Well if you cache the responses I believe it won't be a big deal. I would suggest caching to disk, and invalidating them in a week or so (cause the back end logic might change). And also a NO_CACHE environment variable would be nice.
Another solution would be a proxy server which caches the responses to disk and also keeps them in memory. But I believe that most people wouldn't wan't to use a rule which requires a server to lint. And lastly I'm thinking about HTTP caching, but I have no idea if it works natively or what npm module would support it. All of these methods I believe would yield a performant linting timing. On Wednesday, April 4, 2018 at 5:29:12 AM UTC+3, davi...@vt.edu wrote: > > Hi all, > > I'm a PhD student at Virginia Tech. I'm working on a research project to > detect vulnerable regexes. > > I've developed a tool that queries an ensemble of catastrophic > backtracking detectors (repo here > <https://github.com/davisjam/vuln-regex-detector/>). > > Because the tool is expensive to run, I set up a server that maintains a > database of previous queries and results. > I created an npm module that asynchronously queries this server over HTTP > (module here <https://www.npmjs.com/package/vuln-regex-detector>). > > I would like to create an eslint plugin to make it easy for developers to > adopt it. > The plugin I envision is similar to this one > <https://www.npmjs.com/package/eslint-plugin-security#detect-unsafe-regex> > that uses safe-regex <https://github.com/substack/safe-regex> (which, > alas, has high rates of false positives and false negatives, and is > incorrectly > implemented <https://github.com/substack/safe-regex/pull/9> to boot). > However, it looks from the eslint docs that eslint rules must be > synchronous <https://eslint.org/docs/developer-guide/architecture#rules>. > I couldn't find this discussed explicitly in the eslint issues or this > mailing list; please forgive me if I missed a discussion about this > somewhere. > > I am interested in thoughts on: > > - Whether there's any point in making *synchronous* HTTP requests? (I > suspect this would lead to terrible linter performance) > - Whether there's a way to make an asynchronous eslint rule? > - If eslint is not a good way to do this, can anyone recommend an > alternative approach? > > Thank you, > > Jamie > > -- You received this message because you are subscribed to the Google Groups "ESLint" group. To unsubscribe from this group and stop receiving emails from it, send an email to eslint+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
