Open lorensr opened 2 years ago
Another option is to use https://semgrep.dev/ which would allows us to centralize on one tool for many langauges rather than something specific per language.
That said I can see an argument for avoiding having users install something else. But, if it's automated/reliable then we might go that direction to reduce the maintenance load.
Currently we recommend no-restricted-imports
: https://github.com/temporalio/samples-typescript/blob/b3a106c27086b8db7612016ba681939de221fa3f/hello-world/.eslintrc.js#L41
An eslint plugin could also check for async code inside signal handlers. They are risky.
One thing though... A single project generally contains both workflow code and activity code. A temporal eslint plugin would need some way to determine what is workflow code and what isn't. The example eslint config does it by explicitly naming workflow files, but that strategy might be more difficult to apply to user projects.
catching throw Error('...');
in workflows would be an awesome add as well. i was about to start writing a custom rule for that and figured i would check the issues if this was created already and found this.
Mainly for catching some determinism things at compile time in workflow code, but perhaps there are other things we can do as well.
src/workflows/.eslintrc.json