A Tech Radar unfortunately doesn't prevent engineers installing modules they shouldn't. As Jeff Bezos says, "Good intentions don't work, good mechanisms do". One not very good mechanism is to use a private npm repository, but this blocks both direct and transitive dependencies, making it impractical. Another is to scan repositories looking for violations, but this is too late.
Instead, the approach taken by this module is to write a custom eslint plugin for validating the dependencies listed in package.json. The rules can be defined in a shared configuration, and just like eslint, run automatically on pre-commit/pre-push hooks and as part of a CI/CD pipeline. You also have a familiar escape hatch, should teams need to downgrade, ignore or reconfigure rules on a repository by repository basis. Better yet, changes to the rules can be accompanied by healthy and documentent discussion in the form of issues and/or pull requests.
A snag with this approach is that the local install of the shared configuration must always be up-to-date. For this reason, eslint-plugin-tech-radar also includes a latest rule for ensuring that the latest published version of a module is installed. Prime this with the name of your shared configuration module, and the linter will fail if a more recent version of the lint rules are available.
Another snag is that a pre-commit hook is still too late to prevent undesirable dependencies from being installed. You can work around this by running eslint from an npm dependencies script.
-
Build a Tech Radar for your node dependences. e.g.
name,ring,quadrant,isNew,description prisma,hold,backend,FALSE,Persistence winston,hold,backend,FALSE,Logging bunyan,hold,backend,FALSE,Logging @pgtyped/query,assess,TRUE,Persistence orchid-orm,trial,backend,FALSE,Persistence pino,adopt,backend,FALSE,Logging sequelize,adopt,backend,FALSE,Persistence
-
Export the Tech Radar to JSON rule configuration.
npx --package=eslint-plugin-tech-radar -- export-tech-radar \ --input radar.csv \ --documentation https://github.com/your-organisation/tech-radar \ --output radar.json
-
Create a shared configuration similar to this example. Export the Tech Radar json file and eslint configuration from the module to make it easier to ignore specific dependencies in the repositories that use it.
-
Include the shared configuration in your application's eslint rules as per this example.
Reports packages that that do not adhere to the Tech Radar
"tech-radar/adherence": [
"error",
{
"hold": [
"prisma",
"winston",
"bunyan"
],
"assess": [
"@pgtyped/query"
],
"trial": [
"orchid-orm"
],
"adopt": [
"pino",
"sequelize"
],
"ignore": [
],
"documentation": "https://github.com/your-organisation/tech-radar"
}
]
The linter will fail if package.json includes a dependency that is on hold or under assessment. Use the ignore
array to suppress errors about a dependency without removing it from hold
or access
. Works with production, development, peer and optional dependencies.
> eslint .
~/your-application/package.json
1:1 error Package 'slonik' is not on the tech radar. See https://github.com/your-organisation/tech-radar for more details tech-radar/adherence
1:1 error Package 'prisma' is discouraged. See https://github.com/your-organisation/tech-radar for more details tech-radar/adherence
✖ 2 problems (2 errors, 0 warnings)
Reports packages that are behind the latest version.
"tech-radar/latest": [
"error",
{
"packages": [
"eslint-config-your-organisation"
]
}
]
Works with production, development, peer and optional dependencies (if installed). Ignores dependencies that are specificed by url.
> eslint .
~/your-application/package.json
1:1 error Package 'eslint-config-your-organisation' must be version 1.0.2. tech-radar/latest
✖ 1 problem (1 error, 0 warnings)
As mentioned in the instructions, we provide a script for exporting Tech Radar csv files. The usage for this script is as follows...
Usage: npx --package eslint-plugin-tech-radar -- export-tech-radar [options]
Options:
-i, --input <path> Specify the path to the input file (optional)
-d, --documentation <url> Specify the documentation url (mandatory)
-q, --quadrant <string> Specify the quadrant used for dependencies (optional)
-o, --output <path> Specify the path to the output file (optional)
Example:
npx --package eslint-plugin-tech-radar -- export-tech-radar \
--input radar.csv \
--documentation https://github.com/your-organisation/tech-radar \
--quadrant dependencies \
--output radar.json
If an input file is not specified the script will read from stdin. If an output file is not specified the script will write to stdout. If a quadrant is specified, the script will only include entries for that quadrant.
eslint-plugin-tech-radar was inspired by eslint-plugin-package-json-dependencies