Qualscan
A CLI, and API, tool to run many quality check-ups on your javascript project.
Install / Use
/learn @wallet77/QualscanREADME
Qualscan = Quality Scanner
<div align="center"> <img src="examples/full_logo.png"/> </div>Qualscan analizes any type of project built on Javascript (NPM module, backend app, frontend app, etc).
Purpose
A CLI tool to run multiple plugins in order to check the quality of your Javascript project.
List of features:
- security audit of your dependencies
- check dependencies updates
- check code duplications
- check project's size (bundle's size, number of files)
- check project's structure (readme, license, etc)
- check exact version of dependencies
- check dependencies (missing or unused)
- check dependencies size (number of dep, actual size, tree's depth)
- require time of entrypoint (loading time when we require your project)
In addition you can run all you custom scripts.
It will give you a global score based on the number of successful tasks.
Output
This tool will basically returns 1 if, at least, one task has failed, otherwise it returns 0.
Basic error output:
A task is considered as successful if the fail threhsold (see <a href="#budget">budgets</a>) has not been exceeded.
warn of info thresholds will bring you more information but the task will be considered as successful even if the thresholds are exceeded.
Installation
$ npm install qualscan -g
Usage
$ qualscan
Options
Display all existing options
$ qualscan -h
Run only a set of tasks
$ qualscan --tasks security-audit updates
Run only a set of scripts
$ qualscan --scripts test
Display tasks messages
$ qualscan -v
Display tasks messages by level
$ qualscan -v -l warn
| Level | Description |
|:-------------:|:--------------------------------:|
| all | (default) display all logs |
| error | Display errors only |
| warn | Display warnings & errors |
| info | Display info & errors & warnings |
<br/>
Send custom args to jscpd
$ qualscan -cda "--ignore tests/resources/code_duplication_failed/*"
For a full list of possible arguments, please follow this documentation: Jscpd doc.
Check exact version for dev dependencies
$ qualscan -devd
Export current configuration
$ qualscan exportConf
Using Config file
Qualscan can use a configuration file instead of a list of options.
You can specify your configuration file in two different ways:
- Use .qualscanrc file
By default, Qualscan will check if .qualscanrc file is present in the current directory. You can find an example here.
{
"scripts": ["linter"],
"tasks": [
"code-duplication",
"security-audit",
"updates",
"package-check",
"dependencies-exact-version",
"project-size",
"dependencies-check",
"dependencies-size",
"require-time"
],
"code-duplication": {
"args": "--ignore */resources/code_duplication_failed/* --gitignore"
},
"verbose": true,
"level": "error"
}
- Use the option -c
$ qualscan -c /pathTo/MyConfigFile.json
Reporters
By default qualscan will use text reporter and display results in the console.
Allowed reporters:
- text
- json
- json in console
qualscan --reporters json
By default the default path to store the report is: [workingDir]/report/qualscan_report.json
Define another report directory
qualscan --reporters json --reportPath "myCustomDir/"
To display json in console
qualscan --reporters json --reportPath ""
API
const qualscan = require('qualscan')
const report = await qualscan.run({
tasks: ['code-duplication', 'project-size'],
scripts: ['linter'],
reporters: ['json'],
reportPath: '' // return the report as JSON object
}, 'path/to/my/project')
Budget
The notion of budget comes from the Webperf budget principle.
With this powerful tool you can define your own thresholds for each plugin.
The principle is the following:
- for each plugin, define your thresholds: fail, warn or info
- for each threshold set a value for every metrics
Example in config file (for project's size plugin):
{
"project-size": {
"budget": {
"fail": {
"entryCount": 150,
"size": 3000000,
"unpackedSize": 60000000
},
"warn": {
"entryCount": 100,
"size": 300000,
"unpackedSize": 6000000
}
}
}
}
Basic budgets output:
For a task:
- successful: if
failthreshold has not been exceeded - otherwise the task has failed
For a threshold:
- successful if all metrics are under their maximum value
- otherwise it has failed
So a task can lead to an error, a warning or an information.
Thresholds can only be passed or failed.
List of all metrics per plugin
| Plugin | Key | Metric | Unit | |:--------------------:|:----------------------------:|:-------------------:|:----------------------------------------------------:| | Code duplication | code-duplication | percentageTokens | percentage of duplicated tokens | | | | percentage | percentage of duplicated lines | | Exact version | dependencies-exact-version | dependencies | number of range version in dependencies | | | | devDependencies | number of range version in dev dependencies | | Security audit | security-audit | critical | number of critical vulnerabilities | | | | high | number of high vulnerabilities | | | | moderate | number of moderate vulnerabilities | | | | low | number of low vulnerabilities | | | | info | number of info | | Project's size | project-size | entryCount | number of files | | | | size | size in bytes (only files in final bundle) | | | | unpackedSize | unpacked size in bytes (only files in final bundle) | | Dependencies updates | updates | major | number of major updates | | | | minor | number of minor updates | | | | patch | number of patch | | Check dependencies | dependencies-check | missing | number of missing dependencies | | | | dependencies | number of unused dependencies | | | | devDependencies | number of unused dev dependencies | | Dependencies size | dependencies-size | dependencies | number of all dependencies | | | | directDependencies | number of direct dependencies | | | | weight | total weight o
