QP17 EditorConfig Presence
What this means
SiteShadow flagged that an .editorconfig (or equivalent shared editor settings) appears to be missing. This is a quality signal that can become a security signal when inconsistent whitespace/line endings make diffs noisier and reviews weaker.
Why it matters
- Harder reviews: noisy diffs hide security-relevant changes.
- More merge conflicts: formatting churn increases friction and encourages risky "quick fixes".
- Inconsistent tooling: contributors end up with different formatting defaults.
Safer examples
1) Add a simple .editorconfig
Define indentation, line endings, and final newline rules once for the repo.
2) Combine with formatters/linters
Use Prettier/ESLint, Black/Ruff, gofmt, etc., and enforce in CI (see QP06).
3) Keep it minimal and universal
Start small; add language-specific overrides only when needed.
How SiteShadow detects it (high level)
- Detects missing shared editor settings and correlates with widespread formatting drift.
- Flags repos where formatting inconsistency likely reduces review effectiveness.
References
- EditorConfig: https://editorconfig.org/
---