no-extra-bind fix could be unsafe

[helixbass]

Tell us about your environment
Came across this while testing no-extra-bind for Coffeescript custom parser

• ESLint Version:
  5.5.0
• Node Version:
  8.11.4
• npm Version:
  6.2.0

What parser (default, Babel-ESLint, etc.) are you using?
Coffeescript custom parser (but the issue is the same with standard parser)

Please show your full configuration:
The relevant configuration is no-extra-bind: error with fixing enabled

What did you do? Please include the actual source code causing the issue, as well as the command that you used to run ESLint.

I noticed that no-extra-bind when fixing blindly removes the .bind(...) without inspecting the argument to .bind(). This seems like it could change meaning if the argument is not side-effect-free

For example:

function () {}.bind(a())

or:

function () {}.bind(b++)

What did you expect to happen?
It should presumably still report the unnecessary .bind() but not fix if it's unsafe to remove the .bind(...)

What actually happened? Please include the actual, raw output from ESLint.
The fix removed the .bind(...)

I could take a crack at fixing this but it'd be helpful to know if there are already established patterns for checking if a node is "side-effect-free"?

[not-an-aardvark]

Thanks for the report, I can reproduce this issue.

I could take a crack at fixing this but it'd be helpful to know if there are already established patterns for checking if a node is "side-effect-free"?

Not that I know of. I think the list of "side-effect-free" nodes is fairly small -- it seems like it would typically just contain identifiers, literals, and function expressions. (There are some other cases where things could be guaranteed to be side-effect-free, such as empty objects or class expressions without any computed method names, but it doesn't seem necessary to cover every case since this just affects whether an autofix is attempted.)

[platinumazure]

Working on this.