Skip to content
/ eslint-plugin-tech-radar Public

An eslint plugin to encourage adherence to an organisational tech radar

3 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

acuminous/eslint-plugin-tech-radar

BranchesTags

Repository files navigation

eslint-plugin-tech-radar

NPM version Node.js CI Code Climate Test Coverage Discover zUnit

A Tech Radar unfortunately doesn't prevent engineers installing modules they shouldn't. As Jeff Bezos says, "Good intentions don't work, good mechanisms do". One not very good mechanism is to use a private npm repository, but this blocks both direct and transitive dependencies, making it impractical. Another is to scan repositories looking for violations, but this is too late.

Instead, the approach taken by this module is to write a custom eslint plugin for validating the dependencies listed in package.json. The rules can be defined in a shared configuration, and just like eslint, run automatically on pre-commit/pre-push hooks and as part of a CI/CD pipeline. You also have a familiar escape hatch, should teams need to downgrade, ignore or reconfigure rules on a repository by repository basis. Better yet, changes to the rules can be accompanied by healthy and documentent discussion in the form of issues and/or pull requests.

A snag with this approach is that the local install of the shared configuration must always be up-to-date. For this reason, eslint-plugin-tech-radar also includes a latest rule for ensuring that the latest published version of a module is installed. Prime this with the name of your shared configuration module, and the linter will fail if a more recent version of the lint rules are available.

Another snag is that a pre-commit hook is still too late to prevent undesirable dependencies from being installed. You can work around this by running eslint from an npm dependencies script.

Instructions

  1. Build a Tech Radar for your node dependences. e.g.

    name,ring,quadrant,isNew,description
prisma,hold,backend,FALSE,Persistence
winston,hold,backend,FALSE,Logging
bunyan,hold,backend,FALSE,Logging
@pgtyped/query,assess,TRUE,Persistence
orchid-orm,trial,backend,FALSE,Persistence
pino,adopt,backend,FALSE,Logging
sequelize,adopt,backend,FALSE,Persistence

  2. Export the Tech Radar to JSON rule configuration.

    npx --package=eslint-plugin-tech-radar -- export-tech-radar \
  --input radar.csv \
  --documentation https://github.com/your-organisation/tech-radar \
  --output radar.json

  3. Create a shared configuration similar to this example. Export the Tech Radar json file and eslint configuration from the module to make it easier to ignore specific dependencies in the repositories that use it.

  4. Include the shared configuration in your application's eslint rules as per this example.

Rules

tech-radar/adherence

Reports packages that that do not adhere to the Tech Radar

"tech-radar/adherence": [
  "error",
  {
    "hold": [
      "prisma",
      "winston",
      "bunyan"
    ],
    "assess": [
      "@pgtyped/query"
    ],
    "trial": [
      "orchid-orm"
    ],
    "adopt": [
      "pino",
      "sequelize"
    ],
    "ignore": [
     ],
    "documentation": "https://github.com/your-organisation/tech-radar"
  }
]

The linter will fail if package.json includes a dependency that is on hold or under assessment. Use the ignore array to suppress errors about a dependency without removing it from hold or access. Works with production, development, peer and optional dependencies.

> eslint .

~/your-application/package.json
  1:1  error  Package 'slonik' is not on the tech radar. See https://github.com/your-organisation/tech-radar for more details  tech-radar/adherence
  1:1  error  Package 'prisma' is discouraged. See https://github.com/your-organisation/tech-radar for more details            tech-radar/adherence

✖ 2 problems (2 errors, 0 warnings)

tech-radar/latest

Reports packages that are behind the latest version.

"tech-radar/latest": [
  "error",
  {
    "packages": [
      "eslint-config-your-organisation"
    ]
  }
]

Works with production, development, peer and optional dependencies (if installed). Ignores dependencies that are specificed by url.

> eslint .

~/your-application/package.json
  1:1  error  Package 'eslint-config-your-organisation' must be version 1.0.2.  tech-radar/latest

✖ 1 problem (1 error, 0 warnings)

Exporting Tech Radars

As mentioned in the instructions, we provide a script for exporting Tech Radar csv files. The usage for this script is as follows...

Usage: npx --package eslint-plugin-tech-radar -- export-tech-radar [options]

Options:
  -i, --input <path>          Specify the path to the input file (optional)
  -d, --documentation <url>   Specify the documentation url (mandatory)
  -q, --quadrant <string>     Specify the quadrant used for dependencies (optional)
  -o, --output <path>         Specify the path to the output file (optional)

Example:

  npx --package eslint-plugin-tech-radar -- export-tech-radar \
    --input radar.csv \
    --documentation https://github.com/your-organisation/tech-radar \
    --quadrant dependencies \
    --output radar.json

If an input file is not specified the script will read from stdin. If an output file is not specified the script will write to stdout. If a quadrant is specified, the script will only include entries for that quadrant.

Acknowledgements

eslint-plugin-tech-radar was inspired by eslint-plugin-package-json-dependencies

About

An eslint plugin to encourage adherence to an organisational tech radar

Resources

Readme
Activity
Custom properties

Stars

3 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 4

v2.0.0 Latest
Jun 3, 2024
+ 3 releases

Packages

No packages published

Languages