Add guidelines for deprecating tools. Deprecate jshint and jslint (#224)

Author: mre

CONTRIBUTING.md

@@ -1,3 +1,5 @@
+# How to add a new tool to the list
+
 Please feel free to open a pull request if you know of a code analysis tool that is not mentioned here.  
 If you're in doubt if a tool is a good fit for the list, **don't open an issue, but create a pull request right away** because that's easier to handle. Thanks! :smiley:
 
@@ -41,4 +43,23 @@ If you can, please limit yourself to only one category.
 This way, all tools get treated fairly and the list is easier to read.
 
 
+# How to mark a tool as unmaintained/deprecated
+
+Sometimes it happens that a tool becomes unmaintained and there's nothing wrong
+with that.  
+After all, a tool can still be very valuable to the community - even without
+frequent updates.  
+However, since it is one of the goals of this project to allow people to make an
+informed decision on what is the best tool for the job, we are marking
+unmaintained or deprecated tools with a :warning: (`:warning:`) sign.
+This sign indicates that the community does not recommend to use this tool for
+new projects anymore.
+
+[Here](https://github.com/mre/awesome-static-analysis/issues/223) is a nice
+discussion about why we think this is necessary. If you find a tool, which is
+unmaintained, please create a pull request which adds the `:warning:` sign and
+provide an objective explanation as to why you think the tool should be marked.
+Every deprecation will be handled on a case-by-case basis.
+
+
 **Thanks for helping out!** :tada:

README.md

@@ -3,7 +3,11 @@
 > Static program analysis is the analysis of computer software that is performed without actually executing programs — [Wikipedia](https://en.wikipedia.org/wiki/Static_program_analysis)
 
 This is a collection of static analysis tools and code quality checkers. Pull requests are very welcome!  
-**Note: :copyright: stands for proprietary software. All other tools are Open Source.**  
+
+* :copyright: stands for proprietary software. All other tools are Open Source.
+* :warning: indicates that the community does not recommend to use this tool for
+  new projects anymore as it is outdated or no longer maintained.
+
 Also check out the sister project, [awesome-dynamic-analysis](https://github.com/mre/awesome-dynamic-analysis).  
 
 # Table of Contents
@@ -251,8 +255,8 @@ Also check out the sister project, [awesome-dynamic-analysis](https://github.com
 * [eslint](https://github.com/eslint/eslint) - A fully pluggable tool for identifying and reporting on patterns in JavaScript
 * [Esprima](https://github.com/jquery/esprima) - ECMAScript parsing infrastructure for multipurpose analysis
 * [flow](https://flow.org/) - A static type checker for JavaScript.
-* [jshint](https://github.com/jshint/jshint) - detect errors and potential problems in JavaScript code and enforce your team's coding conventions
-* [JSLint](https://github.com/douglascrockford/JSLint) :copyright: - The JavaScript Code Quality Tool
+* [jshint](https://github.com/jshint/jshint) :warning: - detect errors and potential problems in JavaScript code and enforce your team's coding conventions
+* [JSLint](https://github.com/douglascrockford/JSLint) :warning: - The JavaScript Code Quality Tool
 * [JSPrime](https://github.com/dpnishant/jsprime) - static security analysis tool
 * [NodeJSScan](https://github.com/ajinabraham/NodeJsScan) - NodeJsScan is a static security code scanner for Node.js applications.
 * [plato](https://github.com/es-analysis/plato) - Visualize JavaScript source complexity

ci/Cargo.lock

@@ -1,9 +1,10 @@
 [package]
 authors = ["Matthias Endler <[email protected]>"]
 name = "ci"
-version = "0.2.0"
+version = "0.3.0"
+edition = "2018"
 
 [dependencies]
-lazy_static = "0.2.9"
-regex = "0.2.2"
-failure = "0.1.1"
+lazy_static = "1.2.0"
+regex = "1.1.0"
+failure = "0.1.5"

ci/Cargo.toml

@@ -1,25 +1,17 @@
 // `error_chain!` can recurse deeply
 #![recursion_limit = "1024"]
 
-#[macro_use]
-extern crate failure;
-
-#[macro_use]
-extern crate lazy_static;
-
-extern crate regex;
-
-use failure::{Error, err_msg};
+use lazy_static::lazy_static; 
+use failure::{Error, err_msg, bail};
 use regex::Regex;
-use std::fmt;
 use std::cmp::Ordering;
 
 lazy_static! {
-    static ref TOOL_REGEX: Regex = Regex::new(r"\*\s\[(?P<name>.*)\]\((?P<link>http[s]?://.*)\)\s(:copyright:\s)?\-\s(?P<desc>.*)").unwrap();
+    static ref TOOL_REGEX: Regex = Regex::new(r"\*\s\[(?P<name>.*)\]\((?P<link>http[s]?://.*)\)\s(:warning:\s)?(:copyright:\s)?\-\s(?P<desc>.*)").unwrap();
     static ref SUBSECTION_HEADLINE_REGEX: Regex = Regex::new(r"[A-Za-z\s]*").unwrap();
 }
 
-struct Tool {
+pub struct Tool {
     name: String,
     link: String,
     desc: String,
@@ -55,7 +47,7 @@ impl Ord for Tool {
     }
 }
 
-fn check_tool(tool: &str) -> Result<Tool, Error> {
+pub fn check_tool(tool: &str) -> Result<Tool, Error> {
     println!("Checking `{}`", tool);
     // NoneError can not implement Fail at this time. That's why we use ok_or
     // See https://github.com/rust-lang-nursery/failure/issues/61
@@ -79,7 +71,7 @@ fn check_tool(tool: &str) -> Result<Tool, Error> {
     Ok(Tool::new(name, link, desc))
 }
 
-fn check_section(section: String) -> Result<(), Error> {
+pub fn check_section(section: String) -> Result<(), Error> {
     // Ignore license section
     if section.starts_with("License") {
         return Ok(());
@@ -108,14 +100,14 @@ fn check_section(section: String) -> Result<(), Error> {
     check_ordering(tools)
 }
 
-fn check_ordering(tools: Vec<Tool>) -> Result<(), Error> {
+pub fn check_ordering(tools: Vec<Tool>) -> Result<(), Error> {
     match tools.windows(2).find(|t| t[0] > t[1]) {
         Some(tools) => bail!("`{}` does not conform to alphabetical ordering", tools[0].name),
         None => Ok(()),
     }
 }
 
-fn check(text: String) -> Result<(), Error> {
+pub fn check(text: String) -> Result<(), Error> {
     let sections = text.split("\n# ");
 
     // Skip first two sections,
@@ -129,6 +121,7 @@ fn check(text: String) -> Result<(), Error> {
     Ok(())
 }
 
+#[cfg(test)]
 mod tests {
     use super::*;
     use std::fs::File;