Check-build - Verify that your NodeJS project follow team conventions, is well written, up to date and secure.
"Each time I start a new project/mvp/poc/module I don't want to create/edit a new grunt/gulp file or whatever hype dev use these days. I want an already packed CLI with good defaults (mine) that I can drop into my continuous build/integration process. Let's build that once and for all."
β 10/19/2014
npm install check-build -g cd /path/to/your/project check-build # [...] (sub-module output) echo $? # 0 if everything went right, 1 otherwise.
- JSHint Static analysis tool for JavaScript (using JSHint stylish). If
.jshintrcis not present in project root, check-build will use this .jshintrc. - ESLint The pluggable linting utility for JavaScript and JSX, check-build will use a .eslintrc file for ESLint configuration.
- JSXHint JSXHint is DEPRECATED in favor of ESLint Static analysis tool for JavaScript and JSX. If
.jshintrcis not present in project root, check-build will use this .jshintrc.
- JSCS Check the code style of your code. If
.jscsrcis not present in project root, check-build will use this .jscsrc.
- Plato Detect structural complexity in your code, per files.
- David Check that your project dependencies are up to date.
- Nsp Check your project dependencies for security issues.
- Snyk find & fix known vulnerabilities in npm dependencies
Note: check-build uses a temporary fork of nsp adding a --subdeb-warn-only argument, see why here
- Leverage simplicity over performance.
check-buildwill be run automatically by a build bot. I #%Β£β¬)Β° don't care about performance, I want code quality and ease of use. - Don't reinvent the wheel, leverage each module own configuration file. E.g.
.jshintrc. - Even if the underneath module is not capable of handling multiple files, abstract it.
- Use
multimatcheverywhere. .checkbuildis there to configure each module (in case they don't use dot files for configuration), checkbuild will forward these parameters to each module implementation.
Put a .checkbuild file (example) in your project root directory.
{ // Extends the current checkbuild file with others (optionnal) "extends": ["./.checkbuildrc_base"], // Download some distant files and save them into check-build command current directory // Usefull when used with extends (optionnal) "urls": ["https://raw.githubusercontent.com/FGRibreau/javascript/master/.checkbuildrc_base"], "checkbuild": { "enable": ["jshint", "eslint", "jscs", "jsinspect", "plato", "nsp", "david"], // don't exit immediately if one of the tools reports an error (default true) "continueOnError": true, // don't exit(1) even if we had some failures (default false) "allowFailures": false }, "david": { "warn": { "E404": true }, "ignore": ["socket.io"] // don't check socket.io package with david // ... and so on. }, "jshint": { "args": ["src/**/*.js"] // instead of putting a .jshintrc inside each of your project with check-build // you can specify an URL. // That URL will be downloaded each time check-build is run // and its content will be saved inside check-build command current directory. // for instance the above .checkbuild jshint configuration: // "url":"https://raw.githubusercontent.com/FGRibreau/javascript/master/.jshintrc_base" // will download the jshintrc_base (the common jshint convention for your organization) inside your project. // This .jshintrc_base should be ignored from git and NOT commited. // Then, create and commit a .jshintrc that contains at least: // { // "extends": "./.jshintrc_base", // ... // } // inside this .jshintrc file you will be able to put project-specific jshint configuration. }, "eslint": { "args": ["src/**/*.js", "src/**/*.jsx"], // instead of putting a .eslintrc inside each of your project with check-build // you can specify an URL. // That URL will be downloaded each time check-build is run // and its content will be saved inside check-build command current directory. // for instance the above .checkbuild jshint configuration: // "url":"https://raw.githubusercontent.com/FGRibreau/javascript/master/.eslintrc_base" // will download the eslintrc_base (the common eslint convention for your organization) inside your project. // This .eslintrc_base should be ignored from git and NOT commited. // Then, create and commit a .eslintrc that contains at least: // { // "extends": ["./.eslintrc_base"], // ... // } // inside this .eslintrc file you will be able to put project-specific ESLint configuration. // ... and so on. }, "jscs": { "args": ["lib/**.js"] // ... and so on. // instead of putting a .jscrc inside each of your project with check-build // you can specify an URL. // That URL will be downloaded each time check-build is run // and its content will be saved inside check-build command current directory // "url":"https://raw.githubusercontent.com/FGRibreau/javascript/master/.jscsrc" }, "jsinspect": { "args": ["*.js"], "diff": true // ... and so on. }, "buddyjs": { "args": ["*.js"], "ignore": [0, 1, 200] // ... and so on. }, "plato": { "args": ["*.js"], // define your project minimum average maintainability level "maintainability": 75.00 }, "nsp": { "args": [] }, "david": { "dev": false, // whether to check devDependencies or not (default false) "stable": true, // whether to check dependencies or not (default true) "ignore": [] // put ignored dependencies here (both devDependencies and dependencies) } }
Note: the url attribute presented for eslint is available for each extension
A (NodeJS) project can be automatically analyzed in many dimension like code-consistency, d-r-y-ness and security. Check-build's final goal is to take the human out of the loop.
I maintain this project in my free time, if it helped you please support my work via paypal or Bitcoins, thanks a lot!