Update severity of hints #3036
Comments
|
Keeping in mind that earlier this year we decided to have smaller PRs and that updating everything could take us quite a bit this is what I'm proposing. It might not be the most effective in terms of code (will have to add code that will be removed later) but I think it will allow us to keep working on other areas of the project while not breaking our users until it is really necessary.
I mentioned earlier hint documentation. We should probably update the docs to tell what's the severity of the hint so the user can easily know. Potentially we could have the severity (or the maximum severity?) as a meta property and use that for sorting the results in the different formatters (or maybe just browser extension and HTML formatter). What do you think? Am I missing something? |
Severity of hints
Current status
Hints have an associated severity (
off,warning,error) that can be setvia a
.hintrcfile when using the CLI. E.g.:{ "hints": { "hint-name": "error" } }The browser extension or the online scanner do not have the possibility to
change the severity. What's more, a lot of users rely in the provided
configurations (e.g.:
configuration-web-recommended).The problem with this is that it is difficult for developers to know what is
really important and should be fixed right away, and what is not as relevant:
On top of that:
same importance
This RFC proposes significant changes to the way the severity is treated in
webhint so we provide more actionable feedback and help developers be more
succesfull.
Proposal
TL;DR;
Have hints report with the same severity accross all the different mediums
(cli, vs code, browser extension, and online scanner) by:
configuration in the applicable hints).
Hint severity level
The idea is to get closer to the severity options available in
VS Code:
The new values are
hintandinformation.Notes:
the reports of the hints if it makes sense.
Hintis less intrussive thanInformation. We will have todecide if we swap them or if we are ok as that (in the description about it
doesn't quite match the expectations I think).
Hint severity examples
As mentioned previously, there are a few hints that report multiple things
were the relevance is not the same. An example would be
http-compressionwhere we report about:
Accept-Encoding: identityProbably the first 2 should be
error,brotliawarningor ahintandthe one about
identityahintorinformation.Having all the reports with the same severity does not help the user focus on
what's important (have compression enabled for only text based resources
(see GitHub comment)
Another example will be with the
compat-apihint.Any reports coming from this hint are marked as a "warning" in the default
configurations. This will be the default with the new schema with the caveat
that if we feel highly confident a feature may cause a compatibility issue,
it could be upgraded to be an "error".
On the other side, the hint has a list of "ignored feautes". These are
features that are considered safe for graceful degradation (e.g.
integrityattribute) and do not trigger any report. When one of this features is found,
instead of ignoring it a report with the severity "hint" could be created.
There is also an on going conversation to
annotate features which can be used safely without support.
Having this information will help automate and make more accurate the
scenarios described above for
compat-api.User configuration
With the proposed changes, a user will only be able to decide which hints are
enabled or not. The user configuration will then look like this:
{ "connector": { "name": "puppeteer", "options": { "waitUntil": "networkidle2" } }, "hintsTimeout": 120000, "hints": { "amp-validator": "off", "apple-touch-icons": "on", "button-type": "off", "content-type": ["on", { ".*\\.js": "application/javascript; charset=utf-8" }], ... "no-vulnerable-javascript-libraries": "on" } }If the value of a
hintkey is an array, then the first member should be"on|off"and the second and object with the specific configuration forthat
hint.Also, if the value is an object, webhint will assume the status is
"on"and that object will be the configuration for that hint.
Note: Please note that not all hints accept further configurations.
In the example above we are using
content-typebut other examples of hintsthat accept configurations are:
axe,http-compression,compat-api, etc.As a shortcut, the property
hintscould accept an array of hint names thatwill be turned on:
{ "connector": { "name": "puppeteer", "options": { "waitUntil": "networkidle2" } }, "hintsTimeout": 120000, "hints": [ "apple-touch-icons", "content-type", ... "no-vulnerable-javascript-libraries" ] }Exit code and verbosity level
Because now hints will be responsible of setting the severity of each report,
the user will need a way to filter out the messages they are not concerned
about. To achieve that a new property
minimumSeveritywill be added to the.hintrc:{ "connector": { "name": "puppeteer", "options": { "waitUntil": "networkidle2" } }, "hintsTimeout": 120000, "hints": [ "apple-touch-icons", "content-type", ... "no-vulnerable-javascript-libraries" ], "minimumSeverity": "error|warning|hint|information" }If the user selects
error, all reports with a different severity will not beoutputed.
If they select
warning,errorandwarningerrors will be reported.If a user selects
warningand there are onlywarningreports, theexit code should be different than 0.
How to decide the severity of a report
The guideline we are using to decide the severity is:
Error- Will definitely not work as intended in at least one of the target browsersWarning- Minor impact or may not cause problems in practice (even if technically "wrong")Hint- Fine for now, but could cause problems in the future if something changesInformation- Additional context or FYI, possibly to help with other parts of a featureInitial discussion in #2968
The text was updated successfully, but these errors were encountered: