRIBUTING.md)

Changeset descriptions should be user-facing, use past tense for actions taken (e.g., 'Added new feature'), and present tense for Biome behavior (e.g., 'Biome now supports...'). Include issue links, rule links, and code examples where applicable.

Files:

• .changeset/wicked-papers-reply.md

🧠 Learnings (32)

📓 Common learnings

Learnt from: CR
Repo: biomejs/biome PR: 0
File: crates/biome_analyze/CONTRIBUTING.md:0-0
Timestamp: 2025-11-24T18:04:42.146Z
Learning: Applies to crates/biome_analyze/**/biome_*_analyze/lib/src/**/!(mod).rs : Rule names should follow the 'no<Concept>' prefix when a rule's sole intention is to forbid a single concept (e.g., `noDebugger` for disallowing debugger statements)

📚 Learning: 2025-11-24T18:04:42.146Z

Learnt from: CR
Repo: biomejs/biome PR: 0
File: crates/biome_analyze/CONTRIBUTING.md:0-0
Timestamp: 2025-11-24T18:04:42.146Z
Learning: Applies to crates/biome_analyze/**/biome_*_analyze/lib/src/**/!(mod).rs : Rules that ban functions or variables should use the semantic model to check if the variable is global before reporting, to avoid false positives on locally redeclared variables

Applied to files:

• crates/biome_rule_options/src/lib.rs

📚 Learning: 2025-11-24T18:04:42.146Z

Learnt from: CR
Repo: biomejs/biome PR: 0
File: crates/biome_analyze/CONTRIBUTING.md:0-0
Timestamp: 2025-11-24T18:04:42.146Z
Learning: Applies to crates/biome_analyze/**/biome_*_analyze/lib/src/**/!(mod).rs : Rules that overwhelmingly apply to a specific framework should be named using 'use<Framework>...' or 'no<Framework>...' prefix (e.g., `noVueReservedProps`)

Applied to files:

• crates/biome_rule_options/src/lib.rs
• crates/biome_rule_options/src/no_proto.rs
• crates/biome_js_analyze/src/lint/nursery/no_proto.rs

📚 Learning: 2025-11-24T18:04:42.146Z

Learnt from: CR
Repo: biomejs/biome PR: 0
File: crates/biome_analyze/CONTRIBUTING.md:0-0
Timestamp: 2025-11-24T18:04:42.146Z
Learning: Applies to crates/biome_analyze/**/biome_*_analyze/lib/src/**/!(mod).rs : The first paragraph of rule documentation must be a single line and serves as the brief description for the rule overview page

Applied to files:

• crates/biome_rule_options/src/lib.rs

📚 Learning: 2025-11-24T18:04:42.146Z

Learnt from: CR
Repo: biomejs/biome PR: 0
File: crates/biome_analyze/CONTRIBUTING.md:0-0
Timestamp: 2025-11-24T18:04:42.146Z
Learning: Applies to crates/biome_analyze/**/biome_*_analyze/lib/src/**/!(mod).rs : Rules ported from other ecosystems should include a 'sources' field in the 'declare_lint_rule!' macro with RuleSource metadata (e.g., '::ESLint')

Applied to files:

• crates/biome_rule_options/src/lib.rs
• crates/biome_js_analyze/src/lint/nursery/no_proto.rs

📚 Learning: 2025-11-24T18:04:42.146Z

Learnt from: CR
Repo: biomejs/biome PR: 0
File: crates/biome_analyze/CONTRIBUTING.md:0-0
Timestamp: 2025-11-24T18:04:42.146Z
Learning: Applies to crates/biome_analyze/**/biome_*_analyze/lib/src/**/!(mod).rs : Rules that report undefined entities should use the 'noUndeclared<Concept>' naming convention (e.g., `noUndeclaredVariables`)

Applied to files:

• crates/biome_rule_options/src/lib.rs

📚 Learning: 2025-11-24T18:04:42.146Z

Learnt from: CR
Repo: biomejs/biome PR: 0
File: crates/biome_analyze/CONTRIBUTING.md:0-0
Timestamp: 2025-11-24T18:04:42.146Z
Learning: Applies to crates/biome_analyze/**/biome_rule_options/lib/**/*.rs : Rule options must be defined in the `biome_rule_options` crate in a file matching the rule name (e.g., 'use_this_convention.rs' for rule `useThisConvention`)

Applied to files:

• crates/biome_rule_options/src/lib.rs
• crates/biome_rule_options/src/no_proto.rs

📚 Learning: 2025-11-24T18:04:42.146Z

Learnt from: CR
Repo: biomejs/biome PR: 0
File: crates/biome_analyze/CONTRIBUTING.md:0-0
Timestamp: 2025-11-24T18:04:42.146Z
Learning: Applies to crates/biome_analyze/**/biome_*_analyze/lib/src/**/!(mod).rs : Deprecated rules must include a 'deprecated' field in the 'declare_lint_rule!' macro with the reason for deprecation

Applied to files:

• crates/biome_rule_options/src/lib.rs
• crates/biome_js_analyze/src/lint/nursery/no_proto.rs

📚 Learning: 2025-11-24T18:04:42.146Z

Learnt from: CR
Repo: biomejs/biome PR: 0
File: crates/biome_analyze/CONTRIBUTING.md:0-0
Timestamp: 2025-11-24T18:04:42.146Z
Learning: Applies to crates/biome_analyze/**/biome_*_analyze/lib/src/**/!(mod).rs : Rule names should follow the 'no<Concept>' prefix when a rule's sole intention is to forbid a single concept (e.g., `noDebugger` for disallowing debugger statements)

Applied to files:

• crates/biome_rule_options/src/lib.rs
• crates/biome_js_analyze/src/lint/nursery/no_proto.rs

📚 Learning: 2025-11-24T18:04:42.146Z

Learnt from: CR
Repo: biomejs/biome PR: 0
File: crates/biome_analyze/CONTRIBUTING.md:0-0
Timestamp: 2025-11-24T18:04:42.146Z
Learning: Applies to crates/biome_analyze/**/biome_*_analyze/lib/src/**/!(mod).rs : Rules that allow users to ban specific entities should use the 'noRestricted<Concept>' naming convention (e.g., `noRestrictedGlobals`)

Applied to files:

• crates/biome_rule_options/src/lib.rs

📚 Learning: 2025-11-24T18:05:42.337Z

Learnt from: CR
Repo: biomejs/biome PR: 0
File: crates/biome_js_type_info/CONTRIBUTING.md:0-0
Timestamp: 2025-11-24T18:05:42.337Z
Learning: Applies to crates/biome_js_type_info/**/*.rs : No module may copy or clone data from another module in the module graph, not even behind an `Arc`

Applied to files:

• crates/biome_rule_options/src/lib.rs

📚 Learning: 2025-11-24T18:04:42.146Z

Learnt from: CR
Repo: biomejs/biome PR: 0
File: crates/biome_analyze/CONTRIBUTING.md:0-0
Timestamp: 2025-11-24T18:04:42.146Z
Learning: Applies to crates/biome_analyze/**/biome_*_analyze/lib/src/**/!(mod).rs : Rules that report code that can lead to runtime failures should use the 'noUnsafe<Concept>' naming convention (e.g., `noUnsafeOptionalChaining`)

Applied to files:

• crates/biome_rule_options/src/lib.rs

📚 Learning: 2025-11-24T18:04:42.146Z

Learnt from: CR
Repo: biomejs/biome PR: 0
File: crates/biome_analyze/CONTRIBUTING.md:0-0
Timestamp: 2025-11-24T18:04:42.146Z
Learning: Applies to crates/biome_analyze/**/biome_rule_options/lib/**/*.rs : Rule option structs must derive 'Deserializable', 'Serialize', 'Deserialize', and optionally 'JsonSchema' traits with serde attributes

Applied to files:

• crates/biome_rule_options/src/no_proto.rs

📚 Learning: 2025-11-24T18:04:42.146Z

Learnt from: CR
Repo: biomejs/biome PR: 0
File: crates/biome_analyze/CONTRIBUTING.md:0-0
Timestamp: 2025-11-24T18:04:42.146Z
Learning: Applies to crates/biome_analyze/**/biome_rule_options/lib/**/*.rs : The rule option serde configuration must include 'deny_unknown_fields' to raise errors for extraneous fields in configuration

Applied to files:

• crates/biome_rule_options/src/no_proto.rs

📚 Learning: 2025-11-24T18:04:42.146Z

Learnt from: CR
Repo: biomejs/biome PR: 0
File: crates/biome_analyze/CONTRIBUTING.md:0-0
Timestamp: 2025-11-24T18:04:42.146Z
Learning: Applies to crates/biome_analyze/**/biome_rule_options/lib/**/*.rs : Rule option structs must implement the 'biome_deserialize::Merge' trait to handle merging shared and user configurations

Applied to files:

• crates/biome_rule_options/src/no_proto.rs

📚 Learning: 2025-11-24T18:04:42.146Z

Learnt from: CR
Repo: biomejs/biome PR: 0
File: crates/biome_analyze/CONTRIBUTING.md:0-0
Timestamp: 2025-11-24T18:04:42.146Z
Learning: Applies to crates/biome_analyze/**/biome_rule_options/lib/**/*.rs : Rule option fields should be wrapped in 'Option<_>' to properly track set and unset options during configuration merging

Applied to files:

• crates/biome_rule_options/src/no_proto.rs

📚 Learning: 2025-11-24T18:04:42.146Z

Learnt from: CR
Repo: biomejs/biome PR: 0
File: crates/biome_analyze/CONTRIBUTING.md:0-0
Timestamp: 2025-11-24T18:04:42.146Z
Learning: Applies to crates/biome_analyze/**/biome_rule_options/lib/**/*.rs : The rule option serde configuration must include 'rename_all = "camelCase"' to match biome.json naming conventions

Applied to files:

• crates/biome_rule_options/src/no_proto.rs

📚 Learning: 2025-11-24T18:04:42.146Z

Learnt from: CR
Repo: biomejs/biome PR: 0
File: crates/biome_analyze/CONTRIBUTING.md:0-0
Timestamp: 2025-11-24T18:04:42.146Z
Learning: Applies to crates/biome_analyze/**/biome_*_analyze/lib/src/**/!(mod).rs : Code blocks in documentation marked with 'options' should contain only rule-specific options in JSON/JSONC format, while 'full_options' contains complete biome.json configuration

Applied to files:

• crates/biome_rule_options/src/no_proto.rs

📚 Learning: 2025-11-24T18:04:42.146Z

Learnt from: CR
Repo: biomejs/biome PR: 0
File: crates/biome_analyze/CONTRIBUTING.md:0-0
Timestamp: 2025-11-24T18:04:42.146Z
Learning: Applies to crates/biome_analyze/**/biome_*_analyze/lib/src/**/!(mod).rs : Rule documentation must have a '## Options' section after the '## Examples' section if the rule supports options, with each option having its own h3 header

Applied to files:

• crates/biome_rule_options/src/no_proto.rs

📚 Learning: 2025-11-24T18:04:42.146Z

Learnt from: CR
Repo: biomejs/biome PR: 0
File: crates/biome_analyze/CONTRIBUTING.md:0-0
Timestamp: 2025-11-24T18:04:42.146Z
Learning: Applies to crates/biome_analyze/**/biome_rule_options/lib/**/*.rs : Rule option fields should use 'Box<[Box<str>]>' instead of 'Vec<String>' for array types to save memory

Applied to files:

• crates/biome_rule_options/src/no_proto.rs

📚 Learning: 2025-11-24T18:04:42.146Z

Learnt from: CR
Repo: biomejs/biome PR: 0
File: crates/biome_analyze/CONTRIBUTING.md:0-0
Timestamp: 2025-11-24T18:04:42.146Z
Learning: Applies to crates/biome_analyze/**/biome_*_analyze/tests/specs/**/*.{js,ts,tsx,jsx,json,css,graphql} : Test files should use 'invalid' or 'valid' prefixes to indicate whether they contain code reported by the rule

Applied to files:

• crates/biome_js_analyze/tests/specs/nursery/noProto/invalid.js
• crates/biome_js_analyze/tests/specs/nursery/noProto/valid.js

📚 Learning: 2025-11-24T18:04:42.146Z

Learnt from: CR
Repo: biomejs/biome PR: 0
File: crates/biome_analyze/CONTRIBUTING.md:0-0
Timestamp: 2025-11-24T18:04:42.146Z
Learning: Applies to crates/biome_analyze/**/biome_*_analyze/lib/src/**/!(mod).rs : Rule implementation should use 'Type Query = Ast<NodeType>' to query the AST/CST for specific node types

Applied to files:

• crates/biome_js_analyze/src/lint/nursery/no_proto.rs

📚 Learning: 2025-11-24T18:04:42.146Z

Learnt from: CR
Repo: biomejs/biome PR: 0
File: crates/biome_analyze/CONTRIBUTING.md:0-0
Timestamp: 2025-11-24T18:04:42.146Z
Learning: Applies to crates/biome_analyze/**/biome_*_analyze/lib/src/**/!(mod).rs : The 'language' field in 'declare_lint_rule!' should be set to the specific JavaScript dialect (jsx, ts, tsx) if the rule only applies to that dialect, otherwise use 'js'

Applied to files:

• crates/biome_js_analyze/src/lint/nursery/no_proto.rs

📚 Learning: 2025-11-24T18:04:42.146Z

Learnt from: CR
Repo: biomejs/biome PR: 0
File: crates/biome_analyze/CONTRIBUTING.md:0-0
Timestamp: 2025-11-24T18:04:42.146Z
Learning: Applies to crates/biome_analyze/**/biome_*_analyze/lib/src/**/!(mod).rs : Use 'declare_node_union!' macro to query multiple node types at once instead of repeating rule implementations for similar nodes

Applied to files:

• crates/biome_js_analyze/src/lint/nursery/no_proto.rs

📚 Learning: 2025-11-24T18:04:42.146Z

Learnt from: CR
Repo: biomejs/biome PR: 0
File: crates/biome_analyze/CONTRIBUTING.md:0-0
Timestamp: 2025-11-24T18:04:42.146Z
Learning: Applies to crates/biome_analyze/**/biome_*_analyze/lib/src/**/!(mod).rs : The 'declare_lint_rule!' macro must include a 'version' field set to 'next' to allow flexibility for the actual release version

Applied to files:

• crates/biome_js_analyze/src/lint/nursery/no_proto.rs

📚 Learning: 2025-11-24T18:04:42.146Z

Learnt from: CR
Repo: biomejs/biome PR: 0
File: crates/biome_analyze/CONTRIBUTING.md:0-0
Timestamp: 2025-11-24T18:04:42.146Z
Learning: Applies to crates/biome_analyze/**/biome_*_analyze/lib/src/**/!(mod).rs : Rules should use the semantic query 'Type Query = Semantic<NodeType>' to access semantic information like bindings and references

Applied to files:

• crates/biome_js_analyze/src/lint/nursery/no_proto.rs

📚 Learning: 2025-11-24T18:04:42.146Z

Learnt from: CR
Repo: biomejs/biome PR: 0
File: crates/biome_analyze/CONTRIBUTING.md:0-0
Timestamp: 2025-11-24T18:04:42.146Z
Learning: Applies to crates/biome_analyze/**/biome_*_analyze/lib/src/**/!(mod).rs : Rules that report duplication overriding previous occurrences should use the 'noDuplicate<Concept>' naming convention (e.g., `noDuplicateObjectKeys`)

Applied to files:

• crates/biome_js_analyze/src/lint/nursery/no_proto.rs

📚 Learning: 2025-11-24T18:04:42.146Z

Learnt from: CR
Repo: biomejs/biome PR: 0
File: crates/biome_analyze/CONTRIBUTING.md:0-0
Timestamp: 2025-11-24T18:04:42.146Z
Learning: Applies to crates/biome_analyze/**/biome_*_analyze/lib/src/**/!(mod).rs : Rules should be implemented with the 'impl Rule for RuleName' trait, including 'run' function that returns signals and optional 'diagnostic' and 'action' functions

Applied to files:

• crates/biome_js_analyze/src/lint/nursery/no_proto.rs

📚 Learning: 2025-11-24T18:04:42.146Z

Learnt from: CR
Repo: biomejs/biome PR: 0
File: crates/biome_analyze/CONTRIBUTING.md:0-0
Timestamp: 2025-11-24T18:04:42.146Z
Learning: Applies to crates/biome_analyze/**/biome_*_analyze/lib/src/**/!(mod).rs : Code blocks in rule documentation must specify a language and use 'expect_diagnostic' property for invalid snippets that should emit exactly one diagnostic

