Gemspec/AddRuntimeDependency
| Enabled by default | Safe | Supports autocorrection | Version Added | Version Changed |
|---|---|---|---|---|
Pending |
Yes |
Always |
1.65 |
- |
Prefer add_dependency over add_runtime_dependency as the latter is
considered soft-deprecated.
Examples
# bad
Gem::Specification.new do |spec|
spec.add_runtime_dependency('rubocop')
end
# good
Gem::Specification.new do |spec|
spec.add_dependency('rubocop')
endConfigurable attributes
| Name | Default value | Configurable values |
|---|---|---|
Include |
|
Array |
Gemspec/AttributeAssignment
| Enabled by default | Safe | Supports autocorrection | Version Added | Version Changed |
|---|---|---|---|---|
Pending |
Yes |
No |
1.77 |
- |
Use consistent style for Gemspec attributes assignment.
Examples
# bad
# This example uses two styles for assignment of metadata attribute.
Gem::Specification.new do |spec|
spec. = { 'key' => 'value' }
spec.['another-key'] = 'another-value'
end
# good
Gem::Specification.new do |spec|
spec.['key'] = 'value'
spec.['another-key'] = 'another-value'
end
# good
Gem::Specification.new do |spec|
spec. = { 'key' => 'value', 'another-key' => 'another-value' }
end
# bad
# This example uses two styles for assignment of authors attribute.
Gem::Specification.new do |spec|
spec. = %w[author-0 author-1]
spec.[2] = 'author-2'
end
# good
Gem::Specification.new do |spec|
spec. = %w[author-0 author-1 author-2]
end
# good
Gem::Specification.new do |spec|
spec.[0] = 'author-0'
spec.[1] = 'author-1'
spec.[2] = 'author-2'
end
# good
# This example uses consistent assignment per attribute,
# even though two different styles are used overall.
Gem::Specification.new do |spec|
spec. = { 'key' => 'value' }
spec.[0] = 'author-0'
spec.[1] = 'author-1'
spec.[2] = 'author-2'
endConfigurable attributes
| Name | Default value | Configurable values |
|---|---|---|
Include |
|
Array |
Gemspec/DependencyVersion
| Enabled by default | Safe | Supports autocorrection | Version Added | Version Changed |
|---|---|---|---|---|
Disabled |
Yes |
No |
1.29 |
- |
Enforce that gem dependency version specifications or a commit reference (branch, ref, or tag) are either required or forbidden.
Examples
EnforcedStyle: required (default)
# bad
Gem::Specification.new do |spec|
spec.add_dependency 'parser'
end
# bad
Gem::Specification.new do |spec|
spec.add_development_dependency 'parser'
end
# good
Gem::Specification.new do |spec|
spec.add_dependency 'parser', '>= 2.3.3.1', '< 3.0'
end
# good
Gem::Specification.new do |spec|
spec.add_development_dependency 'parser', '>= 2.3.3.1', '< 3.0'
endEnforcedStyle: forbidden
# bad
Gem::Specification.new do |spec|
spec.add_dependency 'parser', '>= 2.3.3.1', '< 3.0'
end
# bad
Gem::Specification.new do |spec|
spec.add_development_dependency 'parser', '>= 2.3.3.1', '< 3.0'
end
# good
Gem::Specification.new do |spec|
spec.add_dependency 'parser'
end
# good
Gem::Specification.new do |spec|
spec.add_development_dependency 'parser'
endConfigurable attributes
| Name | Default value | Configurable values |
|---|---|---|
EnforcedStyle |
|
|
Include |
|
Array |
AllowedGems |
|
Array |
Gemspec/DeprecatedAttributeAssignment
| Enabled by default | Safe | Supports autocorrection | Version Added | Version Changed |
|---|---|---|---|---|
Pending |
Yes |
Always |
1.30 |
1.40 |
Checks that deprecated attributes are not set in a gemspec file. Removing deprecated attributes allows the user to receive smaller packed gems.
Examples
# bad
Gem::Specification.new do |spec|
spec.name = 'your_cool_gem_name'
spec.test_files = Dir.glob('test/**/*')
end
# bad
Gem::Specification.new do |spec|
spec.name = 'your_cool_gem_name'
spec.test_files += Dir.glob('test/**/*')
end
# good
Gem::Specification.new do |spec|
spec.name = 'your_cool_gem_name'
endConfigurable attributes
| Name | Default value | Configurable values |
|---|---|---|
Severity |
|
String |
Include |
|
Array |
Gemspec/DevelopmentDependencies
| Enabled by default | Safe | Supports autocorrection | Version Added | Version Changed |
|---|---|---|---|---|
Pending |
Yes |
No |
1.44 |
- |
Enforce that development dependencies for a gem are specified in
Gemfile, rather than in the gemspec using
add_development_dependency. Alternatively, using EnforcedStyle:
gemspec, enforce that all dependencies are specified in gemspec,
rather than in Gemfile.
