eslint-plugin-tech-radar
TypeScript icon, indicating that this package has built-in type declarations

2.0.0 • Public • Published

eslint-plugin-tech-radar

NPM version Node.js CI Code Climate Test Coverage Discover zUnit

A Tech Radar unfortunately doesn't prevent engineers installing modules they shouldn't. As Jeff Bezos says, "Good intentions don't work, good mechanisms do". One not very good mechanism is to use a private npm repository, but this blocks both direct and transitive dependencies, making it impractical. Another is to scan repositories looking for violations, but this is too late.

Instead, the approach taken by this module is to write a custom eslint plugin for validating the dependencies listed in package.json. The rules can be defined in a shared configuration, and just like eslint, run automatically on pre-commit/pre-push hooks and as part of a CI/CD pipeline. You also have a familiar escape hatch, should teams need to downgrade, ignore or reconfigure rules on a repository by repository basis. Better yet, changes to the rules can be accompanied by healthy and documentent discussion in the form of issues and/or pull requests.

A snag with this approach is that the local install of the shared configuration must always be up-to-date. For this reason, eslint-plugin-tech-radar also includes a latest rule for ensuring that the latest published version of a module is installed. Prime this with the name of your shared configuration module, and the linter will fail if a more recent version of the lint rules are available.

Another snag is that a pre-commit hook is still too late to prevent undesirable dependencies from being installed. You can work around this by running eslint from an npm dependencies script.

Instructions

  1. Build a Tech Radar for your node dependences. e.g.

    name,ring,quadrant,isNew,description
    prisma,hold,backend,FALSE,Persistence
    winston,hold,backend,FALSE,Logging
    bunyan,hold,backend,FALSE,Logging
    @pgtyped/query,assess,TRUE,Persistence
    orchid-orm,trial,backend,FALSE,Persistence
    pino,adopt,backend,FALSE,Logging
    sequelize,adopt,backend,FALSE,Persistence
    
  2. Export the Tech Radar to JSON rule configuration.

    npx --package=eslint-plugin-tech-radar -- export-tech-radar \
      --input radar.csv \
      --documentation https://github.com/your-organisation/tech-radar \
      --output radar.json
  3. Create a shared configuration similar to this example. Export the Tech Radar json file and eslint configuration from the module to make it easier to ignore specific dependencies in the repositories that use it.

  4. Include the shared configuration in your application's eslint rules as per this example.

Rules

tech-radar/adherence

Reports packages that that do not adhere to the Tech Radar

"tech-radar/adherence": [
  "error",
  {
    "hold": [
      "prisma",
      "winston",
      "bunyan"
    ],
    "assess": [
      "@pgtyped/query"
    ],
    "trial": [
      "orchid-orm"
    ],
    "adopt": [
      "pino",
      "sequelize"
    ],
    "ignore": [
     ],
    "documentation": "https://github.com/your-organisation/tech-radar"
  }
]

The linter will fail if package.json includes a dependency that is on hold or under assessment. Use the ignore array to suppress errors about a dependency without removing it from hold or access. Works with production, development, peer and optional dependencies.

> eslint .

~/your-application/package.json
  1:1  error  Package 'slonik' is not on the tech radar. See https://github.com/your-organisation/tech-radar for more details  tech-radar/adherence
  1:1  error  Package 'prisma' is discouraged. See https://github.com/your-organisation/tech-radar for more details            tech-radar/adherence

✖ 2 problems (2 errors, 0 warnings)

tech-radar/latest

Reports packages that are behind the latest version.

"tech-radar/latest": [
  "error",
  {
    "packages": [
      "eslint-config-your-organisation"
    ]
  }
]

Works with production, development, peer and optional dependencies (if installed). Ignores dependencies that are specificed by url.

> eslint .

~/your-application/package.json
  1:1  error  Package 'eslint-config-your-organisation' must be version 1.0.2.  tech-radar/latest

✖ 1 problem (1 error, 0 warnings)

Exporting Tech Radars

As mentioned in the instructions, we provide a script for exporting Tech Radar csv files. This usage for this script is as follows...

Usage: npx --package eslint-plugin-tech-radar -- export-tech-radar [options]

Options:
  -i, --input <path>          Specify the path to the input file (optional)
  -d, --documentation <url>   Specify the documentation url (mandatory)
  -q, --quadrant <string>     Specify the quadrant used for dependencies (optional)
  -o, --output <path>         Specify the path to the output file (optional)

Examples:
  cat radar.csv | npx --package eslint-plugin-tech-radar -- export-tech-radar \
    --documentation https://github.com/your-organisation/tech-radar \
    --quadrant dependencies \
  > radar.json

  npx --package eslint-plugin-tech-radar -- export-tech-radar \
    --input radar.csv \
    --documentation https://github.com/your-organisation/tech-radar \
    --quadrant dependencies \
    --output radar.json

If an input file is not specified the script will read from stdin. If an output file is not specified the script will write to stdout. If a quadrant is specified, the script will only include entries for that quadrant.

Acknowledgements

eslint-plugin-tech-radar was inspired by eslint-plugin-package-json-dependencies

Package Sidebar

Install

npm i eslint-plugin-tech-radar

Weekly Downloads

7

Version

2.0.0

License

ISC

Unpacked Size

23.9 kB

Total Files

21

Last publish

Collaborators

  • cressie176