Reek VS Brakeman

Rubycritic uses reek under the hood so I added a reek config files at .reek.yml with the following content:

Reek is a code smell detection tool for Ruby that helps identify potential design issues. It analyzes your codebase and provides feedback on areas that might benefit from refactoring or improvement. Here's an overview of what Reek is and how to use it:

$ reek app/controllers/erp/orders_controller.rb Inspecting 1 file(s): S app/controllers/erp/orders_controller.rb -- 1 warning: [91]:UncommunicativeVariableName: Erp::OrdersController#create has the variable name 'e' [https://github.com/troessner/reek/blob/v6.1.1/docs/Uncommunicative-Variable-Name.md]

reek

Other useful gems you may take a look at are dawnscanner, reek, and hakiri_toolbelt.

Beside RuboCop, I found reek very useful. https://github.com/troessner/reek

If you're looking for static typing a dynamic language is going to be a poor fit. I find a place for both. I love Rust, but trying to write a tool that consumed a GraphQL API with was a brutal exercise in frustation. I'd say that goes for typing of JSON or YAML or whatever structured format in general. It's refreshing being able to just work with data in the form I already know it's in. Ruby can be an incredibly productive language to work with.

If you're looking for static analysis in general, please note that there are mature tools available. Rubocop¹ is probably the most popular and allows for linting and code formatting. Brakeman² is a vulnerability scanner for Rails. Sorbet³ is a static type checker.

The tooling is there if you want to try things out. But, if you want a statically typed language then that's a debate that's been going since the dawn of programming language design. I doubt it's going to get resolved in this thread.

¹ - https://github.com/rubocop/rubocop

² - https://brakemanscanner.org/

³ - https://sorbet.org/

Regularly audit your application's codebase to identify potential vulnerabilities. Tools such as Brakeman provide automated security scanning for Rails applications and can help identify injection vulnerabilities early.

Brakeman https://github.com/presidentbeef/brakeman Description: A static analysis security vulnerability scanner specifically designed for Ruby on Rails applications. Usage: Use Brakeman to scan your Rails codebase and identify potential security issues during development.

Brakeman - “Brakeman detects security vulnerabilities in Ruby on Rails applications via static analysis”

My team and I released Bearer a couple of weeks ago, a newer open and free alternative to Brakeman to check your code for security and privacy risks. In addition to Ruby/Rails, we also cover your JS/TS code, which allows you to use a single solution for your whole Rails application.

Brakeman is a static analysis security vulnerability scanner for Ruby on Rails applications. It finds potential security issues in Rails applications by examining the Ruby code. Brakeman helps find and fix security holes before deploying your Rails app.

brakeman is another useful Ruby gem that is a static analysis security vulnerability scanner for Ruby on Rails applications.

You might find brakeman interesting: https://brakemanscanner.org

It’s assumed that you already have a Rails app and use Brakeman to keep your app secure and Rspec to run your test cases.