If I use Cu.importGlobalProperties(["fetch"]) in my jsm, I also get access to the fetch function, and I also get access to the Request, Response and Headers objects. These extra globals cannot be imported separately. See Sandbox.cpp: https://searchfox.org/mozilla-central/rev/6d748c47a82f59d75c22bf301177ad8fb10f786b/js/xpconnect/src/Sandbox.cpp#348-350 > static bool > SandboxCreateFetch(JSContext* cx, HandleObject obj) > { > MOZ_ASSERT(JS_IsGlobalObject(obj)); > > return JS_DefineFunction(cx, obj, "fetch", SandboxFetchPromise, 2, 0) && > dom::Request_Binding::GetConstructorObject(cx) && > dom::Response_Binding::GetConstructorObject(cx) && > dom::Headers_Binding::GetConstructorObject(cx); > } Linting does not know about these additional imports, so if somebody uses e.g. Request, linting will consider Request undeclared. I think there are two solutions: 1) Stop sneakily importing additional stuff in importGlobalProperties and instead force the consumer to import each of those extra globals one-by-one; or: 2) Adjust linting to know about these additional objects. If we do 2), we should mark the additional objects with explicit:false because they might be unused. I have a patch that implements 2). There's one snag with that: Somebody might do importGlobalProperties(["fetch"]) and just want e.g. the Request object but *not* use the fetch function. But the fetch global would still be marked as explicit, and there would be a warning if it's unused. My patch does not address case.

Thanks for the patch, however looking at it, I believe that the recent scope changes for JSMs (bug 1489301) has just made these available in global scope by default - as a result bug 1502048 has just added these to a new "privileged" environment which is enabled almost everywhere. So I think we don't need to do this, and if I'm understanding correctly, then the sandbox no longer needs to define those extra items (unless there's some other scope I don't know about).

You're right. I got these lint errors when running "mach eslint" locally, but I didn't get them in Phabricator, so I was already a bit surprised. I'll rebase onto the current mozilla-central.