Skip to content

deepscan/vscode-deepscan

Repository files navigation

VS Code DeepScan extension

VS Code Marketplace DeepScan Grade

VS Code extension to detect bugs and quality issues in JavaScript, TypeScript, React and Vue.js. Works with DeepScan.

DeepScan is a cutting-edge JavaScript code inspection tool that helps you to find bugs and quality issues more precisely by data-flow analysis. You can also use it for React and Vue.js because DeepScan delivers React specialized rules and Vue.js specialized rules.

Note 1: File Transfer

To use this extension, you should confirm that your code is transferred to the DeepScan server for inspection when you save your changes. You can confirm it by pressing the Confirm button that appears when restarting VS Code after the installation.

Note that your code is completely deleted from the server right after the inspection.

Note 2: DeepScan Access Token

An access token is required for transferring code and receiving inspection results. DeepScan server uses the token to provide reliable and prompt inspection of your code.

Follow instructions at DeepScan site to generate an access token for free.

Note 3: Limitation of Analysis

The analysis is only per the transferred file. Some rules requiring inter-module information, such as REACT_MISMATCHED_TYPE_OF_PROP, does not apply in this plugin. To fully make use of DeepScan, please check out Embedded Mode.

Navigation

How it works

  • Report issues in Problems panel when you open a *.js, *.jsx, *.mjs, *.ts, *.tsx, and *.vue file and save it.
  • Highlight issues in the code.
  • Show a rule description using a code action. When you click the light bulb of the issue, you can see the detailed description of the rule and grasp what's the problem.

DeepScan Access Token

An access token is needed to inspect your code at the DeepScan server. Follow instructions at the DeepScan site to generate the token.

For managing access token, this extension contributes the following commands to the Command Palette:

  • Configure Access Token: register the token generated at the DeepScan site.
  • Delete Access Token: remove the currently registered token from VS Code. (The token at the server remains unaffected.)
  • Show Access Token Info: display the name and expiration date of the current token.

Note: Access token is not needed in Embedded Mode.

Settings Options

This extension contributes the following variables to the settings:

  • deepscan.enable: enable/disable DeepScan. Disabled by default. Enabled on per workspace when you confirm.
  • deepscan.server: set an url of DeepScan server. "https://deepscan.io" by default.
  • deepscan.proxy: set an url of proxy server. When you are behind a proxy.
  • deepscan.ignoreRules: set an array of rules to exclude. An example to exclude 'UNUSED_DECL' rule:
{
    "deepscan.ignoreRules": [
        "UNUSED_DECL"
    ]
}
  • deepscan.ignorePatterns: set an array of file patterns to exclude. An example to exclude a file and lib directory:
{
    "deepscan.ignorePatterns": [
        "App.vue", "lib/"
    ]
}
  • deepscan.fileSuffixes: set an array of additional suffixes for files to analyze. An example to analyze *.es file as a JavaScript file:
{
    "deepscan.fileSuffixes": [
        ".es"
    ]
}
  • deepscan.showDecorators: enable/disable to show high and medium problems with inline decorators. Enabled by default.

Showing problems with inline decorators

Disabling Rules with Inline Comments

While you can exclude rules project wide via deepscan.ignoreRules option, you can also disable a rule in a file using inline comment.

const x = 0;
x = 1; x + 1; // deepscan-disable-line UNUSED_EXPR

By Ignore this line and Ignore this rule code actions, you can add an inline comment easier.

Disabling rules

Read more about it here.

Embedded Mode

Note: This is a premium feature.

DeepScan supports an embedded mode, which works standalone without DeepScan server. It works with the local language server so you can:

  • never worry about transferring the code outside.
  • analyze a whole project rather than a file.

To activate this, contact us at support@deepscan.io.

In the embedded mode, this extension contributes the following commands to the Command Palette:

  • Inspect Project: inspect the current project.
  • Clear Project Problems: clear inspected problems.

ESLint Analysis

Run ESLint. You can see the ESLint alarms with DeepScan's.

eslint package is required in the local or global. Note that NODE_PATH environment variable is necessary to load the eslint module installed in global.

It directly uses the package so your custom configurations and plugins are applied as is.

  • deepscan.serverEmbedded.eslint.enable: enable/disable ESLint analysis.
  • deepscan.serverEmbedded.eslint.merge: option for how identical issues of DeepScan and ESLint are merged. (defaults to deepscan)
    • deepscan: show only DeepScan issues.
    • eslint: show only ESLint issues.
    • both: show all issues as is.

Using behind a proxy

To do an inspection, this extension requires a connection with the DeepScan server. But this connection cannot be established when you are behind a proxy.

For this case, you can try one of the following:

  • Set http_proxy environment variable: http_proxy is respected, if any.
  • Set deepscan.proxy option: When you do not have/want a system-wide http_proxy environment variable, you can set the proxy server's URL in the deepscan.proxy option.