Checkstyle VS Error Prone

We had a list of suggested code formation tools, as my code was written in Java I decided to use suggested formatter GoogleJavaFormat. However, I didn't decide to pick suggested tool for Linter. I picked Checkstyle; for the reason, that SpotBugs wasn't available for JDK 22.

Linting and Code Static Analysis: Stripe implements strict linting and code static analysis to maintain high code quality. Tools like Checkstyle for Java can be integrated into your CI pipeline to catch potential issues before they reach production.

I'm trying to use Google's checkstyle. I want certain things to be an error, such as using Tabs for indentation. When I run mvn checkstyle:check with a file with a tab in the first column, it always gives a [WARN] rather than the error that I've asked for. Pom snippet: org.apache.maven.plugins maven-surefire-plugin ${maven-surefire-plugin.version} ${maven-surefire-plugin.skipUnitTests} org.apache.maven.plugins maven-checkstyle-plugin 3.1.2 checkstyle validate check google_checks.xml UTF-8 true true warning true I'm using google_checks.xml as from https://github.com/checkstyle/checkstyle/blob/master/src/main/resources/google_checks.xml. I have changed the severity for the FileTabCharacter to "error"

1. Conflicts between Spotless and Checkstyle Checkstyle is a tool for checking Java source code for compliance with code standards or a set of validation rules (best practices).

Never had anything like that though for four years my life revolved around getting PMD, checkstyle and Sonar rules to pass so my pull request would merge.

PMD, and checkstyle as well.

I’m a little out of date with Java, but I believe Checkstyle is currently popular: https://github.com/checkstyle/checkstyle

Another example can be applied to code quality itself. Most static analyzers are configurable. If you tried to set Checkstyle Google configuration to the mature project, you would probably get hundreds or even thousands of errors. You can start with just one rule. Ar first glance, it seems not so important. But after the moment when the configuration reaches the repository, you can be sure that no one else can violate this rule in the future.

error-prone is good for some extra static analysis.

A special kind of validation is enforcing that record fields are not null. (Un)fortunately, records do not have any special behavior regarding nullability. You can use tools like NullAway or Error Prone to prevent null in your code in general, or you can add checks to your records:

I am all in favour to more third side libraries adding functionalities, like Lombok, Manifold and error prone. As well as smaller projects like this shameless plug and what appears in this list

If only Google didn't suck when it came to Java9+ support... https://github.com/google/error-prone/issues/2649

I haven't used it. I use Google's ErrorProne + Lombok to prevent NPEs in java.

Take a look at NullAway, a plugin for Error Prone.

For some of this stuff, there are compiler extensions that allow extra type checking to be added e.g. Google Error-Prone: https://github.com/google/error-prone with stuff like: https://errorprone.info/bugpattern/ReturnMissingNullable.

Doesn't help you with third party libraries, but across an org applying that rule (and others!) typically ensures some consistency.

How to build a static analysis plugin. Google has a framework for Java with a good tutorial.