February 2019 (version 1.22.0)

1.22.0 Update

Hi!

Welcome to the new DeepScan updates. This release offers the support for ES Modules files and improvements regarding false alarms.

Please kindly go ahead with the highlights for this release.

Release Summary

This version includes a number of updates that we hope you've found some of them helpful.
The key highlights are:

• ECMAScript Modules support - We've added support for ES Modules (.mjs) on Node.js
• Aggressive alarm filtering - Filter-out alarms to reduce noise
• Improved rules - Improved rules for React
• Removed alarms - Do not detect some alarms considering developers' intention

ECMAScript Modules Support

We have added support for ES Modules (.mjs) on Node.js.

• Now .mjs files in your project will be analyzed by default.
• When you want to try a demo for it, you can choose "JavaScript ECMAScript Modules (.mjs)" configuration in our Demo page.

  

• If you used 'fileSuffixes' setting in the VS Code extension, update the extension and simply remove the setting. Then a .mjs file will be treated as the module rather than a .js file.

More Aggressive Alarm Filtering

• Filter-out BAD_TYPE_COERCION alarms when the both operands of a comparison operator are boolean because it works in natural way
• Filter-out BAD_TYPE_COERCION alarms when void expression is involved in producing NaN value because it is likely to be intended
• Filter-out CONSTANT_CONDITION alarms when the variable is declared with syntactic constant and never assigned again
• Filter-out inter-procedural CONSTANT_CONDITION alarms when the called function syntactically returns constant boolean because it is likely to be intended
• Filter-out NULL_POINTER alarms on test code that initializes a variable only in catch block for testing an intended error

Improved Rules

The following rule has been improved:

• REACT_MISUSED_UPDATE_IN_SET_STATE is improved to track more data-flow

  selectPrevious() {
    const { items } = this.props;
    const { selectedIndex } = this.state;
    // 'selectedIndex' at line 88 is used for updating the state.
    // But its value may become outdated because this update is asynchronous.
    // Try using an updater callback function and its 'prevState' argument instead.
    if (selectedIndex > 0) this.setState({ selectedIndex: selectedIndex - 1 });
    else this.setState({ selectedIndex: items.length - 1 });
  }

Miscellaneous

• Do not detect SAME_OPERAND_VALUE alarms on assert() conditions because checking the same values are often what is intended at assert()
• Do not detect SWITCH_CASE_FALL_THROUGH alarms when the case body ends with process.exit() or exception throwing function call
• Do not detect VUE_BAD_HTML_SYNTAX on the invalid first character of tag name case because HTML recovery works as intended in most cases (e.g., <div>A << B</div>)

Bug Fixes

• A false alarm for INSUFFICIENT_NULL_CHECK may occur when assert.isTrue() is used
• A false alarm for STRICT_MODE_ARGS_CALLER_CALLEE occurs for usage after checking strict mode support
• False alarms for UNUSED_IMPORT and UNUSED_REQUIRE occur when the variable is used as JsDoc type reference
• Alarm cause location may not be provided when NULL_POINTER alarm is caused by the undefined variable