npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

violation-comments-to-github-command-line

v1.25.0

Published

'Report static code analysis to GitHub.'

Downloads

855

Readme

Violation Comments To GitHub Command Line

NPM Maven Central

Report static code analysis to GitHub. It uses the Violations Lib.

GitHub Comment

The runnable can be found in NPM.

Run it with:

npx violation-comments-to-github-command-line \
 -ot TOKENHERE \
 -ro tomasbjerre \
 -rn violations-test \
 -prid 3 \
 -v "CHECKSTYLE" "." ".*checkstyle/main\.xml$" "Checkstyle" \
 -v "JSHINT" "." ".*jshint/report\.xml$" "JSHint"

You must perform the merge before build. If you don't perform the merge, the reported violations will refer to other lines then those in the pull request. The merge can be done with a shell script like this.

echo ---
echo --- Merging from $FROM in $FROMREPO to $TO in $TOREPO
echo ---
git clone $TOREPO
cd *
git reset --hard $TO
git status
git remote add from $FROMREPO
git fetch from
git merge $FROM
git --no-pager log --max-count=10 --graph --abbrev-commit

Your build command here!

Example of supported reports are available here.

A number of parsers have been implemented. Some parsers can parse output from several reporters.

| Reporter | Parser | Notes | --- | --- | --- | ARM-GCC | CLANG | | AndroidLint | ANDROIDLINT | | Ansible-Later | ANSIBLELATER | With json format | AnsibleLint | FLAKE8 | With -p | Bandit | CLANG | With bandit -r examples/ -f custom -o bandit.out --msg-template "{abspath}:{line}: {severity}: {test_id}: {msg}" | CLang | CLANG | | CPD | CPD | | CPPCheck | CPPCHECK | With cppcheck test.cpp --output-file=cppcheck.xml --xml | CPPLint | CPPLINT | | CSSLint | CSSLINT | | Checkstyle | CHECKSTYLE | | CloudFormation Linter | JUNIT | cfn-lint . -f junit --output-file report-junit.xml | CodeClimate | CODECLIMATE | | CodeNarc | CODENARC | | Dart | MACHINE | With dart analyze --format=machine | Dependency Check | SARIF | Using --format SARIF | Detekt | CHECKSTYLE | With --output-format xml. | DocFX | DOCFX | | Doxygen | CLANG | | ERB | CLANG | With erb -P -x -T '-' "${it}" \| ruby -c 2>&1 >/dev/null \| grep '^-' \| sed -E 's/^-([a-zA-Z0-9:]+)/${filename}\1 ERROR:/p' > erbfiles.out. | ESLint | CHECKSTYLE | With format: 'checkstyle'. | Findbugs | FINDBUGS | | Flake8 | FLAKE8 | | FxCop | FXCOP | | GCC | CLANG | | GHS | GHS | | Gendarme | GENDARME | | Generic reporter | GENERIC | Will create one single violation with all the content as message. | GoLint | GOLINT | | GoVet | GOLINT | Same format as GoLint. | GolangCI-Lint | CHECKSTYLE | With --out-format=checkstyle. | GoogleErrorProne | GOOGLEERRORPRONE | | HadoLint | CHECKSTYLE | With -f checkstyle | IAR | IAR | With --no_wrap_diagnostics | Infer | PMD | Facebook Infer. With --pmd-xml. | JACOCO | JACOCO | | JCReport | JCREPORT | | JSHint | JSLINT | With --reporter=jslint or the CHECKSTYLE parser with --reporter=checkstyle | JUnit | JUNIT | It only contains the failures. | KTLint | CHECKSTYLE | | Klocwork | KLOCWORK | | KotlinGradle | KOTLINGRADLE | Output from Kotlin Gradle Plugin. | KotlinMaven | KOTLINMAVEN | Output from Kotlin Maven Plugin. | Lint | LINT | A common XML format, used by different linters. | MSBuildLog | MSBULDLOG | With -fileLogger use .*msbuild\\.log$ as pattern or -fl -flp:logfile=MyProjectOutput.log;verbosity=diagnostic for a custom output filename | MSCpp | MSCPP | | Mccabe | FLAKE8 | | MyPy | MYPY | | NullAway | GOOGLEERRORPRONE | Same format as Google Error Prone. | PCLint | PCLINT | PC-Lint using the same output format as the Jenkins warnings plugin, details here | PHPCS | CHECKSTYLE | With phpcs api.php --report=checkstyle. | PHPPMD | PMD | With phpmd api.php xml ruleset.xml. | PMD | PMD | | Pep8 | FLAKE8 | | PerlCritic | PERLCRITIC | | PiTest | PITEST | | ProtoLint | PROTOLINT | | Puppet-Lint | CLANG | With -log-format %{fullpath}:%{line}:%{column}: %{kind}: %{message} | PyDocStyle | PYDOCSTYLE | | PyFlakes | FLAKE8 | | PyLint | PYLINT | With pylint --output-format=parseable. | ReSharper | RESHARPER | | RubyCop | CLANG | With rubycop -f clang file.rb | SARIF | SARIF | v2.x. Microsoft Visual C# can generate it with ErrorLog="BuildErrors.sarif,version=2". | SbtScalac | SBTSCALAC | | Scalastyle | CHECKSTYLE | | Semgrep | SEMGREP | With --json. | Simian | SIMIAN | | Sonar | SONAR | With mvn sonar:sonar -Dsonar.analysis.mode=preview -Dsonar.report.export.path=sonar-report.json. Removed in 7.7, see SONAR-11670 but can be retrieved with: curl --silent 'http://sonar-server/api/issues/search?componentKeys=unique-key&resolved=false' \| jq -f sonar-report-builder.jq > sonar-report.json. | Spotbugs | FINDBUGS | | StyleCop | STYLECOP | | SwiftLint | CHECKSTYLE | With --reporter checkstyle. | TSLint | CHECKSTYLE | With -t checkstyle | Valgrind | VALGRIND | With --xml=yes. | XMLLint | XMLLINT | | XUnit | XUNIT | It only contains the failures. | YAMLLint | YAMLLINT | With -f parsable | ZPTLint | ZPTLINT |

