Skip to content

Statick plugins for discovering and scanning web (HTML, CSS, JavaScript) files

License

Notifications You must be signed in to change notification settings

sscpac/statick-web

Repository files navigation

Statick Web Plugins

Unit Tests PyPI version Codecov Python Versions License Checked with mypy Daily Downloads Weekly Downloads Monthly Downloads

This is a set of plugins for Statick that will discover Web (HTML, CSS, JavaScript) files and perform static analysis on those files.

Custom exceptions can be applied the same way they are with Statick exceptions.

Table of Contents

Installation

The recommended method to install these Statick plugins is via pip:

python3 -m pip install statick-web

You can also clone the repository and use it locally.

Usage

Make sure you install all the dependencies from apt/npm. See the Actions file to see exactly which commands work for various operating systems. Pay particular attention to which packages are installed locally and globally.

Pip Install

The most common usage is to use statick and statick-web from pip. In that case your directory structure will look like the following:

project-root
 |- web-project
 |- statick-config

To run with the default configuration for the statick-web tools use:

statick web-project/ --output-directory statick-output/ --profile web-profile.yaml

Pip Install and Custom Configuration

There are times when you will want to have a custom Statick configuration. This is usually done to run a different set of tools than are called out in the default profile, or to add exceptions. For this case you will have to add the new Statick configuration somewhere. This example will have custom exceptions in the web-project, such that the directory structure is:

project-root
 |- web-project
 |- statick-config
     |- rsc
         |- exceptions.yaml
 |- statick-output

For this setup you will run the following:

statick web-project/ --output-directory statick-output/ --user-paths web-project/statick-config/ --profile web-profile.yaml

Source Install and Custom Configuration

The last type of setup will be to have all of the tools available from cloning repositories, not installing from pip. The directory structure will look like:

project-root
 |- web-project
 |- statick-config
     |- rsc
         |- exceptions.yaml
 |- statick-output
 |- statick
 |- statick-web

Using the example where we want to override the default exceptions with custom ones in the web-project, the command to run would be:

./statick/statick web-project/ --output-directory statick-output/ --user-paths statick-web/,web-project/statick-config/ --profile web-profile.yaml

Existing Plugins

Discovery Plugins

Note that if a file exists without the extension listed it can still be discovered if the file command identifies it as a specific file type. This type of discovery must be supported by the discovery plugin and only works on operating systems where the file command exists.

File Type Extensions
css .css
html .html
javascript .js

Tool Plugins

Tool About
eslint Find and fix problems in your JavaScript code.
htmllint An unofficial html5 linter and validator.
jshint JSHint is a community-driven tool that detects errors and potential problems in JavaScript code.
stylelint A mighty, modern linter that helps you avoid errors and enforce conventions in your styles.

Contributing

If you write a new feature for Statick or are fixing a bug, you are strongly encouraged to add unit tests for your contribution. In particular, it is much easier to test whether a bug is fixed (and identify future regressions) if you can add a small unit test which replicates the bug.

Before submitting a change, please run tox to check that you have not introduced any regressions or violated any code style guidelines.

Mypy

Statick Web uses mypy to check that type hints are being followed properly. Type hints are described in PEP 484 and allow for static typing in Python. To determine if proper types are being used in Statick Web the following command will show any errors, and create several types of reports that can be viewed with a text editor or web browser.

python3 -m pip install mypy
mkdir report
mypy --ignore-missing-imports --strict --html-report report/ --txt-report report src

It is hoped that in the future we will generate coverage reports from mypy and use those to check for regressions.

Formatting

Statick code is formatted using black. To fix locally use

python3 -m pip install black
black src tests

About

Statick plugins for discovering and scanning web (HTML, CSS, JavaScript) files

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages