Magic numbers and strings scattered across logic files make the codebase unreadable and misconfiguration-prone. When the same timeout value appears as 3000 in five places, changing the business rule requires a grep hunt across the codebase — and missing one copy silently introduces inconsistency. ISO 25010 maintainability.analysability degrades because developers cannot distinguish a meaningful business threshold from an arbitrary implementation detail. Magic values in business rule logic are particularly dangerous because they look identical to arbitrary constants.
Low because magic values obscure intent and make configuration changes error-prone, but they do not typically cause correctness failures unless multiple copies get out of sync.
Consolidate logic-driving constants in a dedicated constants file and replace each inline usage with the named import:
// lib/constants.ts
export const RETRY_DELAY_MS = 3000
export const SESSION_TIMEOUT_MS = 30 * 60 * 1000 // 30 minutes
export const PASSING_SCORE_THRESHOLD = 75
export const STORAGE_KEYS = {
USER_TOKEN: 'user_token',
PREFERENCES: 'user_preferences',
} as const
When the business rule changes, update one place. The self-documenting multiplication 30 * 60 * 1000 is better than the magic 1800000.
ID: code-maintainability.naming-conventions.no-magic-values
Severity: low
What to look for: Look for numeric literals and string literals used directly in logic (not in UI labels or static content). Common violations:
setTimeout(fn, 3000) instead of const RETRY_DELAY_MS = 3000if (status === 404) instead of using named constantsif (score > 75) instead of const PASSING_SCORE_THRESHOLD = 75localStorage.setItem('user_token', ...) appearing in many placesExclude: simple array indexes, CSS values in style objects, log messages, test fixtures, and UI label strings. Focus on values that represent business rules, configuration, or limits.
Pass criteria: Count all numeric and string literals used in logic code (excluding UI text, 0, 1, -1). Logic-driving numbers and string constants are defined as named constants when they appear in more than one place or represent a non-obvious business rule. No more than 2 unexplained magic values across all logic files. Report the count: "Found X magic values across Y logic files."
Fail criteria: 3 or more instances of unexplained numeric or string literals found in logic code (not UI text, not obvious values like 0, 1, -1).
Skip (N/A) when: The project contains only UI markup with no business logic. Signal: no JavaScript logic files, only HTML/template files.
Detail on fail: "Magic numbers found: setTimeout callbacks use 3000, 5000, 10000 without named constants. Score thresholds 75 and 90 appear in 3 different files. HTTP status 404, 500 checked by literal value in 4 route handlers."
Remediation: Magic values obscure intent and make configuration changes error-prone. Consolidate them in a constants file:
// lib/constants.ts
export const RETRY_DELAY_MS = 3000
export const SESSION_TIMEOUT_MS = 30 * 60 * 1000 // 30 minutes — self-documenting
export const PASSING_SCORE_THRESHOLD = 75
export const STORAGE_KEYS = {
USER_TOKEN: 'user_token',
PREFERENCES: 'user_preferences',
} as const
Then replace magic values with the named import. When the business rule changes, you update one place.