Scalafix
sbt-tpolecat
Our great sponsors
Scalafix | sbt-tpolecat | |
---|---|---|
6 | 6 | |
802 | 371 | |
0.6% | 1.3% | |
9.1 | 7.3 | |
5 days ago | 9 days ago | |
Scala | Scala | |
BSD 3-clause "New" or "Revised" License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Scalafix
-
Security static analysis tooling for Scala?
I also recommend using Scalafix. It's a tool which can lint your codebase, checking for potentially problematic things, like
-
Which static analysis tool do you use for Scala?
Scalafix
-
Dragging Haskell Kicking and Screaming into the Century of the Fruitbat :: Reasonably Polymorphic
scala-fix seems relevant for the /= removal problem.
-
Newspeak and Domain Modeling
or `NonUnitStatements` without explicit annotation.
This effectively locks you into writing pure code (you can extend the linter to cover other things like not using `Future` or not using Java libs outside of `MonadError` from cats[4]). The linters operate on typed ASTs at compile time, and have plugins for the most popular scala build tools. Coupled with `-XFatalWarnings', you can guarantee that nothing unexpected happens unless you explicitly pop the escape hatch, for the most part.
You can still bring in external libraries that haven't been compiled with these safties in place, so you aren't completely safe, but if you use ZIO[5]/Typelevel[6] libraries you can be reasonably assured of referentially transparent code in practice.
There are three schools of thought, roughly, in the scala community towards the depth of using the type system and linters to provide guarantees and capabilities, currently:
1) Don't attempt to do this, it makes the barrier to entry to high for Scala juniors. I don't understand this argument - you want to allow runtime footguns you could easily prevent at compile time because the verifiable techniques take time to learn? Why did you even choose to use a typesafe language and pay the compilation time penalty that comes with it?
2) Abstract everything to the smallest possible dependency interface, including effects (code to an effect runtime, F[_] that implements the methods your code needs to run - if you handle errors, F implements MonadError, if you output do concurrent things, F implements Concurrent, etc.) and you extend the effect with your own services using tagless final or free.
3) You still use effect wrappers, but you bind the whole project always to use a concrete effect type, avoiding event abstraction, thus making it easier to code, and limiting footguns to a very particular subset (mainly threadpool providers and unsafeRun or equivalent being called eagerly in the internals of applications).
My opinion is that smallest interface with effect guarantees (#2) is best for very large, long maintenance window apps where thechoice of effect runtime might change(app), or is out of the devs' control (lib); and #3 is best for small apps.
TL/DR; You can go a really, really long way to guaranteeing effects don't run in user code in scala. Not all the way like Haskell, but far enough that it's painful to code without conforming to referential transparency.
1. https://github.com/scalacenter/scalafix
2. https://github.com/scalaz/scalazzi
3. http://www.wartremover.org/
4. https://typelevel.org/cats/api/cats/MonadError.html
5. https://zio.dev/
6. https://typelevel.org/
-
Scala noob question. Parameter of type Option. Why does scala compiler allows passing null as an argument?
I actually still recommend using WartRemover, at least until there's an equivalent ScalaFix ruleset that's as effective.
-
Teaching exercises with custom error messages
Probably linting rules defined in Scalafix. See https://github.com/scalacenter/scalafix/blob/master/scalafix-rules/src/main/scala/scalafix/internal/rule/DisableSyntax.scala#L11 for an example.
sbt-tpolecat
-
Scala Resurrection
I'm awed by the maturity of the Scala 2 compiler. Every minor version in the 2.13 series adds a new linting improvement. You can see that if you have sbt-tpolecat in your project. I'm always happy to see that some option from Wartremover is no longer used.
-
Why are effects better for retries than Future?
Note that this assumes that non-Unit values are silently thrown away, which you should always configure scalac, preferably via sbt-tpolecat, not to allow.
-
New to Scala;
sbt-tpolecat to automatically provide reasonable Scala compiler settings.
-
Scala and Java Upgrade strategy
Start with settings strict compiler flags if you haven't already, for instance using sbt-tpolecat. This will help you remove the most obvious warts in your codebase.
-
Which static analysis tool do you use for Scala?
However, after a while, I found that most of the things I needed were already covered by the compiler. And that Rob's (aka tpolecat) list of compiler options provided all the ones I needed for my style of coding. I Then learn that there was this sbt plugin that managed the list for me and also took care of changing the options according to the Scala version.
-
Is there a way to beautify the code after Scala 3 migration?
Sorry, have nothing useful to contribute (although I'd recommend you to set a restrictive set of scalac flags, for example from sbt-tpolecat, to let compiler help you), but just wanted to praise the Scala team and remind us of all those "Python 3 situation" rants we've saw 2 years ago and how silly they look now.
What are some alternatives?
scalafmt - This repo is now a fork of --->
scaluzzi - Additional rules for Scalafix. The part of scalazzi rules.
Scalastyle - scalastyle
scalafix-organize-imports - A CI-friendly Scalafix semantic rule for organizing imports
Wartremover - Flexible Scala code linting tool
sbt-jni - SBT Plugin to ease working with JNI
Scapegoat - Scala compiler plugin for static code analysis
sbt-dependency-check - SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). :rainbow:
scala-3-migration-guide - The Scala 3 migration guide for everyone.
sonar-scala - A free and open-source SonarQube plugin for static code analysis of Scala projects.
skunk - A data access library for Scala + Postgres.