Coverity Scan: Thunderbird

Mark Banner mbanner at mozilla.com
Fri Oct 19 08:12:07 UTC 2018


On 12/10/2018 09:26, Óvári wrote:

> "Since Coverity is C/C++ only, this obviously wouldn't be necessary" 
> [1]; however, "Projects on Coverity Scan" [2] languages: Java, C/C++, 
> C#, JavaScript, PHP/Python/Ruby.
>
> Isn't JavaScript [3] used in Thunderbird add-ons?
Yes it is, but it wasn't clear from the site that it covers Javascript.
> Does this mean that "Coverity Scan" could help with Thunderbird add-ons?

That's very unclear. There's no detailed list that I can see of what 
Javascript specific defects are caught. There is a list of general 
defects but they are mainly things I'd associate with c++ or similar 
compiled languages.

Without more information on the specifics, I'd suggest that promoting 
ESLint <https://eslint.org/> to add-on authors is more likely to be 
useful - there's lots of rules <https://eslint.org/docs/rules/> 
highlighting various issues that can be selectively enabled. For 
legacy/hybrid add-ons, there's eslint-plugin-mozilla 
<https://www.npmjs.com/package/eslint-plugin-mozilla> which has the 
mozilla-central configuration, and useful rules specific to gecko.

There's various editor integrations and easy ways (e.g. Travis CI) to 
incorporate into PRs etc.

Mark

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/tb-planning/attachments/20181019/529ef14e/attachment.html>


More information about the tb-planning mailing list