Skip to content

EDU-15496 - Implementing FastStore Analyzer #2032

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

EDU-15496 - Implementing FastStore Analyzer #2032

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
20dae3f
Create implementation.md
barbara-celi Jun 27, 2025
4d2a2ac
Doc reviewed by localization.
kaio-donadelli Jul 18, 2025
dbc1be5
Merge pull request #2078 from vtexdocs/l10n_EDU-15496-implementing-an…
barbara-celi Jul 31, 2025
c5dd6cd
chore/moving file to correct folder
barbara-celi Jul 31, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
115 changes: 115 additions & 0 deletions docs/faststore/docs/faststore-analyzer/implementation.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,115 @@
---
title: "Implementing FastStore Analyzer"
---

In this guide, you'll learn how to securely implement [Extension points](LINK) in [FastStore modules](LINK) by using FastStore Analyzer.

FastStore Analyzer is a static analysis tool that helps maintain code quality and security in FastStore projects. By integrating it into your development workflow with customizable CLI hooks, it scans your codebase to identify issues before they affect your build.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

📝 [Grammar reviewer] reported by reviewdog 🐶
Rephrasing improves sentence flow and clarity by making 'FastStore Analyzer' the clear subject of the scanning action, avoiding the slightly awkward 'By integrating it... it scans' construction.

Suggested change
FastStore Analyzer is a static analysis tool that helps maintain code quality and security in FastStore projects. By integrating it into your development workflow with customizable CLI hooks, it scans your codebase to identify issues before they affect your build.
FastStore Analyzer is a static analysis tool that helps maintain code quality and security in FastStore projects. Integrated into your development workflow with customizable CLI hooks, FastStore Analyzer scans your codebase to identify issues before they affect your build.


Follow the steps below to implement FastStore Analyzer in your store.

## Before you begin

<Steps>

### Install the FastStore Platform CLI

Make sure you’re using the FastStore Platform CLI by installing the `@vtex/fsp-cli` package, which provides the necessary hooks and the basic structure for implementing the modules.

Learn more in the [FastStore Platform CLI](LINK) guide.

### Add the Analyzer to your project

To add the Analyzer to your project, run the following command:

```bash
pnpm add @vtex/fsp-analyzer
```

This will equip your project with the tools to maintain code quality and security standards throughout development.

### Explore the `hooks` folder

Your project's `hooks` folder allows you to add custom hooks to the development lifecycle. These hooks can be executed at different runtime stages, such as:

- `preBuild`: Runs before the build process.
- `postBuild`: Runs after the build process.
- `preDev`: Runs before the development server starts.
- `postDev`: Runs after the development server starts.

>ℹ Hooks are defined in the `src/hooks` folder and are executed according to the file name (example: `pre.ts` will run before `post.ts`).
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

📝 [Grammar reviewer] reported by reviewdog 🐶
Using 'e.g.' (exempli gratia) or 'For example,' is more formal and standard in technical documentation than 'example:'.

Suggested change
>ℹ Hooks are defined in the `src/hooks` folder and are executed according to the file name (example: `pre.ts` will run before `post.ts`).
>ℹ Hooks are defined in the `src/hooks` folder and are executed according to the file name (e.g., `pre.ts` will run before `post.ts`).


</Steps>

## Instructions

To ensure the Analyzer runs as part of your build process and catches potential issues as early as possible, we recommend configuring the Analyzer in the `preBuild` hook. This hook allows the Analyzer to scan your code before the build starts, helping to detect and address issues early in the development cycle.

### Step 1 - Creating a pre-build hook

1. Open your FastStore project using the code editor of your choice.
2. Go to the `hooks/pre.tsx` file.
3. Add the following content:

```typescript
import { FastStoreSandboxAnalyzer } from "@vtex/fsp-analyzer";

export async function preBuild() {
const analyzer = new FastStoreSandboxAnalyzer();

try {
await analyzer.analyzeFiles({
filePattern: '{{your-module}}/**/*.{js,ts,jsx,tsx,css,less,scss}',
cssOptions: {
allowedNamespaces: ['extension-'],
transformNonCompliant: true,
defaultNamespace: 'extension-',
verbose: true,
overwriteTransformed: true,
}
});
} catch (error) {
console.error("Pre-build static analysis failed:", error);
throw error;
}
}
```

| Field | Type | Description |
|:------|:-----|:------------|
| `filePattern` | `string` | Glob pattern defining the files to be analyzed (example: `.{js,ts,jsx,tsx,css,less,scss}`). **Replace `{{your-module}}` based on your scenario.** |
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

📝 [Grammar reviewer] reported by reviewdog 🐶
Using 'e.g.' (exempli gratia) or 'For example,' is more formal and standard in technical documentation than 'example:'.

Suggested change
| `filePattern` | `string` | Glob pattern defining the files to be analyzed (example: `.{js,ts,jsx,tsx,css,less,scss}`). **Replace `{{your-module}}` based on your scenario.** |
| `filePattern` | `string` | Glob pattern defining the files to be analyzed (e.g., `.{js,ts,jsx,tsx,css,less,scss}`). **Replace `{{your-module}}` based on your scenario.** |

| `cssOptions` | `object` | Options for validating and transforming CSS namespace usage. |
| &nbsp;&nbsp;├─`allowedNamespaces` | `string` | Array of allowed CSS namespace prefixes (example: `['extension-']`). Only selectors with these prefixes will be considered compliant. |
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

📝 [Grammar reviewer] reported by reviewdog 🐶
Using 'e.g.' (exempli gratia) or 'For example,' is more formal and standard in technical documentation than 'example:'.

Suggested change
| &nbsp;&nbsp;├─`allowedNamespaces` | `string` | Array of allowed CSS namespace prefixes (example: `['extension-']`). Only selectors with these prefixes will be considered compliant. |
| &nbsp;&nbsp;├─`allowedNamespaces` | `string` | Array of allowed CSS namespace prefixes (e.g., `['extension-']`). Only selectors with these prefixes will be considered compliant. |

| &nbsp;&nbsp;├─`transformNonCompliant` | `boolean` | If `true`, automatically updates non-compliant CSS selectors to match the expected namespace format. |
| &nbsp;&nbsp;├─`defaultNamespace` | `string` | Default namespace prefix applied to selectors when auto-fixing non-compliant CSS (example: ` 'extension-'`. |
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[markdownlint] reported by reviewdog 🐶
MD038/no-space-in-code Spaces inside code span elements [Context: " 'extension-'"]

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

📝 [Grammar reviewer] reported by reviewdog 🐶
Using 'e.g.' (exempli gratia) or 'For example,' is more formal and standard in technical documentation than 'example:'. Also, removed an unnecessary space before the single quote for better typography.

Suggested change
| &nbsp;&nbsp;├─`defaultNamespace` | `string` | Default namespace prefix applied to selectors when auto-fixing non-compliant CSS (example: ` 'extension-'`. |
| &nbsp;&nbsp;├─`defaultNamespace` | `string` | Default namespace prefix applied to selectors when auto-fixing non-compliant CSS (e.g., `'extension-'`). |

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[markdownlint-fix] reported by reviewdog 🐶

Suggested change
| &nbsp;&nbsp;├─`defaultNamespace` | `string` | Default namespace prefix applied to selectors when auto-fixing non-compliant CSS (example: ` 'extension-'`. |
| &nbsp;&nbsp;├─`defaultNamespace` | `string` | Default namespace prefix applied to selectors when auto-fixing non-compliant CSS (example: `'extension-'`. |

| &nbsp;&nbsp;├─`verbose` | `boolean` | If `true`, provides detailed output and saves transformed files to disk. |
| &nbsp;&nbsp;└─`overwriteTransformed` | `boolean` | If `true`, overwrites existing files with their transformed versions. |

Learn more about CSS options in the [CSS Analysis](LINK) guide.

### Step 2 - Executing static analysis

Register the hook in your project's entry point:

```typescript
export const hooks = {
preBuild,
// ... other hooks
};
```

Run your project:

```bash
pnpm run dev
```

Build your project:

```bash
pnpm run build
```

After completing these steps, you should see the Analyzer output in the console, as shown in the example below:

![analyzer-output]()
Loading