No error swallowing

ab-002594 · project-snapshot.error-handling.no-error-swallowing

Severity: highactive

Why it matters

An empty catch (e) {} block converts a real failure — a failed payment write, a corrupted cache entry, a rejected background job — into a silent success from the caller's point of view. The calling code gets its null or its "ok" response and moves on; the incident only surfaces days later when a user complains or a reconciliation job finds the gap. AI coding tools generate these blocks when they're uncertain about which error types a library throws and default to "catch everything and keep going" rather than surfacing or re-throwing. The class of bug this produces is the worst kind to debug, because there's no stack trace, no log line, and no alert — the only evidence is the downstream data that should exist and doesn't.

Severity rationale

High because silent swallowing hides failures of any severity — including security-critical ones like authorization check failures or payment-write rejections — while making production debugging impossible after the fact.

Remediation

Always log or re-throw:

try { ... } catch (e) {
  console.error('Failed to parse cache entry:', e)
  return null  // explicit fallback, with log
}

Deeper remediation guidance and cross-reference coverage for this check lives in the saas-error-handling Pro audit — run that after applying this fix for a more exhaustive pass on the same topic.

Detection

ID: project-snapshot.error-handling.no-error-swallowing
Severity: high
What to look for: Enumerate every try { ... } catch (e) { ... } block in the codebase. Classify each catch body as: (a) re-throws or returns an error response, (b) logs the error AND handles gracefully, (c) silently swallows (empty body, or only // ignore comment, or returns generic success without logging).
Pass criteria: Less than 10% of catch blocks are in category (c).
Fail criteria: 10% or more catches silently swallow errors.
Skip (N/A) when: No try/catch blocks in source.
Do NOT pass when: A catch logs to console.log but the project ships console.log removal in production builds — effectively silent.
Report even on pass: "Found N try/catch blocks; M re-throw or respond with error, K log+handle, S silently swallow. Swallow rate: S/N = X%."
Detail on fail: "4 of 18 catch blocks silently swallow errors (22%); examples: src/lib/cache.ts:34 (empty catch), src/lib/parser.ts:88 (returns null without log)".

Remediation: Always log or re-throw:

try { ... } catch (e) {
  console.error('Failed to parse cache entry:', e)
  return null  // explicit fallback, with log
}

Taxons

project-snapshot error-resilience

History

2026-04-22·v1.0.0·Initial import from project-snapshot via Phase 8.1 bundling·by phase-8-1-bundle-project-snapshot