Hi Jamie,
There are a few reasons why rules should be synchronous. First is, ESLint is currently fully synchronous, because it’s a command line tool, and command line tools are usually synchronous. ESLint also processes files in a specific order and uses EventEmitter to notify rules about nodes in the AST. There are a lot of rules that rely on synchronous approach (for example, they might rely on specific nodes to be in a specific order and receiving notification out of order will break the logic of the rule). We also don’t do any post-processing and reordering of the errors that we receive from various rules, so async rules might start reporting errors in files other then were they were found. Theoretically, since rules do not return anything to the engine, you could try to create an async rule, and it might even work, but that’s not a supported scenario. My suggestion is to notify users of your plugin that it might take significant amount of time to run it, and that they should enable ESLint caching and use synchronous HTTP requests in your rules. But experience for users who use editor integrations is still going to be pretty poor. Thanks, Ilya Volodin From: eslint@googlegroups.com <eslint@googlegroups.com> On Behalf Of davis...@vt.edu Sent: Tuesday, April 3, 2018 10:29 PM To: ESLint <eslint@googlegroups.com> Subject: [ESLint] Expensive/asynchronous operations in eslint rules Hi all, I'm a PhD student at Virginia Tech. I'm working on a research project to detect vulnerable regexes. I've developed a tool that queries an ensemble of catastrophic backtracking detectors (repo here <https://github.com/davisjam/vuln-regex-detector/> ). Because the tool is expensive to run, I set up a server that maintains a database of previous queries and results. I created an npm module that asynchronously queries this server over HTTP (module here <https://www.npmjs.com/package/vuln-regex-detector> ). I would like to create an eslint plugin to make it easy for developers to adopt it. The plugin I envision is similar to this one <https://www.npmjs.com/package/eslint-plugin-security#detect-unsafe-regex> that uses safe-regex <https://github.com/substack/safe-regex> (which, alas, has high rates of false positives and false negatives, and is incorrectly implemented <https://github.com/substack/safe-regex/pull/9> to boot). However, it looks from the eslint docs that eslint rules must be synchronous <https://eslint.org/docs/developer-guide/architecture#rules> . I couldn't find this discussed explicitly in the eslint issues or this mailing list; please forgive me if I missed a discussion about this somewhere. I am interested in thoughts on: * Whether there's any point in making synchronous HTTP requests? (I suspect this would lead to terrible linter performance) * Whether there's a way to make an asynchronous eslint rule? * If eslint is not a good way to do this, can anyone recommend an alternative approach? Thank you, Jamie -- You received this message because you are subscribed to the Google Groups "ESLint" group. To unsubscribe from this group and stop receiving emails from it, send an email to eslint+unsubscr...@googlegroups.com <mailto:eslint+unsubscr...@googlegroups.com> . For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "ESLint" group. To unsubscribe from this group and stop receiving emails from it, send an email to eslint+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.