Product
Socket Now Supports uv.lock Files
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
@statoscope/stats-validator
Advanced tools
This package contains a toolkit to validate stats.
Create the Validator instance with config (see below), relative rootDir
-directory (current working directory by default)
Apply rules to input
and reference
(if specified) files.
input
-file is a current stats (e.g. stats of current branch).
reference
-file is a stats to compare with (e.g. stats of master branch).
Returns validation results (see below).
type Config = {
plugins?: Array<string | [string, string]>;
rules: Record<string, RuleDesc<unknown>>;
reporters?: ReporterConfig[];
warnAsError?: boolean;
};
List of plugins (see more about plugins API below).
The main goal of a plugin is providing some rules for validation.
There is a builtin plugin to validate webpack stats
statoscope.config.js:
module.export = {
validate: {
plugins: ['@statoscope/webpack'],
rules: {
'@statoscope/webpack/no-modules-deopts': ["error"]
}
}
};
There are a few ways to how you can specify a plugin name:
Here are the examples with all possible ways:
statoscope.config.js:
module.export = {
validate: {
plugins: [
'statoscope-stats-validator-plugin-foo', // full package name
'@statoscope/webpack', // short package name, resolves to @statoscope/stats-validator-plugin-webpack
'webpack', // short package name, resolves to @statoscope/stats-validator-plugin-webpack or statoscope-stats-validator-plugin-webpack
['./my/plugin.js', 'my-plugin'], // relative path (relative config path)
[require.resolve('./my/another/plugin.js'), 'my-another-plugin'] // absolute path
],
rules: {
'statoscope-stats-validator-plugin-foo/some-rule': ['error'],
'@statoscope/webpack/no-modules-deopts': ['error'],
'foo/some-rule': ['error'],
'my-plugin/some-rule': ['error'],
'my-another-plugin/some-rule': ['error'],
}
}
};
To use short package name, its name must have statoscope-stats-validator-plugin-
-prefix or @statoscope/stats-validator-plugin-
-prefix.
Note that relative or absolute path should be specified with an alias
List of rules (see more about rules API below).
Rule validates some part of a bundle.
Every item of the list contains: rule name, execution mode and rule options (optional).
Execution modes:
error
- rules messages have treated as an errorwarn
- rules messages have treated as a warningoff
- rules messages have ignoredstatoscope.config.js:
module.export = {
validate: {
plugins: [
'@statoscope/webpack',
],
rules: {
'@statoscope/webpack/restricted-packages': ['error', ['lodash']],
}
}
};
List of reporters (see more about reporters API below).
Reporter handles validation results.
There are two builtin reporters:
statoscope.config.js:
module.export = {
validate: {
plugins: [
'@statoscope/webpack',
],
reporters: [
'statoscope-stats-validator-reporter-foo', // full package name
'@statoscope/stats-report', // short package name, resolves to @statoscope/stats-validator-reporter-stats-report
'stats-report', // short package name, resolves to @statoscope/stats-validator-reporter-stats-report or statoscope-stats-validator-reporter-stats-report
['./my/plugin.js', 'my-report'], // relative path (relative config path)
[require.resolve('./my/another/report.js'), 'my-another-report'] // absolute path
],
rules: {
'@statoscope/webpack/restricted-packages': ['error', ['lodash']],
}
}
};
To use short package name, its name must have statoscope-stats-validator-reporter-
-prefix or @statoscope/stats-validator-reporter-
-prefix.
ConsoleReporter
has used by default.
Treat warn-messages from rules as errors.
Plugin is a function that must return a plugin descriptor:
const myPlugin = () => {
return {
prepare(files) {
return doSomethingWithFiles(files);
},
rules: {
foo: fooRule,
bar: barRule,
}
};
};
prepare
-function of every plugin will be called for input
and reference
files.
List of rules that plugin provides.
Rule is a function that validates some part of bundle:
const myRule = (params, data, api) => {
if (!isOK(data)) {
api.message('Something is wrong');
}
}
params
- options from config (e.g. 'my-plugin/my-rule': ['error', { foo: 'bar'}]
)data
- input and reference files contentapi
- rule API instanceAdd validation message from the rule.
File name that the message has associated with
Compilation id that the message has associated with
Entities that the message has associated with
api.message(
'Something is wrong with module ./foo.js',
{
related: [
{ type: 'module', id: './foo.js' }
]
}
);
There are several types of related items:
module
package
package-instance
resource
entry
compilation
Details for reporters
There are several types of details:
text
Used by text-reporters
api.message(
'Something is wrong with module ./foo.js',
{
details: [
{
type: 'text',
content: [
'Here are the module reasons:',
...module.resons.map(r => r.name)
]
}
]
}
);
❌ Something is wrong with module ./foo.js
Here are the module reasons:
./bar.js
./baz.js
content
might bestring | string[] | (() => string | string[])
tty
Used by TTY-reporters (e.g. ConsoleReporter)
import chalk from 'chalk';
api.message(
'Something is wrong with module ./foo.js',
{
details: [
{
type: 'tty',
content: [
chalk.cyan('Here are the module reasons:'),
...module.resons.map(r => chalk.yellow(r.name))
]
}
]
}
);
content
might bestring | string[] | (() => string | string[])
discovery
Used by discovery-reporters (e.g. StatsReportReporter)
The main idea around this type of details is passing some data to stats report viewer (based on DiscoveryJS).
It helps to discover validation message with flexible UI.
api.message(`Module ${module.name} should not be used`, {
details: [
{
type: 'discovery',
query: `
$input: resolveInputFile();
{ module: #.module.resolveModule(#.compilation) }
`,
payload: {
context: {
compilation: compilation.hash,
module: module.name,
},
},
view: {
view: 'module-item',
data: `{ module }`
}
},
],
});
See examples at Stats Validator Webpack Plugin
Get list of validation messages (results) that was emitted by the rule.
const items = api.getStorage();
for (const item of items) {
console.log(item.message);
}
Every storage item has the following format:
type Item = {
message: string; // item message
filename?: string; // file name that the message has associated with
compilation?: string; // compilation id that the message has associated with
details?: Details; // rule's details (see api.message method for more info)
related?: RelatedItem[]; // rule's related entities (see api.message method for more info)
};
Set rule meta-data.
api.setRuleDescriptor({
description: `My pretty cool rule`,
package: {
name: 'my-package-with-validator-plugin',
version: '7.7.7',
},
});
Get rule meta-data
Reporter is a class with run
method:
interface Reporter {
run(result: Result): Promise<void>;
}
Example:
class MyConsoleReporter {
run(result) {
for (const rule of result.rules) {
const ruleDescriptor = rule.api.getRuleDescriptor();
console.log(`Rule name: ${rule.name}`);
console.log(`Rule description: ${ruleDescriptor.description}`);
const items = rule.api.getStorage();
for (const item of items) {
console.log(item.message);
for (const detail of item.details) {
if (detail.type === 'tty') {
console.log(detail.content);
}
}
}
}
}
}
5.7.2 (9 September 2021)
[webpack-ui]
- correct set of modules in Initial Chunks
tab on the entry
page (closes #102)[config]
- improve error messageFAQs
Statoscope stats validator
The npm package @statoscope/stats-validator receives a total of 11,694 weekly downloads. As such, @statoscope/stats-validator popularity was classified as popular.
We found that @statoscope/stats-validator demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
Research
Security News
Socket researchers have discovered multiple malicious npm packages targeting Solana private keys, abusing Gmail to exfiltrate the data and drain Solana wallets.
Security News
PEP 770 proposes adding SBOM support to Python packages to improve transparency and catch hidden non-Python dependencies that security tools often miss.