Sign upLogin

18F/micropurchase

View on GitHub
Star

Showing 122 of 122 total issues

Gems should be sorted in an alphabetical order within their section of the Gemfile. Gem active_model_serializers should appear before pg.
Open

gem 'active_model_serializers', '~> 0.9.5'
Severity: Minor
Found in Gemfile by rubocop

Gems should be alphabetically sorted within groups.

Example:

# bad
gem 'rubocop'
gem 'rspec'

# good
gem 'rspec'
gem 'rubocop'

# good
gem 'rubocop'

gem 'rspec'

# good only if TreatCommentsAsGroupSeparators is true
# For code quality
gem 'rubocop'
# For tests
gem 'rspec'

Use %i or %I for an array of symbols.
Open

  resources :auctions, only: [:index, :update]
Severity: Minor
Found in config/routes.rb by rubocop

This cop can check for array literals made up of symbols that are not using the %i() syntax.

Alternatively, it checks for symbol arrays using the %i() syntax on projects which do not want to use that syntax.

Configuration option: MinSize If set, arrays with fewer elements than this value will not trigger the cop. For example, a MinSize of3` will not enforce a style on an array of 2 or fewer elements.

Example: EnforcedStyle: percent (default)

# good
%i[foo bar baz]

# bad
[:foo, :bar, :baz]

Example: EnforcedStyle: brackets

# good
[:foo, :bar, :baz]

# bad
%i[foo bar baz]

Use %i or %I for an array of symbols.
Open

      resources :auctions, only: [:index, :show] do
Severity: Minor
Found in config/routes.rb by rubocop

This cop can check for array literals made up of symbols that are not using the %i() syntax.

Alternatively, it checks for symbol arrays using the %i() syntax on projects which do not want to use that syntax.

Configuration option: MinSize If set, arrays with fewer elements than this value will not trigger the cop. For example, a MinSize of3` will not enforce a style on an array of 2 or fewer elements.

Example: EnforcedStyle: percent (default)

# good
%i[foo bar baz]

# bad
[:foo, :bar, :baz]

Example: EnforcedStyle: brackets

# good
[:foo, :bar, :baz]

# bad
%i[foo bar baz]

%w-literals should be delimited by [ and ].
Open

Rails.application.config.assets.precompile += %w(uswds/us_flag_small.png)
Severity: Minor
Found in config/initializers/assets.rb by rubocop

This cop enforces the consistent usage of %-literal delimiters.

Specify the 'default' key to set all preferred delimiters at once. You can continue to specify individual preferred delimiters to override the default.

Example:

# Style/PercentLiteralDelimiters:
#   PreferredDelimiters:
#     default: '[]'
#     '%i':    '()'

# good
%w[alpha beta] + %i(gamma delta)

# bad
%W(alpha #{beta})

# bad
%I(alpha beta)

Unexpected confirm.
Open

    return confirm("Are you sure you want to archive this auction?");
Severity: Minor
Found in app/assets/javascripts/admin/archiveConfirm.js by eslint

Disallow Use of Alert (no-alert)

JavaScript's alert, confirm, and prompt functions are widely considered to be obtrusive as UI elements and should be replaced by a more appropriate custom UI implementation. Furthermore, alert is often used while debugging code, which should be removed before deployment to production.

alert("here!");

Rule Details

This rule is aimed at catching debugging code that should be removed and popup UI elements that should be replaced with less obtrusive, custom UIs. As such, it will warn when it encounters alert, prompt, and confirm function calls which are not shadowed.

