DeepScan Frequently Asked Questions

Find answers to commonly asked questions about DeepScan.

General information

I want to know the technical specification for the JavaScript analyzer

DeepScan tries to find more useful issues that linter tools can't by its JavaScript analyzer. It follows execution and data flow of JavaScript program.

You can see the technical specification for the analyzer here.

What's the difference with ESLint or JSLint?

Major design goals of DeepScan are lowering noises and making issue handling more actionable.

So, we try to suppress possible noises like: 1) false alarm, 2) issues too trivial, 3) prohibiting features like '==' completely.

In three ways, DeepScan is different with linters line ESLint, JSHint, and JSLint:

  • Beyond Conventions: Focus on finding runtime errors and quality issues rather than coding conventions.
  • Semantic Analysis: Follow the execution and data flow of program in greater depth. This enables finding issues that syntax-based linters can't.
  • Adaptable & Actionable: By classifying issues by 3-level impacts and filtering noisy issues aggressively, you can focus on major issues first and gradually. Also detailed guides are provided to let you simply know where the problem is.

As of JSLint, it sets quite high restrictions, so DeepScan does not detect all the issues that JSLint might report, but carefully select some of them. For example, instead of preventing '==', DeepScan detects BAD_TYPE_COERCION alarm only for buggy code like:

if ("abc".startsWith("a") == "true") { }

You can see more here.

I want to know security information to ensure my code is controlled properly

You can see documentation for the security here. It describes physical security about our service and how we handle the user code.

To date, we have understood your concern and been trying to improve our architecture.

For example, we had showed a file content in Files view by fetching a stored file in our server. But we changed to show a file content by fetching directly from GitHub from the 1.8.0 release, and finally removed a dependency for stored user code in the 1.9.0 release.

Can I use DeepScan with a React Native application?

DeepScan would almost possibly support a React Native because it was fully engineered to support React and JSX.

For example, it can just analyze the official F8 app of 2017 powered by React Native.

Please note that DeepScan does not have some specific rules about React Native now while it supports many of React-specific rules.

How are grades calculated?

Our grades imply a status quo of your project relative to other open source projects. We calculate the issue density (the number of issues per thousand lines of code) of the project and correlate it with ones of 150 GitHub open source projects.

You can see here how each grade is calculated.

Git

Does DeepScan support Bitbucket or GitLab?

Although DeepScan currently supports only GitHub (github.com), we have a roadmap for other Git servers like:

  • GitLab on-premises: We have developed and tested the integration with GitLab Community Edition and Enterprise Edition. Available not to be too late.
  • GitHub Enterprise: We have developed and tested the integration with GitHub Enterprise. Available not to be too late.
  • We have a roadmap to support Bitbucket and GitLab hosted SaaS options (GitLab.com) in the long run.

When you use Bitbucket or GitLab now, check out our editor plugins.

I want to use DeepScan with a Git server behind a firewall

Unfortunately, DeepScan now supports only the public and/or private repositories in the GitHub.

We're going to provide some premium plan for in-house environment soon.

  • SonarQube plugin
  • CLI (Node.js package): Works standalone in your local so you can use DeepScan without worrying about source code leaks
  • On-premise: Works with GitLab or GitHub Enterprise

Or you can leverage our editor plugins.

You can inspect your local file in the editor. Keep in mind that above editor plugins work with DeepScan server. A source is sent to our server and deleted immediately after an inspection. See here if you have any security concerns.

Rules

Does DeepScan support CWE?

DeepScan supports Common Weakness Enumeration (CWE) rules.

You can see here the full listings of the rules related with CWE. Also you can immediately see a CWE example in Demo.

What is "No value is returned from function" for await operator?

Our MISSING_RETUEN_VALUE complains below code when setFetched() does not return.

public async fetchData() {
    const fetched = await this.fetchFrom();
    await this.setFetched(fetched); // No value is returned from function 'setFetched'.
}

It seems that this.setFetched is not an async function that returns a Promise. If so, it is executed synchronously and the above is equivalent as:

this.setFetched(fetched);
await undefined;

Note that await undefined stops the execution of the current function, but the execution might resume immediately because undefined value is converted to a resolved Promise.

For more rationale about the alarm, the TypeScript Issue "Should awaiting a non-Promise value be an error?" might be helpful.

Did you use this pattern due to some timing issue like setTimeout(fn, 0)? Then you can kindly ignore our alarm by inline comment:

await this.setFetched(fetched) // deepscan-disable-line

Plans and billing

How many seats and projects can I own and/or manage for DeepScan plans?

Limits for DeepScan plans are listed below. We think these limits can accommodate those with your interests.

  • Free plan: 100 seats / 1,000 public projects / 0 private projects
  • Trial plan: 100 seats / 1,000 public projects / 5 private projects
  • Starter plan: Unlimited paid seats / 1,000 public projects / 5 private projects

For more information about plans, see here.

Common reasons for PayPal payment failure

If you failed for PayPal payment or authorization, these common reasons for payment failure can help you troubleshoot the problem:

Your PayPal account registered in Korea or China We're sorry. Because of the limitations of the integration with PayPal and its policy, PayPal accounts registered in Korea or China cannot send payments to us. If you have trouble paying, contact us at support@deepscan.io.