@opensip-cli/checks-universal 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +202 -0
- package/NOTICE +8 -0
- package/README.md +31 -0
- package/dist/__tests__/all-checks-execute.test.d.ts +17 -0
- package/dist/__tests__/all-checks-execute.test.d.ts.map +1 -0
- package/dist/__tests__/all-checks-execute.test.js +452 -0
- package/dist/__tests__/all-checks-execute.test.js.map +1 -0
- package/dist/__tests__/behavior-fixtures-10.test.d.ts +8 -0
- package/dist/__tests__/behavior-fixtures-10.test.d.ts.map +1 -0
- package/dist/__tests__/behavior-fixtures-10.test.js +200 -0
- package/dist/__tests__/behavior-fixtures-10.test.js.map +1 -0
- package/dist/__tests__/behavior-fixtures-11.test.d.ts +8 -0
- package/dist/__tests__/behavior-fixtures-11.test.d.ts.map +1 -0
- package/dist/__tests__/behavior-fixtures-11.test.js +120 -0
- package/dist/__tests__/behavior-fixtures-11.test.js.map +1 -0
- package/dist/__tests__/behavior-fixtures-12.test.d.ts +8 -0
- package/dist/__tests__/behavior-fixtures-12.test.d.ts.map +1 -0
- package/dist/__tests__/behavior-fixtures-12.test.js +157 -0
- package/dist/__tests__/behavior-fixtures-12.test.js.map +1 -0
- package/dist/__tests__/behavior-fixtures-2.test.d.ts +8 -0
- package/dist/__tests__/behavior-fixtures-2.test.d.ts.map +1 -0
- package/dist/__tests__/behavior-fixtures-2.test.js +785 -0
- package/dist/__tests__/behavior-fixtures-2.test.js.map +1 -0
- package/dist/__tests__/behavior-fixtures-3.test.d.ts +6 -0
- package/dist/__tests__/behavior-fixtures-3.test.d.ts.map +1 -0
- package/dist/__tests__/behavior-fixtures-3.test.js +663 -0
- package/dist/__tests__/behavior-fixtures-3.test.js.map +1 -0
- package/dist/__tests__/behavior-fixtures-4.test.d.ts +5 -0
- package/dist/__tests__/behavior-fixtures-4.test.d.ts.map +1 -0
- package/dist/__tests__/behavior-fixtures-4.test.js +612 -0
- package/dist/__tests__/behavior-fixtures-4.test.js.map +1 -0
- package/dist/__tests__/behavior-fixtures-5.test.d.ts +5 -0
- package/dist/__tests__/behavior-fixtures-5.test.d.ts.map +1 -0
- package/dist/__tests__/behavior-fixtures-5.test.js +469 -0
- package/dist/__tests__/behavior-fixtures-5.test.js.map +1 -0
- package/dist/__tests__/behavior-fixtures-6.test.d.ts +8 -0
- package/dist/__tests__/behavior-fixtures-6.test.d.ts.map +1 -0
- package/dist/__tests__/behavior-fixtures-6.test.js +591 -0
- package/dist/__tests__/behavior-fixtures-6.test.js.map +1 -0
- package/dist/__tests__/behavior-fixtures-7.test.d.ts +5 -0
- package/dist/__tests__/behavior-fixtures-7.test.d.ts.map +1 -0
- package/dist/__tests__/behavior-fixtures-7.test.js +662 -0
- package/dist/__tests__/behavior-fixtures-7.test.js.map +1 -0
- package/dist/__tests__/behavior-fixtures-8.test.d.ts +11 -0
- package/dist/__tests__/behavior-fixtures-8.test.d.ts.map +1 -0
- package/dist/__tests__/behavior-fixtures-8.test.js +634 -0
- package/dist/__tests__/behavior-fixtures-8.test.js.map +1 -0
- package/dist/__tests__/behavior-fixtures-9.test.d.ts +11 -0
- package/dist/__tests__/behavior-fixtures-9.test.d.ts.map +1 -0
- package/dist/__tests__/behavior-fixtures-9.test.js +271 -0
- package/dist/__tests__/behavior-fixtures-9.test.js.map +1 -0
- package/dist/__tests__/behavior-fixtures.test.d.ts +14 -0
- package/dist/__tests__/behavior-fixtures.test.d.ts.map +1 -0
- package/dist/__tests__/behavior-fixtures.test.js +1423 -0
- package/dist/__tests__/behavior-fixtures.test.js.map +1 -0
- package/dist/__tests__/checks.test.d.ts +2 -0
- package/dist/__tests__/checks.test.d.ts.map +1 -0
- package/dist/__tests__/checks.test.js +61 -0
- package/dist/__tests__/checks.test.js.map +1 -0
- package/dist/__tests__/env-var-validation.test.d.ts +14 -0
- package/dist/__tests__/env-var-validation.test.d.ts.map +1 -0
- package/dist/__tests__/env-var-validation.test.js +53 -0
- package/dist/__tests__/env-var-validation.test.js.map +1 -0
- package/dist/__tests__/file-length-limit.test.d.ts +2 -0
- package/dist/__tests__/file-length-limit.test.d.ts.map +1 -0
- package/dist/__tests__/file-length-limit.test.js +29 -0
- package/dist/__tests__/file-length-limit.test.js.map +1 -0
- package/dist/__tests__/fixture-coverage.allowlist.d.ts +18 -0
- package/dist/__tests__/fixture-coverage.allowlist.d.ts.map +1 -0
- package/dist/__tests__/fixture-coverage.allowlist.js +35 -0
- package/dist/__tests__/fixture-coverage.allowlist.js.map +1 -0
- package/dist/__tests__/fixture-coverage.test.d.ts +13 -0
- package/dist/__tests__/fixture-coverage.test.d.ts.map +1 -0
- package/dist/__tests__/fixture-coverage.test.js +57 -0
- package/dist/__tests__/fixture-coverage.test.js.map +1 -0
- package/dist/__tests__/iic.test.d.ts +15 -0
- package/dist/__tests__/iic.test.d.ts.map +1 -0
- package/dist/__tests__/iic.test.js +316 -0
- package/dist/__tests__/iic.test.js.map +1 -0
- package/dist/__tests__/no-skipped-tests.test.d.ts +14 -0
- package/dist/__tests__/no-skipped-tests.test.d.ts.map +1 -0
- package/dist/__tests__/no-skipped-tests.test.js +144 -0
- package/dist/__tests__/no-skipped-tests.test.js.map +1 -0
- package/dist/__tests__/no-todo-comments.test.d.ts +2 -0
- package/dist/__tests__/no-todo-comments.test.d.ts.map +1 -0
- package/dist/__tests__/no-todo-comments.test.js +31 -0
- package/dist/__tests__/no-todo-comments.test.js.map +1 -0
- package/dist/__tests__/no-unimplemented-markers.test.d.ts +2 -0
- package/dist/__tests__/no-unimplemented-markers.test.d.ts.map +1 -0
- package/dist/__tests__/no-unimplemented-markers.test.js +140 -0
- package/dist/__tests__/no-unimplemented-markers.test.js.map +1 -0
- package/dist/__tests__/public-api-jsdoc-scope.test.d.ts +10 -0
- package/dist/__tests__/public-api-jsdoc-scope.test.d.ts.map +1 -0
- package/dist/__tests__/public-api-jsdoc-scope.test.js +176 -0
- package/dist/__tests__/public-api-jsdoc-scope.test.js.map +1 -0
- package/dist/__tests__/resilience-fp.test.d.ts +14 -0
- package/dist/__tests__/resilience-fp.test.d.ts.map +1 -0
- package/dist/__tests__/resilience-fp.test.js +110 -0
- package/dist/__tests__/resilience-fp.test.js.map +1 -0
- package/dist/checks/architecture/__tests__/no-kebab-option-indexing.test.d.ts +2 -0
- package/dist/checks/architecture/__tests__/no-kebab-option-indexing.test.d.ts.map +1 -0
- package/dist/checks/architecture/__tests__/no-kebab-option-indexing.test.js +32 -0
- package/dist/checks/architecture/__tests__/no-kebab-option-indexing.test.js.map +1 -0
- package/dist/checks/architecture/__tests__/tool-has-manifest.test.d.ts +2 -0
- package/dist/checks/architecture/__tests__/tool-has-manifest.test.d.ts.map +1 -0
- package/dist/checks/architecture/__tests__/tool-has-manifest.test.js +152 -0
- package/dist/checks/architecture/__tests__/tool-has-manifest.test.js.map +1 -0
- package/dist/checks/architecture/__tests__/vitest-config-required-with-tests.test.d.ts +2 -0
- package/dist/checks/architecture/__tests__/vitest-config-required-with-tests.test.d.ts.map +1 -0
- package/dist/checks/architecture/__tests__/vitest-config-required-with-tests.test.js +129 -0
- package/dist/checks/architecture/__tests__/vitest-config-required-with-tests.test.js.map +1 -0
- package/dist/checks/architecture/_yaml-doc-bindings.d.ts +23 -0
- package/dist/checks/architecture/_yaml-doc-bindings.d.ts.map +1 -0
- package/dist/checks/architecture/_yaml-doc-bindings.js +29 -0
- package/dist/checks/architecture/_yaml-doc-bindings.js.map +1 -0
- package/dist/checks/architecture/dependencies/index.d.ts +2 -0
- package/dist/checks/architecture/dependencies/index.d.ts.map +1 -0
- package/dist/checks/architecture/dependencies/index.js +2 -0
- package/dist/checks/architecture/dependencies/index.js.map +1 -0
- package/dist/checks/architecture/dependencies/no-duplicate-packages.d.ts +11 -0
- package/dist/checks/architecture/dependencies/no-duplicate-packages.d.ts.map +1 -0
- package/dist/checks/architecture/dependencies/no-duplicate-packages.js +171 -0
- package/dist/checks/architecture/dependencies/no-duplicate-packages.js.map +1 -0
- package/dist/checks/architecture/docker-best-practices.d.ts +23 -0
- package/dist/checks/architecture/docker-best-practices.d.ts.map +1 -0
- package/dist/checks/architecture/docker-best-practices.js +427 -0
- package/dist/checks/architecture/docker-best-practices.js.map +1 -0
- package/dist/checks/architecture/docker-ignore-validation.d.ts +18 -0
- package/dist/checks/architecture/docker-ignore-validation.d.ts.map +1 -0
- package/dist/checks/architecture/docker-ignore-validation.js +117 -0
- package/dist/checks/architecture/docker-ignore-validation.js.map +1 -0
- package/dist/checks/architecture/docker-version-sync.d.ts +16 -0
- package/dist/checks/architecture/docker-version-sync.d.ts.map +1 -0
- package/dist/checks/architecture/docker-version-sync.js +193 -0
- package/dist/checks/architecture/docker-version-sync.js.map +1 -0
- package/dist/checks/architecture/env-var-validation.d.ts +14 -0
- package/dist/checks/architecture/env-var-validation.d.ts.map +1 -0
- package/dist/checks/architecture/env-var-validation.js +289 -0
- package/dist/checks/architecture/env-var-validation.js.map +1 -0
- package/dist/checks/architecture/heavy-import-detection.d.ts +11 -0
- package/dist/checks/architecture/heavy-import-detection.d.ts.map +1 -0
- package/dist/checks/architecture/heavy-import-detection.js +91 -0
- package/dist/checks/architecture/heavy-import-detection.js.map +1 -0
- package/dist/checks/architecture/index.d.ts +16 -0
- package/dist/checks/architecture/index.d.ts.map +1 -0
- package/dist/checks/architecture/index.js +16 -0
- package/dist/checks/architecture/index.js.map +1 -0
- package/dist/checks/architecture/modules/empty-package-detection.d.ts +11 -0
- package/dist/checks/architecture/modules/empty-package-detection.d.ts.map +1 -0
- package/dist/checks/architecture/modules/empty-package-detection.js +277 -0
- package/dist/checks/architecture/modules/empty-package-detection.js.map +1 -0
- package/dist/checks/architecture/modules/index.d.ts +3 -0
- package/dist/checks/architecture/modules/index.d.ts.map +1 -0
- package/dist/checks/architecture/modules/index.js +3 -0
- package/dist/checks/architecture/modules/index.js.map +1 -0
- package/dist/checks/architecture/modules/interface-implementation-consistency.d.ts +12 -0
- package/dist/checks/architecture/modules/interface-implementation-consistency.d.ts.map +1 -0
- package/dist/checks/architecture/modules/interface-implementation-consistency.js +555 -0
- package/dist/checks/architecture/modules/interface-implementation-consistency.js.map +1 -0
- package/dist/checks/architecture/no-custom-event-emitter.d.ts +11 -0
- package/dist/checks/architecture/no-custom-event-emitter.d.ts.map +1 -0
- package/dist/checks/architecture/no-custom-event-emitter.js +123 -0
- package/dist/checks/architecture/no-custom-event-emitter.js.map +1 -0
- package/dist/checks/architecture/no-kebab-option-indexing.d.ts +33 -0
- package/dist/checks/architecture/no-kebab-option-indexing.d.ts.map +1 -0
- package/dist/checks/architecture/no-kebab-option-indexing.js +81 -0
- package/dist/checks/architecture/no-kebab-option-indexing.js.map +1 -0
- package/dist/checks/architecture/node-version-consistency.d.ts +22 -0
- package/dist/checks/architecture/node-version-consistency.d.ts.map +1 -0
- package/dist/checks/architecture/node-version-consistency.js +225 -0
- package/dist/checks/architecture/node-version-consistency.js.map +1 -0
- package/dist/checks/architecture/project-readme-existence.d.ts +13 -0
- package/dist/checks/architecture/project-readme-existence.d.ts.map +1 -0
- package/dist/checks/architecture/project-readme-existence.js +55 -0
- package/dist/checks/architecture/project-readme-existence.js.map +1 -0
- package/dist/checks/architecture/stale-build-artifacts.d.ts +10 -0
- package/dist/checks/architecture/stale-build-artifacts.d.ts.map +1 -0
- package/dist/checks/architecture/stale-build-artifacts.js +55 -0
- package/dist/checks/architecture/stale-build-artifacts.js.map +1 -0
- package/dist/checks/architecture/tool-has-manifest.d.ts +27 -0
- package/dist/checks/architecture/tool-has-manifest.d.ts.map +1 -0
- package/dist/checks/architecture/tool-has-manifest.js +135 -0
- package/dist/checks/architecture/tool-has-manifest.js.map +1 -0
- package/dist/checks/architecture/vitest-config-extends-base.d.ts +15 -0
- package/dist/checks/architecture/vitest-config-extends-base.d.ts.map +1 -0
- package/dist/checks/architecture/vitest-config-extends-base.js +104 -0
- package/dist/checks/architecture/vitest-config-extends-base.js.map +1 -0
- package/dist/checks/architecture/vitest-config-required-with-tests.d.ts +49 -0
- package/dist/checks/architecture/vitest-config-required-with-tests.d.ts.map +1 -0
- package/dist/checks/architecture/vitest-config-required-with-tests.js +199 -0
- package/dist/checks/architecture/vitest-config-required-with-tests.js.map +1 -0
- package/dist/checks/documentation/_directives/eslint.d.ts +9 -0
- package/dist/checks/documentation/_directives/eslint.d.ts.map +1 -0
- package/dist/checks/documentation/_directives/eslint.js +168 -0
- package/dist/checks/documentation/_directives/eslint.js.map +1 -0
- package/dist/checks/documentation/_directives/fitness.d.ts +9 -0
- package/dist/checks/documentation/_directives/fitness.d.ts.map +1 -0
- package/dist/checks/documentation/_directives/fitness.js +64 -0
- package/dist/checks/documentation/_directives/fitness.js.map +1 -0
- package/dist/checks/documentation/_directives/graph.d.ts +10 -0
- package/dist/checks/documentation/_directives/graph.d.ts.map +1 -0
- package/dist/checks/documentation/_directives/graph.js +65 -0
- package/dist/checks/documentation/_directives/graph.js.map +1 -0
- package/dist/checks/documentation/_directives/graph.test.d.ts +2 -0
- package/dist/checks/documentation/_directives/graph.test.d.ts.map +1 -0
- package/dist/checks/documentation/_directives/graph.test.js +54 -0
- package/dist/checks/documentation/_directives/graph.test.js.map +1 -0
- package/dist/checks/documentation/_directives/semgrep.d.ts +8 -0
- package/dist/checks/documentation/_directives/semgrep.d.ts.map +1 -0
- package/dist/checks/documentation/_directives/semgrep.js +72 -0
- package/dist/checks/documentation/_directives/semgrep.js.map +1 -0
- package/dist/checks/documentation/_directives/types.d.ts +21 -0
- package/dist/checks/documentation/_directives/types.d.ts.map +1 -0
- package/dist/checks/documentation/_directives/types.js +9 -0
- package/dist/checks/documentation/_directives/types.js.map +1 -0
- package/dist/checks/documentation/_directives/typescript.d.ts +10 -0
- package/dist/checks/documentation/_directives/typescript.d.ts.map +1 -0
- package/dist/checks/documentation/_directives/typescript.js +54 -0
- package/dist/checks/documentation/_directives/typescript.js.map +1 -0
- package/dist/checks/documentation/_public-api-graph.d.ts +30 -0
- package/dist/checks/documentation/_public-api-graph.d.ts.map +1 -0
- package/dist/checks/documentation/_public-api-graph.js +304 -0
- package/dist/checks/documentation/_public-api-graph.js.map +1 -0
- package/dist/checks/documentation/directive-audit.d.ts +26 -0
- package/dist/checks/documentation/directive-audit.d.ts.map +1 -0
- package/dist/checks/documentation/directive-audit.js +144 -0
- package/dist/checks/documentation/directive-audit.js.map +1 -0
- package/dist/checks/documentation/index.d.ts +3 -0
- package/dist/checks/documentation/index.d.ts.map +1 -0
- package/dist/checks/documentation/index.js +3 -0
- package/dist/checks/documentation/index.js.map +1 -0
- package/dist/checks/documentation/public-api-jsdoc.d.ts +10 -0
- package/dist/checks/documentation/public-api-jsdoc.d.ts.map +1 -0
- package/dist/checks/documentation/public-api-jsdoc.js +131 -0
- package/dist/checks/documentation/public-api-jsdoc.js.map +1 -0
- package/dist/checks/file-length-limit.d.ts +16 -0
- package/dist/checks/file-length-limit.d.ts.map +1 -0
- package/dist/checks/file-length-limit.js +47 -0
- package/dist/checks/file-length-limit.js.map +1 -0
- package/dist/checks/index.d.ts +16 -0
- package/dist/checks/index.d.ts.map +1 -0
- package/dist/checks/index.js +16 -0
- package/dist/checks/index.js.map +1 -0
- package/dist/checks/no-todo-comments.d.ts +18 -0
- package/dist/checks/no-todo-comments.d.ts.map +1 -0
- package/dist/checks/no-todo-comments.js +79 -0
- package/dist/checks/no-todo-comments.js.map +1 -0
- package/dist/checks/no-unimplemented-markers.d.ts +24 -0
- package/dist/checks/no-unimplemented-markers.d.ts.map +1 -0
- package/dist/checks/no-unimplemented-markers.js +198 -0
- package/dist/checks/no-unimplemented-markers.js.map +1 -0
- package/dist/checks/quality/api/graphql-offset-pagination.d.ts +9 -0
- package/dist/checks/quality/api/graphql-offset-pagination.d.ts.map +1 -0
- package/dist/checks/quality/api/graphql-offset-pagination.js +63 -0
- package/dist/checks/quality/api/graphql-offset-pagination.js.map +1 -0
- package/dist/checks/quality/api/index.d.ts +3 -0
- package/dist/checks/quality/api/index.d.ts.map +1 -0
- package/dist/checks/quality/api/index.js +3 -0
- package/dist/checks/quality/api/index.js.map +1 -0
- package/dist/checks/quality/api/zod-openapi-sync.d.ts +13 -0
- package/dist/checks/quality/api/zod-openapi-sync.d.ts.map +1 -0
- package/dist/checks/quality/api/zod-openapi-sync.js +88 -0
- package/dist/checks/quality/api/zod-openapi-sync.js.map +1 -0
- package/dist/checks/quality/code-structure/dead-code.d.ts +12 -0
- package/dist/checks/quality/code-structure/dead-code.d.ts.map +1 -0
- package/dist/checks/quality/code-structure/dead-code.js +238 -0
- package/dist/checks/quality/code-structure/dead-code.js.map +1 -0
- package/dist/checks/quality/code-structure/index.d.ts +5 -0
- package/dist/checks/quality/code-structure/index.d.ts.map +1 -0
- package/dist/checks/quality/code-structure/index.js +5 -0
- package/dist/checks/quality/code-structure/index.js.map +1 -0
- package/dist/checks/quality/code-structure/no-ai-attribution.d.ts +25 -0
- package/dist/checks/quality/code-structure/no-ai-attribution.d.ts.map +1 -0
- package/dist/checks/quality/code-structure/no-ai-attribution.js +76 -0
- package/dist/checks/quality/code-structure/no-ai-attribution.js.map +1 -0
- package/dist/checks/quality/code-structure/no-console-log.d.ts +17 -0
- package/dist/checks/quality/code-structure/no-console-log.d.ts.map +1 -0
- package/dist/checks/quality/code-structure/no-console-log.js +106 -0
- package/dist/checks/quality/code-structure/no-console-log.js.map +1 -0
- package/dist/checks/quality/code-structure/no-process-artifacts.d.ts +25 -0
- package/dist/checks/quality/code-structure/no-process-artifacts.d.ts.map +1 -0
- package/dist/checks/quality/code-structure/no-process-artifacts.js +104 -0
- package/dist/checks/quality/code-structure/no-process-artifacts.js.map +1 -0
- package/dist/checks/quality/dependency-version-consistency.d.ts +20 -0
- package/dist/checks/quality/dependency-version-consistency.d.ts.map +1 -0
- package/dist/checks/quality/dependency-version-consistency.js +266 -0
- package/dist/checks/quality/dependency-version-consistency.js.map +1 -0
- package/dist/checks/quality/fitness-ignore-hygiene.d.ts +10 -0
- package/dist/checks/quality/fitness-ignore-hygiene.d.ts.map +1 -0
- package/dist/checks/quality/fitness-ignore-hygiene.js +93 -0
- package/dist/checks/quality/fitness-ignore-hygiene.js.map +1 -0
- package/dist/checks/quality/frontend/expo-vector-icons.d.ts +13 -0
- package/dist/checks/quality/frontend/expo-vector-icons.d.ts.map +1 -0
- package/dist/checks/quality/frontend/expo-vector-icons.js +80 -0
- package/dist/checks/quality/frontend/expo-vector-icons.js.map +1 -0
- package/dist/checks/quality/frontend/image-optimization.d.ts +13 -0
- package/dist/checks/quality/frontend/image-optimization.d.ts.map +1 -0
- package/dist/checks/quality/frontend/image-optimization.js +166 -0
- package/dist/checks/quality/frontend/image-optimization.js.map +1 -0
- package/dist/checks/quality/frontend/index.d.ts +4 -0
- package/dist/checks/quality/frontend/index.d.ts.map +1 -0
- package/dist/checks/quality/frontend/index.js +4 -0
- package/dist/checks/quality/frontend/index.js.map +1 -0
- package/dist/checks/quality/frontend/navigation-typing.d.ts +12 -0
- package/dist/checks/quality/frontend/navigation-typing.d.ts.map +1 -0
- package/dist/checks/quality/frontend/navigation-typing.js +77 -0
- package/dist/checks/quality/frontend/navigation-typing.js.map +1 -0
- package/dist/checks/quality/graph-ignore-hygiene.d.ts +10 -0
- package/dist/checks/quality/graph-ignore-hygiene.d.ts.map +1 -0
- package/dist/checks/quality/graph-ignore-hygiene.js +95 -0
- package/dist/checks/quality/graph-ignore-hygiene.js.map +1 -0
- package/dist/checks/quality/graph-ignore-hygiene.test.d.ts +14 -0
- package/dist/checks/quality/graph-ignore-hygiene.test.d.ts.map +1 -0
- package/dist/checks/quality/graph-ignore-hygiene.test.js +58 -0
- package/dist/checks/quality/graph-ignore-hygiene.test.js.map +1 -0
- package/dist/checks/quality/index.d.ts +16 -0
- package/dist/checks/quality/index.d.ts.map +1 -0
- package/dist/checks/quality/index.js +16 -0
- package/dist/checks/quality/index.js.map +1 -0
- package/dist/checks/quality/linting/eslint-justifications.d.ts +12 -0
- package/dist/checks/quality/linting/eslint-justifications.d.ts.map +1 -0
- package/dist/checks/quality/linting/eslint-justifications.js +328 -0
- package/dist/checks/quality/linting/eslint-justifications.js.map +1 -0
- package/dist/checks/quality/linting/index.d.ts +4 -0
- package/dist/checks/quality/linting/index.d.ts.map +1 -0
- package/dist/checks/quality/linting/index.js +4 -0
- package/dist/checks/quality/linting/index.js.map +1 -0
- package/dist/checks/quality/linting/semgrep-justifications.d.ts +16 -0
- package/dist/checks/quality/linting/semgrep-justifications.d.ts.map +1 -0
- package/dist/checks/quality/linting/semgrep-justifications.js +229 -0
- package/dist/checks/quality/linting/semgrep-justifications.js.map +1 -0
- package/dist/checks/quality/linting/typescript-directive-hygiene.d.ts +12 -0
- package/dist/checks/quality/linting/typescript-directive-hygiene.d.ts.map +1 -0
- package/dist/checks/quality/linting/typescript-directive-hygiene.js +142 -0
- package/dist/checks/quality/linting/typescript-directive-hygiene.js.map +1 -0
- package/dist/checks/quality/no-compatibility-layer-names.d.ts +13 -0
- package/dist/checks/quality/no-compatibility-layer-names.d.ts.map +1 -0
- package/dist/checks/quality/no-compatibility-layer-names.js +100 -0
- package/dist/checks/quality/no-compatibility-layer-names.js.map +1 -0
- package/dist/checks/quality/no-deprecated-tags.d.ts +11 -0
- package/dist/checks/quality/no-deprecated-tags.d.ts.map +1 -0
- package/dist/checks/quality/no-deprecated-tags.js +76 -0
- package/dist/checks/quality/no-deprecated-tags.js.map +1 -0
- package/dist/checks/quality/no-markdown-references.d.ts +16 -0
- package/dist/checks/quality/no-markdown-references.d.ts.map +1 -0
- package/dist/checks/quality/no-markdown-references.js +145 -0
- package/dist/checks/quality/no-markdown-references.js.map +1 -0
- package/dist/checks/quality/no-raw-regex-on-code.d.ts +9 -0
- package/dist/checks/quality/no-raw-regex-on-code.d.ts.map +1 -0
- package/dist/checks/quality/no-raw-regex-on-code.js +61 -0
- package/dist/checks/quality/no-raw-regex-on-code.js.map +1 -0
- package/dist/checks/quality/no-temporary-workarounds.d.ts +11 -0
- package/dist/checks/quality/no-temporary-workarounds.d.ts.map +1 -0
- package/dist/checks/quality/no-temporary-workarounds.js +69 -0
- package/dist/checks/quality/no-temporary-workarounds.js.map +1 -0
- package/dist/checks/quality/no-window-alert.d.ts +19 -0
- package/dist/checks/quality/no-window-alert.d.ts.map +1 -0
- package/dist/checks/quality/no-window-alert.js +74 -0
- package/dist/checks/quality/no-window-alert.js.map +1 -0
- package/dist/checks/quality/observability/index.d.ts +2 -0
- package/dist/checks/quality/observability/index.d.ts.map +1 -0
- package/dist/checks/quality/observability/index.js +2 -0
- package/dist/checks/quality/observability/index.js.map +1 -0
- package/dist/checks/quality/observability/pino-serializer-coverage.d.ts +15 -0
- package/dist/checks/quality/observability/pino-serializer-coverage.d.ts.map +1 -0
- package/dist/checks/quality/observability/pino-serializer-coverage.js +209 -0
- package/dist/checks/quality/observability/pino-serializer-coverage.js.map +1 -0
- package/dist/checks/quality/patterns/async-state-pattern.d.ts +14 -0
- package/dist/checks/quality/patterns/async-state-pattern.d.ts.map +1 -0
- package/dist/checks/quality/patterns/async-state-pattern.js +80 -0
- package/dist/checks/quality/patterns/async-state-pattern.js.map +1 -0
- package/dist/checks/quality/patterns/index.d.ts +4 -0
- package/dist/checks/quality/patterns/index.d.ts.map +1 -0
- package/dist/checks/quality/patterns/index.js +4 -0
- package/dist/checks/quality/patterns/index.js.map +1 -0
- package/dist/checks/quality/patterns/no-non-null-assertions.d.ts +10 -0
- package/dist/checks/quality/patterns/no-non-null-assertions.d.ts.map +1 -0
- package/dist/checks/quality/patterns/no-non-null-assertions.js +97 -0
- package/dist/checks/quality/patterns/no-non-null-assertions.js.map +1 -0
- package/dist/checks/quality/patterns/performance-anti-patterns.d.ts +16 -0
- package/dist/checks/quality/patterns/performance-anti-patterns.d.ts.map +1 -0
- package/dist/checks/quality/patterns/performance-anti-patterns.js +239 -0
- package/dist/checks/quality/patterns/performance-anti-patterns.js.map +1 -0
- package/dist/checks/resilience/_helpers/config-validation.d.ts +27 -0
- package/dist/checks/resilience/_helpers/config-validation.d.ts.map +1 -0
- package/dist/checks/resilience/_helpers/config-validation.js +61 -0
- package/dist/checks/resilience/_helpers/config-validation.js.map +1 -0
- package/dist/checks/resilience/batch-operations.d.ts +22 -0
- package/dist/checks/resilience/batch-operations.d.ts.map +1 -0
- package/dist/checks/resilience/batch-operations.js +422 -0
- package/dist/checks/resilience/batch-operations.js.map +1 -0
- package/dist/checks/resilience/cache-ttl-validation.d.ts +13 -0
- package/dist/checks/resilience/cache-ttl-validation.d.ts.map +1 -0
- package/dist/checks/resilience/cache-ttl-validation.js +222 -0
- package/dist/checks/resilience/cache-ttl-validation.js.map +1 -0
- package/dist/checks/resilience/catch-clause-safety.d.ts +12 -0
- package/dist/checks/resilience/catch-clause-safety.d.ts.map +1 -0
- package/dist/checks/resilience/catch-clause-safety.js +110 -0
- package/dist/checks/resilience/catch-clause-safety.js.map +1 -0
- package/dist/checks/resilience/dangerous-config-defaults.d.ts +11 -0
- package/dist/checks/resilience/dangerous-config-defaults.d.ts.map +1 -0
- package/dist/checks/resilience/dangerous-config-defaults.js +304 -0
- package/dist/checks/resilience/dangerous-config-defaults.js.map +1 -0
- package/dist/checks/resilience/error-code-registration.d.ts +11 -0
- package/dist/checks/resilience/error-code-registration.d.ts.map +1 -0
- package/dist/checks/resilience/error-code-registration.js +88 -0
- package/dist/checks/resilience/error-code-registration.js.map +1 -0
- package/dist/checks/resilience/event-patterns.d.ts +21 -0
- package/dist/checks/resilience/event-patterns.d.ts.map +1 -0
- package/dist/checks/resilience/event-patterns.js +232 -0
- package/dist/checks/resilience/event-patterns.js.map +1 -0
- package/dist/checks/resilience/exit-code-correctness.d.ts +12 -0
- package/dist/checks/resilience/exit-code-correctness.d.ts.map +1 -0
- package/dist/checks/resilience/exit-code-correctness.js +107 -0
- package/dist/checks/resilience/exit-code-correctness.js.map +1 -0
- package/dist/checks/resilience/index.d.ts +18 -0
- package/dist/checks/resilience/index.d.ts.map +1 -0
- package/dist/checks/resilience/index.js +18 -0
- package/dist/checks/resilience/index.js.map +1 -0
- package/dist/checks/resilience/no-hardcoded-timeouts.d.ts +10 -0
- package/dist/checks/resilience/no-hardcoded-timeouts.d.ts.map +1 -0
- package/dist/checks/resilience/no-hardcoded-timeouts.js +291 -0
- package/dist/checks/resilience/no-hardcoded-timeouts.js.map +1 -0
- package/dist/checks/resilience/no-process-exit-in-finally.d.ts +11 -0
- package/dist/checks/resilience/no-process-exit-in-finally.d.ts.map +1 -0
- package/dist/checks/resilience/no-process-exit-in-finally.js +89 -0
- package/dist/checks/resilience/no-process-exit-in-finally.js.map +1 -0
- package/dist/checks/resilience/readline-cleanup.d.ts +11 -0
- package/dist/checks/resilience/readline-cleanup.d.ts.map +1 -0
- package/dist/checks/resilience/readline-cleanup.js +107 -0
- package/dist/checks/resilience/readline-cleanup.js.map +1 -0
- package/dist/checks/resilience/recovery-patterns.d.ts +25 -0
- package/dist/checks/resilience/recovery-patterns.d.ts.map +1 -0
- package/dist/checks/resilience/recovery-patterns.js +273 -0
- package/dist/checks/resilience/recovery-patterns.js.map +1 -0
- package/dist/checks/resilience/reentrancy-guard.d.ts +12 -0
- package/dist/checks/resilience/reentrancy-guard.d.ts.map +1 -0
- package/dist/checks/resilience/reentrancy-guard.js +86 -0
- package/dist/checks/resilience/reentrancy-guard.js.map +1 -0
- package/dist/checks/resilience/retry-config-validation.d.ts +13 -0
- package/dist/checks/resilience/retry-config-validation.d.ts.map +1 -0
- package/dist/checks/resilience/retry-config-validation.js +159 -0
- package/dist/checks/resilience/retry-config-validation.js.map +1 -0
- package/dist/checks/resilience/sentry/_helpers/sentry.d.ts +25 -0
- package/dist/checks/resilience/sentry/_helpers/sentry.d.ts.map +1 -0
- package/dist/checks/resilience/sentry/_helpers/sentry.js +68 -0
- package/dist/checks/resilience/sentry/_helpers/sentry.js.map +1 -0
- package/dist/checks/resilience/sentry/index.d.ts +8 -0
- package/dist/checks/resilience/sentry/index.d.ts.map +1 -0
- package/dist/checks/resilience/sentry/index.js +8 -0
- package/dist/checks/resilience/sentry/index.js.map +1 -0
- package/dist/checks/resilience/sentry/sentry-dsn-configured.d.ts +12 -0
- package/dist/checks/resilience/sentry/sentry-dsn-configured.d.ts.map +1 -0
- package/dist/checks/resilience/sentry/sentry-dsn-configured.js +55 -0
- package/dist/checks/resilience/sentry/sentry-dsn-configured.js.map +1 -0
- package/dist/checks/resilience/sentry/sentry-environment-set.d.ts +12 -0
- package/dist/checks/resilience/sentry/sentry-environment-set.d.ts.map +1 -0
- package/dist/checks/resilience/sentry/sentry-environment-set.js +51 -0
- package/dist/checks/resilience/sentry/sentry-environment-set.js.map +1 -0
- package/dist/checks/resilience/sentry/sentry-error-boundary.d.ts +12 -0
- package/dist/checks/resilience/sentry/sentry-error-boundary.d.ts.map +1 -0
- package/dist/checks/resilience/sentry/sentry-error-boundary.js +75 -0
- package/dist/checks/resilience/sentry/sentry-error-boundary.js.map +1 -0
- package/dist/checks/resilience/sentry/sentry-pii-scrubbing.d.ts +13 -0
- package/dist/checks/resilience/sentry/sentry-pii-scrubbing.d.ts.map +1 -0
- package/dist/checks/resilience/sentry/sentry-pii-scrubbing.js +125 -0
- package/dist/checks/resilience/sentry/sentry-pii-scrubbing.js.map +1 -0
- package/dist/checks/resilience/sentry/sentry-release-set.d.ts +12 -0
- package/dist/checks/resilience/sentry/sentry-release-set.d.ts.map +1 -0
- package/dist/checks/resilience/sentry/sentry-release-set.js +51 -0
- package/dist/checks/resilience/sentry/sentry-release-set.js.map +1 -0
- package/dist/checks/resilience/sentry/sentry-sample-rate.d.ts +12 -0
- package/dist/checks/resilience/sentry/sentry-sample-rate.d.ts.map +1 -0
- package/dist/checks/resilience/sentry/sentry-sample-rate.js +78 -0
- package/dist/checks/resilience/sentry/sentry-sample-rate.js.map +1 -0
- package/dist/checks/resilience/sentry/sentry-source-maps.d.ts +12 -0
- package/dist/checks/resilience/sentry/sentry-source-maps.d.ts.map +1 -0
- package/dist/checks/resilience/sentry/sentry-source-maps.js +83 -0
- package/dist/checks/resilience/sentry/sentry-source-maps.js.map +1 -0
- package/dist/checks/resilience/service-patterns.d.ts +18 -0
- package/dist/checks/resilience/service-patterns.d.ts.map +1 -0
- package/dist/checks/resilience/service-patterns.js +230 -0
- package/dist/checks/resilience/service-patterns.js.map +1 -0
- package/dist/checks/resilience/timer-lifecycle.d.ts +10 -0
- package/dist/checks/resilience/timer-lifecycle.d.ts.map +1 -0
- package/dist/checks/resilience/timer-lifecycle.js +78 -0
- package/dist/checks/resilience/timer-lifecycle.js.map +1 -0
- package/dist/checks/resilience/transaction-patterns.d.ts +21 -0
- package/dist/checks/resilience/transaction-patterns.d.ts.map +1 -0
- package/dist/checks/resilience/transaction-patterns.js +258 -0
- package/dist/checks/resilience/transaction-patterns.js.map +1 -0
- package/dist/checks/security/__tests__/no-hardcoded-secrets.test.d.ts +9 -0
- package/dist/checks/security/__tests__/no-hardcoded-secrets.test.d.ts.map +1 -0
- package/dist/checks/security/__tests__/no-hardcoded-secrets.test.js +37 -0
- package/dist/checks/security/__tests__/no-hardcoded-secrets.test.js.map +1 -0
- package/dist/checks/security/__tests__/package-supply-chain-policy.test.d.ts +2 -0
- package/dist/checks/security/__tests__/package-supply-chain-policy.test.d.ts.map +1 -0
- package/dist/checks/security/__tests__/package-supply-chain-policy.test.js +128 -0
- package/dist/checks/security/__tests__/package-supply-chain-policy.test.js.map +1 -0
- package/dist/checks/security/api-key-rotation.d.ts +10 -0
- package/dist/checks/security/api-key-rotation.d.ts.map +1 -0
- package/dist/checks/security/api-key-rotation.js +186 -0
- package/dist/checks/security/api-key-rotation.js.map +1 -0
- package/dist/checks/security/auth-middleware-coverage.d.ts +11 -0
- package/dist/checks/security/auth-middleware-coverage.d.ts.map +1 -0
- package/dist/checks/security/auth-middleware-coverage.js +210 -0
- package/dist/checks/security/auth-middleware-coverage.js.map +1 -0
- package/dist/checks/security/auth-route-guard.d.ts +12 -0
- package/dist/checks/security/auth-route-guard.d.ts.map +1 -0
- package/dist/checks/security/auth-route-guard.js +70 -0
- package/dist/checks/security/auth-route-guard.js.map +1 -0
- package/dist/checks/security/cors-configuration.d.ts +11 -0
- package/dist/checks/security/cors-configuration.d.ts.map +1 -0
- package/dist/checks/security/cors-configuration.js +126 -0
- package/dist/checks/security/cors-configuration.js.map +1 -0
- package/dist/checks/security/csp-headers.d.ts +11 -0
- package/dist/checks/security/csp-headers.d.ts.map +1 -0
- package/dist/checks/security/csp-headers.js +192 -0
- package/dist/checks/security/csp-headers.js.map +1 -0
- package/dist/checks/security/dependency-vulnerability-audit.d.ts +15 -0
- package/dist/checks/security/dependency-vulnerability-audit.d.ts.map +1 -0
- package/dist/checks/security/dependency-vulnerability-audit.js +184 -0
- package/dist/checks/security/dependency-vulnerability-audit.js.map +1 -0
- package/dist/checks/security/env-secret-exposure.d.ts +11 -0
- package/dist/checks/security/env-secret-exposure.d.ts.map +1 -0
- package/dist/checks/security/env-secret-exposure.js +127 -0
- package/dist/checks/security/env-secret-exposure.js.map +1 -0
- package/dist/checks/security/hasura-production-config.d.ts +11 -0
- package/dist/checks/security/hasura-production-config.d.ts.map +1 -0
- package/dist/checks/security/hasura-production-config.js +122 -0
- package/dist/checks/security/hasura-production-config.js.map +1 -0
- package/dist/checks/security/index.d.ts +17 -0
- package/dist/checks/security/index.d.ts.map +1 -0
- package/dist/checks/security/index.js +17 -0
- package/dist/checks/security/index.js.map +1 -0
- package/dist/checks/security/jwt-validation.d.ts +11 -0
- package/dist/checks/security/jwt-validation.d.ts.map +1 -0
- package/dist/checks/security/jwt-validation.js +294 -0
- package/dist/checks/security/jwt-validation.js.map +1 -0
- package/dist/checks/security/no-eval.d.ts +16 -0
- package/dist/checks/security/no-eval.d.ts.map +1 -0
- package/dist/checks/security/no-eval.js +83 -0
- package/dist/checks/security/no-eval.js.map +1 -0
- package/dist/checks/security/no-hardcoded-secrets.d.ts +28 -0
- package/dist/checks/security/no-hardcoded-secrets.d.ts.map +1 -0
- package/dist/checks/security/no-hardcoded-secrets.js +209 -0
- package/dist/checks/security/no-hardcoded-secrets.js.map +1 -0
- package/dist/checks/security/package-supply-chain-policy.d.ts +12 -0
- package/dist/checks/security/package-supply-chain-policy.d.ts.map +1 -0
- package/dist/checks/security/package-supply-chain-policy.js +534 -0
- package/dist/checks/security/package-supply-chain-policy.js.map +1 -0
- package/dist/checks/security/rate-limit-coverage.d.ts +10 -0
- package/dist/checks/security/rate-limit-coverage.d.ts.map +1 -0
- package/dist/checks/security/rate-limit-coverage.js +143 -0
- package/dist/checks/security/rate-limit-coverage.js.map +1 -0
- package/dist/checks/security/semgrep-scan.d.ts +13 -0
- package/dist/checks/security/semgrep-scan.d.ts.map +1 -0
- package/dist/checks/security/semgrep-scan.js +86 -0
- package/dist/checks/security/semgrep-scan.js.map +1 -0
- package/dist/checks/security/use-centralized-crypto.d.ts +11 -0
- package/dist/checks/security/use-centralized-crypto.d.ts.map +1 -0
- package/dist/checks/security/use-centralized-crypto.js +129 -0
- package/dist/checks/security/use-centralized-crypto.js.map +1 -0
- package/dist/checks/security/webhook-signature-verification.d.ts +10 -0
- package/dist/checks/security/webhook-signature-verification.d.ts.map +1 -0
- package/dist/checks/security/webhook-signature-verification.js +183 -0
- package/dist/checks/security/webhook-signature-verification.js.map +1 -0
- package/dist/checks/testing/index.d.ts +6 -0
- package/dist/checks/testing/index.d.ts.map +1 -0
- package/dist/checks/testing/index.js +6 -0
- package/dist/checks/testing/index.js.map +1 -0
- package/dist/checks/testing/no-skipped-tests.d.ts +40 -0
- package/dist/checks/testing/no-skipped-tests.d.ts.map +1 -0
- package/dist/checks/testing/no-skipped-tests.js +174 -0
- package/dist/checks/testing/no-skipped-tests.js.map +1 -0
- package/dist/checks/testing/no-stub-tests.d.ts +11 -0
- package/dist/checks/testing/no-stub-tests.d.ts.map +1 -0
- package/dist/checks/testing/no-stub-tests.js +103 -0
- package/dist/checks/testing/no-stub-tests.js.map +1 -0
- package/dist/checks/testing/test-convention-consistency.d.ts +14 -0
- package/dist/checks/testing/test-convention-consistency.d.ts.map +1 -0
- package/dist/checks/testing/test-convention-consistency.js +93 -0
- package/dist/checks/testing/test-convention-consistency.js.map +1 -0
- package/dist/checks/testing/test-file-naming.d.ts +13 -0
- package/dist/checks/testing/test-file-naming.d.ts.map +1 -0
- package/dist/checks/testing/test-file-naming.js +218 -0
- package/dist/checks/testing/test-file-naming.js.map +1 -0
- package/dist/checks/testing/test-file-pairing.d.ts +13 -0
- package/dist/checks/testing/test-file-pairing.d.ts.map +1 -0
- package/dist/checks/testing/test-file-pairing.js +274 -0
- package/dist/checks/testing/test-file-pairing.js.map +1 -0
- package/dist/display/architecture.d.ts +9 -0
- package/dist/display/architecture.d.ts.map +1 -0
- package/dist/display/architecture.js +29 -0
- package/dist/display/architecture.js.map +1 -0
- package/dist/display/index.d.ts +20 -0
- package/dist/display/index.d.ts.map +1 -0
- package/dist/display/index.js +30 -0
- package/dist/display/index.js.map +1 -0
- package/dist/display/quality.d.ts +7 -0
- package/dist/display/quality.d.ts.map +1 -0
- package/dist/display/quality.js +34 -0
- package/dist/display/quality.js.map +1 -0
- package/dist/display/resilience.d.ts +7 -0
- package/dist/display/resilience.d.ts.map +1 -0
- package/dist/display/resilience.js +36 -0
- package/dist/display/resilience.js.map +1 -0
- package/dist/display/security-testing.d.ts +9 -0
- package/dist/display/security-testing.d.ts.map +1 -0
- package/dist/display/security-testing.js +31 -0
- package/dist/display/security-testing.js.map +1 -0
- package/dist/display/types.d.ts +6 -0
- package/dist/display/types.d.ts.map +1 -0
- package/dist/display/types.js +6 -0
- package/dist/display/types.js.map +1 -0
- package/dist/index.d.ts +19 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +21 -0
- package/dist/index.js.map +1 -0
- package/package.json +52 -0
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @fileoverview Detect dangerous eval and dynamic code execution
|
|
3
|
+
*
|
|
4
|
+
* Migrated to defineRegexListCheck (Layer 4 Phase C6). The original
|
|
5
|
+
* `findEvalPattern` shape returned only the first matching pattern's
|
|
6
|
+
* exec result per line; that semantics is preserved via the helper's
|
|
7
|
+
* `oneViolationPerLine: true` option (combined with non-global regexes).
|
|
8
|
+
*/
|
|
9
|
+
/**
|
|
10
|
+
* Check: security/no-eval
|
|
11
|
+
*
|
|
12
|
+
* Detects usage of eval(), new Function(), and similar dynamic code execution
|
|
13
|
+
* patterns that can lead to code injection vulnerabilities.
|
|
14
|
+
*/
|
|
15
|
+
export declare const noEval: import("@opensip-cli/fitness").Check;
|
|
16
|
+
//# sourceMappingURL=no-eval.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"no-eval.d.ts","sourceRoot":"","sources":["../../../src/checks/security/no-eval.ts"],"names":[],"mappings":"AAEA;;;;;;;GAOG;AAIH;;;;;GAKG;AACH,eAAO,MAAM,MAAM,sCAoEjB,CAAC"}
|
|
@@ -0,0 +1,83 @@
|
|
|
1
|
+
// @fitness-ignore-file timer-lifecycle -- All setInterval references are in regex patterns and documentation strings, not actual timer usage
|
|
2
|
+
// @fitness-ignore-file no-eval -- Fitness check definition references eval/Function/setTimeout/setInterval in string literals and regex patterns, not actual usage
|
|
3
|
+
/**
|
|
4
|
+
* @fileoverview Detect dangerous eval and dynamic code execution
|
|
5
|
+
*
|
|
6
|
+
* Migrated to defineRegexListCheck (Layer 4 Phase C6). The original
|
|
7
|
+
* `findEvalPattern` shape returned only the first matching pattern's
|
|
8
|
+
* exec result per line; that semantics is preserved via the helper's
|
|
9
|
+
* `oneViolationPerLine: true` option (combined with non-global regexes).
|
|
10
|
+
*/
|
|
11
|
+
import { defineRegexListCheck } from '@opensip-cli/fitness';
|
|
12
|
+
/**
|
|
13
|
+
* Check: security/no-eval
|
|
14
|
+
*
|
|
15
|
+
* Detects usage of eval(), new Function(), and similar dynamic code execution
|
|
16
|
+
* patterns that can lead to code injection vulnerabilities.
|
|
17
|
+
*/
|
|
18
|
+
export const noEval = defineRegexListCheck({
|
|
19
|
+
id: '9f6d299f-8155-4719-b605-897e9dcb1fdb',
|
|
20
|
+
slug: 'no-eval',
|
|
21
|
+
scope: { languages: ['typescript'], concerns: ['backend', 'frontend', 'cli'] },
|
|
22
|
+
contentFilter: 'strip-strings',
|
|
23
|
+
confidence: 'medium',
|
|
24
|
+
description: 'Detect dangerous eval and dynamic code execution',
|
|
25
|
+
longDescription: `**Purpose:** Detects usage of \`eval()\`, \`new Function()\`, and other dynamic code execution patterns that can lead to code injection vulnerabilities.
|
|
26
|
+
|
|
27
|
+
**Detects:**
|
|
28
|
+
- \`eval(\` calls
|
|
29
|
+
- \`new Function(\` constructor usage
|
|
30
|
+
- \`setTimeout('string', ...)\` with string argument instead of function reference
|
|
31
|
+
- \`setInterval('string', ...)\` with string argument instead of function reference
|
|
32
|
+
|
|
33
|
+
**Why it matters:** Dynamic code execution from strings (\`eval\`, \`new Function\`, string-based timers) allows attackers to inject and run arbitrary code if any input reaches these functions.
|
|
34
|
+
|
|
35
|
+
**Scope:** General best practice. Analyzes each file individually against the production preset.`,
|
|
36
|
+
tags: ['security', 'injection', 'eval'],
|
|
37
|
+
fileTypes: ['ts', 'tsx'],
|
|
38
|
+
options: {
|
|
39
|
+
// Original site emitted at most one violation per line, returning
|
|
40
|
+
// the FIRST matching pattern via findEvalPattern().
|
|
41
|
+
oneViolationPerLine: true,
|
|
42
|
+
},
|
|
43
|
+
patterns: [
|
|
44
|
+
{
|
|
45
|
+
id: '1ea47b8c-18be-402b-ae19-8ac66a88d050',
|
|
46
|
+
slug: 'eval-call',
|
|
47
|
+
// Match only the global/bare `eval(` — NOT a member call `x.eval(`
|
|
48
|
+
// (e.g. ioredis / Sequelize `redis.eval(luaScript, …)` is a Redis
|
|
49
|
+
// server-side Lua EVAL, not JavaScript eval) nor an identifier that
|
|
50
|
+
// merely ends in `eval` (`retrieval(`, `myEval(`). The negative
|
|
51
|
+
// lookbehind rejects a preceding `.`, word char, or `$`.
|
|
52
|
+
regex: /(?<![.\w$])eval\s*\(/,
|
|
53
|
+
message: 'eval() usage detected - use JSON.parse or other safe alternatives',
|
|
54
|
+
severity: 'error',
|
|
55
|
+
suggestion: 'Replace eval() with safe alternatives: use JSON.parse() for JSON strings, use a proper expression parser for math, or restructure code to avoid dynamic evaluation entirely.',
|
|
56
|
+
},
|
|
57
|
+
{
|
|
58
|
+
id: 'b7c3a2c2-0448-405f-86e3-8b5fca987bc7',
|
|
59
|
+
slug: 'new-function',
|
|
60
|
+
regex: /\bnew\s+Function\s*\(/,
|
|
61
|
+
message: 'new Function() usage detected - avoid dynamic code generation',
|
|
62
|
+
severity: 'error',
|
|
63
|
+
suggestion: 'Replace new Function() with precompiled functions or safe alternatives. For templating, use a template engine. For dynamic behavior, use configuration objects or the strategy pattern.',
|
|
64
|
+
},
|
|
65
|
+
{
|
|
66
|
+
id: 'a09a09f6-13c1-4988-9275-aec0ef3572e5',
|
|
67
|
+
slug: 'set-timeout-string',
|
|
68
|
+
regex: /setTimeout\s*\(\s*['"`][^'"`]+['"`]/,
|
|
69
|
+
message: 'setTimeout with string argument detected - use function reference',
|
|
70
|
+
severity: 'error',
|
|
71
|
+
suggestion: 'Pass a function reference instead of a string: setTimeout(() => doSomething(), 1000) or setTimeout(doSomething, 1000). String arguments are evaluated like eval().',
|
|
72
|
+
},
|
|
73
|
+
{
|
|
74
|
+
id: '9968cdec-1541-4522-ac02-e9eff56a5c2a',
|
|
75
|
+
slug: 'set-interval-string',
|
|
76
|
+
regex: /setInterval\s*\(\s*['"`][^'"`]+['"`]/,
|
|
77
|
+
message: 'setInterval with string argument detected - use function reference',
|
|
78
|
+
severity: 'error',
|
|
79
|
+
suggestion: 'Pass a function reference instead of a string: setInterval(() => doSomething(), 1000) or setInterval(doSomething, 1000). String arguments are evaluated like eval().',
|
|
80
|
+
},
|
|
81
|
+
],
|
|
82
|
+
});
|
|
83
|
+
//# sourceMappingURL=no-eval.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"no-eval.js","sourceRoot":"","sources":["../../../src/checks/security/no-eval.ts"],"names":[],"mappings":"AAAA,6IAA6I;AAC7I,mKAAmK;AACnK;;;;;;;GAOG;AAEH,OAAO,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAE5D;;;;;GAKG;AACH,MAAM,CAAC,MAAM,MAAM,GAAG,oBAAoB,CAAC;IACzC,EAAE,EAAE,sCAAsC;IAC1C,IAAI,EAAE,SAAS;IACf,KAAK,EAAE,EAAE,SAAS,EAAE,CAAC,YAAY,CAAC,EAAE,QAAQ,EAAE,CAAC,SAAS,EAAE,UAAU,EAAE,KAAK,CAAC,EAAE;IAC9E,aAAa,EAAE,eAAe;IAC9B,UAAU,EAAE,QAAQ;IACpB,WAAW,EAAE,kDAAkD;IAC/D,eAAe,EAAE;;;;;;;;;;iGAU8E;IAC/F,IAAI,EAAE,CAAC,UAAU,EAAE,WAAW,EAAE,MAAM,CAAC;IACvC,SAAS,EAAE,CAAC,IAAI,EAAE,KAAK,CAAC;IACxB,OAAO,EAAE;QACP,kEAAkE;QAClE,oDAAoD;QACpD,mBAAmB,EAAE,IAAI;KAC1B;IACD,QAAQ,EAAE;QACR;YACE,EAAE,EAAE,sCAAsC;YAC1C,IAAI,EAAE,WAAW;YACjB,mEAAmE;YACnE,kEAAkE;YAClE,oEAAoE;YACpE,gEAAgE;YAChE,yDAAyD;YACzD,KAAK,EAAE,sBAAsB;YAC7B,OAAO,EAAE,mEAAmE;YAC5E,QAAQ,EAAE,OAAO;YACjB,UAAU,EACR,8KAA8K;SACjL;QACD;YACE,EAAE,EAAE,sCAAsC;YAC1C,IAAI,EAAE,cAAc;YACpB,KAAK,EAAE,uBAAuB;YAC9B,OAAO,EAAE,+DAA+D;YACxE,QAAQ,EAAE,OAAO;YACjB,UAAU,EACR,yLAAyL;SAC5L;QACD;YACE,EAAE,EAAE,sCAAsC;YAC1C,IAAI,EAAE,oBAAoB;YAC1B,KAAK,EAAE,qCAAqC;YAC5C,OAAO,EAAE,mEAAmE;YAC5E,QAAQ,EAAE,OAAO;YACjB,UAAU,EACR,oKAAoK;SACvK;QACD;YACE,EAAE,EAAE,sCAAsC;YAC1C,IAAI,EAAE,qBAAqB;YAC3B,KAAK,EAAE,sCAAsC;YAC7C,OAAO,EAAE,oEAAoE;YAC7E,QAAQ,EAAE,OAAO;YACjB,UAAU,EACR,sKAAsK;SACzK;KACF;CACF,CAAC,CAAC"}
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @fileoverview Detect hardcoded secrets in source code.
|
|
3
|
+
*
|
|
4
|
+
* Inline regex-list shape retained — migration to `defineRegexListCheck`
|
|
5
|
+
* deferred (Phase C6 / 2026-05-23 NF2). This site has site-specific
|
|
6
|
+
* post-match filters that the helper does not model:
|
|
7
|
+
* 1. `isInsideRegexLiteral` — skips matches inside `/.../` literals
|
|
8
|
+
* to avoid false-firing on detection-pattern source itself.
|
|
9
|
+
* 2. `lineHasRedactionPlaceholder` — skips lines containing `***`,
|
|
10
|
+
* `[REDACTED]`, `<REDACTED>`, or `X{4,}` redaction markers.
|
|
11
|
+
* Adding these as helper options would broaden its surface beyond
|
|
12
|
+
* what the other adopters need; keeping them inline here is the
|
|
13
|
+
* smaller change.
|
|
14
|
+
*/
|
|
15
|
+
import { type CheckViolation } from '@opensip-cli/fitness';
|
|
16
|
+
/**
|
|
17
|
+
* Check: security/no-hardcoded-secrets
|
|
18
|
+
*
|
|
19
|
+
* Detects hardcoded secrets, API keys, and credentials in source code.
|
|
20
|
+
* Secrets should come from environment variables or secret management.
|
|
21
|
+
*/
|
|
22
|
+
export declare const noHardcodedSecrets: import("@opensip-cli/fitness").Check;
|
|
23
|
+
/**
|
|
24
|
+
* Pure analysis function. Exported so unit tests can exercise the
|
|
25
|
+
* detection logic without standing up the full Check framework.
|
|
26
|
+
*/
|
|
27
|
+
export declare function analyzeHardcodedSecrets(content: string, filePath: string): CheckViolation[];
|
|
28
|
+
//# sourceMappingURL=no-hardcoded-secrets.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"no-hardcoded-secrets.d.ts","sourceRoot":"","sources":["../../../src/checks/security/no-hardcoded-secrets.ts"],"names":[],"mappings":"AACA;;;;;;;;;;;;;GAaG;AAGH,OAAO,EAAe,KAAK,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAyFxE;;;;;GAKG;AACH,eAAO,MAAM,kBAAkB,sCA4B7B,CAAC;AAEH;;;GAGG;AACH,wBAAgB,uBAAuB,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,cAAc,EAAE,CAc3F"}
|
|
@@ -0,0 +1,209 @@
|
|
|
1
|
+
// @fitness-ignore-file no-hardcoded-secrets -- Fitness check definition references secret patterns in longDescription as examples, not actual secrets
|
|
2
|
+
/**
|
|
3
|
+
* @fileoverview Detect hardcoded secrets in source code.
|
|
4
|
+
*
|
|
5
|
+
* Inline regex-list shape retained — migration to `defineRegexListCheck`
|
|
6
|
+
* deferred (Phase C6 / 2026-05-23 NF2). This site has site-specific
|
|
7
|
+
* post-match filters that the helper does not model:
|
|
8
|
+
* 1. `isInsideRegexLiteral` — skips matches inside `/.../` literals
|
|
9
|
+
* to avoid false-firing on detection-pattern source itself.
|
|
10
|
+
* 2. `lineHasRedactionPlaceholder` — skips lines containing `***`,
|
|
11
|
+
* `[REDACTED]`, `<REDACTED>`, or `X{4,}` redaction markers.
|
|
12
|
+
* Adding these as helper options would broaden its surface beyond
|
|
13
|
+
* what the other adopters need; keeping them inline here is the
|
|
14
|
+
* smaller change.
|
|
15
|
+
*/
|
|
16
|
+
import { logger } from '@opensip-cli/core';
|
|
17
|
+
import { defineCheck } from '@opensip-cli/fitness';
|
|
18
|
+
/**
|
|
19
|
+
* Creates a pre-compiled RegExp for pattern matching.
|
|
20
|
+
* These patterns operate on trusted source code files, not user input,
|
|
21
|
+
* and use bounded character classes to prevent ReDoS.
|
|
22
|
+
* @param pattern - The regex pattern string
|
|
23
|
+
* @param flags - Optional regex flags
|
|
24
|
+
* @returns Compiled RegExp object
|
|
25
|
+
*/
|
|
26
|
+
function createPattern(pattern, flags) {
|
|
27
|
+
// @fitness-ignore-next-line semgrep-scan -- non-literal RegExp is intentional; patterns are hardcoded string constants for code analysis, not user input
|
|
28
|
+
return new RegExp(pattern, flags);
|
|
29
|
+
}
|
|
30
|
+
// Patterns that indicate hardcoded secrets
|
|
31
|
+
// Note: These regex patterns operate on trusted source code files, not user input.
|
|
32
|
+
// The patterns use bounded character classes and limited repetition to prevent ReDoS.
