asinghal/codecritic

Code Critic

This is a very simple implementation of Javascript code quality analysis. Code critic uses various open source libraries to find vulnerabilities in code and reports then to the user.

• Getting Sarted
  • Dependencies
  • Setting up the app
  • Running the tests
  • Starting the website
• Libaries used
• How it works
  • What is an issue?
  • Scoring
  • Configuring Thresholds
• Contributing to CodeCritic
• License

Getting Started

Dependencies

1. NodeJS 10.0+
2. Ruby 2.0+
3. NPM 1.4+

Setting up the app

Run the following:

bundle install
npm install

Running the tests

npm test

Starting the website

npm start

The application will be available at http://localhost:3000/

Libaries used:

1. JSHint: JSHint reviews the code for styling and common problems.
2. ScanJS: A Security scanner that reviews the code for major vulnerabilities.
3. David: Checks each dependency in package.json and validates whether there is a newer version available.
4. Complexity-Report: Generates a complex mathematical analysis of the source code trying to identify the maintainability effort.
5. Flay-JS: Reviews the code for structural similarities and copy pasted snippets and helps keep the code DRY.

In addition to code quality analysis, there are various open source libraries that are used here for software development. Please refer to the same in package.json.

Finally, we use SyntaxHighlighter to display source code on the UI.

Understanding the application

CodeCritic provides a very opinionated point of view of writing JavaScript code.

What is an issue

Any feedback generated by running one of the above code quality checks is assumed to be an issue.

Scoring

Code Critic uses a simple algorithm for rating files and generating a roll up score for each code base.

Total # of Issues in the file	Rating

10 | 1 5 && <= 10 | 2 2 && <= 5 | 3 0 && <= 2 | 4 0 | 5

Once all files have been rated, all ratings are added and divided by the total number of files to get a total score.

Configuring Thresholds

The application uses preconfigured rules for JSHint and Complexity analysis and the same can be found under ./config/. Please note that these rules are only indicative and you should feel free to change any if you do not agree with them.

The ./config/ directory has 2 types of files:

1. config files for thresholds.
2. ignore files for the file patterns that should be excluded from analysis.

Submission Guidelines

Please read the guidelines.

License

The tool is available under MIT License. Please review the LICENSE file under the repository.

Authors.