Skip to content

Latest commit

 

History

History
182 lines (128 loc) · 3.66 KB

cops_bundler.md

File metadata and controls

182 lines (128 loc) · 3.66 KB
Raw

Bundler

Bundler/DuplicatedGem

Enabled by default Safe Supports autocorrection VersionAdded VersionChanged
Enabled Yes No 0.46 -

A Gem's requirements should be listed only once in a Gemfile.

Examples

# bad
gem 'rubocop'
gem 'rubocop'

# bad
group :development do
  gem 'rubocop'
end

group :test do
  gem 'rubocop'
end

# good
group :development, :test do
  gem 'rubocop'
end

# good
gem 'rubocop', groups: [:development, :test]

Configurable attributes

Name Default value Configurable values
Include **/*.gemfile, **/Gemfile, **/gems.rb Array

Bundler/GemComment

Enabled by default Safe Supports autocorrection VersionAdded VersionChanged
Disabled Yes No 0.59 0.77

Add a comment describing each gem in your Gemfile.

Optionally, the "OnlyWhenUsingAnyOf" configuration can be used to only register offenses when the gems use certain options or have version specifiers. Add "with_version_specifiers" and/or the option names (e.g. 'required', 'github', etc) you want to check.

Examples

OnlyWhenUsingAnyOf: [] (default)

# bad

gem 'foo'

# good

# Helpers for the foo things.
gem 'foo'

OnlyWhenUsingAnyOf: ['with_version_specifiers']

# bad

gem 'foo', '< 2.1'

# good

# Version 2.1 introduces breaking change baz
gem 'foo', '< 2.1'

OnlyWhenUsingAnyOf: ['with_version_specifiers', 'github']

# bad

gem 'foo', github: 'some_account/some_fork_of_foo'

gem 'bar', '< 2.1'

# good

# Using this fork because baz
gem 'foo', github: 'some_account/some_fork_of_foo'

# Version 2.1 introduces breaking change baz
gem 'bar', '< 2.1'

Configurable attributes

Name Default value Configurable values
Include **/*.gemfile, **/Gemfile, **/gems.rb Array
IgnoredGems [] Array
OnlyWhenUsingAnyOf [] Array

Bundler/InsecureProtocolSource

Enabled by default Safe Supports autocorrection VersionAdded VersionChanged
Enabled Yes Yes 0.50 -

The symbol argument :gemcutter, :rubygems, and :rubyforge are deprecated. So please change your source to URL string that 'https://rubygems.org' if possible, or 'http://rubygems.org' if not.

This autocorrect will replace these symbols with 'https://rubygems.org'. Because it is secure, HTTPS request is strongly recommended. And in most use cases HTTPS will be fine.

However, it don't replace all sources of http:// with https://. For example, when specifying an internal gem server using HTTP on the intranet, a use case where HTTPS cannot be specified was considered. Consider using HTTP only if you cannot use HTTPS.

Examples

# bad
source :gemcutter
source :rubygems
source :rubyforge

# good
source 'https://rubygems.org' # strongly recommended
source 'http://rubygems.org'

Configurable attributes

Name Default value Configurable values
Include **/*.gemfile, **/Gemfile, **/gems.rb Array

Bundler/OrderedGems

Enabled by default Safe Supports autocorrection VersionAdded VersionChanged
Enabled Yes Yes 0.46 0.47

Gems should be alphabetically sorted within groups.

Examples

# bad
gem 'rubocop'
gem 'rspec'

# good
gem 'rspec'
gem 'rubocop'

# good
gem 'rubocop'

gem 'rspec'

# good only if TreatCommentsAsGroupSeparators is true
# For code quality
gem 'rubocop'
# For tests
gem 'rspec'

Configurable attributes

Name Default value Configurable values
TreatCommentsAsGroupSeparators true Boolean
Include **/*.gemfile, **/Gemfile, **/gems.rb Array