new_audit(seo): JSON-LD validation (not included in UI for now)

[kdzwinel]

Summary
Fixes #4359

Depends on #5377 (merged)

Preview:

Results form running validation against the main pages of the top 1500 domains (that had JSON-LD): https://gist.github.com/kdzwinel/9c9e209e3b1bb239e01920f4aec10108

Questions:

• how to disclose in the audit name, or description, that we are only checking JSON-LD for now?
• Where should "Learn more" link from the description point to?
• For easier identification we wanted to expose main object from the JSON-LD, but we can't do that if it's not valid JSON-LD object - how about exposing a snippet (first 50 characters?) instead?

Notes:

• this audit introduces two external dependencies (jsonld and jsonlint-mod) and two big json files with metadata
• we already have audit with "structured-data" id (the manual one), so I had to go with a different id ("structured-data-automatic"). AFAIK we are not (yet?) removing the manual audit.

TODO:

• json validation
• json-ld validation
• schema.org object validation
• required/recommended fields validation
• unit tests
• if there are only warnings (e.g. only "recommended" fields are missing form the JSON-LD object) - don't fail the audit, mark it as a warning
• expose failing node in the first column
• expose main object, or the snippet of the JSON-LD file, for easier identification
• smoke test
• improve report UI (make it easier for users to locate errors in their code) ==> will do in separate PR

[AymenLoukil]

both http and https versions could be used in defining schema types so later in cleanName we risk to have an issue

[paulirish]

shall we just normalize all http -> https

[kdzwinel]

good catch @AymenLoukil !

[rviscomi]

how to disclose in the audit name, or description, that we are only checking JSON-LD for now?

Maybe just add this sentence to the description: This audit is currently doing basic JSON-LD validation.

Where should "Learn more" link from the description point to?

We can omit the link until we have a page in the LH docs. cc @kaycebasques @ekharvey

For easier identification we wanted to expose main object from the JSON-LD, but we can't do that if it's not valid JSON-LD object - how about exposing a snippet (first 50 characters?) instead?

Sounds good.

Also, see my note in #4359 about removing the SDTT scraping from the audit for now until we can get a more reliable solution.

[paulirish]

an idea. wdyt about including all discovered top-level types in the results? I'm trying to debug why some of the errors are being flaky on http://www.lefigaro.fr/ and getting confirmation that it's actually finding the json+ld would be really nice.

[kdzwinel]

👍 sounds like a very good idea, I'll add it

[mattzeunert]

Will keep this in mind for the new result display logic.

[paulirish]

extract this fn to a fn declaration? will make this call into .expand a bit easier to parse.

[mattzeunert]

Fixed.

[paulirish]

this url is the url of a schema? can we call it schemaUrl

[mattzeunert]

Fixed by Konrad.

[paulirish]

why tho?

[kdzwinel]

oops, good catch, I used it for an additional check that was here before but I ended up removing

[mattzeunert]

Fixed by Konrad.

[paulirish]

add comment for where this list is specified? aka how we maintain it

https://json-ld.org/spec/latest/json-ld/#syntax-tokens-and-keywords ?

[kdzwinel]

Good call, I'll leave a comment and yeah you got the right link 👍

[mattzeunert]

Fixed by Konrad.

[paulirish]

whats the other one?

[mattzeunert]

Fixed by Konrad, only one error now.

[paulirish]

VERY much so. 😡

🤣

[paulirish]

feels like at the audit-level we'd consider this situation to be equivalent to zero json-ld on the page === not-applicable. right?

[kdzwinel]

In this case, only this one validator is not applicable, the whole audit still makes sense because we have json, json-ld and expansion validation.

[paulirish]

true!

[paulirish]

what exactly does this expansion represent? i never really understood that.

[kdzwinel]

as presented on the meeting - it gives us normalized form of the json-ld

https://json-ld.org/spec/latest/json-ld-api/#expansion
https://json-ld.org/playground/

[paulirish]

should this be the same validator? i'm fine with 'yes', just asking..

[kdzwinel]

it might be worth to differentiate between those two, good call (note that this field is not used by LH - I added it because sd-validation aspires to be a separate package, and this info can be useful for someone else)

[mattzeunert]

Done already. 🙂

[paulirish]

great job on this. this is a big area and it feels quite approachable due to how you structured the problem here. nice work!

[paulirish]

i'm wondering if we should also have a CSS selector to help point to where this was slurped up. i guess it'd be just script[type="application/ld+json" i] with a :nth-child(N).. okay maybe we just communicate that in the description/docs.

[kdzwinel]

yeah, all of those json-ld's are scripts, and all of them are in <head>, so it's hard to provide useful debugging info. IMO you idea with exposing top-level type will be great here (although we can't extract top-level type if json/json-ld/expansion fails :( )

[kdzwinel]

• review comments addressed (thank you Paul, these were great!)
• validation of object properties recommended/required by SDTT removed (now we are using only schema.org data)
• audit description adjusted

[kdzwinel]

oops, good catch, I used it for an additional check that was here before but I ended up removing

[kdzwinel]

Good call, I'll leave a comment and yeah you got the right link 👍

[kdzwinel]

👍 I changed it to "validateKey"

[kdzwinel]

good catch @AymenLoukil !

[kdzwinel]

we could, but then all invalid keys starting with '@' would not be removed here, thus producing a Unexpected property "${key}" error.

Since these keys were already caught by the previous validator (json-ld) and reported ('Unknown keyword') IMO there is no need to report them again.

[kdzwinel]

In this case, only this one validator is not applicable, the whole audit still makes sense because we have json, json-ld and expansion validation.

[kdzwinel]

👍 sounds like a very good idea, I'll add it

[kdzwinel]

yeah, all of those json-ld's are scripts, and all of them are in <head>, so it's hard to provide useful debugging info. IMO you idea with exposing top-level type will be great here (although we can't extract top-level type if json/json-ld/expansion fails :( )

[kdzwinel]

as presented on the meeting - it gives us normalized form of the json-ld

https://json-ld.org/spec/latest/json-ld-api/#expansion
https://json-ld.org/playground/

[kdzwinel]

it might be worth to differentiate between those two, good call (note that this field is not used by LH - I added it because sd-validation aspires to be a separate package, and this info can be useful for someone else)

[paulirish]

should this live in a /scripts/ folder?

How is it used? (maybe something for the readme? though i can't tell..)

[kdzwinel]

Good call, I moved it and changed it to a nodejs script that fetches the schema.org jsonld and writes result to assets/.

[paulirish]

i don't totally grok whats happening here swapping out the google schema to the other one but...

i'm kinda surprised we that 'required' fields isn't a thing anymore. I guess schema.org just doesn't have an opinion on whats required?

[mattzeunert]

Yeah schema.org doesn't care, but Google requires some properties to enable rich snippets.

Will bring it up with @rviscomi if we want to add extra validation for this in the future.

[paulirish]

allows ;)

[paulirish]

Via https://schema.org/docs/developers.html#defs it looks like this URL will redirect and work: https://schema.org/version/latest/schema.jsonld

[mattzeunert]

This is a bit trickier than I thought because there are three different forms that the JSON-LD takes:

1. Raw JSON string on the page
2. parsed JSON object
3. expanded JSON-LD (regularized form without @context)

There are 4 types of failures:

1. JSON validation, gives line number in raw JSON string
2. JSON-LD keyword validation, gives path in parsed JSON object
3. Expansion errors in the jsonld module, does not provide location information
4. schema.org validation, gives path in expanded JSON-LD object

Current status:

Notes on the errors in the screenshot:

1. JSON-LD keyword validation error, shows the stringified JSON (so it has a different key order from the raw string)
2. JSON parse failure, shows the raw string
3. Expansion error, should not have a highlight because we don't know the line
4. schema org failure, shows stringified JSON
5. same as 4
6. schema org failure but it uses a full resource identifier (http://schema.org/author) instead of the the relying on the context. I need to work on this some more to sort out the line mapping from the expanded form to the input object here.

