uinaf/react-ban-use-effect
skills/react-ban-use-effect/SKILL.md
Ban direct `useEffect` in React code. Use when writing, refactoring, reviewing, or migrating React components or hooks that import, call, add, or replace direct `useEffect`; when an agent reaches for effects for derived state, fetching, event reactions, resets, or external sync; or when adding lint/agent rules for a no-direct-useEffect policy. Do not use for ordinary React work with no effect smell, non-React code, or legitimate effect architecture outside React.
$ install --global
skillsauthnpx skillsauth add uinaf/skills react-ban-use-effectInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 29, 2026, 2:09 AM50.2s6 files scanned
SKILL.md
- name:
- react-ban-use-effect
- description:
- Ban direct `useEffect` in React code. Use when writing, refactoring, reviewing, or migrating React components or hooks that import, call, add, or replace direct `useEffect`; when an agent reaches for effects for derived state, fetching, event reactions, resets, or external sync; or when adding lint/agent rules for a no-direct-useEffect policy. Do not use for ordinary React work with no effect smell, non-React code, or legitimate effect architecture outside React.
React Ban useEffect
Default stance: do not import or call useEffect directly in React components. Treat effects as an escape hatch for synchronizing with external systems, not as the default place to put render, event, data, or reset logic.
Start Here
- Search the touched React surface for direct
useEffectimports and calls. - Classify each effect by intent before editing:
- render-time derivation
- data fetching or server state
- response to a user action
- local state reset on identity change
- async UI, pending state, or request waterfall
- external-system synchronization
- Replace it with the narrowest declarative pattern from references/replacements.md.
- For data, forms, external stores, or performance work, also check the stronger alternative map in references/alternatives.md.
- Keep behavior proof concrete: run the repo's lint/type/test gate, React Doctor diff scan when available, plus the smallest runtime or component check that exercises the changed path.
Replacement Ladder
Use the highest applicable layer:
- render-time calculation
- server, loader, or framework data API
- server-state library such as TanStack Query, SWR, Relay, or Apollo
- event handler, form action, or mutation
- keyed component boundary
useSyncExternalStore, approved mount sync, or a reviewed dependency-aware external-sync exception
If none of these fit, stop and explain why the code truly needs an effect instead of adding direct useEffect.
Allowed Escape Hatches
Prefer existing repo wrappers. If the repo has no standard, add mount-only sync close to shared React hooks:
import { useEffect } from "react";
export function useMountEffect(effect: () => void | (() => void)) {
// eslint-disable-next-line react-hooks/exhaustive-deps
useEffect(effect, []);
}
Good mount uses are browser API setup, DOM focus/scroll integration, and third-party widget lifecycles. Prefer useSyncExternalStore for external stores or browser values that change over time. If an external system must resync when a prop or state value changes, require an explicit reviewed exception or dependency-aware wrapper that keeps dependencies honest. Do not use wrappers to hide dependency problems, fetch server state, copy props into state, or relay user actions.
Enforcement
For new policy work, prefer the repo's existing ESLint shape. The usual rule is no-restricted-imports against useEffect from react, with the message pointing developers to declarative replacements and approved wrappers. Also block namespace calls such as React.useEffect(...) with no-restricted-syntax or a custom rule. Allow shared wrapper files as the only direct-import/call exceptions. If the repo already uses another lint shape, preserve that local convention.
If the repo uses React Doctor, prefer its native rules for effect smells (no-fetch-in-effect, no-derived-state-effect) in addition to the import ban. Keep suppressions line-local and rule-specific.
For reviews, treat new direct useEffect as a finding unless the diff also introduces a clear, reviewed exception. Ask for a replacement plan rather than dependency-array tuning.
For upstream provenance and uinaf tailoring notes, use references/upstream.md.
Boundaries
- Scope the change to the touched path or requested migration slice.
- Preserve the repo's existing data, lint, hook, and framework conventions.
- Leave
useLayoutEffect, framework lifecycle APIs, and non-React effect systems alone unless requested. - Use performance primitives only for real UI/perf evidence, React Doctor findings, or established repo patterns.
Sources
Core sources and the broader alternatives bibliography live in references/alternatives.md.
Related Skills
uinaf/review-gang
development
VerifiedTrustedCommunity
Independently audit existing code, diffs, branches, or pull requests by spawning mandatory concern-specific reviewer subagents, then synthesizing their evidence into a ship decision. Use when triaging PR risk, deciding whether someone else's change is safe to ship, or following up after runtime proof. Produces a `ship it` / `needs review` / `blocked` verdict. Do not use to self-check a change you just authored.
2SKILL.mdUpdated May 24, 2026
uinaf/gh-setup
testing
VerifiedTrustedCommunity
Set up or align a repository's GitHub collaboration and delivery surface: repo settings, branch/ruleset policy, PR and security templates, Actions hardening, GitHub Environments, release workflows, and deploy workflows. Use when standardizing GitHub setup for repos, CI/CD, publishing versioned packages, or deploying running apps; route app deploy details to deploy references and package publish details to release references.
2SKILL.mdUpdated May 24, 2026
uinaf/autoreview
tools
VerifiedTrustedCommunity
Run structured Codex/Claude autoreview closeout for uncommitted changes, branch/PR diffs, or single commits: choose the target, run the bundled review helper, validate findings, and rerun focused tests until clean. Use when asked for autoreview, Codex review, Claude review, automated PR review, second-model review, or merge-readiness review.
2SKILL.mdUpdated May 24, 2026
uinaf/codex-review
tools
VerifiedTrustedCommunity
Run Codex's built-in `codex review` closeout: pick local/branch/commit targets, run the helper or raw review command, filter findings, and rerun focused tests plus review until clean. Use when the user asks for Codex review, autoreview, second-model review, merge-readiness review, or parallel tests plus review before final, commit, ship, or PR update.
2SKILL.mdUpdated May 16, 2026