Conversation
|
🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎ To accept the risk, merge this PR and you will not be notified again.
Next stepsWhat is an AI-detected potential code anomaly?AI has identified unusual behaviors that may pose a security risk. An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding. Take a deeper look at the dependencyTake a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev. Remove the packageIf you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency. Mark a package as acceptable riskTo ignore an alert, reply with a comment starting with
|
|
For reference, here's a breakdown of the pylint <-> ruff parity: astral-sh/ruff#970 |
|
The biggest difference it seems to me between this and pylint off the bat is that it does not have type inference or multi file analysis |
|
Yep, I figured that this might not provide 1:1 functionality with what pylint provides, but I wasn't sure what was absent until I just attempted to implement it. I also wasn't sure if 1:1 parity was essential, or if there were just a few rules that were nice to have, that you could do without, or could handle with something similar.
Good find on ruff#290, and good to know there's some missing baseline functionality that makes this a non-starter. It does look like they have a specific label to track those 2 things - https://github.com/astral-sh/ruff/issues?q=sort%3Aupdated-desc+is%3Aopen+label%3Ared-knot Also, this fellow's script looks like it might be of use some day in the future: https://gist.github.com/pcorpet/e776a8e794264b818c9cc6d06c11ef15 I'm not sure how far out things are from this being feature-ready to investigate using, so let me know if it's worth it to keep this in a draft state as a reminder, or a thing to poke at occasionally, else I can just close this for now. Letsbehonest this was just an excuse submit a PR from a branch named with emojis. |
|
This pull request has conflicts, please resolve those before we can evaluate the pull request. |
github-actions
bot
added
the
merge_conflict
|
I'm not saying those two things are deal breakers, I'm just adding documentation. I personally dislike pylint's type inference because I don't think it's very good and we have mypy checking the stuff better. Not sure about multi-file checking, but I (personally) have been an advocate for just deleting pylint altogether because I don't feel like it gives very helpful errors and often gives errors that don't seem to matter. |
|
Also @wallentx did you intend to also remove the pylint check at the same time? |
I think my nature just led me to that by default. Romantics are wary of broken hearts, and breaking them, and know better than to scatter their affections. |
|
Ruff?Let me tell you, Ruff is absolutely tremendous — believe me. It’s very, very fast — and I know fast — it's the fastest, actually — and the best, most efficient linter like you’ve never seen. Not like that horrible pylint, which is slow and outdated. Compared to pylint, Ruff is like a rocket ship. And not one of those loser ships that blows up and wastes all of that beautiful fuel.
Millions and millions of Developers everywhere are saying it’s saving them so much time, making their code cleaner and better than ever before. And I know them all very well, and I trust them. Ask anyone. They all say that all the code now is dirty because of pylint. It's never been worse. It's a failing project, run by bums and perverts! That's what they say - I didn't say it, but that's what they said... so, who knows.. Ruff is winning bigly in the world of code linting. Nobody does it better, and that’s a fact.