Issue #432: Migrate linting and formatting to Biome

[Priyanshubhartistm]

Description

• Migrated the linting and formatting toolchain to Biome.
• Added Biome configuration for linting and formatting behavior.
• Updated npm scripts for lint, lint report, lint fix, format, and format check to use Biome.
• Updated CI lint pipeline to run Biome.
• Updated project documentation to reference Biome workflow.
• Removed legacy ESLint configuration and ESLint dependencies.
• Updated lockfile after dependency migration.

Related Issue

Closes #432

Motivation and Context

• Use a single tool for linting and formatting.
• Simplify tooling and maintenance.
• Improve performance compared to separate lint/format tools.

How Has This Been Tested?

• npm run lint
• npm run build:check

Screenshots (if appropriate):

N/A

Types of changes

• Non-functional change (docs, style, minor refactor)
• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

• My code follows the code style of this project.
• My change requires a change to the documentation.
• I have updated the documentation accordingly.
• I have read the CONTRIBUTING document.
• I have added tests to cover my code changes.
• All new and existing tests passed.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	axios@​1.15.0 ⏵ 1.7.7	+2	-75
	@​types/​sinon-chai@​3.2.12 ⏵ 3.2.8	+1		+1
	@​types/​pg@​8.20.0 ⏵ 8.6.5
	@​types/​ws@​8.18.1 ⏵ 8.5.12
	@​types/​chai-as-promised@​7.1.8 ⏵ 7.1.5			+1
	@​types/​sinon@​10.0.20 ⏵ 10.0.11			+1
	@​types/​chai@​4.3.20 ⏵ 4.3.1	+1		+1
	@​types/​ramda@​0.28.25 ⏵ 0.28.13	+1		-1	-1
	mochawesome@​7.1.4 ⏵ 7.1.3
	chai-as-promised@​7.1.2 ⏵ 7.1.1	+1
	pg-query-stream@​4.3.0
	chai@​4.5.0 ⏵ 4.3.6	+1
	pg@​8.9.0
	@​biomejs/​biome@​2.4.11

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Critical CVE: npm form-data uses unsafe random function in form-data for choosing boundary CVE: GHSA-fjxv-7rqg-78g4 form-data uses unsafe random function in form-data for choosing boundary (CRITICAL) Affected versions: < 2.5.4; >= 3.0.0 < 3.0.4; >= 4.0.0 < 4.0.4 Patched version: 4.0.4 From: package-lock.json → npm/axios@1.7.7 → npm/form-data@4.0.0 ℹ Read more on: This package | This alert | What is a critical CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/form-data@4.0.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Critical CVE: Handlebars.js has JavaScript Injection via AST Type Confusion CVE: GHSA-2w6w-674q-4c4q Handlebars.js has JavaScript Injection via AST Type Confusion (CRITICAL) Affected versions: >= 4.0.0 < 4.7.9 Patched version: 4.7.9 From: package-lock.json → npm/@semantic-release/release-notes-generator@10.0.3 → npm/handlebars@4.7.7 ℹ Read more on: This package | This alert | What is a critical CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/handlebars@4.7.7. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm axios is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package-lock.json → npm/axios@1.7.7 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/axios@1.7.7. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[Copilot]

Pull request overview

Migrates the project’s JavaScript/TypeScript linting + formatting workflow from ESLint (and related tooling) to Biome, updating developer docs and CI to use the new toolchain.

Changes:

• Added biome.json and @biomejs/biome dev dependency; updated npm scripts to run Biome for linting/formatting.
• Updated GitHub Actions CI checks to run the new lint command.
• Updated documentation and removed legacy ESLint config/ignore files.

Reviewed changes

Copilot reviewed 7 out of 8 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
README.md	Documents the new Biome lint/format commands under the Tests section.
package.json	Replaces ESLint scripts with Biome scripts; adds Biome as a dev dependency; removes ESLint-related deps.
CONTRIBUTING.md	Updates contributor guidance to reference Biome for code-quality checks.
biome.json	Introduces Biome configuration (formatter + linter rules).
.github/workflows/checks.yml	Updates the lint job step name and runs npm run lint (now Biome-based).
.eslintrc.js	Removed legacy ESLint configuration.
.eslintignore	Removed legacy ESLint ignore file.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

lint:fix no longer runs Knip first (previously npm run lint -- --fix would), so running the fix script may skip the dead-code/dependency checks that npm run lint performs. To keep parity with lint (and the previous behavior), consider delegating lint:fix to npm run lint and passing Biome’s write flag through, or otherwise prefixing lint:fix with npm run knip as well.

Suggested change

	"lint:fix": "biome lint --write ./src ./test",
	"lint:fix": "npm run lint -- --write",

[Copilot]

The Biome config sets correctness.noUnusedVariables to warn, which will allow unused vars to pass CI even though the previous ESLint setup treated unused vars as an error. If the intent is a tool migration without relaxing checks, consider making this an error-level rule and (if supported) preserving the previous convention of ignoring intentionally-unused parameters prefixed with _.

Suggested change

	"correctness": { "noUnusedVariables": "warn" },
	"correctness": { "noUnusedVariables": "error" },