Validate Lightning Component Public API (secure-component)

This rule validates that only public, supported framework API functions and properties are used.
When LockerService is enabled, the framework prevents the use of unsupported API objects or calls. That means your Lightning components code is allowed to use:
  • Features built into JavaScript (“intrinsic” features)
  • Published, supported features built into the Lightning Component framework
  • Published, supported features built into LockerService SecureObject objects

Prior to LockerService, when you created or obtained a reference to a component, you could call any function and access any property available on that component, even if it wasn’t public. When LockerService is enabled, components are “wrapped” by a new SecureComponent object, which controls access to the component and its functions and properties. SecureComponent restricts you to using only published, supported component API.

Rule Details

The reference doc app lists the API for SecureComponent. Access the reference doc app at:

https://<myDomain>.lightning.force.com/auradocs/reference.app, where <myDomain> is the name of your custom Salesforce domain.

The API for SecureComponent is listed at JavaScript API | Component.