TypeScript baseUrl and relative paths configuration => issue "Dependencies should be explicit" (typescript:S4328)

Clement_Fleury_AssoC · January 23, 2020, 10:03am

Context

ALM used : Azure DevOps
CI system used : Azure DevOps
Scanner command used when applicable (private details masked) :

  - task: SonarCloudPrepare@1
    inputs:
      SonarCloud: 'SonarCloud-Clement'
      organization: 'assoconnect'
      scannerMode: 'CLI'
      configMode: 'manual'
      cliProjectKey: 'assoconnect_frontend'
      cliProjectName: 'frontend'
      cliProjectVersion: '$(Build.BuildNumber)'
      cliSources: 'src'
      extraProperties: |
        sonar.tests=src
        sonar.test.inclusions=**/__tests__/**
        sonar.coverage.exclusions=src/pages/**
        sonar.junit.reportPaths=junit.xml
        sonar.typescript.lcov.reportPaths=coverage/lcov.info
        sonar.typescript.tsconfigPath=tsconfig.json
    displayName: 'Prepare SonarQube analysis'

  - task: SonarCloudAnalyze@1
    displayName: 'Run SonarQube analysis'

  - task: SonarCloudPublish@1
    inputs:
      pollingTimeoutSec: '300'
    displayName: 'Publish SonarQube analysis result'

Languages of the repository : TypeScript

Problem observed

For all our imports in .tsx files , we have instances of the “Dependencies should be explicit (typescript:S4328)” issue.

We have configured a baseUrl (https://www.typescriptlang.org/docs/handbook/module-resolution.html#base-url) in our tsconfig.json file so that we don’t have to deal with relative paths.

WebStorm seems OK with this config and the linter doesn’t show any message. But in Sonar, when we import a module, since there is no ./ prepending, it thinks it is an external module and looks for it in the dependencies.

Example

our layout is :

src/
|___pages/
|   |___Index/
|       |___index.tsx
|       |___type.tsx
|___App.tsx
package.json
tsconfig.json

files contents

// package.json
// nothing path-related, only external dependencies
...

// tsconfig.json
{
  "compilerOptions": {
    "baseUrl": "./src/",
...

# src/App.tsx
...
import Index from 'pages/Index' # => ISSUE : Dependencies should be explicit (typescript:S4328)
...

# src/pages/Index/index.tsx
...
import * as Type from './type' # => OK, NO ISSUES
...
import { StoreContext } from 'store' # => ISSUE : Dependencies should be explicit (typescript:S4328)
...
export default () => (
...

Lena · January 29, 2020, 2:47pm

Hi,

Which version of SonarJS and SonarTS are you using?

Clement_Fleury_AssoC · January 29, 2020, 3:53pm

Hi Lena,

we are on SonarCloud and we are using the default quality profile for JS and TS : Sonar way recommended (Built-in).

Thanks

Lena · January 29, 2020, 4:38pm

Hi,

That’s an interesting case we didn’t think about. Actually this rule is ignoring internal (relative) imports (based on ../ or ./) as it’s supposed to check only bad usages of external dependencies. So if we want to cover the case like yours there is no way we can distinguish between internal and external import and we will have to check project directories if such relative path is available.
We will try to bring the fix (ticket).
In the meantime I think the only workaround is to disable the rule as most of issues will be FPs

thanks for the feedback!

Clement_Fleury_AssoC · February 7, 2020, 3:55pm

Hi Lena,

what’s the status on the ticket ?

We are on SonarCloud, using the default “Sonar way recommended” built-in profile, where this rule is active.
I can’t find how to disable this rule, how can I do it ?

Thanks

Lena · February 10, 2020, 8:36am

Hi,

Indeed that’s not possible. In this case you can create “copy” of “Sonar way recommended” and disable the rule in the copy.

Clement_Fleury_AssoC · February 10, 2020, 11:18am

Hi Elena,

thanks for your answer. This is too bad… Should I make a feature request : To inherit from a quality profile, but still be able to disable an inherited rule.

Thanks !

Lena · February 11, 2020, 8:47am

@Clement_Fleury_AssoC we know that this limitation is annoying sometimes but that was conscious to not allow edit profiles.
Btw I just realized that there is another way to deactivate the rule without changing profile: go to project General Settings -> Analysis Scope -> Ignore Issues on Multiple Criteria. There you can put rule key (typescript:S4328) and file pattern matching all files (**/*).

Clement_Fleury_AssoC · February 11, 2020, 11:02am

Hi Elena,

awsome! How can I configure this in the properties file ?
I have seen the sonar.issue.ignore.multicriteria parameter, but how to configure it is not clear and I could not find it in the documentation.

Thanks

Lena · February 11, 2020, 11:37am

It’s really not trivial and not intended to be configured with parameters (thus not documented). So please use UI

system · August 11, 2020, 4:31pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.