green-code-initiative / ecocode-javascript Goto Github PK

Describe the bug

Integration of ecoCode-javascript with SonarLint does not work.
An error is thrown in all files instead of displaying code smell reports

Versions

• ecoCode-javascript version: 1.4.0 dev
• SonarQube version: 10.1 or 10.2

Screenshots

Team 5R

Is your feature request related to a problem? Please describe.

In JS, we can write strings inside :

• Single quotes ;
• Double quotes ;
• Backticks.

By using backticks, we can inject variables that will be evaluated on runtime, just like that :

console.log(`this is my ${variable} content.`);

I made a simple jsperf test to evaluate the performance between each approach.

<!-- HTML -->
<p id="my-para"></p>

// JS. Test 1.
document.getElementById('my-para').textContent = 'A few words...';

// JS. Test 2.
document.getElementById('my-para').textContent = "A few words...";

// JS. Test 3.
document.getElementById('my-para').textContent =  `A few words...`;

Here are the results :

1. Using double quotes is always fastest ;
2. Using backticks is always slowest.

Describe the solution you'd like

A dedicated rule?
Backticks without interpolation needs should be avoid.

Hello,

I'm Alex, Product Manager at Sonar.

SonarQube 10.4 will come with a feature to only download Sonar analyzers and 3rd-party plugins when they are really required by the Scanner. To make this feature work, each analyzer or 3rd-party plugin should declare the list of languages on which they expect to raise issues through a new MANIFEST property called Plugin-RequiredForLanguages.

See https://community.sonarsource.com/t/the-sonarscanners-download-only-required-3rd-party-plugins/108156 for more details.

Regards

Rule EC31 can be implemented in the plugin, for React/JSX.

Rule description in the ecoCode repository: green-code-initiative/ecoCode#269

If you start this task during the challenge, I suggest you leave a comment with your team's name to let us know you've taken it. Then, you can link your PR so that we can easily keep track of the work you've done. Thank you and enjoy the challenge!

Plugin has been submitted to the SonarQube Marketplace!

Even though the request was accepted (🥳), there are a few improvements to be made to the plugin for future versions. Here are the suggestions proposed by Ann:

• It looks like all your rules have been classed as Consistency/Conventional in the new Clean Code taxonomy. I’m (now) assuming that’s the default. Just a note that in future releases you may want to take a look at this.
• One thing I’m not seeing is // Noncompliant comments in your noncompliant code samples. They help users separate the wheat from the chaff
• ecocode-javascript:EC24 - I’m surprised this rule recommends a limit and not a where clause. I would think limiting CPU at the server / DB would be in scope here :slight_smile:
• I see that a few rules provide Further Reading, which is awesome. And there’s a way to mark that up to have it shown on a ‘More Info’ tab, E.G.. I’m not aware of the details, but if you want to create a thread, we can get it tracked down.
• ecocode-javascript:EC12 - “There are more than two style assignations for ‘element’. Use a class instead.”
  ↪️ Use "assignments" instead

Solution you'd like

Implements rules EC522 "avoid brightness override" for react native and expo framework by team Lanthanum

Is your feature request related to a problem?

No response

Alternatives you've considered

No response

Additional Information

No response

Solution you'd like

Implements rules EC522 "avoid keep awake (screen on)" for react native and expo framework

Is your feature request related to a problem?

No response

Alternatives you've considered

No response

Additional Information

No response

Description

I made a series of pull request proposing new rules for the eslint plugin, those rules need to be added to SonarQube for proper integration.

Rules List :

• limit-db-query-results
• no-empty-image-src-attribute
• prefer-shorthand-css-notations
• no-css-animations
• no-missing-print-css

Solution you'd like

React Native is a framework that allows for the development of mobile applications for iOS and Android using the JavaScript language. It would be interesting to develop rules for React Native in this project.

Is your feature request related to a problem?

No response

Alternatives you've considered

No response

Additional Information

No response

Rule EC36 can be implemented in the plugin, for React/JSX.

Rule description in the ecoCode repository: green-code-initiative/ecoCode#298

If you start this task during the challenge, I suggest you leave a comment with your team's name to let us know you've taken it. Then, you can link your PR so that we can easily keep track of the work you've done. Thank you and enjoy the challenge!

ESLint exports a package @types/eslint with typings of the whole linter. This can simplify the writing of rules with autocompletion and typing verification.

This idea has been proposed during the challenge, and I think it's a good idea to look into it.
Maybe we should use it? What do you think of this?

Due to the use of an external ESLint plugin, JavaScript rules are not displayed in the SonarQube interface and cannot be associated to a quality profile. Maybe we can find a way to work around this restriction of SonarQube to improve and simplify the configuration of the rules?

Any ideas are welcome, I will also do a lot of tests on my side.

The idea is to create a linter to check HTML files, using the rule to avoir autoplay parameter on

Rule proposal here : green-code-initiative/ecoCode-challenge#49

First checking if it is possible to send eslint report for HTML files ton Sonar.

(Description will be update)

It might be interesting to start with the idea given by a group of spotters at the 2023 hackathon:
green-code-initiative/ecoCode-challenge#37

And perhaps extend it a little to advise against using certain old or resource-hungry libraries?

CNumR doc is also here

Description

Now that ecoCode JavaScript plugin is standalone, it's time to prepare its arrival on the SonarQube marketplace 🚀
Below is the todo-list, based on the one created by @jycr for other plugins.

TODO List

• Create a standalone SonarQube plugin (#14)
• Use the centralized rules artifact in this plugin (#16)
• Rename rule IDs to follow convention (EC prefix followed by a number) (Do not forget to add @DeprecatedRuleKey annotation when needed)
• Check if the license is Free-Libre / Open Source Software
• Check documentation is available online in English
• Release 1.4.0 with a release notes that reflect all significant changes in the version
• Check plugin key (must be short and unique, lowercase, no camelcase, composed only of [a-z0-9], related to the name of your plugin not just the name of a language - e.g. cannot be java, rust, js/javascript, …)
  • ecocodejavascript
• Check plugin description (must not be misleading in terms of content, the code needs to do pretty much what the name and description say it does)
• Provide the necessary details to be able to test the plugin
• Check SonarCloud quality gate is green when doing a release
• Check platform requirements (it runs on JRE 11 with SonarQube 9.9 LTS and 10.x)
• Check no export of files to other servers / services from within SonarQube or during SonarQube analysis
• Create discussion on SonarSource community

More information:

• Sonarsource community - Deploying to the Marketplace
• github/sonar-update-center-properties

Based on the enhancement done in #16 for the Sonar plugin, the idea would be to import rules specifications for the ESLint plugin from central repository too.

There are few limitations because at the moment the artifact is created using Maven with .html and .json files inside. But for the ESLint plugin we need to have a package that can be used by NPM with .md files inside. The main goal is to find a way to generate a package like this.