JavaScript
Code Analysis
.deepsource.toml
This section covers .deepsource.toml
configuration specific to the javascript
analyzer. Please make sure to read the general configuration guide first.
name
- Type: String
- Presence: mandatory
- Description: Shortcode of the analyzer.
- Example:
enabled
- Type: Boolean
- Presence: optional
- Description: Toggle whether this analyzer should be run.
- Example:
meta
- Type: Table
- Presence: optional
- Description: Any supported metadata to pass to the analyzer.
- Example:
plugins
- Type: Array
- Presence: optional
- Description: The JavaScript Frameworks being used in the project. Currently, we support React,Vue, EmberJS, Meteor, Angular and AngularJS.
- Available Values:
react
,vue
,ember
,meteor
,angular
andangularjs
- Default Value: None
- Example:
If you use frameworks like React with ES6 modules, we recommend you set module_system
to "es-modules"
.
dependency_file_paths
- Type: Array
- Presence: optional
- Description: A list of paths having files (e.g.
package.json
ortsconfig.json
) relative to the repository’s root that specify external dependencies. The analyzer uses this to report dependency metrics and improve analysis accuracy. - Example:
If you want to analyze a monorepo on DeepSource, we recommend defining the package.json
paths for each package for better analysis results.
By default, the analyzer automatically detects and scans the package.json
file if found in the repository’s root.
environment
- Type: Array
- Presence: optional
- Description: The global variables related to the environments used that need to be predefined for the project.
- Available Values:
nodejs
,browser
,jest
,mocha
,jasmine
,jquery
,mongo
,cypress
,vitest
nodejs
- Adds Node.js global variables and Node.js scopingbrowser
- Adds Browser specific global variablesjest
- Adds Jest global variablesmocha
- Adds Mocha testing global variablesjasmine
- Adds Jasmine testing global variables for version 1.3 and 2.0jquery
- Adds jQuery global variablesmongo
- Adds MongoDB global variablescypress
- Adds Cypress global variablesvitest
- Adds Vitest global variables
- Default Values: [“nodejs”, “browser”]
- Example:
The analyzer can automatically detect nodejs
, browser
, jest
, mocha
, jasmine
and, cypress
at the moment.
If your project uses Jquery or MongoDB, please mention them explicitly.
globals
- Type: Array
- Presence: optional
- Description: The list of global variables that are used in the project. Helps the analyzer recognize global variables and not report them as undefined.
- Example:
module_system
- Type: String
- Presence: optional
- Description: The type of modules used in the project.
- Available Values:
commonjs
,es-modules
andamd
commonjs
- The CommonJS Module System. (require
/exports
)es-modules
- ES Modules (import
/export
)amd
- Asynchronous Module Definition (define
/require
)
- Default Value: “es-modules”
- Example:
dialect
- Type: String
- Presence: optional
- Description: The dialect of JavaScript used in the project. Currently, we support TypeScript and Flow.
- Available Value:
typescript
andflow
- Default Value: “typescript”
- Example:
skip_doc_coverage
- Type: Array
- Presence: optional
- Description: Specify which artifacts to skip when detecting documentation issues and calculating documentation coverage.
- Available Values:
function-declaration
,function-expression
,arrow-function-expression
,class-declaration
,class-expression
andmethod-definition
function-declaration
- Ignore function declarationsfunction-expression
- Ignore function expressionsarrow-function-expression
- Ignore arrow function expressionsclass-declaration
- Ignore class declarationsclass-expression
- Ignore class expressionsmethod-definition
- Ignore method definitions
- Default Value: []
- Example:
cyclomatic_complexity_threshold
- Type: String
- Presence: optional
- Description: Specify the acceptable risk category for your project as the threshold. All functions with complexity beyond this threshold will raise an issue. For example, setting the threshold to
low
will flag all functions that have a cyclomatic complexity of more than5
, while setting the threshold tocritical
will not flag any function. - Available Values:
low
,medium
,high
,very-high
andcritical
Risk category | Cyclomatic complexity range | Recommended action |
---|---|---|
low | 1-5 | No action is needed. |
medium | 6-15 | Review and monitor. |
high | 16-25 | Review and refactor. Recommended to add detailed comments if the function absolutely needs to be kept as it is. |
very-high | 26-50 | Refactor to reduce the complexity. |
critical | > 50 | Must refactor this. This can make the code untestable and very difficult to understand. |
- Default Value:
high
- Example:
style_guide
- Type: String
- Presence: optional
- Description: A style guide is a set of standards that outline how code should be written and organized. Setting this will ensure that you follow established conventions, and will also allow the analyzer to raise issues for any style guide violations.
- Available Values:
airbnb
,google
andstandard
airbnb
- Airbnb JavaScript Style Guidegoogle
- Google JavaScript Style Guidestandard
- Standard JavaScript Style Guide
- Default Value: None
- Example:
Sample config
Configuration without meta
If you use JavaScript Frameworks like React
, Angular
or Vue
, we recommend you add meta fields to fine-tune the analyzer.
Configuration with meta
ESLint Rules & Plugins
The DeepSource JavaScript analyzer fully supports all the ESLint core JavaScript rules. Along with that, it currently supports the following ESLint plugins:
-
Node
-
TypeScript
-
React
-
Vue
-
Flow
-
Ember
-
Meteor
-
Angular
-
AngularJS
-
Security
Custom plugins specific to your project, and other third party plugins are not supported. If a specific rule is explicitly disabled in your repository’s ESLint config, DeepSource will respect that and not raise any issues that are similar to that rule.
Code Coverage
Jest
The analyzer supports the Cobertura XML format for JavaScript test coverage.
Here’s how you can generate a coverage report and submit it to the analyzer:
If the coverage file is generated at a path other than the root directory, pass that path to the value-file flag of the last command.
Example:
./bin/deepsource report --analyzer test-coverage --key javascript --value-file ./src/app/coverage/cobertura-coverage.xml
Code Formatter (Transformer)
Prettier
Transform all incoming JavaScript, TypeScript, Flow, JSX, JSON, CSS, SCSS, Less, HTML, Vue, Angular, GraphQL, Markdown, and YAML code with Prettier.
This section covers .deepsource.toml
configuration specific to the prettier
transformer. Please make sure to read the general configuration guide first.
name
- Type: String
- Presence: mandatory
- Description: Shortcode of this transformer.
- Example:
enabled
- Type: Boolean
- Presence: optional
- Description: Toggle whether this transformer should be run.
- Example:
StandardJS
Transform all incoming JavaScript code with StandardJS.
This section covers .deepsource.toml
configuration specific to the standardjs
transformer. Please make sure to read the general configuration guide first.
name
- Type: String
- Presence: mandatory
- Description: Shortcode of this transformer.
- Example:
enabled
- Type: Boolean
- Presence: optional
- Description: Toggle whether this transformer should be run.
- Example:
Dependency Metric Calculation
DeepSource uses package-lock.json
and yarn.lock
to calculate direct and indirect dependencies. We don’t update any of the lock files.
If you have a lock file and zero (0
) direct and indirect dependencies are reported, it may be because of the following reasons:
- You have not installed
peerDependencies
correctly. - You are using a private node package.
Vulnerability Scanning
Supported target files:
package.json
package-lock.json
yarn.lock
pnpm-lock.yaml
The analyzer supports vulnerability scanning for dependencies managed by npm, yarn, and pnpm.