Security News
The Risks of Misguided Research in Supply Chain Security
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
danger-plugin-lint-report
Advanced tools
This plugin reads checkstyle / lint reports and posts issues and violations as inline comments in pull requests.
This plugin reads checkstyle / lint reports and posts issues and violations as inline comments in pull requests.
Screenshot of an issue posted as inline comment in a GitHub pull request:
The plugin does not execute any linter.
Instead, the plugin will search the file tree for lint reports according to the specified file mask and parse them.
The plugin requires a configuration object with a file mask to search for XML reports.
If you encounter a format that is missing, feel free to add a pull request or open an issue with a sample report attached.
Install:
yarn add danger-plugin-lint-report --dev
At a glance:
// dangerfile.js
import { schedule } from 'danger'
const reporter = require("danger-plugin-lint-report")
schedule(reporter.scan({
fileMask: "**/reports/lint-results.xml",
reportSeverity: true,
requireLineModification: true,
}))
Configuration:
interface CheckstyleConfig {
/**
* File mask used to find XML checkstyle reports.
*/
fileMask: string
/**
* If set to true, the severity will be used to switch between the different message formats (message, warn, fail).
*/
reportSeverity: boolean
/**
* If set to true, only issues will be reported that are contained in the current changeset (line comparison).
* If set to false, all issues that are in modified files will be reported.
*/
requireLineModification: boolean
}
See the GitHub release history.
See CONTRIBUTING.md.
FAQs
This plugin reads checkstyle / lint reports and posts issues and violations as inline comments in pull requests.
We found that danger-plugin-lint-report demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.