@opensip-cli/checks-typescript 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (404) hide show
  1. package/LICENSE +202 -0
  2. package/NOTICE +8 -0
  3. package/README.md +31 -0
  4. package/dist/__tests__/all-checks-execute.test.d.ts +12 -0
  5. package/dist/__tests__/all-checks-execute.test.d.ts.map +1 -0
  6. package/dist/__tests__/all-checks-execute.test.js +846 -0
  7. package/dist/__tests__/all-checks-execute.test.js.map +1 -0
  8. package/dist/__tests__/behavior-fixtures-2.test.d.ts +9 -0
  9. package/dist/__tests__/behavior-fixtures-2.test.d.ts.map +1 -0
  10. package/dist/__tests__/behavior-fixtures-2.test.js +625 -0
  11. package/dist/__tests__/behavior-fixtures-2.test.js.map +1 -0
  12. package/dist/__tests__/behavior-fixtures-3.test.d.ts +7 -0
  13. package/dist/__tests__/behavior-fixtures-3.test.d.ts.map +1 -0
  14. package/dist/__tests__/behavior-fixtures-3.test.js +658 -0
  15. package/dist/__tests__/behavior-fixtures-3.test.js.map +1 -0
  16. package/dist/__tests__/behavior-fixtures-4.test.d.ts +8 -0
  17. package/dist/__tests__/behavior-fixtures-4.test.d.ts.map +1 -0
  18. package/dist/__tests__/behavior-fixtures-4.test.js +590 -0
  19. package/dist/__tests__/behavior-fixtures-4.test.js.map +1 -0
  20. package/dist/__tests__/behavior-fixtures-5.test.d.ts +7 -0
  21. package/dist/__tests__/behavior-fixtures-5.test.d.ts.map +1 -0
  22. package/dist/__tests__/behavior-fixtures-5.test.js +548 -0
  23. package/dist/__tests__/behavior-fixtures-5.test.js.map +1 -0
  24. package/dist/__tests__/behavior-fixtures-6.test.d.ts +18 -0
  25. package/dist/__tests__/behavior-fixtures-6.test.d.ts.map +1 -0
  26. package/dist/__tests__/behavior-fixtures-6.test.js +1700 -0
  27. package/dist/__tests__/behavior-fixtures-6.test.js.map +1 -0
  28. package/dist/__tests__/behavior-fixtures.test.d.ts +10 -0
  29. package/dist/__tests__/behavior-fixtures.test.d.ts.map +1 -0
  30. package/dist/__tests__/behavior-fixtures.test.js +812 -0
  31. package/dist/__tests__/behavior-fixtures.test.js.map +1 -0
  32. package/dist/__tests__/branch-fixtures-2.test.d.ts +6 -0
  33. package/dist/__tests__/branch-fixtures-2.test.d.ts.map +1 -0
  34. package/dist/__tests__/branch-fixtures-2.test.js +1369 -0
  35. package/dist/__tests__/branch-fixtures-2.test.js.map +1 -0
  36. package/dist/__tests__/branch-fixtures-3.test.d.ts +7 -0
  37. package/dist/__tests__/branch-fixtures-3.test.d.ts.map +1 -0
  38. package/dist/__tests__/branch-fixtures-3.test.js +877 -0
  39. package/dist/__tests__/branch-fixtures-3.test.js.map +1 -0
  40. package/dist/__tests__/branch-fixtures.test.d.ts +6 -0
  41. package/dist/__tests__/branch-fixtures.test.d.ts.map +1 -0
  42. package/dist/__tests__/branch-fixtures.test.js +1072 -0
  43. package/dist/__tests__/branch-fixtures.test.js.map +1 -0
  44. package/dist/__tests__/checks.test.d.ts +2 -0
  45. package/dist/__tests__/checks.test.d.ts.map +1 -0
  46. package/dist/__tests__/checks.test.js +39 -0
  47. package/dist/__tests__/checks.test.js.map +1 -0
  48. package/dist/__tests__/fixture-coverage.allowlist.d.ts +19 -0
  49. package/dist/__tests__/fixture-coverage.allowlist.d.ts.map +1 -0
  50. package/dist/__tests__/fixture-coverage.allowlist.js +27 -0
  51. package/dist/__tests__/fixture-coverage.allowlist.js.map +1 -0
  52. package/dist/__tests__/fixture-coverage.test.d.ts +13 -0
  53. package/dist/__tests__/fixture-coverage.test.d.ts.map +1 -0
  54. package/dist/__tests__/fixture-coverage.test.js +57 -0
  55. package/dist/__tests__/fixture-coverage.test.js.map +1 -0
  56. package/dist/__tests__/no-bootstrap-tool-import.test.d.ts +2 -0
  57. package/dist/__tests__/no-bootstrap-tool-import.test.d.ts.map +1 -0
  58. package/dist/__tests__/no-bootstrap-tool-import.test.js +75 -0
  59. package/dist/__tests__/no-bootstrap-tool-import.test.js.map +1 -0
  60. package/dist/__tests__/phantom-dependency-detection.test.d.ts +12 -0
  61. package/dist/__tests__/phantom-dependency-detection.test.d.ts.map +1 -0
  62. package/dist/__tests__/phantom-dependency-detection.test.js +112 -0
  63. package/dist/__tests__/phantom-dependency-detection.test.js.map +1 -0
  64. package/dist/__tests__/typescript-frontend.test.d.ts +8 -0
  65. package/dist/__tests__/typescript-frontend.test.d.ts.map +1 -0
  66. package/dist/__tests__/typescript-frontend.test.js +57 -0
  67. package/dist/__tests__/typescript-frontend.test.js.map +1 -0
  68. package/dist/checks/architecture/circular-import-detection.d.ts +14 -0
  69. package/dist/checks/architecture/circular-import-detection.d.ts.map +1 -0
  70. package/dist/checks/architecture/circular-import-detection.js +55 -0
  71. package/dist/checks/architecture/circular-import-detection.js.map +1 -0
  72. package/dist/checks/architecture/contracts-schema-consistency.d.ts +11 -0
  73. package/dist/checks/architecture/contracts-schema-consistency.d.ts.map +1 -0
  74. package/dist/checks/architecture/contracts-schema-consistency.js +75 -0
  75. package/dist/checks/architecture/contracts-schema-consistency.js.map +1 -0
  76. package/dist/checks/architecture/drizzle-orm-migration-guardrails.d.ts +12 -0
  77. package/dist/checks/architecture/drizzle-orm-migration-guardrails.d.ts.map +1 -0
  78. package/dist/checks/architecture/drizzle-orm-migration-guardrails.js +92 -0
  79. package/dist/checks/architecture/drizzle-orm-migration-guardrails.js.map +1 -0
  80. package/dist/checks/architecture/index.d.ts +10 -0
  81. package/dist/checks/architecture/index.d.ts.map +1 -0
  82. package/dist/checks/architecture/index.js +10 -0
  83. package/dist/checks/architecture/index.js.map +1 -0
  84. package/dist/checks/architecture/missing-type-exports.d.ts +13 -0
  85. package/dist/checks/architecture/missing-type-exports.d.ts.map +1 -0
  86. package/dist/checks/architecture/missing-type-exports.js +245 -0
  87. package/dist/checks/architecture/missing-type-exports.js.map +1 -0
  88. package/dist/checks/architecture/module-coupling-fan-out.d.ts +20 -0
  89. package/dist/checks/architecture/module-coupling-fan-out.d.ts.map +1 -0
  90. package/dist/checks/architecture/module-coupling-fan-out.js +120 -0
  91. package/dist/checks/architecture/module-coupling-fan-out.js.map +1 -0
  92. package/dist/checks/architecture/no-bootstrap-tool-import.d.ts +38 -0
  93. package/dist/checks/architecture/no-bootstrap-tool-import.d.ts.map +1 -0
  94. package/dist/checks/architecture/no-bootstrap-tool-import.js +95 -0
  95. package/dist/checks/architecture/no-bootstrap-tool-import.js.map +1 -0
  96. package/dist/checks/architecture/package-json-exports-field.d.ts +10 -0
  97. package/dist/checks/architecture/package-json-exports-field.d.ts.map +1 -0
  98. package/dist/checks/architecture/package-json-exports-field.js +56 -0
  99. package/dist/checks/architecture/package-json-exports-field.js.map +1 -0
  100. package/dist/checks/architecture/phantom-dependency-detection.d.ts +22 -0
  101. package/dist/checks/architecture/phantom-dependency-detection.d.ts.map +1 -0
  102. package/dist/checks/architecture/phantom-dependency-detection.js +330 -0
  103. package/dist/checks/architecture/phantom-dependency-detection.js.map +1 -0
  104. package/dist/checks/architecture/tsconfig-extends-validation.d.ts +10 -0
  105. package/dist/checks/architecture/tsconfig-extends-validation.d.ts.map +1 -0
  106. package/dist/checks/architecture/tsconfig-extends-validation.js +78 -0
  107. package/dist/checks/architecture/tsconfig-extends-validation.js.map +1 -0
  108. package/dist/checks/index.d.ts +6 -0
  109. package/dist/checks/index.d.ts.map +1 -0
  110. package/dist/checks/index.js +6 -0
  111. package/dist/checks/index.js.map +1 -0
  112. package/dist/checks/quality/api/api-contract-validation.d.ts +15 -0
  113. package/dist/checks/quality/api/api-contract-validation.d.ts.map +1 -0
  114. package/dist/checks/quality/api/api-contract-validation.js +316 -0
  115. package/dist/checks/quality/api/api-contract-validation.js.map +1 -0
  116. package/dist/checks/quality/api/api-response-validation.d.ts +14 -0
  117. package/dist/checks/quality/api/api-response-validation.d.ts.map +1 -0
  118. package/dist/checks/quality/api/api-response-validation.js +209 -0
  119. package/dist/checks/quality/api/api-response-validation.js.map +1 -0
  120. package/dist/checks/quality/api/fastify-route-validation.d.ts +14 -0
  121. package/dist/checks/quality/api/fastify-route-validation.d.ts.map +1 -0
  122. package/dist/checks/quality/api/fastify-route-validation.js +298 -0
  123. package/dist/checks/quality/api/fastify-route-validation.js.map +1 -0
  124. package/dist/checks/quality/api/fastify-schema-coverage.d.ts +11 -0
  125. package/dist/checks/quality/api/fastify-schema-coverage.d.ts.map +1 -0
  126. package/dist/checks/quality/api/fastify-schema-coverage.js +261 -0
  127. package/dist/checks/quality/api/fastify-schema-coverage.js.map +1 -0
  128. package/dist/checks/quality/api/index.d.ts +5 -0
  129. package/dist/checks/quality/api/index.d.ts.map +1 -0
  130. package/dist/checks/quality/api/index.js +5 -0
  131. package/dist/checks/quality/api/index.js.map +1 -0
  132. package/dist/checks/quality/code-structure/duplicate-utility-functions.d.ts +32 -0
  133. package/dist/checks/quality/code-structure/duplicate-utility-functions.d.ts.map +1 -0
  134. package/dist/checks/quality/code-structure/duplicate-utility-functions.js +451 -0
  135. package/dist/checks/quality/code-structure/duplicate-utility-functions.js.map +1 -0
  136. package/dist/checks/quality/code-structure/index.d.ts +3 -0
  137. package/dist/checks/quality/code-structure/index.d.ts.map +1 -0
  138. package/dist/checks/quality/code-structure/index.js +3 -0
  139. package/dist/checks/quality/code-structure/index.js.map +1 -0
  140. package/dist/checks/quality/code-structure/no-any-types.d.ts +13 -0
  141. package/dist/checks/quality/code-structure/no-any-types.d.ts.map +1 -0
  142. package/dist/checks/quality/code-structure/no-any-types.js +116 -0
  143. package/dist/checks/quality/code-structure/no-any-types.js.map +1 -0
  144. package/dist/checks/quality/data-integrity/__tests__/null-safety-fp.test.d.ts +15 -0
  145. package/dist/checks/quality/data-integrity/__tests__/null-safety-fp.test.d.ts.map +1 -0
  146. package/dist/checks/quality/data-integrity/__tests__/null-safety-fp.test.js +51 -0
  147. package/dist/checks/quality/data-integrity/__tests__/null-safety-fp.test.js.map +1 -0
  148. package/dist/checks/quality/data-integrity/array-validation.d.ts +16 -0
  149. package/dist/checks/quality/data-integrity/array-validation.d.ts.map +1 -0
  150. package/dist/checks/quality/data-integrity/array-validation.js +508 -0
  151. package/dist/checks/quality/data-integrity/array-validation.js.map +1 -0
  152. package/dist/checks/quality/data-integrity/database-index-coverage.d.ts +14 -0
  153. package/dist/checks/quality/data-integrity/database-index-coverage.d.ts.map +1 -0
  154. package/dist/checks/quality/data-integrity/database-index-coverage.js +235 -0
  155. package/dist/checks/quality/data-integrity/database-index-coverage.js.map +1 -0
  156. package/dist/checks/quality/data-integrity/database-schema-validation.d.ts +16 -0
  157. package/dist/checks/quality/data-integrity/database-schema-validation.d.ts.map +1 -0
  158. package/dist/checks/quality/data-integrity/database-schema-validation.js +328 -0
  159. package/dist/checks/quality/data-integrity/database-schema-validation.js.map +1 -0
  160. package/dist/checks/quality/data-integrity/in-memory-repository-detection.d.ts +14 -0
  161. package/dist/checks/quality/data-integrity/in-memory-repository-detection.d.ts.map +1 -0
  162. package/dist/checks/quality/data-integrity/in-memory-repository-detection.js +157 -0
  163. package/dist/checks/quality/data-integrity/in-memory-repository-detection.js.map +1 -0
  164. package/dist/checks/quality/data-integrity/index.d.ts +8 -0
  165. package/dist/checks/quality/data-integrity/index.d.ts.map +1 -0
  166. package/dist/checks/quality/data-integrity/index.js +8 -0
  167. package/dist/checks/quality/data-integrity/index.js.map +1 -0
  168. package/dist/checks/quality/data-integrity/missing-input-validation.d.ts +12 -0
  169. package/dist/checks/quality/data-integrity/missing-input-validation.d.ts.map +1 -0
  170. package/dist/checks/quality/data-integrity/missing-input-validation.js +180 -0
  171. package/dist/checks/quality/data-integrity/missing-input-validation.js.map +1 -0
  172. package/dist/checks/quality/data-integrity/null-safety.d.ts +33 -0
  173. package/dist/checks/quality/data-integrity/null-safety.d.ts.map +1 -0
  174. package/dist/checks/quality/data-integrity/null-safety.js +766 -0
  175. package/dist/checks/quality/data-integrity/null-safety.js.map +1 -0
  176. package/dist/checks/quality/data-integrity/numeric-validation.d.ts +12 -0
  177. package/dist/checks/quality/data-integrity/numeric-validation.d.ts.map +1 -0
  178. package/dist/checks/quality/data-integrity/numeric-validation.js +409 -0
  179. package/dist/checks/quality/data-integrity/numeric-validation.js.map +1 -0
  180. package/dist/checks/quality/frontend/a11y-form-labels.d.ts +14 -0
  181. package/dist/checks/quality/frontend/a11y-form-labels.d.ts.map +1 -0
  182. package/dist/checks/quality/frontend/a11y-form-labels.js +93 -0
  183. package/dist/checks/quality/frontend/a11y-form-labels.js.map +1 -0
  184. package/dist/checks/quality/frontend/a11y-semantic-html.d.ts +14 -0
  185. package/dist/checks/quality/frontend/a11y-semantic-html.d.ts.map +1 -0
  186. package/dist/checks/quality/frontend/a11y-semantic-html.js +88 -0
  187. package/dist/checks/quality/frontend/a11y-semantic-html.js.map +1 -0
  188. package/dist/checks/quality/frontend/index.d.ts +4 -0
  189. package/dist/checks/quality/frontend/index.d.ts.map +1 -0
  190. package/dist/checks/quality/frontend/index.js +4 -0
  191. package/dist/checks/quality/frontend/index.js.map +1 -0
  192. package/dist/checks/quality/frontend/test-only-frontend-modules.d.ts +13 -0
  193. package/dist/checks/quality/frontend/test-only-frontend-modules.d.ts.map +1 -0
  194. package/dist/checks/quality/frontend/test-only-frontend-modules.js +159 -0
  195. package/dist/checks/quality/frontend/test-only-frontend-modules.js.map +1 -0
  196. package/dist/checks/quality/incomplete-regex-escaping.d.ts +13 -0
  197. package/dist/checks/quality/incomplete-regex-escaping.d.ts.map +1 -0
  198. package/dist/checks/quality/incomplete-regex-escaping.js +207 -0
  199. package/dist/checks/quality/incomplete-regex-escaping.js.map +1 -0
  200. package/dist/checks/quality/index.d.ts +11 -0
  201. package/dist/checks/quality/index.d.ts.map +1 -0
  202. package/dist/checks/quality/index.js +11 -0
  203. package/dist/checks/quality/index.js.map +1 -0
  204. package/dist/checks/quality/linting/index.d.ts +2 -0
  205. package/dist/checks/quality/linting/index.d.ts.map +1 -0
  206. package/dist/checks/quality/linting/index.js +2 -0
