I note from Included Analyzers that ESLint is an included scanner
We have sonatype running against some of our javascript/react repos, and ESLint8 is required
Is there further information about the ESLint scanner run by default?
Is any configuration possible in the .lift.toml?
If not, what is the equivilient custom configuration - perhaps we can modify as a custom tool to use the latest version
Hi Nigel,
We’re currently defaulting to 7.32.0 for ESLint. If you wanted to use a different version you can use a setup script which runs before the analysis to configure any changes to the build environment that you need. See Build and .toml Details for details on how to include a setup script.
Hi Cezar,
You’re running into two issues currently. The first is that it is difficult to test config changes in a PR, because we run an analysis on both branches and then diff the results. When the config is different in the two branches you can get some unexpected behavior. I suggest using the web console to run an ad hoc analysis on your branch with the config changes to test things out.
Second issue is the version of node seems to be too old to support ESLint 8. We’re installing node/npm with the OS package manager and it’s latest version is quite outdated. I’m bringing it up to the team to make a more flexible option to have broader support. I’ll share an update as soon as we have one.