@opensip-cli/checks-universal 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (620) hide show
  1. package/LICENSE +202 -0
  2. package/NOTICE +8 -0
  3. package/README.md +31 -0
  4. package/dist/__tests__/all-checks-execute.test.d.ts +17 -0
  5. package/dist/__tests__/all-checks-execute.test.d.ts.map +1 -0
  6. package/dist/__tests__/all-checks-execute.test.js +452 -0
  7. package/dist/__tests__/all-checks-execute.test.js.map +1 -0
  8. package/dist/__tests__/behavior-fixtures-10.test.d.ts +8 -0
  9. package/dist/__tests__/behavior-fixtures-10.test.d.ts.map +1 -0
  10. package/dist/__tests__/behavior-fixtures-10.test.js +200 -0
  11. package/dist/__tests__/behavior-fixtures-10.test.js.map +1 -0
  12. package/dist/__tests__/behavior-fixtures-11.test.d.ts +8 -0
  13. package/dist/__tests__/behavior-fixtures-11.test.d.ts.map +1 -0
  14. package/dist/__tests__/behavior-fixtures-11.test.js +120 -0
  15. package/dist/__tests__/behavior-fixtures-11.test.js.map +1 -0
  16. package/dist/__tests__/behavior-fixtures-12.test.d.ts +8 -0
  17. package/dist/__tests__/behavior-fixtures-12.test.d.ts.map +1 -0
  18. package/dist/__tests__/behavior-fixtures-12.test.js +157 -0
  19. package/dist/__tests__/behavior-fixtures-12.test.js.map +1 -0
  20. package/dist/__tests__/behavior-fixtures-2.test.d.ts +8 -0
  21. package/dist/__tests__/behavior-fixtures-2.test.d.ts.map +1 -0
  22. package/dist/__tests__/behavior-fixtures-2.test.js +785 -0
  23. package/dist/__tests__/behavior-fixtures-2.test.js.map +1 -0
  24. package/dist/__tests__/behavior-fixtures-3.test.d.ts +6 -0
  25. package/dist/__tests__/behavior-fixtures-3.test.d.ts.map +1 -0
  26. package/dist/__tests__/behavior-fixtures-3.test.js +663 -0
  27. package/dist/__tests__/behavior-fixtures-3.test.js.map +1 -0
  28. package/dist/__tests__/behavior-fixtures-4.test.d.ts +5 -0
  29. package/dist/__tests__/behavior-fixtures-4.test.d.ts.map +1 -0
  30. package/dist/__tests__/behavior-fixtures-4.test.js +612 -0
  31. package/dist/__tests__/behavior-fixtures-4.test.js.map +1 -0
  32. package/dist/__tests__/behavior-fixtures-5.test.d.ts +5 -0
  33. package/dist/__tests__/behavior-fixtures-5.test.d.ts.map +1 -0
  34. package/dist/__tests__/behavior-fixtures-5.test.js +469 -0
  35. package/dist/__tests__/behavior-fixtures-5.test.js.map +1 -0
  36. package/dist/__tests__/behavior-fixtures-6.test.d.ts +8 -0
  37. package/dist/__tests__/behavior-fixtures-6.test.d.ts.map +1 -0
  38. package/dist/__tests__/behavior-fixtures-6.test.js +591 -0
  39. package/dist/__tests__/behavior-fixtures-6.test.js.map +1 -0
  40. package/dist/__tests__/behavior-fixtures-7.test.d.ts +5 -0
  41. package/dist/__tests__/behavior-fixtures-7.test.d.ts.map +1 -0
  42. package/dist/__tests__/behavior-fixtures-7.test.js +662 -0
  43. package/dist/__tests__/behavior-fixtures-7.test.js.map +1 -0
  44. package/dist/__tests__/behavior-fixtures-8.test.d.ts +11 -0
  45. package/dist/__tests__/behavior-fixtures-8.test.d.ts.map +1 -0
  46. package/dist/__tests__/behavior-fixtures-8.test.js +634 -0
  47. package/dist/__tests__/behavior-fixtures-8.test.js.map +1 -0
  48. package/dist/__tests__/behavior-fixtures-9.test.d.ts +11 -0
  49. package/dist/__tests__/behavior-fixtures-9.test.d.ts.map +1 -0
  50. package/dist/__tests__/behavior-fixtures-9.test.js +271 -0
  51. package/dist/__tests__/behavior-fixtures-9.test.js.map +1 -0
  52. package/dist/__tests__/behavior-fixtures.test.d.ts +14 -0
  53. package/dist/__tests__/behavior-fixtures.test.d.ts.map +1 -0
  54. package/dist/__tests__/behavior-fixtures.test.js +1423 -0
  55. package/dist/__tests__/behavior-fixtures.test.js.map +1 -0
  56. package/dist/__tests__/checks.test.d.ts +2 -0
  57. package/dist/__tests__/checks.test.d.ts.map +1 -0
  58. package/dist/__tests__/checks.test.js +61 -0
  59. package/dist/__tests__/checks.test.js.map +1 -0
  60. package/dist/__tests__/env-var-validation.test.d.ts +14 -0
  61. package/dist/__tests__/env-var-validation.test.d.ts.map +1 -0
  62. package/dist/__tests__/env-var-validation.test.js +53 -0
  63. package/dist/__tests__/env-var-validation.test.js.map +1 -0
  64. package/dist/__tests__/file-length-limit.test.d.ts +2 -0
  65. package/dist/__tests__/file-length-limit.test.d.ts.map +1 -0
  66. package/dist/__tests__/file-length-limit.test.js +29 -0
  67. package/dist/__tests__/file-length-limit.test.js.map +1 -0
  68. package/dist/__tests__/fixture-coverage.allowlist.d.ts +18 -0
  69. package/dist/__tests__/fixture-coverage.allowlist.d.ts.map +1 -0
  70. package/dist/__tests__/fixture-coverage.allowlist.js +35 -0
  71. package/dist/__tests__/fixture-coverage.allowlist.js.map +1 -0
  72. package/dist/__tests__/fixture-coverage.test.d.ts +13 -0
  73. package/dist/__tests__/fixture-coverage.test.d.ts.map +1 -0
  74. package/dist/__tests__/fixture-coverage.test.js +57 -0
  75. package/dist/__tests__/fixture-coverage.test.js.map +1 -0
  76. package/dist/__tests__/iic.test.d.ts +15 -0
  77. package/dist/__tests__/iic.test.d.ts.map +1 -0
  78. package/dist/__tests__/iic.test.js +316 -0
  79. package/dist/__tests__/iic.test.js.map +1 -0
  80. package/dist/__tests__/no-skipped-tests.test.d.ts +14 -0
  81. package/dist/__tests__/no-skipped-tests.test.d.ts.map +1 -0
  82. package/dist/__tests__/no-skipped-tests.test.js +144 -0
  83. package/dist/__tests__/no-skipped-tests.test.js.map +1 -0
  84. package/dist/__tests__/no-todo-comments.test.d.ts +2 -0
  85. package/dist/__tests__/no-todo-comments.test.d.ts.map +1 -0
  86. package/dist/__tests__/no-todo-comments.test.js +31 -0
  87. package/dist/__tests__/no-todo-comments.test.js.map +1 -0
  88. package/dist/__tests__/no-unimplemented-markers.test.d.ts +2 -0
  89. package/dist/__tests__/no-unimplemented-markers.test.d.ts.map +1 -0
  90. package/dist/__tests__/no-unimplemented-markers.test.js +140 -0
  91. package/dist/__tests__/no-unimplemented-markers.test.js.map +1 -0
  92. package/dist/__tests__/public-api-jsdoc-scope.test.d.ts +10 -0
  93. package/dist/__tests__/public-api-jsdoc-scope.test.d.ts.map +1 -0
  94. package/dist/__tests__/public-api-jsdoc-scope.test.js +176 -0
  95. package/dist/__tests__/public-api-jsdoc-scope.test.js.map +1 -0
  96. package/dist/__tests__/resilience-fp.test.d.ts +14 -0
  97. package/dist/__tests__/resilience-fp.test.d.ts.map +1 -0
  98. package/dist/__tests__/resilience-fp.test.js +110 -0
  99. package/dist/__tests__/resilience-fp.test.js.map +1 -0
  100. package/dist/checks/architecture/__tests__/no-kebab-option-indexing.test.d.ts +2 -0
  101. package/dist/checks/architecture/__tests__/no-kebab-option-indexing.test.d.ts.map +1 -0
  102. package/dist/checks/architecture/__tests__/no-kebab-option-indexing.test.js +32 -0
  103. package/dist/checks/architecture/__tests__/no-kebab-option-indexing.test.js.map +1 -0
  104. package/dist/checks/architecture/__tests__/tool-has-manifest.test.d.ts +2 -0
  105. package/dist/checks/architecture/__tests__/tool-has-manifest.test.d.ts.map +1 -0
  106. package/dist/checks/architecture/__tests__/tool-has-manifest.test.js +152 -0
  107. package/dist/checks/architecture/__tests__/tool-has-manifest.test.js.map +1 -0
  108. package/dist/checks/architecture/__tests__/vitest-config-required-with-tests.test.d.ts +2 -0
  109. package/dist/checks/architecture/__tests__/vitest-config-required-with-tests.test.d.ts.map +1 -0
  110. package/dist/checks/architecture/__tests__/vitest-config-required-with-tests.test.js +129 -0
  111. package/dist/checks/architecture/__tests__/vitest-config-required-with-tests.test.js.map +1 -0
  112. package/dist/checks/architecture/_yaml-doc-bindings.d.ts +23 -0
  113. package/dist/checks/architecture/_yaml-doc-bindings.d.ts.map +1 -0
  114. package/dist/checks/architecture/_yaml-doc-bindings.js +29 -0
  115. package/dist/checks/architecture/_yaml-doc-bindings.js.map +1 -0
  116. package/dist/checks/architecture/dependencies/index.d.ts +2 -0
  117. package/dist/checks/architecture/dependencies/index.d.ts.map +1 -0
  118. package/dist/checks/architecture/dependencies/index.js +2 -0
  119. package/dist/checks/architecture/dependencies/index.js.map +1 -0
  120. package/dist/checks/architecture/dependencies/no-duplicate-packages.d.ts +11 -0
  121. package/dist/checks/architecture/dependencies/no-duplicate-packages.d.ts.map +1 -0
  122. package/dist/checks/architecture/dependencies/no-duplicate-packages.js +171 -0
  123. package/dist/checks/architecture/dependencies/no-duplicate-packages.js.map +1 -0
  124. package/dist/checks/architecture/docker-best-practices.d.ts +23 -0
  125. package/dist/checks/architecture/docker-best-practices.d.ts.map +1 -0
  126. package/dist/checks/architecture/docker-best-practices.js +427 -0
  127. package/dist/checks/architecture/docker-best-practices.js.map +1 -0
  128. package/dist/checks/architecture/docker-ignore-validation.d.ts +18 -0
  129. package/dist/checks/architecture/docker-ignore-validation.d.ts.map +1 -0
  130. package/dist/checks/architecture/docker-ignore-validation.js +117 -0
  131. package/dist/checks/architecture/docker-ignore-validation.js.map +1 -0
  132. package/dist/checks/architecture/docker-version-sync.d.ts +16 -0
  133. package/dist/checks/architecture/docker-version-sync.d.ts.map +1 -0
  134. package/dist/checks/architecture/docker-version-sync.js +193 -0
  135. package/dist/checks/architecture/docker-version-sync.js.map +1 -0
  136. package/dist/checks/architecture/env-var-validation.d.ts +14 -0
  137. package/dist/checks/architecture/env-var-validation.d.ts.map +1 -0
  138. package/dist/checks/architecture/env-var-validation.js +289 -0
  139. package/dist/checks/architecture/env-var-validation.js.map +1 -0
  140. package/dist/checks/architecture/heavy-import-detection.d.ts +11 -0
  141. package/dist/checks/architecture/heavy-import-detection.d.ts.map +1 -0
  142. package/dist/checks/architecture/heavy-import-detection.js +91 -0
  143. package/dist/checks/architecture/heavy-import-detection.js.map +1 -0
  144. package/dist/checks/architecture/index.d.ts +16 -0
  145. package/dist/checks/architecture/index.d.ts.map +1 -0
  146. package/dist/checks/architecture/index.js +16 -0
