Coverity Scan: Thunderbird

Mark Banner mbanner at
Fri Oct 19 08:12:07 UTC 2018

On 12/10/2018 09:26, Óvári wrote:

> "Since Coverity is C/C++ only, this obviously wouldn't be necessary" 
> [1]; however, "Projects on Coverity Scan" [2] languages: Java, C/C++, 
> C#, JavaScript, PHP/Python/Ruby.
> Isn't JavaScript [3] used in Thunderbird add-ons?
Yes it is, but it wasn't clear from the site that it covers Javascript.
> Does this mean that "Coverity Scan" could help with Thunderbird add-ons?

That's very unclear. There's no detailed list that I can see of what 
Javascript specific defects are caught. There is a list of general 
defects but they are mainly things I'd associate with c++ or similar 
compiled languages.

Without more information on the specifics, I'd suggest that promoting 
ESLint <> to add-on authors is more likely to be 
useful - there's lots of rules <> 
highlighting various issues that can be selectively enabled. For 
legacy/hybrid add-ons, there's eslint-plugin-mozilla 
<> which has the 
mozilla-central configuration, and useful rules specific to gecko.

There's various editor integrations and easy ways (e.g. Travis CI) to 
incorporate into PRs etc.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the tb-planning mailing list