Examples
EnforcedStyle: Gemfile (default)
# Specify runtime dependencies in your gemspec,
# but all other dependencies in your Gemfile.
# bad
# example.gemspec
s.add_development_dependency "foo"
# good
# Gemfile
gem "foo"
# good
# gems.rb
gem "foo"
# good (with AllowedGems: ["bar"])
# example.gemspec
s.add_development_dependency "bar"EnforcedStyle: gems.rb
# Specify runtime dependencies in your gemspec,
# but all other dependencies in your Gemfile.
#
# Identical to `EnforcedStyle: Gemfile`, but with a different error message.
# Rely on Bundler/GemFilename to enforce the use of {Gemfile} vs `gems.rb`.
# bad
# example.gemspec
s.add_development_dependency "foo"
# good
# Gemfile
gem "foo"
# good
# gems.rb
gem "foo"
# good (with AllowedGems: ["bar"])
# example.gemspec
s.add_development_dependency "bar"EnforcedStyle: gemspec
# Specify all dependencies in your gemspec.
# bad
# Gemfile
gem "foo"
# good
# example.gemspec
s.add_development_dependency "foo"
# good (with AllowedGems: ["bar"])
# Gemfile
gem "bar"Configurable attributes
| Name | Default value | Configurable values |
|---|---|---|
EnforcedStyle |
|
|
AllowedGems |
|
Array |
Include |
|
Array |
Gemspec/DuplicatedAssignment
| Enabled by default | Safe | Supports autocorrection | Version Added | Version Changed |
|---|---|---|---|---|
Enabled |
Yes |
No |
0.52 |
1.40 |
An attribute assignment method call should be listed only once in a gemspec.
Assigning to an attribute with the same name using spec.foo = or
spec.attribute#[]= will be an unintended usage. On the other hand,
duplication of methods such as spec.requirements,
spec.add_runtime_dependency, and others are permitted because it is
the intended use of appending values.
Examples
# bad
Gem::Specification.new do |spec|
spec.name = 'rubocop'
spec.name = 'rubocop2'
end
# good
Gem::Specification.new do |spec|
spec.name = 'rubocop'
end
# good
Gem::Specification.new do |spec|
spec.requirements << 'libmagick, v6.0'
spec.requirements << 'A good graphics card'
end
# good
Gem::Specification.new do |spec|
spec.add_dependency('parallel', '~> 1.10')
spec.add_dependency('parser', '>= 2.3.3.1', '< 3.0')
end
# bad
Gem::Specification.new do |spec|
spec.["key"] = "value"
spec.["key"] = "value"
end
# good
Gem::Specification.new do |spec|
spec.["key"] = "value"
endConfigurable attributes
| Name | Default value | Configurable values |
|---|---|---|
Severity |
|
String |
Include |
|
Array |
Gemspec/OrderedDependencies
| Enabled by default | Safe | Supports autocorrection | Version Added | Version Changed |
|---|---|---|---|---|
Enabled |
Yes |
Always |
0.51 |
- |
Dependencies in the gemspec should be alphabetically sorted.
Examples
# bad
spec.add_dependency 'rubocop'
spec.add_dependency 'rspec'
# good
spec.add_dependency 'rspec'
spec.add_dependency 'rubocop'
# good
spec.add_dependency 'rubocop'
spec.add_dependency 'rspec'
# bad
spec.add_development_dependency 'rubocop'
spec.add_development_dependency 'rspec'
# good
spec.add_development_dependency 'rspec'
spec.add_development_dependency 'rubocop'
# good
spec.add_development_dependency 'rubocop'
spec.add_development_dependency 'rspec'
# bad
spec.add_runtime_dependency 'rubocop'
spec.add_runtime_dependency 'rspec'
# good
spec.add_runtime_dependency 'rspec'
spec.add_runtime_dependency 'rubocop'
# good
spec.add_runtime_dependency 'rubocop'
spec.add_runtime_dependency 'rspec'TreatCommentsAsGroupSeparators: true (default)
# good
# For code quality
spec.add_dependency 'rubocop'
# For tests
spec.add_dependency 'rspec'TreatCommentsAsGroupSeparators: false
# bad
# For code quality
spec.add_dependency 'rubocop'
# For tests
spec.add_dependency 'rspec'Configurable attributes
| Name | Default value | Configurable values |
|---|---|---|
TreatCommentsAsGroupSeparators |
|
Boolean |
ConsiderPunctuation |
|
Boolean |
Include |
|
Array |
Gemspec/RequireMFA
| Enabled by default | Safe | Supports autocorrection | Version Added | Version Changed |
|---|---|---|---|---|
Pending |
Yes |
Always |
1.23 |
1.40 |
Requires a gemspec to have rubygems_mfa_required metadata set.
This setting tells RubyGems that MFA (Multi-Factor Authentication) is required for accounts to be able to perform privileged operations, such as (see RubyGems' documentation for the full list of privileged operations):
-
gem push -
gem yank -
gem owner --add/remove -
adding or removing owners using gem ownership page
This helps make your gem more secure, as users can be more confident that gem updates were pushed by maintainers.
Examples
# bad
Gem::Specification.new do |spec|
# no `rubygems_mfa_required` metadata specified
end
# good
Gem::Specification.new do |spec|
spec. = {
'rubygems_mfa_required' => 'true'
}
end
# good
Gem::Specification.new do |spec|
spec.['rubygems_mfa_required'] = 'true'
end
# bad
Gem::Specification.new do |spec|
spec. = {
'rubygems_mfa_required' => 'false'
}
end
# good
Gem::Specification.new do |spec|
spec. = {
'rubygems_mfa_required' => 'true'
}
end
# bad
Gem::Specification.new do |spec|
spec.['rubygems_mfa_required'] = 'false'
end
# good
Gem::Specification.new do |spec|
spec.['rubygems_mfa_required'] = 'true'
endConfigurable attributes
| Name | Default value | Configurable values |
|---|---|---|
Severity |
|
String |
Include |
|
Array |
Gemspec/RequiredRubyVersion
| Enabled by default | Safe | Supports autocorrection | Version Added | Version Changed |
|---|---|---|---|---|
Enabled |
Yes |
No |
0.52 |
1.40 |
Checks that required_ruby_version in a gemspec file is set to a valid
value (non-blank) and matches TargetRubyVersion as set in RuboCop’s
configuration for the gem.
This ensures that RuboCop is using the same Ruby version as the gem.
Examples
# When {TargetRubyVersion} of .rubocop.yml is `2.5`.
# bad
Gem::Specification.new do |spec|
# no `required_ruby_version` specified
end
# bad
Gem::Specification.new do |spec|
spec.required_ruby_version = '>= 2.4.0'
end
# bad
Gem::Specification.new do |spec|
spec.required_ruby_version = '>= 2.6.0'
end
# bad
Gem::Specification.new do |spec|
spec.required_ruby_version = ''
end
# good
Gem::Specification.new do |spec|
spec.required_ruby_version = '>= 2.5.0'
end
# good
Gem::Specification.new do |spec|
spec.required_ruby_version = '>= 2.5'
end
# accepted but not recommended
Gem::Specification.new do |spec|
spec.required_ruby_version = ['>= 2.5.0', '< 2.7.0']
end
# accepted but not recommended, since
# Ruby does not really follow semantic versioning
Gem::Specification.new do |spec|
spec.required_ruby_version = '~> 2.5'
endConfigurable attributes
| Name | Default value | Configurable values |
|---|---|---|
Severity |
|
String |
Include |
|
Array |
Gemspec/RubyVersionGlobalsUsage
| Enabled by default | Safe | Supports autocorrection | Version Added | Version Changed |
|---|---|---|---|---|
Enabled |
Yes |
No |
0.72 |
1.40 |
Checks that RUBY_VERSION and Ruby::VERSION constants are not used in gemspec.
Using RUBY_VERSION and Ruby::VERSION is dangerous because the value of the
constant is determined by rake release.
It’s possible to have a dependency based on the Ruby version used
to execute rake release and not the user’s Ruby version.
Examples
# bad
Gem::Specification.new do |spec|
if RUBY_VERSION >= '3.0'
spec.add_dependency 'gem_a'
else
spec.add_dependency 'gem_b'
end
end
# good
Gem::Specification.new do |spec|
spec.add_dependency 'gem_a'
endConfigurable attributes
| Name | Default value | Configurable values |
|---|---|---|
Severity |
|
String |
Include |
|
Array |