npm - @nitra/cursor - Versions diffs - 1.11.4 → 1.11.7 - Mend

@nitra/cursor 1.11.4 → 1.11.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (66) hide show

package/rules/k8s/policy/manifest/manifest_test.rego DELETED Viewed

@@ -1,309 +0,0 @@
-# Тести для `k8s.manifest`. Запуск:
-#   conftest verify -p npm/policy/k8s/manifest --namespace k8s.manifest
-#
-# Покриваємо deny-правила: Ingress, autoscaling/v1, Service GCP-анотації,
-# Deployment cpu/memory/image (Hasura), topologySpreadConstraints. Тести
-# перевіряють як спрацювання правила (count(deny) > 0), так і його відсутність
-# для коректного маніфесту.
-package k8s.manifest_test
-import rego.v1
-import data.k8s.manifest
-# ── Ingress / autoscaling/v1 ──────────────────────────────────────────────
-test_deny_ingress if {
-	count(manifest.deny) > 0 with input as {
-		"apiVersion": "networking.k8s.io/v1",
-		"kind": "Ingress",
-		"metadata": {"name": "x"},
-	}
-}
-test_deny_autoscaling_v1 if {
-	count(manifest.deny) > 0 with input as {
-		"apiVersion": "autoscaling/v1",
-		"kind": "HorizontalPodAutoscaler",
-		"metadata": {"name": "x"},
-	}
-}
-test_allow_autoscaling_v2 if {
-	count(manifest.deny) == 0 with input as {
-		"apiVersion": "autoscaling/v2",
-		"kind": "HorizontalPodAutoscaler",
-		"metadata": {"name": "x"},
-	}
-}
-# ── Service: GCP-анотації ─────────────────────────────────────────────────
-test_deny_service_neg_annotation if {
-	count(manifest.deny) > 0 with input as {
-		"apiVersion": "v1",
-		"kind": "Service",
-		"metadata": {
-			"name": "api",
-			"annotations": {"cloud.google.com/neg": "{}"},
-		},
-	}
-}
-test_deny_service_backend_config_annotation if {
-	count(manifest.deny) > 0 with input as {
-		"apiVersion": "v1",
-		"kind": "Service",
-		"metadata": {
-			"name": "api",
-			"annotations": {"cloud.google.com/backend-config": "{}"},
-		},
-	}
-}
-test_allow_service_clean_annotations if {
-	count(manifest.deny) == 0 with input as {
-		"apiVersion": "v1",
-		"kind": "Service",
-		"metadata": {
-			"name": "api",
-			"namespace": "dev",
-			"annotations": {"foo": "bar"},
-		},
-		"spec": {"type": "ClusterIP"},
-	}
-}
-# ── Deployment: resources.requests.cpu ────────────────────────────────────
-test_deny_deployment_missing_cpu if {
-	count(manifest.deny) > 0 with input as {
-		"apiVersion": "apps/v1",
-		"kind": "Deployment",
-		"metadata": {"name": "api", "namespace": "dev"},
-		"spec": {
-			"selector": {"matchLabels": {"app": "api"}},
-			"template": {"spec": {"containers": [{
-				"name": "main",
-				"image": "registry.example.com/api:1.0",
-				"resources": {"requests": {"memory": "64Mi"}},
-			}]}},
-		},
-	}
-}
-test_deny_deployment_empty_cpu if {
-	count(manifest.deny) > 0 with input as {
-		"apiVersion": "apps/v1",
-		"kind": "Deployment",
-		"metadata": {"name": "api", "namespace": "dev"},
-		"spec": {
-			"selector": {"matchLabels": {"app": "api"}},
-			"template": {"spec": {"containers": [{
-				"name": "main",
-				"image": "registry.example.com/api:1.0",
-				"resources": {"requests": {"cpu": "", "memory": "64Mi"}},
-			}]}},
-		},
-	}
-}
-# ── Deployment: resources.requests.memory ─────────────────────────────────
-test_deny_deployment_missing_memory if {
-	count(manifest.deny) > 0 with input as {
-		"apiVersion": "apps/v1",
-		"kind": "Deployment",
-		"metadata": {"name": "api", "namespace": "dev"},
-		"spec": {
-			"selector": {"matchLabels": {"app": "api"}},
-			"template": {"spec": {"containers": [{
-				"name": "main",
-				"image": "registry.example.com/api:1.0",
-				"resources": {"requests": {"cpu": "100m"}},
-			}]}},
-		},
-	}
-}
-test_deny_deployment_empty_memory if {
-	count(manifest.deny) > 0 with input as {
-		"apiVersion": "apps/v1",
-		"kind": "Deployment",
-		"metadata": {"name": "api", "namespace": "dev"},
-		"spec": {
-			"selector": {"matchLabels": {"app": "api"}},
-			"template": {"spec": {"containers": [{
-				"name": "main",
-				"image": "registry.example.com/api:1.0",
-				"resources": {"requests": {"cpu": "100m", "memory": ""}},
-			}]}},
-		},
-	}
-}
-test_deny_init_container_missing_resources if {
-	count(manifest.deny) > 0 with input as {
-		"apiVersion": "apps/v1",
-		"kind": "Deployment",
-		"metadata": {"name": "api", "namespace": "dev"},
-		"spec": {
-			"selector": {"matchLabels": {"app": "api"}},
-			"template": {"spec": {
-				"containers": [{
-					"name": "main",
-					"image": "registry.example.com/api:1.0",
-					"resources": {"requests": {"cpu": "100m", "memory": "64Mi"}},
-				}],
-				"initContainers": [{"name": "wait", "image": "busybox:1"}],
-			}},
-		},
-	}
-}
-# ── Deployment: образ hasura/graphql-engine ──────────────────────────────
-test_deny_deployment_hasura_unpinned_image if {
-	count(manifest.deny) > 0 with input as {
-		"apiVersion": "apps/v1",
-		"kind": "Deployment",
-		"metadata": {"name": "db-h", "namespace": "dev"},
-		"spec": {
-			"selector": {"matchLabels": {"app": "db-h"}},
-			"template": {"spec": {"containers": [{
-				"name": "graphql-engine",
-				"image": "hasura/graphql-engine:latest",
-				"resources": {"requests": {"cpu": "100m", "memory": "64Mi"}},
-			}]}},
-		},
-	}
-}
-test_allow_deployment_hasura_canonical_image if {
-	count(manifest.deny) == 0 with input as {
-		"apiVersion": "apps/v1",
-		"kind": "Deployment",
-		"metadata": {"name": "db-h", "namespace": "dev"},
-		"spec": {
-			"selector": {"matchLabels": {"app": "db-h"}},
-			"template": {"spec": {
-				"containers": [{
-					"name": "graphql-engine",
-					"image": "hasura/graphql-engine:v2.48.15.ubi.amd64",
-					"resources": {"requests": {"cpu": "100m", "memory": "64Mi"}},
-				}],
-				"topologySpreadConstraints": [{
-					"maxSkew": 1,
-					"topologyKey": "kubernetes.io/hostname",
-					"whenUnsatisfiable": "ScheduleAnyway",
-					"labelSelector": {"matchLabels": {"app": "db-h"}},
-				}],
-			}},
-		},
-	}
-}
-test_allow_deployment_hasura_canonical_image_with_digest if {
-	count(manifest.deny) == 0 with input as {
-		"apiVersion": "apps/v1",
-		"kind": "Deployment",
-		"metadata": {"name": "db-h", "namespace": "dev"},
-		"spec": {
-			"selector": {"matchLabels": {"app": "db-h"}},
-			"template": {"spec": {
-				"containers": [{
-					"name": "graphql-engine",
-					"image": "docker.io/hasura/graphql-engine:v2.48.15.ubi.amd64@sha256:0000",
-					"resources": {"requests": {"cpu": "100m", "memory": "64Mi"}},
-				}],
-				"topologySpreadConstraints": [{
-					"maxSkew": 1,
-					"topologyKey": "kubernetes.io/hostname",
-					"whenUnsatisfiable": "ScheduleAnyway",
-					"labelSelector": {"matchLabels": {"app": "db-h"}},
-				}],
-			}},
-		},
-	}
-}
-# ── Deployment: topologySpreadConstraints ────────────────────────────────
-test_deny_deployment_missing_topology_spread if {
-	count(manifest.deny) > 0 with input as {
-		"apiVersion": "apps/v1",
-		"kind": "Deployment",
-		"metadata": {"name": "api", "namespace": "dev"},
-		"spec": {
-			"selector": {"matchLabels": {"app": "api"}},
-			"template": {"spec": {"containers": [{
-				"name": "main",
-				"image": "registry.example.com/api:1.0",
-				"resources": {"requests": {"cpu": "100m", "memory": "64Mi"}},
-			}]}},
-		},
-	}
-}
-test_deny_deployment_topology_spread_wrong_app_label if {
-	count(manifest.deny) > 0 with input as {
-		"apiVersion": "apps/v1",
-		"kind": "Deployment",
-		"metadata": {"name": "api", "namespace": "dev"},
-		"spec": {
-			"selector": {"matchLabels": {"app": "api"}},
-			"template": {"spec": {
-				"containers": [{
-					"name": "main",
-					"image": "registry.example.com/api:1.0",
-					"resources": {"requests": {"cpu": "100m", "memory": "64Mi"}},
-				}],
-				"topologySpreadConstraints": [{
-					"maxSkew": 1,
-					"topologyKey": "kubernetes.io/hostname",
-					"whenUnsatisfiable": "ScheduleAnyway",
-					"labelSelector": {"matchLabels": {"app": "wrong"}},
-				}],
-			}},
-		},
-	}
-}
-test_allow_deployment_canonical_topology_spread if {
-	count(manifest.deny) == 0 with input as {
-		"apiVersion": "apps/v1",
-		"kind": "Deployment",
-		"metadata": {"name": "api", "namespace": "dev"},
-		"spec": {
-			"selector": {"matchLabels": {"app": "api"}},
-			"template": {"spec": {
-				"containers": [{
-					"name": "main",
-					"image": "registry.example.com/api:1.0",
-					"resources": {"requests": {"cpu": "100m", "memory": "64Mi"}},
-				}],
-				"topologySpreadConstraints": [{
-					"maxSkew": 1,
-					"topologyKey": "kubernetes.io/hostname",
-					"whenUnsatisfiable": "ScheduleAnyway",
-					"labelSelector": {"matchLabels": {"app": "api"}},
-				}],
-			}},
-		},
-	}
-}
-# Без app-мітки топологічна перевірка не запускається — JS-парність
-# (k8sEnvSegmentFromRelPath без appLabel skipує перевірку).
-test_allow_deployment_without_app_label_skips_topology if {
-	count(manifest.deny) == 0 with input as {
-		"apiVersion": "apps/v1",
-		"kind": "Deployment",
-		"metadata": {"name": "api", "namespace": "dev"},
-		"spec": {"template": {"spec": {"containers": [{
-			"name": "main",
-			"image": "registry.example.com/api:1.0",
-			"resources": {"requests": {"cpu": "100m", "memory": "64Mi"}},
-		}]}}},
-	}
-}

package/rules/k8s/policy/svc_hl_yaml/svc_hl_yaml_test.rego DELETED Viewed

@@ -1,42 +0,0 @@
-# Тести для `k8s.svc_hl_yaml`. Запуск:
-#   conftest verify -p npm/policy/k8s/svc_hl_yaml --namespace k8s.svc_hl_yaml
-package k8s.svc_hl_yaml_test
-import rego.v1
-import data.k8s.svc_hl_yaml
-test_deny_service_name_without_hl if {
-	count(svc_hl_yaml.deny) > 0 with input as {
-		"apiVersion": "v1",
-		"kind": "Service",
-		"metadata": {"name": "api"},
-		"spec": {"clusterIP": "None"},
-	}
-}
-test_deny_service_clusterip_not_none if {
-	count(svc_hl_yaml.deny) > 0 with input as {
-		"apiVersion": "v1",
-		"kind": "Service",
-		"metadata": {"name": "api-hl"},
-		"spec": {"clusterIP": "1.2.3.4"},
-	}
-}
-test_allow_headless_service if {
-	count(svc_hl_yaml.deny) == 0 with input as {
-		"apiVersion": "v1",
-		"kind": "Service",
-		"metadata": {"name": "api-hl"},
-		"spec": {"clusterIP": "None"},
-	}
-}
-test_allow_non_service if {
-	count(svc_hl_yaml.deny) == 0 with input as {
-		"apiVersion": "apps/v1",
-		"kind": "Deployment",
-		"metadata": {"name": "api"},
-	}
-}

package/rules/k8s/policy/svc_yaml/svc_yaml_test.rego DELETED Viewed

@@ -1,41 +0,0 @@
-# Тести для `k8s.svc_yaml`. Запуск:
-#   conftest verify -p npm/policy/k8s/svc_yaml --namespace k8s.svc_yaml
-package k8s.svc_yaml_test
-import rego.v1
-import data.k8s.svc_yaml
-test_deny_service_missing_spec if {
-	count(svc_yaml.deny) > 0 with input as {
-		"apiVersion": "v1",
-		"kind": "Service",
-		"metadata": {"name": "api"},
-	}
-}
-test_deny_service_wrong_type if {
-	count(svc_yaml.deny) > 0 with input as {
-		"apiVersion": "v1",
-		"kind": "Service",
-		"metadata": {"name": "api"},
-		"spec": {"type": "LoadBalancer"},
-	}
-}
-test_allow_service_clusterip if {
-	count(svc_yaml.deny) == 0 with input as {
-		"apiVersion": "v1",
-		"kind": "Service",
-		"metadata": {"name": "api"},
-		"spec": {"type": "ClusterIP"},
-	}
-}
-test_allow_non_service if {
-	count(svc_yaml.deny) == 0 with input as {
-		"apiVersion": "apps/v1",
-		"kind": "Deployment",
-		"metadata": {"name": "api"},
-	}
-}

package/rules/nginx-default-tpl/policy/vscode_extensions/vscode_extensions_test.rego DELETED Viewed

@@ -1,30 +0,0 @@
-# Тести для `nginx_default_tpl.vscode_extensions`. Запуск:
-#   conftest verify -p npm/policy/nginx_default_tpl/vscode_extensions
-package nginx_default_tpl.vscode_extensions_test
-import rego.v1
-import data.nginx_default_tpl.vscode_extensions
-test_allow_with_required_extension if {
-	cfg := {"recommendations": ["ahmadalli.vscode-nginx-conf"]}
-	count(vscode_extensions.deny) == 0 with input as cfg
-}
-test_allow_with_additional_extensions if {
-	cfg := {"recommendations": ["dbaeumer.vscode-eslint", "ahmadalli.vscode-nginx-conf"]}
-	count(vscode_extensions.deny) == 0 with input as cfg
-}
-test_deny_missing_extension if {
-	cfg := {"recommendations": ["dbaeumer.vscode-eslint"]}
-	count(vscode_extensions.deny) > 0 with input as cfg
-}
-test_deny_empty_recommendations if {
-	count(vscode_extensions.deny) > 0 with input as {"recommendations": []}
-}
-test_deny_no_recommendations_field if {
-	count(vscode_extensions.deny) > 0 with input as {}
-}

package/rules/nginx-default-tpl/policy/vscode_settings/vscode_settings_test.rego DELETED Viewed

@@ -1,53 +0,0 @@
-# Тести для `nginx_default_tpl.vscode_settings`. Запуск:
-#   conftest verify -p npm/policy/nginx_default_tpl/vscode_settings
-package nginx_default_tpl.vscode_settings_test
-import rego.v1
-import data.nginx_default_tpl.vscode_settings
-valid_cfg := {
-	"editor.formatOnSave": true,
-	"[nginx]": {"editor.defaultFormatter": "ahmadalli.vscode-nginx-conf"},
-}
-test_allow_canonical if {
-	count(vscode_settings.deny) == 0 with input as valid_cfg
-}
-test_allow_with_additional_keys if {
-	cfg := json.patch(valid_cfg, [{
-		"op": "add",
-		"path": "/[javascript]",
-		"value": {"editor.defaultFormatter": "oxc.oxc-vscode"},
-	}])
-	count(vscode_settings.deny) == 0 with input as cfg
-}
-test_deny_format_on_save_false if {
-	cfg := json.patch(valid_cfg, [{"op": "replace", "path": "/editor.formatOnSave", "value": false}])
-	count(vscode_settings.deny) > 0 with input as cfg
-}
-test_deny_format_on_save_missing if {
-	cfg := json.patch(valid_cfg, [{"op": "remove", "path": "/editor.formatOnSave"}])
-	count(vscode_settings.deny) > 0 with input as cfg
-}
-test_deny_nginx_block_missing if {
-	cfg := json.patch(valid_cfg, [{"op": "remove", "path": "/[nginx]"}])
-	count(vscode_settings.deny) > 0 with input as cfg
-}
-test_deny_nginx_block_wrong_type if {
-	cfg := json.patch(valid_cfg, [{"op": "replace", "path": "/[nginx]", "value": "ahmadalli.vscode-nginx-conf"}])
-	count(vscode_settings.deny) > 0 with input as cfg
-}
-test_deny_nginx_wrong_formatter if {
-	cfg := json.patch(
-		valid_cfg,
-		[{"op": "replace", "path": "/[nginx]/editor.defaultFormatter", "value": "ms-vscode.cpptools"}],
-	)
-	count(vscode_settings.deny) > 0 with input as cfg
-}

package/rules/npm-module/policy/npm_package_json/npm_package_json_test.rego DELETED Viewed

@@ -1,81 +0,0 @@
-# Тести для `npm_module.npm_package_json`. Запуск:
-#   conftest verify -p npm/policy/npm_module/npm_package_json
-package npm_module.npm_package_json_test
-import rego.v1
-import data.npm_module.npm_package_json
-valid_pkg := {
-	"name": "@nitra/cursor",
-	"version": "1.9.5",
-	"types": "./types/bin/n-cursor.d.ts",
-	"files": [
-		"types",
-		"mdc",
-		"bin",
-		"CHANGELOG.md",
-	],
-	"dependencies": {"oxc-parser": "^0.128.0"},
-}
-# ── happy path ────────────────────────────────────────────────────────────
-test_allow_canonical if {
-	count(npm_package_json.deny) == 0 with input as valid_pkg
-}
-test_allow_types_index_d_ts if {
-	pkg := json.patch(valid_pkg, [{"op": "replace", "path": "/types", "value": "./types/index.d.ts"}])
-	count(npm_package_json.deny) == 0 with input as pkg
-}
-# ── types ─────────────────────────────────────────────────────────────────
-test_deny_types_outside_types_dir if {
-	pkg := json.patch(valid_pkg, [{"op": "replace", "path": "/types", "value": "./dist/index.d.ts"}])
-	count(npm_package_json.deny) > 0 with input as pkg
-}
-test_deny_types_wrong_extension if {
-	pkg := json.patch(valid_pkg, [{"op": "replace", "path": "/types", "value": "./types/index.ts"}])
-	count(npm_package_json.deny) > 0 with input as pkg
-}
-# ── files ─────────────────────────────────────────────────────────────────
-test_deny_missing_files if {
-	pkg := json.patch(valid_pkg, [{"op": "remove", "path": "/files"}])
-	count(npm_package_json.deny) > 0 with input as pkg
-}
-test_deny_files_not_array if {
-	pkg := json.patch(valid_pkg, [{"op": "replace", "path": "/files", "value": "types"}])
-	count(npm_package_json.deny) > 0 with input as pkg
-}
-test_deny_files_empty if {
-	pkg := json.patch(valid_pkg, [{"op": "replace", "path": "/files", "value": []}])
-	count(npm_package_json.deny) > 0 with input as pkg
-}
-test_deny_files_without_types if {
-	pkg := json.patch(valid_pkg, [{"op": "replace", "path": "/files", "value": ["bin", "mdc"]}])
-	count(npm_package_json.deny) > 0 with input as pkg
-}
-# ── devDependencies ──────────────────────────────────────────────────────
-test_allow_no_dev_dependencies if {
-	count(npm_package_json.deny) == 0 with input as valid_pkg
-}
-test_allow_empty_dev_dependencies if {
-	pkg := json.patch(valid_pkg, [{"op": "add", "path": "/devDependencies", "value": {}}])
-	count(npm_package_json.deny) == 0 with input as pkg
-}
-test_deny_dev_dependencies_present if {
-	pkg := json.patch(valid_pkg, [{"op": "add", "path": "/devDependencies", "value": {"@nitra/cursor": "^1.9.5"}}])
-	count(npm_package_json.deny) > 0 with input as pkg
-}

package/rules/rego/policy/package_json/package_json_test.rego DELETED Viewed

@@ -1,42 +0,0 @@
-# Тести для `rego.package_json`. Запуск:
-#   conftest verify -p npm/policy/rego/package_json
-package rego.package_json_test
-import rego.v1
-import data.rego.package_json
-canonical_lint_rego := "bun ./npm/scripts/lint-rego.mjs"
-test_allow_canonical if {
-	pkg := {"scripts": {"lint-rego": canonical_lint_rego}}
-	count(package_json.deny) == 0 with input as pkg
-}
-test_allow_with_other_scripts if {
-	pkg := {"scripts": {"lint-rego": canonical_lint_rego, "test": "bun test"}}
-	count(package_json.deny) == 0 with input as pkg
-}
-test_allow_with_whitespace if {
-	pkg := {"scripts": {"lint-rego": concat("", ["  ", canonical_lint_rego, " "])}}
-	count(package_json.deny) == 0 with input as pkg
-}
-test_deny_missing_lint_rego if {
-	count(package_json.deny) > 0 with input as {"scripts": {}}
-}
-test_deny_no_scripts if {
-	count(package_json.deny) > 0 with input as {"name": "x"}
-}
-test_deny_wrong_value if {
-	pkg := {"scripts": {"lint-rego": "opa check ."}}
-	count(package_json.deny) > 0 with input as pkg
-}
-test_deny_npx_form if {
-	pkg := {"scripts": {"lint-rego": "npx opa check ."}}
-	count(package_json.deny) > 0 with input as pkg
-}

package/rules/rego/policy/vscode_extensions/vscode_extensions_test.rego DELETED Viewed

@@ -1,34 +0,0 @@
-# Тести для `rego.vscode_extensions`. Запуск:
-#   conftest verify -p npm/policy/rego/vscode_extensions
-package rego.vscode_extensions_test
-import rego.v1
-import data.rego.vscode_extensions
-test_allow_with_required_extension if {
-	cfg := {"recommendations": ["tsandall.opa"]}
-	count(vscode_extensions.deny) == 0 with input as cfg
-}
-test_allow_with_additional_extensions if {
-	cfg := {"recommendations": [
-		"dbaeumer.vscode-eslint",
-		"tsandall.opa",
-		"oxc.oxc-vscode",
-	]}
-	count(vscode_extensions.deny) == 0 with input as cfg
-}
-test_deny_missing_extension if {
-	cfg := {"recommendations": ["dbaeumer.vscode-eslint"]}
-	count(vscode_extensions.deny) > 0 with input as cfg
-}
-test_deny_empty_recommendations if {
-	count(vscode_extensions.deny) > 0 with input as {"recommendations": []}
-}
-test_deny_no_recommendations_field if {
-	count(vscode_extensions.deny) > 0 with input as {}
-}