This section covers .deepsource.toml
configuration specific to the javascript
analyzer. Please make sure to read the general configuration guide first.
name
enabled
meta
plugins
react
, vue
, ember
, meteor
, angular
and angularjs
If you use frameworks like React with ES6 modules, we recommend you set module_system
to "es-modules"
.
dependency_file_paths
package.json
or tsconfig.json
) relative to the repository’s root that specify external dependencies. The analyzer uses this to report dependency metrics and improve analysis accuracy.If you want to analyze a monorepo on DeepSource, we recommend defining the package.json
paths for each package for better analysis results.
By default, the analyzer automatically detects and scans the package.json
file if found in the repository’s root.
environment
nodejs
, browser
, jest
, mocha
, jasmine
, jquery
, mongo
, cypress
, vitest
nodejs
- Adds Node.js global variables and Node.js scopingbrowser
- Adds Browser specific global variablesjest
- Adds Jest global variablesmocha
- Adds Mocha testing global variablesjasmine
- Adds Jasmine testing global variables for version 1.3 and 2.0jquery
- Adds jQuery global variablesmongo
- Adds MongoDB global variablescypress
- Adds Cypress global variablesvitest
- Adds Vitest global variablesThe analyzer can automatically detect nodejs
, browser
, jest
, mocha
, jasmine
and, cypress
at the moment.
If your project uses Jquery or MongoDB, please mention them explicitly.
globals
module_system
commonjs
, es-modules
and amd
commonjs
- The CommonJS Module System. (require
/ exports
)es-modules
- ES Modules (import
/ export
)amd
- Asynchronous Module Definition (define
/ require
)dialect
typescript
and flow
skip_doc_coverage
function-declaration
, function-expression
, arrow-function-expression
, class-declaration
, class-expression
and method-definition
function-declaration
- Ignore function declarationsfunction-expression
- Ignore function expressionsarrow-function-expression
- Ignore arrow function expressionsclass-declaration
- Ignore class declarationsclass-expression
- Ignore class expressionsmethod-definition
- Ignore method definitionscyclomatic_complexity_threshold
low
will flag all functions that have a cyclomatic complexity of more than 5
, while setting the threshold to critical
will not flag any function.low
, medium
, high
, very-high
and critical
Risk category | Cyclomatic complexity range | Recommended action |
---|---|---|
low | 1-5 | No action is needed. |
medium | 6-15 | Review and monitor. |
high | 16-25 | Review and refactor. Recommended to add detailed comments if the function absolutely needs to be kept as it is. |
very-high | 26-50 | Refactor to reduce the complexity. |
critical | > 50 | Must refactor this. This can make the code untestable and very difficult to understand. |
high
style_guide
airbnb
, google
and standard
airbnb
- Airbnb JavaScript Style Guidegoogle
- Google JavaScript Style Guidestandard
- Standard JavaScript Style Guidemeta
If you use JavaScript Frameworks like React
, Angular
or Vue
, we recommend you add meta fields to fine-tune the analyzer.
meta
The DeepSource JavaScript analyzer fully supports all the ESLint core JavaScript rules. Along with that, it currently supports the following ESLint plugins:
Node
TypeScript
React
Vue
Flow
Ember
Meteor
Angular
AngularJS
Security
Custom plugins specific to your project, and other third party plugins are not supported. If a specific rule is explicitly disabled in your repository’s ESLint config, DeepSource will respect that and not raise any issues that are similar to that rule.
The analyzer supports the Cobertura XML format for JavaScript test coverage.
Here’s how you can generate a coverage report and submit it to the analyzer:
If the coverage file is generated at a path other than the root directory, pass that path to the value-file flag of the last command.
Example:
./bin/deepsource report --analyzer test-coverage --key javascript --value-file ./src/app/coverage/cobertura-coverage.xml
Transform all incoming JavaScript, TypeScript, Flow, JSX, JSON, CSS, SCSS, Less, HTML, Vue, Angular, GraphQL, Markdown, and YAML code with Prettier.
This section covers .deepsource.toml
configuration specific to the prettier
transformer. Please make sure to read the general configuration guide first.
Transform all incoming JavaScript code with StandardJS.
This section covers .deepsource.toml
configuration specific to the standardjs
transformer. Please make sure to read the general configuration guide first.
DeepSource uses package-lock.json
and yarn.lock
to calculate direct and indirect dependencies. We don’t update any of the lock files.
If you have a lock file and zero (0
) direct and indirect dependencies are reported, it may be because of the following reasons:
peerDependencies
correctly.Supported target files:
package.json
package-lock.json
yarn.lock
pnpm-lock.yaml
bun.lock
The analyzer supports vulnerability scanning for dependencies managed by npm, yarn, and pnpm.
This section covers .deepsource.toml
configuration specific to the javascript
analyzer. Please make sure to read the general configuration guide first.
name
enabled
meta
plugins
react
, vue
, ember
, meteor
, angular
and angularjs
If you use frameworks like React with ES6 modules, we recommend you set module_system
to "es-modules"
.
dependency_file_paths
package.json
or tsconfig.json
) relative to the repository’s root that specify external dependencies. The analyzer uses this to report dependency metrics and improve analysis accuracy.If you want to analyze a monorepo on DeepSource, we recommend defining the package.json
paths for each package for better analysis results.
By default, the analyzer automatically detects and scans the package.json
file if found in the repository’s root.
environment
nodejs
, browser
, jest
, mocha
, jasmine
, jquery
, mongo
, cypress
, vitest
nodejs
- Adds Node.js global variables and Node.js scopingbrowser
- Adds Browser specific global variablesjest
- Adds Jest global variablesmocha
- Adds Mocha testing global variablesjasmine
- Adds Jasmine testing global variables for version 1.3 and 2.0jquery
- Adds jQuery global variablesmongo
- Adds MongoDB global variablescypress
- Adds Cypress global variablesvitest
- Adds Vitest global variablesThe analyzer can automatically detect nodejs
, browser
, jest
, mocha
, jasmine
and, cypress
at the moment.
If your project uses Jquery or MongoDB, please mention them explicitly.
globals
module_system
commonjs
, es-modules
and amd
commonjs
- The CommonJS Module System. (require
/ exports
)es-modules
- ES Modules (import
/ export
)amd
- Asynchronous Module Definition (define
/ require
)dialect
typescript
and flow
skip_doc_coverage
function-declaration
, function-expression
, arrow-function-expression
, class-declaration
, class-expression
and method-definition
function-declaration
- Ignore function declarationsfunction-expression
- Ignore function expressionsarrow-function-expression
- Ignore arrow function expressionsclass-declaration
- Ignore class declarationsclass-expression
- Ignore class expressionsmethod-definition
- Ignore method definitionscyclomatic_complexity_threshold
low
will flag all functions that have a cyclomatic complexity of more than 5
, while setting the threshold to critical
will not flag any function.low
, medium
, high
, very-high
and critical
Risk category | Cyclomatic complexity range | Recommended action |
---|---|---|
low | 1-5 | No action is needed. |
medium | 6-15 | Review and monitor. |
high | 16-25 | Review and refactor. Recommended to add detailed comments if the function absolutely needs to be kept as it is. |
very-high | 26-50 | Refactor to reduce the complexity. |
critical | > 50 | Must refactor this. This can make the code untestable and very difficult to understand. |
high
style_guide
airbnb
, google
and standard
airbnb
- Airbnb JavaScript Style Guidegoogle
- Google JavaScript Style Guidestandard
- Standard JavaScript Style Guidemeta
If you use JavaScript Frameworks like React
, Angular
or Vue
, we recommend you add meta fields to fine-tune the analyzer.
meta
The DeepSource JavaScript analyzer fully supports all the ESLint core JavaScript rules. Along with that, it currently supports the following ESLint plugins:
Node
TypeScript
React
Vue
Flow
Ember
Meteor
Angular
AngularJS
Security
Custom plugins specific to your project, and other third party plugins are not supported. If a specific rule is explicitly disabled in your repository’s ESLint config, DeepSource will respect that and not raise any issues that are similar to that rule.
The analyzer supports the Cobertura XML format for JavaScript test coverage.
Here’s how you can generate a coverage report and submit it to the analyzer:
If the coverage file is generated at a path other than the root directory, pass that path to the value-file flag of the last command.
Example:
./bin/deepsource report --analyzer test-coverage --key javascript --value-file ./src/app/coverage/cobertura-coverage.xml
Transform all incoming JavaScript, TypeScript, Flow, JSX, JSON, CSS, SCSS, Less, HTML, Vue, Angular, GraphQL, Markdown, and YAML code with Prettier.
This section covers .deepsource.toml
configuration specific to the prettier
transformer. Please make sure to read the general configuration guide first.
Transform all incoming JavaScript code with StandardJS.
This section covers .deepsource.toml
configuration specific to the standardjs
transformer. Please make sure to read the general configuration guide first.
DeepSource uses package-lock.json
and yarn.lock
to calculate direct and indirect dependencies. We don’t update any of the lock files.
If you have a lock file and zero (0
) direct and indirect dependencies are reported, it may be because of the following reasons:
peerDependencies
correctly.Supported target files:
package.json
package-lock.json
yarn.lock
pnpm-lock.yaml
bun.lock
The analyzer supports vulnerability scanning for dependencies managed by npm, yarn, and pnpm.