DeepScan frequently asked questions

Find answers to commonly asked questions about DeepScan.

General information

I want to know the technical specification for the JavaScript analyzer

DeepScan tries to find more useful issues that linter tools can't by its JavaScript analyzer. It follows execution and data flow of JavaScript program.

You can see the technical specification for the analyzer here.

What's the difference with ESLint?

DeepScan is different with ESLint or JSHint in three ways:

  • Beyond Conventions: Focus on finding runtime errors and quality issues rather than coding conventions.
  • Semantic Analysis: Follow the execution and data flow of program in greater depth. This enables finding issues that syntax-based linters can't.
  • Adaptable & Actionable: By classifying issues by 3-level impacts and filtering noisy issues aggressively, you can focus on major issues first and gradually. Also detailed guides are provided to let you simply know where the problem is.

You can see more here.

I want to know security information to ensure my code is controlled properly

DeepScan tries to find more useful issues that linter tools can't by its JavaScript analyzer. It follows execution and data flow of JavaScript program.

You can see documentation for the security here. It describes physical security about our service and how we handle the user code.

We understand your concern and are trying to improve our architecture.

For example, we had showed a file content in Files view by fetching a stored file in our server. But now we show a file content by fetching directly from GitHub, so not needing a stored file in that case. In the longer run, we will completely not require to store a file permanently in our server.

GitHub

Does DeepScan support Bitbucket?

While we have a long roadmap to support Bitbucket, DeepScan currently supports only GitHub.

When you use Bitbucket, check out here as a workaround.

Rules

Does DeepScan support CWE?

DeepScan supports Common Weakness Enumeration (CWE) rules.

You can see here the full listings of the rules related with CWE. Also you can immediately see a CWE example in Demo.

What is "No value is returned from function" for await operator?

Our MISSING_RETUEN_VALUE complains below code when setFetched() does not return.

public async fetchData() {
    const fetched = await this.fetchFrom();
    await this.setFetched(fetched); // No value is returned from function 'setFetched'.
}

It seems that this.setFetched is not an async function that returns a Promise. If so, it is executed synchronously and the above is equivalent as:

this.setFetched(fetched);
await undefined;

Note that await undefined stops the execution of the current function, but the execution might resume immediately because undefined value is converted to a resolved Promise.

For more rationale about the alarm, the TypeScript Issue "Should awaiting a non-Promise value be an error?" might be helpful.

Did you use this pattern due to some timing issue like setTimeout(fn, 0)? Then you can kindly ignore our alarm by inline comment:

await this.setFetched(fetched) // deepscan-disable-line