Supporting additional checkers? #19
Comments
|
We could definitely add support for more checkers! I don't use any of the checkers mentioned myself, and in fact have only heard of mccabe before (which I believe is included by default when running Alternatively, pull requests would help to get additional checkers merged in more quickly! :) |
|
Cool. My best heuristic about demand would probably be the GitHub stars - I went ahead and added them to my post and sorted the list. |
|
3629cfb adds support for Bandit, as by far the most-starred of the above list. I'm going to hold off on the others, as I'm so far unsure about how useful they may be. I'm still open to reviewing pull requests that add support for more checkers, if they solve a concrete use case for someone. |
|
Sweet! I'm looking forward to using Bandit as soon as it shows up on MELPA. It's also cool that the clean commit history documents exactly what needs to be done for anybody interested in adding new checkers. :) |
|
I'm going to close this issue out for now now that bandit is supported. If anyone is interested in adding new checkers, please submit a PR and I'll be happy to take a look! I'm also planning on reducing the boilerplate necessary to add a new checker, so hopefully this will become even easier in the future. |
I'm a big fan of flycheck-pycheckers. I ran across some additional checkers (most in prospector) that seem useful. I wonder how hard it'd be to include any of these in pycheckers?
bandit - 1119 stars, original repo + 15 stars
Bandit is a tool designed to find common security issues in Python code. To do this Bandit processes each file, builds an AST from it, and runs appropriate plugins against the AST nodes. Once Bandit has finished scanning all the files it generates a report.
pydocstyle - 424 stars
pydocstyle is a simple tool to warn about violations of the PEP257 Docstring Conventions. It produces messages for any divergence from the style guide.
vulture - 219 stars
Vulture finds unused classes, functions and variables in your code. This could be useful if your project is an application rather than a library, however, if you do a lot of dynamic access or metaprogramming, Vulture will likely warn about unused code that is in fact used.
mccabe - 158 stars
McCabe or cyclomatic complexity is a measurement of how many paths there are in a given function or method. It measures how complicated your functions are, and warns if they reach a certain threshold. Methods that are too complex are prone to logic errors, and should be refactored to a series of smaller methods.
dodgy - 52 stars (possibly unmaintained)
Dodgy is a very simple tool designed to find ‘dodgy’ things which should not be in a public project, such as secret keys, passwords, AWS tokens or source control diffs.
pyroma - 43 stars
Pyroma is a tool to check your setup.py to ensure it is following best practices of the Python packaging ecosystem. It will warn you if you are missing any package metadata which would improve the quality of your package. This is recommended if you intend to publish your code on PyPI.
The text was updated successfully, but these errors were encountered: