@daml-tools/daml-lint 0.6.2 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/README.md +30 -16
  2. package/package.json +6 -5
package/README.md CHANGED
@@ -20,18 +20,18 @@ that fail to parse degrade to partial structure with a diagnostic on stderr
20
20
 
21
21
  The workspace docs split task guides, reference, and design background:
22
22
 
23
- - [Scan Daml source](../../docs/how-to/scan-daml.md) for CLI usage patterns
24
- - [Write a custom rule](../../docs/tutorials/write-a-daml-lint-custom-rule.md)
23
+ - [Scan Daml source](https://github.com/stevennevins/daml-tools/blob/main/docs/how-to/scan-daml.md) for CLI usage patterns
24
+ - [Write a custom rule](https://github.com/stevennevins/daml-tools/blob/main/docs/tutorials/write-a-daml-lint-custom-rule.md)
25
25
  for a guided first external rule
26
- - [Custom rule contract](../../docs/reference/daml-lint-custom-rule-contract.md)
26
+ - [Custom rule contract](https://github.com/stevennevins/daml-tools/blob/main/docs/reference/daml-lint-custom-rule-contract.md)
27
27
  for the JavaScript runtime contract and TypeScript types
28
- - [CLI reference](../../docs/reference/cli.md) for options, output formats, and
28
+ - [CLI reference](https://github.com/stevennevins/daml-tools/blob/main/docs/reference/cli.md) for options, output formats, and
29
29
  exit codes
30
- - [Crate reference](../../docs/reference/crates.md) for features and public
30
+ - [Crate reference](https://github.com/stevennevins/daml-tools/blob/main/docs/reference/crates.md) for features and public
31
31
  modules
32
- - [Rule authoring model](../../docs/explanation/daml-lint-rule-authoring.md)
32
+ - [Rule authoring model](https://github.com/stevennevins/daml-tools/blob/main/docs/explanation/daml-lint-rule-authoring.md)
33
33
  for why TypeScript authoring is bundled to JavaScript
34
- - [Workspace architecture](../../docs/explanation/workspace-architecture.md)
34
+ - [Workspace architecture](https://github.com/stevennevins/daml-tools/blob/main/docs/explanation/workspace-architecture.md)
35
35
  for how `daml-lint` uses `daml-parser`
36
36
 
37
37
  ## Detectors
@@ -81,7 +81,7 @@ The default features build the published CLI and custom-rule engine:
81
81
 
82
82
  ```toml
83
83
  [dependencies]
84
- daml-lint = "0.2"
84
+ daml-lint = "0.8"
85
85
  ```
86
86
 
87
87
  Library consumers that only need parser lowering and the rule-facing IR can
@@ -89,16 +89,16 @@ avoid the CLI parser and QuickJS runtime:
89
89
 
90
90
  ```toml
91
91
  [dependencies]
92
- daml-lint = { version = "0.2", default-features = false }
92
+ daml-lint = { version = "0.8", default-features = false }
93
93
  ```
94
94
 
95
95
  The `js-runtime` feature enables the QuickJS-backed runtime used by shipped
96
- built-ins. The `custom-rules` feature enables loading user-provided rule files
97
- through `--rules` when the runtime is also enabled. Shipped built-ins are
98
- authored in TypeScript and embedded as generated JavaScript; no TypeScript
96
+ built-ins. The `custom-rules` feature implies `js-runtime` and enables loading
97
+ user-provided rule files through `--rules` and configured plugin packages.
98
+ Shipped built-ins are authored in TypeScript and embedded as generated JavaScript; no TypeScript
99
99
  toolchain is required at runtime. The shipped detectors are registered through
100
100
  `create_builtin_detectors()` rather than exposed as individual Rust detector
101
- modules. The `cli` feature exists for the `daml-lint` binary.
101
+ modules. The `cli` feature enables the `daml-lint` binary and implies `js-runtime`.
102
102
 
