Question: what's the suggested usage between NetAnalyzers and FxCopAnalyzers? #4100
Comments
|
@huoyaoyuan Thank you for reporting the issue.
This is a very good point, and I believe lot of customers would want a more aggressive opt-out mode. One simple trick that you can use is define |
Closes dotnet#4100 **Proposal** This new property would allow users to switch between following 3 analysis modes: 1. **Default mode**: Analyzers with enabled by default and severity values that we ship today. It will continue to be the default analysis mode. 2. **OptIn or AllDisabled or Conservative mode**: All analyzers are disabled by default. Only the ones that user explicitly enables in their editorconfig/ruleset will be enabled with the explicitly configured severity. 3. **OptOut or AllEnabled or Aggressive mode**: Majority of analyzers get enabled as warnings, similar to the current FxCop analyzers package. We still want some security rules and no longer recommended rules to be disabled, but for all practical purposes, we can consider this to be the most aggressive analysis mode for the package. The property should work amicably with AnalysisLevel, i.e. if user sets AnalysisLevel to 5.0, the aggressive, all-enabled mode only turns on rules shipped in or before 5.0 to warnings. Rules shipping after 5.0 will still be turned off by default. **Targeted scenarios** 1. **User requests**: We already have a few user requests to enable aggressive analysis mode, similar to FxCop analyzers: 1. dotnet#4100: This was requested from a customer from Jon’s blog. 2. dotnet/roslyn#47046: This was requested from a customer trying out our bulk configuration editorconfig functionality to switch NetAnalyzers to be as aggressive as FxCopAnalyzers This feature enables users who are super passionate about analyzers and code quality to easily switch to an opt-out, aggressive, analysis mode, which seems fantastic to me! At the same time, it helps users who like complete opt-in model with explicit control over each rule that is enabled in their configuration file. 2. **Path to deprecation for FxCopAnalyzers package**: Currently, we ship identical CA rules in FxCopAnalyzers and NetAnalyzers package/SDK. The only difference is default severity and enabled by default values for rules. Adding this AnalysisMode knob means existing FxCop analyzer customers can easily migrate to the .NET SDK based analyzers and get equivalent functionality and this allows us to deprecate this package soon. This will make the overall code quality analyzers story much cleaner from an end user perspective.
After reading the post in devblog, I've got some questions:
Is it supported to use the two analyzer packages at the same time?
After upgrading to .NET 5 Preview 8, there is a warning icon in IDE for FxCopAnalyzers package. I'm afraid there's some conflict between the two packages.
What's the suggested way to aggressively opt-in more up-to-date analysis?
FxCopAnalyzers and NetAnalyzers carries many analyzers, and some of them are old and not suitable for .NET 5. The default severity of FxCopAnalyzers looks too aggressive, where NetAnalyzers looks too loose. It's unclear that which rule set is suggested.
I mentioned New rule: Extra type checking / type casting #4002 (comment) . But there are also other analyzers defaults to a different severity level like CA1305.
The text was updated successfully, but these errors were encountered: