You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I proposed module aliasing for JavaScript a long time ago #285. But at that time there were higher priority issues with JavaScript (from the rule writing point of view), so I closed the issue when individual patterns for all possible ways to import a dependency were supported.
Now JS/TS support is much better. Also, the year of experience shows that we use patterns for identifying specific module usage quite a lot. That is why I would like to ask for a module aliasing feature again.
Here is the list of the most common ways of how you can introduce a dependency in JS/TS code and patterns for finding them:
all of this patterns work, but we need all of them to cover 100% of situations
Problem
the problem is that in our rules we use only one pattern, usually $FOO = require('./foo');, sometimes { $SMTH } = require('./foo'), or something contributed by the users that reflects their current coding style
but there is no "good practice" way to import/require a module, that we could stick to, they are all useful in different situations and I believe it makes sense to cover all the situations in our rules, for now, it would require to have at least 8 more patterns added to each rule (at minimum, because it probably would also require to rewrite/add other patterns)
potentially implementing module aliasing for JS/TS can give us x8 times better coverage
we have a module aliasing for Python and Java, which helps a lot in writing rules, so I believe it makes sense to have this feature for JS/TS also
the difference between Python and JS is that both import and require allow specifying path to the module, not just the name (or namespace), e.g. require('../../src/foo/bar')
Implementation
(this is my opinion on how the new patterns might look like, maybe there is a better solution for that)
This issue is being marked stale because there hasn't been any activity in 30 days. Please leave a comment if you think this issue is still relevant and should be prioritized, otherwise it will be automatically closed in 7 days (you can always reopen it later).
I think all patterns even the anti-patterns (bad practices) should be covered so that a rule trying to find something (e.g. XSS) will work no matter how the module was imported.
Intro
I proposed module aliasing for JavaScript a long time ago #285. But at that time there were higher priority issues with JavaScript (from the rule writing point of view), so I closed the issue when individual patterns for all possible ways to import a dependency were supported.
Now JS/TS support is much better. Also, the year of experience shows that we use patterns for identifying specific module usage quite a lot. That is why I would like to ask for a module aliasing feature again.
Here is the list of the most common ways of how you can introduce a dependency in JS/TS code and patterns for finding them:
1. CommonJS modules (https://nodejs.org/dist/latest-v14.x/docs/api/modules.html)
1.A.
1.B.
1.C.
1.D.
1.E. (antipattern, usually modules are not built to be inited asynchronously, no need to alias)
1.F. (antipattern, usually modules are not built to be inited asynchronously, no need to alias)
2. ES modules (https://nodejs.org/dist/latest-v14.x/docs/api/esm.html)
2.A.
2.B.
2.C.
2.D.
2.E. (used only for side-effect, no need to alias)
2.F. (antipattern, usually modules are not built to be inited asynchronously, no need to alias)
2.G. (antipattern, usually modules are not built to be inited asynchronously, no need to alias)
all of this patterns work, but we need all of them to cover 100% of situations
Problem
the problem is that in our rules we use only one pattern, usually
$FOO = require('./foo');
, sometimes{ $SMTH } = require('./foo')
, or something contributed by the users that reflects their current coding stylerequire('../../src/foo/bar')
Implementation
(this is my opinion on how the new patterns might look like, maybe there is a better solution for that)
for CommonJS
use patterns like:
to alias patterns from 1.A, 1.B, 1.C, 1.D
examples:
and
and
will be tackled by:
this also means that
going to find:
for ES modules
use patterns like:
to alias patterns from 2.A, 2.B, 2.C, 2.D
examples:
and
and
will be tackled by:
this also means that
going to find:
The text was updated successfully, but these errors were encountered: