November 2018 (version 1.19.0)

1.19.0 Update

Hello!

Welcome to the new DeepScan updates!

Please kindly go ahead with the highlights for this release.

Release Summary

This version includes a number of updates that we hope you've found some of them helpful.
The key highlights are:

• New rules - New rules for common pitfalls.
• Improved rules - Many rules have been improved to detect more precisely with lower false alarms.

New Rules

New rules introduced in this release:

• BAD_ASSIGN_TO_PROTO - Do not assign an invalid value to the __proto__ property
• BAD_FOR_STATEMENT - Check for an invalid index variable of for statement
• DUPLICATE_PARAM - Do not use duplicate parameter names
• MISSING_LENGTH_IN_LOOP_CONDITION - Check for a missing length property in the loop condition expression
• TRIPLE_NEGATION_OPERATOR - Do not use the logical negation operator 3 or more times in a row
• UNDEFINED_IMPORT - Do not use the imported binding not defined and exported from the requested module

Improved Rules

The following many rules have been improved:

• ASSIGN_BEFORE_DECL alarm is skipped when REFERENCE_BEFORE_LEXICAL_DECL also occurs
• IDENTICAL_BRANCHES is improved to handle parenthesized expressions
• NULL_POINTER is fine-tuned to provide its cause points in more cases
• UNUSED_VAR_ASSIGN alarms occurring at parameter default value are skipped because they are benign
• UNUSED_VAR_ASSIGN and UNUSED_DECL alarms are skipped when the variable name suggests that it is not to be used, e.g., ignored = foo(); (We assume the name like 'ignored' means it is not to be used afterwards)
• VUE_BAD_DIRECTIVE_FORMAT is extended to report preventDefault and stopPropagation modifiers at the v-on directive
• CALL_NON_FUNC provides the fix guide for the invalid backtick(`) escape case. For example,

  export const keyedReducer = ( keyPath, reducer, globalActions = [ SERIALIZE, DESERIALIZE ] ) => {
      // some keys are invalid
      if ( 'string' !== typeof keyPath ) {
          throw new TypeError(
              // Expression '`Key name passed into `' evaluates to a string value. But it is called as a function.
              // If escaping backtick was intended, consider using \` instead of ``.
              `Key name passed into ``keyedReducer`` must be a string but I detected a ${ typeof keyName }` // CALL_NON_FUNC
          );
      }
      // ...
  }

• MISMATCHED_TYPE_OF_ARG is improved to track the execution flow more deeply for conditional and inter-procedural cases
• MISMATCHED_TYPE_OF_ARG is extended to detect a value mismatch with boolean and numeric types. For example,

  j = 0;
  // The first argument of 'Math.abs()' should be a number. But a boolean value is passed.
  while (j < dataTuples.length && Math.abs(dataTuples[j][0] <= time)) {
      scaleSet.push(dataTuples[j][1]);
      j++;
  }
  dataTuples.splice(0, j);

Miscellaneous

• Show more team activities in the history: Member invitations, Grade changes
• Support a redirection for previous links of pull request
• Move our status page to GitHub (thanks to Statusfy)

Bug Fixes

• A false alarm for CALL_NON_FUNC occurs for proxy objects
• A false alarm for NULL_POINTER occurs for "unimplemented" interface functions
• A false alarm for React lifecycle rule (e.g., REACT_BAD_UPDATE_STATE) occurs when a function is reused at different lifecycles
• INSUFFICIENT_NULL_CHECK alarm message is sometimes invalid for the checks inside loop