Applied to files:

• crates/biome_js_analyze/src/lint/nursery/no_proto.rs

📚 Learning: 2025-11-24T18:04:42.146Z

Learnt from: CR
Repo: biomejs/biome PR: 0
File: crates/biome_analyze/CONTRIBUTING.md:0-0
Timestamp: 2025-11-24T18:04:42.146Z
Learning: Applies to crates/biome_analyze/**/biome_*_analyze/lib/src/**/!(mod).rs : Rules can declare a 'recommended' field in 'declare_lint_rule!' to indicate if they should be enabled by default

Applied to files:

• crates/biome_js_analyze/src/lint/nursery/no_proto.rs

📚 Learning: 2025-11-24T18:04:42.146Z

Learnt from: CR
Repo: biomejs/biome PR: 0
File: crates/biome_analyze/CONTRIBUTING.md:0-0
Timestamp: 2025-11-24T18:04:42.146Z
Learning: Applies to crates/biome_analyze/**/biome_*_analyze/tests/specs/**/*.{js,ts,tsx,jsx,json,css,graphql} : Test files for rules should be placed inside 'tests/specs/' directory organized by group and rule name (e.g., 'tests/specs/nursery/myRuleName/')

Applied to files:

• crates/biome_js_analyze/tests/specs/nursery/noProto/valid.js

📚 Learning: 2025-11-24T18:04:42.146Z

Learnt from: CR
Repo: biomejs/biome PR: 0
File: crates/biome_analyze/CONTRIBUTING.md:0-0
Timestamp: 2025-11-24T18:04:42.146Z
Learning: Applies to crates/biome_analyze/**/biome_*_analyze/lib/src/**/!(mod).rs : Code blocks in documentation marked with 'expect_diagnostic' must emit exactly one diagnostic for the build system to generate it automatically

Applied to files:

• crates/biome_js_analyze/tests/specs/nursery/noProto/valid.js

🧬 Code graph analysis (2)

crates/biome_js_analyze/tests/specs/nursery/noProto/invalid.js (1)

crates/biome_js_analyze/tests/specs/nursery/noProto/valid.js (1)

• a (2-2)

crates/biome_js_analyze/src/lint/nursery/no_proto.rs (2)

crates/biome_service/src/workspace.rs (1)

• markup (1176-1178)

crates/biome_analyze/src/rule.rs (3)

• recommended (602-605)
• sources (617-620)
• same (246-251)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (14)

• GitHub Check: Test (depot-windows-2022-16)
• GitHub Check: Test (depot-ubuntu-24.04-arm-16)
• GitHub Check: Lint project (depot-windows-2022)
• GitHub Check: Check Dependencies
• GitHub Check: End-to-end tests
• GitHub Check: Documentation
• GitHub Check: Lint project (depot-ubuntu-24.04-arm-16)
• GitHub Check: Bench (biome_js_analyze)
• GitHub Check: Bench (biome_js_parser)
• GitHub Check: Bench (biome_js_formatter)
• GitHub Check: Test Node.js API
• GitHub Check: Check JS Files
• GitHub Check: Bench (biome_configuration)
• GitHub Check: autofix

🔇 Additional comments (7)

.changeset/wicked-papers-reply.md (1)

1-19: LGTM!

The changeset follows the correct format with proper tense usage and includes helpful examples demonstrating both invalid and valid patterns.

crates/biome_rule_options/src/lib.rs (1)

156-156: LGTM!

Module declaration correctly placed in alphabetical order.

crates/biome_rule_options/src/no_proto.rs (1)

1-6: LGTM!

The options struct correctly implements all required traits and follows the established patterns. The empty struct is appropriate since this rule doesn't require any configuration options.

crates/biome_js_analyze/src/lint/nursery/no_proto.rs (4)

9-44: LGTM!

The rule metadata is correctly configured with proper version, ESLint source attribution, and comprehensive documentation with appropriate examples.

---

46-48: LGTM!

The node union correctly captures both assignment and member expression patterns needed to detect __proto__ usage.

---

56-100: Consider the limitations of string-based detection.

