@opensip-cli/checks-universal 0.1.10 → 0.1.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (247) hide show
  1. package/README.md +4 -2
  2. package/dist/__tests__/all-checks-execute.test.d.ts.map +1 -1
  3. package/dist/__tests__/all-checks-execute.test.js +0 -1
  4. package/dist/__tests__/all-checks-execute.test.js.map +1 -1
  5. package/dist/__tests__/behavior-fixtures-10.test.d.ts.map +1 -1
  6. package/dist/__tests__/behavior-fixtures-10.test.js +0 -1
  7. package/dist/__tests__/behavior-fixtures-10.test.js.map +1 -1
  8. package/dist/__tests__/behavior-fixtures-11.test.d.ts.map +1 -1
  9. package/dist/__tests__/behavior-fixtures-11.test.js +0 -1
  10. package/dist/__tests__/behavior-fixtures-11.test.js.map +1 -1
  11. package/dist/__tests__/behavior-fixtures-12.test.d.ts.map +1 -1
  12. package/dist/__tests__/behavior-fixtures-12.test.js +0 -1
  13. package/dist/__tests__/behavior-fixtures-12.test.js.map +1 -1
  14. package/dist/__tests__/behavior-fixtures-2.test.d.ts.map +1 -1
  15. package/dist/__tests__/behavior-fixtures-2.test.js +0 -1
  16. package/dist/__tests__/behavior-fixtures-2.test.js.map +1 -1
  17. package/dist/__tests__/behavior-fixtures-3.test.d.ts.map +1 -1
  18. package/dist/__tests__/behavior-fixtures-3.test.js +0 -1
  19. package/dist/__tests__/behavior-fixtures-3.test.js.map +1 -1
  20. package/dist/__tests__/behavior-fixtures-4.test.d.ts.map +1 -1
  21. package/dist/__tests__/behavior-fixtures-4.test.js +0 -1
  22. package/dist/__tests__/behavior-fixtures-4.test.js.map +1 -1
  23. package/dist/__tests__/behavior-fixtures-5.test.d.ts.map +1 -1
  24. package/dist/__tests__/behavior-fixtures-5.test.js +0 -1
  25. package/dist/__tests__/behavior-fixtures-5.test.js.map +1 -1
  26. package/dist/__tests__/behavior-fixtures-6.test.d.ts.map +1 -1
  27. package/dist/__tests__/behavior-fixtures-6.test.js +0 -1
  28. package/dist/__tests__/behavior-fixtures-6.test.js.map +1 -1
  29. package/dist/__tests__/behavior-fixtures-7.test.d.ts.map +1 -1
  30. package/dist/__tests__/behavior-fixtures-7.test.js +0 -1
  31. package/dist/__tests__/behavior-fixtures-7.test.js.map +1 -1
  32. package/dist/__tests__/behavior-fixtures-8.test.d.ts.map +1 -1
  33. package/dist/__tests__/behavior-fixtures-8.test.js +2 -3
  34. package/dist/__tests__/behavior-fixtures-8.test.js.map +1 -1
  35. package/dist/__tests__/behavior-fixtures-9.test.d.ts.map +1 -1
  36. package/dist/__tests__/behavior-fixtures-9.test.js +0 -1
  37. package/dist/__tests__/behavior-fixtures-9.test.js.map +1 -1
  38. package/dist/__tests__/behavior-fixtures.test.d.ts.map +1 -1
  39. package/dist/__tests__/behavior-fixtures.test.js +10 -9
  40. package/dist/__tests__/behavior-fixtures.test.js.map +1 -1
  41. package/dist/__tests__/file-length-limit.test.js +12 -1
  42. package/dist/__tests__/file-length-limit.test.js.map +1 -1
  43. package/dist/__tests__/resilience-fp.test.js +42 -0
  44. package/dist/__tests__/resilience-fp.test.js.map +1 -1
  45. package/dist/checks/architecture/__tests__/tool-identity-single-source.test.d.ts +2 -0
  46. package/dist/checks/architecture/__tests__/tool-identity-single-source.test.d.ts.map +1 -0
  47. package/dist/checks/architecture/__tests__/tool-identity-single-source.test.js +61 -0
  48. package/dist/checks/architecture/__tests__/tool-identity-single-source.test.js.map +1 -0
  49. package/dist/checks/architecture/dependencies/no-duplicate-packages.d.ts.map +1 -1
  50. package/dist/checks/architecture/dependencies/no-duplicate-packages.js +0 -2
  51. package/dist/checks/architecture/dependencies/no-duplicate-packages.js.map +1 -1
  52. package/dist/checks/architecture/docker-best-practices-analyze.d.ts +7 -0
  53. package/dist/checks/architecture/docker-best-practices-analyze.d.ts.map +1 -0
  54. package/dist/checks/architecture/docker-best-practices-analyze.js +301 -0
  55. package/dist/checks/architecture/docker-best-practices-analyze.js.map +1 -0
  56. package/dist/checks/architecture/docker-best-practices-patterns.d.ts +50 -0
  57. package/dist/checks/architecture/docker-best-practices-patterns.d.ts.map +1 -0
  58. package/dist/checks/architecture/docker-best-practices-patterns.js +51 -0
  59. package/dist/checks/architecture/docker-best-practices-patterns.js.map +1 -0
  60. package/dist/checks/architecture/docker-best-practices.d.ts.map +1 -1
  61. package/dist/checks/architecture/docker-best-practices.js +1 -367
  62. package/dist/checks/architecture/docker-best-practices.js.map +1 -1
  63. package/dist/checks/architecture/docker-ignore-validation.d.ts.map +1 -1
  64. package/dist/checks/architecture/docker-ignore-validation.js +0 -1
  65. package/dist/checks/architecture/docker-ignore-validation.js.map +1 -1
  66. package/dist/checks/architecture/docker-version-sync.d.ts.map +1 -1
  67. package/dist/checks/architecture/docker-version-sync.js +0 -1
  68. package/dist/checks/architecture/docker-version-sync.js.map +1 -1
  69. package/dist/checks/architecture/heavy-import-detection.d.ts.map +1 -1
  70. package/dist/checks/architecture/heavy-import-detection.js +1 -0
  71. package/dist/checks/architecture/heavy-import-detection.js.map +1 -1
  72. package/dist/checks/architecture/index.d.ts +1 -0
  73. package/dist/checks/architecture/index.d.ts.map +1 -1
  74. package/dist/checks/architecture/index.js +1 -0
  75. package/dist/checks/architecture/index.js.map +1 -1
  76. package/dist/checks/architecture/modules/empty-package-detection.d.ts.map +1 -1
  77. package/dist/checks/architecture/modules/empty-package-detection.js +0 -3
  78. package/dist/checks/architecture/modules/empty-package-detection.js.map +1 -1
  79. package/dist/checks/architecture/modules/interface-implementation-consistency-constants.d.ts +16 -0
  80. package/dist/checks/architecture/modules/interface-implementation-consistency-constants.d.ts.map +1 -0
  81. package/dist/checks/architecture/modules/interface-implementation-consistency-constants.js +182 -0
  82. package/dist/checks/architecture/modules/interface-implementation-consistency-constants.js.map +1 -0
  83. package/dist/checks/architecture/modules/interface-implementation-consistency-parse.d.ts +23 -0