  207. package/dist/checks/quality/linting/index.js.map +1 -0
  208. package/dist/checks/quality/linting/typescript-frontend.d.ts +25 -0
  209. package/dist/checks/quality/linting/typescript-frontend.d.ts.map +1 -0
  210. package/dist/checks/quality/linting/typescript-frontend.js +159 -0
  211. package/dist/checks/quality/linting/typescript-frontend.js.map +1 -0
  212. package/dist/checks/quality/observability/index.d.ts +5 -0
  213. package/dist/checks/quality/observability/index.d.ts.map +1 -0
  214. package/dist/checks/quality/observability/index.js +5 -0
  215. package/dist/checks/quality/observability/index.js.map +1 -0
  216. package/dist/checks/quality/observability/logger-event-name-format.d.ts +12 -0
  217. package/dist/checks/quality/observability/logger-event-name-format.d.ts.map +1 -0
  218. package/dist/checks/quality/observability/logger-event-name-format.js +124 -0
  219. package/dist/checks/quality/observability/logger-event-name-format.js.map +1 -0
  220. package/dist/checks/quality/observability/no-hardcoded-correlation-id.d.ts +5 -0
  221. package/dist/checks/quality/observability/no-hardcoded-correlation-id.d.ts.map +1 -0
  222. package/dist/checks/quality/observability/no-hardcoded-correlation-id.js +77 -0
  223. package/dist/checks/quality/observability/no-hardcoded-correlation-id.js.map +1 -0
  224. package/dist/checks/quality/observability/observability-coverage/__tests__/analyzer.test.d.ts +11 -0
  225. package/dist/checks/quality/observability/observability-coverage/__tests__/analyzer.test.d.ts.map +1 -0
  226. package/dist/checks/quality/observability/observability-coverage/__tests__/analyzer.test.js +107 -0
  227. package/dist/checks/quality/observability/observability-coverage/__tests__/analyzer.test.js.map +1 -0
  228. package/dist/checks/quality/observability/observability-coverage/__tests__/logger-detector.test.d.ts +12 -0
  229. package/dist/checks/quality/observability/observability-coverage/__tests__/logger-detector.test.d.ts.map +1 -0
  230. package/dist/checks/quality/observability/observability-coverage/__tests__/logger-detector.test.js +94 -0
  231. package/dist/checks/quality/observability/observability-coverage/__tests__/logger-detector.test.js.map +1 -0
  232. package/dist/checks/quality/observability/observability-coverage/analyzer.d.ts +13 -0
  233. package/dist/checks/quality/observability/observability-coverage/analyzer.d.ts.map +1 -0
  234. package/dist/checks/quality/observability/observability-coverage/analyzer.js +117 -0
  235. package/dist/checks/quality/observability/observability-coverage/analyzer.js.map +1 -0
  236. package/dist/checks/quality/observability/observability-coverage/index.d.ts +4 -0
  237. package/dist/checks/quality/observability/observability-coverage/index.d.ts.map +1 -0
  238. package/dist/checks/quality/observability/observability-coverage/index.js +4 -0
  239. package/dist/checks/quality/observability/observability-coverage/index.js.map +1 -0
  240. package/dist/checks/quality/observability/observability-coverage/logger-detector.d.ts +29 -0
  241. package/dist/checks/quality/observability/observability-coverage/logger-detector.d.ts.map +1 -0
  242. package/dist/checks/quality/observability/observability-coverage/logger-detector.js +111 -0
  243. package/dist/checks/quality/observability/observability-coverage/logger-detector.js.map +1 -0
  244. package/dist/checks/quality/observability/observability-coverage/types.d.ts +64 -0
  245. package/dist/checks/quality/observability/observability-coverage/types.d.ts.map +1 -0
  246. package/dist/checks/quality/observability/observability-coverage/types.js +6 -0
  247. package/dist/checks/quality/observability/observability-coverage/types.js.map +1 -0
  248. package/dist/checks/quality/observability/pii-exposure-in-logs.d.ts +22 -0
  249. package/dist/checks/quality/observability/pii-exposure-in-logs.d.ts.map +1 -0
  250. package/dist/checks/quality/observability/pii-exposure-in-logs.js +212 -0
  251. package/dist/checks/quality/observability/pii-exposure-in-logs.js.map +1 -0
  252. package/dist/checks/quality/observability/pii-exposure-in-logs.test.d.ts +11 -0
  253. package/dist/checks/quality/observability/pii-exposure-in-logs.test.d.ts.map +1 -0
  254. package/dist/checks/quality/observability/pii-exposure-in-logs.test.js +46 -0
  255. package/dist/checks/quality/observability/pii-exposure-in-logs.test.js.map +1 -0
  256. package/dist/checks/quality/patterns/__tests__/toctou-fp.test.d.ts +14 -0
  257. package/dist/checks/quality/patterns/__tests__/toctou-fp.test.d.ts.map +1 -0
  258. package/dist/checks/quality/patterns/__tests__/toctou-fp.test.js +61 -0
  259. package/dist/checks/quality/patterns/__tests__/toctou-fp.test.js.map +1 -0
  260. package/dist/checks/quality/patterns/async-waterfall-detection.d.ts +26 -0
  261. package/dist/checks/quality/patterns/async-waterfall-detection.d.ts.map +1 -0
  262. package/dist/checks/quality/patterns/async-waterfall-detection.js +410 -0
  263. package/dist/checks/quality/patterns/async-waterfall-detection.js.map +1 -0
  264. package/dist/checks/quality/patterns/dispose-pattern-completeness.d.ts +13 -0
  265. package/dist/checks/quality/patterns/dispose-pattern-completeness.d.ts.map +1 -0
  266. package/dist/checks/quality/patterns/dispose-pattern-completeness.js +220 -0
  267. package/dist/checks/quality/patterns/dispose-pattern-completeness.js.map +1 -0
  268. package/dist/checks/quality/patterns/error-handling-quality.d.ts +17 -0
  269. package/dist/checks/quality/patterns/error-handling-quality.d.ts.map +1 -0
  270. package/dist/checks/quality/patterns/error-handling-quality.js +335 -0
  271. package/dist/checks/quality/patterns/error-handling-quality.js.map +1 -0
  272. package/dist/checks/quality/patterns/index.d.ts +10 -0
  273. package/dist/checks/quality/patterns/index.d.ts.map +1 -0
  274. package/dist/checks/quality/patterns/index.js +10 -0
  275. package/dist/checks/quality/patterns/index.js.map +1 -0
  276. package/dist/checks/quality/patterns/lifecycle-cleanup-enforcement.d.ts +16 -0
  277. package/dist/checks/quality/patterns/lifecycle-cleanup-enforcement.d.ts.map +1 -0
  278. package/dist/checks/quality/patterns/lifecycle-cleanup-enforcement.js +205 -0
  279. package/dist/checks/quality/patterns/lifecycle-cleanup-enforcement.js.map +1 -0
  280. package/dist/checks/quality/patterns/result-pattern-consistency.d.ts +16 -0
  281. package/dist/checks/quality/patterns/result-pattern-consistency.d.ts.map +1 -0
  282. package/dist/checks/quality/patterns/result-pattern-consistency.js +328 -0
  283. package/dist/checks/quality/patterns/result-pattern-consistency.js.map +1 -0
  284. package/dist/checks/quality/patterns/silent-early-returns.d.ts +23 -0
  285. package/dist/checks/quality/patterns/silent-early-returns.d.ts.map +1 -0
  286. package/dist/checks/quality/patterns/silent-early-returns.js +266 -0
  287. package/dist/checks/quality/patterns/silent-early-returns.js.map +1 -0
  288. package/dist/checks/quality/patterns/stream-buffer-size-limits.d.ts +13 -0
  289. package/dist/checks/quality/patterns/stream-buffer-size-limits.d.ts.map +1 -0
  290. package/dist/checks/quality/patterns/stream-buffer-size-limits.js +163 -0
  291. package/dist/checks/quality/patterns/stream-buffer-size-limits.js.map +1 -0
  292. package/dist/checks/quality/patterns/throws-documentation.d.ts +23 -0
  293. package/dist/checks/quality/patterns/throws-documentation.d.ts.map +1 -0
  294. package/dist/checks/quality/patterns/throws-documentation.js +519 -0
  295. package/dist/checks/quality/patterns/throws-documentation.js.map +1 -0
  296. package/dist/checks/quality/patterns/toctou-race-condition.d.ts +48 -0
  297. package/dist/checks/quality/patterns/toctou-race-condition.d.ts.map +1 -0
  298. package/dist/checks/quality/patterns/toctou-race-condition.js +639 -0
  299. package/dist/checks/quality/patterns/toctou-race-condition.js.map +1 -0
  300. package/dist/checks/quality/stubbed-implementation-detection.d.ts +24 -0
  301. package/dist/checks/quality/stubbed-implementation-detection.d.ts.map +1 -0
  302. package/dist/checks/quality/stubbed-implementation-detection.js +355 -0
  303. package/dist/checks/quality/stubbed-implementation-detection.js.map +1 -0
  304. package/dist/checks/quality/unused-config-options.d.ts +12 -0
  305. package/dist/checks/quality/unused-config-options.d.ts.map +1 -0
  306. package/dist/checks/quality/unused-config-options.js +245 -0
  307. package/dist/checks/quality/unused-config-options.js.map +1 -0
  308. package/dist/checks/resilience/__tests__/callback-invocation-safe.test.d.ts +2 -0
  309. package/dist/checks/resilience/__tests__/callback-invocation-safe.test.d.ts.map +1 -0
  310. package/dist/checks/resilience/__tests__/callback-invocation-safe.test.js +79 -0
  311. package/dist/checks/resilience/__tests__/callback-invocation-safe.test.js.map +1 -0
  312. package/dist/checks/resilience/__tests__/context-leakage-fp.test.d.ts +12 -0
  313. package/dist/checks/resilience/__tests__/context-leakage-fp.test.d.ts.map +1 -0
  314. package/dist/checks/resilience/__tests__/context-leakage-fp.test.js +34 -0
  315. package/dist/checks/resilience/__tests__/context-leakage-fp.test.js.map +1 -0
  316. package/dist/checks/resilience/__tests__/context-mutation.test.d.ts +11 -0
  317. package/dist/checks/resilience/__tests__/context-mutation.test.d.ts.map +1 -0
  318. package/dist/checks/resilience/__tests__/context-mutation.test.js +54 -0
  319. package/dist/checks/resilience/__tests__/context-mutation.test.js.map +1 -0
  320. package/dist/checks/resilience/callback-invocation-safe.d.ts +34 -0
  321. package/dist/checks/resilience/callback-invocation-safe.d.ts.map +1 -0
  322. package/dist/checks/resilience/callback-invocation-safe.js +247 -0
  323. package/dist/checks/resilience/callback-invocation-safe.js.map +1 -0
  324. package/dist/checks/resilience/context-leakage.d.ts +25 -0
  325. package/dist/checks/resilience/context-leakage.d.ts.map +1 -0
  326. package/dist/checks/resilience/context-leakage.js +435 -0
  327. package/dist/checks/resilience/context-leakage.js.map +1 -0
  328. package/dist/checks/resilience/context-mutation.d.ts +21 -0
  329. package/dist/checks/resilience/context-mutation.d.ts.map +1 -0
  330. package/dist/checks/resilience/context-mutation.js +368 -0
  331. package/dist/checks/resilience/context-mutation.js.map +1 -0
  332. package/dist/checks/resilience/detached-promises.d.ts +40 -0
  333. package/dist/checks/resilience/detached-promises.d.ts.map +1 -0
  334. package/dist/checks/resilience/detached-promises.js +646 -0
  335. package/dist/checks/resilience/detached-promises.js.map +1 -0
  336. package/dist/checks/resilience/index.d.ts +7 -0
  337. package/dist/checks/resilience/index.d.ts.map +1 -0
  338. package/dist/checks/resilience/index.js +7 -0
  339. package/dist/checks/resilience/index.js.map +1 -0
  340. package/dist/checks/resilience/no-raw-fetch.d.ts +11 -0
  341. package/dist/checks/resilience/no-raw-fetch.d.ts.map +1 -0
  342. package/dist/checks/resilience/no-raw-fetch.js +110 -0
  343. package/dist/checks/resilience/no-raw-fetch.js.map +1 -0
  344. package/dist/checks/resilience/no-unbounded-concurrency.d.ts +11 -0
  345. package/dist/checks/resilience/no-unbounded-concurrency.d.ts.map +1 -0
  346. package/dist/checks/resilience/no-unbounded-concurrency.js +117 -0
  347. package/dist/checks/resilience/no-unbounded-concurrency.js.map +1 -0
  348. package/dist/checks/security/__tests__/sql-injection.test.d.ts +17 -0
  349. package/dist/checks/security/__tests__/sql-injection.test.d.ts.map +1 -0
  350. package/dist/checks/security/__tests__/sql-injection.test.js +97 -0
  351. package/dist/checks/security/__tests__/sql-injection.test.js.map +1 -0
  352. package/dist/checks/security/index.d.ts +4 -0
  353. package/dist/checks/security/index.d.ts.map +1 -0
  354. package/dist/checks/security/index.js +4 -0
  355. package/dist/checks/security/index.js.map +1 -0
  356. package/dist/checks/security/input-sanitization.d.ts +20 -0
  357. package/dist/checks/security/input-sanitization.d.ts.map +1 -0
  358. package/dist/checks/security/input-sanitization.js +255 -0
  359. package/dist/checks/security/input-sanitization.js.map +1 -0
  360. package/dist/checks/security/sql-injection.d.ts +24 -0
  361. package/dist/checks/security/sql-injection.d.ts.map +1 -0
  362. package/dist/checks/security/sql-injection.js +330 -0
  363. package/dist/checks/security/sql-injection.js.map +1 -0
  364. package/dist/checks/security/unsafe-secret-comparison.d.ts +17 -0
  365. package/dist/checks/security/unsafe-secret-comparison.d.ts.map +1 -0
  366. package/dist/checks/security/unsafe-secret-comparison.js +227 -0
  367. package/dist/checks/security/unsafe-secret-comparison.js.map +1 -0
  368. package/dist/checks/testing/index.d.ts +2 -0
  369. package/dist/checks/testing/index.d.ts.map +1 -0
  370. package/dist/checks/testing/index.js +2 -0
  371. package/dist/checks/testing/index.js.map +1 -0
  372. package/dist/checks/testing/mock-implementations-in-production.d.ts +12 -0
  373. package/dist/checks/testing/mock-implementations-in-production.d.ts.map +1 -0
  374. package/dist/checks/testing/mock-implementations-in-production.js +211 -0
  375. package/dist/checks/testing/mock-implementations-in-production.js.map +1 -0
  376. package/dist/display/architecture.d.ts +9 -0
  377. package/dist/display/architecture.d.ts.map +1 -0
  378. package/dist/display/architecture.js +18 -0
  379. package/dist/display/architecture.js.map +1 -0
  380. package/dist/display/index.d.ts +20 -0
  381. package/dist/display/index.d.ts.map +1 -0
  382. package/dist/display/index.js +30 -0
  383. package/dist/display/index.js.map +1 -0
  384. package/dist/display/quality.d.ts +7 -0
  385. package/dist/display/quality.d.ts.map +1 -0
  386. package/dist/display/quality.js +39 -0
  387. package/dist/display/quality.js.map +1 -0
  388. package/dist/display/resilience.d.ts +7 -0
  389. package/dist/display/resilience.d.ts.map +1 -0
  390. package/dist/display/resilience.js +13 -0
  391. package/dist/display/resilience.js.map +1 -0
  392. package/dist/display/security-testing.d.ts +9 -0
  393. package/dist/display/security-testing.d.ts.map +1 -0
  394. package/dist/display/security-testing.js +14 -0
  395. package/dist/display/security-testing.js.map +1 -0
  396. package/dist/display/types.d.ts +6 -0
  397. package/dist/display/types.d.ts.map +1 -0
  398. package/dist/display/types.js +6 -0
  399. package/dist/display/types.js.map +1 -0
  400. package/dist/index.d.ts +19 -0
  401. package/dist/index.d.ts.map +1 -0
  402. package/dist/index.js +21 -0
  403. package/dist/index.js.map +1 -0
  404. package/package.json +55 -0
@@ -0,0 +1,157 @@
1
+ /**
2
+ * @fileoverview In-Memory Repository Detection Check
3
+ *
4
+ * Detects repository classes using Map or in-memory storage in production code.
5
+ * These are often placeholders that should be replaced with DynamoDB implementations.
6
+ */
7
+ import { defineCheck } from '@opensip-cli/fitness';
8
+ import { getSharedSourceFile } from '@opensip-cli/lang-typescript';
9
+ import * as ts from 'typescript';
10
+ /**
11
+ * Patterns that indicate intentional in-memory usage
12
+ */
13
+ const ALLOWED_PATTERNS = [/cache/i, /Cache/, /InMemory/, /Mock/, /Stub/, /Fake/, /Test/];
14
+ /**
15
+ * Repository class name patterns
16
+ */
17
+ const REPOSITORY_PATTERNS = [/Repository$/, /Store$/, /Storage$/, /DAO$/, /DataAccess$/];
18
+ /**
19
+ * Quick filter keywords
20
+ */
21
+ const QUICK_FILTER_STORAGE = ['new Map', 'new Set', '= []', '= {}'];
22
+ /**
23
+ * Repeated suggestion message for in-memory storage violations
24
+ */
25
+ const IN_MEMORY_STORAGE_SUGGESTION = 'Replace with DynamoDB/PostgreSQL persistent storage implementation. In-memory storage is lost on restart and does not scale.';
26
+ /**
27
+ * Detect in-memory storage type from initializer text
28
+ * @param initText - Initializer text to analyze
29
+ * @returns Storage violation info if detected, null otherwise
30
+ */
31
+ function detectStorageType(initText) {
32
+ if (initText.includes('new Map')) {
33
+ return { type: 'map-storage', storageType: 'Map', match: 'new Map' };
34
+ }
35
+ if (initText.includes('new Set')) {
36
+ return { type: 'set-storage', storageType: 'Set', match: 'new Set' };
37
+ }
38
+ if (initText === '[]' || initText.startsWith('[')) {
39
+ return { type: 'array-storage', storageType: 'Array', match: '[]' };
40
+ }
41
+ if (initText === '{}' || initText.startsWith('{')) {
42
+ return { type: 'object-storage', storageType: 'Object', match: '{}' };
43
+ }
44
+ return null;
45
+ }
46
+ /**
47
+ * Check a class property for in-memory storage patterns
48
+ * @param ctx - Context for property checking
49
+ * @returns CheckViolation if found, null otherwise
50
+ */
51
+ function checkPropertyForStorage(ctx) {
52
+ const { member, className, sourceFile } = ctx;
53
+ const initializer = member.initializer;
54
+ if (!initializer) {
55
+ return null;
56
+ }
57
+ const initText = initializer.getText(sourceFile);
58
+ const storageInfo = detectStorageType(initText);
59
+ if (!storageInfo) {
60
+ return null;
61
+ }
62
+ const { line } = sourceFile.getLineAndCharacterOfPosition(member.getStart());
63
+ const lineNum = line + 1;
64
+ return {
65
+ line: lineNum,
66
+ column: 0,
67
+ message: `Repository ${className} uses in-memory ${storageInfo.storageType} storage`,
68
+ severity: 'error',
69
+ type: storageInfo.type,
70
+ suggestion: IN_MEMORY_STORAGE_SUGGESTION,
71
+ match: storageInfo.match,
72
+ };
73
+ }
74
+ /**
75
+ * Analyze a file for in-memory repository patterns
76
+ * @param content - File content to analyze
77
+ * @param filePath - Path to the file
78
+ * @returns Array of violations found
79
+ */
80
+ function analyzeFile(content, filePath) {
81
+ const violations = [];
82
+ // Quick filter: must have repository pattern AND in-memory storage pattern
83
+ const hasRepository = REPOSITORY_PATTERNS.some((p) => p.test(content));
84
+ const hasStorage = QUICK_FILTER_STORAGE.some((kw) => content.includes(kw));
85
+ if (!hasRepository || !hasStorage) {
86
+ return violations;
87
+ }
88
+ // Check if file has allowed patterns
89
+ if (ALLOWED_PATTERNS.some((pattern) => pattern.test(content))) {
90
+ return violations;
91
+ }
92
+ try {
93
+ const sourceFile = getSharedSourceFile(filePath, content);
94
+ /* v8 ignore next -- defensive guard */
95
+ if (!sourceFile)
96
+ return [];
97
+ const visit = (node) => {
98
+ if (ts.isClassDeclaration(node) && node.name) {
99
+ const className = node.name.getText(sourceFile);
100
+ // Check if this is a repository class
101
+ const isRepository = REPOSITORY_PATTERNS.some((p) => p.test(className));
102
+ if (!isRepository) {
103
+ ts.forEachChild(node, visit);
104
+ return;
105
+ }
106
+ // Check class properties for in-memory storage
107
+ node.members.forEach((member) => {
108
+ if (ts.isPropertyDeclaration(member)) {
109
+ const violation = checkPropertyForStorage({
110
+ member,
111
+ className,
112
+ sourceFile,
113
+ });
114
+ if (violation) {
115
+ violations.push(violation);
116
+ }
117
+ }
118
+ });
119
+ }
120
+ ts.forEachChild(node, visit);
121
+ };
122
+ visit(sourceFile);
123
+ /* v8 ignore next 1 -- defensive catch: parse failures already handled */
124
+ }
125
+ catch {
126
+ // @swallow-ok Skip files that fail to parse
127
+ }
128
+ return violations;
129
+ }
130
+ /**
131
+ * Check: quality/in-memory-repository-detection
132
+ *
133
+ * Detects repository classes using Map or in-memory storage instead of
134
+ * proper persistence.
135
+ */
136
+ export const inMemoryRepositoryDetection = defineCheck({
137
+ id: 'e44c8f1a-c63f-4583-8f64-a652d240865a',
138
+ slug: 'in-memory-repository-detection',
139
+ scope: { languages: ['typescript'], concerns: ['backend', 'server'] },
140
+ contentFilter: 'strip-strings',
141
+ confidence: 'high',
142
+ description: 'Detect repository classes using Map or in-memory storage instead of proper persistence',
143
+ longDescription: `**Purpose:** Detects repository classes that use in-memory data structures instead of persistent database storage, flagging placeholder implementations that should be replaced.
144
+
145
+ **Detects:**
146
+ - Classes named \`*Repository\`, \`*Store\`, \`*Storage\`, \`*DAO\`, or \`*DataAccess\` with properties initialized to \`new Map\`, \`new Set\`, \`[]\`, or \`{}\`
147
+ - Skips files containing allowed patterns: \`Cache\`, \`InMemory\`, \`Mock\`, \`Stub\`, \`Fake\`, \`Test\` (intentional in-memory usage)
148
+ - Quick-filters on both repository class name patterns and storage initialization keywords
149
+
150
+ **Why it matters:** In-memory storage is lost on restart, does not scale across instances, and is a common placeholder that gets accidentally shipped to production.
151
+
152
+ **Scope:** General best practice. Analyzes each file individually.`,
153
+ tags: ['quality', 'architecture', 'best-practices'],
154
+ fileTypes: ['ts'],
155
+ analyze: analyzeFile,
156
+ });
157
+ //# sourceMappingURL=in-memory-repository-detection.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"in-memory-repository-detection.js","sourceRoot":"","sources":["../../../../src/checks/quality/data-integrity/in-memory-repository-detection.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,WAAW,EAAuB,MAAM,sBAAsB,CAAC;AACxE,OAAO,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC;AACnE,OAAO,KAAK,EAAE,MAAM,YAAY,CAAC;AAEjC;;GAEG;AACH,MAAM,gBAAgB,GAAG,CAAC,QAAQ,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;AAEzF;;GAEG;AACH,MAAM,mBAAmB,GAAG,CAAC,aAAa,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,aAAa,CAAC,CAAC;AAEzF;;GAEG;AACH,MAAM,oBAAoB,GAAG,CAAC,SAAS,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;AAEpE;;GAEG;AACH,MAAM,4BAA4B,GAChC,8HAA8H,CAAC;AAQjI;;;;GAIG;AACH,SAAS,iBAAiB,CAAC,QAAgB;IACzC,IAAI,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QACjC,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,WAAW,EAAE,KAAK,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC;IACvE,CAAC;IACD,IAAI,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QACjC,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,WAAW,EAAE,KAAK,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC;IACvE,CAAC;IACD,IAAI,QAAQ,KAAK,IAAI,IAAI,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QAClD,OAAO,EAAE,IAAI,EAAE,eAAe,EAAE,WAAW,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IACtE,CAAC;IACD,IAAI,QAAQ,KAAK,IAAI,IAAI,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QAClD,OAAO,EAAE,IAAI,EAAE,gBAAgB,EAAE,WAAW,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IACxE,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAQD;;;;GAIG;AACH,SAAS,uBAAuB,CAAC,GAAyB;IACxD,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,GAAG,CAAC;IAC9C,MAAM,WAAW,GAAG,MAAM,CAAC,WAAW,CAAC;IAEvC,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,QAAQ,GAAG,WAAW,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IACjD,MAAM,WAAW,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;IAEhD,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,EAAE,IAAI,EAAE,GAAG,UAAU,CAAC,6BAA6B,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;IAC7E,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,CAAC;IAEzB,OAAO;QACL,IAAI,EAAE,OAAO;QACb,MAAM,EAAE,CAAC;QACT,OAAO,EAAE,cAAc,SAAS,mBAAmB,WAAW,CAAC,WAAW,UAAU;QACpF,QAAQ,EAAE,OAAO;QACjB,IAAI,EAAE,WAAW,CAAC,IAAI;QACtB,UAAU,EAAE,4BAA4B;QACxC,KAAK,EAAE,WAAW,CAAC,KAAK;KACzB,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,SAAS,WAAW,CAAC,OAAe,EAAE,QAAgB;IACpD,MAAM,UAAU,GAAqB,EAAE,CAAC;IAExC,2EAA2E;IAC3E,MAAM,aAAa,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;IACvE,MAAM,UAAU,GAAG,oBAAoB,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;IAC3E,IAAI,CAAC,aAAa,IAAI,CAAC,UAAU,EAAE,CAAC;QAClC,OAAO,UAAU,CAAC;IACpB,CAAC;IAED,qCAAqC;IACrC,IAAI,gBAAgB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC;QAC9D,OAAO,UAAU,CAAC;IACpB,CAAC;IAED,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,mBAAmB,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC1D,uCAAuC;QACvC,IAAI,CAAC,UAAU;YAAE,OAAO,EAAE,CAAC;QAE3B,MAAM,KAAK,GAAG,CAAC,IAAa,EAAQ,EAAE;YACpC,IAAI,EAAE,CAAC,kBAAkB,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;gBAC7C,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;gBAEhD,sCAAsC;gBACtC,MAAM,YAAY,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC;gBACxE,IAAI,CAAC,YAAY,EAAE,CAAC;oBAClB,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;oBAC7B,OAAO;gBACT,CAAC;gBAED,+CAA+C;gBAC/C,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,EAAE;oBAC9B,IAAI,EAAE,CAAC,qBAAqB,CAAC,MAAM,CAAC,EAAE,CAAC;wBACrC,MAAM,SAAS,GAAG,uBAAuB,CAAC;4BACxC,MAAM;4BACN,SAAS;4BACT,UAAU;yBACX,CAAC,CAAC;wBACH,IAAI,SAAS,EAAE,CAAC;4BACd,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;wBAC7B,CAAC;oBACH,CAAC;gBACH,CAAC,CAAC,CAAC;YACL,CAAC;YACD,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QAC/B,CAAC,CAAC;QAEF,KAAK,CAAC,UAAU,CAAC,CAAC;QAClB,yEAAyE;IAC3E,CAAC;IAAC,MAAM,CAAC;QACP,4CAA4C;IAC9C,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,MAAM,2BAA2B,GAAG,WAAW,CAAC;IACrD,EAAE,EAAE,sCAAsC;IAC1C,IAAI,EAAE,gCAAgC;IACtC,KAAK,EAAE,EAAE,SAAS,EAAE,CAAC,YAAY,CAAC,EAAE,QAAQ,EAAE,CAAC,SAAS,EAAE,QAAQ,CAAC,EAAE;IACrE,aAAa,EAAE,eAAe;IAE9B,UAAU,EAAE,MAAM;IAClB,WAAW,EACT,wFAAwF;IAC1F,eAAe,EAAE;;;;;;;;;mEASgD;IACjE,IAAI,EAAE,CAAC,SAAS,EAAE,cAAc,EAAE,gBAAgB,CAAC;IACnD,SAAS,EAAE,CAAC,IAAI,CAAC;IAEjB,OAAO,EAAE,WAAW;CACrB,CAAC,CAAC"}
@@ -0,0 +1,8 @@
1
+ export * from './array-validation.js';
2
+ export * from './database-index-coverage.js';
3
+ export * from './database-schema-validation.js';
4
+ export * from './in-memory-repository-detection.js';
5
+ export * from './missing-input-validation.js';
6
+ export * from './null-safety.js';
7
+ export * from './numeric-validation.js';
8
+ //# sourceMappingURL=index.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/checks/quality/data-integrity/index.ts"],"names":[],"mappings":"AAAA,cAAc,uBAAuB,CAAC;AACtC,cAAc,8BAA8B,CAAC;AAC7C,cAAc,iCAAiC,CAAC;AAChD,cAAc,qCAAqC,CAAC;AACpD,cAAc,+BAA+B,CAAC;AAC9C,cAAc,kBAAkB,CAAC;AACjC,cAAc,yBAAyB,CAAC"}
@@ -0,0 +1,8 @@
1
+ export * from './array-validation.js';
2
+ export * from './database-index-coverage.js';
3
+ export * from './database-schema-validation.js';
4
+ export * from './in-memory-repository-detection.js';
5
+ export * from './missing-input-validation.js';
6
+ export * from './null-safety.js';
7
+ export * from './numeric-validation.js';
8
+ //# sourceMappingURL=index.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/checks/quality/data-integrity/index.ts"],"names":[],"mappings":"AAAA,cAAc,uBAAuB,CAAC;AACtC,cAAc,8BAA8B,CAAC;AAC7C,cAAc,iCAAiC,CAAC;AAChD,cAAc,qCAAqC,CAAC;AACpD,cAAc,+BAA+B,CAAC;AAC9C,cAAc,kBAAkB,CAAC;AACjC,cAAc,yBAAyB,CAAC"}
@@ -0,0 +1,12 @@
1
+ /**
2
+ * @fileoverview Missing Input Validation Check
3
+ *
4
+ * Detects API handlers and functions accepting external input without validation.
5
+ */
6
+ /**
7
+ * Check: quality/missing-input-validation
8
+ *
9
+ * Detects API handlers and functions accepting external input without validation.
10
+ */
11
+ export declare const missingInputValidation: import("@opensip-cli/fitness").Check;
12
+ //# sourceMappingURL=missing-input-validation.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"missing-input-validation.d.ts","sourceRoot":"","sources":["../../../../src/checks/quality/data-integrity/missing-input-validation.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAgLH;;;;GAIG;AACH,eAAO,MAAM,sBAAsB,sCAsBjC,CAAC"}
@@ -0,0 +1,180 @@
1
+ /**
2
+ * @fileoverview Missing Input Validation Check
3
+ *
4
+ * Detects API handlers and functions accepting external input without validation.
5
+ */
6
+ import { createPathMatcher, defineCheck } from '@opensip-cli/fitness';
7
+ import { getSharedSourceFile } from '@opensip-cli/lang-typescript';
8
+ import * as ts from 'typescript';
9
+ /**
10
+ * Paths that should be excluded from validation check
11
+ */
12
+ const EXCLUDED_PATH_SEGMENTS = [
13
+ '/services/',
14
+ '/service/',
15
+ '/utils/',
16
+ '/util/',
17
+ '/helpers/',
18
+ '/helper/',
19
+ '/domain/',
20
+ '/models/',
21
+ '/model/',
22
+ '/types/',
23
+ '/type/',
24
+ '/schemas/',
25
+ '/schema/',
26
+ '/lib/',
27
+ '/core/',
28
+ '/shared/',
29
+ '/common/',
30
+ ];
31
+ const isExcludedValidationPath = createPathMatcher(EXCLUDED_PATH_SEGMENTS);
32
+ /**
33
+ * Quick filter regex for handler patterns
34
+ */
35
+ const QUICK_FILTER_HANDLER_PATTERNS = /\b(req|request|res|response|reply|handler|Handler|route|Route|endpoint|Endpoint|controller|Controller)\b/;
36
+ /**
37
+ * Validation patterns
38
+ */
39
+ const VALIDATION_PATTERNS = [
40
+ /\.parse\s*\(/,
41
+ /\.safeParse\s*\(/,
42
+ /z\.\w+\(/,
43
+ /Joi\.\w+/,
44
+ /yup\.\w+/,
45
+ /\.validate\s*\(/,
46
+ /validator\./i,
47
+ /assertValid/i,
48
+ ];
49
+ /**
50
+ * @param {*} node
51
+ * @returns {*}
52
+ * Get function name from node
53
+ */
54
+ // @fitness-ignore-next-line duplicate-utility-functions -- Check-specific helper typed to FunctionLike; each fitness check defines its own variant for its node type
55
+ function getFunctionName(node) {
56
+ /* v8 ignore next -- defensive AST/type guard */
57
+ if (ts.isFunctionDeclaration(node) && node.name)
58
+ return node.name.text;
59
+ /* v8 ignore next -- defensive AST/type guard */
60
+ if (ts.isMethodDeclaration(node) && ts.isIdentifier(node.name))
61
+ return node.name.text;
62
+ /* v8 ignore next -- defensive AST/type guard */
63
+ if (ts.isVariableDeclaration(node.parent) && ts.isIdentifier(node.parent.name)) {
64
+ return node.parent.name.text;
65
+ }
66
+ return 'anonymous';
67
+ }
68
+ /**
69
+ * Check if function has API handler parameters
70
+ */
71
+ function hasApiParams(params) {
72
+ if (params.length < 2)
73
+ return false;
74
+ const [firstParam, secondParam] = params;
75
+ /* v8 ignore next -- defensive AST/type guard */
76
+ if (!firstParam || !secondParam)
77
+ return false;
78
+ const firstName = ts.isIdentifier(firstParam.name) ? firstParam.name.text : '';
79
+ const secondName = ts.isIdentifier(secondParam.name) ? secondParam.name.text : '';
80
+ // Express: (req, res) or Fastify: (request, reply)
81
+ return ((/^(req|request)$/i.test(firstName) && /^(res|response)$/i.test(secondName)) ||
82
+ (/^request$/i.test(firstName) && /^reply$/i.test(secondName)));
83
+ }
84
+ /**
85
+ * Check if function is an API handler
86
+ */
87
+ function isApiHandler(node) {
88
+ return hasApiParams(node.parameters);
89
+ }
90
+ /**
91
+ * Check if function body has validation
92
+ */
93
+ function hasValidation(node, sourceFile) {
94
+ /* v8 ignore next -- defensive guard */
95
+ if (!node.body)
96
+ return true; // No body = nothing to validate
97
+ const bodyText = node.body.getText(sourceFile);
98
+ return VALIDATION_PATTERNS.some((pattern) => pattern.test(bodyText));
99
+ }
100
+ /**
101
+ * Analyze a file for missing input validation
102
+ */
103
+ function analyzeFile(content, filePath) {
104
+ const violations = [];
105
+ // Skip excluded paths
106
+ if (isExcludedValidationPath(filePath)) {
107
+ return violations;
108
+ }
109
+ // Quick filter: skip files without handler patterns
110
+ if (!QUICK_FILTER_HANDLER_PATTERNS.test(content)) {
111
+ return violations;
112
+ }
113
+ try {
114
+ const sourceFile = getSharedSourceFile(filePath, content);
115
+ /* v8 ignore next -- defensive guard */
116
+ if (!sourceFile)
117
+ return [];
118
+ const checkFunction = (node) => {
119
+ if (!isApiHandler(node))
120
+ return;
121
+ const functionName = getFunctionName(node);
122
+ /* v8 ignore next -- defensive AST/type guard */
123
+ if (hasValidation(node, sourceFile))
124
+ return;
125
+ const { line } = sourceFile.getLineAndCharacterOfPosition(node.getStart());
126
+ violations.push({
127
+ line: line + 1,
128
+ message: `API handler '${functionName}' accepts external input without validation`,
129
+ severity: 'warning',
130
+ suggestion: 'Add input validation using Zod, Joi, or similar library',
131
+ match: functionName,
132
+ type: 'missing-validation',
133
+ });
134
+ };
135
+ const visit = (node) => {
136
+ if (ts.isFunctionDeclaration(node) || ts.isMethodDeclaration(node)) {
137
+ checkFunction(node);
138
+ }
139
+ if (ts.isVariableDeclaration(node) &&
140
+ node.initializer &&
141
+ (ts.isArrowFunction(node.initializer) || ts.isFunctionExpression(node.initializer))) {
142
+ checkFunction(node.initializer);
143
+ }
144
+ ts.forEachChild(node, visit);
145
+ };
146
+ visit(sourceFile);
147
+ /* v8 ignore next 1 -- defensive catch: parse failures already handled */
148
+ }
149
+ catch {
150
+ // @swallow-ok Skip files that fail to parse
151
+ }
152
+ return violations;
153
+ }
154
+ /**
155
+ * Check: quality/missing-input-validation
156
+ *
157
+ * Detects API handlers and functions accepting external input without validation.
158
+ */
159
+ export const missingInputValidation = defineCheck({
160
+ id: '25f2a9b6-be96-42a4-aa0d-3b00839784e3',
161
+ slug: 'missing-input-validation',
162
+ scope: { languages: ['typescript'], concerns: ['backend', 'server'] },
163
+ contentFilter: 'strip-strings',
164
+ confidence: 'high',
165
+ description: 'Detect API handlers accepting external input without validation (Zod, Joi, etc.)',
166
+ longDescription: `**Purpose:** Detects API route handlers that accept external input (request/response parameters) without any schema validation, ensuring all boundaries validate their inputs.
167
+
168
+ **Detects:**
169
+ - Functions with Express-style \`(req, res)\` or Fastify-style \`(request, reply)\` parameter signatures
170
+ - Handler bodies lacking validation calls: \`.parse()\`, \`.safeParse()\`, \`z.*\`, \`Joi.*\`, \`yup.*\`, \`.validate()\`, \`validator.*\`, or \`assertValid\`
171
+ - Excludes internal paths (\`/services/\`, \`/utils/\`, \`/helpers/\`, \`/domain/\`, \`/models/\`, \`/types/\`, \`/schemas/\`, \`/lib/\`, \`/core/\`, \`/shared/\`, \`/common/\`)
172
+
173
+ **Why it matters:** API handlers without input validation are vulnerable to injection attacks, type confusion, and malformed data propagating into the system.
174
+
175
+ **Scope:** General best practice. Analyzes each file individually.`,
176
+ tags: ['quality', 'security', 'code-quality'],
177
+ fileTypes: ['ts'],
178
+ analyze: analyzeFile,
179
+ });
180
+ //# sourceMappingURL=missing-input-validation.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"missing-input-validation.js","sourceRoot":"","sources":["../../../../src/checks/quality/data-integrity/missing-input-validation.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,iBAAiB,EAAE,WAAW,EAAuB,MAAM,sBAAsB,CAAC;AAC3F,OAAO,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC;AACnE,OAAO,KAAK,EAAE,MAAM,YAAY,CAAC;AAEjC;;GAEG;AACH,MAAM,sBAAsB,GAAG;IAC7B,YAAY;IACZ,WAAW;IACX,SAAS;IACT,QAAQ;IACR,WAAW;IACX,UAAU;IACV,UAAU;IACV,UAAU;IACV,SAAS;IACT,SAAS;IACT,QAAQ;IACR,WAAW;IACX,UAAU;IACV,OAAO;IACP,QAAQ;IACR,UAAU;IACV,UAAU;CACX,CAAC;AAEF,MAAM,wBAAwB,GAAG,iBAAiB,CAAC,sBAAsB,CAAC,CAAC;AAQ3E;;GAEG;AACH,MAAM,6BAA6B,GACjC,0GAA0G,CAAC;AAE7G;;GAEG;AACH,MAAM,mBAAmB,GAAG;IAC1B,cAAc;IACd,kBAAkB;IAClB,UAAU;IACV,UAAU;IACV,UAAU;IACV,iBAAiB;IACjB,cAAc;IACd,cAAc;CACf,CAAC;AAEF;;;;GAIG;AACH,qKAAqK;AACrK,SAAS,eAAe,CAAC,IAAkB;IACzC,gDAAgD;IAChD,IAAI,EAAE,CAAC,qBAAqB,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;IACvE,gDAAgD;IAChD,IAAI,EAAE,CAAC,mBAAmB,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;IACtF,gDAAgD;IAChD,IAAI,EAAE,CAAC,qBAAqB,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;QAC/E,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC;IAC/B,CAAC;IACD,OAAO,WAAW,CAAC;AACrB,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CAAC,MAA6C;IACjE,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IAEpC,MAAM,CAAC,UAAU,EAAE,WAAW,CAAC,GAAG,MAAM,CAAC;IACzC,gDAAgD;IAChD,IAAI,CAAC,UAAU,IAAI,CAAC,WAAW;QAAE,OAAO,KAAK,CAAC;IAE9C,MAAM,SAAS,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;IAC/E,MAAM,UAAU,GAAG,EAAE,CAAC,YAAY,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;IAElF,mDAAmD;IACnD,OAAO,CACL,CAAC,kBAAkB,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,mBAAmB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC5E,CAAC,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAC9D,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CAAC,IAAkB;IACtC,OAAO,YAAY,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;AACvC,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,IAAkB,EAAE,UAAyB;IAClE,uCAAuC;IACvC,IAAI,CAAC,IAAI,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC,CAAC,gCAAgC;IAE7D,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAC/C,OAAO,mBAAmB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;AACvE,CAAC;AAED;;GAEG;AACH,SAAS,WAAW,CAAC,OAAe,EAAE,QAAgB;IACpD,MAAM,UAAU,GAAqB,EAAE,CAAC;IAExC,sBAAsB;IACtB,IAAI,wBAAwB,CAAC,QAAQ,CAAC,EAAE,CAAC;QACvC,OAAO,UAAU,CAAC;IACpB,CAAC;IAED,oDAAoD;IACpD,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QACjD,OAAO,UAAU,CAAC;IACpB,CAAC;IAED,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,mBAAmB,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC1D,uCAAuC;QACvC,IAAI,CAAC,UAAU;YAAE,OAAO,EAAE,CAAC;QAE3B,MAAM,aAAa,GAAG,CAAC,IAAkB,EAAQ,EAAE;YACjD,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC;gBAAE,OAAO;YAEhC,MAAM,YAAY,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;YAC3C,gDAAgD;YAChD,IAAI,aAAa,CAAC,IAAI,EAAE,UAAU,CAAC;gBAAE,OAAO;YAE5C,MAAM,EAAE,IAAI,EAAE,GAAG,UAAU,CAAC,6BAA6B,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;YAE3E,UAAU,CAAC,IAAI,CAAC;gBACd,IAAI,EAAE,IAAI,GAAG,CAAC;gBACd,OAAO,EAAE,gBAAgB,YAAY,6CAA6C;gBAClF,QAAQ,EAAE,SAAS;gBACnB,UAAU,EAAE,yDAAyD;gBACrE,KAAK,EAAE,YAAY;gBACnB,IAAI,EAAE,oBAAoB;aAC3B,CAAC,CAAC;QACL,CAAC,CAAC;QAEF,MAAM,KAAK,GAAG,CAAC,IAAa,EAAQ,EAAE;YACpC,IAAI,EAAE,CAAC,qBAAqB,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,mBAAmB,CAAC,IAAI,CAAC,EAAE,CAAC;gBACnE,aAAa,CAAC,IAAI,CAAC,CAAC;YACtB,CAAC;YACD,IACE,EAAE,CAAC,qBAAqB,CAAC,IAAI,CAAC;gBAC9B,IAAI,CAAC,WAAW;gBAChB,CAAC,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC,oBAAoB,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,EACnF,CAAC;gBACD,aAAa,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YAClC,CAAC;YACD,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QAC/B,CAAC,CAAC;QAEF,KAAK,CAAC,UAAU,CAAC,CAAC;QAClB,yEAAyE;IAC3E,CAAC;IAAC,MAAM,CAAC;QACP,4CAA4C;IAC9C,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAAG,WAAW,CAAC;IAChD,EAAE,EAAE,sCAAsC;IAC1C,IAAI,EAAE,0BAA0B;IAChC,KAAK,EAAE,EAAE,SAAS,EAAE,CAAC,YAAY,CAAC,EAAE,QAAQ,EAAE,CAAC,SAAS,EAAE,QAAQ,CAAC,EAAE;IACrE,aAAa,EAAE,eAAe;IAE9B,UAAU,EAAE,MAAM;IAClB,WAAW,EAAE,kFAAkF;IAC/F,eAAe,EAAE;;;;;;;;;mEASgD;IACjE,IAAI,EAAE,CAAC,SAAS,EAAE,UAAU,EAAE,cAAc,CAAC;IAC7C,SAAS,EAAE,CAAC,IAAI,CAAC;IAEjB,OAAO,EAAE,WAAW;CACrB,CAAC,CAAC"}
@@ -0,0 +1,33 @@
1
+ /**
2
+ * @fileoverview Null/Undefined Safety Check
3
+ *
4
+ * Detects unsafe property and method access without null checks.
5
+ */
6
+ import { type CheckViolation } from '@opensip-cli/fitness';
7
+ /**
8
+ * Recipe-config shape for null-safety. Project-specific safe-by-construction
9
+ * paths (e.g. opensip's `/dbos/schema`) belong in a recipe's
10
+ * `checks.config['null-safety']` block, not in built-in defaults.
11
+ */
12
+ export interface NullSafetyConfig extends Record<string, unknown> {
13
+ /**
14
+ * Additional path patterns whose files are skipped entirely. Each entry
15
+ * is compiled to a case-insensitive RegExp via `new RegExp(entry, 'i')`.
16
+ */
17
+ additionalSafeNullPaths?: readonly string[];
18
+ }
19
+ /**
20
+ * @param {*} content
21
+ * @param {*} filePath
22
+ * @returns {*}
23
+ * Analyze a file for null safety issues. Exported for the FP-regression
24
+ * suite (see `__tests__/null-safety-fp.test.ts`).
25
+ */
26
+ export declare function analyzeNullSafety(content: string, filePath: string): CheckViolation[];
27
+ /**
28
+ * Check: quality/null-safety
29
+ *
30
+ * Detects unsafe property and method access without null checks.
31
+ */
32
+ export declare const nullSafety: import("@opensip-cli/fitness").Check;
33
+ //# sourceMappingURL=null-safety.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"null-safety.d.ts","sourceRoot":"","sources":["../../../../src/checks/quality/data-integrity/null-safety.ts"],"names":[],"mappings":"AACA;;;;GAIG;AAEH,OAAO,EAA2C,KAAK,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAIpG;;;;GAIG;AACH,MAAM,WAAW,gBAAiB,SAAQ,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;IAC/D;;;OAGG;IACH,uBAAuB,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;CAC7C;AAgqBD;;;;;;GAMG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,cAAc,EAAE,CA4ErF;AAED;;;;GAIG;AACH,eAAO,MAAM,UAAU,sCA2BrB,CAAC"}