We have an ASP .NET project, we are trying to have an on-the-fly analysis of JS. SonarLint only provides the analysis of C# files.. Incremental analysis seems to have been deprecated, and issues analysis requires different configuration files, which SonarQube Scanner does not support. Having 2 different configuration files and continuously renaming them is, as you can imagine, is a very difficult task to convince, educate, and discipline a large team of developers to do.. What would be the solution?
You can't (for now) have on-the-fly support of JS within SonarLint for Visual Studio but you can have some with IntelliJ/Eclipse although I am not sure the experience would be that great for a ASP.Net Project.
What I would suggest, if you really want to have the analysis before your commit, is to have a local SonarQube server (can be found here) and manually run the Scanner for CLI and to push result to this local instance.
Related
I want a javascript framework which has features like below:
MV*
Well structured
Html file as template
Rendering fast(maybe virtual dom?)
Combine and compatible with other plugins or libraries
Edit on tablet IDE apps and view in browser immediately by refreshing page after I changed code
When I am at home, I use PC to develop my client-side(or front-end) applications.
When go out, I use my tablet(I have no note PC), so I want to develop my applications outside.
*There are some excellent IDE apps on the Android Market.
Before I know Ember, I have been using pure javascript(jquery) + css + html to develop client-side application for daily practices or work.
But recently, when I began to learn EmberJS, a Javascript MVC framwork, I am lost.
It seems that EmberJS have to get its own server up to compile something, which generate static contents for browser rendering.
I just want to get my client-side code(files) rendering in the browser, but why I have to 'run' it as if I get apache started to serve as a php back-end.
I have googled hundreds of pages to find a solution, nothing expected result discovered.
Including Angular, backbone or any other popular Javascript MV* frameworks, they all must compile there applications.
Is there anyone who has encountered this situation?
Then any advice, please?
Increasingly most Javascript frameworks are shifting to doing a "compile step" as part of using them. This allows you to do a variety of changes to your Javascript files, which in turn makes it easier for you as a developer. An example of this is that you can use ES2015 classes and then have your compile step "transpile" them to older Javascript that will work in all browsers.
The side effect of this though is that you need to have npm running on your computer to be able to do this well.
If you really don't want to have the compile step, then I would suggest looking at VueJS. It's the only recent Javascript framework that allows working with simple non-compiled JS files. But you'all be missing out on some of the best changes to Javascript as a result (ES2015 has made life much better)
Finally, I found a nice solution(framework) that is Durandal.
Really, pure HTML+Javascript without built and server up(anyhow, a web server needed if I wanted to publish it in my hosted web server).
.html extension and designer friendly.
I can upload its source files directly in to S3 and browse the html pages.
Just found some nice examples with well structured project on github is here.
And I can work smoothly with my dear designer friends.
Though its next generation Aurelia will also be built and serve it up like Ember or others, but the current generation is enough for me.
Hope those one got help from this;)
Everyone knows cordova and phonegap uses a webview so the app contains html and js and css files, which means they can be edited.
What i am wondering, is there any way to lock/ make these files not editable once the app is installed on the phone? hide the code in some way ?
Could be great to know much about this, however this should be what app stores should do , hiding the code should be not done by developers i guess, but if you have any trick/idea/ clue please share it!
thank you!
You can obfuscate the html,css and javascript files...
Some useful links:
Three Ways to Encrypt PhoneGap and Cordova Mobile Applications
Obfuscating JavaScript code in Worklight applications
You have to understand that obfuscate is not encrypt.
Your code can be reversed. But not by lazy programmers.
Since none of the provided answers so far fulfills the requirement for bounty, I can give you the official statement from Cordova project itself:
Do not assume that your source code is secure
Since a Cordova application is built from HTML and JavaScript assets that get packaged in a native container, you should not consider your code to be secure. It is possible to reverse engineer a Cordova application.
Also, there is a way to encrypt the code when packaged and then decrypt it when used. Of course this isn't safe either, but provides a little more trouble for hacker. See this blog post about how to implement it on iOS. The same concept, though, is applicable on Android or any other platform. The main point about the security is that the encryption key needs always to be available within the package.
You can minify and obfuscate your code which would make it harder to edit/understand. My favorite is the GUI YUI Compressor for windows.
LINK to GUI YUI for Windows
Unchecking Verbose is often a good idea. I have mine set to UTF8 and to preserve semi-colons. It has worked really well for me.
For most cases, obfuscation of the JS files is enough and can be easily done with a tool like gulp (which I recommend) or grunt.
However, for critical apps, you can use a native (compiled) plugin that wraps your files in an encrypted format that is decrypted when the app starts (which would definitely sacrifice some performance of course)
I have a web project coded 80% in JavaScript and 20% in Django without a single unit testing as I rushed for Minimum Marketing Features. Now that the project is getting funded, I decided to invest some time to introduce TDD. I had a great deal of inspiration from this KickStarter-funded tutorial.
http://www.letscodejavascript.com/
The author uses Node.js, Jake, Lint, Nodeunit, and Karma to simplify the whole integration process. The server/client tests in all major browsers is done in a single command and I was really hooked to this idea, but it requires switching to Node.js.
I've searched for TDD in Django and ran into this tutorial that makes use of Selenium.
http://www.tdd-django-tutorial.com/
However this TDD was primarily based on unit testing in server. Here are the questions.
Can multiple client JavaScript testing be done in Django/Python?
I assume the answer is no since js files are nothing more than static library in Django. Correct me if I'm wrong.
Is it worth using Node.js just for the sake of TDD Javascript?
My logic was either you use Python or Node.js for the server, but since tools like Karma and Buster.js requires Node.js, I was wondering whether setting up the Node.js alongside Django just for multiple client testing is plausible choice when considering lower cost of maintenance.
Thank you :D
You can take a look at using selenium in your django test suite. Django's official docs cover this in moderate detail
To answer your question about Node.js - I would say that it's probably not worth the complexity to add node.js SOLELY for the purpose of running unit tests. Also, since your javascript is likely built to run in a browser, it's less likely that things will break down if you use a tool like selenium (which runs the code in an actual browser, providing a python scripting interface).
Is there a program/tool that can generate function dependency graph for javascripts? Basically, the input should be a folder of javascript files, then the output is a nice graph that show all the relations between each function. It'll be better if I can interact with the graph, also.
Is there a way to do that?
Thanks
On windows and Visual Studio you can look at JSAnalyse: http://jsanalyse.codeplex.com/
I haven't tried it, but from the description, it parse the JavaScript files and creates a dependency tree of the different files based on the static references between them.
The project
JSAnalyse is a tool to analyze the dependencies between JavaScript
files and keep them under control. It helps to visualize and handle
static references between JavaScript files in order to ensure the
defined client-side architecture.
In the last couple years the amount of JavaScript lines in web
applications has been dramatically increased. A lot of new client-side
frameworks (like JQuery, Knockout, etc...) have aroused, but the tools
for developing JavaScript just got slightly better. For instance, the
Visual Studio 2010 has improved the IntelliSense. But for a
well-designed application, not only the server-side code is relevant
anymore. It is also very important to have a good architecture for the
client-side code and to keep it in a healthy and good state during the
whole application lifecycle. That is exactly when JSAnalyse comes into
play. It enables not just the possibility to analyze the existing
JavaScript dependencies but also to constrain them. The allowed
dependencies can be either configured via XML or by using the great
Visual Studio 2010 Architecture features. JSAnalyse provides an
extension for the Visual Studio Layer Diagram to validate and control
also dependencies between JavaScript files. This can be integrated
into the build and with the Gated Check-in feature it is not even
possible to check-in source code which does not fulfill the JavaScript
architectural rules.
i work at the digital department of a public broadcaster, together with two other frontend developers. We're currently looking into improving our Javascript workflow and build processes. Stuff like packaging, minifying, versioning, etcetera.
In an ideal scenario, we would have a global repository for all Javascript-related libraries (like jQuery) and stuff we build ourselves, that can be easily included in lots of projects and versioned.
All of our backend developers use Maven for this process with their Java code. I'm wondering if people have experience with Maven and Javascript, or maybe with other tools that might be good (or better) for the job. And in general if people have good resources about setting up workflow / build processes for frontend and javascript development.
We use Hudson (http://hudson-ci.org/) to continuously build/integrate our Python (Django via zc.buildout), R and several other types of projects. Whenever someone checks in code to the central VCS, a build is triggered and the test suite(s) will run. The build and test status is shown on a central screen in the office.
Hudson not only builds and tests, but also checks for coding style and syntax errors using pep8 and pyflakes, amongst others. Javascript is only checked with jslint at this point, but we may unit-test that in the future using something like xpcshell (more info).
** edit **
Go straight for Jawr, keeping rest in answer for alternatives
** edit **
First of all there's Ruby's rake which in theory can be used through jruby and in theory can be configured and run in the POM.
There's also Jake, but not sure if the latest Rhino supports CommonJS.
Whilst writing this awnser, I just came across Jawr which looks really interresting and there seems to be maven support/plugins.
The last option you already know about is dynamic loading using for example RequireJS or LABJS.