search

konobi / kwalitee

Package for measuring node package kwalitee
MIT License
12 stars 5 forks source link

Add addon checker #4

Open konobi opened 9 years ago

konobi commented 9 years ago

For native addons, there's several checks that we should add. For example, ensuring the use of something like the nan package and the like.

There will be more, but we should field ideas from folks who are more familiar with native addons.

rvagg commented 9 years ago

Not just because NAN started off as mine, but because NAN is now officially supported and recommended by core and modules not using NAN have severe compatibility problems I'd say NAN support is a must at this stage. There is also https://github.com/tjfontaine/node-addon-layer but it's abandonware at this stage and the only uses of it that I've heard of in the wild (not open source stuff in npm) have since been converted to NAN.

Lack of reliance on non-bundled dependencies would also be something to measure. For instance, consider node-canvas which requires you to have external dependencies (lots of them, and they're all awkward on Windows) vs packages like leveldown and couchbase and many others which bundle their dependencies for compilation. You could probably check this by looking at the binding.gyp and checking what include_dirs there are.

I'd mark down anything that doesn't use https://github.com/tootallnate/node-bindings because they are more likely to not support Debug builds because the author doesn't realise that's a thing.

Anything publishing with precompiled binaries should get a +1, at the moment you only need to look for modules packaging with node-pre-gyp although you may want to follow links to see whether there are binaries for the major platforms for the main node versions (the matrix is complex and most of them don't have full support for the full matrix so many people have fall back to compile anyway). We're moving to more options here, aiming for an official prebuild system, anything not supported by that should be penalised when we get there because the pain for Windows users is so so huge for compiling stuff.

You could check compiler compliance, if they are using too much C++11 or C++14 (or whatever!) stuff then that could be a -1 because it places restrictions on what compilers you need to have available.

konobi commented 9 years ago

This checker has been added. Initially it currently scores for having "nan" and "bindings" as dependencies (in 2 steps) and ensuring that "node-gyp" is declared as a devDependencies item.

There are many other checks to be added of course, but for now, those are good low hanging fruit.