Slack, the popular team communication and collaboration platform, has recently open-sourced its 'Hakana' type checker, a tool they created for internal use.
This move comes at a time when a good deal of proprietary software is being open-sourced.
What is it?: Hakana is a static analysis tool for the Hack programming language that uses Psalm as a base and is written in Rust.
In simpler terms, it is a tool that provides type checking for Hack by running several analytical methods.
Currently, Slack is using it to detect issues in their Hack code; they migrated from PHP to Hack in 2016 citing various inconsistencies with it.
Some of Hakana's abilities include:
Prevents unused functions and private methods.
Prevents unused assignments inside closures.
Ability to detect impossible and redundant type-checks.
Can warn about potential SQL injection attacks and cross-site scripting vulnerabilities.
Prevents misuse of internal Slack APIs (via Plugin hooks).
Slack mentions more of its use cases as:
We also use Hakana to automate type-aware API migrations (again via plugin hooks) and to delete unused functions in bulk. Thanks to Rust, those whole-codebase migrations are relatively quick.
Furthermore, Hakana investigates how data moves between functions in a codebase and tries to verify whether any attacker-controlled data shows up in places it shouldn't.
It also has a web version that can be accessed via web browsers using WASM, thanks to it being written in Rust.
Slack lists a couple of reasons why they decided to open-source Hakana:
The broader programming language community may be able to help, especially in the case of security analysis.
This serves to repay the favor to Psalm, the tool on which Hakana is based.
They expect companies with massive PHP codebases to benefit from Hakana by forking and altering it to suit their needs.
💡
Only a few companies use Hack language because of its 'high switching costs', meaning if a company decides to migrate to Hack from PHP, a lot of their server infrastructure will need a change too.
I suggest you go through the announcement blog if you are interested to learn more about the technical bits of Hakana.
Here's why you should opt for It's FOSS Plus Membership:
- Even the biggest players in the Linux world don't care about desktop Linux users. We do. - We don't put informational content behind paywall. Your support keeps it open for everyone. Think of it like 'pay it forward'. - Don't like ads? With the Plus membership, you get an ad-free reading experience. - When millions of AI-generated content is being published daily, you read and learn from real human Linux users. - It costs just $2 a month, less than the cost of your favorite burger.
Become a Plus Member today and join over 300 people in supporting our work.
Sourav Rudra
Ankush Das