51 parsers and 78 reporters.

Missing a format? Open an issue here!

Usage

-comment-only-changed-content, -cocc <boolean>          <boolean>: true or false
                                                        Default: true
-comment-only-changed-files, -cocf <boolean>            True if only changed 
                                                        files should be commented. 
                                                        False if all findings should 
                                                        be commented.
                                                        <boolean>: true or false
                                                        Default: true
-comment-template <string>                              See https://github.
                                                        com/tomasbjerre/violation-comments-lib
                                                        <string>: any string
                                                        Default: 
-create-comment-with-all-single-file-comments, -        <boolean>: true or false
ccwasfc <boolean>                                       Default: false
-create-single-file-comments, -csfc <boolean>           <boolean>: true or false
                                                        Default: true
-github-url, -ghu <string>                              <string>: any string
                                                        Default: https://api.github.com/
-h, --help <argument-to-print-help-for>                 <argument-to-print-help-for>: an argument to print help for
                                                        Default: If no specific parameter is given the whole usage text is given
-keep-old-comments <boolean>                            <boolean>: true or false
                                                        Default: false
-max-number-of-violations, -max <integer>               <integer>: -2,147,483,648 to 2,147,483,647
                                                        Default: 2,147,483,647
-oauth2-token, -ot <string>                             <string>: any string
                                                        Default: 
-password, -p <string>                                  <string>: any string
                                                        Default: 
-pull-request-id, -prid <string>                        <string>: any string [Required]
-repository-name, -rn <string>                          Example: 'violations-
                                                        test' [Required]
                                                        <string>: any string
-repository-owner, -ro <string>                         Example: 'tomasbjerre' [Required]
                                                        <string>: any string
-severity, -s <SEVERITY>                                Minimum severity level 
                                                        to report.
                                                        <SEVERITY>: {INFO | WARN | ERROR}
                                                        Default: INFO
-show-debug-info                                        Please run your 
                                                        command with this parameter 
                                                        and supply output when 
                                                        reporting bugs.
                                                        Default: disabled
-username, -u <string>                                  <string>: any string
                                                        Default: 
--violations, -v <string>                               The violations to look 
                                                        for. <PARSER> <FOLDER> 
                                                        <REGEXP PATTERN> <NAME> where 
                                                        PARSER is one of: 
                                                        ANDROIDLINT, CHECKSTYLE, CODENARC, 
                                                        CLANG, CPD, CPPCHECK, 
                                                        CPPLINT, CSSLINT, FINDBUGS, 
                                                        FLAKE8, FXCOP, GENDARME, IAR, 
                                                        JCREPORT, JSHINT, LINT, 
                                                        KLOCWORK, KOTLINMAVEN, 
                                                        KOTLINGRADLE, MSCPP, MYPY, GOLINT, 
                                                        GOOGLEERRORPRONE, PERLCRITIC, PITEST, 
                                                        PMD, PYDOCSTYLE, PYLINT, 
                                                        RESHARPER, SBTSCALAC, SIMIAN, 
                                                        SONAR, STYLECOP, XMLLINT, 
                                                        YAMLLINT, ZPTLINT, DOCFX, PCLINT
                                                        
                                                         Example: -v "JSHINT" 
                                                        "." ".*/jshint.xml$" 
                                                        "JSHint" [Supports Multiple occurrences]
                                                        <string>: any string
                                                        Default: Empty list
                                                        Default: Empty list

Checkout the Violations Lib for more documentation.