@opensip-cli/checks-universal 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +202 -0
- package/NOTICE +8 -0
- package/README.md +31 -0
- package/dist/__tests__/all-checks-execute.test.d.ts +17 -0
- package/dist/__tests__/all-checks-execute.test.d.ts.map +1 -0
- package/dist/__tests__/all-checks-execute.test.js +452 -0
- package/dist/__tests__/all-checks-execute.test.js.map +1 -0
- package/dist/__tests__/behavior-fixtures-10.test.d.ts +8 -0
- package/dist/__tests__/behavior-fixtures-10.test.d.ts.map +1 -0
- package/dist/__tests__/behavior-fixtures-10.test.js +200 -0
- package/dist/__tests__/behavior-fixtures-10.test.js.map +1 -0
- package/dist/__tests__/behavior-fixtures-11.test.d.ts +8 -0
- package/dist/__tests__/behavior-fixtures-11.test.d.ts.map +1 -0
- package/dist/__tests__/behavior-fixtures-11.test.js +120 -0
- package/dist/__tests__/behavior-fixtures-11.test.js.map +1 -0
- package/dist/__tests__/behavior-fixtures-12.test.d.ts +8 -0
- package/dist/__tests__/behavior-fixtures-12.test.d.ts.map +1 -0
- package/dist/__tests__/behavior-fixtures-12.test.js +157 -0
- package/dist/__tests__/behavior-fixtures-12.test.js.map +1 -0
- package/dist/__tests__/behavior-fixtures-2.test.d.ts +8 -0
- package/dist/__tests__/behavior-fixtures-2.test.d.ts.map +1 -0
- package/dist/__tests__/behavior-fixtures-2.test.js +785 -0
- package/dist/__tests__/behavior-fixtures-2.test.js.map +1 -0
- package/dist/__tests__/behavior-fixtures-3.test.d.ts +6 -0
- package/dist/__tests__/behavior-fixtures-3.test.d.ts.map +1 -0
- package/dist/__tests__/behavior-fixtures-3.test.js +663 -0
- package/dist/__tests__/behavior-fixtures-3.test.js.map +1 -0
- package/dist/__tests__/behavior-fixtures-4.test.d.ts +5 -0
- package/dist/__tests__/behavior-fixtures-4.test.d.ts.map +1 -0
- package/dist/__tests__/behavior-fixtures-4.test.js +612 -0
- package/dist/__tests__/behavior-fixtures-4.test.js.map +1 -0
- package/dist/__tests__/behavior-fixtures-5.test.d.ts +5 -0
- package/dist/__tests__/behavior-fixtures-5.test.d.ts.map +1 -0
- package/dist/__tests__/behavior-fixtures-5.test.js +469 -0
- package/dist/__tests__/behavior-fixtures-5.test.js.map +1 -0
- package/dist/__tests__/behavior-fixtures-6.test.d.ts +8 -0
- package/dist/__tests__/behavior-fixtures-6.test.d.ts.map +1 -0
- package/dist/__tests__/behavior-fixtures-6.test.js +591 -0
- package/dist/__tests__/behavior-fixtures-6.test.js.map +1 -0
- package/dist/__tests__/behavior-fixtures-7.test.d.ts +5 -0
- package/dist/__tests__/behavior-fixtures-7.test.d.ts.map +1 -0
- package/dist/__tests__/behavior-fixtures-7.test.js +662 -0
- package/dist/__tests__/behavior-fixtures-7.test.js.map +1 -0
- package/dist/__tests__/behavior-fixtures-8.test.d.ts +11 -0
- package/dist/__tests__/behavior-fixtures-8.test.d.ts.map +1 -0
- package/dist/__tests__/behavior-fixtures-8.test.js +634 -0
- package/dist/__tests__/behavior-fixtures-8.test.js.map +1 -0
- package/dist/__tests__/behavior-fixtures-9.test.d.ts +11 -0
- package/dist/__tests__/behavior-fixtures-9.test.d.ts.map +1 -0
- package/dist/__tests__/behavior-fixtures-9.test.js +271 -0
- package/dist/__tests__/behavior-fixtures-9.test.js.map +1 -0
- package/dist/__tests__/behavior-fixtures.test.d.ts +14 -0
- package/dist/__tests__/behavior-fixtures.test.d.ts.map +1 -0
- package/dist/__tests__/behavior-fixtures.test.js +1423 -0
- package/dist/__tests__/behavior-fixtures.test.js.map +1 -0
- package/dist/__tests__/checks.test.d.ts +2 -0
- package/dist/__tests__/checks.test.d.ts.map +1 -0
- package/dist/__tests__/checks.test.js +61 -0
- package/dist/__tests__/checks.test.js.map +1 -0
- package/dist/__tests__/env-var-validation.test.d.ts +14 -0
- package/dist/__tests__/env-var-validation.test.d.ts.map +1 -0
- package/dist/__tests__/env-var-validation.test.js +53 -0
- package/dist/__tests__/env-var-validation.test.js.map +1 -0
- package/dist/__tests__/file-length-limit.test.d.ts +2 -0
- package/dist/__tests__/file-length-limit.test.d.ts.map +1 -0
- package/dist/__tests__/file-length-limit.test.js +29 -0
- package/dist/__tests__/file-length-limit.test.js.map +1 -0
- package/dist/__tests__/fixture-coverage.allowlist.d.ts +18 -0
- package/dist/__tests__/fixture-coverage.allowlist.d.ts.map +1 -0
- package/dist/__tests__/fixture-coverage.allowlist.js +35 -0
- package/dist/__tests__/fixture-coverage.allowlist.js.map +1 -0
- package/dist/__tests__/fixture-coverage.test.d.ts +13 -0
- package/dist/__tests__/fixture-coverage.test.d.ts.map +1 -0
- package/dist/__tests__/fixture-coverage.test.js +57 -0
- package/dist/__tests__/fixture-coverage.test.js.map +1 -0
- package/dist/__tests__/iic.test.d.ts +15 -0
- package/dist/__tests__/iic.test.d.ts.map +1 -0
- package/dist/__tests__/iic.test.js +316 -0
- package/dist/__tests__/iic.test.js.map +1 -0
- package/dist/__tests__/no-skipped-tests.test.d.ts +14 -0
- package/dist/__tests__/no-skipped-tests.test.d.ts.map +1 -0
- package/dist/__tests__/no-skipped-tests.test.js +144 -0
- package/dist/__tests__/no-skipped-tests.test.js.map +1 -0
- package/dist/__tests__/no-todo-comments.test.d.ts +2 -0
- package/dist/__tests__/no-todo-comments.test.d.ts.map +1 -0
- package/dist/__tests__/no-todo-comments.test.js +31 -0
- package/dist/__tests__/no-todo-comments.test.js.map +1 -0
- package/dist/__tests__/no-unimplemented-markers.test.d.ts +2 -0
- package/dist/__tests__/no-unimplemented-markers.test.d.ts.map +1 -0
- package/dist/__tests__/no-unimplemented-markers.test.js +140 -0
- package/dist/__tests__/no-unimplemented-markers.test.js.map +1 -0
- package/dist/__tests__/public-api-jsdoc-scope.test.d.ts +10 -0
- package/dist/__tests__/public-api-jsdoc-scope.test.d.ts.map +1 -0
- package/dist/__tests__/public-api-jsdoc-scope.test.js +176 -0
- package/dist/__tests__/public-api-jsdoc-scope.test.js.map +1 -0
- package/dist/__tests__/resilience-fp.test.d.ts +14 -0
- package/dist/__tests__/resilience-fp.test.d.ts.map +1 -0
- package/dist/__tests__/resilience-fp.test.js +110 -0
- package/dist/__tests__/resilience-fp.test.js.map +1 -0
- package/dist/checks/architecture/__tests__/no-kebab-option-indexing.test.d.ts +2 -0
- package/dist/checks/architecture/__tests__/no-kebab-option-indexing.test.d.ts.map +1 -0
- package/dist/checks/architecture/__tests__/no-kebab-option-indexing.test.js +32 -0
- package/dist/checks/architecture/__tests__/no-kebab-option-indexing.test.js.map +1 -0
- package/dist/checks/architecture/__tests__/tool-has-manifest.test.d.ts +2 -0
- package/dist/checks/architecture/__tests__/tool-has-manifest.test.d.ts.map +1 -0
- package/dist/checks/architecture/__tests__/tool-has-manifest.test.js +152 -0
- package/dist/checks/architecture/__tests__/tool-has-manifest.test.js.map +1 -0
- package/dist/checks/architecture/__tests__/vitest-config-required-with-tests.test.d.ts +2 -0
- package/dist/checks/architecture/__tests__/vitest-config-required-with-tests.test.d.ts.map +1 -0
- package/dist/checks/architecture/__tests__/vitest-config-required-with-tests.test.js +129 -0
- package/dist/checks/architecture/__tests__/vitest-config-required-with-tests.test.js.map +1 -0
- package/dist/checks/architecture/_yaml-doc-bindings.d.ts +23 -0
- package/dist/checks/architecture/_yaml-doc-bindings.d.ts.map +1 -0
- package/dist/checks/architecture/_yaml-doc-bindings.js +29 -0
- package/dist/checks/architecture/_yaml-doc-bindings.js.map +1 -0
- package/dist/checks/architecture/dependencies/index.d.ts +2 -0
- package/dist/checks/architecture/dependencies/index.d.ts.map +1 -0
- package/dist/checks/architecture/dependencies/index.js +2 -0
- package/dist/checks/architecture/dependencies/index.js.map +1 -0
- package/dist/checks/architecture/dependencies/no-duplicate-packages.d.ts +11 -0
- package/dist/checks/architecture/dependencies/no-duplicate-packages.d.ts.map +1 -0
- package/dist/checks/architecture/dependencies/no-duplicate-packages.js +171 -0
- package/dist/checks/architecture/dependencies/no-duplicate-packages.js.map +1 -0
- package/dist/checks/architecture/docker-best-practices.d.ts +23 -0
- package/dist/checks/architecture/docker-best-practices.d.ts.map +1 -0
- package/dist/checks/architecture/docker-best-practices.js +427 -0
- package/dist/checks/architecture/docker-best-practices.js.map +1 -0
- package/dist/checks/architecture/docker-ignore-validation.d.ts +18 -0
- package/dist/checks/architecture/docker-ignore-validation.d.ts.map +1 -0
- package/dist/checks/architecture/docker-ignore-validation.js +117 -0
- package/dist/checks/architecture/docker-ignore-validation.js.map +1 -0
- package/dist/checks/architecture/docker-version-sync.d.ts +16 -0
- package/dist/checks/architecture/docker-version-sync.d.ts.map +1 -0
- package/dist/checks/architecture/docker-version-sync.js +193 -0
- package/dist/checks/architecture/docker-version-sync.js.map +1 -0
- package/dist/checks/architecture/env-var-validation.d.ts +14 -0
- package/dist/checks/architecture/env-var-validation.d.ts.map +1 -0
- package/dist/checks/architecture/env-var-validation.js +289 -0
- package/dist/checks/architecture/env-var-validation.js.map +1 -0
- package/dist/checks/architecture/heavy-import-detection.d.ts +11 -0
- package/dist/checks/architecture/heavy-import-detection.d.ts.map +1 -0
- package/dist/checks/architecture/heavy-import-detection.js +91 -0
- package/dist/checks/architecture/heavy-import-detection.js.map +1 -0
- package/dist/checks/architecture/index.d.ts +16 -0
- package/dist/checks/architecture/index.d.ts.map +1 -0
- package/dist/checks/architecture/index.js +16 -0
- package/dist/checks/architecture/index.js.map +1 -0
- package/dist/checks/architecture/modules/empty-package-detection.d.ts +11 -0
- package/dist/checks/architecture/modules/empty-package-detection.d.ts.map +1 -0
- package/dist/checks/architecture/modules/empty-package-detection.js +277 -0
- package/dist/checks/architecture/modules/empty-package-detection.js.map +1 -0
- package/dist/checks/architecture/modules/index.d.ts +3 -0
- package/dist/checks/architecture/modules/index.d.ts.map +1 -0
- package/dist/checks/architecture/modules/index.js +3 -0
- package/dist/checks/architecture/modules/index.js.map +1 -0
- package/dist/checks/architecture/modules/interface-implementation-consistency.d.ts +12 -0
- package/dist/checks/architecture/modules/interface-implementation-consistency.d.ts.map +1 -0
- package/dist/checks/architecture/modules/interface-implementation-consistency.js +555 -0
- package/dist/checks/architecture/modules/interface-implementation-consistency.js.map +1 -0
- package/dist/checks/architecture/no-custom-event-emitter.d.ts +11 -0
- package/dist/checks/architecture/no-custom-event-emitter.d.ts.map +1 -0
- package/dist/checks/architecture/no-custom-event-emitter.js +123 -0
- package/dist/checks/architecture/no-custom-event-emitter.js.map +1 -0
- package/dist/checks/architecture/no-kebab-option-indexing.d.ts +33 -0
- package/dist/checks/architecture/no-kebab-option-indexing.d.ts.map +1 -0
- package/dist/checks/architecture/no-kebab-option-indexing.js +81 -0
- package/dist/checks/architecture/no-kebab-option-indexing.js.map +1 -0
- package/dist/checks/architecture/node-version-consistency.d.ts +22 -0
- package/dist/checks/architecture/node-version-consistency.d.ts.map +1 -0
- package/dist/checks/architecture/node-version-consistency.js +225 -0
- package/dist/checks/architecture/node-version-consistency.js.map +1 -0
- package/dist/checks/architecture/project-readme-existence.d.ts +13 -0
- package/dist/checks/architecture/project-readme-existence.d.ts.map +1 -0
- package/dist/checks/architecture/project-readme-existence.js +55 -0
- package/dist/checks/architecture/project-readme-existence.js.map +1 -0
- package/dist/checks/architecture/stale-build-artifacts.d.ts +10 -0
- package/dist/checks/architecture/stale-build-artifacts.d.ts.map +1 -0
- package/dist/checks/architecture/stale-build-artifacts.js +55 -0
- package/dist/checks/architecture/stale-build-artifacts.js.map +1 -0
- package/dist/checks/architecture/tool-has-manifest.d.ts +27 -0
- package/dist/checks/architecture/tool-has-manifest.d.ts.map +1 -0
- package/dist/checks/architecture/tool-has-manifest.js +135 -0
- package/dist/checks/architecture/tool-has-manifest.js.map +1 -0
- package/dist/checks/architecture/vitest-config-extends-base.d.ts +15 -0
- package/dist/checks/architecture/vitest-config-extends-base.d.ts.map +1 -0
- package/dist/checks/architecture/vitest-config-extends-base.js +104 -0
- package/dist/checks/architecture/vitest-config-extends-base.js.map +1 -0
- package/dist/checks/architecture/vitest-config-required-with-tests.d.ts +49 -0
- package/dist/checks/architecture/vitest-config-required-with-tests.d.ts.map +1 -0
- package/dist/checks/architecture/vitest-config-required-with-tests.js +199 -0
- package/dist/checks/architecture/vitest-config-required-with-tests.js.map +1 -0
- package/dist/checks/documentation/_directives/eslint.d.ts +9 -0
- package/dist/checks/documentation/_directives/eslint.d.ts.map +1 -0
- package/dist/checks/documentation/_directives/eslint.js +168 -0
- package/dist/checks/documentation/_directives/eslint.js.map +1 -0
- package/dist/checks/documentation/_directives/fitness.d.ts +9 -0
- package/dist/checks/documentation/_directives/fitness.d.ts.map +1 -0
- package/dist/checks/documentation/_directives/fitness.js +64 -0
- package/dist/checks/documentation/_directives/fitness.js.map +1 -0
- package/dist/checks/documentation/_directives/graph.d.ts +10 -0
- package/dist/checks/documentation/_directives/graph.d.ts.map +1 -0
- package/dist/checks/documentation/_directives/graph.js +65 -0
- package/dist/checks/documentation/_directives/graph.js.map +1 -0
- package/dist/checks/documentation/_directives/graph.test.d.ts +2 -0
- package/dist/checks/documentation/_directives/graph.test.d.ts.map +1 -0
- package/dist/checks/documentation/_directives/graph.test.js +54 -0
- package/dist/checks/documentation/_directives/graph.test.js.map +1 -0
- package/dist/checks/documentation/_directives/semgrep.d.ts +8 -0
- package/dist/checks/documentation/_directives/semgrep.d.ts.map +1 -0
- package/dist/checks/documentation/_directives/semgrep.js +72 -0
- package/dist/checks/documentation/_directives/semgrep.js.map +1 -0
- package/dist/checks/documentation/_directives/types.d.ts +21 -0
- package/dist/checks/documentation/_directives/types.d.ts.map +1 -0
- package/dist/checks/documentation/_directives/types.js +9 -0
- package/dist/checks/documentation/_directives/types.js.map +1 -0
- package/dist/checks/documentation/_directives/typescript.d.ts +10 -0
- package/dist/checks/documentation/_directives/typescript.d.ts.map +1 -0
- package/dist/checks/documentation/_directives/typescript.js +54 -0
- package/dist/checks/documentation/_directives/typescript.js.map +1 -0
- package/dist/checks/documentation/_public-api-graph.d.ts +30 -0
- package/dist/checks/documentation/_public-api-graph.d.ts.map +1 -0
- package/dist/checks/documentation/_public-api-graph.js +304 -0
- package/dist/checks/documentation/_public-api-graph.js.map +1 -0
- package/dist/checks/documentation/directive-audit.d.ts +26 -0
- package/dist/checks/documentation/directive-audit.d.ts.map +1 -0
- package/dist/checks/documentation/directive-audit.js +144 -0
- package/dist/checks/documentation/directive-audit.js.map +1 -0
- package/dist/checks/documentation/index.d.ts +3 -0
- package/dist/checks/documentation/index.d.ts.map +1 -0
- package/dist/checks/documentation/index.js +3 -0
- package/dist/checks/documentation/index.js.map +1 -0
- package/dist/checks/documentation/public-api-jsdoc.d.ts +10 -0
- package/dist/checks/documentation/public-api-jsdoc.d.ts.map +1 -0
- package/dist/checks/documentation/public-api-jsdoc.js +131 -0
- package/dist/checks/documentation/public-api-jsdoc.js.map +1 -0
- package/dist/checks/file-length-limit.d.ts +16 -0
- package/dist/checks/file-length-limit.d.ts.map +1 -0
- package/dist/checks/file-length-limit.js +47 -0
- package/dist/checks/file-length-limit.js.map +1 -0
- package/dist/checks/index.d.ts +16 -0
- package/dist/checks/index.d.ts.map +1 -0
- package/dist/checks/index.js +16 -0
- package/dist/checks/index.js.map +1 -0
- package/dist/checks/no-todo-comments.d.ts +18 -0
- package/dist/checks/no-todo-comments.d.ts.map +1 -0
- package/dist/checks/no-todo-comments.js +79 -0
- package/dist/checks/no-todo-comments.js.map +1 -0
- package/dist/checks/no-unimplemented-markers.d.ts +24 -0
- package/dist/checks/no-unimplemented-markers.d.ts.map +1 -0
- package/dist/checks/no-unimplemented-markers.js +198 -0
- package/dist/checks/no-unimplemented-markers.js.map +1 -0
- package/dist/checks/quality/api/graphql-offset-pagination.d.ts +9 -0
- package/dist/checks/quality/api/graphql-offset-pagination.d.ts.map +1 -0
- package/dist/checks/quality/api/graphql-offset-pagination.js +63 -0
- package/dist/checks/quality/api/graphql-offset-pagination.js.map +1 -0
- package/dist/checks/quality/api/index.d.ts +3 -0
- package/dist/checks/quality/api/index.d.ts.map +1 -0
- package/dist/checks/quality/api/index.js +3 -0
- package/dist/checks/quality/api/index.js.map +1 -0
- package/dist/checks/quality/api/zod-openapi-sync.d.ts +13 -0
- package/dist/checks/quality/api/zod-openapi-sync.d.ts.map +1 -0
- package/dist/checks/quality/api/zod-openapi-sync.js +88 -0
- package/dist/checks/quality/api/zod-openapi-sync.js.map +1 -0
- package/dist/checks/quality/code-structure/dead-code.d.ts +12 -0
- package/dist/checks/quality/code-structure/dead-code.d.ts.map +1 -0
- package/dist/checks/quality/code-structure/dead-code.js +238 -0
- package/dist/checks/quality/code-structure/dead-code.js.map +1 -0
- package/dist/checks/quality/code-structure/index.d.ts +5 -0
- package/dist/checks/quality/code-structure/index.d.ts.map +1 -0
- package/dist/checks/quality/code-structure/index.js +5 -0
- package/dist/checks/quality/code-structure/index.js.map +1 -0
- package/dist/checks/quality/code-structure/no-ai-attribution.d.ts +25 -0
- package/dist/checks/quality/code-structure/no-ai-attribution.d.ts.map +1 -0
- package/dist/checks/quality/code-structure/no-ai-attribution.js +76 -0
- package/dist/checks/quality/code-structure/no-ai-attribution.js.map +1 -0
- package/dist/checks/quality/code-structure/no-console-log.d.ts +17 -0
- package/dist/checks/quality/code-structure/no-console-log.d.ts.map +1 -0
- package/dist/checks/quality/code-structure/no-console-log.js +106 -0
- package/dist/checks/quality/code-structure/no-console-log.js.map +1 -0
- package/dist/checks/quality/code-structure/no-process-artifacts.d.ts +25 -0
- package/dist/checks/quality/code-structure/no-process-artifacts.d.ts.map +1 -0
- package/dist/checks/quality/code-structure/no-process-artifacts.js +104 -0
- package/dist/checks/quality/code-structure/no-process-artifacts.js.map +1 -0
- package/dist/checks/quality/dependency-version-consistency.d.ts +20 -0
- package/dist/checks/quality/dependency-version-consistency.d.ts.map +1 -0
- package/dist/checks/quality/dependency-version-consistency.js +266 -0
- package/dist/checks/quality/dependency-version-consistency.js.map +1 -0
- package/dist/checks/quality/fitness-ignore-hygiene.d.ts +10 -0
- package/dist/checks/quality/fitness-ignore-hygiene.d.ts.map +1 -0
- package/dist/checks/quality/fitness-ignore-hygiene.js +93 -0
- package/dist/checks/quality/fitness-ignore-hygiene.js.map +1 -0
- package/dist/checks/quality/frontend/expo-vector-icons.d.ts +13 -0
- package/dist/checks/quality/frontend/expo-vector-icons.d.ts.map +1 -0
- package/dist/checks/quality/frontend/expo-vector-icons.js +80 -0
- package/dist/checks/quality/frontend/expo-vector-icons.js.map +1 -0
- package/dist/checks/quality/frontend/image-optimization.d.ts +13 -0
- package/dist/checks/quality/frontend/image-optimization.d.ts.map +1 -0
- package/dist/checks/quality/frontend/image-optimization.js +166 -0
- package/dist/checks/quality/frontend/image-optimization.js.map +1 -0
- package/dist/checks/quality/frontend/index.d.ts +4 -0
- package/dist/checks/quality/frontend/index.d.ts.map +1 -0
- package/dist/checks/quality/frontend/index.js +4 -0
- package/dist/checks/quality/frontend/index.js.map +1 -0
- package/dist/checks/quality/frontend/navigation-typing.d.ts +12 -0
- package/dist/checks/quality/frontend/navigation-typing.d.ts.map +1 -0
- package/dist/checks/quality/frontend/navigation-typing.js +77 -0
- package/dist/checks/quality/frontend/navigation-typing.js.map +1 -0
- package/dist/checks/quality/graph-ignore-hygiene.d.ts +10 -0
- package/dist/checks/quality/graph-ignore-hygiene.d.ts.map +1 -0
- package/dist/checks/quality/graph-ignore-hygiene.js +95 -0
- package/dist/checks/quality/graph-ignore-hygiene.js.map +1 -0
- package/dist/checks/quality/graph-ignore-hygiene.test.d.ts +14 -0
- package/dist/checks/quality/graph-ignore-hygiene.test.d.ts.map +1 -0
- package/dist/checks/quality/graph-ignore-hygiene.test.js +58 -0
- package/dist/checks/quality/graph-ignore-hygiene.test.js.map +1 -0
- package/dist/checks/quality/index.d.ts +16 -0
- package/dist/checks/quality/index.d.ts.map +1 -0
- package/dist/checks/quality/index.js +16 -0
- package/dist/checks/quality/index.js.map +1 -0
- package/dist/checks/quality/linting/eslint-justifications.d.ts +12 -0
- package/dist/checks/quality/linting/eslint-justifications.d.ts.map +1 -0
- package/dist/checks/quality/linting/eslint-justifications.js +328 -0
- package/dist/checks/quality/linting/eslint-justifications.js.map +1 -0
- package/dist/checks/quality/linting/index.d.ts +4 -0
- package/dist/checks/quality/linting/index.d.ts.map +1 -0
- package/dist/checks/quality/linting/index.js +4 -0
- package/dist/checks/quality/linting/index.js.map +1 -0
- package/dist/checks/quality/linting/semgrep-justifications.d.ts +16 -0
- package/dist/checks/quality/linting/semgrep-justifications.d.ts.map +1 -0
- package/dist/checks/quality/linting/semgrep-justifications.js +229 -0
- package/dist/checks/quality/linting/semgrep-justifications.js.map +1 -0
- package/dist/checks/quality/linting/typescript-directive-hygiene.d.ts +12 -0
- package/dist/checks/quality/linting/typescript-directive-hygiene.d.ts.map +1 -0
- package/dist/checks/quality/linting/typescript-directive-hygiene.js +142 -0
- package/dist/checks/quality/linting/typescript-directive-hygiene.js.map +1 -0
- package/dist/checks/quality/no-compatibility-layer-names.d.ts +13 -0
- package/dist/checks/quality/no-compatibility-layer-names.d.ts.map +1 -0
- package/dist/checks/quality/no-compatibility-layer-names.js +100 -0
- package/dist/checks/quality/no-compatibility-layer-names.js.map +1 -0
- package/dist/checks/quality/no-deprecated-tags.d.ts +11 -0
- package/dist/checks/quality/no-deprecated-tags.d.ts.map +1 -0
- package/dist/checks/quality/no-deprecated-tags.js +76 -0
- package/dist/checks/quality/no-deprecated-tags.js.map +1 -0
- package/dist/checks/quality/no-markdown-references.d.ts +16 -0
- package/dist/checks/quality/no-markdown-references.d.ts.map +1 -0
- package/dist/checks/quality/no-markdown-references.js +145 -0
- package/dist/checks/quality/no-markdown-references.js.map +1 -0
- package/dist/checks/quality/no-raw-regex-on-code.d.ts +9 -0
- package/dist/checks/quality/no-raw-regex-on-code.d.ts.map +1 -0
- package/dist/checks/quality/no-raw-regex-on-code.js +61 -0
- package/dist/checks/quality/no-raw-regex-on-code.js.map +1 -0
- package/dist/checks/quality/no-temporary-workarounds.d.ts +11 -0
- package/dist/checks/quality/no-temporary-workarounds.d.ts.map +1 -0
- package/dist/checks/quality/no-temporary-workarounds.js +69 -0
- package/dist/checks/quality/no-temporary-workarounds.js.map +1 -0
- package/dist/checks/quality/no-window-alert.d.ts +19 -0
- package/dist/checks/quality/no-window-alert.d.ts.map +1 -0
- package/dist/checks/quality/no-window-alert.js +74 -0
- package/dist/checks/quality/no-window-alert.js.map +1 -0
- package/dist/checks/quality/observability/index.d.ts +2 -0
- package/dist/checks/quality/observability/index.d.ts.map +1 -0
- package/dist/checks/quality/observability/index.js +2 -0
- package/dist/checks/quality/observability/index.js.map +1 -0
- package/dist/checks/quality/observability/pino-serializer-coverage.d.ts +15 -0
- package/dist/checks/quality/observability/pino-serializer-coverage.d.ts.map +1 -0
- package/dist/checks/quality/observability/pino-serializer-coverage.js +209 -0
- package/dist/checks/quality/observability/pino-serializer-coverage.js.map +1 -0
- package/dist/checks/quality/patterns/async-state-pattern.d.ts +14 -0
- package/dist/checks/quality/patterns/async-state-pattern.d.ts.map +1 -0
- package/dist/checks/quality/patterns/async-state-pattern.js +80 -0
- package/dist/checks/quality/patterns/async-state-pattern.js.map +1 -0
- package/dist/checks/quality/patterns/index.d.ts +4 -0
- package/dist/checks/quality/patterns/index.d.ts.map +1 -0
- package/dist/checks/quality/patterns/index.js +4 -0
- package/dist/checks/quality/patterns/index.js.map +1 -0
- package/dist/checks/quality/patterns/no-non-null-assertions.d.ts +10 -0
- package/dist/checks/quality/patterns/no-non-null-assertions.d.ts.map +1 -0
- package/dist/checks/quality/patterns/no-non-null-assertions.js +97 -0
- package/dist/checks/quality/patterns/no-non-null-assertions.js.map +1 -0
- package/dist/checks/quality/patterns/performance-anti-patterns.d.ts +16 -0
- package/dist/checks/quality/patterns/performance-anti-patterns.d.ts.map +1 -0
- package/dist/checks/quality/patterns/performance-anti-patterns.js +239 -0
- package/dist/checks/quality/patterns/performance-anti-patterns.js.map +1 -0
- package/dist/checks/resilience/_helpers/config-validation.d.ts +27 -0
- package/dist/checks/resilience/_helpers/config-validation.d.ts.map +1 -0
- package/dist/checks/resilience/_helpers/config-validation.js +61 -0
- package/dist/checks/resilience/_helpers/config-validation.js.map +1 -0
- package/dist/checks/resilience/batch-operations.d.ts +22 -0
- package/dist/checks/resilience/batch-operations.d.ts.map +1 -0
- package/dist/checks/resilience/batch-operations.js +422 -0
- package/dist/checks/resilience/batch-operations.js.map +1 -0
- package/dist/checks/resilience/cache-ttl-validation.d.ts +13 -0
- package/dist/checks/resilience/cache-ttl-validation.d.ts.map +1 -0
- package/dist/checks/resilience/cache-ttl-validation.js +222 -0
- package/dist/checks/resilience/cache-ttl-validation.js.map +1 -0
- package/dist/checks/resilience/catch-clause-safety.d.ts +12 -0
- package/dist/checks/resilience/catch-clause-safety.d.ts.map +1 -0
- package/dist/checks/resilience/catch-clause-safety.js +110 -0
- package/dist/checks/resilience/catch-clause-safety.js.map +1 -0
- package/dist/checks/resilience/dangerous-config-defaults.d.ts +11 -0
- package/dist/checks/resilience/dangerous-config-defaults.d.ts.map +1 -0
- package/dist/checks/resilience/dangerous-config-defaults.js +304 -0
- package/dist/checks/resilience/dangerous-config-defaults.js.map +1 -0
- package/dist/checks/resilience/error-code-registration.d.ts +11 -0
- package/dist/checks/resilience/error-code-registration.d.ts.map +1 -0
- package/dist/checks/resilience/error-code-registration.js +88 -0
- package/dist/checks/resilience/error-code-registration.js.map +1 -0
- package/dist/checks/resilience/event-patterns.d.ts +21 -0
- package/dist/checks/resilience/event-patterns.d.ts.map +1 -0
- package/dist/checks/resilience/event-patterns.js +232 -0
- package/dist/checks/resilience/event-patterns.js.map +1 -0
- package/dist/checks/resilience/exit-code-correctness.d.ts +12 -0
- package/dist/checks/resilience/exit-code-correctness.d.ts.map +1 -0
- package/dist/checks/resilience/exit-code-correctness.js +107 -0
- package/dist/checks/resilience/exit-code-correctness.js.map +1 -0
- package/dist/checks/resilience/index.d.ts +18 -0
- package/dist/checks/resilience/index.d.ts.map +1 -0
- package/dist/checks/resilience/index.js +18 -0
- package/dist/checks/resilience/index.js.map +1 -0
- package/dist/checks/resilience/no-hardcoded-timeouts.d.ts +10 -0
- package/dist/checks/resilience/no-hardcoded-timeouts.d.ts.map +1 -0
- package/dist/checks/resilience/no-hardcoded-timeouts.js +291 -0
- package/dist/checks/resilience/no-hardcoded-timeouts.js.map +1 -0
- package/dist/checks/resilience/no-process-exit-in-finally.d.ts +11 -0
- package/dist/checks/resilience/no-process-exit-in-finally.d.ts.map +1 -0
- package/dist/checks/resilience/no-process-exit-in-finally.js +89 -0
- package/dist/checks/resilience/no-process-exit-in-finally.js.map +1 -0
- package/dist/checks/resilience/readline-cleanup.d.ts +11 -0
- package/dist/checks/resilience/readline-cleanup.d.ts.map +1 -0
- package/dist/checks/resilience/readline-cleanup.js +107 -0
- package/dist/checks/resilience/readline-cleanup.js.map +1 -0
- package/dist/checks/resilience/recovery-patterns.d.ts +25 -0
- package/dist/checks/resilience/recovery-patterns.d.ts.map +1 -0
- package/dist/checks/resilience/recovery-patterns.js +273 -0
- package/dist/checks/resilience/recovery-patterns.js.map +1 -0
- package/dist/checks/resilience/reentrancy-guard.d.ts +12 -0
- package/dist/checks/resilience/reentrancy-guard.d.ts.map +1 -0
- package/dist/checks/resilience/reentrancy-guard.js +86 -0
- package/dist/checks/resilience/reentrancy-guard.js.map +1 -0
- package/dist/checks/resilience/retry-config-validation.d.ts +13 -0
- package/dist/checks/resilience/retry-config-validation.d.ts.map +1 -0
- package/dist/checks/resilience/retry-config-validation.js +159 -0
- package/dist/checks/resilience/retry-config-validation.js.map +1 -0
- package/dist/checks/resilience/sentry/_helpers/sentry.d.ts +25 -0
- package/dist/checks/resilience/sentry/_helpers/sentry.d.ts.map +1 -0
- package/dist/checks/resilience/sentry/_helpers/sentry.js +68 -0
- package/dist/checks/resilience/sentry/_helpers/sentry.js.map +1 -0
- package/dist/checks/resilience/sentry/index.d.ts +8 -0
- package/dist/checks/resilience/sentry/index.d.ts.map +1 -0
- package/dist/checks/resilience/sentry/index.js +8 -0
- package/dist/checks/resilience/sentry/index.js.map +1 -0
- package/dist/checks/resilience/sentry/sentry-dsn-configured.d.ts +12 -0
- package/dist/checks/resilience/sentry/sentry-dsn-configured.d.ts.map +1 -0
- package/dist/checks/resilience/sentry/sentry-dsn-configured.js +55 -0
- package/dist/checks/resilience/sentry/sentry-dsn-configured.js.map +1 -0
- package/dist/checks/resilience/sentry/sentry-environment-set.d.ts +12 -0
- package/dist/checks/resilience/sentry/sentry-environment-set.d.ts.map +1 -0
- package/dist/checks/resilience/sentry/sentry-environment-set.js +51 -0
- package/dist/checks/resilience/sentry/sentry-environment-set.js.map +1 -0
- package/dist/checks/resilience/sentry/sentry-error-boundary.d.ts +12 -0
- package/dist/checks/resilience/sentry/sentry-error-boundary.d.ts.map +1 -0
- package/dist/checks/resilience/sentry/sentry-error-boundary.js +75 -0
- package/dist/checks/resilience/sentry/sentry-error-boundary.js.map +1 -0
- package/dist/checks/resilience/sentry/sentry-pii-scrubbing.d.ts +13 -0
- package/dist/checks/resilience/sentry/sentry-pii-scrubbing.d.ts.map +1 -0
- package/dist/checks/resilience/sentry/sentry-pii-scrubbing.js +125 -0
- package/dist/checks/resilience/sentry/sentry-pii-scrubbing.js.map +1 -0
- package/dist/checks/resilience/sentry/sentry-release-set.d.ts +12 -0
- package/dist/checks/resilience/sentry/sentry-release-set.d.ts.map +1 -0
- package/dist/checks/resilience/sentry/sentry-release-set.js +51 -0
- package/dist/checks/resilience/sentry/sentry-release-set.js.map +1 -0
- package/dist/checks/resilience/sentry/sentry-sample-rate.d.ts +12 -0
- package/dist/checks/resilience/sentry/sentry-sample-rate.d.ts.map +1 -0
- package/dist/checks/resilience/sentry/sentry-sample-rate.js +78 -0
- package/dist/checks/resilience/sentry/sentry-sample-rate.js.map +1 -0
- package/dist/checks/resilience/sentry/sentry-source-maps.d.ts +12 -0
- package/dist/checks/resilience/sentry/sentry-source-maps.d.ts.map +1 -0
- package/dist/checks/resilience/sentry/sentry-source-maps.js +83 -0
- package/dist/checks/resilience/sentry/sentry-source-maps.js.map +1 -0
- package/dist/checks/resilience/service-patterns.d.ts +18 -0
- package/dist/checks/resilience/service-patterns.d.ts.map +1 -0
- package/dist/checks/resilience/service-patterns.js +230 -0
- package/dist/checks/resilience/service-patterns.js.map +1 -0
- package/dist/checks/resilience/timer-lifecycle.d.ts +10 -0
- package/dist/checks/resilience/timer-lifecycle.d.ts.map +1 -0
- package/dist/checks/resilience/timer-lifecycle.js +78 -0
- package/dist/checks/resilience/timer-lifecycle.js.map +1 -0
- package/dist/checks/resilience/transaction-patterns.d.ts +21 -0
- package/dist/checks/resilience/transaction-patterns.d.ts.map +1 -0
- package/dist/checks/resilience/transaction-patterns.js +258 -0
- package/dist/checks/resilience/transaction-patterns.js.map +1 -0
- package/dist/checks/security/__tests__/no-hardcoded-secrets.test.d.ts +9 -0
- package/dist/checks/security/__tests__/no-hardcoded-secrets.test.d.ts.map +1 -0
- package/dist/checks/security/__tests__/no-hardcoded-secrets.test.js +37 -0
- package/dist/checks/security/__tests__/no-hardcoded-secrets.test.js.map +1 -0
- package/dist/checks/security/__tests__/package-supply-chain-policy.test.d.ts +2 -0
- package/dist/checks/security/__tests__/package-supply-chain-policy.test.d.ts.map +1 -0
- package/dist/checks/security/__tests__/package-supply-chain-policy.test.js +128 -0
- package/dist/checks/security/__tests__/package-supply-chain-policy.test.js.map +1 -0
- package/dist/checks/security/api-key-rotation.d.ts +10 -0
- package/dist/checks/security/api-key-rotation.d.ts.map +1 -0
- package/dist/checks/security/api-key-rotation.js +186 -0
- package/dist/checks/security/api-key-rotation.js.map +1 -0
- package/dist/checks/security/auth-middleware-coverage.d.ts +11 -0
- package/dist/checks/security/auth-middleware-coverage.d.ts.map +1 -0
- package/dist/checks/security/auth-middleware-coverage.js +210 -0
- package/dist/checks/security/auth-middleware-coverage.js.map +1 -0
- package/dist/checks/security/auth-route-guard.d.ts +12 -0
- package/dist/checks/security/auth-route-guard.d.ts.map +1 -0
- package/dist/checks/security/auth-route-guard.js +70 -0
- package/dist/checks/security/auth-route-guard.js.map +1 -0
- package/dist/checks/security/cors-configuration.d.ts +11 -0
- package/dist/checks/security/cors-configuration.d.ts.map +1 -0
- package/dist/checks/security/cors-configuration.js +126 -0
- package/dist/checks/security/cors-configuration.js.map +1 -0
- package/dist/checks/security/csp-headers.d.ts +11 -0
- package/dist/checks/security/csp-headers.d.ts.map +1 -0
- package/dist/checks/security/csp-headers.js +192 -0
- package/dist/checks/security/csp-headers.js.map +1 -0
- package/dist/checks/security/dependency-vulnerability-audit.d.ts +15 -0
- package/dist/checks/security/dependency-vulnerability-audit.d.ts.map +1 -0
- package/dist/checks/security/dependency-vulnerability-audit.js +184 -0
- package/dist/checks/security/dependency-vulnerability-audit.js.map +1 -0
- package/dist/checks/security/env-secret-exposure.d.ts +11 -0
- package/dist/checks/security/env-secret-exposure.d.ts.map +1 -0
- package/dist/checks/security/env-secret-exposure.js +127 -0
- package/dist/checks/security/env-secret-exposure.js.map +1 -0
- package/dist/checks/security/hasura-production-config.d.ts +11 -0
- package/dist/checks/security/hasura-production-config.d.ts.map +1 -0
- package/dist/checks/security/hasura-production-config.js +122 -0
- package/dist/checks/security/hasura-production-config.js.map +1 -0
- package/dist/checks/security/index.d.ts +17 -0
- package/dist/checks/security/index.d.ts.map +1 -0
- package/dist/checks/security/index.js +17 -0
- package/dist/checks/security/index.js.map +1 -0
- package/dist/checks/security/jwt-validation.d.ts +11 -0
- package/dist/checks/security/jwt-validation.d.ts.map +1 -0
- package/dist/checks/security/jwt-validation.js +294 -0
- package/dist/checks/security/jwt-validation.js.map +1 -0
- package/dist/checks/security/no-eval.d.ts +16 -0
- package/dist/checks/security/no-eval.d.ts.map +1 -0
- package/dist/checks/security/no-eval.js +83 -0
- package/dist/checks/security/no-eval.js.map +1 -0
- package/dist/checks/security/no-hardcoded-secrets.d.ts +28 -0
- package/dist/checks/security/no-hardcoded-secrets.d.ts.map +1 -0
- package/dist/checks/security/no-hardcoded-secrets.js +209 -0
- package/dist/checks/security/no-hardcoded-secrets.js.map +1 -0
- package/dist/checks/security/package-supply-chain-policy.d.ts +12 -0
- package/dist/checks/security/package-supply-chain-policy.d.ts.map +1 -0
- package/dist/checks/security/package-supply-chain-policy.js +534 -0
- package/dist/checks/security/package-supply-chain-policy.js.map +1 -0
- package/dist/checks/security/rate-limit-coverage.d.ts +10 -0
- package/dist/checks/security/rate-limit-coverage.d.ts.map +1 -0
- package/dist/checks/security/rate-limit-coverage.js +143 -0
- package/dist/checks/security/rate-limit-coverage.js.map +1 -0
- package/dist/checks/security/semgrep-scan.d.ts +13 -0
- package/dist/checks/security/semgrep-scan.d.ts.map +1 -0
- package/dist/checks/security/semgrep-scan.js +86 -0
- package/dist/checks/security/semgrep-scan.js.map +1 -0
- package/dist/checks/security/use-centralized-crypto.d.ts +11 -0
- package/dist/checks/security/use-centralized-crypto.d.ts.map +1 -0
- package/dist/checks/security/use-centralized-crypto.js +129 -0
- package/dist/checks/security/use-centralized-crypto.js.map +1 -0
- package/dist/checks/security/webhook-signature-verification.d.ts +10 -0
- package/dist/checks/security/webhook-signature-verification.d.ts.map +1 -0
- package/dist/checks/security/webhook-signature-verification.js +183 -0
- package/dist/checks/security/webhook-signature-verification.js.map +1 -0
- package/dist/checks/testing/index.d.ts +6 -0
- package/dist/checks/testing/index.d.ts.map +1 -0
- package/dist/checks/testing/index.js +6 -0
- package/dist/checks/testing/index.js.map +1 -0
- package/dist/checks/testing/no-skipped-tests.d.ts +40 -0
- package/dist/checks/testing/no-skipped-tests.d.ts.map +1 -0
- package/dist/checks/testing/no-skipped-tests.js +174 -0
- package/dist/checks/testing/no-skipped-tests.js.map +1 -0
- package/dist/checks/testing/no-stub-tests.d.ts +11 -0
- package/dist/checks/testing/no-stub-tests.d.ts.map +1 -0
- package/dist/checks/testing/no-stub-tests.js +103 -0
- package/dist/checks/testing/no-stub-tests.js.map +1 -0
- package/dist/checks/testing/test-convention-consistency.d.ts +14 -0
- package/dist/checks/testing/test-convention-consistency.d.ts.map +1 -0
- package/dist/checks/testing/test-convention-consistency.js +93 -0
- package/dist/checks/testing/test-convention-consistency.js.map +1 -0
- package/dist/checks/testing/test-file-naming.d.ts +13 -0
- package/dist/checks/testing/test-file-naming.d.ts.map +1 -0
- package/dist/checks/testing/test-file-naming.js +218 -0
- package/dist/checks/testing/test-file-naming.js.map +1 -0
- package/dist/checks/testing/test-file-pairing.d.ts +13 -0
- package/dist/checks/testing/test-file-pairing.d.ts.map +1 -0
- package/dist/checks/testing/test-file-pairing.js +274 -0
- package/dist/checks/testing/test-file-pairing.js.map +1 -0
- package/dist/display/architecture.d.ts +9 -0
- package/dist/display/architecture.d.ts.map +1 -0
- package/dist/display/architecture.js +29 -0
- package/dist/display/architecture.js.map +1 -0
- package/dist/display/index.d.ts +20 -0
- package/dist/display/index.d.ts.map +1 -0
- package/dist/display/index.js +30 -0
- package/dist/display/index.js.map +1 -0
- package/dist/display/quality.d.ts +7 -0
- package/dist/display/quality.d.ts.map +1 -0
- package/dist/display/quality.js +34 -0
- package/dist/display/quality.js.map +1 -0
- package/dist/display/resilience.d.ts +7 -0
- package/dist/display/resilience.d.ts.map +1 -0
- package/dist/display/resilience.js +36 -0
- package/dist/display/resilience.js.map +1 -0
- package/dist/display/security-testing.d.ts +9 -0
- package/dist/display/security-testing.d.ts.map +1 -0
- package/dist/display/security-testing.js +31 -0
- package/dist/display/security-testing.js.map +1 -0
- package/dist/display/types.d.ts +6 -0
- package/dist/display/types.d.ts.map +1 -0
- package/dist/display/types.js +6 -0
- package/dist/display/types.js.map +1 -0
- package/dist/index.d.ts +19 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +21 -0
- package/dist/index.js.map +1 -0
- package/package.json +52 -0
|
@@ -0,0 +1,258 @@
|
|
|
1
|
+
// @fitness-ignore-file transaction-boundary-validation -- Transaction boundaries appropriate for this use case
|
|
2
|
+
// @fitness-ignore-file unused-config-options -- Config options reserved for future use or environment-specific
|
|
3
|
+
/**
|
|
4
|
+
* @fileoverview Transaction handling resilience checks
|
|
5
|
+
*/
|
|
6
|
+
import { logger } from '@opensip-cli/core';
|
|
7
|
+
import { defineCheck, isTestFile, getLineNumber } from '@opensip-cli/fitness';
|
|
8
|
+
// =============================================================================
|
|
9
|
+
// TRANSACTION BOUNDARY VALIDATION
|
|
10
|
+
// =============================================================================
|
|
11
|
+
/**
|
|
12
|
+
* Patterns indicating transaction usage.
|
|
13
|
+
* Uses `g` flag for patterns used in while(exec()) loops.
|
|
14
|
+
* Note: Patterns must be specific enough to avoid false positives on
|
|
15
|
+
* unrelated uses of similar words (e.g., "Transactional" SMS type in AWS SNS).
|
|
16
|
+
*/
|
|
17
|
+
const TRANSACTION_PATTERNS = [
|
|
18
|
+
/\.transaction\s*\(/g,
|
|
19
|
+
/\.beginTransaction\s*\(/g,
|
|
20
|
+
/\.startTransaction\s*\(/g,
|
|
21
|
+
/BEGIN\s+TRANSACTION/gi,
|
|
22
|
+
/@Transaction\b/g,
|
|
23
|
+
/@Transactional\b/g, // Match decorator only, not SMS type configurations
|
|
24
|
+
/queryRunner\.startTransaction/g,
|
|
25
|
+
];
|
|
26
|
+
/**
|
|
27
|
+
* Patterns indicating proper transaction handling
|
|
28
|
+
*/
|
|
29
|
+
const PROPER_TRANSACTION_PATTERNS = [
|
|
30
|
+
/\.commit\s*\(\)/,
|
|
31
|
+
/\.rollback\s*\(\)/,
|
|
32
|
+
/COMMIT/i,
|
|
33
|
+
/ROLLBACK/i,
|
|
34
|
+
];
|
|
35
|
+
/**
|
|
36
|
+
* Patterns indicating async operations inside transactions (risky).
|
|
37
|
+
* Uses `g` flag for patterns used in while(exec()) loops.
|
|
38
|
+
*/
|
|
39
|
+
const ASYNC_IN_TRANSACTION_PATTERNS = [
|
|
40
|
+
/await.*?fetch\s*\(/g,
|
|
41
|
+
/await.*?http/gi,
|
|
42
|
+
/await.*?request\s*\(/g,
|
|
43
|
+
/await.*?\.publish\s*\(/g, // Event publishing
|
|
44
|
+
/await.*?\.send\s*\(/g, // Message sending
|
|
45
|
+
];
|
|
46
|
+
/**
|
|
47
|
+
* Patterns indicating transaction timeout configuration
|
|
48
|
+
*/
|
|
49
|
+
const TIMEOUT_PATTERNS = [
|
|
50
|
+
/transactionTimeout/i,
|
|
51
|
+
/queryTimeout/i,
|
|
52
|
+
/statementTimeout/i,
|
|
53
|
+
/lockTimeout/i,
|
|
54
|
+
];
|
|
55
|
+
/**
|
|
56
|
+
* Check if a line is a simple delegation pattern like:
|
|
57
|
+
* return this.repository.transaction(work);
|
|
58
|
+
* These delegate transaction management to another layer.
|
|
59
|
+
*/
|
|
60
|
+
function isTransactionDelegation(content, matchIndex) {
|
|
61
|
+
logger.debug({
|
|
62
|
+
evt: 'fitness.checks.transaction_patterns.is_transaction_delegation',
|
|
63
|
+
msg: 'Checking if transaction usage is a delegation pattern',
|
|
64
|
+
});
|
|
65
|
+
// Find the start of the line containing the match
|
|
66
|
+
let lineStart = content.lastIndexOf('\n', matchIndex);
|
|
67
|
+
if (lineStart === -1)
|
|
68
|
+
lineStart = 0;
|
|
69
|
+
else
|
|
70
|
+
lineStart++; // Move past the newline
|
|
71
|
+
// Find the end of the line
|
|
72
|
+
let lineEnd = content.indexOf('\n', matchIndex);
|
|
73
|
+
if (lineEnd === -1)
|
|
74
|
+
lineEnd = content.length;
|
|
75
|
+
const line = content.slice(lineStart, lineEnd).trim();
|
|
76
|
+
// Simple delegation pattern: return (await?) this.something.transaction(...);
|
|
77
|
+
// or: return (await?) something.transaction(...);
|
|
78
|
+
return /^\s*return\s+(await\s+)?(?:this\.)?\w+\.transaction\s*\(/.test(line);
|
|
79
|
+
}
|
|
80
|
+
/**
|
|
81
|
+
* Detect callback-style transactions: `.transaction((tx) => { ... })` or
|
|
82
|
+
* `.transaction(async (tx) => { ... })`. The callback model commits on
|
|
83
|
+
* normal return and rolls back on throw — no manual commit/rollback
|
|
84
|
+
* needed. Used by drizzle, better-sqlite3, knex, and our own DataStore.
|
|
85
|
+
*/
|
|
86
|
+
function isCallbackStyleTransaction(content, matchIndex) {
|
|
87
|
+
// Look at the slice starting at the match for callback signatures.
|
|
88
|
+
// Bounded window keeps this O(1) per match.
|
|
89
|
+
const window = content.slice(matchIndex, matchIndex + 200);
|
|
90
|
+
return (/\.(?:transaction|beginTransaction|startTransaction)\s*\(\s*(?:async\s+)?(?:\([^)]{0,80}\)|\w+)\s*=>/.test(window) ||
|
|
91
|
+
/\.(?:transaction|beginTransaction|startTransaction)\s*\(\s*(?:async\s+)?function\b/.test(window));
|
|
92
|
+
}
|
|
93
|
+
function findUncommittedTransactionViolations(content, filePath) {
|
|
94
|
+
logger.debug({
|
|
95
|
+
evt: 'fitness.checks.transaction_patterns.find_uncommitted_transaction_violations',
|
|
96
|
+
msg: 'Searching for uncommitted transaction violations',
|
|
97
|
+
});
|
|
98
|
+
const violations = [];
|
|
99
|
+
for (const pattern of TRANSACTION_PATTERNS) {
|
|
100
|
+
pattern.lastIndex = 0;
|
|
101
|
+
let match;
|
|
102
|
+
while ((match = pattern.exec(content)) !== null) {
|
|
103
|
+
const isSkippable = match[0].includes('@') ||
|
|
104
|
+
isTransactionDelegation(content, match.index) ||
|
|
105
|
+
isCallbackStyleTransaction(content, match.index);
|
|
106
|
+
if (isSkippable) {
|
|
107
|
+
continue;
|
|
108
|
+
}
|
|
109
|
+
violations.push({
|
|
110
|
+
line: getLineNumber(content, match.index),
|
|
111
|
+
column: 0,
|
|
112
|
+
message: 'Transaction may not be properly committed or rolled back',
|
|
113
|
+
severity: 'warning',
|
|
114
|
+
suggestion: 'Ensure all code paths commit or rollback the transaction. Use try/finally: try { await queryRunner.commitTransaction(); } catch { await queryRunner.rollbackTransaction(); } finally { await queryRunner.release(); }',
|
|
115
|
+
match: match[0],
|
|
116
|
+
type: 'uncommitted-transaction',
|
|
117
|
+
filePath,
|
|
118
|
+
});
|
|
119
|
+
}
|
|
120
|
+
}
|
|
121
|
+
return violations;
|
|
122
|
+
}
|
|
123
|
+
function findAsyncInTransactionViolations(content, filePath) {
|
|
124
|
+
logger.debug({
|
|
125
|
+
evt: 'fitness.checks.transaction_patterns.find_async_in_transaction_violations',
|
|
126
|
+
msg: 'Searching for async operations inside transactions',
|
|
127
|
+
});
|
|
128
|
+
const violations = [];
|
|
129
|
+
for (const pattern of ASYNC_IN_TRANSACTION_PATTERNS) {
|
|
130
|
+
pattern.lastIndex = 0;
|
|
131
|
+
let match;
|
|
132
|
+
while ((match = pattern.exec(content)) !== null) {
|
|
133
|
+
const beforeMatch = content.slice(0, Math.max(0, match.index));
|
|
134
|
+
const hasOpenTransaction = TRANSACTION_PATTERNS.some((p) => p.test(beforeMatch.slice(-500)));
|
|
135
|
+
if (!hasOpenTransaction) {
|
|
136
|
+
continue;
|
|
137
|
+
}
|
|
138
|
+
violations.push({
|
|
139
|
+
line: getLineNumber(content, match.index),
|
|
140
|
+
column: 0,
|
|
141
|
+
message: 'Async operation inside transaction may cause long locks',
|
|
142
|
+
severity: 'warning',
|
|
143
|
+
suggestion: 'Move network/external calls outside transaction boundary. Collect data first, then start transaction for DB writes only. Publish events after commit.',
|
|
144
|
+
match: match[0],
|
|
145
|
+
type: 'async-in-transaction',
|
|
146
|
+
filePath,
|
|
147
|
+
});
|
|
148
|
+
}
|
|
149
|
+
}
|
|
150
|
+
return violations;
|
|
151
|
+
}
|
|
152
|
+
/**
|
|
153
|
+
* Check: resilience/transaction-boundary-validation
|
|
154
|
+
*
|
|
155
|
+
* Validates transaction boundaries are properly managed:
|
|
156
|
+
* - Transactions are committed or rolled back
|
|
157
|
+
* - No async operations inside transactions that could cause long locks
|
|
158
|
+
* - Proper error handling in transaction blocks
|
|
159
|
+
*/
|
|
160
|
+
export const transactionBoundaryValidation = defineCheck({
|
|
161
|
+
id: '77c69adc-7ccd-4f83-98d1-fb9599d3e16f',
|
|
162
|
+
slug: 'transaction-boundary-validation',
|
|
163
|
+
scope: { languages: ['typescript'], concerns: ['backend', 'server'] },
|
|
164
|
+
contentFilter: 'strip-strings',
|
|
165
|
+
confidence: 'medium',
|
|
166
|
+
description: 'Validate transaction boundaries are properly managed',
|
|
167
|
+
longDescription: `**Purpose:** Ensures database transactions are properly committed/rolled back and do not contain risky async operations that hold locks.
|
|
168
|
+
|
|
169
|
+
**Detects:**
|
|
170
|
+
- Transaction starts (\`.transaction(\`, \`.beginTransaction(\`, \`.startTransaction(\`, \`BEGIN TRANSACTION\`, \`@Transaction\`, \`@Transactional\`, \`queryRunner.startTransaction\`) without corresponding \`.commit()\` or \`.rollback()\`
|
|
171
|
+
- Async operations inside open transactions: \`await...fetch(\`, \`await...http\`, \`await...request(\`, \`await...publish(\`, \`await...send(\` preceded by a transaction start within 500 chars
|
|
172
|
+
- Skips decorator-based transactions and delegation patterns (\`return this.repository.transaction(...)\`)
|
|
173
|
+
|
|
174
|
+
**Why it matters:** Uncommitted transactions leak connections; async calls inside transactions hold database locks and cause deadlocks or timeouts.
|
|
175
|
+
|
|
176
|
+
**Scope:** General best practice. Analyzes each file individually via regex.`,
|
|
177
|
+
tags: ['resilience', 'database', 'transactions'],
|
|
178
|
+
fileTypes: ['ts'],
|
|
179
|
+
analyze(content, filePath) {
|
|
180
|
+
// Test fixtures intentionally exercise transaction boundaries (no
|
|
181
|
+
// commit/rollback, callback throws, etc.) to verify detection logic.
|
|
182
|
+
if (isTestFile(filePath))
|
|
183
|
+
return [];
|
|
184
|
+
const usesTransactions = TRANSACTION_PATTERNS.some((p) => p.test(content));
|
|
185
|
+
if (!usesTransactions) {
|
|
186
|
+
return [];
|
|
187
|
+
}
|
|
188
|
+
const hasProperHandling = PROPER_TRANSACTION_PATTERNS.some((p) => p.test(content));
|
|
189
|
+
const uncommittedViolations = hasProperHandling
|
|
190
|
+
? []
|
|
191
|
+
: findUncommittedTransactionViolations(content, filePath);
|
|
192
|
+
const asyncViolations = findAsyncInTransactionViolations(content, filePath);
|
|
193
|
+
return [...uncommittedViolations, ...asyncViolations];
|
|
194
|
+
},
|
|
195
|
+
});
|
|
196
|
+
// =============================================================================
|
|
197
|
+
// TRANSACTION TIMEOUT
|
|
198
|
+
// =============================================================================
|
|
199
|
+
/**
|
|
200
|
+
* Check: resilience/transaction-timeout
|
|
201
|
+
*
|
|
202
|
+
* Validates transactions have timeout configurations:
|
|
203
|
+
* - Statement timeouts to prevent long-running queries
|
|
204
|
+
* - Lock timeouts to prevent deadlocks
|
|
205
|
+
*/
|
|
206
|
+
export const transactionTimeout = defineCheck({
|
|
207
|
+
id: 'd53a49fd-a3e2-4c35-b07a-81b48e8e0325',
|
|
208
|
+
slug: 'transaction-timeout',
|
|
209
|
+
scope: { languages: ['typescript'], concerns: ['backend', 'server'] },
|
|
210
|
+
description: 'Validate transactions have timeout configurations',
|
|
211
|
+
longDescription: `**Purpose:** Ensures manually managed transactions include timeout configurations to prevent indefinite lock holding.
|
|
212
|
+
|
|
213
|
+
**Detects:**
|
|
214
|
+
- Files using manual transaction management (\`.beginTransaction\`, \`.startTransaction\`, \`queryRunner\`) without timeout keywords (\`transactionTimeout\`, \`queryTimeout\`, \`statementTimeout\`, \`lockTimeout\`)
|
|
215
|
+
- Only flags manual transactions, not ORM decorator-based transactions
|
|
216
|
+
|
|
217
|
+
**Why it matters:** Transactions without timeouts can hold database locks indefinitely during network partitions or slow queries, causing cascading connection pool exhaustion.
|
|
218
|
+
|
|
219
|
+
**Scope:** General best practice. Analyzes each file individually via regex.`,
|
|
220
|
+
tags: ['resilience', 'database', 'timeout'],
|
|
221
|
+
analyze(content, filePath) {
|
|
222
|
+
const violations = [];
|
|
223
|
+
// Check if this file uses transactions
|
|
224
|
+
const usesTransactions = TRANSACTION_PATTERNS.some((p) => p.test(content));
|
|
225
|
+
if (!usesTransactions) {
|
|
226
|
+
return violations;
|
|
227
|
+
}
|
|
228
|
+
// Check for timeout configuration
|
|
229
|
+
const hasTimeout = TIMEOUT_PATTERNS.some((p) => p.test(content));
|
|
230
|
+
// Only flag if using manual transaction management (not ORM decorators)
|
|
231
|
+
const usesManualTransactions = content.includes('.beginTransaction') ||
|
|
232
|
+
content.includes('.startTransaction') ||
|
|
233
|
+
content.includes('queryRunner');
|
|
234
|
+
if (usesManualTransactions && !hasTimeout) {
|
|
235
|
+
// Find the transaction usage for line number
|
|
236
|
+
for (const pattern of TRANSACTION_PATTERNS) {
|
|
237
|
+
pattern.lastIndex = 0;
|
|
238
|
+
const match = pattern.exec(content);
|
|
239
|
+
if (match) {
|
|
240
|
+
const lineNumber = getLineNumber(content, match.index);
|
|
241
|
+
violations.push({
|
|
242
|
+
line: lineNumber,
|
|
243
|
+
column: 0,
|
|
244
|
+
message: 'Transaction without timeout configuration may hang indefinitely',
|
|
245
|
+
severity: 'warning',
|
|
246
|
+
suggestion: 'Configure transactionTimeout or statementTimeout. Example: SET statement_timeout = 30000; or configure in TypeORM: { extra: { statement_timeout: 30000 } }',
|
|
247
|
+
match: match[0],
|
|
248
|
+
type: 'missing-transaction-timeout',
|
|
249
|
+
filePath,
|
|
250
|
+
});
|
|
251
|
+
break;
|
|
252
|
+
}
|
|
253
|
+
}
|
|
254
|
+
}
|
|
255
|
+
return violations;
|
|
256
|
+
},
|
|
257
|
+
});
|
|
258
|
+
//# sourceMappingURL=transaction-patterns.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"transaction-patterns.js","sourceRoot":"","sources":["../../../src/checks/resilience/transaction-patterns.ts"],"names":[],"mappings":"AAAA,+GAA+G;AAC/G,+GAA+G;AAC/G;;GAEG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAC3C,OAAO,EAAE,WAAW,EAAE,UAAU,EAAuB,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAEnG,gFAAgF;AAChF,kCAAkC;AAClC,gFAAgF;AAEhF;;;;;GAKG;AACH,MAAM,oBAAoB,GAAG;IAC3B,qBAAqB;IACrB,0BAA0B;IAC1B,0BAA0B;IAC1B,uBAAuB;IACvB,iBAAiB;IACjB,mBAAmB,EAAE,oDAAoD;IACzE,gCAAgC;CACjC,CAAC;AAEF;;GAEG;AACH,MAAM,2BAA2B,GAAG;IAClC,iBAAiB;IACjB,mBAAmB;IACnB,SAAS;IACT,WAAW;CACZ,CAAC;AAEF;;;GAGG;AACH,MAAM,6BAA6B,GAAG;IACpC,qBAAqB;IACrB,gBAAgB;IAChB,uBAAuB;IACvB,yBAAyB,EAAE,mBAAmB;IAC9C,sBAAsB,EAAE,kBAAkB;CAC3C,CAAC;AAEF;;GAEG;AACH,MAAM,gBAAgB,GAAG;IACvB,qBAAqB;IACrB,eAAe;IACf,mBAAmB;IACnB,cAAc;CACf,CAAC;AAEF;;;;GAIG;AACH,SAAS,uBAAuB,CAAC,OAAe,EAAE,UAAkB;IAClE,MAAM,CAAC,KAAK,CAAC;QACX,GAAG,EAAE,+DAA+D;QACpE,GAAG,EAAE,uDAAuD;KAC7D,CAAC,CAAC;IACH,kDAAkD;IAClD,IAAI,SAAS,GAAG,OAAO,CAAC,WAAW,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;IACtD,IAAI,SAAS,KAAK,CAAC,CAAC;QAAE,SAAS,GAAG,CAAC,CAAC;;QAC/B,SAAS,EAAE,CAAC,CAAC,wBAAwB;IAE1C,2BAA2B;IAC3B,IAAI,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;IAChD,IAAI,OAAO,KAAK,CAAC,CAAC;QAAE,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC;IAE7C,MAAM,IAAI,GAAG,OAAO,CAAC,KAAK,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;IAEtD,8EAA8E;IAC9E,kDAAkD;IAClD,OAAO,0DAA0D,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC/E,CAAC;AAED;;;;;GAKG;AACH,SAAS,0BAA0B,CAAC,OAAe,EAAE,UAAkB;IACrE,mEAAmE;IACnE,4CAA4C;IAC5C,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,UAAU,EAAE,UAAU,GAAG,GAAG,CAAC,CAAC;IAC3D,OAAO,CACL,qGAAqG,CAAC,IAAI,CACxG,MAAM,CACP;QACD,oFAAoF,CAAC,IAAI,CACvF,MAAM,CACP,CACF,CAAC;AACJ,CAAC;AAED,SAAS,oCAAoC,CAAC,OAAe,EAAE,QAAgB;IAC7E,MAAM,CAAC,KAAK,CAAC;QACX,GAAG,EAAE,6EAA6E;QAClF,GAAG,EAAE,kDAAkD;KACxD,CAAC,CAAC;IACH,MAAM,UAAU,GAAqB,EAAE,CAAC;IAExC,KAAK,MAAM,OAAO,IAAI,oBAAoB,EAAE,CAAC;QAC3C,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;QACtB,IAAI,KAAK,CAAC;QACV,OAAO,CAAC,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAChD,MAAM,WAAW,GACf,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC;gBACtB,uBAAuB,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC;gBAC7C,0BAA0B,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;YACnD,IAAI,WAAW,EAAE,CAAC;gBAChB,SAAS;YACX,CAAC;YAED,UAAU,CAAC,IAAI,CAAC;gBACd,IAAI,EAAE,aAAa,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC;gBACzC,MAAM,EAAE,CAAC;gBACT,OAAO,EAAE,0DAA0D;gBACnE,QAAQ,EAAE,SAAS;gBACnB,UAAU,EACR,uNAAuN;gBACzN,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;gBACf,IAAI,EAAE,yBAAyB;gBAC/B,QAAQ;aACT,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,SAAS,gCAAgC,CAAC,OAAe,EAAE,QAAgB;IACzE,MAAM,CAAC,KAAK,CAAC;QACX,GAAG,EAAE,0EAA0E;QAC/E,GAAG,EAAE,oDAAoD;KAC1D,CAAC,CAAC;IACH,MAAM,UAAU,GAAqB,EAAE,CAAC;IAExC,KAAK,MAAM,OAAO,IAAI,6BAA6B,EAAE,CAAC;QACpD,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;QACtB,IAAI,KAAK,CAAC;QACV,OAAO,CAAC,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAChD,MAAM,WAAW,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC;YAC/D,MAAM,kBAAkB,GAAG,oBAAoB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YAE7F,IAAI,CAAC,kBAAkB,EAAE,CAAC;gBACxB,SAAS;YACX,CAAC;YAED,UAAU,CAAC,IAAI,CAAC;gBACd,IAAI,EAAE,aAAa,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC;gBACzC,MAAM,EAAE,CAAC;gBACT,OAAO,EAAE,yDAAyD;gBAClE,QAAQ,EAAE,SAAS;gBACnB,UAAU,EACR,uJAAuJ;gBACzJ,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;gBACf,IAAI,EAAE,sBAAsB;gBAC5B,QAAQ;aACT,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,6BAA6B,GAAG,WAAW,CAAC;IACvD,EAAE,EAAE,sCAAsC;IAC1C,IAAI,EAAE,iCAAiC;IACvC,KAAK,EAAE,EAAE,SAAS,EAAE,CAAC,YAAY,CAAC,EAAE,QAAQ,EAAE,CAAC,SAAS,EAAE,QAAQ,CAAC,EAAE;IACrE,aAAa,EAAE,eAAe;IAE9B,UAAU,EAAE,QAAQ;IACpB,WAAW,EAAE,sDAAsD;IACnE,eAAe,EAAE;;;;;;;;;6EAS0D;IAC3E,IAAI,EAAE,CAAC,YAAY,EAAE,UAAU,EAAE,cAAc,CAAC;IAChD,SAAS,EAAE,CAAC,IAAI,CAAC;IAEjB,OAAO,CAAC,OAAe,EAAE,QAAgB;QACvC,kEAAkE;QAClE,qEAAqE;QACrE,IAAI,UAAU,CAAC,QAAQ,CAAC;YAAE,OAAO,EAAE,CAAC;QAEpC,MAAM,gBAAgB,GAAG,oBAAoB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;QAC3E,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACtB,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,MAAM,iBAAiB,GAAG,2BAA2B,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;QACnF,MAAM,qBAAqB,GAAG,iBAAiB;YAC7C,CAAC,CAAC,EAAE;YACJ,CAAC,CAAC,oCAAoC,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAE5D,MAAM,eAAe,GAAG,gCAAgC,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAE5E,OAAO,CAAC,GAAG,qBAAqB,EAAE,GAAG,eAAe,CAAC,CAAC;IACxD,CAAC;CACF,CAAC,CAAC;AAEH,gFAAgF;AAChF,sBAAsB;AACtB,gFAAgF;AAEhF;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG,WAAW,CAAC;IAC5C,EAAE,EAAE,sCAAsC;IAC1C,IAAI,EAAE,qBAAqB;IAC3B,KAAK,EAAE,EAAE,SAAS,EAAE,CAAC,YAAY,CAAC,EAAE,QAAQ,EAAE,CAAC,SAAS,EAAE,QAAQ,CAAC,EAAE;IACrE,WAAW,EAAE,mDAAmD;IAChE,eAAe,EAAE;;;;;;;;6EAQ0D;IAC3E,IAAI,EAAE,CAAC,YAAY,EAAE,UAAU,EAAE,SAAS,CAAC;IAE3C,OAAO,CAAC,OAAe,EAAE,QAAgB;QACvC,MAAM,UAAU,GAAqB,EAAE,CAAC;QAExC,uCAAuC;QACvC,MAAM,gBAAgB,GAAG,oBAAoB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;QAC3E,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACtB,OAAO,UAAU,CAAC;QACpB,CAAC;QAED,kCAAkC;QAClC,MAAM,UAAU,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;QAEjE,wEAAwE;QACxE,MAAM,sBAAsB,GAC1B,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAC;YACrC,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAC;YACrC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAElC,IAAI,sBAAsB,IAAI,CAAC,UAAU,EAAE,CAAC;YAC1C,6CAA6C;YAC7C,KAAK,MAAM,OAAO,IAAI,oBAAoB,EAAE,CAAC;gBAC3C,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;gBACtB,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBACpC,IAAI,KAAK,EAAE,CAAC;oBACV,MAAM,UAAU,GAAG,aAAa,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;oBACvD,UAAU,CAAC,IAAI,CAAC;wBACd,IAAI,EAAE,UAAU;wBAChB,MAAM,EAAE,CAAC;wBACT,OAAO,EAAE,iEAAiE;wBAC1E,QAAQ,EAAE,SAAS;wBACnB,UAAU,EACR,4JAA4J;wBAC9J,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;wBACf,IAAI,EAAE,6BAA6B;wBACnC,QAAQ;qBACT,CAAC,CAAC;oBACH,MAAM;gBACR,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,UAAU,CAAC;IACpB,CAAC;CACF,CAAC,CAAC"}
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @fileoverview Regression tests for `no-hardcoded-secrets` FP fix.
|
|
3
|
+
*
|
|
4
|
+
* The 1.0.7 release added two filters: (1) skip matches inside a
|
|
5
|
+
* regex literal (the file IS the redactor), (2) skip matches that
|
|
6
|
+
* are redaction placeholders (`***`, `[REDACTED]`, `XXXX`, etc.).
|
|
7
|
+
*/
|
|
8
|
+
export {};
|
|
9
|
+
//# sourceMappingURL=no-hardcoded-secrets.test.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"no-hardcoded-secrets.test.d.ts","sourceRoot":"","sources":["../../../../src/checks/security/__tests__/no-hardcoded-secrets.test.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG"}
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @fileoverview Regression tests for `no-hardcoded-secrets` FP fix.
|
|
3
|
+
*
|
|
4
|
+
* The 1.0.7 release added two filters: (1) skip matches inside a
|
|
5
|
+
* regex literal (the file IS the redactor), (2) skip matches that
|
|
6
|
+
* are redaction placeholders (`***`, `[REDACTED]`, `XXXX`, etc.).
|
|
7
|
+
*/
|
|
8
|
+
import { describe, expect, it } from 'vitest';
|
|
9
|
+
import { analyzeHardcodedSecrets } from '../no-hardcoded-secrets.js';
|
|
10
|
+
function analyze(src) {
|
|
11
|
+
return analyzeHardcodedSecrets(src, 'test.ts');
|
|
12
|
+
}
|
|
13
|
+
describe('no-hardcoded-secrets — FP regression suite (1.0.7)', () => {
|
|
14
|
+
it('does NOT flag a regex literal that detects PRIVATE KEY blobs', () => {
|
|
15
|
+
// Pre-1.0.7 this fired because the regex pattern body contains
|
|
16
|
+
// "-----BEGIN PRIVATE KEY-----" literally.
|
|
17
|
+
const src = String.raw `
|
|
18
|
+
const REDACTORS = [
|
|
19
|
+
[/-----BEGIN (?:RSA |EC )?PRIVATE KEY-----[\s\S]*?-----END (?:RSA |EC )?PRIVATE KEY-----/g, '-----BEGIN PRIVATE KEY-----***-----END PRIVATE KEY-----'],
|
|
20
|
+
]
|
|
21
|
+
`;
|
|
22
|
+
expect(analyze(src)).toHaveLength(0);
|
|
23
|
+
});
|
|
24
|
+
it('does NOT flag a redaction placeholder string with ***', () => {
|
|
25
|
+
const src = `
|
|
26
|
+
const REDACTED_KEY = '-----BEGIN PRIVATE KEY-----***-----END PRIVATE KEY-----'
|
|
27
|
+
`;
|
|
28
|
+
expect(analyze(src)).toHaveLength(0);
|
|
29
|
+
});
|
|
30
|
+
it('STILL flags a real PRIVATE KEY literal', () => {
|
|
31
|
+
const src = `
|
|
32
|
+
const KEY = '-----BEGIN PRIVATE KEY-----'
|
|
33
|
+
`;
|
|
34
|
+
expect(analyze(src).length).toBeGreaterThanOrEqual(1);
|
|
35
|
+
});
|
|
36
|
+
});
|
|
37
|
+
//# sourceMappingURL=no-hardcoded-secrets.test.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"no-hardcoded-secrets.test.js","sourceRoot":"","sources":["../../../../src/checks/security/__tests__/no-hardcoded-secrets.test.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAE9C,OAAO,EAAE,uBAAuB,EAAE,MAAM,4BAA4B,CAAC;AAErE,SAAS,OAAO,CAAC,GAAW;IAC1B,OAAO,uBAAuB,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;AACjD,CAAC;AAED,QAAQ,CAAC,oDAAoD,EAAE,GAAG,EAAE;IAClE,EAAE,CAAC,8DAA8D,EAAE,GAAG,EAAE;QACtE,+DAA+D;QAC/D,2CAA2C;QAC3C,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,CAAA;;;;KAIrB,CAAC;QACF,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IACvC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uDAAuD,EAAE,GAAG,EAAE;QAC/D,MAAM,GAAG,GAAG;;KAEX,CAAC;QACF,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IACvC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wCAAwC,EAAE,GAAG,EAAE;QAChD,MAAM,GAAG,GAAG;;KAEX,CAAC;QACF,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,sBAAsB,CAAC,CAAC,CAAC,CAAC;IACxD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"package-supply-chain-policy.test.d.ts","sourceRoot":"","sources":["../../../../src/checks/security/__tests__/package-supply-chain-policy.test.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,128 @@
|
|
|
1
|
+
import { mkdirSync, mkdtempSync, rmSync, writeFileSync } from 'node:fs';
|
|
2
|
+
import { tmpdir } from 'node:os';
|
|
3
|
+
import { dirname, join } from 'node:path';
|
|
4
|
+
import { fileCache } from '@opensip-cli/fitness';
|
|
5
|
+
import { afterEach, describe, expect, it } from 'vitest';
|
|
6
|
+
import { packageSupplyChainPolicy } from '../package-supply-chain-policy.js';
|
|
7
|
+
function makeProject() {
|
|
8
|
+
return mkdtempSync(join(tmpdir(), 'supply-chain-policy-'));
|
|
9
|
+
}
|
|
10
|
+
function writeFixture(cwd, relPath, content) {
|
|
11
|
+
const abs = join(cwd, relPath);
|
|
12
|
+
mkdirSync(dirname(abs), { recursive: true });
|
|
13
|
+
writeFileSync(abs, content, 'utf8');
|
|
14
|
+
return abs;
|
|
15
|
+
}
|
|
16
|
+
async function runPolicy(cwd) {
|
|
17
|
+
return packageSupplyChainPolicy.run(cwd, {
|
|
18
|
+
targetFiles: [join(cwd, 'package.json')],
|
|
19
|
+
});
|
|
20
|
+
}
|
|
21
|
+
afterEach(() => {
|
|
22
|
+
fileCache.clear();
|
|
23
|
+
});
|
|
24
|
+
describe('package-supply-chain-policy', () => {
|
|
25
|
+
it('accepts a hardened pnpm project', async () => {
|
|
26
|
+
const cwd = makeProject();
|
|
27
|
+
try {
|
|
28
|
+
writeFixture(cwd, 'package.json', JSON.stringify({
|
|
29
|
+
name: 'clean-app',
|
|
30
|
+
private: true,
|
|
31
|
+
packageManager: 'pnpm@11.5.1+sha512.abc123',
|
|
32
|
+
dependencies: { yaml: '^2.9.0' },
|
|
33
|
+
}, null, 2));
|
|
34
|
+
writeFixture(cwd, 'pnpm-lock.yaml', [
|
|
35
|
+
"lockfileVersion: '9.0'",
|
|
36
|
+
'packages:',
|
|
37
|
+
' yaml@2.9.0:',
|
|
38
|
+
' resolution: {integrity: sha512-clean}',
|
|
39
|
+
].join('\n'));
|
|
40
|
+
writeFixture(cwd, 'pnpm-workspace.yaml', [
|
|
41
|
+
'packages:',
|
|
42
|
+
' - "."',
|
|
43
|
+
'allowBuilds:',
|
|
44
|
+
' esbuild: false',
|
|
45
|
+
'minimumReleaseAge: 1440',
|
|
46
|
+
'minimumReleaseAgeStrict: true',
|
|
47
|
+
'minimumReleaseAgeIgnoreMissingTime: false',
|
|
48
|
+
'trustPolicy: no-downgrade',
|
|
49
|
+
'trustLockfile: false',
|
|
50
|
+
'blockExoticSubdeps: true',
|
|
51
|
+
].join('\n'));
|
|
52
|
+
writeFixture(cwd, '.github/workflows/ci.yml', [
|
|
53
|
+
'name: CI',
|
|
54
|
+
'jobs:',
|
|
55
|
+
' test:',
|
|
56
|
+
' steps:',
|
|
57
|
+
' - run: pnpm install --frozen-lockfile',
|
|
58
|
+
].join('\n'));
|
|
59
|
+
const result = await runPolicy(cwd);
|
|
60
|
+
expect(result.signals).toHaveLength(0);
|
|
61
|
+
}
|
|
62
|
+
finally {
|
|
63
|
+
rmSync(cwd, { recursive: true, force: true });
|
|
64
|
+
}
|
|
65
|
+
});
|
|
66
|
+
it('flags missing pins, mutable installs, install hooks, tokens, and exotic dependencies', async () => {
|
|
67
|
+
const cwd = makeProject();
|
|
68
|
+
try {
|
|
69
|
+
writeFixture(cwd, 'package.json', JSON.stringify({
|
|
70
|
+
name: 'weak-app',
|
|
71
|
+
version: '1.0.0',
|
|
72
|
+
scripts: { postinstall: 'node setup.js' },
|
|
73
|
+
dependencies: { 'left-pad': 'github:example/left-pad' },
|
|
74
|
+
}, null, 2));
|
|
75
|
+
writeFixture(cwd, '.github/workflows/release.yml', [
|
|
76
|
+
'name: Release',
|
|
77
|
+
'jobs:',
|
|
78
|
+
' publish:',
|
|
79
|
+
' steps:',
|
|
80
|
+
' - run: npm install',
|
|
81
|
+
' - run: npm publish',
|
|
82
|
+
' env:',
|
|
83
|
+
' NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}',
|
|
84
|
+
].join('\n'));
|
|
85
|
+
const result = await runPolicy(cwd);
|
|
86
|
+
const types = result.signals.map((signal) => signal.metadata.type);
|
|
87
|
+
expect(types).toContain('package-manager-missing');
|
|
88
|
+
expect(types).toContain('lockfile-missing');
|
|
89
|
+
expect(types).toContain('exotic-dependency-source');
|
|
90
|
+
expect(types).toContain('install-lifecycle-script');
|
|
91
|
+
expect(types).toContain('ci-install-not-frozen');
|
|
92
|
+
expect(types).toContain('trusted-publishing-missing-oidc');
|
|
93
|
+
expect(types).toContain('publish-provenance-missing');
|
|
94
|
+
expect(types).toContain('publish-token-exposure');
|
|
95
|
+
}
|
|
96
|
+
finally {
|
|
97
|
+
rmSync(cwd, { recursive: true, force: true });
|
|
98
|
+
}
|
|
99
|
+
});
|
|
100
|
+
it('flags remote package-lock entries that lack integrity', async () => {
|
|
101
|
+
const cwd = makeProject();
|
|
102
|
+
try {
|
|
103
|
+
writeFixture(cwd, 'package.json', JSON.stringify({
|
|
104
|
+
name: 'npm-app',
|
|
105
|
+
private: true,
|
|
106
|
+
packageManager: 'npm@11.16.0',
|
|
107
|
+
}, null, 2));
|
|
108
|
+
writeFixture(cwd, '.npmrc', ['ignore-scripts=true', 'min-release-age=7'].join('\n'));
|
|
109
|
+
writeFixture(cwd, 'package-lock.json', JSON.stringify({
|
|
110
|
+
lockfileVersion: 3,
|
|
111
|
+
packages: {
|
|
112
|
+
'node_modules/bad': {
|
|
113
|
+
version: '1.0.0',
|
|
114
|
+
resolved: 'https://registry.npmjs.org/bad/-/bad-1.0.0.tgz',
|
|
115
|
+
},
|
|
116
|
+
},
|
|
117
|
+
}, null, 2));
|
|
118
|
+
writeFixture(cwd, '.github/workflows/ci.yml', ['name: CI', 'jobs:', ' test:', ' steps:', ' - run: npm ci'].join('\n'));
|
|
119
|
+
const result = await runPolicy(cwd);
|
|
120
|
+
const types = result.signals.map((signal) => signal.metadata.type);
|
|
121
|
+
expect(types).toContain('lockfile-entry-missing-integrity');
|
|
122
|
+
}
|
|
123
|
+
finally {
|
|
124
|
+
rmSync(cwd, { recursive: true, force: true });
|
|
125
|
+
}
|
|
126
|
+
});
|
|
127
|
+
});
|
|
128
|
+
//# sourceMappingURL=package-supply-chain-policy.test.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"package-supply-chain-policy.test.js","sourceRoot":"","sources":["../../../../src/checks/security/__tests__/package-supply-chain-policy.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACxE,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AACjC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAE1C,OAAO,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAC;AACjD,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAEzD,OAAO,EAAE,wBAAwB,EAAE,MAAM,mCAAmC,CAAC;AAE7E,SAAS,WAAW;IAClB,OAAO,WAAW,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,sBAAsB,CAAC,CAAC,CAAC;AAC7D,CAAC;AAED,SAAS,YAAY,CAAC,GAAW,EAAE,OAAe,EAAE,OAAe;IACjE,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;IAC/B,SAAS,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC7C,aAAa,CAAC,GAAG,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IACpC,OAAO,GAAG,CAAC;AACb,CAAC;AAED,KAAK,UAAU,SAAS,CAAC,GAAW;IAClC,OAAO,wBAAwB,CAAC,GAAG,CAAC,GAAG,EAAE;QACvC,WAAW,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE,cAAc,CAAC,CAAC;KACzC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,CAAC,GAAG,EAAE;IACb,SAAS,CAAC,KAAK,EAAE,CAAC;AACpB,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,6BAA6B,EAAE,GAAG,EAAE;IAC3C,EAAE,CAAC,iCAAiC,EAAE,KAAK,IAAI,EAAE;QAC/C,MAAM,GAAG,GAAG,WAAW,EAAE,CAAC;QAC1B,IAAI,CAAC;YACH,YAAY,CACV,GAAG,EACH,cAAc,EACd,IAAI,CAAC,SAAS,CACZ;gBACE,IAAI,EAAE,WAAW;gBACjB,OAAO,EAAE,IAAI;gBACb,cAAc,EAAE,2BAA2B;gBAC3C,YAAY,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;aACjC,EACD,IAAI,EACJ,CAAC,CACF,CACF,CAAC;YACF,YAAY,CACV,GAAG,EACH,gBAAgB,EAChB;gBACE,wBAAwB;gBACxB,WAAW;gBACX,eAAe;gBACf,2CAA2C;aAC5C,CAAC,IAAI,CAAC,IAAI,CAAC,CACb,CAAC;YACF,YAAY,CACV,GAAG,EACH,qBAAqB,EACrB;gBACE,WAAW;gBACX,SAAS;gBACT,cAAc;gBACd,kBAAkB;gBAClB,yBAAyB;gBACzB,+BAA+B;gBAC/B,2CAA2C;gBAC3C,2BAA2B;gBAC3B,sBAAsB;gBACtB,0BAA0B;aAC3B,CAAC,IAAI,CAAC,IAAI,CAAC,CACb,CAAC;YACF,YAAY,CACV,GAAG,EACH,0BAA0B,EAC1B;gBACE,UAAU;gBACV,OAAO;gBACP,SAAS;gBACT,YAAY;gBACZ,6CAA6C;aAC9C,CAAC,IAAI,CAAC,IAAI,CAAC,CACb,CAAC;YAEF,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,GAAG,CAAC,CAAC;YACpC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACzC,CAAC;gBAAS,CAAC;YACT,MAAM,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QAChD,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sFAAsF,EAAE,KAAK,IAAI,EAAE;QACpG,MAAM,GAAG,GAAG,WAAW,EAAE,CAAC;QAC1B,IAAI,CAAC;YACH,YAAY,CACV,GAAG,EACH,cAAc,EACd,IAAI,CAAC,SAAS,CACZ;gBACE,IAAI,EAAE,UAAU;gBAChB,OAAO,EAAE,OAAO;gBAChB,OAAO,EAAE,EAAE,WAAW,EAAE,eAAe,EAAE;gBACzC,YAAY,EAAE,EAAE,UAAU,EAAE,yBAAyB,EAAE;aACxD,EACD,IAAI,EACJ,CAAC,CACF,CACF,CAAC;YACF,YAAY,CACV,GAAG,EACH,+BAA+B,EAC/B;gBACE,eAAe;gBACf,OAAO;gBACP,YAAY;gBACZ,YAAY;gBACZ,0BAA0B;gBAC1B,0BAA0B;gBAC1B,cAAc;gBACd,qDAAqD;aACtD,CAAC,IAAI,CAAC,IAAI,CAAC,CACb,CAAC;YAEF,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,GAAG,CAAC,CAAC;YACpC,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YACnE,MAAM,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,yBAAyB,CAAC,CAAC;YACnD,MAAM,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,kBAAkB,CAAC,CAAC;YAC5C,MAAM,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,0BAA0B,CAAC,CAAC;YACpD,MAAM,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,0BAA0B,CAAC,CAAC;YACpD,MAAM,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,uBAAuB,CAAC,CAAC;YACjD,MAAM,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,iCAAiC,CAAC,CAAC;YAC3D,MAAM,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,4BAA4B,CAAC,CAAC;YACtD,MAAM,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,wBAAwB,CAAC,CAAC;QACpD,CAAC;gBAAS,CAAC;YACT,MAAM,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QAChD,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uDAAuD,EAAE,KAAK,IAAI,EAAE;QACrE,MAAM,GAAG,GAAG,WAAW,EAAE,CAAC;QAC1B,IAAI,CAAC;YACH,YAAY,CACV,GAAG,EACH,cAAc,EACd,IAAI,CAAC,SAAS,CACZ;gBACE,IAAI,EAAE,SAAS;gBACf,OAAO,EAAE,IAAI;gBACb,cAAc,EAAE,aAAa;aAC9B,EACD,IAAI,EACJ,CAAC,CACF,CACF,CAAC;YACF,YAAY,CAAC,GAAG,EAAE,QAAQ,EAAE,CAAC,qBAAqB,EAAE,mBAAmB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;YACrF,YAAY,CACV,GAAG,EACH,mBAAmB,EACnB,IAAI,CAAC,SAAS,CACZ;gBACE,eAAe,EAAE,CAAC;gBAClB,QAAQ,EAAE;oBACR,kBAAkB,EAAE;wBAClB,OAAO,EAAE,OAAO;wBAChB,QAAQ,EAAE,gDAAgD;qBAC3D;iBACF;aACF,EACD,IAAI,EACJ,CAAC,CACF,CACF,CAAC;YACF,YAAY,CACV,GAAG,EACH,0BAA0B,EAC1B,CAAC,UAAU,EAAE,OAAO,EAAE,SAAS,EAAE,YAAY,EAAE,qBAAqB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CACjF,CAAC;YAEF,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,GAAG,CAAC,CAAC;YACpC,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YACnE,MAAM,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,kCAAkC,CAAC,CAAC;QAC9D,CAAC;gBAAS,CAAC;YACT,MAAM,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QAChD,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @fileoverview Validate API key handling supports rotation
|
|
3
|
+
*/
|
|
4
|
+
/**
|
|
5
|
+
* Check: security/api-key-rotation
|
|
6
|
+
*
|
|
7
|
+
* Validates that API key handling supports key rotation.
|
|
8
|
+
*/
|
|
9
|
+
export declare const apiKeyRotation: import("@opensip-cli/fitness").Check;
|
|
10
|
+
//# sourceMappingURL=api-key-rotation.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"api-key-rotation.d.ts","sourceRoot":"","sources":["../../../src/checks/security/api-key-rotation.ts"],"names":[],"mappings":"AAEA;;GAEG;AAyIH;;;;GAIG;AACH,eAAO,MAAM,cAAc,sCA4DzB,CAAC"}
|