stank: analyzers for determining whether files smell like rotten POSIX shell scripts, or faintly rosy like Ruby and Python scripts
OTHER License
Bot releases are hidden (Show)
Published by mcandre 9 months ago
Replace zip archive with tarball for ease of Docker container injection.
Published by mcandre 9 months ago
stink
now recognizes .sample
file extension as a machine-generated file, ill suited for linting for most downstream developers.*.sample
git hook dummy files by default, which have a history of tripping ShellCheck and other linters.-print0
support added to stank
in concert with classic xargs -0
, in order to protect against subtle spacing bugs in larger shell commands, scripts, and CI/CD pipelines.Published by mcandre 10 months ago
Published by mcandre over 1 year ago
With new and improved zsh scanning!
Published by mcandre over 1 year ago
Update to Go 1.20 for freebsd/riscv64 support.
Published by mcandre over 1 year ago
funk
now treats most traps as hazardsPublished by mcandre about 2 years ago
Upgrade Go to 1.19 for loong64 support in prebuilt binaries.
Published by mcandre about 3 years ago
The internal build process has been enriched to yield more platform ports.
Published by mcandre about 4 years ago
stank
now accepts a flag -exInterp <bash[,zsh[,ksh[,etc]]]>
to remove certain results from reports. This is particularly helpful for integrating ShellCheck in large projects, as ShellCheck presents errors when passed zsh scripts.Published by mcandre over 4 years ago
funk no longer discourages shebangs from non-executable shell scripts.
Before, we were worried that the mere existence of a shebang could confuse some users and lead to mistakes with interpreter flags.
funk will continue to warn on incorrect file mode bits and will continue to warn on flags specified in the interpreter line. That promotes a clear launch style and more reliable runtime behavior in a variety of environments. However, we realized that the presence of a shebang is super helpful to properly read more scripts, even if it might imply to a few novice users that a non-executable (sourcable!) script would invoke the shebang.
Now, funk actively encourages shebangs for all POSIXy shell scripts. This allows for greater clarity when scripts are read by people, text editors, and static analysis tools.
Published by mcandre over 4 years ago
funk now encourages set -euf
by default.
For POSIXy scripts, funk attempts to pass file contents through syntax validators (e.g. bash -n
).
Generic POSIX sh scripts continue to run through mvdan/sh parser in case of shims replacing sh
with a looser parser like bash.
This largely replaces the need for shlint
. checkbashisms is still a separate utility, of course.
Published by mcandre over 4 years ago
Published by mcandre over 4 years ago
funk now warns when executable scripts omit set
, IFS
statements at the top. Along with good exit trap
s, these statements act similar to use strict;
in Perl or 'use strict';
in JavaScript, treating program control flow in shell closer to what we intuitively expect.
For example, the -e
option to set
exits the program at the point of the first command failure. By default, most shells will continue past the error and run potentially hazardous commands straight through the end of the program. So set -e
is highly encouraged for any and all executable POSIXy shell scripts.
The POSIX standard defines other options as well. And if you use a superset shell like bash, zsh, ksh, etc., you may have even more options for tuning how your program responds to different situations.
https://pubs.opengroup.org/onlinepubs/009695399/utilities/set.html
funk expects at least one set
command and at least one IFS
assignment at the top of all POSIXy shell scripts. Shebang, other trailing or full line comments and/or trap
s are allowed here. Multiline statements are unfortunately unable to accurately parse here.
The exact order of set
s vs. IFS
s vs. trap
s is not enforced by funk; order these according to your semantic and stylistic preferences.
Note that the exact IFS
value, exact set
flags are not checked, as these are highly language and project specific. We encourage -eu
enabled on set
and an effective value of \n\t
on IFS
as a good start to more predictable runtime behavior. The goal is to raise the reliability of our shell scripts without sacrificing too much in terms of flexibility.
In addition to executable scripts IFS
and/or set
may be customized in core configuration files or other sourceable library scripts, though take care to not break interactive environments.
Enjoy version 0.0.15.
Published by mcandre over 4 years ago
expect
scripts versus true sh
scripts.The change to xgo drops some platforms, while fixing others. Also, the archive file path structure has changed.
Published by mcandre over 6 years ago
musl Linux and other new targets are now available in the precompiled binaries bundle.
Published by mcandre about 7 years ago
Release notes:
Happy linting!
Published by mcandre about 7 years ago
Release notes:
bin/
scripts no longer ignored, in case of customized Java shims-ahiru
flag added for encouraging shell script portabilityPublished by mcandre about 7 years ago
funk now offers a -modulino
flag to break up modulinos and ambiguous shell scripts into distinct application scripts vs. library scripts. This option is noisy and off by default for now. When enabled, -modulino
recommends that executable permissions be reserved for extension-less scripts, and that library scripts be renamed with .lib.sh
extensions. This policy is intended to communicate to downstream users whether to ./
(execute) or .
(import) a script, and to choose more meaningful names for application scripts.
Published by mcandre about 7 years ago
Release notes:
bin/<script>
paths, as these are often Java shims-kame
/-usagi
flags to recommend either faster or more robust shell languages-eol
flag to customize scan for existence of a final end of line feed-cr
flag to customize scan for presence of a carriage return / carriage return line feed