November 2019 (version 1.31.0)

1.31.0 Update

Hi!

Welcome to the new DeepScan updates!

Please kindly go ahead with the highlights for the latest release.

Release Summary

This version includes a number of updates that we hope you've found some of them helpful.
The key highlights are:

New Rules

We have much enhanced our rules. Check out!

Improved Rules

  • Detect COMPARE_NAN alarm when comparing with Number.NaN
  • Detect MISMATCHED_COUNT_OF_ARGS alarm at built-in APIs that take variable number of arguments, but too few arguments are given like Math.min() with 1 argument
  • Detect NO_EFFECT_CALL alarm when the first argument of Object.assign() is an object literal
  • Detect STRICT_MODE_INVALID_THIS alarm at the callback functions of built-in APIs such as Array.prototype.forEach()
  • Detect USELESS_ARROW_FUNC_BIND alarm at the thisArg argument of built-in APIs such as Array.prototype.forEach()

Analysis Improvements

Lodash API Modeling

DeepScan now supports more precise analysis of programs using Lodash by modeling the semantics of commonly used APIs such as _.debounce().

  • The API return value is analyzed. For example, the following REACT_MISSING_CLEANUP_IN_LIFECYCLE alarm is detected utilizing the _.debounce() return value:
    import React from 'react';
    import { debounce } from 'lodash';
    
    class PostPhoto extends React.Component {
      // ...
    
      setCardWidth = () => {
        if ( this.widthDivRef ) {
            const cardWidth = this.widthDivRef.getClientRects()[ 0 ].width;
            if ( cardWidth > 0 ) {
            this.setState( { cardWidth } );
            }
        }
      };
    
      componentDidMount() {
        // DeepScan now recognizes the wrapper function that `_.debounce()` returns and detects
        // REACT_MISSING_CLEANUP_IN_LIFECYCLE because the handler is not removed properly.
        // Note that 'window.addEventListener()' returns 'undefined', not the added listener.
        this.resizeListener = window.addEventListener( 'resize', debounce( this.setCardWidth, 50 ) );
        this.setCardWidth();
      }
    
      componentWillUnmount() {
        window.removeEventListener( 'resize', this.resizeListener );
      }
    }
  • The Lodash APIs are mostly side-effect free and NO_EFFECT_CALL alarms are detected accordingly
  • The Lodash APIs that always return new objects are recognized at BAD_REMOVE_EVENT_LISTENER and REACT_USELESS_DEPENDENCY_OF_HOOK rules

ESLint Integration

By the security concerns, our ESLint analysis only supports the pre-defined ESLint plugins. In this release, we added more plugins to support users having analysis problems.

For the full list of supported plugins, see the Using ESLint guide.

Miscellaneous

  • Non-logged user also can share the public project by Share button on the dashboard
  • DeepScan no longer supports old versions of Internet Explorer. We recommend using the latest Microsoft Edge, Google Chrome, of Firefox.
  • Increase UNUSED_EXPR alarm impact for various cases:
    • Alarms occurring at the left operand of , operator: the , may be intended for something else
    • Alarms occurring at the brace body of an arrow function: return may be missing
    • The unused expression evaluates to a function: calling the function may be needed
    • The unused expression is a strict equality check: an assignment may be intended instead of comparison
  • Filter-out UNUSED_EXPR alarms at JSON-like JavaScript files
  • Filter-out UNUSED_EXPR alarms at top-level JSX expressions because they are often intended for TypeScript type testing

Bug Fixes

  • The analysis is not retried when getting the commit information fails
  • The invitation by both the username and email can be duplicate
  • Analyzer may abnormally terminate when the argument array of React PropTypes.oneOf() is empty