Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Code quality fixes
See original GitHub issueHi,
While reviewing this dependency, I’ve run across two code quality issues that could have future security implications:
- Braceless conditionals are used in various places. This gist goes into more detail about why this is a security risk.
- Promisification is done manually with
new Promise, which is error-prone and tends to invite “callback creep” over time; ie. increasing amounts of non-Promises code stuffed into thenew Promisecallback, which results in unreliable error handling. This should use something likeutil.promisifyinstead.
To be clear; neither of these are immediate security issues, and so there is no time pressure. They are “just” code quality issues that are likely to introduce a bug and/or vulnerability in any future updates 😃
Issue Analytics
- State:
- Created 3 years ago
- Reactions:1
- Comments:5 (4 by maintainers)
Top Results From Across the Web
12 BEST Code Quality Tools For Error Free Coding In 2023
Review and compare the Best Code Quality Tools and select the most suitable tool to produce the best quality and error-free code.
Read more >What is Code Quality? - Snyk
Code quality is crucial for developers because poorly written code can lead to technical debt and security issues. Technical debt refers to the...
Read more >Code quality management - common problems & how to solve ...
Usability issues that are faced by the users. Incorrect behaviour of the application (visible bugs ) · Quality issues of the code faced...
Read more >Poor Code Quality | Developer Experience Knowledge Base
Poor code quality describes buggy code or code with high coupling and low cohesion that is difficult to maintain. ... Poor code quality...
Read more >4 tips to improve code quality - Work Life by Atlassian
Mitigate risk and make life easier for your QA team by following these four best practices for writing high-quality code.
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Hah, sorry! I bolded the “not an immediate issue” thing in the hopes that it wouldn’t cause this reaction, but I guess I didn’t consider the title 😃
I believe there’s an ESLint rule for requiring brackets, but not for the use of
new Promise. But it’s possible that I just missed it.I’m about to start my weekend now, but will do so next week. Thanks!
I made a PR that hopefully addresses all issues (by limiting the
new Promiseto a small wrapper function that no one should have to touch ever, basically a manual promisify, and then adding the curly rule to TSLINT)