  147. package/dist/checks/architecture/index.js.map +1 -0
  148. package/dist/checks/architecture/modules/empty-package-detection.d.ts +11 -0
  149. package/dist/checks/architecture/modules/empty-package-detection.d.ts.map +1 -0
  150. package/dist/checks/architecture/modules/empty-package-detection.js +277 -0
  151. package/dist/checks/architecture/modules/empty-package-detection.js.map +1 -0
  152. package/dist/checks/architecture/modules/index.d.ts +3 -0
  153. package/dist/checks/architecture/modules/index.d.ts.map +1 -0
  154. package/dist/checks/architecture/modules/index.js +3 -0
  155. package/dist/checks/architecture/modules/index.js.map +1 -0
  156. package/dist/checks/architecture/modules/interface-implementation-consistency.d.ts +12 -0
  157. package/dist/checks/architecture/modules/interface-implementation-consistency.d.ts.map +1 -0
  158. package/dist/checks/architecture/modules/interface-implementation-consistency.js +555 -0
  159. package/dist/checks/architecture/modules/interface-implementation-consistency.js.map +1 -0
  160. package/dist/checks/architecture/no-custom-event-emitter.d.ts +11 -0
  161. package/dist/checks/architecture/no-custom-event-emitter.d.ts.map +1 -0
  162. package/dist/checks/architecture/no-custom-event-emitter.js +123 -0
  163. package/dist/checks/architecture/no-custom-event-emitter.js.map +1 -0
  164. package/dist/checks/architecture/no-kebab-option-indexing.d.ts +33 -0
  165. package/dist/checks/architecture/no-kebab-option-indexing.d.ts.map +1 -0
  166. package/dist/checks/architecture/no-kebab-option-indexing.js +81 -0
  167. package/dist/checks/architecture/no-kebab-option-indexing.js.map +1 -0
  168. package/dist/checks/architecture/node-version-consistency.d.ts +22 -0
  169. package/dist/checks/architecture/node-version-consistency.d.ts.map +1 -0
  170. package/dist/checks/architecture/node-version-consistency.js +225 -0
  171. package/dist/checks/architecture/node-version-consistency.js.map +1 -0
  172. package/dist/checks/architecture/project-readme-existence.d.ts +13 -0
  173. package/dist/checks/architecture/project-readme-existence.d.ts.map +1 -0
  174. package/dist/checks/architecture/project-readme-existence.js +55 -0
  175. package/dist/checks/architecture/project-readme-existence.js.map +1 -0
  176. package/dist/checks/architecture/stale-build-artifacts.d.ts +10 -0
  177. package/dist/checks/architecture/stale-build-artifacts.d.ts.map +1 -0
  178. package/dist/checks/architecture/stale-build-artifacts.js +55 -0
  179. package/dist/checks/architecture/stale-build-artifacts.js.map +1 -0
  180. package/dist/checks/architecture/tool-has-manifest.d.ts +27 -0
  181. package/dist/checks/architecture/tool-has-manifest.d.ts.map +1 -0
  182. package/dist/checks/architecture/tool-has-manifest.js +135 -0
  183. package/dist/checks/architecture/tool-has-manifest.js.map +1 -0
  184. package/dist/checks/architecture/vitest-config-extends-base.d.ts +15 -0
  185. package/dist/checks/architecture/vitest-config-extends-base.d.ts.map +1 -0
  186. package/dist/checks/architecture/vitest-config-extends-base.js +104 -0
  187. package/dist/checks/architecture/vitest-config-extends-base.js.map +1 -0
  188. package/dist/checks/architecture/vitest-config-required-with-tests.d.ts +49 -0
  189. package/dist/checks/architecture/vitest-config-required-with-tests.d.ts.map +1 -0
  190. package/dist/checks/architecture/vitest-config-required-with-tests.js +199 -0
  191. package/dist/checks/architecture/vitest-config-required-with-tests.js.map +1 -0
  192. package/dist/checks/documentation/_directives/eslint.d.ts +9 -0
  193. package/dist/checks/documentation/_directives/eslint.d.ts.map +1 -0
  194. package/dist/checks/documentation/_directives/eslint.js +168 -0
  195. package/dist/checks/documentation/_directives/eslint.js.map +1 -0
  196. package/dist/checks/documentation/_directives/fitness.d.ts +9 -0
  197. package/dist/checks/documentation/_directives/fitness.d.ts.map +1 -0
  198. package/dist/checks/documentation/_directives/fitness.js +64 -0
  199. package/dist/checks/documentation/_directives/fitness.js.map +1 -0
  200. package/dist/checks/documentation/_directives/graph.d.ts +10 -0
  201. package/dist/checks/documentation/_directives/graph.d.ts.map +1 -0
  202. package/dist/checks/documentation/_directives/graph.js +65 -0
  203. package/dist/checks/documentation/_directives/graph.js.map +1 -0
  204. package/dist/checks/documentation/_directives/graph.test.d.ts +2 -0
  205. package/dist/checks/documentation/_directives/graph.test.d.ts.map +1 -0
  206. package/dist/checks/documentation/_directives/graph.test.js +54 -0
  207. package/dist/checks/documentation/_directives/graph.test.js.map +1 -0
  208. package/dist/checks/documentation/_directives/semgrep.d.ts +8 -0
  209. package/dist/checks/documentation/_directives/semgrep.d.ts.map +1 -0
  210. package/dist/checks/documentation/_directives/semgrep.js +72 -0
  211. package/dist/checks/documentation/_directives/semgrep.js.map +1 -0
  212. package/dist/checks/documentation/_directives/types.d.ts +21 -0
  213. package/dist/checks/documentation/_directives/types.d.ts.map +1 -0
  214. package/dist/checks/documentation/_directives/types.js +9 -0
  215. package/dist/checks/documentation/_directives/types.js.map +1 -0
  216. package/dist/checks/documentation/_directives/typescript.d.ts +10 -0
  217. package/dist/checks/documentation/_directives/typescript.d.ts.map +1 -0
  218. package/dist/checks/documentation/_directives/typescript.js +54 -0
  219. package/dist/checks/documentation/_directives/typescript.js.map +1 -0
  220. package/dist/checks/documentation/_public-api-graph.d.ts +30 -0
  221. package/dist/checks/documentation/_public-api-graph.d.ts.map +1 -0
  222. package/dist/checks/documentation/_public-api-graph.js +304 -0
  223. package/dist/checks/documentation/_public-api-graph.js.map +1 -0
  224. package/dist/checks/documentation/directive-audit.d.ts +26 -0
  225. package/dist/checks/documentation/directive-audit.d.ts.map +1 -0
  226. package/dist/checks/documentation/directive-audit.js +144 -0
  227. package/dist/checks/documentation/directive-audit.js.map +1 -0
  228. package/dist/checks/documentation/index.d.ts +3 -0
  229. package/dist/checks/documentation/index.d.ts.map +1 -0
  230. package/dist/checks/documentation/index.js +3 -0
  231. package/dist/checks/documentation/index.js.map +1 -0
  232. package/dist/checks/documentation/public-api-jsdoc.d.ts +10 -0
  233. package/dist/checks/documentation/public-api-jsdoc.d.ts.map +1 -0
  234. package/dist/checks/documentation/public-api-jsdoc.js +131 -0
  235. package/dist/checks/documentation/public-api-jsdoc.js.map +1 -0
  236. package/dist/checks/file-length-limit.d.ts +16 -0
  237. package/dist/checks/file-length-limit.d.ts.map +1 -0
  238. package/dist/checks/file-length-limit.js +47 -0
  239. package/dist/checks/file-length-limit.js.map +1 -0
  240. package/dist/checks/index.d.ts +16 -0
  241. package/dist/checks/index.d.ts.map +1 -0
  242. package/dist/checks/index.js +16 -0
  243. package/dist/checks/index.js.map +1 -0
  244. package/dist/checks/no-todo-comments.d.ts +18 -0
  245. package/dist/checks/no-todo-comments.d.ts.map +1 -0
  246. package/dist/checks/no-todo-comments.js +79 -0
  247. package/dist/checks/no-todo-comments.js.map +1 -0
  248. package/dist/checks/no-unimplemented-markers.d.ts +24 -0
  249. package/dist/checks/no-unimplemented-markers.d.ts.map +1 -0
  250. package/dist/checks/no-unimplemented-markers.js +198 -0
  251. package/dist/checks/no-unimplemented-markers.js.map +1 -0
  252. package/dist/checks/quality/api/graphql-offset-pagination.d.ts +9 -0
  253. package/dist/checks/quality/api/graphql-offset-pagination.d.ts.map +1 -0
  254. package/dist/checks/quality/api/graphql-offset-pagination.js +63 -0
  255. package/dist/checks/quality/api/graphql-offset-pagination.js.map +1 -0
  256. package/dist/checks/quality/api/index.d.ts +3 -0
  257. package/dist/checks/quality/api/index.d.ts.map +1 -0
  258. package/dist/checks/quality/api/index.js +3 -0
  259. package/dist/checks/quality/api/index.js.map +1 -0
  260. package/dist/checks/quality/api/zod-openapi-sync.d.ts +13 -0
  261. package/dist/checks/quality/api/zod-openapi-sync.d.ts.map +1 -0
  262. package/dist/checks/quality/api/zod-openapi-sync.js +88 -0
  263. package/dist/checks/quality/api/zod-openapi-sync.js.map +1 -0
  264. package/dist/checks/quality/code-structure/dead-code.d.ts +12 -0
  265. package/dist/checks/quality/code-structure/dead-code.d.ts.map +1 -0
  266. package/dist/checks/quality/code-structure/dead-code.js +238 -0
  267. package/dist/checks/quality/code-structure/dead-code.js.map +1 -0
  268. package/dist/checks/quality/code-structure/index.d.ts +5 -0
  269. package/dist/checks/quality/code-structure/index.d.ts.map +1 -0
  270. package/dist/checks/quality/code-structure/index.js +5 -0
  271. package/dist/checks/quality/code-structure/index.js.map +1 -0
  272. package/dist/checks/quality/code-structure/no-ai-attribution.d.ts +25 -0
  273. package/dist/checks/quality/code-structure/no-ai-attribution.d.ts.map +1 -0
  274. package/dist/checks/quality/code-structure/no-ai-attribution.js +76 -0
  275. package/dist/checks/quality/code-structure/no-ai-attribution.js.map +1 -0
  276. package/dist/checks/quality/code-structure/no-console-log.d.ts +17 -0
  277. package/dist/checks/quality/code-structure/no-console-log.d.ts.map +1 -0
  278. package/dist/checks/quality/code-structure/no-console-log.js +106 -0
  279. package/dist/checks/quality/code-structure/no-console-log.js.map +1 -0
  280. package/dist/checks/quality/code-structure/no-process-artifacts.d.ts +25 -0
  281. package/dist/checks/quality/code-structure/no-process-artifacts.d.ts.map +1 -0
  282. package/dist/checks/quality/code-structure/no-process-artifacts.js +104 -0
  283. package/dist/checks/quality/code-structure/no-process-artifacts.js.map +1 -0
  284. package/dist/checks/quality/dependency-version-consistency.d.ts +20 -0
  285. package/dist/checks/quality/dependency-version-consistency.d.ts.map +1 -0
  286. package/dist/checks/quality/dependency-version-consistency.js +266 -0
  287. package/dist/checks/quality/dependency-version-consistency.js.map +1 -0
  288. package/dist/checks/quality/fitness-ignore-hygiene.d.ts +10 -0
  289. package/dist/checks/quality/fitness-ignore-hygiene.d.ts.map +1 -0
  290. package/dist/checks/quality/fitness-ignore-hygiene.js +93 -0
  291. package/dist/checks/quality/fitness-ignore-hygiene.js.map +1 -0
  292. package/dist/checks/quality/frontend/expo-vector-icons.d.ts +13 -0
  293. package/dist/checks/quality/frontend/expo-vector-icons.d.ts.map +1 -0
  294. package/dist/checks/quality/frontend/expo-vector-icons.js +80 -0
  295. package/dist/checks/quality/frontend/expo-vector-icons.js.map +1 -0
  296. package/dist/checks/quality/frontend/image-optimization.d.ts +13 -0
  297. package/dist/checks/quality/frontend/image-optimization.d.ts.map +1 -0
  298. package/dist/checks/quality/frontend/image-optimization.js +166 -0
  299. package/dist/checks/quality/frontend/image-optimization.js.map +1 -0
  300. package/dist/checks/quality/frontend/index.d.ts +4 -0
  301. package/dist/checks/quality/frontend/index.d.ts.map +1 -0
  302. package/dist/checks/quality/frontend/index.js +4 -0
  303. package/dist/checks/quality/frontend/index.js.map +1 -0
  304. package/dist/checks/quality/frontend/navigation-typing.d.ts +12 -0
  305. package/dist/checks/quality/frontend/navigation-typing.d.ts.map +1 -0
  306. package/dist/checks/quality/frontend/navigation-typing.js +77 -0
  307. package/dist/checks/quality/frontend/navigation-typing.js.map +1 -0
  308. package/dist/checks/quality/graph-ignore-hygiene.d.ts +10 -0
  309. package/dist/checks/quality/graph-ignore-hygiene.d.ts.map +1 -0
  310. package/dist/checks/quality/graph-ignore-hygiene.js +95 -0
  311. package/dist/checks/quality/graph-ignore-hygiene.js.map +1 -0
  312. package/dist/checks/quality/graph-ignore-hygiene.test.d.ts +14 -0
  313. package/dist/checks/quality/graph-ignore-hygiene.test.d.ts.map +1 -0
  314. package/dist/checks/quality/graph-ignore-hygiene.test.js +58 -0
  315. package/dist/checks/quality/graph-ignore-hygiene.test.js.map +1 -0
  316. package/dist/checks/quality/index.d.ts +16 -0
  317. package/dist/checks/quality/index.d.ts.map +1 -0
  318. package/dist/checks/quality/index.js +16 -0
  319. package/dist/checks/quality/index.js.map +1 -0
  320. package/dist/checks/quality/linting/eslint-justifications.d.ts +12 -0
  321. package/dist/checks/quality/linting/eslint-justifications.d.ts.map +1 -0
  322. package/dist/checks/quality/linting/eslint-justifications.js +328 -0
  323. package/dist/checks/quality/linting/eslint-justifications.js.map +1 -0
  324. package/dist/checks/quality/linting/index.d.ts +4 -0
  325. package/dist/checks/quality/linting/index.d.ts.map +1 -0
  326. package/dist/checks/quality/linting/index.js +4 -0
  327. package/dist/checks/quality/linting/index.js.map +1 -0
  328. package/dist/checks/quality/linting/semgrep-justifications.d.ts +16 -0
  329. package/dist/checks/quality/linting/semgrep-justifications.d.ts.map +1 -0
  330. package/dist/checks/quality/linting/semgrep-justifications.js +229 -0
  331. package/dist/checks/quality/linting/semgrep-justifications.js.map +1 -0
  332. package/dist/checks/quality/linting/typescript-directive-hygiene.d.ts +12 -0
  333. package/dist/checks/quality/linting/typescript-directive-hygiene.d.ts.map +1 -0
  334. package/dist/checks/quality/linting/typescript-directive-hygiene.js +142 -0
  335. package/dist/checks/quality/linting/typescript-directive-hygiene.js.map +1 -0
  336. package/dist/checks/quality/no-compatibility-layer-names.d.ts +13 -0
  337. package/dist/checks/quality/no-compatibility-layer-names.d.ts.map +1 -0
  338. package/dist/checks/quality/no-compatibility-layer-names.js +100 -0
  339. package/dist/checks/quality/no-compatibility-layer-names.js.map +1 -0
  340. package/dist/checks/quality/no-deprecated-tags.d.ts +11 -0
  341. package/dist/checks/quality/no-deprecated-tags.d.ts.map +1 -0
  342. package/dist/checks/quality/no-deprecated-tags.js +76 -0
  343. package/dist/checks/quality/no-deprecated-tags.js.map +1 -0
  344. package/dist/checks/quality/no-markdown-references.d.ts +16 -0
  345. package/dist/checks/quality/no-markdown-references.d.ts.map +1 -0
  346. package/dist/checks/quality/no-markdown-references.js +145 -0
  347. package/dist/checks/quality/no-markdown-references.js.map +1 -0
  348. package/dist/checks/quality/no-raw-regex-on-code.d.ts +9 -0
  349. package/dist/checks/quality/no-raw-regex-on-code.d.ts.map +1 -0
  350. package/dist/checks/quality/no-raw-regex-on-code.js +61 -0
  351. package/dist/checks/quality/no-raw-regex-on-code.js.map +1 -0
  352. package/dist/checks/quality/no-temporary-workarounds.d.ts +11 -0
  353. package/dist/checks/quality/no-temporary-workarounds.d.ts.map +1 -0
  354. package/dist/checks/quality/no-temporary-workarounds.js +69 -0
  355. package/dist/checks/quality/no-temporary-workarounds.js.map +1 -0
  356. package/dist/checks/quality/no-window-alert.d.ts +19 -0
  357. package/dist/checks/quality/no-window-alert.d.ts.map +1 -0
  358. package/dist/checks/quality/no-window-alert.js +74 -0
  359. package/dist/checks/quality/no-window-alert.js.map +1 -0
  360. package/dist/checks/quality/observability/index.d.ts +2 -0
  361. package/dist/checks/quality/observability/index.d.ts.map +1 -0
  362. package/dist/checks/quality/observability/index.js +2 -0
  363. package/dist/checks/quality/observability/index.js.map +1 -0
  364. package/dist/checks/quality/observability/pino-serializer-coverage.d.ts +15 -0
  365. package/dist/checks/quality/observability/pino-serializer-coverage.d.ts.map +1 -0
  366. package/dist/checks/quality/observability/pino-serializer-coverage.js +209 -0
  367. package/dist/checks/quality/observability/pino-serializer-coverage.js.map +1 -0
  368. package/dist/checks/quality/patterns/async-state-pattern.d.ts +14 -0
  369. package/dist/checks/quality/patterns/async-state-pattern.d.ts.map +1 -0
  370. package/dist/checks/quality/patterns/async-state-pattern.js +80 -0
  371. package/dist/checks/quality/patterns/async-state-pattern.js.map +1 -0
  372. package/dist/checks/quality/patterns/index.d.ts +4 -0
  373. package/dist/checks/quality/patterns/index.d.ts.map +1 -0
  374. package/dist/checks/quality/patterns/index.js +4 -0
  375. package/dist/checks/quality/patterns/index.js.map +1 -0
  376. package/dist/checks/quality/patterns/no-non-null-assertions.d.ts +10 -0
  377. package/dist/checks/quality/patterns/no-non-null-assertions.d.ts.map +1 -0
  378. package/dist/checks/quality/patterns/no-non-null-assertions.js +97 -0
  379. package/dist/checks/quality/patterns/no-non-null-assertions.js.map +1 -0
  380. package/dist/checks/quality/patterns/performance-anti-patterns.d.ts +16 -0
  381. package/dist/checks/quality/patterns/performance-anti-patterns.d.ts.map +1 -0
  382. package/dist/checks/quality/patterns/performance-anti-patterns.js +239 -0
  383. package/dist/checks/quality/patterns/performance-anti-patterns.js.map +1 -0
  384. package/dist/checks/resilience/_helpers/config-validation.d.ts +27 -0
  385. package/dist/checks/resilience/_helpers/config-validation.d.ts.map +1 -0
  386. package/dist/checks/resilience/_helpers/config-validation.js +61 -0
  387. package/dist/checks/resilience/_helpers/config-validation.js.map +1 -0
  388. package/dist/checks/resilience/batch-operations.d.ts +22 -0
  389. package/dist/checks/resilience/batch-operations.d.ts.map +1 -0
  390. package/dist/checks/resilience/batch-operations.js +422 -0
  391. package/dist/checks/resilience/batch-operations.js.map +1 -0
  392. package/dist/checks/resilience/cache-ttl-validation.d.ts +13 -0
  393. package/dist/checks/resilience/cache-ttl-validation.d.ts.map +1 -0
  394. package/dist/checks/resilience/cache-ttl-validation.js +222 -0
  395. package/dist/checks/resilience/cache-ttl-validation.js.map +1 -0
  396. package/dist/checks/resilience/catch-clause-safety.d.ts +12 -0
  397. package/dist/checks/resilience/catch-clause-safety.d.ts.map +1 -0
  398. package/dist/checks/resilience/catch-clause-safety.js +110 -0
  399. package/dist/checks/resilience/catch-clause-safety.js.map +1 -0
  400. package/dist/checks/resilience/dangerous-config-defaults.d.ts +11 -0
  401. package/dist/checks/resilience/dangerous-config-defaults.d.ts.map +1 -0
  402. package/dist/checks/resilience/dangerous-config-defaults.js +304 -0
  403. package/dist/checks/resilience/dangerous-config-defaults.js.map +1 -0
  404. package/dist/checks/resilience/error-code-registration.d.ts +11 -0
  405. package/dist/checks/resilience/error-code-registration.d.ts.map +1 -0
  406. package/dist/checks/resilience/error-code-registration.js +88 -0
  407. package/dist/checks/resilience/error-code-registration.js.map +1 -0
  408. package/dist/checks/resilience/event-patterns.d.ts +21 -0
  409. package/dist/checks/resilience/event-patterns.d.ts.map +1 -0
  410. package/dist/checks/resilience/event-patterns.js +232 -0
  411. package/dist/checks/resilience/event-patterns.js.map +1 -0
  412. package/dist/checks/resilience/exit-code-correctness.d.ts +12 -0
  413. package/dist/checks/resilience/exit-code-correctness.d.ts.map +1 -0
  414. package/dist/checks/resilience/exit-code-correctness.js +107 -0
  415. package/dist/checks/resilience/exit-code-correctness.js.map +1 -0
  416. package/dist/checks/resilience/index.d.ts +18 -0
  417. package/dist/checks/resilience/index.d.ts.map +1 -0
  418. package/dist/checks/resilience/index.js +18 -0
  419. package/dist/checks/resilience/index.js.map +1 -0
  420. package/dist/checks/resilience/no-hardcoded-timeouts.d.ts +10 -0
  421. package/dist/checks/resilience/no-hardcoded-timeouts.d.ts.map +1 -0
  422. package/dist/checks/resilience/no-hardcoded-timeouts.js +291 -0
  423. package/dist/checks/resilience/no-hardcoded-timeouts.js.map +1 -0
  424. package/dist/checks/resilience/no-process-exit-in-finally.d.ts +11 -0
  425. package/dist/checks/resilience/no-process-exit-in-finally.d.ts.map +1 -0
  426. package/dist/checks/resilience/no-process-exit-in-finally.js +89 -0
  427. package/dist/checks/resilience/no-process-exit-in-finally.js.map +1 -0
  428. package/dist/checks/resilience/readline-cleanup.d.ts +11 -0
  429. package/dist/checks/resilience/readline-cleanup.d.ts.map +1 -0
  430. package/dist/checks/resilience/readline-cleanup.js +107 -0
  431. package/dist/checks/resilience/readline-cleanup.js.map +1 -0
  432. package/dist/checks/resilience/recovery-patterns.d.ts +25 -0
  433. package/dist/checks/resilience/recovery-patterns.d.ts.map +1 -0
  434. package/dist/checks/resilience/recovery-patterns.js +273 -0
  435. package/dist/checks/resilience/recovery-patterns.js.map +1 -0
  436. package/dist/checks/resilience/reentrancy-guard.d.ts +12 -0
  437. package/dist/checks/resilience/reentrancy-guard.d.ts.map +1 -0
  438. package/dist/checks/resilience/reentrancy-guard.js +86 -0
  439. package/dist/checks/resilience/reentrancy-guard.js.map +1 -0
  440. package/dist/checks/resilience/retry-config-validation.d.ts +13 -0
  441. package/dist/checks/resilience/retry-config-validation.d.ts.map +1 -0
  442. package/dist/checks/resilience/retry-config-validation.js +159 -0
  443. package/dist/checks/resilience/retry-config-validation.js.map +1 -0
  444. package/dist/checks/resilience/sentry/_helpers/sentry.d.ts +25 -0
  445. package/dist/checks/resilience/sentry/_helpers/sentry.d.ts.map +1 -0
  446. package/dist/checks/resilience/sentry/_helpers/sentry.js +68 -0
  447. package/dist/checks/resilience/sentry/_helpers/sentry.js.map +1 -0
  448. package/dist/checks/resilience/sentry/index.d.ts +8 -0
  449. package/dist/checks/resilience/sentry/index.d.ts.map +1 -0
  450. package/dist/checks/resilience/sentry/index.js +8 -0
  451. package/dist/checks/resilience/sentry/index.js.map +1 -0
  452. package/dist/checks/resilience/sentry/sentry-dsn-configured.d.ts +12 -0
  453. package/dist/checks/resilience/sentry/sentry-dsn-configured.d.ts.map +1 -0
  454. package/dist/checks/resilience/sentry/sentry-dsn-configured.js +55 -0
  455. package/dist/checks/resilience/sentry/sentry-dsn-configured.js.map +1 -0
  456. package/dist/checks/resilience/sentry/sentry-environment-set.d.ts +12 -0
  457. package/dist/checks/resilience/sentry/sentry-environment-set.d.ts.map +1 -0
  458. package/dist/checks/resilience/sentry/sentry-environment-set.js +51 -0
  459. package/dist/checks/resilience/sentry/sentry-environment-set.js.map +1 -0
  460. package/dist/checks/resilience/sentry/sentry-error-boundary.d.ts +12 -0
  461. package/dist/checks/resilience/sentry/sentry-error-boundary.d.ts.map +1 -0
  462. package/dist/checks/resilience/sentry/sentry-error-boundary.js +75 -0
  463. package/dist/checks/resilience/sentry/sentry-error-boundary.js.map +1 -0
  464. package/dist/checks/resilience/sentry/sentry-pii-scrubbing.d.ts +13 -0
  465. package/dist/checks/resilience/sentry/sentry-pii-scrubbing.d.ts.map +1 -0
  466. package/dist/checks/resilience/sentry/sentry-pii-scrubbing.js +125 -0
  467. package/dist/checks/resilience/sentry/sentry-pii-scrubbing.js.map +1 -0
  468. package/dist/checks/resilience/sentry/sentry-release-set.d.ts +12 -0
  469. package/dist/checks/resilience/sentry/sentry-release-set.d.ts.map +1 -0
  470. package/dist/checks/resilience/sentry/sentry-release-set.js +51 -0
  471. package/dist/checks/resilience/sentry/sentry-release-set.js.map +1 -0
  472. package/dist/checks/resilience/sentry/sentry-sample-rate.d.ts +12 -0
  473. package/dist/checks/resilience/sentry/sentry-sample-rate.d.ts.map +1 -0
  474. package/dist/checks/resilience/sentry/sentry-sample-rate.js +78 -0
  475. package/dist/checks/resilience/sentry/sentry-sample-rate.js.map +1 -0
  476. package/dist/checks/resilience/sentry/sentry-source-maps.d.ts +12 -0
  477. package/dist/checks/resilience/sentry/sentry-source-maps.d.ts.map +1 -0
  478. package/dist/checks/resilience/sentry/sentry-source-maps.js +83 -0
  479. package/dist/checks/resilience/sentry/sentry-source-maps.js.map +1 -0
  480. package/dist/checks/resilience/service-patterns.d.ts +18 -0
  481. package/dist/checks/resilience/service-patterns.d.ts.map +1 -0
  482. package/dist/checks/resilience/service-patterns.js +230 -0
  483. package/dist/checks/resilience/service-patterns.js.map +1 -0
  484. package/dist/checks/resilience/timer-lifecycle.d.ts +10 -0
  485. package/dist/checks/resilience/timer-lifecycle.d.ts.map +1 -0
  486. package/dist/checks/resilience/timer-lifecycle.js +78 -0
  487. package/dist/checks/resilience/timer-lifecycle.js.map +1 -0
  488. package/dist/checks/resilience/transaction-patterns.d.ts +21 -0
  489. package/dist/checks/resilience/transaction-patterns.d.ts.map +1 -0
  490. package/dist/checks/resilience/transaction-patterns.js +258 -0
  491. package/dist/checks/resilience/transaction-patterns.js.map +1 -0
  492. package/dist/checks/security/__tests__/no-hardcoded-secrets.test.d.ts +9 -0
  493. package/dist/checks/security/__tests__/no-hardcoded-secrets.test.d.ts.map +1 -0
  494. package/dist/checks/security/__tests__/no-hardcoded-secrets.test.js +37 -0
  495. package/dist/checks/security/__tests__/no-hardcoded-secrets.test.js.map +1 -0
  496. package/dist/checks/security/__tests__/package-supply-chain-policy.test.d.ts +2 -0
  497. package/dist/checks/security/__tests__/package-supply-chain-policy.test.d.ts.map +1 -0
  498. package/dist/checks/security/__tests__/package-supply-chain-policy.test.js +128 -0
  499. package/dist/checks/security/__tests__/package-supply-chain-policy.test.js.map +1 -0
  500. package/dist/checks/security/api-key-rotation.d.ts +10 -0
  501. package/dist/checks/security/api-key-rotation.d.ts.map +1 -0
  502. package/dist/checks/security/api-key-rotation.js +186 -0
  503. package/dist/checks/security/api-key-rotation.js.map +1 -0
  504. package/dist/checks/security/auth-middleware-coverage.d.ts +11 -0
  505. package/dist/checks/security/auth-middleware-coverage.d.ts.map +1 -0
  506. package/dist/checks/security/auth-middleware-coverage.js +210 -0
  507. package/dist/checks/security/auth-middleware-coverage.js.map +1 -0
  508. package/dist/checks/security/auth-route-guard.d.ts +12 -0
  509. package/dist/checks/security/auth-route-guard.d.ts.map +1 -0
  510. package/dist/checks/security/auth-route-guard.js +70 -0
  511. package/dist/checks/security/auth-route-guard.js.map +1 -0
  512. package/dist/checks/security/cors-configuration.d.ts +11 -0
  513. package/dist/checks/security/cors-configuration.d.ts.map +1 -0
  514. package/dist/checks/security/cors-configuration.js +126 -0
  515. package/dist/checks/security/cors-configuration.js.map +1 -0
  516. package/dist/checks/security/csp-headers.d.ts +11 -0
  517. package/dist/checks/security/csp-headers.d.ts.map +1 -0
  518. package/dist/checks/security/csp-headers.js +192 -0
  519. package/dist/checks/security/csp-headers.js.map +1 -0
  520. package/dist/checks/security/dependency-vulnerability-audit.d.ts +15 -0
  521. package/dist/checks/security/dependency-vulnerability-audit.d.ts.map +1 -0
  522. package/dist/checks/security/dependency-vulnerability-audit.js +184 -0
  523. package/dist/checks/security/dependency-vulnerability-audit.js.map +1 -0
  524. package/dist/checks/security/env-secret-exposure.d.ts +11 -0
  525. package/dist/checks/security/env-secret-exposure.d.ts.map +1 -0
  526. package/dist/checks/security/env-secret-exposure.js +127 -0
  527. package/dist/checks/security/env-secret-exposure.js.map +1 -0
  528. package/dist/checks/security/hasura-production-config.d.ts +11 -0
  529. package/dist/checks/security/hasura-production-config.d.ts.map +1 -0
  530. package/dist/checks/security/hasura-production-config.js +122 -0
  531. package/dist/checks/security/hasura-production-config.js.map +1 -0
  532. package/dist/checks/security/index.d.ts +17 -0
  533. package/dist/checks/security/index.d.ts.map +1 -0
  534. package/dist/checks/security/index.js +17 -0
  535. package/dist/checks/security/index.js.map +1 -0
  536. package/dist/checks/security/jwt-validation.d.ts +11 -0
  537. package/dist/checks/security/jwt-validation.d.ts.map +1 -0
  538. package/dist/checks/security/jwt-validation.js +294 -0
  539. package/dist/checks/security/jwt-validation.js.map +1 -0
  540. package/dist/checks/security/no-eval.d.ts +16 -0
  541. package/dist/checks/security/no-eval.d.ts.map +1 -0
  542. package/dist/checks/security/no-eval.js +83 -0
  543. package/dist/checks/security/no-eval.js.map +1 -0
  544. package/dist/checks/security/no-hardcoded-secrets.d.ts +28 -0
  545. package/dist/checks/security/no-hardcoded-secrets.d.ts.map +1 -0
  546. package/dist/checks/security/no-hardcoded-secrets.js +209 -0
  547. package/dist/checks/security/no-hardcoded-secrets.js.map +1 -0
  548. package/dist/checks/security/package-supply-chain-policy.d.ts +12 -0
  549. package/dist/checks/security/package-supply-chain-policy.d.ts.map +1 -0
  550. package/dist/checks/security/package-supply-chain-policy.js +534 -0
  551. package/dist/checks/security/package-supply-chain-policy.js.map +1 -0
  552. package/dist/checks/security/rate-limit-coverage.d.ts +10 -0
  553. package/dist/checks/security/rate-limit-coverage.d.ts.map +1 -0
  554. package/dist/checks/security/rate-limit-coverage.js +143 -0
  555. package/dist/checks/security/rate-limit-coverage.js.map +1 -0
  556. package/dist/checks/security/semgrep-scan.d.ts +13 -0
  557. package/dist/checks/security/semgrep-scan.d.ts.map +1 -0
  558. package/dist/checks/security/semgrep-scan.js +86 -0
  559. package/dist/checks/security/semgrep-scan.js.map +1 -0
  560. package/dist/checks/security/use-centralized-crypto.d.ts +11 -0
  561. package/dist/checks/security/use-centralized-crypto.d.ts.map +1 -0
  562. package/dist/checks/security/use-centralized-crypto.js +129 -0
  563. package/dist/checks/security/use-centralized-crypto.js.map +1 -0
  564. package/dist/checks/security/webhook-signature-verification.d.ts +10 -0
  565. package/dist/checks/security/webhook-signature-verification.d.ts.map +1 -0
  566. package/dist/checks/security/webhook-signature-verification.js +183 -0
  567. package/dist/checks/security/webhook-signature-verification.js.map +1 -0
  568. package/dist/checks/testing/index.d.ts +6 -0
  569. package/dist/checks/testing/index.d.ts.map +1 -0
  570. package/dist/checks/testing/index.js +6 -0
  571. package/dist/checks/testing/index.js.map +1 -0
  572. package/dist/checks/testing/no-skipped-tests.d.ts +40 -0
  573. package/dist/checks/testing/no-skipped-tests.d.ts.map +1 -0
  574. package/dist/checks/testing/no-skipped-tests.js +174 -0
  575. package/dist/checks/testing/no-skipped-tests.js.map +1 -0
  576. package/dist/checks/testing/no-stub-tests.d.ts +11 -0
  577. package/dist/checks/testing/no-stub-tests.d.ts.map +1 -0
  578. package/dist/checks/testing/no-stub-tests.js +103 -0
  579. package/dist/checks/testing/no-stub-tests.js.map +1 -0
  580. package/dist/checks/testing/test-convention-consistency.d.ts +14 -0
  581. package/dist/checks/testing/test-convention-consistency.d.ts.map +1 -0
  582. package/dist/checks/testing/test-convention-consistency.js +93 -0
  583. package/dist/checks/testing/test-convention-consistency.js.map +1 -0
  584. package/dist/checks/testing/test-file-naming.d.ts +13 -0
  585. package/dist/checks/testing/test-file-naming.d.ts.map +1 -0
  586. package/dist/checks/testing/test-file-naming.js +218 -0
  587. package/dist/checks/testing/test-file-naming.js.map +1 -0
  588. package/dist/checks/testing/test-file-pairing.d.ts +13 -0
  589. package/dist/checks/testing/test-file-pairing.d.ts.map +1 -0
  590. package/dist/checks/testing/test-file-pairing.js +274 -0
  591. package/dist/checks/testing/test-file-pairing.js.map +1 -0
  592. package/dist/display/architecture.d.ts +9 -0
  593. package/dist/display/architecture.d.ts.map +1 -0
  594. package/dist/display/architecture.js +29 -0
  595. package/dist/display/architecture.js.map +1 -0
  596. package/dist/display/index.d.ts +20 -0
  597. package/dist/display/index.d.ts.map +1 -0
  598. package/dist/display/index.js +30 -0
  599. package/dist/display/index.js.map +1 -0
  600. package/dist/display/quality.d.ts +7 -0
  601. package/dist/display/quality.d.ts.map +1 -0
  602. package/dist/display/quality.js +34 -0
  603. package/dist/display/quality.js.map +1 -0
  604. package/dist/display/resilience.d.ts +7 -0
  605. package/dist/display/resilience.d.ts.map +1 -0
  606. package/dist/display/resilience.js +36 -0
  607. package/dist/display/resilience.js.map +1 -0
  608. package/dist/display/security-testing.d.ts +9 -0
  609. package/dist/display/security-testing.d.ts.map +1 -0
  610. package/dist/display/security-testing.js +31 -0
  611. package/dist/display/security-testing.js.map +1 -0
  612. package/dist/display/types.d.ts +6 -0
  613. package/dist/display/types.d.ts.map +1 -0
  614. package/dist/display/types.js +6 -0
  615. package/dist/display/types.js.map +1 -0
  616. package/dist/index.d.ts +19 -0
  617. package/dist/index.d.ts.map +1 -0
  618. package/dist/index.js +21 -0
  619. package/dist/index.js.map +1 -0
  620. package/package.json +52 -0
@@ -0,0 +1,258 @@
1
+ // @fitness-ignore-file transaction-boundary-validation -- Transaction boundaries appropriate for this use case
2
+ // @fitness-ignore-file unused-config-options -- Config options reserved for future use or environment-specific
3
+ /**
4
+ * @fileoverview Transaction handling resilience checks
5
+ */
6
+ import { logger } from '@opensip-cli/core';
7
+ import { defineCheck, isTestFile, getLineNumber } from '@opensip-cli/fitness';
8
+ // =============================================================================
9
+ // TRANSACTION BOUNDARY VALIDATION
10
+ // =============================================================================
11
+ /**
12
+ * Patterns indicating transaction usage.
13
+ * Uses `g` flag for patterns used in while(exec()) loops.
14
+ * Note: Patterns must be specific enough to avoid false positives on
15
+ * unrelated uses of similar words (e.g., "Transactional" SMS type in AWS SNS).
16
+ */
17
+ const TRANSACTION_PATTERNS = [
18
+ /\.transaction\s*\(/g,
19
+ /\.beginTransaction\s*\(/g,
20
+ /\.startTransaction\s*\(/g,
21
+ /BEGIN\s+TRANSACTION/gi,
22
+ /@Transaction\b/g,
23
+ /@Transactional\b/g, // Match decorator only, not SMS type configurations
24
+ /queryRunner\.startTransaction/g,
25
+ ];
26
+ /**
27
+ * Patterns indicating proper transaction handling
28
+ */
29
+ const PROPER_TRANSACTION_PATTERNS = [
30
+ /\.commit\s*\(\)/,
31
+ /\.rollback\s*\(\)/,
32
+ /COMMIT/i,
33
+ /ROLLBACK/i,
34
+ ];
35
+ /**
36
+ * Patterns indicating async operations inside transactions (risky).
37
+ * Uses `g` flag for patterns used in while(exec()) loops.
38
+ */
39
+ const ASYNC_IN_TRANSACTION_PATTERNS = [
40
+ /await.*?fetch\s*\(/g,
41
+ /await.*?http/gi,
42
+ /await.*?request\s*\(/g,
43
+ /await.*?\.publish\s*\(/g, // Event publishing
44
+ /await.*?\.send\s*\(/g, // Message sending
45
+ ];
46
+ /**
47
+ * Patterns indicating transaction timeout configuration
48
+ */
49
+ const TIMEOUT_PATTERNS = [
50
+ /transactionTimeout/i,
51
+ /queryTimeout/i,
52
+ /statementTimeout/i,
53
+ /lockTimeout/i,
54
+ ];
55
+ /**
56
+ * Check if a line is a simple delegation pattern like:
57
+ * return this.repository.transaction(work);
58
+ * These delegate transaction management to another layer.
59
+ */
60
+ function isTransactionDelegation(content, matchIndex) {
61
+ logger.debug({
62
+ evt: 'fitness.checks.transaction_patterns.is_transaction_delegation',
63
+ msg: 'Checking if transaction usage is a delegation pattern',
64
+ });
65
+ // Find the start of the line containing the match
66
+ let lineStart = content.lastIndexOf('\n', matchIndex);
67
+ if (lineStart === -1)
68
+ lineStart = 0;
69
+ else
70
+ lineStart++; // Move past the newline
71
+ // Find the end of the line
72
+ let lineEnd = content.indexOf('\n', matchIndex);
73
+ if (lineEnd === -1)
74
+ lineEnd = content.length;
75
+ const line = content.slice(lineStart, lineEnd).trim();
76
+ // Simple delegation pattern: return (await?) this.something.transaction(...);
77
+ // or: return (await?) something.transaction(...);
78
+ return /^\s*return\s+(await\s+)?(?:this\.)?\w+\.transaction\s*\(/.test(line);
79
+ }
80
+ /**
81
+ * Detect callback-style transactions: `.transaction((tx) => { ... })` or
82
+ * `.transaction(async (tx) => { ... })`. The callback model commits on
83
+ * normal return and rolls back on throw — no manual commit/rollback
84
+ * needed. Used by drizzle, better-sqlite3, knex, and our own DataStore.
85
+ */
86
+ function isCallbackStyleTransaction(content, matchIndex) {
87
+ // Look at the slice starting at the match for callback signatures.
88
+ // Bounded window keeps this O(1) per match.
89
+ const window = content.slice(matchIndex, matchIndex + 200);
90
+ return (/\.(?:transaction|beginTransaction|startTransaction)\s*\(\s*(?:async\s+)?(?:\([^)]{0,80}\)|\w+)\s*=>/.test(window) ||
91
+ /\.(?:transaction|beginTransaction|startTransaction)\s*\(\s*(?:async\s+)?function\b/.test(window));
92
+ }
93
+ function findUncommittedTransactionViolations(content, filePath) {
94
+ logger.debug({
95
+ evt: 'fitness.checks.transaction_patterns.find_uncommitted_transaction_violations',
96
+ msg: 'Searching for uncommitted transaction violations',
97
+ });
98
+ const violations = [];
99
+ for (const pattern of TRANSACTION_PATTERNS) {
100
+ pattern.lastIndex = 0;
101
+ let match;
102
+ while ((match = pattern.exec(content)) !== null) {
103
+ const isSkippable = match[0].includes('@') ||
104
+ isTransactionDelegation(content, match.index) ||
105
+ isCallbackStyleTransaction(content, match.index);
106
+ if (isSkippable) {
107
+ continue;
108
+ }
109
+ violations.push({
110
+ line: getLineNumber(content, match.index),
111
+ column: 0,
112
+ message: 'Transaction may not be properly committed or rolled back',
113
+ severity: 'warning',
114
+ suggestion: 'Ensure all code paths commit or rollback the transaction. Use try/finally: try { await queryRunner.commitTransaction(); } catch { await queryRunner.rollbackTransaction(); } finally { await queryRunner.release(); }',
115
+ match: match[0],
116
+ type: 'uncommitted-transaction',
117
+ filePath,
118
+ });
119
+ }
120
+ }
121
+ return violations;
122
+ }
123
+ function findAsyncInTransactionViolations(content, filePath) {
124
+ logger.debug({
125
+ evt: 'fitness.checks.transaction_patterns.find_async_in_transaction_violations',
126
+ msg: 'Searching for async operations inside transactions',
127
+ });
128
+ const violations = [];
129
+ for (const pattern of ASYNC_IN_TRANSACTION_PATTERNS) {
130
+ pattern.lastIndex = 0;
131
+ let match;
132
+ while ((match = pattern.exec(content)) !== null) {
133
+ const beforeMatch = content.slice(0, Math.max(0, match.index));
134
+ const hasOpenTransaction = TRANSACTION_PATTERNS.some((p) => p.test(beforeMatch.slice(-500)));
135
+ if (!hasOpenTransaction) {
136
+ continue;
137
+ }
138
+ violations.push({
139
+ line: getLineNumber(content, match.index),
140
+ column: 0,
141
+ message: 'Async operation inside transaction may cause long locks',
142
+ severity: 'warning',
143
+ suggestion: 'Move network/external calls outside transaction boundary. Collect data first, then start transaction for DB writes only. Publish events after commit.',
144
+ match: match[0],
145
+ type: 'async-in-transaction',
146
+ filePath,
147
+ });
148
+ }
149
+ }
150
+ return violations;
151
+ }
152
+ /**
153
+ * Check: resilience/transaction-boundary-validation
154
+ *
155
+ * Validates transaction boundaries are properly managed:
156
+ * - Transactions are committed or rolled back
157
+ * - No async operations inside transactions that could cause long locks
158
+ * - Proper error handling in transaction blocks
159
+ */
160
+ export const transactionBoundaryValidation = defineCheck({
161
+ id: '77c69adc-7ccd-4f83-98d1-fb9599d3e16f',
162
+ slug: 'transaction-boundary-validation',
163
+ scope: { languages: ['typescript'], concerns: ['backend', 'server'] },
164
+ contentFilter: 'strip-strings',
165
+ confidence: 'medium',
166
+ description: 'Validate transaction boundaries are properly managed',
167
+ longDescription: `**Purpose:** Ensures database transactions are properly committed/rolled back and do not contain risky async operations that hold locks.
168
+
169
+ **Detects:**
170
+ - Transaction starts (\`.transaction(\`, \`.beginTransaction(\`, \`.startTransaction(\`, \`BEGIN TRANSACTION\`, \`@Transaction\`, \`@Transactional\`, \`queryRunner.startTransaction\`) without corresponding \`.commit()\` or \`.rollback()\`
171
+ - Async operations inside open transactions: \`await...fetch(\`, \`await...http\`, \`await...request(\`, \`await...publish(\`, \`await...send(\` preceded by a transaction start within 500 chars
172
+ - Skips decorator-based transactions and delegation patterns (\`return this.repository.transaction(...)\`)
173
+
174
+ **Why it matters:** Uncommitted transactions leak connections; async calls inside transactions hold database locks and cause deadlocks or timeouts.
175
+
176
+ **Scope:** General best practice. Analyzes each file individually via regex.`,
177
+ tags: ['resilience', 'database', 'transactions'],
178
+ fileTypes: ['ts'],
179
+ analyze(content, filePath) {
180
+ // Test fixtures intentionally exercise transaction boundaries (no
181
+ // commit/rollback, callback throws, etc.) to verify detection logic.
182
+ if (isTestFile(filePath))
183
+ return [];
184
+ const usesTransactions = TRANSACTION_PATTERNS.some((p) => p.test(content));
185
+ if (!usesTransactions) {
186
+ return [];
187
+ }
188
+ const hasProperHandling = PROPER_TRANSACTION_PATTERNS.some((p) => p.test(content));
189
+ const uncommittedViolations = hasProperHandling
190
+ ? []
191
+ : findUncommittedTransactionViolations(content, filePath);
192
+ const asyncViolations = findAsyncInTransactionViolations(content, filePath);
193
+ return [...uncommittedViolations, ...asyncViolations];
194
+ },
195
+ });
196
+ // =============================================================================
197
+ // TRANSACTION TIMEOUT
198
+ // =============================================================================
199
+ /**
200
+ * Check: resilience/transaction-timeout
201
+ *
202
+ * Validates transactions have timeout configurations:
203
+ * - Statement timeouts to prevent long-running queries
204
+ * - Lock timeouts to prevent deadlocks
205
+ */
206
+ export const transactionTimeout = defineCheck({
207
+ id: 'd53a49fd-a3e2-4c35-b07a-81b48e8e0325',
208
+ slug: 'transaction-timeout',
209
+ scope: { languages: ['typescript'], concerns: ['backend', 'server'] },
210
+ description: 'Validate transactions have timeout configurations',
211
+ longDescription: `**Purpose:** Ensures manually managed transactions include timeout configurations to prevent indefinite lock holding.
212
+
213
+ **Detects:**
214
+ - Files using manual transaction management (\`.beginTransaction\`, \`.startTransaction\`, \`queryRunner\`) without timeout keywords (\`transactionTimeout\`, \`queryTimeout\`, \`statementTimeout\`, \`lockTimeout\`)
215
+ - Only flags manual transactions, not ORM decorator-based transactions
216
+
217
+ **Why it matters:** Transactions without timeouts can hold database locks indefinitely during network partitions or slow queries, causing cascading connection pool exhaustion.
218
+
219
+ **Scope:** General best practice. Analyzes each file individually via regex.`,
220
+ tags: ['resilience', 'database', 'timeout'],
221
+ analyze(content, filePath) {
222
+ const violations = [];
223
+ // Check if this file uses transactions
224
+ const usesTransactions = TRANSACTION_PATTERNS.some((p) => p.test(content));
225
+ if (!usesTransactions) {
226
+ return violations;
227
+ }
228
+ // Check for timeout configuration
229
+ const hasTimeout = TIMEOUT_PATTERNS.some((p) => p.test(content));
230
+ // Only flag if using manual transaction management (not ORM decorators)
231
+ const usesManualTransactions = content.includes('.beginTransaction') ||
232
+ content.includes('.startTransaction') ||
233
+ content.includes('queryRunner');
234
+ if (usesManualTransactions && !hasTimeout) {
235
+ // Find the transaction usage for line number
236
+ for (const pattern of TRANSACTION_PATTERNS) {
237
+ pattern.lastIndex = 0;
238
+ const match = pattern.exec(content);
239
+ if (match) {
240
+ const lineNumber = getLineNumber(content, match.index);
241
+ violations.push({
242
+ line: lineNumber,
243
+ column: 0,
244
+ message: 'Transaction without timeout configuration may hang indefinitely',
245
+ severity: 'warning',
246
+ suggestion: 'Configure transactionTimeout or statementTimeout. Example: SET statement_timeout = 30000; or configure in TypeORM: { extra: { statement_timeout: 30000 } }',
247
+ match: match[0],
248
+ type: 'missing-transaction-timeout',
249
+ filePath,
250
+ });
251
+ break;
252
+ }
253
+ }
254
+ }
255
+ return violations;
256
+ },
257
+ });
258
+ //# sourceMappingURL=transaction-patterns.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"transaction-patterns.js","sourceRoot":"","sources":["../../../src/checks/resilience/transaction-patterns.ts"],"names":[],"mappings":"AAAA,+GAA+G;AAC/G,+GAA+G;AAC/G;;GAEG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAC3C,OAAO,EAAE,WAAW,EAAE,UAAU,EAAuB,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAEnG,gFAAgF;AAChF,kCAAkC;AAClC,gFAAgF;AAEhF;;;;;GAKG;AACH,MAAM,oBAAoB,GAAG;IAC3B,qBAAqB;IACrB,0BAA0B;IAC1B,0BAA0B;IAC1B,uBAAuB;IACvB,iBAAiB;IACjB,mBAAmB,EAAE,oDAAoD;IACzE,gCAAgC;CACjC,CAAC;AAEF;;GAEG;AACH,MAAM,2BAA2B,GAAG;IAClC,iBAAiB;IACjB,mBAAmB;IACnB,SAAS;IACT,WAAW;CACZ,CAAC;AAEF;;;GAGG;AACH,MAAM,6BAA6B,GAAG;IACpC,qBAAqB;IACrB,gBAAgB;IAChB,uBAAuB;IACvB,yBAAyB,EAAE,mBAAmB;IAC9C,sBAAsB,EAAE,kBAAkB;CAC3C,CAAC;AAEF;;GAEG;AACH,MAAM,gBAAgB,GAAG;IACvB,qBAAqB;IACrB,eAAe;IACf,mBAAmB;IACnB,cAAc;CACf,CAAC;AAEF;;;;GAIG;AACH,SAAS,uBAAuB,CAAC,OAAe,EAAE,UAAkB;IAClE,MAAM,CAAC,KAAK,CAAC;QACX,GAAG,EAAE,+DAA+D;QACpE,GAAG,EAAE,uDAAuD;KAC7D,CAAC,CAAC;IACH,kDAAkD;IAClD,IAAI,SAAS,GAAG,OAAO,CAAC,WAAW,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;IACtD,IAAI,SAAS,KAAK,CAAC,CAAC;QAAE,SAAS,GAAG,CAAC,CAAC;;QAC/B,SAAS,EAAE,CAAC,CAAC,wBAAwB;IAE1C,2BAA2B;IAC3B,IAAI,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;IAChD,IAAI,OAAO,KAAK,CAAC,CAAC;QAAE,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC;IAE7C,MAAM,IAAI,GAAG,OAAO,CAAC,KAAK,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;IAEtD,8EAA8E;IAC9E,kDAAkD;IAClD,OAAO,0DAA0D,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC/E,CAAC;AAED;;;;;GAKG;AACH,SAAS,0BAA0B,CAAC,OAAe,EAAE,UAAkB;IACrE,mEAAmE;IACnE,4CAA4C;IAC5C,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,UAAU,EAAE,UAAU,GAAG,GAAG,CAAC,CAAC;IAC3D,OAAO,CACL,qGAAqG,CAAC,IAAI,CACxG,MAAM,CACP;QACD,oFAAoF,CAAC,IAAI,CACvF,MAAM,CACP,CACF,CAAC;AACJ,CAAC;AAED,SAAS,oCAAoC,CAAC,OAAe,EAAE,QAAgB;IAC7E,MAAM,CAAC,KAAK,CAAC;QACX,GAAG,EAAE,6EAA6E;QAClF,GAAG,EAAE,kDAAkD;KACxD,CAAC,CAAC;IACH,MAAM,UAAU,GAAqB,EAAE,CAAC;IAExC,KAAK,MAAM,OAAO,IAAI,oBAAoB,EAAE,CAAC;QAC3C,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;QACtB,IAAI,KAAK,CAAC;QACV,OAAO,CAAC,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAChD,MAAM,WAAW,GACf,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC;gBACtB,uBAAuB,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC;gBAC7C,0BAA0B,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;YACnD,IAAI,WAAW,EAAE,CAAC;gBAChB,SAAS;YACX,CAAC;YAED,UAAU,CAAC,IAAI,CAAC;gBACd,IAAI,EAAE,aAAa,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC;gBACzC,MAAM,EAAE,CAAC;gBACT,OAAO,EAAE,0DAA0D;gBACnE,QAAQ,EAAE,SAAS;gBACnB,UAAU,EACR,uNAAuN;gBACzN,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;gBACf,IAAI,EAAE,yBAAyB;gBAC/B,QAAQ;aACT,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,SAAS,gCAAgC,CAAC,OAAe,EAAE,QAAgB;IACzE,MAAM,CAAC,KAAK,CAAC;QACX,GAAG,EAAE,0EAA0E;QAC/E,GAAG,EAAE,oDAAoD;KAC1D,CAAC,CAAC;IACH,MAAM,UAAU,GAAqB,EAAE,CAAC;IAExC,KAAK,MAAM,OAAO,IAAI,6BAA6B,EAAE,CAAC;QACpD,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;QACtB,IAAI,KAAK,CAAC;QACV,OAAO,CAAC,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAChD,MAAM,WAAW,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC;YAC/D,MAAM,kBAAkB,GAAG,oBAAoB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YAE7F,IAAI,CAAC,kBAAkB,EAAE,CAAC;gBACxB,SAAS;YACX,CAAC;YAED,UAAU,CAAC,IAAI,CAAC;gBACd,IAAI,EAAE,aAAa,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC;gBACzC,MAAM,EAAE,CAAC;gBACT,OAAO,EAAE,yDAAyD;gBAClE,QAAQ,EAAE,SAAS;gBACnB,UAAU,EACR,uJAAuJ;gBACzJ,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;gBACf,IAAI,EAAE,sBAAsB;gBAC5B,QAAQ;aACT,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,6BAA6B,GAAG,WAAW,CAAC;IACvD,EAAE,EAAE,sCAAsC;IAC1C,IAAI,EAAE,iCAAiC;IACvC,KAAK,EAAE,EAAE,SAAS,EAAE,CAAC,YAAY,CAAC,EAAE,QAAQ,EAAE,CAAC,SAAS,EAAE,QAAQ,CAAC,EAAE;IACrE,aAAa,EAAE,eAAe;IAE9B,UAAU,EAAE,QAAQ;IACpB,WAAW,EAAE,sDAAsD;IACnE,eAAe,EAAE;;;;;;;;;6EAS0D;IAC3E,IAAI,EAAE,CAAC,YAAY,EAAE,UAAU,EAAE,cAAc,CAAC;IAChD,SAAS,EAAE,CAAC,IAAI,CAAC;IAEjB,OAAO,CAAC,OAAe,EAAE,QAAgB;QACvC,kEAAkE;QAClE,qEAAqE;QACrE,IAAI,UAAU,CAAC,QAAQ,CAAC;YAAE,OAAO,EAAE,CAAC;QAEpC,MAAM,gBAAgB,GAAG,oBAAoB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;QAC3E,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACtB,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,MAAM,iBAAiB,GAAG,2BAA2B,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;QACnF,MAAM,qBAAqB,GAAG,iBAAiB;YAC7C,CAAC,CAAC,EAAE;YACJ,CAAC,CAAC,oCAAoC,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAE5D,MAAM,eAAe,GAAG,gCAAgC,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAE5E,OAAO,CAAC,GAAG,qBAAqB,EAAE,GAAG,eAAe,CAAC,CAAC;IACxD,CAAC;CACF,CAAC,CAAC;AAEH,gFAAgF;AAChF,sBAAsB;AACtB,gFAAgF;AAEhF;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG,WAAW,CAAC;IAC5C,EAAE,EAAE,sCAAsC;IAC1C,IAAI,EAAE,qBAAqB;IAC3B,KAAK,EAAE,EAAE,SAAS,EAAE,CAAC,YAAY,CAAC,EAAE,QAAQ,EAAE,CAAC,SAAS,EAAE,QAAQ,CAAC,EAAE;IACrE,WAAW,EAAE,mDAAmD;IAChE,eAAe,EAAE;;;;;;;;6EAQ0D;IAC3E,IAAI,EAAE,CAAC,YAAY,EAAE,UAAU,EAAE,SAAS,CAAC;IAE3C,OAAO,CAAC,OAAe,EAAE,QAAgB;QACvC,MAAM,UAAU,GAAqB,EAAE,CAAC;QAExC,uCAAuC;QACvC,MAAM,gBAAgB,GAAG,oBAAoB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;QAC3E,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACtB,OAAO,UAAU,CAAC;QACpB,CAAC;QAED,kCAAkC;QAClC,MAAM,UAAU,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;QAEjE,wEAAwE;QACxE,MAAM,sBAAsB,GAC1B,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAC;YACrC,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAC;YACrC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAElC,IAAI,sBAAsB,IAAI,CAAC,UAAU,EAAE,CAAC;YAC1C,6CAA6C;YAC7C,KAAK,MAAM,OAAO,IAAI,oBAAoB,EAAE,CAAC;gBAC3C,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;gBACtB,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBACpC,IAAI,KAAK,EAAE,CAAC;oBACV,MAAM,UAAU,GAAG,aAAa,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;oBACvD,UAAU,CAAC,IAAI,CAAC;wBACd,IAAI,EAAE,UAAU;wBAChB,MAAM,EAAE,CAAC;wBACT,OAAO,EAAE,iEAAiE;wBAC1E,QAAQ,EAAE,SAAS;wBACnB,UAAU,EACR,4JAA4J;wBAC9J,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;wBACf,IAAI,EAAE,6BAA6B;wBACnC,QAAQ;qBACT,CAAC,CAAC;oBACH,MAAM;gBACR,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,UAAU,CAAC;IACpB,CAAC;CACF,CAAC,CAAC"}
@@ -0,0 +1,9 @@
1
+ /**
2
+ * @fileoverview Regression tests for `no-hardcoded-secrets` FP fix.
3
+ *
4
+ * The 1.0.7 release added two filters: (1) skip matches inside a
5
+ * regex literal (the file IS the redactor), (2) skip matches that
6
+ * are redaction placeholders (`***`, `[REDACTED]`, `XXXX`, etc.).
7
+ */
8
+ export {};
9
+ //# sourceMappingURL=no-hardcoded-secrets.test.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"no-hardcoded-secrets.test.d.ts","sourceRoot":"","sources":["../../../../src/checks/security/__tests__/no-hardcoded-secrets.test.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG"}
@@ -0,0 +1,37 @@
1
+ /**
2
+ * @fileoverview Regression tests for `no-hardcoded-secrets` FP fix.
3
+ *
4
+ * The 1.0.7 release added two filters: (1) skip matches inside a
5
+ * regex literal (the file IS the redactor), (2) skip matches that
6
+ * are redaction placeholders (`***`, `[REDACTED]`, `XXXX`, etc.).
7
+ */
8
+ import { describe, expect, it } from 'vitest';
9
+ import { analyzeHardcodedSecrets } from '../no-hardcoded-secrets.js';
10
+ function analyze(src) {
11
+ return analyzeHardcodedSecrets(src, 'test.ts');
12
+ }
13
+ describe('no-hardcoded-secrets — FP regression suite (1.0.7)', () => {
14
+ it('does NOT flag a regex literal that detects PRIVATE KEY blobs', () => {
15
+ // Pre-1.0.7 this fired because the regex pattern body contains
16
+ // "-----BEGIN PRIVATE KEY-----" literally.
17
+ const src = String.raw `
18
+ const REDACTORS = [
19
+ [/-----BEGIN (?:RSA |EC )?PRIVATE KEY-----[\s\S]*?-----END (?:RSA |EC )?PRIVATE KEY-----/g, '-----BEGIN PRIVATE KEY-----***-----END PRIVATE KEY-----'],
20
+ ]
21
+ `;
22
+ expect(analyze(src)).toHaveLength(0);
23
+ });
24
+ it('does NOT flag a redaction placeholder string with ***', () => {
25
+ const src = `
26
+ const REDACTED_KEY = '-----BEGIN PRIVATE KEY-----***-----END PRIVATE KEY-----'
27
+ `;
28
+ expect(analyze(src)).toHaveLength(0);
29
+ });
30
+ it('STILL flags a real PRIVATE KEY literal', () => {
31
+ const src = `
32
+ const KEY = '-----BEGIN PRIVATE KEY-----'
33
+ `;
34
+ expect(analyze(src).length).toBeGreaterThanOrEqual(1);
35
+ });
36
+ });
37
+ //# sourceMappingURL=no-hardcoded-secrets.test.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"no-hardcoded-secrets.test.js","sourceRoot":"","sources":["../../../../src/checks/security/__tests__/no-hardcoded-secrets.test.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAE9C,OAAO,EAAE,uBAAuB,EAAE,MAAM,4BAA4B,CAAC;AAErE,SAAS,OAAO,CAAC,GAAW;IAC1B,OAAO,uBAAuB,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;AACjD,CAAC;AAED,QAAQ,CAAC,oDAAoD,EAAE,GAAG,EAAE;IAClE,EAAE,CAAC,8DAA8D,EAAE,GAAG,EAAE;QACtE,+DAA+D;QAC/D,2CAA2C;QAC3C,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,CAAA;;;;KAIrB,CAAC;QACF,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IACvC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uDAAuD,EAAE,GAAG,EAAE;QAC/D,MAAM,GAAG,GAAG;;KAEX,CAAC;QACF,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IACvC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wCAAwC,EAAE,GAAG,EAAE;QAChD,MAAM,GAAG,GAAG;;KAEX,CAAC;QACF,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,sBAAsB,CAAC,CAAC,CAAC,CAAC;IACxD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
@@ -0,0 +1,2 @@
1
+ export {};
2
+ //# sourceMappingURL=package-supply-chain-policy.test.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"package-supply-chain-policy.test.d.ts","sourceRoot":"","sources":["../../../../src/checks/security/__tests__/package-supply-chain-policy.test.ts"],"names":[],"mappings":""}
@@ -0,0 +1,128 @@
1
+ import { mkdirSync, mkdtempSync, rmSync, writeFileSync } from 'node:fs';
2
+ import { tmpdir } from 'node:os';
3
+ import { dirname, join } from 'node:path';
4
+ import { fileCache } from '@opensip-cli/fitness';
5
+ import { afterEach, describe, expect, it } from 'vitest';
6
+ import { packageSupplyChainPolicy } from '../package-supply-chain-policy.js';
7
+ function makeProject() {
8
+ return mkdtempSync(join(tmpdir(), 'supply-chain-policy-'));
9
+ }
10
+ function writeFixture(cwd, relPath, content) {
11
+ const abs = join(cwd, relPath);
12
+ mkdirSync(dirname(abs), { recursive: true });
13
+ writeFileSync(abs, content, 'utf8');
14
+ return abs;
15
+ }
16
+ async function runPolicy(cwd) {
17
+ return packageSupplyChainPolicy.run(cwd, {
18
+ targetFiles: [join(cwd, 'package.json')],
19
+ });
20
+ }
21
+ afterEach(() => {
22
+ fileCache.clear();
23
+ });
24
+ describe('package-supply-chain-policy', () => {
25
+ it('accepts a hardened pnpm project', async () => {
26
+ const cwd = makeProject();
27
+ try {
28
+ writeFixture(cwd, 'package.json', JSON.stringify({
29
+ name: 'clean-app',
30
+ private: true,
31
+ packageManager: 'pnpm@11.5.1+sha512.abc123',
32
+ dependencies: { yaml: '^2.9.0' },
33
+ }, null, 2));
34
+ writeFixture(cwd, 'pnpm-lock.yaml', [
35
+ "lockfileVersion: '9.0'",
36
+ 'packages:',
37
+ ' yaml@2.9.0:',
38
+ ' resolution: {integrity: sha512-clean}',
39
+ ].join('\n'));
40
+ writeFixture(cwd, 'pnpm-workspace.yaml', [
41
+ 'packages:',
42
+ ' - "."',
43
+ 'allowBuilds:',
44
+ ' esbuild: false',
45
+ 'minimumReleaseAge: 1440',
46
+ 'minimumReleaseAgeStrict: true',
47
+ 'minimumReleaseAgeIgnoreMissingTime: false',
48
+ 'trustPolicy: no-downgrade',
49
+ 'trustLockfile: false',
50
+ 'blockExoticSubdeps: true',
51
+ ].join('\n'));
52
