The npm packagepromyze-cli allows to compute best practices suggestions on a code base to detect locations where best practices are not followed. It also provides facilities to produce a report file for tools like SonarQube, or in the SARIF format (Static Analysis Results Interchange Format).
Installation
We recommend installing the promyze-cli tool globally.
npmi-gpromyze-cli
Configuration
There is one mandatory parameter to set:
PROMYZE_API_KEY: A valid user API Key to connect to your Packmind instance.
We recommend setting these values as environment variables, but you can also pass them as command-line arguments.
You can also use the dotenv package:
npm install dotenv dotenv-cli
Then, create a .env.promyze file and set these two values (add it to your .gitignore to not share sensitive data):
Outside a npm script, run the following command to ensure everything works fine:
promyze-cliscan.//ornpmrunpromyze-cliifyou've followed above instructions
If yes, you can check the section below to configure the code analysis.
Generate coding practices with AI
TODO
Configuration
Usage:promyze-cliscan [options] [sources]Scanthecomma-separatedlistoffiles/directoriestodetectnegativeexamplesofbestpracticesOptions: -e, --exclude <value> Comma-separated list of patterns to exclude files that contain one of them (ex: "Listener"). These are only string patterns, not regular expressions. (default: "dist/,node_modules,.min.,.map.,.git/")
-ext,--extensions<severity>Comma-separatedlistofextensionstoexclusivelyinclude,ex:".js,.ts" (default: "")-m,--mode<mode>Executionmode:*"all":scanallthecodebase * "onlyChanged": Should only scan edited files on SCM (only Git is supported): (default: "all")
-g, --grouped <grouped> For the "console" formatter, group the result by files or practices: ["files", "practices"] (default: "files")
-f, --formatters <formatters> Comma-separated list of formatters: ["console", "sonarqube", "sarif"] (default: "console")
-o, --output <outputFile> File output when formatters do not only include "console" (default: "promyze-scan.json")
-s, --severity <severity> Severity of the issues in the report, such as "WARNING", "MAJOR", "BLOCKER", .... Only relevant when formatter is "sonarqube" or "sarif" (default: "MAJOR")
-sp, --spaces <spaces> Restrict the results to practices included into specific spaces, separated with commas. (default: "")
-k, --apiKey <url> Indicate the full Packmind API Key. We recommend to use instead the PROMYZE_API_KEY environment variable. (default: "")
-exit, --errorIfResults <errorIfResults> If true, will stop with an error code 1 if at least one suggestion is found (default: 'false')
-t, --type <issueType> Exclude file patterns, such as "CODE_SMELL", "VULNERABILITY", "BUG", ... Only relevant when formatter is "sonarqube" or "sarif" (default: "CODE_SMELL")
-ca, --caSSL <pathToSSLCertificate> If specified, the CLI will trust this certificate (.crt or .pem for instance; default: '')
-ruleIdSarif, --ruleIdSarif <ruleIdSarif> Specify what will be the ruleId property if the Sarif Report. Either "practiceId" or "practiceName" (default: 'practiceId')
For any suggestion to improve this package, feel free to submit us your suggestion, and we'd be happy to consider it: