~ 2 min read
Innovating Open Source by building on the giants of others
We often find ourselves creating a new libraries, tools, and some times frameworks and bigger projects. When you end up releasing those works as Open Source you get my appreciation and love, if you don’t, I’ll end up hunting you and make you memorize The Cathedral and the Bazaar.
I had recently started working on a Security-based static code analysis tool that you can easily plug-in to your Gulp build process.
Static Code Analysis (SCA) is just like using your JavaScript linting tools but to check secure code guidelines and insecure code.
To build this tool I could just write this Gulp plugin from scratch that scans a provided glob pattern and does a simple string or regular expression matching. Simple, right?
That may seem tempting, but if you’re familiar with Gulp then you probably know that it is often associated with Linux’s philosophy for command line tools — many tiny tools, each does a very focused task, and together they are put to a solve a bigger task.
The same is with Gulp, it pipes input into one function, and that function pipes it’s output to another, this way many gulp plugins can be used together to build a more complex flow.
Keeping up with this philosophy I wrote Mr Audit, a security-oriented SCA tool which extends and builds on a more popular and well tested plugin: gulp-contains, which as you can tell the entire job for that plugin is to match text contents with files.
Things are actually pretty simple, and it very much boils down to the following code if you want to extend a gulp plugin with your own implementation:
The above snippet has been simplified but it conveys the paradigm of extending other great tools.
Go ahead and share with me some of the great plugins you’ve used with Gulp, or ideas you have to improve the build process.
You’re also welcome to join and help out with this Gulp plugin at: https://github.com/lirantal/gulp-mraudit