The current implementation uses text comparison to detect __proto__ usage, which is generally appropriate for this rule. However, note that this approach will flag any property named __proto__, regardless of whether it's the special built-in property or a regular object property (e.g., const obj = { '__proto__': null } in an object literal).

This behaviour aligns with ESLint's no-proto rule, which also flags all uses of the property name. The string comparison approach is reasonable here since __proto__ is effectively deprecated in all contexts.

---

102-118: LGTM!

The diagnostic provides clear, actionable guidance with helpful notes explaining why __proto__ is deprecated and which alternatives to use.

[codspeed-hq]

CodSpeed Performance Report

Merging #8276 will not alter performance

_{Comparing hirokiokada77:feat/no-proto (bab8876) with main (b51968b)¹}

Summary

✅ 58 untouched
⏩ 95 skipped²

Footnotes

1. No successful run was found on main (ac0fb2d) during the generation of this report, so b51968b was used instead as the comparison base. There might be some changes unrelated to this pull request in this report. ↩

2. 95 benchmarks were skipped, so the baseline results were used instead. If they were deleted from the codebase, click here and archive them to remove them from the performance reports. ↩

[arendjr]

Nice work!

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

crates/biome_js_analyze/src/lint/nursery/no_proto.rs (1)

61-70: Logic is sound, but consider extracting the duplicated pattern.

The computed member detection logic (trimming quotes, comparing to "__proto__") is duplicated between assignment and expression branches. This works correctly, but you could extract a small helper to reduce repetition.

Optional refactor:

+fn is_proto_computed_member(text: &str) -> bool {
+    text.trim_matches(['\'', '"', '`']) == "__proto__"
+}
+
 impl Rule for NoProto {
     // ... in run():
-                    if assignment
-                        .member()
-                        .ok()?
-                        .to_trimmed_text()
-                        .trim_matches(['\'', '"', '`'])
-                        == "__proto__"
-                    {
+                    if is_proto_computed_member(&assignment.member().ok()?.to_trimmed_text()) {
                         return Some(());
                     }

Also applies to: 80-89

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c817a2e and 703c2e7.

📒 Files selected for processing (1)

• crates/biome_js_analyze/src/lint/nursery/no_proto.rs (1 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

**/*.rs

📄 CodeRabbit inference engine (CONTRIBUTING.md)

**/*.rs: Use the Rust dbg!() macro for debugging output during test execution, and pass the --show-output flag to cargo test to display debug output.
Use snapshot testing with the insta crate for testing in Rust projects. Accept or reject snapshots using cargo insta accept, cargo insta reject, or cargo insta review.
Write doc comments as doc tests in Rust using code blocks with assertions that will be executed during the testing phase.
Use rustdoc inline documentation for rules, assists, and their options. Create corresponding documentation PRs for other documentation updates against the next branch of the website repository.
Set the version metadata field in linter rule implementations to 'next' for newly created rules. Update this field to the new version number when releasing a minor or major version.

Files:

• crates/biome_js_analyze/src/lint/nursery/no_proto.rs

🧠 Learnings (14)

📓 Common learnings

Learnt from: CR
Repo: biomejs/biome PR: 0
File: crates/biome_analyze/CONTRIBUTING.md:0-0
Timestamp: 2025-11-24T18:04:42.146Z
Learning: Applies to crates/biome_analyze/**/biome_*_analyze/lib/src/**/!(mod).rs : Rule names should follow the 'no<Concept>' prefix when a rule's sole intention is to forbid a single concept (e.g., `noDebugger` for disallowing debugger statements)

📚 Learning: 2025-11-24T18:04:42.146Z

Learnt from: CR
Repo: biomejs/biome PR: 0
File: crates/biome_analyze/CONTRIBUTING.md:0-0
Timestamp: 2025-11-24T18:04:42.146Z
Learning: Applies to crates/biome_analyze/**/biome_*_analyze/lib/src/**/!(mod).rs : Rules ported from other ecosystems should include a 'sources' field in the 'declare_lint_rule!' macro with RuleSource metadata (e.g., '::ESLint')

Applied to files:

• crates/biome_js_analyze/src/lint/nursery/no_proto.rs

📚 Learning: 2025-11-24T18:04:42.146Z

Learnt from: CR
Repo: biomejs/biome PR: 0
File: crates/biome_analyze/CONTRIBUTING.md:0-0
Timestamp: 2025-11-24T18:04:42.146Z
Learning: Applies to crates/biome_analyze/**/biome_*_analyze/lib/src/**/!(mod).rs : Rule implementation should use 'Type Query = Ast<NodeType>' to query the AST/CST for specific node types

Applied to files:

• crates/biome_js_analyze/src/lint/nursery/no_proto.rs

📚 Learning: 2025-11-24T18:04:42.146Z

Learnt from: CR
Repo: biomejs/biome PR: 0
File: crates/biome_analyze/CONTRIBUTING.md:0-0
Timestamp: 2025-11-24T18:04:42.146Z
Learning: Applies to crates/biome_analyze/**/biome_*_analyze/lib/src/**/!(mod).rs : Deprecated rules must include a 'deprecated' field in the 'declare_lint_rule!' macro with the reason for deprecation

Applied to files:

• crates/biome_js_analyze/src/lint/nursery/no_proto.rs

📚 Learning: 2025-11-24T18:04:42.146Z

Learnt from: CR
Repo: biomejs/biome PR: 0
File: crates/biome_analyze/CONTRIBUTING.md:0-0
Timestamp: 2025-11-24T18:04:42.146Z
Learning: Applies to crates/biome_analyze/**/biome_*_analyze/lib/src/**/!(mod).rs : The 'language' field in 'declare_lint_rule!' should be set to the specific JavaScript dialect (jsx, ts, tsx) if the rule only applies to that dialect, otherwise use 'js'

Applied to files:

• crates/biome_js_analyze/src/lint/nursery/no_proto.rs

📚 Learning: 2025-11-24T18:04:42.146Z

Learnt from: CR
Repo: biomejs/biome PR: 0
File: crates/biome_analyze/CONTRIBUTING.md:0-0
Timestamp: 2025-11-24T18:04:42.146Z
Learning: Applies to crates/biome_analyze/**/biome_*_analyze/lib/src/**/!(mod).rs : The 'declare_lint_rule!' macro must include a 'version' field set to 'next' to allow flexibility for the actual release version

Applied to files:

• crates/biome_js_analyze/src/lint/nursery/no_proto.rs

📚 Learning: 2025-11-24T18:04:42.146Z

Learnt from: CR
Repo: biomejs/biome PR: 0
File: crates/biome_analyze/CONTRIBUTING.md:0-0
Timestamp: 2025-11-24T18:04:42.146Z
Learning: Applies to crates/biome_analyze/**/biome_*_analyze/lib/src/**/!(mod).rs : Use 'declare_node_union!' macro to query multiple node types at once instead of repeating rule implementations for similar nodes

Applied to files:

• crates/biome_js_analyze/src/lint/nursery/no_proto.rs

📚 Learning: 2025-11-24T18:04:42.146Z

Learnt from: CR
Repo: biomejs/biome PR: 0
File: crates/biome_analyze/CONTRIBUTING.md:0-0
Timestamp: 2025-11-24T18:04:42.146Z
Learning: Applies to crates/biome_analyze/**/biome_*_analyze/lib/src/**/!(mod).rs : Rule names should follow the 'no<Concept>' prefix when a rule's sole intention is to forbid a single concept (e.g., `noDebugger` for disallowing debugger statements)

Applied to files:

• crates/biome_js_analyze/src/lint/nursery/no_proto.rs

📚 Learning: 2025-11-24T18:04:42.146Z

Learnt from: CR
Repo: biomejs/biome PR: 0
File: crates/biome_analyze/CONTRIBUTING.md:0-0
Timestamp: 2025-11-24T18:04:42.146Z
Learning: Applies to crates/biome_analyze/**/biome_*_analyze/lib/src/**/!(mod).rs : Rules that overwhelmingly apply to a specific framework should be named using 'use<Framework>...' or 'no<Framework>...' prefix (e.g., `noVueReservedProps`)

Applied to files:

• crates/biome_js_analyze/src/lint/nursery/no_proto.rs

📚 Learning: 2025-11-24T18:04:42.146Z

Learnt from: CR
Repo: biomejs/biome PR: 0
File: crates/biome_analyze/CONTRIBUTING.md:0-0
Timestamp: 2025-11-24T18:04:42.146Z
Learning: Applies to crates/biome_analyze/**/biome_*_analyze/lib/src/**/!(mod).rs : Rules should use the semantic query 'Type Query = Semantic<NodeType>' to access semantic information like bindings and references

Applied to files:

• crates/biome_js_analyze/src/lint/nursery/no_proto.rs

📚 Learning: 2025-11-24T18:04:42.146Z

Learnt from: CR
Repo: biomejs/biome PR: 0
File: crates/biome_analyze/CONTRIBUTING.md:0-0
Timestamp: 2025-11-24T18:04:42.146Z
Learning: Applies to crates/biome_analyze/**/biome_*_analyze/lib/src/**/!(mod).rs : Rules can declare 'domains' field in 'declare_lint_rule!' to specify which domain(s) they belong to (e.g., RuleDomain::Test for testing rules)

Applied to files:

• crates/biome_js_analyze/src/lint/nursery/no_proto.rs

📚 Learning: 2025-11-24T18:04:42.146Z

Learnt from: CR
Repo: biomejs/biome PR: 0
File: crates/biome_analyze/CONTRIBUTING.md:0-0
Timestamp: 2025-11-24T18:04:42.146Z
Learning: Applies to crates/biome_analyze/**/biome_*_analyze/lib/src/**/!(mod).rs : Rules can declare a 'recommended' field in 'declare_lint_rule!' to indicate if they should be enabled by default

Applied to files:

• crates/biome_js_analyze/src/lint/nursery/no_proto.rs

📚 Learning: 2025-11-24T18:04:42.146Z

Learnt from: CR
Repo: biomejs/biome PR: 0
File: crates/biome_analyze/CONTRIBUTING.md:0-0
Timestamp: 2025-11-24T18:04:42.146Z
Learning: Applies to crates/biome_analyze/**/biome_*_analyze/lib/src/**/!(mod).rs : Rules should be implemented with the 'impl Rule for RuleName' trait, including 'run' function that returns signals and optional 'diagnostic' and 'action' functions

Applied to files:

• crates/biome_js_analyze/src/lint/nursery/no_proto.rs

📚 Learning: 2025-11-24T18:04:42.146Z

Learnt from: CR
Repo: biomejs/biome PR: 0
File: crates/biome_analyze/CONTRIBUTING.md:0-0
Timestamp: 2025-11-24T18:04:42.146Z
Learning: Applies to crates/biome_analyze/**/biome_*_analyze/lib/src/**/!(mod).rs : Code blocks in rule documentation must specify a language and use 'expect_diagnostic' property for invalid snippets that should emit exactly one diagnostic

Applied to files:

• crates/biome_js_analyze/src/lint/nursery/no_proto.rs

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (15)

• GitHub Check: Test Node.js API
• GitHub Check: Check JS Files
• GitHub Check: autofix
• GitHub Check: Bench (biome_configuration)
• GitHub Check: Validate rules documentation
• GitHub Check: Bench (biome_js_parser)
• GitHub Check: Test (depot-windows-2022-16)
• GitHub Check: Bench (biome_js_formatter)
• GitHub Check: Bench (biome_js_analyze)
• GitHub Check: Lint project (depot-windows-2022)
• GitHub Check: Test (depot-ubuntu-24.04-arm-16)
• GitHub Check: Check Dependencies
• GitHub Check: Documentation
• GitHub Check: End-to-end tests
• GitHub Check: Lint project (depot-ubuntu-24.04-arm-16)

🔇 Additional comments (3)

crates/biome_js_analyze/src/lint/nursery/no_proto.rs (3)

9-44: LGTM! Rule declaration is well-structured.

All required fields are present: version: "next", sources correctly referencing ESLint, and recommended: true is a sensible default for this rule. The documentation examples properly use expect_diagnostic for invalid cases.

---

46-48: Good use of declare_node_union!.

This correctly combines assignment and member expression nodes to catch both read and write uses of __proto__. Based on learnings, this is the preferred approach over duplicating rule implementations.

---

102-118: Clear diagnostic messages with helpful guidance.

The diagnostic correctly highlights the issue and provides actionable alternatives. The two notes effectively explain both the "why" (deprecation) and the "what to do" (use Object methods).