|
|
33
|
+
const SECRET_PATTERNS = [
|
|
34
|
+
// Stripe keys - bounded alphanumeric character class
|
|
35
|
+
{
|
|
36
|
+
regex: createPattern('[\'"`]sk_live_[a-zA-Z0-9]{20,}[\'"`]', 'g'),
|
|
37
|
+
message: 'Hardcoded Stripe secret key detected',
|
|
38
|
+
suggestion: 'Move Stripe secret key to environment variable: process.env.STRIPE_SECRET_KEY. Never commit production keys to source control.',
|
|
39
|
+
},
|
|
40
|
+
{
|
|
41
|
+
regex: createPattern('[\'"`]pk_live_[a-zA-Z0-9]{20,}[\'"`]', 'g'),
|
|
42
|
+
message: 'Hardcoded Stripe publishable key detected',
|
|
43
|
+
suggestion: 'Move Stripe publishable key to environment variable: process.env.STRIPE_PUBLISHABLE_KEY. Use separate keys for test/production environments.',
|
|
44
|
+
},
|
|
45
|
+
{
|
|
46
|
+
regex: createPattern('[\'"`]rk_live_[a-zA-Z0-9]{20,}[\'"`]', 'g'),
|
|
47
|
+
message: 'Hardcoded Stripe restricted key detected',
|
|
48
|
+
suggestion: 'Move Stripe restricted key to environment variable. Consider using Stripe Connect if exposing to third parties.',
|
|
49
|
+
},
|
|
50
|
+
// AWS keys - bounded alphanumeric character class
|
|
51
|
+
{
|
|
52
|
+
regex: createPattern('[\'"`]AKIA[A-Z0-9]{16}[\'"`]', 'g'),
|
|
53
|
+
message: 'Hardcoded AWS access key detected',
|
|
54
|
+
suggestion: 'Remove AWS access key immediately and rotate it. Use IAM roles, environment variables, or AWS Secrets Manager instead of hardcoded credentials.',
|
|
55
|
+
},
|
|
56
|
+
// Generic API keys - use [\\w-] (word chars + hyphen) to avoid character class duplicates
|
|
57
|
+
{
|
|
58
|
+
regex: createPattern('(?:api[_-]?key|apikey)\\s*[:=]\\s*[\'"`][\\w-]{16,}[\'"`]', 'gi'),
|
|
59
|
+
message: 'Hardcoded API key detected',
|
|
60
|
+
suggestion: 'Move API key to environment variable: process.env.API_KEY. For local development, use .env files (and add to .gitignore).',
|
|
61
|
+
},
|
|
62
|
+
// Passwords - uses [^'"`]* which is bounded by quote characters
|
|
63
|
+
{
|
|
64
|
+
regex: createPattern('(?:password|passwd|pwd)\\s*[:=]\\s*[\'"`][^\'"`]{8,}[\'"`]', 'gi'),
|
|
65
|
+
message: 'Hardcoded password detected',
|
|
66
|
+
suggestion: 'Move password to environment variable or secrets manager. Never store passwords in source code. Consider using a password manager or vault service.',
|
|
67
|
+
},
|
|
68
|
+
// JWT secrets - uses [^'"`]* which is bounded by quote characters
|
|
69
|
+
{
|
|
70
|
+
regex: createPattern('(?:jwt[_-]?secret|jwt[_-]?key)\\s*[:=]\\s*[\'"`][^\'"`]{8,}[\'"`]', 'gi'),
|
|
71
|
+
message: 'Hardcoded JWT secret detected',
|
|
72
|
+
suggestion: 'Move JWT secret to environment variable: process.env.JWT_SECRET. Generate a strong random secret (256+ bits) and rotate periodically.',
|
|
73
|
+
},
|
|
74
|
+
// Database connection strings with credentials - uses [^:]+ and [^@]+ which are bounded
|
|
75
|
+
{
|
|
76
|
+
regex: createPattern('(?:postgres|mysql|mongodb)://[^:]+:[^@]+@', 'gi'),
|
|
77
|
+
message: 'Hardcoded database connection string with credentials detected',
|
|
78
|
+
suggestion: 'Use environment variables for database credentials: process.env.DATABASE_URL. Consider using IAM authentication or secrets manager for production.',
|
|
79
|
+
},
|
|
80
|
+
// Private keys (PEM format start) - fixed pattern, no variable repetition
|
|
81
|
+
{
|
|
82
|
+
regex: createPattern(String.raw `-----BEGIN\s+(?:RSA\s+)?PRIVATE\s+KEY-----`, 'g'),
|
|
83
|
+
message: 'Hardcoded private key detected',
|
|
84
|
+
suggestion: 'Move private key to a secure file outside the repository or use a secrets manager. Never commit private keys to source control. If exposed, rotate immediately.',
|
|
85
|
+
},
|
|
86
|
+
// Bearer tokens - use [\\w-] (word chars + hyphen) to avoid character class duplicates
|
|
87
|
+
{
|
|
88
|
+
regex: createPattern('[\'"`]Bearer\\s+[\\w-]{20,}[\'"`]', 'g'),
|
|
89
|
+
message: 'Hardcoded bearer token detected',
|
|
90
|
+
suggestion: 'Remove hardcoded bearer token. Tokens should be obtained at runtime through authentication flows, not stored in code.',
|
|
91
|
+
},
|
|
92
|
+
];
|
|
93
|
+
/**
|
|
94
|
+
* Check: security/no-hardcoded-secrets
|
|
95
|
+
*
|
|
96
|
+
* Detects hardcoded secrets, API keys, and credentials in source code.
|
|
97
|
+
* Secrets should come from environment variables or secret management.
|
|
98
|
+
*/
|
|
99
|
+
export const noHardcodedSecrets = defineCheck({
|
|
100
|
+
id: '68ba1265-9e9b-4a1c-9adc-73c68f470242',
|
|
101
|
+
slug: 'no-hardcoded-secrets',
|
|
102
|
+
scope: { languages: ['typescript'], concerns: ['backend', 'frontend', 'cli'] },
|
|
103
|
+
contentFilter: 'strip-strings',
|
|
104
|
+
confidence: 'medium',
|
|
105
|
+
description: 'Detect hardcoded secrets, API keys, and credentials in source code',
|
|
106
|
+
longDescription: `**Purpose:** Detects hardcoded secrets, API keys, and credentials in source code that should be stored in environment variables or a secrets manager.
|
|
107
|
+
|
|
108
|
+
**Detects:**
|
|
109
|
+
- Stripe keys: \`sk_live_\`, \`pk_live_\`, \`rk_live_\` prefixed strings
|
|
110
|
+
- AWS access keys: \`AKIA\` prefixed strings (16+ alphanumeric chars)
|
|
111
|
+
- Generic API keys: \`api_key\`/\`apikey\` assignments with 16+ character string values
|
|
112
|
+
- Hardcoded passwords: \`password\`/\`passwd\`/\`pwd\` assignments with 8+ character values
|
|
113
|
+
- JWT secrets: \`jwt_secret\`/\`jwt_key\` assignments with 8+ character values
|
|
114
|
+
- Database connection strings with embedded credentials: \`postgres://user:pass@host\`
|
|
115
|
+
- PEM private keys: \`-----BEGIN PRIVATE KEY-----\`
|
|
116
|
+
- Bearer tokens: \`Bearer \` followed by 20+ character token strings
|
|
117
|
+
|
|
118
|
+
**Why it matters:** Secrets committed to source control are permanently exposed in git history and can be harvested by attackers scanning repositories.
|
|
119
|
+
|
|
120
|
+
**Scope:** General best practice. Analyzes each file individually against the production preset.`,
|
|
121
|
+
tags: ['security', 'secrets', 'credentials'],
|
|
122
|
+
fileTypes: ['ts', 'tsx'],
|
|
123
|
+
analyze(content, filePath) {
|
|
124
|
+
return analyzeHardcodedSecrets(content, filePath);
|
|
125
|
+
},
|
|
126
|
+
});
|
|
127
|
+
/**
|
|
128
|
+
* Pure analysis function. Exported so unit tests can exercise the
|
|
129
|
+
* detection logic without standing up the full Check framework.
|
|
130
|
+
*/
|
|
131
|
+
export function analyzeHardcodedSecrets(content, filePath) {
|
|
132
|
+
logger.debug({
|
|
133
|
+
evt: 'fitness.checks.no_hardcoded_secrets.analyze',
|
|
134
|
+
msg: 'Analyzing file for hardcoded secrets and credentials',
|
|
135
|
+
});
|
|
136
|
+
const violations = [];
|
|
137
|
+
const lines = content.split('\n');
|
|
138
|
+
for (const [lineNum, line_] of lines.entries()) {
|
|
139
|
+
const line = line_ ?? '';
|
|
140
|
+
analyzeLine(line, lineNum + 1, filePath, violations);
|
|
141
|
+
}
|
|
142
|
+
return violations;
|
|
143
|
+
}
|
|
144
|
+
function analyzeLine(line, lineNumber, filePath, violations) {
|
|
145
|
+
const trimmed = line.trim();
|
|
146
|
+
if (trimmed.startsWith('//') || trimmed.startsWith('*'))
|
|
147
|
+
return;
|
|
148
|
+
for (const pattern of SECRET_PATTERNS) {
|
|
149
|
+
pattern.regex.lastIndex = 0;
|
|
150
|
+
const matched = pattern.regex.exec(line);
|
|
151
|
+
if (!matched)
|
|
152
|
+
continue;
|
|
153
|
+
if (isInsideRegexLiteral(line, matched.index))
|
|
154
|
+
continue;
|
|
155
|
+
if (lineHasRedactionPlaceholder(line))
|
|
156
|
+
continue;
|
|
157
|
+
violations.push({
|
|
158
|
+
line: lineNumber,
|
|
159
|
+
column: matched.index,
|
|
160
|
+
message: pattern.message,
|
|
161
|
+
severity: 'error',
|
|
162
|
+
suggestion: pattern.suggestion,
|
|
163
|
+
match: matched[0],
|
|
164
|
+
filePath,
|
|
165
|
+
});
|
|
166
|
+
}
|
|
167
|
+
}
|
|
168
|
+
/**
|
|
169
|
+
* Heuristic: is `pos` inside a regex literal on `line`? Walks the line
|
|
170
|
+
* tracking unescaped `/` chars as regex-literal delimiters. A position
|
|
171
|
+
* with an odd number of unescaped `/` chars to its left, and another
|
|
172
|
+
* unescaped `/` after, is inside a literal.
|
|
173
|
+
*
|
|
174
|
+
* Heuristic — division operators and JSX can confuse it, but lines
|
|
175
|
+
* with those tokens AND a secret-pattern match in the same line are
|
|
176
|
+
* rare; the trade-off favors silencing the redaction-pattern FPs.
|
|
177
|
+
*/
|
|
178
|
+
function isInsideRegexLiteral(line, pos) {
|
|
179
|
+
// Count unescaped slashes before pos.
|
|
180
|
+
let slashesBefore = 0;
|
|
181
|
+
for (let i = 0; i < pos; i++) {
|
|
182
|
+
if (line[i] === '/' && line[i - 1] !== '\\')
|
|
183
|
+
slashesBefore++;
|
|
184
|
+
}
|
|
185
|
+
if (slashesBefore % 2 !== 1)
|
|
186
|
+
return false;
|
|
187
|
+
// Check at least one unescaped slash follows.
|
|
188
|
+
for (let i = pos; i < line.length; i++) {
|
|
189
|
+
if (line[i] === '/' && line[i - 1] !== '\\')
|
|
190
|
+
return true;
|
|
191
|
+
}
|
|
192
|
+
return false;
|
|
193
|
+
}
|
|
194
|
+
/**
|
|
195
|
+
* True iff the LINE around a secret match contains a redaction-
|
|
196
|
+
* placeholder marker. Many of the project-defined patterns only match
|
|
197
|
+
* the HEADER (e.g. `-----BEGIN PRIVATE KEY-----`) but the surrounding
|
|
198
|
+
* value is replaced with `***`, `[REDACTED]`, etc. Checking the line
|
|
199
|
+
* (not just the matched span) catches those.
|
|
200
|
+
*
|
|
201
|
+
* Markers: `***`, `<REDACTED>`, `[REDACTED]`, runs of `X` (4+).
|
|
202
|
+
*/
|
|
203
|
+
function lineHasRedactionPlaceholder(line) {
|
|
204
|
+
return (line.includes('***') ||
|
|
205
|
+
line.includes('[REDACTED]') ||
|
|
206
|
+
line.includes('<REDACTED>') ||
|
|
207
|
+
/X{4,}/.test(line));
|
|
208
|
+
}
|
|
209
|
+
//# sourceMappingURL=no-hardcoded-secrets.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"no-hardcoded-secrets.js","sourceRoot":"","sources":["../../../src/checks/security/no-hardcoded-secrets.ts"],"names":[],"mappings":"AAAA,sJAAsJ;AACtJ;;;;;;;;;;;;;GAaG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAC3C,OAAO,EAAE,WAAW,EAAuB,MAAM,sBAAsB,CAAC;AAExE;;;;;;;GAOG;AACH,SAAS,aAAa,CAAC,OAAe,EAAE,KAAc;IACpD,yJAAyJ;IACzJ,OAAO,IAAI,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;AACpC,CAAC;AAED,2CAA2C;AAC3C,mFAAmF;AACnF,sFAAsF;AACtF,MAAM,eAAe,GAAG;IACtB,qDAAqD;IACrD;QACE,KAAK,EAAE,aAAa,CAAC,sCAAsC,EAAE,GAAG,CAAC;QACjE,OAAO,EAAE,sCAAsC;QAC/C,UAAU,EACR,gIAAgI;KACnI;IACD;QACE,KAAK,EAAE,aAAa,CAAC,sCAAsC,EAAE,GAAG,CAAC;QACjE,OAAO,EAAE,2CAA2C;QACpD,UAAU,EACR,8IAA8I;KACjJ;IACD;QACE,KAAK,EAAE,aAAa,CAAC,sCAAsC,EAAE,GAAG,CAAC;QACjE,OAAO,EAAE,0CAA0C;QACnD,UAAU,EACR,iHAAiH;KACpH;IACD,kDAAkD;IAClD;QACE,KAAK,EAAE,aAAa,CAAC,8BAA8B,EAAE,GAAG,CAAC;QACzD,OAAO,EAAE,mCAAmC;QAC5C,UAAU,EACR,iJAAiJ;KACpJ;IACD,0FAA0F;IAC1F;QACE,KAAK,EAAE,aAAa,CAAC,2DAA2D,EAAE,IAAI,CAAC;QACvF,OAAO,EAAE,4BAA4B;QACrC,UAAU,EACR,2HAA2H;KAC9H;IACD,gEAAgE;IAChE;QACE,KAAK,EAAE,aAAa,CAAC,4DAA4D,EAAE,IAAI,CAAC;QACxF,OAAO,EAAE,6BAA6B;QACtC,UAAU,EACR,qJAAqJ;KACxJ;IACD,kEAAkE;IAClE;QACE,KAAK,EAAE,aAAa,CAAC,mEAAmE,EAAE,IAAI,CAAC;QAC/F,OAAO,EAAE,+BAA+B;QACxC,UAAU,EACR,uIAAuI;KAC1I;IACD,wFAAwF;IACxF;QACE,KAAK,EAAE,aAAa,CAAC,2CAA2C,EAAE,IAAI,CAAC;QACvE,OAAO,EAAE,gEAAgE;QACzE,UAAU,EACR,oJAAoJ;KACvJ;IACD,0EAA0E;IAC1E;QACE,KAAK,EAAE,aAAa,CAAC,MAAM,CAAC,GAAG,CAAA,4CAA4C,EAAE,GAAG,CAAC;QACjF,OAAO,EAAE,gCAAgC;QACzC,UAAU,EACR,iKAAiK;KACpK;IACD,uFAAuF;IACvF;QACE,KAAK,EAAE,aAAa,CAAC,mCAAmC,EAAE,GAAG,CAAC;QAC9D,OAAO,EAAE,iCAAiC;QAC1C,UAAU,EACR,uHAAuH;KAC1H;CACF,CAAC;AAEF;;;;;GAKG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG,WAAW,CAAC;IAC5C,EAAE,EAAE,sCAAsC;IAC1C,IAAI,EAAE,sBAAsB;IAC5B,KAAK,EAAE,EAAE,SAAS,EAAE,CAAC,YAAY,CAAC,EAAE,QAAQ,EAAE,CAAC,SAAS,EAAE,UAAU,EAAE,KAAK,CAAC,EAAE;IAC9E,aAAa,EAAE,eAAe;IAC9B,UAAU,EAAE,QAAQ;IACpB,WAAW,EAAE,oEAAoE;IACjF,eAAe,EAAE;;;;;;;;;;;;;;iGAc8E;IAC/F,IAAI,EAAE,CAAC,UAAU,EAAE,SAAS,EAAE,aAAa,CAAC;IAC5C,SAAS,EAAE,CAAC,IAAI,EAAE,KAAK,CAAC;IAExB,OAAO,CAAC,OAAe,EAAE,QAAgB;QACvC,OAAO,uBAAuB,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IACpD,CAAC;CACF,CAAC,CAAC;AAEH;;;GAGG;AACH,MAAM,UAAU,uBAAuB,CAAC,OAAe,EAAE,QAAgB;IACvE,MAAM,CAAC,KAAK,CAAC;QACX,GAAG,EAAE,6CAA6C;QAClD,GAAG,EAAE,sDAAsD;KAC5D,CAAC,CAAC;IACH,MAAM,UAAU,GAAqB,EAAE,CAAC;IACxC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,KAAK,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,IAAI,KAAK,CAAC,OAAO,EAAE,EAAE,CAAC;QAC/C,MAAM,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;QACzB,WAAW,CAAC,IAAI,EAAE,OAAO,GAAG,CAAC,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;IACvD,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,SAAS,WAAW,CAClB,IAAY,EACZ,UAAkB,EAClB,QAAgB,EAChB,UAA4B;IAE5B,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;IAC5B,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,OAAO;IAEhE,KAAK,MAAM,OAAO,IAAI,eAAe,EAAE,CAAC;QACtC,OAAO,CAAC,KAAK,CAAC,SAAS,GAAG,CAAC,CAAC;QAC5B,MAAM,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACzC,IAAI,CAAC,OAAO;YAAE,SAAS;QACvB,IAAI,oBAAoB,CAAC,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC;YAAE,SAAS;QACxD,IAAI,2BAA2B,CAAC,IAAI,CAAC;YAAE,SAAS;QAChD,UAAU,CAAC,IAAI,CAAC;YACd,IAAI,EAAE,UAAU;YAChB,MAAM,EAAE,OAAO,CAAC,KAAK;YACrB,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,QAAQ,EAAE,OAAO;YACjB,UAAU,EAAE,OAAO,CAAC,UAAU;YAC9B,KAAK,EAAE,OAAO,CAAC,CAAC,CAAC;YACjB,QAAQ;SACT,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED;;;;;;;;;GASG;AACH,SAAS,oBAAoB,CAAC,IAAY,EAAE,GAAW;IACrD,sCAAsC;IACtC,IAAI,aAAa,GAAG,CAAC,CAAC;IACtB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;QAC7B,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,GAAG,IAAI,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,IAAI;YAAE,aAAa,EAAE,CAAC;IAC/D,CAAC;IACD,IAAI,aAAa,GAAG,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAC1C,8CAA8C;IAC9C,KAAK,IAAI,CAAC,GAAG,GAAG,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACvC,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,GAAG,IAAI,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,IAAI;YAAE,OAAO,IAAI,CAAC;IAC3D,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;;;;GAQG;AACH,SAAS,2BAA2B,CAAC,IAAY;IAC/C,OAAO,CACL,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC;QACpB,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC;QAC3B,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC;QAC3B,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CACnB,CAAC;AACJ,CAAC"}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @fileoverview Package supply-chain policy check
|
|
3
|
+
*
|
|
4
|
+
* Validates consumer-side package-manager guardrails for npm, pnpm, and Bun:
|
|
5
|
+
* pinned package manager, committed lockfile, frozen CI installs, install
|
|
6
|
+
* script policy, dependency maturity gates, lockfile integrity coverage,
|
|
7
|
+
* exotic dependency review, and trusted publishing posture.
|
|
8
|
+
*/
|
|
9
|
+
import { type CheckViolation, type FileAccessor } from '@opensip-cli/fitness';
|
|
10
|
+
export declare function analyzePackageSupplyChainPolicy(files: FileAccessor): Promise<CheckViolation[]>;
|
|
11
|
+
export declare const packageSupplyChainPolicy: import("@opensip-cli/fitness").Check;
|
|
12
|
+
//# sourceMappingURL=package-supply-chain-policy.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"package-supply-chain-policy.d.ts","sourceRoot":"","sources":["../../../src/checks/security/package-supply-chain-policy.ts"],"names":[],"mappings":"AACA;;;;;;;GAOG;AAKH,OAAO,EAAe,KAAK,cAAc,EAAE,KAAK,YAAY,EAAE,MAAM,sBAAsB,CAAC;AAskB3F,wBAAsB,+BAA+B,CACnD,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,cAAc,EAAE,CAAC,CAqB3B;AAED,eAAO,MAAM,wBAAwB,sCA2BnC,CAAC"}
|