npm - @appapprove/shopify-check - Versions diffs - 0.1.0 - Mend

@appapprove/shopify-check 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md ADDED Viewed

@@ -0,0 +1,79 @@
+# @appapprove/shopify-check
+Pre-submission compliance checker for Shopify apps. Surfaces 20+ App Store review failures locally before you submit — saves the typical 1-2 week back-and-forth with Shopify reviewers.
+## Install
+```bash
+npm install -g @appapprove/shopify-check
+```
+Requires Node.js 20 or newer.
+## Usage
+Check the app in the current directory:
+```bash
+shopify-check
+```
+Check a specific app:
+```bash
+shopify-check /path/to/your/shopify-app
+```
+JSON output (pipeable):
+```bash
+shopify-check --json
+```
+Optional flags:
+- `--app-url <url>` — your deployed app URL (enables HTTPS-only + security-headers checks)
+- `--privacy-policy <url>` — your privacy policy URL (enables privacy-policy presence check)
+- `--demo-store <url>` — your Shopify demo-store URL (enables demo-store reachability check)
+## What it checks
+- **API scopes** — declared scopes vs actual API calls in your code
+- **GDPR webhooks** — `customers/data_request`, `customers/redact`, `shop/redact` handlers present + return 200
+- **App Bridge** — embedded admin uses App Bridge correctly (no host param leaks, session token usage)
+- **Billing API** — recurring app subscriptions wired correctly with Shopify's Billing API
+- **GraphQL API compliance** — supported API versions, no deprecated query patterns
+- **HTTPS-only** — all external URLs use HTTPS
+- **Security headers** — CSP, frame-ancestors, X-Content-Type-Options
+- **Performance budget** — bundle size + loading-time thresholds
+- **Auto-populate forms** — checkout-extension forms don't auto-fill PII
+- **Privacy policy** — URL reachable + non-empty
+- **Demo store** — URL reachable from Shopify's reviewer IPs
+- **Theme cleanup** — uninstall flow removes injected theme assets
+- **Theme extension quality** — theme-app-extension Liquid blocks have required attributes
+- **Shopify Function quality** — Functions return well-formed responses + handle edge cases
+- **Merchant grade Function** — Functions perform under high cart-line load
+- **Trust asset checklist** — required listing assets (icon, screenshots, support email)
+- **Listing copy** — name, summary, descriptions match App Store guidelines
+- **CI workflow** — your `.github/workflows/deploy.yml` deploys correctly
+- **Import consistency** — no broken imports between scaffold + worker entry
+- **Install flow** — OAuth install URL works + scopes get accepted
+- **Screenshot quality** — listing screenshots meet Shopify's resolution + aspect-ratio guidelines
+## Exit codes
+- `0` — all checks passed (or only warnings, depending on severity threshold)
+- `1` — one or more `error` severity findings (blocks submission)
+- `2` — invalid arguments / cannot read repo
+## How is this different from `shopify app dev` lint?
+Shopify's CLI lints the *scaffold* — package layout, config files, declared bindings. `shopify-check` lints the *App Store review surface* — what reviewers will actually fail you on. Designed to be run BEFORE you submit, not just during development.
+## License
+MIT — built and maintained by [AppApprove](https://appapprove.com).
+## Issues / contributions
+[github.com/ArasHuseyin/shopify-builder](https://github.com/ArasHuseyin/shopify-builder) — issues + PRs welcome.