Instead of using a JSON parser I overwrite the property value at the given path with a random key, and then use the line number of the random key in the stringified JSON.

[patrickhulce]

Just throwing this out there, what do we think about splitting up this PR and trying to land some pieces of it like the standalone validation folder?

I think Matt's got a decent hold on the usage of everything that it seems like most of the changes will likely be in core now, is that right @mattzeunert?

[mattzeunert]

@patrickhulce There'll still be a few changes in the validator to get it to provide line numbers. Other than that it's just adding new rendering logic.

[patrickhulce]

There'll still be a few changes in the validator to get it to provide line numbers.

Ah, ok gotcha. Well maybe once the API solidifies for those we can try to break it up?

[mattzeunert]

Sure – is the main purpose to simplify the review?

[patrickhulce]

Sure – is the main purpose to simplify the review?

Yeah and ideally land pieces earlier so there's less that needs to keep being rebased, etc. I know most of it is generated files, but 13k LOC is a dousy :)

Easier to tell if things are missing when each PR is focused.

[mattzeunert]

@patrickhulce @rviscomi Is there any reason not to merge the PR without the new result rendering logic? Especially since it's already 90% reviewed.

Update: seems more like 98% reviewed 🙂. There are 4 small non-merge commits from me on the branch. I think we should get this merged, and possibly disable the audit for now if we don't want to it to get released.

Update2: The plan is to disable the audit for now and merge this PR.

[mattzeunert]

Maybe there's a better way to disable the audit for now than what I'm doing in this commit?

[mattzeunert]

@patrickhulce Removed the audit from the SEO category like you suggested. Much nicer solution than commenting out all the tests!

I'm guessing AppVeyor is just flaky?

[mattzeunert]

Been dabbling around with the rendering logic a bit more.

Can we remove the "Show all" button and just show all when the user clicks on the snippet? We can indicate that it's clickable when the user hovers over it – but maybe that's not discoverable enough?

Should there be some kind of title for each JSON-LD item? Or at least a clearer separation.

@rviscomi Do you have a strong concept of what we're going for? Should we ask a designer for help? Or just keep iterating ourselves?

---

Different cases we need to handle:

• error with no line number
• one or more errors on specific lines
• maybe: show JSON-LD snippets without any failures, doesn't need to show full JSON but maybe just the top level @type value (@paulirish suggested this so that the user knows that LH picked up the snippet and didn't find anything wrong with it)

[rviscomi]

@rviscomi Do you have a strong concept of what we're going for? Should we ask a designer for help? Or just keep iterating ourselves?

It's inspired by the GitHub code diff UI, eg:

@paulirish do you know if there's anything else we need to do to make sure this audit's results render properly on downstream services like web.dev?

Can we remove the "Show all" button and just show all when the user clicks on the snippet? We can indicate that it's clickable when the user hovers over it – but maybe that's not discoverable enough?

Yeah I'm not sure if it'll be obvious that it's clickable.

Should there be some kind of title for each JSON-LD item? Or at least a clearer separation.

Similar to the GitHub example, instead of a file name could we show the DOM address of the script block? When in devtools and clicked it should reveal it in the Elements panel.

Different cases we need to handle:
error with no line number

Let's put any of these kinds of errors on line 1.

one or more errors on specific lines

If there's 1 error, show that error. If there are 2 or more errors on the same line, show "X errors:" then an unordered list with each error.

maybe: show JSON-LD snippets without any failures, doesn't need to show full JSON but maybe just the top level @type value (@paulirish suggested this so that the user knows that LH picked up the snippet and didn't find anything wrong with it)

+1. The type may not always be descriptive (or exist at all) so maybe just show the first ~10 lines with the "Show all" expander.

[mattzeunert]

Played around some more:

[brendankenny]

Closing in favor of #4359 and upcoming PRs.

We'll keep the branch around in case someone needs it <3