eslint-config-standard icon indicating copy to clipboard operation
eslint-config-standard copied to clipboard

Published 20 hours ago verified publisher icon standard

feat: detect extraneous/missing imports/requires

Open julien-f opened this issue 7 years ago • 7 comments

  • extraneous: modules that are absent from package.json
  • missing: modules that do not exist (necessary for local modules)

I have started testing this config in my projects, it seems to work fine, I did not see any major perf impact but we should pay attention to it.

julien-f avatar Nov 29 '17 13:11 julien-f

Any idea why the tests are failing?

julien-f avatar Dec 05 '17 08:12 julien-f

It seems like the following code is now producing two errors 🤔

var foo = 1
var bar = function () {}
bar(foo)

https://github.com/standard/eslint-config-standard/blob/176bbdd49bb929119c0227f27f54aa30f4b35e5b/test/validate-config.js#L12-L14

LinusU avatar Dec 05 '17 11:12 LinusU

@mysticatea any idea?

julien-f avatar Dec 05 '17 11:12 julien-f

eslint-plugin-node is an old version which does not include those rules.

{ filePath: '<text>',
  messages:
   [ { ruleId: 'node/no-extraneous-import',
       severity: 2,
       message: 'Definition for rule \'node/no-extraneous-import\' was not found',
       line: 1,
       column: 1,
       nodeType: 'Program',
       source: 'var foo = 1' },
     { ruleId: 'node/no-extraneous-require',
       severity: 2,
       message: 'Definition for rule \'node/no-extraneous-require\' was not found',
       line: 1,
       column: 1,
       nodeType: 'Program',
       source: 'var foo = 1' } ],
  errorCount: 2,
  warningCount: 0,
  source: 'var foo = 1\nvar bar = function () {}\nbar(foo)\n' }

mysticatea avatar Dec 06 '17 03:12 mysticatea

Thank you! I have upgraded eslint-plugin-node to 5.2.1 and the tests are passing.

@mysticatea what's your opinion of enabling these rules in standard and do you have any suggested config?

julien-f avatar Dec 06 '17 08:12 julien-f

@julien-f It's a good idea. But if users use AMD's require or customized lookup algorithm, it might make false positive.

mysticatea avatar Dec 07 '17 09:12 mysticatea

I'm not sure this belongs in a javascript linter but leaning towards that it might rather belong in something that focused on linting ones dependencies.

Apart from the linting this PR mentions such linting can eg:

  • Check security issues (something npm now does)
  • Check that lock-file and package.json is in sync
  • Check that the currently installed modules are the ones they are supposed to be
  • Check that all included modules comply with the projects specified version range.

(Disclaimer: I co-maintain one such linter, https://github.com/maxogden/dependency-check, and have created a complementary such linter myself as well, https://github.com/voxpelli/node-installed-check/)

As eslint-plugin-node already supports this, I guess it doesn't hurt, but it may make people feel safe about their dependency linting rather than looking into a more complete solution for dependency linting

voxpelli avatar Jul 13 '18 13:07 voxpelli