+ writeFixture(cwd, '.github/workflows/ci.yml', [
53
+ 'name: CI',
54
+ 'jobs:',
55
+ ' test:',
56
+ ' steps:',
57
+ ' - run: pnpm install --frozen-lockfile',
58
+ ].join('\n'));
59
+ const result = await runPolicy(cwd);
60
+ expect(result.signals).toHaveLength(0);
61
+ }
62
+ finally {
63
+ rmSync(cwd, { recursive: true, force: true });
64
+ }
65
+ });
66
+ it('flags missing pins, mutable installs, install hooks, tokens, and exotic dependencies', async () => {
67
+ const cwd = makeProject();
68
+ try {
69
+ writeFixture(cwd, 'package.json', JSON.stringify({
70
+ name: 'weak-app',
71
+ version: '1.0.0',
72
+ scripts: { postinstall: 'node setup.js' },
73
+ dependencies: { 'left-pad': 'github:example/left-pad' },
74
+ }, null, 2));
75
+ writeFixture(cwd, '.github/workflows/release.yml', [
76
+ 'name: Release',
77
+ 'jobs:',
78
+ ' publish:',
79
+ ' steps:',
80
+ ' - run: npm install',
81
+ ' - run: npm publish',
82
+ ' env:',
83
+ ' NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}',
84
+ ].join('\n'));
85
+ const result = await runPolicy(cwd);
86
+ const types = result.signals.map((signal) => signal.metadata.type);
87
+ expect(types).toContain('package-manager-missing');
88
+ expect(types).toContain('lockfile-missing');
89
+ expect(types).toContain('exotic-dependency-source');
90
+ expect(types).toContain('install-lifecycle-script');
91
+ expect(types).toContain('ci-install-not-frozen');
92
+ expect(types).toContain('trusted-publishing-missing-oidc');
93
+ expect(types).toContain('publish-provenance-missing');
94
+ expect(types).toContain('publish-token-exposure');
95
+ }
96
+ finally {
97
+ rmSync(cwd, { recursive: true, force: true });
98
+ }
99
+ });
100
+ it('flags remote package-lock entries that lack integrity', async () => {
101
+ const cwd = makeProject();
102
+ try {
103
+ writeFixture(cwd, 'package.json', JSON.stringify({
104
+ name: 'npm-app',
105
+ private: true,
106
+ packageManager: 'npm@11.16.0',
107
+ }, null, 2));
108
+ writeFixture(cwd, '.npmrc', ['ignore-scripts=true', 'min-release-age=7'].join('\n'));
109
+ writeFixture(cwd, 'package-lock.json', JSON.stringify({
110
+ lockfileVersion: 3,
111
+ packages: {
112
+ 'node_modules/bad': {
113
+ version: '1.0.0',
114
+ resolved: 'https://registry.npmjs.org/bad/-/bad-1.0.0.tgz',
115
+ },
116
+ },
117
+ }, null, 2));
118
+ writeFixture(cwd, '.github/workflows/ci.yml', ['name: CI', 'jobs:', ' test:', ' steps:', ' - run: npm ci'].join('\n'));
119
+ const result = await runPolicy(cwd);
120
+ const types = result.signals.map((signal) => signal.metadata.type);
121
+ expect(types).toContain('lockfile-entry-missing-integrity');
122
+ }
123
+ finally {
124
+ rmSync(cwd, { recursive: true, force: true });
125
+ }
126
+ });
127
+ });
128
+ //# sourceMappingURL=package-supply-chain-policy.test.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"package-supply-chain-policy.test.js","sourceRoot":"","sources":["../../../../src/checks/security/__tests__/package-supply-chain-policy.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACxE,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AACjC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAE1C,OAAO,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAC;AACjD,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAEzD,OAAO,EAAE,wBAAwB,EAAE,MAAM,mCAAmC,CAAC;AAE7E,SAAS,WAAW;IAClB,OAAO,WAAW,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,sBAAsB,CAAC,CAAC,CAAC;AAC7D,CAAC;AAED,SAAS,YAAY,CAAC,GAAW,EAAE,OAAe,EAAE,OAAe;IACjE,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;IAC/B,SAAS,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC7C,aAAa,CAAC,GAAG,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IACpC,OAAO,GAAG,CAAC;AACb,CAAC;AAED,KAAK,UAAU,SAAS,CAAC,GAAW;IAClC,OAAO,wBAAwB,CAAC,GAAG,CAAC,GAAG,EAAE;QACvC,WAAW,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE,cAAc,CAAC,CAAC;KACzC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,CAAC,GAAG,EAAE;IACb,SAAS,CAAC,KAAK,EAAE,CAAC;AACpB,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,6BAA6B,EAAE,GAAG,EAAE;IAC3C,EAAE,CAAC,iCAAiC,EAAE,KAAK,IAAI,EAAE;QAC/C,MAAM,GAAG,GAAG,WAAW,EAAE,CAAC;QAC1B,IAAI,CAAC;YACH,YAAY,CACV,GAAG,EACH,cAAc,EACd,IAAI,CAAC,SAAS,CACZ;gBACE,IAAI,EAAE,WAAW;gBACjB,OAAO,EAAE,IAAI;gBACb,cAAc,EAAE,2BAA2B;gBAC3C,YAAY,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;aACjC,EACD,IAAI,EACJ,CAAC,CACF,CACF,CAAC;YACF,YAAY,CACV,GAAG,EACH,gBAAgB,EAChB;gBACE,wBAAwB;gBACxB,WAAW;gBACX,eAAe;gBACf,2CAA2C;aAC5C,CAAC,IAAI,CAAC,IAAI,CAAC,CACb,CAAC;YACF,YAAY,CACV,GAAG,EACH,qBAAqB,EACrB;gBACE,WAAW;gBACX,SAAS;gBACT,cAAc;gBACd,kBAAkB;gBAClB,yBAAyB;gBACzB,+BAA+B;gBAC/B,2CAA2C;gBAC3C,2BAA2B;gBAC3B,sBAAsB;gBACtB,0BAA0B;aAC3B,CAAC,IAAI,CAAC,IAAI,CAAC,CACb,CAAC;YACF,YAAY,CACV,GAAG,EACH,0BAA0B,EAC1B;gBACE,UAAU;gBACV,OAAO;gBACP,SAAS;gBACT,YAAY;gBACZ,6CAA6C;aAC9C,CAAC,IAAI,CAAC,IAAI,CAAC,CACb,CAAC;YAEF,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,GAAG,CAAC,CAAC;YACpC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACzC,CAAC;gBAAS,CAAC;YACT,MAAM,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QAChD,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sFAAsF,EAAE,KAAK,IAAI,EAAE;QACpG,MAAM,GAAG,GAAG,WAAW,EAAE,CAAC;QAC1B,IAAI,CAAC;YACH,YAAY,CACV,GAAG,EACH,cAAc,EACd,IAAI,CAAC,SAAS,CACZ;gBACE,IAAI,EAAE,UAAU;gBAChB,OAAO,EAAE,OAAO;gBAChB,OAAO,EAAE,EAAE,WAAW,EAAE,eAAe,EAAE;gBACzC,YAAY,EAAE,EAAE,UAAU,EAAE,yBAAyB,EAAE;aACxD,EACD,IAAI,EACJ,CAAC,CACF,CACF,CAAC;YACF,YAAY,CACV,GAAG,EACH,+BAA+B,EAC/B;gBACE,eAAe;gBACf,OAAO;gBACP,YAAY;gBACZ,YAAY;gBACZ,0BAA0B;gBAC1B,0BAA0B;gBAC1B,cAAc;gBACd,qDAAqD;aACtD,CAAC,IAAI,CAAC,IAAI,CAAC,CACb,CAAC;YAEF,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,GAAG,CAAC,CAAC;YACpC,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YACnE,MAAM,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,yBAAyB,CAAC,CAAC;YACnD,MAAM,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,kBAAkB,CAAC,CAAC;YAC5C,MAAM,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,0BAA0B,CAAC,CAAC;YACpD,MAAM,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,0BAA0B,CAAC,CAAC;YACpD,MAAM,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,uBAAuB,CAAC,CAAC;YACjD,MAAM,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,iCAAiC,CAAC,CAAC;YAC3D,MAAM,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,4BAA4B,CAAC,CAAC;YACtD,MAAM,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,wBAAwB,CAAC,CAAC;QACpD,CAAC;gBAAS,CAAC;YACT,MAAM,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QAChD,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uDAAuD,EAAE,KAAK,IAAI,EAAE;QACrE,MAAM,GAAG,GAAG,WAAW,EAAE,CAAC;QAC1B,IAAI,CAAC;YACH,YAAY,CACV,GAAG,EACH,cAAc,EACd,IAAI,CAAC,SAAS,CACZ;gBACE,IAAI,EAAE,SAAS;gBACf,OAAO,EAAE,IAAI;gBACb,cAAc,EAAE,aAAa;aAC9B,EACD,IAAI,EACJ,CAAC,CACF,CACF,CAAC;YACF,YAAY,CAAC,GAAG,EAAE,QAAQ,EAAE,CAAC,qBAAqB,EAAE,mBAAmB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;YACrF,YAAY,CACV,GAAG,EACH,mBAAmB,EACnB,IAAI,CAAC,SAAS,CACZ;gBACE,eAAe,EAAE,CAAC;gBAClB,QAAQ,EAAE;oBACR,kBAAkB,EAAE;wBAClB,OAAO,EAAE,OAAO;wBAChB,QAAQ,EAAE,gDAAgD;qBAC3D;iBACF;aACF,EACD,IAAI,EACJ,CAAC,CACF,CACF,CAAC;YACF,YAAY,CACV,GAAG,EACH,0BAA0B,EAC1B,CAAC,UAAU,EAAE,OAAO,EAAE,SAAS,EAAE,YAAY,EAAE,qBAAqB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CACjF,CAAC;YAEF,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,GAAG,CAAC,CAAC;YACpC,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YACnE,MAAM,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,kCAAkC,CAAC,CAAC;QAC9D,CAAC;gBAAS,CAAC;YACT,MAAM,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QAChD,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
@@ -0,0 +1,10 @@
1
+ /**
2
+ * @fileoverview Validate API key handling supports rotation
3
+ */
4
+ /**
5
+ * Check: security/api-key-rotation
6
+ *
7
+ * Validates that API key handling supports key rotation.
8
+ */
9
+ export declare const apiKeyRotation: import("@opensip-cli/fitness").Check;
10
+ //# sourceMappingURL=api-key-rotation.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"api-key-rotation.d.ts","sourceRoot":"","sources":["../../../src/checks/security/api-key-rotation.ts"],"names":[],"mappings":"AAEA;;GAEG;AAyIH;;;;GAIG;AACH,eAAO,MAAM,cAAc,sCA4DzB,CAAC"}