May 2020 (version 1.37.0)

1.37.0 Update

Welcome to the new DeepScan updates! (We have skipped 1.36.0, as our internal sprint has been extended)

Please kindly go ahead with the highlights for the latest release.

ESLint Integration

To make our ESLint analysis being more helpful, we have added more plugins which are commonly used:

Also, prettier is upgraded to 2.0.5 from 1.18.2. You can see here are the versions of some plugins DeepScan supports.

New CLI Package

We have introduced a CLI Java package for our Enterprise Tools.

The Java package is an executable JAR file so you can easily a whole project folder or specific folder/files. For more information, see Java Package.

Analysis Improvements

  • Support TypeScript 3.7 assertion signature
  • Detect more NULL_POINTER alarms for possibly uninitialized variable accesses
  • Recognize Date() without new as zero-argument function and detect MISMATCHED_COUNT_OF_ARGS alarm accordingly
  • Support React Native platform-specific extensions when resolving module paths

Deliberate Alarm Filtering

By our internal benchmarks with open source projects, we have deliberately and massively filtered some alarms to reduce noises that might distract you.

  • Restrict MISSING_RETURN_VALUE to detect alarms only when the return value is assigned to an object property because in other cases, it is often intended
  • Filter-out COMPARE_INCOMPATIBLE_TYPE_STRICTLY and CONSTANT_CONDITION alarms on equality comparisons containing TypeScript or Flow any type assertions
  • Filter-out INSUFFICIENT_NULL_CHECK alarm when a TypeScript non-null assertion exists at the property access
  • Filter-out MISSING_AWAIT alarm when the call result is used as Promise instance check
  • Filter-out MISSING_ELSE_KEYWORD alarm when all branches of the previous if statement end with either return or throw
  • Filter-out MISSING_THROW alarm inside try block because browser compatibility check could be intended
  • Filter-out NULL_POINTER alarm on null values that are asserted as TypeScript never or Flow empty type
  • Filter-out NO_EFFECT_CALL alarm on Date.prototype.toLocaleString() inside try block because browser compatibility check could be intended
  • Filter-out UNUSED_VAR_ASSIGN alarms occurring at array destructuring and object rest even when the variables are overwritten by later assignments
  • Filter-out UNUSED_PARAM alarms for parameters that can be used as a JSX factory such as h or createElement
  • Filter-out REACT_BAD_API_RETURN_VALUE alarms on empty functions because they are often not meant to be rendered
  • Filter-out REACT_INEFFICIENT_PURE_COMPONENT_PROP alarms at code paths not relevant to re-rendering
  • Improve alarm filtering on test case code
    • Recognize test suite functions like describe() as test case code
    • Recognize dtslint type test files as test case code
    • Recognize test functions passed as a callback to wrappers like inject()
    • Filter-out JSX_BAD_COMMENT alarms at test case code
    • Filter-out UNUSED_EXPR alarms in dtslint type test files
    • Filter-out UNUSED_EXPR alarms at equality comparisons appearing at top-level because they are often intended for type testing

Miscellaneous

  • Recognize @jsx pragma at non-JSDoc block comment
  • Recognize @jsx pragma even when JSX is not used in the file and apply UNUSED_IMPORT and UNUSED_REQUIRE alarms filtering accordingly
  • Recognize the devDependencies of root package.json for multi-package monorepo and filter-out UNDEFINED_IMPORT alarms accordingly
  • Recognize module stub functions generated by rollup-plugin-stub package and filter-out UNDEFINED_IMPORT alarms accordingly
  • Recognize more error reporting functions and filter-out INSUFFICIENT_NULL_CHECK and NULL_POINTER alarms accordingly
  • Recognize BAD_ASSIGN_TO_PROTO alarms as ESLint no-proto
  • Allow undefined as a valid prop type at VUE_BAD_PROP_DECL
  • Decrease the impact of ARRAY_CALLBACK_RETURN_MISSING alarm at Array.prototype.map() if the returned array is not used
  • Do not detect MISMATCHED_TYPE_OF_ARG alarm when a boolean value is used at string-expecting APIs like the second argument of String.prototype.replace()
  • Detect REACT_API_TYPO alarms on UNSAFE prefixed APIs
  • Detect REACT_BAD_API_RETURN_VALUE alarm only when the instance/static method kinds are appropriate
  • Remove support for non-standard global APIs: escape and unescape
  • Support the extension rules of typescript-eslint when merging ESLint alarms and applying inline disable comments
  • Support <script lang="tsx"> at Vue SFC

Bug Fixes

  • In the pull request analysis, the head analysis remains to be pending when the base analysis fails
  • Analyzer may abnormally terminate when incomplete HTML entities exist at JSX code
  • Analyzer may abnormally terminate when a regular expression ends with incomplete character escape
  • A false alarm for ASSIGN_SAME_VALUE may occur for getter/setter properties defined with defineProperty
  • A false alarm for GETTER_SETTER_RECURSION may occur when the getter/setter property is deleted in the function body
  • A false alarm for INSUFFICIENT_NULL_CHECK may occur when numeric properties are accessed on string values
  • A false alarm for INSUFFICIENT_NULL_CHECK may occur when an access appears after Lodash _.isObject() check
  • A false alarm for MISSING_AWAIT occurs when the Promise value is used as a BDD should assertion
  • A false alarm for MISSING_ELSE_KEYWORD may occur when the previous if statement ends with an else branch
  • A false alarm for MISSING_RETURN_VALUE may occur when the function body ends with a function call that always throws an exception
  • A false alarm for MISSING_SUPER_CALL may occur when an object is returned inside the constructor
  • A false alarm for REACT_USELESS_PROP_TYPES may occur when the props object is used at nested functions of HoC callbacks
  • A false alarm for SYNTAX_ERROR occurs when a newline character is used inside Vue v-for directive
  • A false alarm for SYNTAX_ERROR occurs when a type assertion with angle bracket is used inside <script lang="ts"> of Vue SFC
  • A false alarm for VUE_BAD_TRANSITION_GROUP occurs when is used inside <transition-group>
  • False alarms for UNUSED_IMPORT and UNUSED_REQUIRE may occur when a computed property is used inside TypeScript interface or object type declaration
  • False alarms for UNUSED_IMPORT and UNUSED_REQUIRE may occur when a TypeScript rest element type is used
  • False alarms for UNUSED_IMPORT and UNUSED_REQUIRE may occur when a Flow type parameter is used at constructor call
  • False alarms for UNUSED_IMPORT and UNUSED_REQUIRE may occur for the JSX factory variable of Stencil.js
  • False alarms for UNINITIALIZED_LOCAL_VAR and REFERENCE_BEFORE_LEXICAL_DECL may occur at TypeScript namespace declarations
  • At MISMATCHED_TYPE_OF_ARG alarm message for new Date(), undefined is incorrectly included as the expected type of the first argument
  • At REACT_BAD_DOM_ATTRIBUTE_VALUE alarm message for the value attribute, the expected type is incorrect
  • Some CONSTANT_CONDITION alarms are omitted when intermediate values are assigned to const variables
  • UNUSED_REQUIRE alarms are not recognized as ESLint no-unused-vars
  • UNUSED_VAR_ASSIGN alarms are not recognized as ESLint no-unused-vars when the variable declaration and assignment are separated
  • Alarm disable directives are incorrectly recognized in the middle of a comment
  • Flow empty type is incorrectly recognized as undefined value