Examples of incorrect code for this rule:

/*eslint no-alert: "error"*/

alert("here!");

confirm("Are you sure?");

prompt("What's your name?", "John Doe");

Examples of correct code for this rule:

/*eslint no-alert: "error"*/

customAlert("Something happened!");

customConfirm("Are you sure?");

customPrompt("Who are you?");

function foo() {
    var alert = myCustomLib.customAlert;
    alert();
}

Related Rules

Move the invocation into the parens that contain the function.
Open

(function (window) {
Severity: Minor
Found in app/assets/javascripts/utility.js by eslint

Require IIFEs to be Wrapped (wrap-iife)

You can immediately invoke function expressions, but not function declarations. A common technique to create an immediately-invoked function expression (IIFE) is to wrap a function declaration in parentheses. The opening parentheses causes the contained function to be parsed as an expression, rather than a declaration.

// function expression could be unwrapped
var x = function () { return { y: 1 };}();

// function declaration must be wrapped
function () { /* side effects */ }(); // SyntaxError

Rule Details

This rule requires all immediately-invoked function expressions to be wrapped in parentheses.

Options

This rule has two options, a string option and an object option.

String option:

  • "outside" enforces always wrapping the call expression. The default is "outside".
  • "inside" enforces always wrapping the function expression.
  • "any" enforces always wrapping, but allows either style.

Object option:

  • "functionPrototypeMethods": true additionally enforces wrapping function expressions invoked using .call and .apply. The default is false.

outside

Examples of incorrect code for the default "outside" option:

/*eslint wrap-iife: ["error", "outside"]*/

var x = function () { return { y: 1 };}(); // unwrapped
var x = (function () { return { y: 1 };})(); // wrapped function expression

Examples of correct code for the default "outside" option:

/*eslint wrap-iife: ["error", "outside"]*/

var x = (function () { return { y: 1 };}()); // wrapped call expression

inside

Examples of incorrect code for the "inside" option:

/*eslint wrap-iife: ["error", "inside"]*/

var x = function () { return { y: 1 };}(); // unwrapped
var x = (function () { return { y: 1 };}()); // wrapped call expression

Examples of correct code for the "inside" option:

/*eslint wrap-iife: ["error", "inside"]*/

var x = (function () { return { y: 1 };})(); // wrapped function expression

any

Examples of incorrect code for the "any" option:

/*eslint wrap-iife: ["error", "any"]*/

var x = function () { return { y: 1 };}(); // unwrapped

Examples of correct code for the "any" option:

/*eslint wrap-iife: ["error", "any"]*/

var x = (function () { return { y: 1 };}()); // wrapped call expression
var x = (function () { return { y: 1 };})(); // wrapped function expression

functionPrototypeMethods

Examples of incorrect code for this rule with the "inside", { "functionPrototypeMethods": true } options:

/* eslint wrap-iife: [2, "inside", { functionPrototypeMethods: true }] */

var x = function(){ foo(); }()
var x = (function(){ foo(); }())
var x = function(){ foo(); }.call(bar)
var x = (function(){ foo(); }.call(bar))

Examples of correct code for this rule with the "inside", { "functionPrototypeMethods": true } options:

/* eslint wrap-iife: [2, "inside", { functionPrototypeMethods: true }] */

var x = (function(){ foo(); })()
var x = (function(){ foo(); }).call(bar)

Source: http://eslint.org/docs/rules/

Merge rule .expander-hidden + .expander-content with rule on line 48
Open

  .expander-hidden + .expander-content {
Severity: Minor
Found in app/assets/stylesheets/components/_admin-auction-actions.scss by scss-lint

!important should not be used
Open

    display: block !important;
Severity: Minor
Found in app/assets/stylesheets/components/_drawer.scss by scss-lint

Avoid using id selectors
Open

drawer button[data-drawer-toggle="menu"],
Severity: Minor
Found in app/assets/stylesheets/components/_drawer.scss by scss-lint

Avoid qualifying attribute selectors with an element.
Open

  button[data-drawer-toggle="close"] {
Severity: Minor
Found in app/assets/stylesheets/components/_drawer.scss by scss-lint

Prefer using YAML.safe_load over YAML.load.
Open

    @github_ids ||= YAML.load(File.read(File.expand_path("../../../config/admins.yml", __FILE__)))['github_ids']
Severity: Minor
Found in app/models/admins.rb by rubocop

This cop checks for the use of YAML class methods which have potential security issues leading to remote code execution when loading from an untrusted source.

