In Bento 0.8, we’ve significantly reduced its file footprint and tuned its default behavior for individual use, rather than something that requires team-wide adoption. We also made Bento’s source code publicly available, shipped more new checks, and made a number of usability improvements.
☀️ New Bento behavior
Consistent feedback is leading us to change Bento’s out-of-the-box behavior. In user research interviews and GitHub issues over the past month we’ve consistently heard that Bento’s file footprint and modification of Git state made it challenging to adopt. v0.8 emphasizes an incremental and personal, rather than team-wide, workflow that makes Bento a smaller commitment to use:
Other project contributors won’t see Bento’s files and their workflows won’t change. Bento is just for you.
You no longer need to manually run Bento. After initialization Bento will automatically check for issues in your code as you commit, analyzing only the files that have changed.
You won’t see a project’s tech debt during initialization. It’s still there for you though when you’re ready to take a peek and tackle it with your team.
Bento can also analyze all the code in your project or its paths with:
$ bento check --all [PATHS]
Learn more about our approach to personal and team-wide use, including how to configure Bento for CI, in this blog post.
📈 New Speciality Checks
We’ve added four new specialty checks this release and enabled Docker and shell file checking. See checks.bento.dev for full documentation.
For Flask:
missing-jwt-token: when using JSON Web Tokens (JWT) for authentication in web services, this check detects cases where authentication decorators may be missing from certain routes and recommends their usage for API data security
use-blueprint-for-modularity: recommends using Blueprint when there are too many route handlers in a single file. Blueprint encourages modularity and can greatly simplify how large applications work and provide a central means for Flask extensions to register operations on applications. See Modular Applications with Flask.
For Click:
option-function-argument-check: Identifies when
@click.option
flags don’t match the function definition.launch-uses-literal: Identifies non-literal URLs used in
click.launch()
, which could direct a browser to a malicious site.
🧪 Focusing on the Flask Community
We’re pausing our JavaScript and TypeScript support and focusing on using Bento on Python web applications, in particular Flask. In the near-term our program analysis efforts will be on writing specialty checks for Flask and its extensions, and we’ll return to JS/TS later in the year. As a small team, we know the best tool will come from being obsessed with one community at a time, and it’s a hard decision for us to pause work on JS/TS. You’ll still be able to use ESLint and our curated defaults in Bento, but it won’t be enabled out-of-the-box. You can turn it on via: $ bento enable tool eslint
This release brings a lot of change to Bento. Please don’t hesitate to reach out to us for support or discussion via support@r2c.dev or on Slack.
Happy coding, The Bento Team