103
103
  ## Usage
104
104
 
@@ -216,8 +216,9 @@ Statements carry a typed expression AST: `stmt.Let.value`,
216
216
  `stmt.Other.expr` are `Expr` nodes — tagged unions like
217
217
  `{ BinOp: { op: "/", lhs, rhs, span } }` with a 1-based `span` on every
218
218
  node (see the `Expr` type in the .d.ts). Type-bearing fields carry `TypeNode`
219
- trees such as `{ Con: { name: "Party", qualifier: null, span } }` and
220
- `{ App: { head, args, span } }`; type spans include `line`/`column`,
219
+ trees such as `{ Con: { name: "Party", qualifier: null, span } }`,
220
+ `{ App: { head, args, span } }`, and `{ Lit: { kind: "Text", value: "cid", span } }`
221
+ for type-level literals (for example `HasField "cid"`); type spans include `line`/`column`,
221
222
  JavaScript string offsets (`start`/`end`, suitable for
222
223
  `m.source.slice(start, end)`), and parser byte offsets
223
224
  (`byte_start`/`byte_end`). Compatibility-only raw-text fields and rendered
@@ -315,13 +316,26 @@ provenance and licensing.
315
316
  ## Public API Stability
316
317
 
317
318
  `daml-lint` is pre-1.0. The CLI exit codes and documented feature flags are the
318
- stable user contract for 0.2.x. The rule-facing IR is intentionally public for
319
+ stable user contract for 0.7.x. The rule-facing IR is intentionally public for
319
320
  custom rules and library users, but it may gain structure in 0.x minor releases;
320
321
  custom rules should check `ir_version` and match typed nodes rather than raw
321
322
  source substrings. Detector result types such as `Finding`, `Severity`, and
322
323
  `DetectError` are non-exhaustive; use their documented fields/accessors and keep
323
324
  wildcard arms when matching enums. Patch releases should remain compatible.
324
325
 
326
+ Breaking updates introduced in this branch:
327
+
328
+ - `Severity` no longer implements `Ord`/`PartialOrd`; use `rank()` or
329
+ `meets_or_exceeds()` for risk-based ordering and thresholds.
330
+ - `Severity::from_str` now returns `SeverityParseError` instead of `()`.
331
+ - Public IR/report DTO structs are `#[non_exhaustive]`; construct through
332
+ parser lowering or documented constructors such as `Finding::new`.
333
+ - `parse_daml_with_diagnostics` now returns a named `ParseResult` with fields
334
+ (`module`, `diagnostics`) instead of a tuple.
335
+ - Rule setting values are now canonical only: `off`, `critical`, `high`,
336
+ `medium`, `low`, `info` (legacy `warn`/`error` and numeric shortcuts
337
+ `0`/`1`/`2` are intentionally rejected).
338
+
325
339
  ## License
326
340
 
327
341
  AGPL-3.0-only. See [LICENSE](LICENSE).
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@daml-tools/daml-lint",
3
- "version": "0.6.2",
3
+ "version": "0.8.0",
4
4
  "description": "Static analysis scanner for Daml smart contracts",
5
5
  "keywords": [
6
6
  "daml",
@@ -9,6 +9,7 @@
9
9
  "smart-contracts",
10
10
  "security"
11
11
  ],
12
+ "homepage": "https://github.com/stevennevins/daml-tools",
12
13
  "license": "AGPL-3.0-only",
13
14
  "author": "Steven Nevins",
14
15
  "repository": {
@@ -22,10 +23,10 @@
22
23
  "node": ">=18"
23
24
  },
24
25
  "optionalDependencies": {
25
- "@daml-tools/daml-lint-darwin-arm64": "0.6.2",
26
- "@daml-tools/daml-lint-linux-arm64": "0.6.2",
27
- "@daml-tools/daml-lint-linux-x64": "0.6.2",
28
- "@daml-tools/daml-lint-win32-x64": "0.6.2"
26
+ "@daml-tools/daml-lint-darwin-arm64": "0.8.0",
27
+ "@daml-tools/daml-lint-linux-arm64": "0.8.0",
28
+ "@daml-tools/daml-lint-linux-x64": "0.8.0",
29
+ "@daml-tools/daml-lint-win32-x64": "0.8.0"
29
30
  },
30
31
  "publishConfig": {
31
32
  "access": "public"