November 2019 (version 1.31.0)
1.31.0 Update
Hi!
Welcome to the new DeepScan updates!
Please kindly go ahead with the highlights for the latest release.
Release Summary
This version includes a number of updates that we hope you've found some of them helpful.
The key highlights are:
- New rules - 8 rules are coming for better coding!
- Analysis improvements - Enhanced analysis via the modeling of widely used Lodash APIs.
- Enterprise plan - The Enterprise plan now supports the GitHub Enterprise Server.
- Enhanced ESLint support - More ESLint plugins are supported.
New Rules
We have much enhanced our rules. Check out!
- BAD_COMPARISON_WITH_FLOAT - Do not compare the result of integer-returning built-in API with a float number
- BAD_EVENT_LISTENER_CALL - Pass a function itself as the handler when adding or removing an event listener
- BAD_ESCAPE_AT_REGEXP_CONSTRUCTOR - Do not escape the string literal improperly when constructing a regular expression
- FUTILE_STRING_REPLACE - Do not use the same search and replace strings in
String.prototype.replace()
- MISPLACED_COMPARISON_AT_INDEX_OF - Do not use comparison expressions as
indexOf()
argument - MISSING_AWAIT - Do not miss an
await
operator at async function call - MISUSED_EXPORTS_VAR - Do not assign to
exports
improperly - USELESS_LOCAL_VAR_DELETE - Check for a
delete
operator on local variables
Improved Rules
- Detect COMPARE_NAN alarm when comparing with
Number.NaN
- Detect MISMATCHED_COUNT_OF_ARGS alarm at built-in APIs that take variable number of arguments, but too few arguments are given like
Math.min()
with 1 argument - Detect NO_EFFECT_CALL alarm when the first argument of
Object.assign()
is an object literal - Detect STRICT_MODE_INVALID_THIS alarm at the callback functions of built-in APIs such as
Array.prototype.forEach()
- Detect USELESS_ARROW_FUNC_BIND alarm at the
thisArg
argument of built-in APIs such asArray.prototype.forEach()
Analysis Improvements
Lodash API Modeling
DeepScan now supports more precise analysis of programs using Lodash by modeling the semantics of commonly used APIs such as _.debounce()
.
- The API return value is analyzed. For example, the following REACT_MISSING_CLEANUP_IN_LIFECYCLE alarm is detected utilizing the
_.debounce()
return value:import React from 'react'; import { debounce } from 'lodash'; class PostPhoto extends React.Component { // ... setCardWidth = () => { if ( this.widthDivRef ) { const cardWidth = this.widthDivRef.getClientRects()[ 0 ].width; if ( cardWidth > 0 ) { this.setState( { cardWidth } ); } } }; componentDidMount() { // DeepScan now recognizes the wrapper function that `_.debounce()` returns and detects // REACT_MISSING_CLEANUP_IN_LIFECYCLE because the handler is not removed properly. // Note that 'window.addEventListener()' returns 'undefined', not the added listener. this.resizeListener = window.addEventListener( 'resize', debounce( this.setCardWidth, 50 ) ); this.setCardWidth(); } componentWillUnmount() { window.removeEventListener( 'resize', this.resizeListener ); } }
- The Lodash APIs are mostly side-effect free and NO_EFFECT_CALL alarms are detected accordingly
- The Lodash APIs that always return new objects are recognized at BAD_REMOVE_EVENT_LISTENER and REACT_USELESS_DEPENDENCY_OF_HOOK rules
Enterprise Plan
Welcome the GitHub Enterprise!
From this version, our On-premise server has started to support the GitHub Enterprise Server 2.18+. If you want to use DeepScan with your own GitHub server, please check out this documentation for more details.
ESLint Integration
By the security concerns, our ESLint analysis only supports the pre-defined ESLint plugins. In this release, we added more plugins to support users having analysis problems.
For the full list of supported plugins, see the Using ESLint guide.
Miscellaneous
- Non-logged user also can share the public project by Share button on the dashboard
- DeepScan no longer supports old versions of Internet Explorer. We recommend using the latest Microsoft Edge, Google Chrome, of Firefox.
- Increase UNUSED_EXPR alarm impact for various cases:
- Alarms occurring at the left operand of
,
operator: the,
may be intended for something else - Alarms occurring at the brace body of an arrow function:
return
may be missing - The unused expression evaluates to a function: calling the function may be needed
- The unused expression is a strict equality check: an assignment may be intended instead of comparison
- Alarms occurring at the left operand of
- Filter-out UNUSED_EXPR alarms at JSON-like JavaScript files
- Filter-out UNUSED_EXPR alarms at top-level JSX expressions because they are often intended for TypeScript type testing
Bug Fixes
- The analysis is not retried when getting the commit information fails
- The invitation by both the username and email can be duplicate
- Analyzer may abnormally terminate when the argument array of React
PropTypes.oneOf()
is empty