-
Notifications
You must be signed in to change notification settings - Fork 372
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Integrate TS types into Helmet directly #188
Comments
This is something I've thought about a fair bit. While TypeScript support has certainly been on my mind, it hasn't felt like a pressing issue, so I've mostly kicked the can down the road. But given that TypeScript's adoption seems to be growing, the issue will only become more urgent. Before talking about the options, it's important to me that I'm able to do some typechecking at runtime for anyone using JavaScript. For example, if you pass a number when you should've passed a string, I want to throw a runtime error. I could be talked out of this, but I think it's valuable, especially for a security module. I think there are four possible options for Helmet:
Based on this, I'm leaning towards Option #2. What do you (or others) think? If we do any conversion, we should convert one sub-package at a time (ienoopen is probably the simplest). |
Hi, I'm the Definitely Typed maintainer (and on the Typescript team). A few comments:
Usually, I wouldn't recommend (2). It requires a lot of commitment from a typescript expert, or a little commitment and knowledge from everybody who contributes to the project -- about the same as (3), except that you don't notice when the types are wrong. |
@sandersn This is helpful—gives me plenty to think about.
A question: if I want to do type checking at runtime, can I do this with TypeScript, or do I have to do it in JavaScript? For example, if I have a function that takes a string (and is typed that way), how can I write a test in TypeScript that passes a number?
|
In the case of Helmet (and sub projects) where the api's are quite minimal I'm not sure a huge impact would be felt by having to update the types although it does add a barrier to contributors who don't know typescript as mentioned. The question about testing for runtime type checks is interesting, I can't think of a way to do it without having some tests in raw JS because you'd be directly conflicting with the type system unless we just ignored the errors / warnings around those tests. |
@EvanHahn re runtime type checking and testing. The testing is easy, you just cast the badly typed arguments to () => {
expect(() => f(1 as any)).toThrow("Expected string!")
} I haven't done any runtime type checking myself since I'm too heavily steeped in static typing, but my co-workers have looked at io-ts (I found an introduction here.). I think the basic idea is that you still have to write some code to emit runtime type checks, but at least those checks are understood by the compiler while you're editing. I can't personally vouch for the library, but it's the name I've heard the most often in the Typescript world. |
Just attempted to rewrite I'm familiar with TypeScript but am hardly an expert (notably when it comes to best practices, like which modules to install or how to structure projects). |
|
I might be late to the party, but I think there's a fourth option missing from the list: Use JSDoc to define types for everyone to benefit from:
Potential solutions to generating the type definitions: The approach suggested above is currently being investigated in the Converting |
@mroderick I like this JSDoc approach, but most of Helmet's subpackages (actually, maybe all? I need to check) have already been rewritten in TypeScript. I'd be very curious to know what the |
sinonjs/sinon#2003 is likely to be a good thread to follow regarding JSDoc. I imagine we'll leave breadcrumbs to whatever we end doing (or not) for TypeScript support |
TypeScript types were added to Helmet in version 4, which you can install with |
I noticed that for a while the helmetjs project has been active in reviewing updates to the DefinetelyTyped definitions for helmet and wondered if it was worth migrating the types to this repository.
They could still be a second class citizen, but it would mean users only need to include a single dependency to get the types and the helmet project would be able to ship changes more readily to the types without having to wait for the changes to go out via DT.
This may not be practical as it'll add overhead to the maintainership of helmet, but if time is already being spent to review the types it could actually reduce the effort even if changes are left to the community to submit PR's for.
As a user of helmet and typescript I'd be happy to help maintain the types and be tagged as a reviewer if in any community PR's.
This discussion has been bought over from DefinitelyTyped/DefinitelyTyped#33507
The text was updated successfully, but these errors were encountered: