New HDD-LED applet derived from storage-act-led@mrbartblog

[tucsonst]

This is another HDD/SDD LED emulator based on the nice work by storage-act-led@mrbartblog. This applet is derived from storage-act-led@mrbartblog with some changes in how diskstats is parsed, look of the "LED" icons, and addition of a tooltip with r/w totals and a pop-up dialog with r/w counts for each disk in system.
No longer dependent on emoji fonts but does depend on zenity for the pop-up dialog.

[github-actions]

Best-practices scanner

This is a regex-based check for API usage that can pose security, performance or
maintainability issues, or that may already be provided by Cinnamon. Having code flagged
by it doesn't automatically disqualify a pull request.

This check is not perfect will not replace a normal review.

---

Found 3 potential issue(s):

⚠️ sync_file_get_contents

hdd-led@tucsonst/files/hdd-led@tucsonst/applet.js:40

let [success, content] = GLib.file_get_contents(DISKSTATS);

Synchronous file_get_contents() blocks the main loop.
Use Gio.File.load_contents_async() instead.

⚠️ hardcoded_data_dir

hdd-led@tucsonst/files/hdd-led@tucsonst/applet.js:9

// const APPLET_DIR = HOME_DIR + "/.local/share/cinnamon/applets/" + UUID;

Avoid hardcoding .local/share in paths. Use GLib.get_user_data_dir() instead,
which respects the XDG_DATA_HOME environment variable.

ℹ️ shell_string_spawn

hdd-led@tucsonst/files/hdd-led@tucsonst/applet.js:120

Util.spawnCommandLine(cmd) ;

Prefer argument vector spawn functions over shell command strings.
This is especially important when arguments include untrusted input (user data,
filenames, settings values, etc.) as shell strings are vulnerable to injection.
Static command strings are generally fine, but argv is always safer.
Use Util.spawn(["cmd", "arg1", "arg2"]) or Util.trySpawn() instead.

---

Automated pattern check.

[github-actions]

Best-practices scanner

This is a regex-based check for API usage that can pose security, performance or
maintainability issues, or that may already be provided by Cinnamon. Having code flagged
by it doesn't automatically disqualify a pull request.

This check is not perfect will not replace a normal review.

---

Found 2 potential issue(s):

⚠️ sync_file_get_contents

hdd-led@tucsonst/files/hdd-led@tucsonst/applet.js:42

let [success, content] = GLib.file_get_contents(DISKSTATS);

Synchronous file_get_contents() blocks the main loop.
Use Gio.File.load_contents_async() instead.

ℹ️ shell_string_spawn

hdd-led@tucsonst/files/hdd-led@tucsonst/applet.js:122

Util.spawnCommandLine(cmd) ;

Prefer argument vector spawn functions over shell command strings.
This is especially important when arguments include untrusted input (user data,
filenames, settings values, etc.) as shell strings are vulnerable to injection.
Static command strings are generally fine, but argv is always safer.
Use Util.spawn(["cmd", "arg1", "arg2"]) or Util.trySpawn() instead.

---

Automated pattern check.

[tucsonst]

Second commit is minor cleanup.

[github-actions]

Best-practices scanner

This is a regex-based check for API usage that can pose security, performance or
maintainability issues, or that may already be provided by Cinnamon. Having code flagged
by it doesn't automatically disqualify a pull request.

This check is not perfect will not replace a normal review.

---

Found 1 potential issue(s):

ℹ️ shell_string_spawn

hdd-led@tucsonst/files/hdd-led@tucsonst/applet.js:130

Util.spawnCommandLine(cmd) ;

Prefer argument vector spawn functions over shell command strings.
This is especially important when arguments include untrusted input (user data,
filenames, settings values, etc.) as shell strings are vulnerable to injection.
Static command strings are generally fine, but argv is always safer.
Use Util.spawn(["cmd", "arg1", "arg2"]) or Util.trySpawn() instead.

---

Automated pattern check.

[tucsonst]

Updated to async file operations.