August 2019 (version 1.28.0)

1.28.0 Update

Hi!

Welcome to the new DeepScan updates!

We just have started the Enterprise plan for users interested in using DeepScan on private sources behind the firewall.

Please kindly go ahead with the highlights for the latest release.

Release Summary

This version includes a number of updates that we hope you've found some of them helpful.
The key highlights are:

• New rules - New rules for React function components, Hooks, and possible memory leaks.
• Enterprise plan - The Enterprise plan is coming.
• Enhanced ESLint support - More ESLint plugins are supported!
• ECMAScript 2019 support - Support the latest ECMAScript specification!
• Security fix - Restrict the team's information only to the team members

New Rules

New rules introduced in this release. We have enhanced our Vue rules regarding possible memory leaks such as REACT_MISSING_CLEANUP_IN_LIFECYCLE.

Check the new rules!

• AMBIGUOUS_BRANCH_BODY - Check whether the branch body is ambiguously formatted without braces
• AMBIGUOUS_ELSE_BRANCH - Check for the ambiguous indentation of else branch
• BAD_REMOVE_EVENT_LISTENER - Do not use removeEventListener() with a newly created function
• VUE_MISSING_CLEANUP_IN_LIFECYCLE - Remove global event handlers during the lifecycle of a Vue component

Enterprise Plan

Now we introduce a new Enterprise plan!

The Enterprise plan is best for organizations hosting their code on their own servers. It is the suite of packages that includes:

• Editor plugins: Stand-alone plugins and extensions for IntelliJ IDEA, Eclipse and VS Code
• SonarQube plugin: A SonarQube plugin which enables you to inspect JavaScript and TypeScript using DeepScan in your SonarQube platform
• Node.js package: A Node.js package which enables you to run DeepScan in the command line or programmatically

Please refer to this documentation for more details.

ESLint Integration

Since the July release, we have supported the ESLint analysis.

By the security concerns, it only supports the pre-defined ESLint plugins. In this release, we added more plugins to support users having analysis problems.

• eslint-plugin-eggache
• eslint-plugin-markdown
• eslint-plugin-redux-saga
• eslint-plugin-react-with-styles

And to prevent false alarms about importing modules, we are ignoring some ESLint rules regarding it. For more information, please see the Using ESLint guide.

ECMAScript 2019 Support

We've checked ECMAScript 2019 (ES10) features and added support for built-in APIs such as Array.prototype.flat().

Now we fully support ECMAScript 2019!

Analysis Improvements

• Recognize React props accesses going through object destructuring with the rest pattern

Security Fixes

We restricted the permission of some team level APIs to team member only. This prevents all public access to the team dashboard so that only team members can access the team's information such as private projects' statistics.

We much appreciate Wouter Baan for his help and will continue to put in place steps to improve the security.

Miscellaneous

• CONSTANT_CONDITION is enhanced to skip alarms on defensive type checking of React props having PropTypes declarations
• Do not detect UNUSED_IMPORT and UNUSED_REQUIRE alarms when the variable is used as the JSX factory of well-known non-React frameworks

Bug Fixes

• Pull request check fails when one of repository owners' token has expired
• Names including uppercase letters are incorrectly recognized as Vue directives
• Some MISSING_ELSE_KEYWORD alarms are missed when if statements occur in sequence

Thank You

Thank you to the following folks who help to make DeepScan better:

• Nimrod Becker kindly reported our pull request problems regarding an expired token