TypeScript support on LGTM

January 26, 2018

Category

Reading time

LGTM now supports TypeScript as part of its default JavaScript analysis. Both pure TypeScript projects and projects with a mix of TypeScript and JavaScript are supported, and alerts for the TypeScript code appear together with the JavaScript alerts.

All our standard JavaScript analyses also apply to TypeScript. Additionally, we have a small but growing set of TypeScript-specific analyses (more to come!).

There are some common JavaScript mistakes that the TypeScript compiler can spot during development, such as calling a function without a required argument, or reading an object property that doesn't exist. However, not all errors are type errors, and programmers sometimes deliberately circumvent the TypeScript type system in order to get their code to compile. This is where LGTM comes in.

As an example, take a look at our analysis results for angular. Apart from a few semantic gotchas like this one and copy-paste mishaps like this one, we are particularly pleased to see that LGTM flags a type error that appears to have eluded the TypeScript compiler. Let's consider this condition:

if (expr != null && assignExpr != null)

At this point in the program, variable assignExpr is guaranteed to contain a Boolean value (true or false), so assignExpr != null always comes out true. While it's hard to tell whether this could cause any bugs in practice, it's unlikely to be intentional and certainly worth investigating.

So, go ahead, take a look at the results for your favorite TypeScript projects. Add any projects that aren't on LGTM yet, and let us know if you spot any dubious alerts, or have any ideas for a TypeScript-specific query you'd like to see!

Note: Post originally published on LGTM.com on January 26, 2018

Join us in securing the software that runs the world!

Enter your email address below to stay up-to-date with Semmle news, security announcements and product updates.

Loading...