Introduction for
sonarwhal
@sota1235
Roppongi.js #2@Mercari, Inc
2018/4/24
Slide 2
Slide 2 text
console.log(me)
• Sota Sugiura(きりん)
• @sota1235
• Mercari, Inc.
• 将来の夢はJavaScript
になることです
Slide 3
Slide 3 text
今⽇の話
Slide 4
Slide 4 text
No content
Slide 5
Slide 5 text
About sonarwhal
Slide 6
Slide 6 text
sonarwhal is a linting tool that will help
you with your site's accessibility, speed,
security and more, by checking your code
for best practices and common errors.
Interoperability
• 'content-type' header should have
'charset=utf-8'
• No viewport meta tag was specified
• Response with status code 404 had
less than 512 bytes
Slide 25
Slide 25 text
Interoperability
• 'content-type' header should have
'charset=utf-8'
• No viewport meta tag was specified
• Response with status code 404 had
less than 512 bytes
Performance
• Should be served compressed with
gzip when gzip compression is
requested.
• Should be served compressed with
Brotli when Brotli compression is
requested over HTTPS.
• No "cache-control" header or empty
value found. It should have a value
Slide 29
Slide 29 text
Performance
• Should be served compressed with
gzip when gzip compression is
requested.
• Should be served compressed with
Brotli when Brotli compression is
requested over HTTPS.
• No "cache-control" header or empty
value found. It should have a value
_⼈⼈⼈⼈⼈⼈_
> スパルタ <
 ̄Y^Y^Y^Y^Y ̄
Slide 30
Slide 30 text
Performance
• File "bn_goods.png" can be 9.88kB
(56%) smaller.
• 何を根拠に…?
Security
• 'x-content-type-options' header is
not specified
• 'set-cookie' header to set 'nid'
doesn't have the 'secure' directive.
• Resource https://hoge.com/_shared/
js/jquery.easing.js requested
without the "integrity" attribute
Slide 37
Slide 37 text
Security
• jQuery@1.x.x has 1 known
vulnerabilities (1 medium). See
https://snyk.io/vuln/npm:jquery for
more information.
• '' is missing
'rel' values 'noopener',
‘noreferrer'