Freshworks Developer Docs | Validate the app

When running the fdk validate and fdk pack commands on an app, the Freshworks Developer Kit (FDK) performs linting on the app’s source code and reports possible errors. The rules that the linter goes through are a collection of best practices that the app should adhere to. Violations are displayed based on the severity category (Warning/Error) and they must be fixed before the app is submitted for approval to the Freshworks Marketplace.

Adhering to these rules ensures that the app conforms to the quality and security standards of a Freshworks Marketplace app.

Note:You can use the $fdk validate --fix command to auto-fix no-debugger and no-unreachable errors.

Avoid cross scope variable assignment (no-cross-scope-assign)

Category: Warning

Description: When writing asynchronous code, avoid declaring and assigning variables in different scopes as this can create subtle race condition bugs.

app.js

Correct code

Incorrect code

$(document).ready(function () {
  app.initialized()
    .then(function (_client) {
      var client = _client;
      client.events.on('app.activated',
        function () {
          var dummyVar = 9;
          // Rest of the logic that makes use of 'dummyVar' ...
        });
    })
    .catch(function (err) {
      if (err) {
        console.error('Error - ', err);
      }
    });
});

No unhandled promises (no-unhandled-promise)

Category: Warning

Description: Forgetting to handle promise rejections can lead to ambiguous behavior in the application.

app.js

Correct code

Incorrect code

$(document).ready(function () {
  app.initialized()
    .then(function (_client) {
      var client = _client;
      client.events.on('app.activated',
        function () {
        //Some logic
      });
    })
    .catch(function (err) {
      if (err) {
        console.error('Error - ', err);
          //Some logic to handle the error
      }
    });
});

Disallow non-Request API calls in the front end (no-non-client-request-model)

Category: Warning

Description: Ensure that REST API calls are made from front-end apps using the Request method to subvert many security issues and to work within the CORS policy of a browser.

app.js

Correct code

Incorrect code

$(document).ready(function () {
  app.initialized()
    .then(function (_client) {
      var client = _client;
        client.events.on('app.activated',
          function () {
            client.request.get("https://www.example.com", {})
              .then(
              function (data) {
                //handle "data"
                //"data" is a json string with status, headers, and response.
              },
              function (error) {
                //handle failure
              }
          );
        });
    })
    .catch(function (err) {
      if (err) {
          console.error('Error - ', err);
          //Some logic to handle the error
      }
  });
});

Disallow logging just the error object during promise rejections (no-logging-rejections)

Category: Warning

Description: In promise rejection handlers, logging only the error object is not sufficient. The error should be reported (via notifications) to users/agents, in layperson's terms, so that they can undertake subsequent actions.

app.js

Correct code

Incorrect code

$(document).ready(function () {
  app.initialized()
    .then(function (_client) {
      var client = _client;
      client.events.on('app.activated',
        function () {
          // Some logic
      });
    })
    .catch(function (err) {
      if (err) {
        console.error('Error - ', err);
        //Some logic to handle the error
        }
    });
});

Remove unused dependencies and avoid the use of unlisted dependencies (no-dependency-mismatch)

Category: Error

Description: In serverless applications, avoid using dependencies that are declared but left unused and dependencies that are used but undeclared.

Correct code

Incorrect code

manifest.json

{
  "platform-version": "2.3",
  "product": {
    "freshworks_crm": {
      "events": {
        "onContactCreate": {
          "handler": "onContactCreateHandler"
        }
      }
    }
  },
  "engines": {
    "node": "18.17.1",
    "fdk": "9.0.4"
  },
  "dependencies": {
    "lodash": "4.0.0"
  }
}

server.js

var _ = require('lodash');
exports = {
    events: [
        { event: 'onContactCreate', callback: 'onContactCreateHandler' },
    ],
    onContactCreateHandler: function (args) {
        console.log('Hello ' + args['data']['actor']['name']);
        // Some logic with lodash
    }
};

Limit cyclomatic complexity (complexity)

Category: Warning

Description: Cyclomatic complexity measures the number of linearly independent paths through a program's source code. The current threshold is 7.

app.js

Correct code

Incorrect code

// Extracting sub-functionality into seperate functions is a good way to reduce code complexity
$(document).ready(function () {
  app.initialized()
    .then(function (_client) {
      var client = _client;
      client.events.on('app.activated',
      function () {
        var a, b, c, d, e, f, g = 1;
        //Make the code modular
        var resOne = doSomething1(a, b, c);
        var resTwo = doSomething2(d, e, g);
        if (resOne === resTwo) {
            doSomething3(a,c,f);
        }
      });
    })
    .catch(function (err) {
        if (err) {
            console.error('Error - ', err);
            //Some logic to handle the error..
        }
    });
});

function doSomething1(a, b, c) {
  // return some value after executing this fn.
  if (a == 0) {
      // some logic
  } else if (b == 2) {
      // some logic
  } else if (c === 4) {
      // some logic
  }
}

function doSomething2(d, e, g) {
  // return some value after executing this fn.
  if (d == e) {
      // some logic
  } else if (g > d) {
      // some logic
  } else if (d > e) {
      // some logic
  }
}

function doSomething3(a, c, f) {
  // return some value after executing this fn.
  if (c > a + f) {
      // some logic
  } else {
      // some logic
  }
}

Limit the depth of nested callbacks (max-nested-callbacks)

Category: Warning

Description: In asynchronous programming, when using a callback function, a common pitfall is nesting callbacks. The deeper callbacks are nested, the more difficult it is to read the code. The threshold of nested callbacks is 4.

app.js

Correct code

Incorrect code

// Promise chaining is one way to prevent callback hell
$(document).ready(function () {
  app.initialized()
    .then(function (_client) {
      var client = _client;
      client.events.on('app.activated',
        function () {
          var dataObj = {};
            client.data.get("loggedInUser")
              .then(function (loggedInUser) {
                //1. Getting Logged-In user
                dataObj.loggedInUser = loggedInUser;
                return client.data.get("contact");
                })
              .then(function (contact) {
                //2. Getting the contact
                dataObj.contact = contact;
                return client.data.get("company");
                })
              .then(function (company) {
                dataObj.company = company;
                //3. Getting the company
                //Do something with the 'dataObj'
                })
              .catch(function (err) {
                if (err) {
                  console.error('Error - ', err);
                  // Handle error if something goes wrong
                }
              });
            });
        })
      .catch(function (err) {
        if (err) {
          console.error('Error - ', err);
          //Some logic to handle the error
        }
    });
});

Enforce callback error handling (handle-callback-err)

Category: Warning

Description: The callback pattern, typically used in asynchronous programming, expects an error object or null as the first argument of the callback. Forgetting to handle this can lead to ambiguous behavior in the application.

app.js

Correct code

Incorrect code

$(document).ready(function () {
  app.initialized()
    .then(function (_client) {
      var client = _client;
      client.events.on('app.activated',
        function () {
          // Some logic
        });
    })
    .catch(function (err) {
        if (err) {
          console.error('Error - ', err);
          //Some logic to handle the error
        }
    });
});

Disallow use of caller/callee (no-caller)

Category: Warning

Description: The use of arguments.caller and arguments.callee is deprecated in JavaScript. Avoid using these in ECMAScript 5, in strict mode.

Correct Approach

Avoid using arguments.caller and arguments.callee.

Incorrect code

app.js

$(document).ready(function () {
  app.initialized()
    .then(function (_client) {
      var client = _client;
      client.events.on('app.activated',
        function () {
          var callee = arguments.callee;
          // Some logic dealing with callee
        });
    })
    .catch(function (err) {
      if (err) {
        console.error('Error - ', err);
        //Some logic to handle the error
      }
    });
});

Disallow process.env (no-process-env)

Category: Warning

Description: The process.env object in Node.js is used to store deployment or configuration parameters. Littering it throughout a project can lead to maintenance issues, as it is another kind of global dependency.

Correct Approach

Avoid using process.env.

Incorrect code

server.js

exports = {
  events: [
    { event: 'onTicketCreate', callback: 'onTicketCreateHandler' },
  ],
  onTicketCreateHandler: function (args) {
    var config  = process.env;
    // Some logic
  }
};

Disallow unused variables (no-unused-vars)

Category: Error

Description: Variables that are declared and not used anywhere in the code might be residues of incomplete refactoring. Retaining these variables takes up space in the code and can lead to confusion.

Correct Approach

Don't declare variables that are not going to be used in the code.

Incorrect code

server.js

exports = {
  events: [
    { event: 'onTicketCreate', callback: 'onTicketCreateHandler' },
  ],
  onTicketCreateHandler: function (payload) {
    let someUnusedVariable = 0;
    let anotherUnusedVariable = {};
  }
};

Disallow eval() (no-eval)

Category: Error

Description: Avoid using JavaScript's eval() function, on untrusted code, as it can open a program to several different injection attacks.

Correct Approach

Strictly avoid eval().

Disallow use of alert (no-alert)

Category: Error

Description: JavaScript's alert, confirm, and prompt functions are widely considered to be obtrusive as UI elements and should be replaced by a more appropriate custom UI implementation.

Correct Approach

Don't use alert, confirm, or prompt in front-end code. Obtain inputs via forms or Interface methods (modals or confirmation dialog) only.

Incorrect code

app.js

$(document).ready(function () {
  app.initialized()
    .then(function (_client) {
      var client = _client;
      client.events.on('app.activated',
        function () {
          alert("Don't use me!");
          // Some logic
        });
      })
      .catch(function (err) {
        if (err) {
          console.error('Error - ', err);
          //Some logic to handle the error
        }
    });
});

Disallow the use of debugger (no-debugger)

Category: Error

Description: In the production code, avoid using debugger; as it stops the browser from running code and opens an appropriate debugger.

Correct Approach

Don't use debugger; in production apps.

Incorrect code

app.js

$(document).ready(function () {
  app.initialized()
    .then(function (_client) {
      var client = _client;
        client.events.on('app.activated',
          function () {
            // Some logic
            // "debugger" pauses execution!
            debugger;
          });
        })
    .catch(function (err) {
      if (err) {
        console.error('Error - ', err);
        //Some logic to handle the error
      }
    });
});

Disallow unreachable code (no-unreachable)

Category: Error

Description: The return, throw, break, and continue statements unconditionally exit a block of code and any statements after them cannot be executed. Avoid having unreachable statements.

Correct code

Incorrect code

server.js

exports = {
  events: [{
    event: "onTicketCreate",
    callback: "onTicketCreateCallback"
  }],
  onTicketCreateCallback: function (payload) {
    console.log("A new ticket has been created!");
    console.log("Logging arguments from onTicketCreate event: " + JSON.stringify(payload));
    return;
  }
}

Disallow empty functions (no-empty-function)

Category: Error

Description: Empty functions can reduce code readability because readers need to guess whether it is intentional or not. Writing a clear comment for empty functions is good practice.

Correct code

Incorrect code

server.js

$(document).ready(function () {
  app.initialized()
    .then(function (_client) {
      var client = _client;
      client.events.on('app.activated',
        function () {
            thatIsEmpty();
        });
    })
    .catch(function (err) {
      if (err) {
          console.error('Error - ', err);
          //Some logic to handle the error.
      }
    });
});

function thatIsEmpty(){
    var noLongerEmpty = "Some value";
    //Some logic
    return noLongerEmpty;
}

Third-party resource: ESLint

Tutorials

Sample apps

Guides

Blogs

Assist catalog

Events

Validate the app - lint validation

Avoid cross scope variable assignment (no-cross-scope-assign)

No unhandled promises (no-unhandled-promise)

Disallow non-Request API calls in the front end (no-non-client-request-model)

Disallow logging just the error object during promise rejections (no-logging-rejections)

Remove unused dependencies and avoid the use of unlisted dependencies (no-dependency-mismatch)

Limit cyclomatic complexity (complexity)

Limit the depth of nested callbacks (max-nested-callbacks)

Enforce callback error handling (handle-callback-err)

Disallow use of caller/callee (no-caller)

Disallow process.env (no-process-env)

Disallow unused variables (no-unused-vars)

Disallow eval() (no-eval)

Disallow use of alert (no-alert)

Disallow the use of debugger (no-debugger)

Disallow unreachable code (no-unreachable)

Disallow empty functions (no-empty-function)

Tutorials

Sample apps

Guides

Blogs

Assist catalog

Events

Validate the app - lint validationOn this page

Avoid cross scope variable assignment (no-cross-scope-assign)

No unhandled promises (no-unhandled-promise)

Disallow non-Request API calls in the front end (no-non-client-request-model)

Disallow logging just the error object during promise rejections (no-logging-rejections)

Remove unused dependencies and avoid the use of unlisted dependencies (no-dependency-mismatch)

Limit cyclomatic complexity (complexity)

Limit the depth of nested callbacks (max-nested-callbacks)

Enforce callback error handling (handle-callback-err)

Disallow use of caller/callee (no-caller)

Disallow process.env (no-process-env)

Disallow unused variables (no-unused-vars)

Disallow eval() (no-eval)

Disallow use of alert (no-alert)

Disallow the use of debugger (no-debugger)

Disallow unreachable code (no-unreachable)

Disallow empty functions (no-empty-function)

Validate the app - lint validation