@gulu9527/code-trust 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/README.md +21 -8
  2. package/action.yml +1 -1
  3. package/dist/cli/index.js +848 -1
  4. package/dist/cli/index.js.map +1 -1
  5. package/dist/index.js +848 -1
  6. package/dist/index.js.map +1 -1
  7. package/package.json +1 -1
package/README.md CHANGED
@@ -4,7 +4,7 @@
4
4
 
5
5
  [![Node.js](https://img.shields.io/badge/node-%3E%3D20-brightgreen)](https://nodejs.org)
6
6
  [![License](https://img.shields.io/badge/license-Apache--2.0-blue)](LICENSE)
7
- [![npm](https://img.shields.io/npm/v/code-trust)](https://www.npmjs.com/package/code-trust)
7
+ [![npm](https://img.shields.io/npm/v/@gulu9527/code-trust)](https://www.npmjs.com/package/@gulu9527/code-trust)
8
8
 
9
9
  **English | [中文](./README-CN.md)**
10
10
 
@@ -26,7 +26,7 @@ CodeTrust is a **fully local** CLI tool designed to verify the quality of AI-gen
26
26
  ## Install
27
27
 
28
28
  ```bash
29
- npm install -g code-trust
29
+ npm install -g @gulu9527/code-trust
30
30
  ```
31
31
 
32
32
  Both `code-trust` and `codetrust` commands are available after installation.
@@ -80,22 +80,34 @@ CodeTrust evaluates code across five dimensions, weighted into a total score (0-
80
80
  | >= 50 | LOW TRUST | Needs careful review |
81
81
  | < 50 | UNTRUSTED | Should not be merged |
82
82
 
83
- ## Built-in Rules (21)
83
+ ## Built-in Rules (29)
84
84
 
85
85
  ### Hallucination Detection (Logic)
86
86
  | Rule ID | Severity | Description |
87
87
  |---------|----------|-------------|
88
88
  | `logic/phantom-import` | high | Import from non-existent relative path (AI hallucination) |
89
89
  | `logic/missing-await` | medium | Missing `await` on async function call |
90
- | `logic/unused-import` | low | Imported module never used |
90
+ | `logic/any-type-abuse` | medium | Excessive `any` type usage bypassing type safety |
91
+ | `logic/type-coercion` | medium | Loose equality (`==`) causing implicit type coercion |
92
+ | `logic/no-nested-ternary` | medium | Nested ternary expressions reducing readability |
91
93
  | `logic/unnecessary-try-catch` | medium | Try-catch wrapping simple statements |
92
- | `logic/over-defensive` | low | Excessive null/undefined guards |
93
94
  | `logic/dead-branch` | medium | Always true/false conditions, unreachable code |
94
- | `logic/unused-variables` | low | Declared but never used variables |
95
95
  | `logic/duplicate-condition` | medium | Duplicate conditions in if-else chains |
96
96
  | `logic/empty-catch` | medium | Empty catch block or rethrow-only catch |
97
97
  | `logic/identical-branches` | medium | If/else branches with identical code |
98
+ | `logic/no-non-null-assertion` | medium | Non-null assertion (!) risking runtime crashes |
99
+ | `logic/no-self-compare` | medium | Self-comparison (x === x) always true/false |
100
+ | `logic/no-return-assign` | medium | Assignment (=) in return statement, likely meant === |
101
+ | `logic/promise-void` | medium | Floating promise — async call not awaited or returned |
102
+ | `logic/unused-import` | low | Imported module never used |
103
+ | `logic/over-defensive` | low | Excessive null/undefined guards |
104
+ | `logic/unused-variables` | low | Declared but never used variables |
98
105
  | `logic/redundant-else` | low | Unnecessary else after return/throw |
106
+ | `logic/magic-number` | low | Unexplained numeric literals (magic numbers) |
107
+ | `logic/duplicate-string` | low | Same string literal repeated 3+ times |
108
+ | `logic/no-reassign-param` | low | Reassigning function parameters |
109
+ | `logic/no-async-without-await` | low | Async function that never uses await |
110
+ | `logic/no-useless-constructor` | low | Empty or super-only constructor |
99
111
  | `logic/console-in-code` | info | Leftover console.log debug statements |
100
112
 
101
113
  ### Security Rules
@@ -104,6 +116,7 @@ CodeTrust evaluates code across five dimensions, weighted into a total score (0-
104
116
  | `security/hardcoded-secret` | high | Hardcoded API keys, passwords, tokens |
105
117
  | `security/eval-usage` | high | eval(), new Function() and similar |
106
118
  | `security/sql-injection` | high | String concatenation in SQL queries |
119
+ | `security/no-debugger` | high | Debugger statements left in code |
107
120
  | `security/dangerous-html` | medium | innerHTML / dangerouslySetInnerHTML |
108
121
 
109
122
  ## Configuration
@@ -160,8 +173,8 @@ jobs:
160
173
  - uses: actions/setup-node@v4
161
174
  with:
162
175
  node-version: '20'
163
- - run: npm install -g code-trust
164
- - run: code-trust scan --diff origin/main --min-score 70
176
+ - run: npm install -g @gulu9527/code-trust
177
+ - run: codetrust scan --diff origin/main --min-score 70
165
178
  ```
166
179
 
167
180
  ### Git Pre-commit Hook
package/action.yml CHANGED
@@ -34,7 +34,7 @@ runs:
34
34
 
35
35
  - name: Install CodeTrust
36
36
  shell: bash
37
- run: npm install -g code-trust
37
+ run: npm install -g @gulu9527/code-trust
38
38
 
39
39
  - name: Run CodeTrust scan
40
40
  shell: bash