Example:

# bad
YAML.load("--- foo")

# good
YAML.safe_load("--- foo")
YAML.dump("foo")

Prefer annotated tokens (like %<foo>s</foo>) over unannotated tokens (like %s).
Open

      date = convert_and_format('%b %-d, %Y', timezone_label: false)
Severity: Minor
Found in app/presenters/dc_time_presenter.rb by rubocop

Use a consistent style for named format string tokens.

Note: unannotated style cop only works for strings which are passed as arguments to those methods: sprintf, format, %. The reason is that unannotated format is very similar to encoded URLs or Date/Time formatting strings.

Example: EnforcedStyle: annotated (default)

# bad
format('%{greeting}', greeting: 'Hello')
format('%s', 'Hello')

# good
format('%<greeting>s', greeting: 'Hello')</greeting>

Example: EnforcedStyle: template

# bad
format('%<greeting>s', greeting: 'Hello')
format('%s', 'Hello')

# good
format('%{greeting}', greeting: 'Hello')</greeting>

Example: EnforcedStyle: unannotated

# bad
format('%<greeting>s', greeting: 'Hello')
format('%{greeting}', 'Hello')

# good
format('%s', 'Hello')</greeting>

Gems should be sorted in an alphabetical order within their section of the Gemfile. Gem cucumber-rails should appear before rspec-rails.
Open

  gem 'cucumber-rails', require: false
Severity: Minor
Found in Gemfile by rubocop

Gems should be alphabetically sorted within groups.

Example:

# bad
gem 'rubocop'
gem 'rspec'

# good
gem 'rspec'
gem 'rubocop'

# good
gem 'rubocop'

gem 'rspec'

# good only if TreatCommentsAsGroupSeparators is true
# For code quality
gem 'rubocop'
# For tests
gem 'rspec'

Gems should be sorted in an alphabetical order within their section of the Gemfile. Gem newrelic_rpm should appear before rails_12factor.
Open

  gem 'newrelic_rpm'
Severity: Minor
Found in Gemfile by rubocop

Gems should be alphabetically sorted within groups.

Example:

# bad
gem 'rubocop'
gem 'rspec'

# good
gem 'rspec'
gem 'rubocop'

# good
gem 'rubocop'

gem 'rspec'

# good only if TreatCommentsAsGroupSeparators is true
# For code quality
gem 'rubocop'
# For tests
gem 'rspec'

Use %i or %I for an array of symbols.
Open

  match 'auth/saml/setup', to: 'saml_authentications#setup', via: [:get, :post]
Severity: Minor
Found in config/routes.rb by rubocop

This cop can check for array literals made up of symbols that are not using the %i() syntax.

Alternatively, it checks for symbol arrays using the %i() syntax on projects which do not want to use that syntax.

Configuration option: MinSize If set, arrays with fewer elements than this value will not trigger the cop. For example, a MinSize of3` will not enforce a style on an array of 2 or fewer elements.

Example: EnforcedStyle: percent (default)

# good
%i[foo bar baz]

# bad
[:foo, :bar, :baz]

Example: EnforcedStyle: brackets

# good
[:foo, :bar, :baz]

# bad
%i[foo bar baz]

Avoid vendor prefixes.
Open

  -webkit-flex-direction: column;
Severity: Minor
Found in app/assets/stylesheets/components/_auction-list-item.scss by scss-lint

Put empty method definitions on a single line.
Open

  def show
  end
Severity: Minor
Found in app/controllers/sign_ups_controller.rb by rubocop

This cop checks for the formatting of empty method definitions. By default it enforces empty method definitions to go on a single line (compact style), but it can be configured to enforce the end to go on its own line (expanded style).

Note: A method definition is not considered empty if it contains comments.

Example: EnforcedStyle: compact (default)

# bad
def foo(bar)
end

def self.foo(bar)
end

# good
def foo(bar); end

def foo(bar)
  # baz
end

def self.foo(bar); end

Example: EnforcedStyle: expanded

# bad
def foo(bar); end

def self.foo(bar); end

# good
def foo(bar)
end

def self.foo(bar)
end

Use safe navigation (&.) instead of checking if an object exists before calling the method.
Open

    if customer && customer.email.present?
Severity: Minor
Found in app/services/accept_auction.rb by rubocop

This cop transforms usages of a method call safeguarded by a non nil check for the variable whose method is being called to safe navigation (&.).

Configuration option: ConvertCodeThatCanStartToReturnNil The default for this is false. When configured to true, this will check for code in the format !foo.nil? && foo.bar. As it is written, the return of this code is limited to false and whatever the return of the method is. If this is converted to safe navigation, foo&.bar can start returning nil as well as what the method returns.

Example:

# bad
foo.bar if foo
foo.bar(param1, param2) if foo
foo.bar { |e| e.something } if foo
foo.bar(param) { |e| e.something } if foo

foo.bar if !foo.nil?
foo.bar unless !foo
foo.bar unless foo.nil?

foo && foo.bar
foo && foo.bar(param1, param2)
foo && foo.bar { |e| e.something }
foo && foo.bar(param) { |e| e.something }

# good
foo&.bar
foo&.bar(param1, param2)
foo&.bar { |e| e.something }
foo&.bar(param) { |e| e.something }

foo.nil? || foo.bar
!foo || foo.bar

# Methods that `nil` will `respond_to?` should not be converted to
# use safe navigation
foo.to_i if foo

Avoid rescuing without specifying an error class.
Open

  rescue
Severity: Minor
Found in app/serializers/user_serializer.rb by rubocop

This cop checks for rescuing StandardError. There are two supported styles implicit and explicit. This cop will not register an offense if any error other than StandardError is specified.

Example: EnforcedStyle: implicit

# `implicit` will enforce using `rescue` instead of
# `rescue StandardError`.

# bad
begin
  foo
rescue StandardError
  bar
end

# good
begin
  foo
rescue
  bar
end

# good
begin
  foo
rescue OtherError
  bar
end

# good
begin
  foo
rescue StandardError, SecurityError
  bar
end

Example: EnforcedStyle: explicit (default)

# `explicit` will enforce using `rescue StandardError`
# instead of `rescue`.

# bad
begin
  foo
rescue
  bar
end

# good
begin
  foo
rescue StandardError
  bar
end

# good
begin
  foo
rescue OtherError
  bar
end

# good
begin
  foo
rescue StandardError, SecurityError
  bar
end

Unexpected confirm.
Open

    return confirm("Are you sure you want to place a bid for " + currencyString + "?");
Severity: Minor
Found in app/assets/javascripts/bidConfirm.js by eslint

Disallow Use of Alert (no-alert)

JavaScript's alert, confirm, and prompt functions are widely considered to be obtrusive as UI elements and should be replaced by a more appropriate custom UI implementation. Furthermore, alert is often used while debugging code, which should be removed before deployment to production.

alert("here!");

Rule Details

This rule is aimed at catching debugging code that should be removed and popup UI elements that should be replaced with less obtrusive, custom UIs. As such, it will warn when it encounters alert, prompt, and confirm function calls which are not shadowed.

Examples of incorrect code for this rule:

/*eslint no-alert: "error"*/

alert("here!");

confirm("Are you sure?");

prompt("What's your name?", "John Doe");

Examples of correct code for this rule:

/*eslint no-alert: "error"*/

customAlert("Something happened!");

customConfirm("Are you sure?");

customPrompt("Who are you?");

function foo() {
    var alert = myCustomLib.customAlert;
    alert();
}

Related Rules

Severity
Category
Status
Source
Language