In Bento 0.8, we’ve significantly reduced its file footprint and tuned its default behavior for individual use, rather than something that requires team-wide adoption. We also made Bento’s source code publicly available, shipped more new checks, and made a number of usability improvements.
Consistent feedback is leading us to change Bento’s out-of-the-box behavior. In user research interviews and GitHub issues over the past month we’ve consistently heard that Bento’s file footprint and modification of Git state made it challenging to adopt. v0.8 emphasizes an incremental and personal, rather than team-wide, workflow that makes Bento a smaller commitment to use:
- Other project contributors won’t see Bento’s files and their workflows won’t change. Bento is just for you.
- You no longer need to manually run Bento. After initialization Bento will automatically check for issues in your code as you commit, analyzing only the files that have changed.
- You won’t see a project’s tech debt during initialization. It’s still there for you though when you’re ready to take a peek and tackle it with your team.
Bento can also analyze all the code in your project or its paths with:
$ bento check --all [PATHS]
Learn more about our approach to personal and team-wide use, including how to configure Bento for CI, in this blog post.
We’ve added four new specialty checks this release and enabled Docker and shell file checking. See checks.bento.dev for full documentation.
- missing-jwt-token: when using JSON Web Tokens (JWT) for authentication in web services, this check detects cases where authentication decorators may be missing from certain routes and recommends their usage for API data security
- use-blueprint-for-modularity: recommends using Blueprint when there are too many route handlers in a single file. Blueprint encourages modularity and can greatly simplify how large applications work and provide a central means for Flask extensions to register operations on applications. See Modular Applications with Flask.
- option-function-argument-check: Identifies when
@click.optionflags don’t match the function definition.
- launch-uses-literal: Identifies non-literal URLs used in
click.launch(), which could direct a browser to a malicious site.
$ bento enable tool eslint
The Bento Team