ESlint - version? what about 8?

I note from Included Analyzers that ESLint is an included scanner
We have sonatype running against some of our javascript/react repos, and ESLint8 is required

Is there further information about the ESLint scanner run by default?
Is any configuration possible in the .lift.toml?
If not, what is the equivilient custom configuration - perhaps we can modify as a custom tool to use the latest version

Example scan: Sonatype Lift -- Console


Hi Nigel,
We’re currently defaulting to 7.32.0 for ESLint. If you wanted to use a different version you can use a setup script which runs before the analysis to configure any changes to the build environment that you need. See Build and .toml Details for details on how to include a setup script.

In your script you can add something like

#!/bin/bash -
sudo npm i -g eslint@8.29.0 \
             eslint-plugin-jest \
             eslint-plugin-babel \
             eslint-config-airbnb \
             eslint-config-prettier \
             eslint-plugin-prettier --save-dev && \
    sudo npm i -g @typescript-eslint/eslint-plugin@latest --save-dev

If this setup script is in your repo in .lift/ then your .lift.toml config file would contain

setup = ".lift/"

The build logs in the web console should show the output from the to evaluate if there were any issues or warnings.

Let me know how it works out for you.


thanks - will give it a go!

hi @mjohnson, i tried doing that but with no success, here’s the output [0] for the given [1] input.

[0] - Sonatype Lift -- Console
[1] - Add custom eslint version for sonatype by sarbull · Pull Request #507 · odpi/egeria-ui · GitHub

Hi Cezar,
You’re running into two issues currently. The first is that it is difficult to test config changes in a PR, because we run an analysis on both branches and then diff the results. When the config is different in the two branches you can get some unexpected behavior. I suggest using the web console to run an ad hoc analysis on your branch with the config changes to test things out.

Second issue is the version of node seems to be too old to support ESLint 8. We’re installing node/npm with the OS package manager and it’s latest version is quite outdated. I’m bringing it up to the team to make a more flexible option to have broader support. I’ll share an update as soon as we have one.