  84. package/dist/checks/architecture/modules/interface-implementation-consistency-parse.d.ts.map +1 -0
  85. package/dist/checks/architecture/modules/interface-implementation-consistency-parse.js +235 -0
  86. package/dist/checks/architecture/modules/interface-implementation-consistency-parse.js.map +1 -0
  87. package/dist/checks/architecture/modules/interface-implementation-consistency.d.ts.map +1 -1
  88. package/dist/checks/architecture/modules/interface-implementation-consistency.js +4 -462
  89. package/dist/checks/architecture/modules/interface-implementation-consistency.js.map +1 -1
  90. package/dist/checks/architecture/node-version-consistency.d.ts.map +1 -1
  91. package/dist/checks/architecture/node-version-consistency.js +0 -2
  92. package/dist/checks/architecture/node-version-consistency.js.map +1 -1
  93. package/dist/checks/architecture/project-readme-existence.d.ts.map +1 -1
  94. package/dist/checks/architecture/project-readme-existence.js +0 -1
  95. package/dist/checks/architecture/project-readme-existence.js.map +1 -1
  96. package/dist/checks/architecture/stale-build-artifacts.d.ts.map +1 -1
  97. package/dist/checks/architecture/stale-build-artifacts.js +0 -1
  98. package/dist/checks/architecture/stale-build-artifacts.js.map +1 -1
  99. package/dist/checks/architecture/tool-has-manifest.d.ts.map +1 -1
  100. package/dist/checks/architecture/tool-has-manifest.js +0 -1
  101. package/dist/checks/architecture/tool-has-manifest.js.map +1 -1
  102. package/dist/checks/architecture/tool-identity-single-source.d.ts +23 -0
  103. package/dist/checks/architecture/tool-identity-single-source.d.ts.map +1 -0
  104. package/dist/checks/architecture/tool-identity-single-source.js +126 -0
  105. package/dist/checks/architecture/tool-identity-single-source.js.map +1 -0
  106. package/dist/checks/architecture/vitest-config-required-with-tests.d.ts.map +1 -1
  107. package/dist/checks/architecture/vitest-config-required-with-tests.js +0 -1
  108. package/dist/checks/architecture/vitest-config-required-with-tests.js.map +1 -1
  109. package/dist/checks/documentation/_directives/fitness.d.ts.map +1 -1
  110. package/dist/checks/documentation/_directives/fitness.js +7 -52
  111. package/dist/checks/documentation/_directives/fitness.js.map +1 -1
  112. package/dist/checks/documentation/_directives/graph.d.ts.map +1 -1
  113. package/dist/checks/documentation/_directives/graph.js +7 -52
  114. package/dist/checks/documentation/_directives/graph.js.map +1 -1
  115. package/dist/checks/documentation/_directives/semgrep.d.ts.map +1 -1
  116. package/dist/checks/documentation/_directives/semgrep.js +2 -12
  117. package/dist/checks/documentation/_directives/semgrep.js.map +1 -1
  118. package/dist/checks/documentation/_directives/shared.d.ts +9 -0
  119. package/dist/checks/documentation/_directives/shared.d.ts.map +1 -0
  120. package/dist/checks/documentation/_directives/shared.js +53 -0
  121. package/dist/checks/documentation/_directives/shared.js.map +1 -0
  122. package/dist/checks/documentation/_public-api-graph.d.ts +3 -26
  123. package/dist/checks/documentation/_public-api-graph.d.ts.map +1 -1
  124. package/dist/checks/documentation/_public-api-graph.js +3 -300
  125. package/dist/checks/documentation/_public-api-graph.js.map +1 -1
  126. package/dist/checks/documentation/directive-audit.d.ts.map +1 -1
  127. package/dist/checks/documentation/directive-audit.js +0 -1
  128. package/dist/checks/documentation/directive-audit.js.map +1 -1
  129. package/dist/checks/file-length-limit.d.ts +7 -0
  130. package/dist/checks/file-length-limit.d.ts.map +1 -1
  131. package/dist/checks/file-length-limit.js +14 -2
  132. package/dist/checks/file-length-limit.js.map +1 -1
  133. package/dist/checks/quality/code-structure/dead-code.d.ts.map +1 -1
  134. package/dist/checks/quality/code-structure/dead-code.js +0 -1
  135. package/dist/checks/quality/code-structure/dead-code.js.map +1 -1
  136. package/dist/checks/quality/dependency-version-consistency.d.ts.map +1 -1
  137. package/dist/checks/quality/dependency-version-consistency.js +0 -3
  138. package/dist/checks/quality/dependency-version-consistency.js.map +1 -1
  139. package/dist/checks/quality/frontend/navigation-typing.d.ts.map +1 -1
  140. package/dist/checks/quality/frontend/navigation-typing.js +0 -1
  141. package/dist/checks/quality/frontend/navigation-typing.js.map +1 -1
  142. package/dist/checks/quality/index.d.ts +1 -0
  143. package/dist/checks/quality/index.d.ts.map +1 -1
  144. package/dist/checks/quality/index.js +1 -0
  145. package/dist/checks/quality/index.js.map +1 -1
  146. package/dist/checks/quality/linting/eslint-justifications.d.ts.map +1 -1
  147. package/dist/checks/quality/linting/eslint-justifications.js +1 -1
  148. package/dist/checks/quality/linting/eslint-justifications.js.map +1 -1
  149. package/dist/checks/quality/no-raw-regex-on-code.d.ts.map +1 -1
  150. package/dist/checks/quality/no-raw-regex-on-code.js +2 -3
  151. package/dist/checks/quality/no-raw-regex-on-code.js.map +1 -1
  152. package/dist/checks/quality/patterns/__tests__/performance-anti-patterns-fp.test.d.ts +5 -0
  153. package/dist/checks/quality/patterns/__tests__/performance-anti-patterns-fp.test.d.ts.map +1 -0
  154. package/dist/checks/quality/patterns/__tests__/performance-anti-patterns-fp.test.js +66 -0
  155. package/dist/checks/quality/patterns/__tests__/performance-anti-patterns-fp.test.js.map +1 -0
  156. package/dist/checks/quality/patterns/performance-anti-patterns.d.ts +3 -0
  157. package/dist/checks/quality/patterns/performance-anti-patterns.d.ts.map +1 -1
  158. package/dist/checks/quality/patterns/performance-anti-patterns.js +47 -30
  159. package/dist/checks/quality/patterns/performance-anti-patterns.js.map +1 -1
  160. package/dist/checks/quality/yagni-ignore-hygiene.d.ts +10 -0
  161. package/dist/checks/quality/yagni-ignore-hygiene.d.ts.map +1 -0
  162. package/dist/checks/quality/yagni-ignore-hygiene.js +87 -0
  163. package/dist/checks/quality/yagni-ignore-hygiene.js.map +1 -0
  164. package/dist/checks/quality/yagni-ignore-hygiene.test.d.ts +5 -0
  165. package/dist/checks/quality/yagni-ignore-hygiene.test.d.ts.map +1 -0
  166. package/dist/checks/quality/yagni-ignore-hygiene.test.js +37 -0
  167. package/dist/checks/quality/yagni-ignore-hygiene.test.js.map +1 -0
  168. package/dist/checks/resilience/batch-operation-limits.d.ts +13 -0
  169. package/dist/checks/resilience/batch-operation-limits.d.ts.map +1 -0
  170. package/dist/checks/resilience/batch-operation-limits.js +214 -0
  171. package/dist/checks/resilience/batch-operation-limits.js.map +1 -0
  172. package/dist/checks/resilience/batch-operations.d.ts +2 -21
  173. package/dist/checks/resilience/batch-operations.d.ts.map +1 -1
  174. package/dist/checks/resilience/batch-operations.js +2 -420
  175. package/dist/checks/resilience/batch-operations.js.map +1 -1
  176. package/dist/checks/resilience/dangerous-config-defaults.d.ts.map +1 -1
  177. package/dist/checks/resilience/dangerous-config-defaults.js +0 -1
  178. package/dist/checks/resilience/dangerous-config-defaults.js.map +1 -1
  179. package/dist/checks/resilience/exit-code-correctness.d.ts.map +1 -1
  180. package/dist/checks/resilience/exit-code-correctness.js +0 -1
  181. package/dist/checks/resilience/exit-code-correctness.js.map +1 -1
  182. package/dist/checks/resilience/no-process-exit-in-finally.d.ts.map +1 -1
  183. package/dist/checks/resilience/no-process-exit-in-finally.js +0 -1
  184. package/dist/checks/resilience/no-process-exit-in-finally.js.map +1 -1
  185. package/dist/checks/resilience/readline-cleanup.d.ts.map +1 -1
  186. package/dist/checks/resilience/readline-cleanup.js +0 -1
  187. package/dist/checks/resilience/readline-cleanup.js.map +1 -1
  188. package/dist/checks/resilience/reentrancy-guard.d.ts.map +1 -1
  189. package/dist/checks/resilience/reentrancy-guard.js +0 -1
  190. package/dist/checks/resilience/reentrancy-guard.js.map +1 -1
  191. package/dist/checks/resilience/sentry/_helpers/sentry.d.ts +10 -0
  192. package/dist/checks/resilience/sentry/_helpers/sentry.d.ts.map +1 -1
  193. package/dist/checks/resilience/sentry/_helpers/sentry.js +21 -0
  194. package/dist/checks/resilience/sentry/_helpers/sentry.js.map +1 -1
  195. package/dist/checks/resilience/sentry/sentry-dsn-configured.d.ts.map +1 -1
  196. package/dist/checks/resilience/sentry/sentry-dsn-configured.js +8 -23
  197. package/dist/checks/resilience/sentry/sentry-dsn-configured.js.map +1 -1
  198. package/dist/checks/resilience/sentry/sentry-environment-set.d.ts.map +1 -1
  199. package/dist/checks/resilience/sentry/sentry-environment-set.js +8 -20
  200. package/dist/checks/resilience/sentry/sentry-environment-set.js.map +1 -1
  201. package/dist/checks/resilience/sentry/sentry-release-set.d.ts.map +1 -1
  202. package/dist/checks/resilience/sentry/sentry-release-set.js +8 -20
  203. package/dist/checks/resilience/sentry/sentry-release-set.js.map +1 -1
  204. package/dist/checks/resilience/service-patterns.d.ts.map +1 -1
  205. package/dist/checks/resilience/service-patterns.js +0 -1
  206. package/dist/checks/resilience/service-patterns.js.map +1 -1
  207. package/dist/checks/resilience/unbounded-memory.d.ts +13 -0
  208. package/dist/checks/resilience/unbounded-memory.d.ts.map +1 -0
  209. package/dist/checks/resilience/unbounded-memory.js +274 -0
  210. package/dist/checks/resilience/unbounded-memory.js.map +1 -0
  211. package/dist/checks/security/csp-headers.d.ts.map +1 -1
  212. package/dist/checks/security/csp-headers.js +0 -1
  213. package/dist/checks/security/csp-headers.js.map +1 -1
  214. package/dist/checks/security/hasura-production-config.d.ts.map +1 -1
  215. package/dist/checks/security/hasura-production-config.js +0 -1
  216. package/dist/checks/security/hasura-production-config.js.map +1 -1
  217. package/dist/checks/security/jwt-validation.d.ts.map +1 -1
  218. package/dist/checks/security/jwt-validation.js +0 -2
  219. package/dist/checks/security/jwt-validation.js.map +1 -1
  220. package/dist/checks/security/package-supply-chain-policy.d.ts.map +1 -1
  221. package/dist/checks/security/package-supply-chain-policy.js +9 -16
  222. package/dist/checks/security/package-supply-chain-policy.js.map +1 -1
  223. package/dist/checks/security/semgrep-scan.d.ts.map +1 -1
  224. package/dist/checks/security/semgrep-scan.js +0 -1
  225. package/dist/checks/security/semgrep-scan.js.map +1 -1
  226. package/dist/checks/security/use-centralized-crypto.d.ts.map +1 -1
  227. package/dist/checks/security/use-centralized-crypto.js +2 -3
  228. package/dist/checks/security/use-centralized-crypto.js.map +1 -1
  229. package/dist/checks/testing/test-convention-consistency.d.ts.map +1 -1
  230. package/dist/checks/testing/test-convention-consistency.js +0 -2
  231. package/dist/checks/testing/test-convention-consistency.js.map +1 -1
  232. package/dist/checks/testing/test-file-naming.d.ts.map +1 -1
  233. package/dist/checks/testing/test-file-naming.js +0 -1
  234. package/dist/checks/testing/test-file-naming.js.map +1 -1
  235. package/dist/checks/testing/test-file-pairing.d.ts.map +1 -1
  236. package/dist/checks/testing/test-file-pairing.js +3 -7
  237. package/dist/checks/testing/test-file-pairing.js.map +1 -1
  238. package/dist/display/architecture.d.ts.map +1 -1
  239. package/dist/display/architecture.js +1 -0
  240. package/dist/display/architecture.js.map +1 -1
  241. package/dist/display/quality.d.ts.map +1 -1
  242. package/dist/display/quality.js +1 -0
  243. package/dist/display/quality.js.map +1 -1
  244. package/dist/display/types.d.ts.map +1 -1
  245. package/dist/display/types.js +0 -1
  246. package/dist/display/types.js.map +1 -1
  247. package/package.json +4 -4
@@ -1 +1 @@
1
- {"version":3,"file":"no-duplicate-packages.js","sourceRoot":"","sources":["../../../../src/checks/architecture/dependencies/no-duplicate-packages.ts"],"names":[],"mappings":"AAAA,0HAA0H;AAC1H,yHAAyH;AACzH;;GAEG;AAEH,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAElC,OAAO,EAAE,WAAW,EAA0C,MAAM,sBAAsB,CAAC;AAuB3F,MAAM,kBAAkB,GAAuB;IAC7C;QACE,QAAQ,EAAE,iBAAiB;QAC3B,YAAY,EAAE,CAAC,aAAa,EAAE,SAAS,EAAE,gBAAgB,EAAE,gBAAgB,CAAC;QAC5E,aAAa,EAAE,CAAC;QAChB,WAAW,EAAE,CAAC;QACd,MAAM,EAAE,mDAAmD;KAC5D;IACD;QACE,QAAQ,EAAE,WAAW;QACrB,YAAY,EAAE,CAAC,SAAS,EAAE,WAAW,EAAE,SAAS,EAAE,SAAS,CAAC;QAC5D,aAAa,EAAE,CAAC;QAChB,WAAW,EAAE,CAAC;QACd,MAAM,EAAE,8DAA8D;KACvE;IACD;QACE,QAAQ,EAAE,YAAY;QACtB,YAAY,EAAE,CAAC,aAAa,EAAE,cAAc,EAAE,UAAU,CAAC;QACzD,aAAa,EAAE,CAAC;QAChB,WAAW,EAAE,CAAC;QACd,MAAM,EAAE,iEAAiE;KAC1E;IACD;QACE,QAAQ,EAAE,QAAQ;QAClB,YAAY,EAAE,CAAC,SAAS,EAAE,gBAAgB,EAAE,WAAW,CAAC;QACxD,aAAa,EAAE,CAAC;QAChB,WAAW,EAAE,CAAC;QACd,MAAM,EAAE,2DAA2D;KACpE;IACD;QACE,QAAQ,EAAE,SAAS;QACnB,YAAY,EAAE,CAAC,SAAS,EAAE,UAAU,EAAE,MAAM,CAAC;QAC7C,aAAa,EAAE,CAAC;QAChB,WAAW,EAAE,CAAC;QACd,MAAM,EAAE,4DAA4D;KACrE;CACF,CAAC;AAEF,MAAM,iBAAiB,GAAG,CAAC,cAAc,EAAE,WAAW,EAAE,YAAY,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;AAE1F,SAAS,cAAc,CAAC,eAAuB,EAAE,WAAmB;IAClE,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;QACzD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAA2C,CAAC;QAC1E,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;QACjD,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;QAE5D,IAAI,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,EAAE,CAAC;YACxD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO;YACL,IAAI,EAAE,GAAG,CAAC,IAAI,IAAI,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC;YAC3C,IAAI,EAAE,YAAY;YAClB,QAAQ,EAAE,GAAG,CAAC,QAAQ;SACvB,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,gEAAgE;QAChE,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,cAAc,CAAC,GAAgB,EAAE,QAAkB;IAC1D,iEAAiE;IACjE,2BAA2B;IAC3B,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC7B,OAAO,KAAK,CAAC;IACf,CAAC;IAED,4FAA4F;IAC5F,MAAM,QAAQ,GAAG,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,GAAG,CAAC,IAAI,CAAC;IACvD,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IACxD,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;QACjB,KAAK,MAAM,OAAO,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;YACnC,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBAAE,OAAO,IAAI,CAAC;QACzD,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,gHAAgH;AAChH,SAAS,qBAAqB,CAAC,QAAuB;IACpD,MAAM,IAAI,GAAG,IAAI,GAAG,EAAuB,CAAC;IAC5C,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;QAC3B,4FAA4F;QAC5F,MAAM,QAAQ,GAAG,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,GAAG,CAAC,IAAI,CAAC;QACvD,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;YACxB,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC;IACD,OAAO,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;AAC5B,CAAC;AAED,SAAS,gBAAgB,CAAC,QAAuB;IAC/C,iEAAiE;IACjE,2BAA2B;IAC3B,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC7B,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,MAAM,MAAM,GAAqB,EAAE,CAAC;IAEpC,KAAK,MAAM,OAAO,IAAI,kBAAkB,EAAE,CAAC;QACzC,MAAM,QAAQ,GAAG,qBAAqB,CACpC,QAAQ,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,cAAc,CAAC,GAAG,EAAE,OAAO,CAAC,YAAY,CAAC,CAAC,CACpE,CAAC;QACF,IAAI,QAAQ,CAAC,MAAM,IAAI,OAAO,CAAC,aAAa,EAAE,CAAC;YAC7C,MAAM,CAAC,IAAI,CAAC;gBACV,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,QAAQ,EAAE,QAAQ;gBAClB,QAAQ,EAAE,QAAQ,CAAC,MAAM,IAAI,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS;aACvE,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG,WAAW,CAAC;IAC7C,EAAE,EAAE,sCAAsC;IAC1C,IAAI,EAAE,uBAAuB;IAC7B,IAAI,EAAE,CAAC,cAAc,CAAC;IACtB,KAAK,EAAE,EAAE,SAAS,EAAE,CAAC,MAAM,EAAE,YAAY,EAAE,MAAM,CAAC,EAAE,QAAQ,EAAE,CAAC,QAAQ,CAAC,EAAE;IAC1E,aAAa,EAAE,eAAe;IAE9B,UAAU,EAAE,QAAQ;IACpB,WAAW,EAAE,8CAA8C;IAC3D,eAAe,EAAE;;;;;;;;mGAQgF;IACjG,SAAS,EAAE,CAAC,MAAM,CAAC;IAEnB,+IAA+I;IAC/I,4JAA4J;IAC5J,KAAK,CAAC,UAAU,CAAC,KAAmB;QAClC,uCAAuC;QACvC,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACjC,MAAM,GAAG,GAAG,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;QAE5F,MAAM,QAAQ,GAAkB,EAAE,CAAC;QAEnC,KAAK,MAAM,eAAe,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;YAC1C,MAAM,IAAI,GAAG,cAAc,CAAC,eAAe,EAAE,GAAG,CAAC,CAAC;YAClD,IAAI,IAAI;gBAAE,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAChC,CAAC;QAED,MAAM,eAAe,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;QACnD,MAAM,UAAU,GAAqB,EAAE,CAAC;QAExC,KAAK,MAAM,KAAK,IAAI,eAAe,EAAE,CAAC;YACpC,MAAM,YAAY,GAAG,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YACvD,MAAM,SAAS,GAAG,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,IAAI,IAAI,UAAU,CAAC;YAExD,UAAU,CAAC,IAAI,CAAC;gBACd,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,SAAS,EAAE,cAAc,CAAC;gBACnD,IAAI,EAAE,CAAC;gBACP,OAAO,EAAE,aAAa,KAAK,CAAC,QAAQ,cAAc,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,KAAK,CAAC,MAAM,EAAE;gBAC5F,QAAQ,EAAE,KAAK,CAAC,QAAQ;gBACxB,UAAU,EAAE,eAAe,KAAK,CAAC,QAAQ,qHAAqH;gBAC9J,KAAK,EAAE,KAAK,CAAC,QAAQ;gBACrB,IAAI,EAAE,mBAAmB;aAC1B,CAAC,CAAC;QACL,CAAC;QAED,OAAO,UAAU,CAAC;IACpB,CAAC;CACF,CAAC,CAAC"}
1
+ {"version":3,"file":"no-duplicate-packages.js","sourceRoot":"","sources":["../../../../src/checks/architecture/dependencies/no-duplicate-packages.ts"],"names":[],"mappings":"AAAA,0HAA0H;AAC1H;;GAEG;AAEH,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAElC,OAAO,EAAE,WAAW,EAA0C,MAAM,sBAAsB,CAAC;AAuB3F,MAAM,kBAAkB,GAAuB;IAC7C;QACE,QAAQ,EAAE,iBAAiB;QAC3B,YAAY,EAAE,CAAC,aAAa,EAAE,SAAS,EAAE,gBAAgB,EAAE,gBAAgB,CAAC;QAC5E,aAAa,EAAE,CAAC;QAChB,WAAW,EAAE,CAAC;QACd,MAAM,EAAE,mDAAmD;KAC5D;IACD;QACE,QAAQ,EAAE,WAAW;QACrB,YAAY,EAAE,CAAC,SAAS,EAAE,WAAW,EAAE,SAAS,EAAE,SAAS,CAAC;QAC5D,aAAa,EAAE,CAAC;QAChB,WAAW,EAAE,CAAC;QACd,MAAM,EAAE,8DAA8D;KACvE;IACD;QACE,QAAQ,EAAE,YAAY;QACtB,YAAY,EAAE,CAAC,aAAa,EAAE,cAAc,EAAE,UAAU,CAAC;QACzD,aAAa,EAAE,CAAC;QAChB,WAAW,EAAE,CAAC;QACd,MAAM,EAAE,iEAAiE;KAC1E;IACD;QACE,QAAQ,EAAE,QAAQ;QAClB,YAAY,EAAE,CAAC,SAAS,EAAE,gBAAgB,EAAE,WAAW,CAAC;QACxD,aAAa,EAAE,CAAC;QAChB,WAAW,EAAE,CAAC;QACd,MAAM,EAAE,2DAA2D;KACpE;IACD;QACE,QAAQ,EAAE,SAAS;QACnB,YAAY,EAAE,CAAC,SAAS,EAAE,UAAU,EAAE,MAAM,CAAC;QAC7C,aAAa,EAAE,CAAC;QAChB,WAAW,EAAE,CAAC;QACd,MAAM,EAAE,4DAA4D;KACrE;CACF,CAAC;AAEF,MAAM,iBAAiB,GAAG,CAAC,cAAc,EAAE,WAAW,EAAE,YAAY,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;AAE1F,SAAS,cAAc,CAAC,eAAuB,EAAE,WAAmB;IAClE,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;QACzD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAA2C,CAAC;QAC1E,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;QACjD,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;QAE5D,IAAI,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,EAAE,CAAC;YACxD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO;YACL,IAAI,EAAE,GAAG,CAAC,IAAI,IAAI,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC;YAC3C,IAAI,EAAE,YAAY;YAClB,QAAQ,EAAE,GAAG,CAAC,QAAQ;SACvB,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,gEAAgE;QAChE,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,cAAc,CAAC,GAAgB,EAAE,QAAkB;IAC1D,iEAAiE;IACjE,2BAA2B;IAC3B,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC7B,OAAO,KAAK,CAAC;IACf,CAAC;IAED,4FAA4F;IAC5F,MAAM,QAAQ,GAAG,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,GAAG,CAAC,IAAI,CAAC;IACvD,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IACxD,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;QACjB,KAAK,MAAM,OAAO,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;YACnC,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBAAE,OAAO,IAAI,CAAC;QACzD,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,gHAAgH;AAChH,SAAS,qBAAqB,CAAC,QAAuB;IACpD,MAAM,IAAI,GAAG,IAAI,GAAG,EAAuB,CAAC;IAC5C,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;QAC3B,4FAA4F;QAC5F,MAAM,QAAQ,GAAG,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,GAAG,CAAC,IAAI,CAAC;QACvD,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;YACxB,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC;IACD,OAAO,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;AAC5B,CAAC;AAED,SAAS,gBAAgB,CAAC,QAAuB;IAC/C,iEAAiE;IACjE,2BAA2B;IAC3B,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC7B,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,MAAM,MAAM,GAAqB,EAAE,CAAC;IAEpC,KAAK,MAAM,OAAO,IAAI,kBAAkB,EAAE,CAAC;QACzC,MAAM,QAAQ,GAAG,qBAAqB,CACpC,QAAQ,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,cAAc,CAAC,GAAG,EAAE,OAAO,CAAC,YAAY,CAAC,CAAC,CACpE,CAAC;QACF,IAAI,QAAQ,CAAC,MAAM,IAAI,OAAO,CAAC,aAAa,EAAE,CAAC;YAC7C,MAAM,CAAC,IAAI,CAAC;gBACV,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,QAAQ,EAAE,QAAQ;gBAClB,QAAQ,EAAE,QAAQ,CAAC,MAAM,IAAI,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS;aACvE,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG,WAAW,CAAC;IAC7C,EAAE,EAAE,sCAAsC;IAC1C,IAAI,EAAE,uBAAuB;IAC7B,IAAI,EAAE,CAAC,cAAc,CAAC;IACtB,KAAK,EAAE,EAAE,SAAS,EAAE,CAAC,MAAM,EAAE,YAAY,EAAE,MAAM,CAAC,EAAE,QAAQ,EAAE,CAAC,QAAQ,CAAC,EAAE;IAC1E,aAAa,EAAE,eAAe;IAE9B,UAAU,EAAE,QAAQ;IACpB,WAAW,EAAE,8CAA8C;IAC3D,eAAe,EAAE;;;;;;;;mGAQgF;IACjG,SAAS,EAAE,CAAC,MAAM,CAAC;IAEnB,4JAA4J;IAC5J,KAAK,CAAC,UAAU,CAAC,KAAmB;QAClC,uCAAuC;QACvC,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACjC,MAAM,GAAG,GAAG,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;QAE5F,MAAM,QAAQ,GAAkB,EAAE,CAAC;QAEnC,KAAK,MAAM,eAAe,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;YAC1C,MAAM,IAAI,GAAG,cAAc,CAAC,eAAe,EAAE,GAAG,CAAC,CAAC;YAClD,IAAI,IAAI;gBAAE,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAChC,CAAC;QAED,MAAM,eAAe,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;QACnD,MAAM,UAAU,GAAqB,EAAE,CAAC;QAExC,KAAK,MAAM,KAAK,IAAI,eAAe,EAAE,CAAC;YACpC,MAAM,YAAY,GAAG,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YACvD,MAAM,SAAS,GAAG,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,IAAI,IAAI,UAAU,CAAC;YAExD,UAAU,CAAC,IAAI,CAAC;gBACd,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,SAAS,EAAE,cAAc,CAAC;gBACnD,IAAI,EAAE,CAAC;gBACP,OAAO,EAAE,aAAa,KAAK,CAAC,QAAQ,cAAc,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,KAAK,CAAC,MAAM,EAAE;gBAC5F,QAAQ,EAAE,KAAK,CAAC,QAAQ;gBACxB,UAAU,EAAE,eAAe,KAAK,CAAC,QAAQ,qHAAqH;gBAC9J,KAAK,EAAE,KAAK,CAAC,QAAQ;gBACrB,IAAI,EAAE,mBAAmB;aAC1B,CAAC,CAAC;QACL,CAAC;QAED,OAAO,UAAU,CAAC;IACpB,CAAC;CACF,CAAC,CAAC"}
@@ -0,0 +1,7 @@
1
+ /**
2
+ * Dockerfile analysis logic for docker-best-practices.
3
+ */
4
+ import { type DockerfileViolation } from './docker-best-practices-patterns.js';
5
+ /** Analyze a Dockerfile for best-practice violations. */
6
+ export declare function analyzeDockerfile(content: string, filePath: string, file: string): DockerfileViolation[];
7
+ //# sourceMappingURL=docker-best-practices-analyze.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"docker-best-practices-analyze.d.ts","sourceRoot":"","sources":["../../../src/checks/architecture/docker-best-practices-analyze.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAgBL,KAAK,mBAAmB,EACzB,MAAM,qCAAqC,CAAC;AA+W7C,yDAAyD;AACzD,wBAAgB,iBAAiB,CAC/B,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,MAAM,GACX,mBAAmB,EAAE,CAqCvB"}
@@ -0,0 +1,301 @@
1
+ /**
2
+ * Dockerfile analysis logic for docker-best-practices.
3
+ */
4
+ import { APT_UPGRADE_PATTERN, COPY_PATTERN, FROM_IMAGE_PATTERN, FROM_STAGE_PATTERN, NODE_ENV_PROD_PATTERN, NODE_MODULES_FROM_STAGE_PATTERN, PACKAGE_FILE_COPY_PATTERN, PACKAGE_MANAGER_PATTERNS, PKG_INSTALL_PATTERN, PROD_DEPS_FLAG_PATTERN, isRunnerStageName, SECRET_PATTERNS, USER_PATTERN, safeDockerLine, } from './docker-best-practices-patterns.js';
5
+ function checkForSecrets(line, lineNum, file, filePath) {
6
+ const safeLine = safeDockerLine(line);
7
+ for (const pattern of SECRET_PATTERNS) {
8
+ if (pattern.test(safeLine)) {
9
+ return {
10
+ file,
11
+ filePath,
12
+ line: lineNum,
13
+ rule: 'no-hardcoded-secrets',
14
+ message: 'Hardcoded secret detected in Dockerfile',
15
+ severity: 'error',
16
+ suggestion: 'Use build arguments, runtime environment variables, or a secrets manager instead',
17
+ };
18
+ }
19
+ }
20
+ return null;
21
+ }
22
+ function checkRunCommand(line, lineNum, file, filePath) {
23
+ const violations = [];
24
+ let hasFrozenLockfileViolation = false;
25
+ const safeLine = safeDockerLine(line);
26
+ for (const { pattern, manager, fix } of PACKAGE_MANAGER_PATTERNS) {
27
+ if (pattern.test(safeLine)) {
28
+ hasFrozenLockfileViolation = true;
29
+ violations.push({
30
+ file,
31
+ filePath,
32
+ line: lineNum,
33
+ rule: 'frozen-lockfile',
34
+ message: `${manager} install without frozen lockfile flag`,
35
+ severity: 'error',
36
+ suggestion: `Add ${fix} to ensure reproducible builds`,
37
+ });
38
+ }
39
+ }
40
+ if (APT_UPGRADE_PATTERN.test(safeLine)) {
41
+ violations.push({
42
+ file,
43
+ filePath,
44
+ line: lineNum,
45
+ rule: 'no-apt-upgrade',
46
+ message: 'apt-get upgrade makes builds non-reproducible',
47
+ severity: 'warning',
48
+ suggestion: 'Pin specific package versions instead of upgrading all packages',
49
+ });
50
+ }
51
+ return { violations, hasFrozenLockfileViolation };
52
+ }
53
+ function checkCopyOrder(options) {
54
+ const { line, lineNum, file, filePath, lines, lastFromLine, lineIndex } = options;
55
+ /* v8 ignore next 4 */
56
+ if (!Array.isArray(lines)) {
57
+ return null;
58
+ }
59
+ const safeLine = safeDockerLine(line);
60
+ const copyMatch = COPY_PATTERN.exec(safeLine);
61
+ if (copyMatch?.[1] !== '.' && copyMatch?.[1] !== './')
62
+ return null;
63
+ if (safeLine.includes('--from='))
64
+ return null;
65
+ const stageLines = lines.slice(lastFromLine, lineIndex);
66
+ const hasPackageFileCopy = stageLines.some((l) => PACKAGE_FILE_COPY_PATTERN.test(safeDockerLine(l)));
67
+ const hasNodeModulesFromStage = stageLines.some((l) => NODE_MODULES_FROM_STAGE_PATTERN.test(safeDockerLine(l)));
68
+ if (!hasPackageFileCopy && !hasNodeModulesFromStage) {
69
+ return {
70
+ file,
71
+ filePath,
72
+ line: lineNum,
73
+ rule: 'copy-order',
74
+ message: 'COPY . before copying dependency files',
75
+ severity: 'warning',
76
+ suggestion: 'Copy package.json and lockfile first, run install, then copy source for better layer caching',
77
+ };
78
+ }
79
+ return null;
80
+ }
81
+ function checkCacheMount(line, lineNum, file, filePath) {
82
+ const safeLine = safeDockerLine(line);
83
+ if (PKG_INSTALL_PATTERN.test(safeLine) && !safeLine.includes('--mount=type=cache')) {
84
+ return {
85
+ file,
86
+ filePath,
87
+ line: lineNum,
88
+ rule: 'cache-mount',
89
+ message: 'Package install without BuildKit cache mount',
90
+ severity: 'warning',
91
+ suggestion: 'Add --mount=type=cache,id=pnpm,target=/root/.local/share/pnpm/store to cache the package store across builds',
92
+ };
93
+ }
94
+ return null;
95
+ }
96
+ /* v8 ignore start */
97
+ function processFromLine(line, lineNum, state) {
98
+ state.fromCount++;
99
+ state.lastFromLine = lineNum;
100
+ const safeLine = safeDockerLine(line);
101
+ const match = FROM_IMAGE_PATTERN.exec(safeLine);
102
+ const baseImage = match?.[1] ?? null;
103
+ if (baseImage)
104
+ state.baseImages.push(baseImage);
105
+ const stageMatch = FROM_STAGE_PATTERN.exec(safeLine);
106
+ const stageName = stageMatch?.[1]?.toLowerCase() ?? null;
107
+ if (stageName) {
108
+ state.isInRunnerStage = isRunnerStageName(stageName);
109
+ }
110
+ else if (state.fromCount > 1) {
111
+ state.isInRunnerStage = true;
112
+ }
113
+ if (state.isInRunnerStage) {
114
+ state.runnerStageBaseImage = baseImage;
115
+ state.runnerFromLine = lineNum;
116
+ if (baseImage) {
117
+ const baseImageLower = baseImage.toLowerCase();
118
+ state.runnerInheritsBuildStage = state.stageNames.includes(baseImageLower);
119
+ }
120
+ }
121
+ if (stageName) {
122
+ state.stageNames.push(stageName);
123
+ }
124
+ }
125
+ function addMissingBestPracticeViolations(file, filePath, lineCount, state) {
126
+ const violations = [];
127
+ const hasMultiStage = state.fromCount >= 2;
128
+ if (!hasMultiStage && state.fromCount > 0) {
129
+ violations.push({
130
+ file,
131
+ filePath,
132
+ line: 1,
133
+ rule: 'multi-stage-build',
134
+ message: 'Dockerfile does not use multi-stage build',
135
+ severity: 'error',
136
+ suggestion: 'Use separate stages for building and running to reduce image size and attack surface',
137
+ });
138
+ }
139
+ if (!state.hasNonRootUser && state.fromCount > 0) {
140
+ violations.push({
141
+ file,
142
+ filePath,
143
+ line: lineCount,
144
+ rule: 'non-root-user',
145
+ message: 'Dockerfile does not specify a non-root user',
146
+ severity: 'error',
147
+ suggestion: String.raw `Add USER directive with a non-root user: RUN addgroup --system app && adduser --system --ingroup app app\nUSER app`,
148
+ });
149
+ }
150
+ if (!state.hasHealthcheck && state.fromCount > 0) {
151
+ violations.push({
152
+ file,
153
+ filePath,
154
+ line: lineCount,
155
+ rule: 'healthcheck',
156
+ message: 'Dockerfile does not include a HEALTHCHECK instruction',
157
+ severity: 'warning',
158
+ suggestion: 'Add HEALTHCHECK to help orchestrators verify container health',
159
+ });
160
+ }
161
+ const runnerUsesNode = state.runnerStageBaseImage?.includes('node') ?? false;
162
+ if (runnerUsesNode && !state.hasNodeEnvProduction) {
163
+ violations.push({
164
+ file,
165
+ filePath,
166
+ line: lineCount,
167
+ rule: 'node-env-production',
168
+ message: 'NODE_ENV=production not set in runtime stage',
169
+ severity: 'warning',
170
+ suggestion: 'Add ENV NODE_ENV=production in the runner stage for Node.js optimizations',
171
+ });
172
+ }
173
+ if (state.runnerCopiesNodeModules && !state.hasProductionDepsFlag) {
174
+ violations.push({
175
+ file,
176
+ filePath,
177
+ line: state.runnerNodeModulesLine,
178
+ rule: 'production-dependencies',
179
+ message: 'Runtime image copies node_modules without production-only dependency resolution',
180
+ severity: 'error',
181
+ suggestion: 'Use "pnpm deploy --prod" to create a production bundle, or add --prod to install command to exclude devDependencies from the runtime image',
182
+ });
183
+ }
184
+ if (state.runnerInheritsBuildStage) {
185
+ violations.push({
186
+ file,
187
+ filePath,
188
+ line: state.runnerFromLine,
189
+ rule: 'no-build-tools-in-runner',
190
+ message: 'Runtime stage inherits from a build stage that may include build tools (pnpm, corepack, etc.)',
191
+ severity: 'warning',
192
+ suggestion: 'Use a clean base image (e.g., node:20-alpine) for the runtime stage instead of inheriting from a build stage',
193
+ });
194
+ }
195
+ return violations;
196
+ }
197
+ /* v8 ignore stop */
198
+ function processUserLine(trimmedLine, state) {
199
+ const safeLine = safeDockerLine(trimmedLine);
200
+ const userMatch = USER_PATTERN.exec(safeLine);
201
+ if (userMatch?.[1] && userMatch[1] !== 'root') {
202
+ state.hasNonRootUser = true;
203
+ }
204
+ }
205
+ function processRunLine(options) {
206
+ const { trimmedLine, lineNum, file, filePath, state, violations } = options;
207
+ const runResult = checkRunCommand(trimmedLine, lineNum, file, filePath);
208
+ violations.push(...runResult.violations);
209
+ if (runResult.hasFrozenLockfileViolation)
210
+ state.hasFrozenLockfile = false;
211
+ const cacheMountViolation = checkCacheMount(trimmedLine, lineNum, file, filePath);
212
+ if (cacheMountViolation)
213
+ violations.push(cacheMountViolation);
214
+ if (PROD_DEPS_FLAG_PATTERN.test(safeDockerLine(trimmedLine))) {
215
+ state.hasProductionDepsFlag = true;
216
+ }
217
+ }
218
+ function processCopyLine(options) {
219
+ const { trimmedLine, lineNum, index, lines, file, filePath, state, violations } = options;
220
+ const copyViolation = checkCopyOrder({
221
+ line: trimmedLine,
222
+ lineNum,
223
+ file,
224
+ filePath,
225
+ lines,
226
+ lastFromLine: state.lastFromLine,
227
+ lineIndex: index,
228
+ });
229
+ if (copyViolation)
230
+ violations.push(copyViolation);
231
+ if (state.isInRunnerStage && NODE_MODULES_FROM_STAGE_PATTERN.test(safeDockerLine(trimmedLine))) {
232
+ state.runnerCopiesNodeModules = true;
233
+ state.runnerNodeModulesLine = lineNum;
234
+ }
235
+ }
236
+ function processDockerfileLine(options) {
237
+ const { line, index, lines, state, violations, file, filePath } = options;
238
+ /* v8 ignore next */
239
+ const trimmedLine = line?.trim() ?? '';
240
+ if (!trimmedLine || trimmedLine.startsWith('#'))
241
+ return;
242
+ const upperLine = trimmedLine.toUpperCase();
243
+ const lineNum = index + 1;
244
+ if (upperLine.startsWith('FROM ')) {
245
+ processFromLine(trimmedLine, lineNum, state);
246
+ }
247
+ if (upperLine.startsWith('USER ')) {
248
+ processUserLine(trimmedLine, state);
249
+ }
250
+ if (upperLine.startsWith('HEALTHCHECK ')) {
251
+ state.hasHealthcheck = true;
252
+ }
253
+ if (NODE_ENV_PROD_PATTERN.test(safeDockerLine(trimmedLine))) {
254
+ state.hasNodeEnvProduction = true;
255
+ }
256
+ const secretViolation = checkForSecrets(trimmedLine, lineNum, file, filePath);
257
+ if (secretViolation)
258
+ violations.push(secretViolation);
259
+ if (upperLine.startsWith('RUN ')) {
260
+ processRunLine({ trimmedLine, lineNum, file, filePath, state, violations });
261
+ }
262
+ if (upperLine.startsWith('COPY ')) {
263
+ processCopyLine({ trimmedLine, lineNum, index, lines, file, filePath, state, violations });
264
+ }
265
+ }
266
+ /** Analyze a Dockerfile for best-practice violations. */
267
+ export function analyzeDockerfile(content, filePath, file) {
268
+ const lines = content.split('\n');
269
+ const violations = [];
270
+ const state = {
271
+ hasNonRootUser: false,
272
+ hasHealthcheck: false,
273
+ hasFrozenLockfile: true,
274
+ hasNodeEnvProduction: false,
275
+ hasProductionDepsFlag: false,
276
+ baseImages: [],
277
+ fromCount: 0,
278
+ isInRunnerStage: false,
279
+ runnerStageBaseImage: null,
280
+ lastFromLine: 0,
281
+ stageNames: [],
282
+ runnerCopiesNodeModules: false,
283
+ runnerNodeModulesLine: 0,
284
+ runnerInheritsBuildStage: false,
285
+ runnerFromLine: 0,
286
+ };
287
+ for (let i = 0; i < lines.length; i++) {
288
+ processDockerfileLine({
289
+ line: lines[i],
290
+ index: i,
291
+ lines,
292
+ state,
293
+ violations,
294
+ file,
295
+ filePath,
296
+ });
297
+ }
298
+ violations.push(...addMissingBestPracticeViolations(file, filePath, lines.length, state));
299
+ return violations;
300
+ }
301
+ //# sourceMappingURL=docker-best-practices-analyze.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"docker-best-practices-analyze.js","sourceRoot":"","sources":["../../../src/checks/architecture/docker-best-practices-analyze.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EACL,mBAAmB,EACnB,YAAY,EACZ,kBAAkB,EAClB,kBAAkB,EAClB,qBAAqB,EACrB,+BAA+B,EAC/B,yBAAyB,EACzB,wBAAwB,EACxB,mBAAmB,EACnB,sBAAsB,EACtB,iBAAiB,EACjB,eAAe,EACf,YAAY,EACZ,cAAc,GAGf,MAAM,qCAAqC,CAAC;AAE7C,SAAS,eAAe,CACtB,IAAY,EACZ,OAAe,EACf,IAAY,EACZ,QAAgB;IAEhB,MAAM,QAAQ,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;IACtC,KAAK,MAAM,OAAO,IAAI,eAAe,EAAE,CAAC;QACtC,IAAI,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC3B,OAAO;gBACL,IAAI;gBACJ,QAAQ;gBACR,IAAI,EAAE,OAAO;gBACb,IAAI,EAAE,sBAAsB;gBAC5B,OAAO,EAAE,yCAAyC;gBAClD,QAAQ,EAAE,OAAO;gBACjB,UAAU,EACR,kFAAkF;aACrF,CAAC;QACJ,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,eAAe,CACtB,IAAY,EACZ,OAAe,EACf,IAAY,EACZ,QAAgB;IAEhB,MAAM,UAAU,GAA0B,EAAE,CAAC;IAC7C,IAAI,0BAA0B,GAAG,KAAK,CAAC;IACvC,MAAM,QAAQ,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;IAEtC,KAAK,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,IAAI,wBAAwB,EAAE,CAAC;QACjE,IAAI,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC3B,0BAA0B,GAAG,IAAI,CAAC;YAClC,UAAU,CAAC,IAAI,CAAC;gBACd,IAAI;gBACJ,QAAQ;gBACR,IAAI,EAAE,OAAO;gBACb,IAAI,EAAE,iBAAiB;gBACvB,OAAO,EAAE,GAAG,OAAO,uCAAuC;gBAC1D,QAAQ,EAAE,OAAO;gBACjB,UAAU,EAAE,OAAO,GAAG,gCAAgC;aACvD,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,IAAI,mBAAmB,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;QACvC,UAAU,CAAC,IAAI,CAAC;YACd,IAAI;YACJ,QAAQ;YACR,IAAI,EAAE,OAAO;YACb,IAAI,EAAE,gBAAgB;YACtB,OAAO,EAAE,+CAA+C;YACxD,QAAQ,EAAE,SAAS;YACnB,UAAU,EAAE,iEAAiE;SAC9E,CAAC,CAAC;IACL,CAAC;IAED,OAAO,EAAE,UAAU,EAAE,0BAA0B,EAAE,CAAC;AACpD,CAAC;AAYD,SAAS,cAAc,CAAC,OAA8B;IACpD,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,YAAY,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC;IAElF,sBAAsB;IACtB,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,QAAQ,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;IACtC,MAAM,SAAS,GAAG,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC9C,IAAI,SAAS,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,IAAI,SAAS,EAAE,CAAC,CAAC,CAAC,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IACnE,IAAI,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC;QAAE,OAAO,IAAI,CAAC;IAE9C,MAAM,UAAU,GAAG,KAAK,CAAC,KAAK,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;IAExD,MAAM,kBAAkB,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAC/C,yBAAyB,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,CAClD,CAAC;IAEF,MAAM,uBAAuB,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CACpD,+BAA+B,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,CACxD,CAAC;IAEF,IAAI,CAAC,kBAAkB,IAAI,CAAC,uBAAuB,EAAE,CAAC;QACpD,OAAO;YACL,IAAI;YACJ,QAAQ;YACR,IAAI,EAAE,OAAO;YACb,IAAI,EAAE,YAAY;YAClB,OAAO,EAAE,wCAAwC;YACjD,QAAQ,EAAE,SAAS;YACnB,UAAU,EACR,8FAA8F;SACjG,CAAC;IACJ,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,eAAe,CACtB,IAAY,EACZ,OAAe,EACf,IAAY,EACZ,QAAgB;IAEhB,MAAM,QAAQ,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;IACtC,IAAI,mBAAmB,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,oBAAoB,CAAC,EAAE,CAAC;QACnF,OAAO;YACL,IAAI;YACJ,QAAQ;YACR,IAAI,EAAE,OAAO;YACb,IAAI,EAAE,aAAa;YACnB,OAAO,EAAE,8CAA8C;YACvD,QAAQ,EAAE,SAAS;YACnB,UAAU,EACR,8GAA8G;SACjH,CAAC;IACJ,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,qBAAqB;AACrB,SAAS,eAAe,CAAC,IAAY,EAAE,OAAe,EAAE,KAAoB;IAC1E,KAAK,CAAC,SAAS,EAAE,CAAC;IAClB,KAAK,CAAC,YAAY,GAAG,OAAO,CAAC;IAC7B,MAAM,QAAQ,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;IACtC,MAAM,KAAK,GAAG,kBAAkB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAChD,MAAM,SAAS,GAAG,KAAK,EAAE,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;IACrC,IAAI,SAAS;QAAE,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAEhD,MAAM,UAAU,GAAG,kBAAkB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACrD,MAAM,SAAS,GAAG,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,IAAI,IAAI,CAAC;IAEzD,IAAI,SAAS,EAAE,CAAC;QACd,KAAK,CAAC,eAAe,GAAG,iBAAiB,CAAC,SAAS,CAAC,CAAC;IACvD,CAAC;SAAM,IAAI,KAAK,CAAC,SAAS,GAAG,CAAC,EAAE,CAAC;QAC/B,KAAK,CAAC,eAAe,GAAG,IAAI,CAAC;IAC/B,CAAC;IAED,IAAI,KAAK,CAAC,eAAe,EAAE,CAAC;QAC1B,KAAK,CAAC,oBAAoB,GAAG,SAAS,CAAC;QACvC,KAAK,CAAC,cAAc,GAAG,OAAO,CAAC;QAE/B,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,cAAc,GAAG,SAAS,CAAC,WAAW,EAAE,CAAC;YAC/C,KAAK,CAAC,wBAAwB,GAAG,KAAK,CAAC,UAAU,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;QAC7E,CAAC;IACH,CAAC;IAED,IAAI,SAAS,EAAE,CAAC;QACd,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACnC,CAAC;AACH,CAAC;AAED,SAAS,gCAAgC,CACvC,IAAY,EACZ,QAAgB,EAChB,SAAiB,EACjB,KAAoB;IAEpB,MAAM,UAAU,GAA0B,EAAE,CAAC;IAC7C,MAAM,aAAa,GAAG,KAAK,CAAC,SAAS,IAAI,CAAC,CAAC;IAE3C,IAAI,CAAC,aAAa,IAAI,KAAK,CAAC,SAAS,GAAG,CAAC,EAAE,CAAC;QAC1C,UAAU,CAAC,IAAI,CAAC;YACd,IAAI;YACJ,QAAQ;YACR,IAAI,EAAE,CAAC;YACP,IAAI,EAAE,mBAAmB;YACzB,OAAO,EAAE,2CAA2C;YACpD,QAAQ,EAAE,OAAO;YACjB,UAAU,EACR,sFAAsF;SACzF,CAAC,CAAC;IACL,CAAC;IAED,IAAI,CAAC,KAAK,CAAC,cAAc,IAAI,KAAK,CAAC,SAAS,GAAG,CAAC,EAAE,CAAC;QACjD,UAAU,CAAC,IAAI,CAAC;YACd,IAAI;YACJ,QAAQ;YACR,IAAI,EAAE,SAAS;YACf,IAAI,EAAE,eAAe;YACrB,OAAO,EAAE,6CAA6C;YACtD,QAAQ,EAAE,OAAO;YACjB,UAAU,EAAE,MAAM,CAAC,GAAG,CAAA,oHAAoH;SAC3I,CAAC,CAAC;IACL,CAAC;IAED,IAAI,CAAC,KAAK,CAAC,cAAc,IAAI,KAAK,CAAC,SAAS,GAAG,CAAC,EAAE,CAAC;QACjD,UAAU,CAAC,IAAI,CAAC;YACd,IAAI;YACJ,QAAQ;YACR,IAAI,EAAE,SAAS;YACf,IAAI,EAAE,aAAa;YACnB,OAAO,EAAE,uDAAuD;YAChE,QAAQ,EAAE,SAAS;YACnB,UAAU,EAAE,+DAA+D;SAC5E,CAAC,CAAC;IACL,CAAC;IAED,MAAM,cAAc,GAAG,KAAK,CAAC,oBAAoB,EAAE,QAAQ,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC;IAC7E,IAAI,cAAc,IAAI,CAAC,KAAK,CAAC,oBAAoB,EAAE,CAAC;QAClD,UAAU,CAAC,IAAI,CAAC;YACd,IAAI;YACJ,QAAQ;YACR,IAAI,EAAE,SAAS;YACf,IAAI,EAAE,qBAAqB;YAC3B,OAAO,EAAE,8CAA8C;YACvD,QAAQ,EAAE,SAAS;YACnB,UAAU,EAAE,2EAA2E;SACxF,CAAC,CAAC;IACL,CAAC;IAED,IAAI,KAAK,CAAC,uBAAuB,IAAI,CAAC,KAAK,CAAC,qBAAqB,EAAE,CAAC;QAClE,UAAU,CAAC,IAAI,CAAC;YACd,IAAI;YACJ,QAAQ;YACR,IAAI,EAAE,KAAK,CAAC,qBAAqB;YACjC,IAAI,EAAE,yBAAyB;YAC/B,OAAO,EAAE,iFAAiF;YAC1F,QAAQ,EAAE,OAAO;YACjB,UAAU,EACR,4IAA4I;SAC/I,CAAC,CAAC;IACL,CAAC;IAED,IAAI,KAAK,CAAC,wBAAwB,EAAE,CAAC;QACnC,UAAU,CAAC,IAAI,CAAC;YACd,IAAI;YACJ,QAAQ;YACR,IAAI,EAAE,KAAK,CAAC,cAAc;YAC1B,IAAI,EAAE,0BAA0B;YAChC,OAAO,EACL,+FAA+F;YACjG,QAAQ,EAAE,SAAS;YACnB,UAAU,EACR,8GAA8G;SACjH,CAAC,CAAC;IACL,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC;AACD,oBAAoB;AAEpB,SAAS,eAAe,CAAC,WAAmB,EAAE,KAAoB;IAChE,MAAM,QAAQ,GAAG,cAAc,CAAC,WAAW,CAAC,CAAC;IAC7C,MAAM,SAAS,GAAG,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC9C,IAAI,SAAS,EAAE,CAAC,CAAC,CAAC,IAAI,SAAS,CAAC,CAAC,CAAC,KAAK,MAAM,EAAE,CAAC;QAC9C,KAAK,CAAC,cAAc,GAAG,IAAI,CAAC;IAC9B,CAAC;AACH,CAAC;AAWD,SAAS,cAAc,CAAC,OAA8B;IACpD,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,UAAU,EAAE,GAAG,OAAO,CAAC;IAC5E,MAAM,SAAS,GAAG,eAAe,CAAC,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;IACxE,UAAU,CAAC,IAAI,CAAC,GAAG,SAAS,CAAC,UAAU,CAAC,CAAC;IACzC,IAAI,SAAS,CAAC,0BAA0B;QAAE,KAAK,CAAC,iBAAiB,GAAG,KAAK,CAAC;IAE1E,MAAM,mBAAmB,GAAG,eAAe,CAAC,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;IAClF,IAAI,mBAAmB;QAAE,UAAU,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;IAE9D,IAAI,sBAAsB,CAAC,IAAI,CAAC,cAAc,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC;QAC7D,KAAK,CAAC,qBAAqB,GAAG,IAAI,CAAC;IACrC,CAAC;AACH,CAAC;AAaD,SAAS,eAAe,CAAC,OAA+B;IACtD,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,UAAU,EAAE,GAAG,OAAO,CAAC;IAC1F,MAAM,aAAa,GAAG,cAAc,CAAC;QACnC,IAAI,EAAE,WAAW;QACjB,OAAO;QACP,IAAI;QACJ,QAAQ;QACR,KAAK;QACL,YAAY,EAAE,KAAK,CAAC,YAAY;QAChC,SAAS,EAAE,KAAK;KACjB,CAAC,CAAC;IACH,IAAI,aAAa;QAAE,UAAU,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IAElD,IAAI,KAAK,CAAC,eAAe,IAAI,+BAA+B,CAAC,IAAI,CAAC,cAAc,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC;QAC/F,KAAK,CAAC,uBAAuB,GAAG,IAAI,CAAC;QACrC,KAAK,CAAC,qBAAqB,GAAG,OAAO,CAAC;IACxC,CAAC;AACH,CAAC;AAYD,SAAS,qBAAqB,CAAC,OAAqC;IAClE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,UAAU,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC;IAC1E,oBAAoB;IACpB,MAAM,WAAW,GAAG,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACvC,IAAI,CAAC,WAAW,IAAI,WAAW,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,OAAO;IAExD,MAAM,SAAS,GAAG,WAAW,CAAC,WAAW,EAAE,CAAC;IAC5C,MAAM,OAAO,GAAG,KAAK,GAAG,CAAC,CAAC;IAE1B,IAAI,SAAS,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QAClC,eAAe,CAAC,WAAW,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;IAC/C,CAAC;IAED,IAAI,SAAS,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QAClC,eAAe,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC;IACtC,CAAC;IAED,IAAI,SAAS,CAAC,UAAU,CAAC,cAAc,CAAC,EAAE,CAAC;QACzC,KAAK,CAAC,cAAc,GAAG,IAAI,CAAC;IAC9B,CAAC;IAED,IAAI,qBAAqB,CAAC,IAAI,CAAC,cAAc,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC;QAC5D,KAAK,CAAC,oBAAoB,GAAG,IAAI,CAAC;IACpC,CAAC;IAED,MAAM,eAAe,GAAG,eAAe,CAAC,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;IAC9E,IAAI,eAAe;QAAE,UAAU,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IAEtD,IAAI,SAAS,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QACjC,cAAc,CAAC,EAAE,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC,CAAC;IAC9E,CAAC;IAED,IAAI,SAAS,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QAClC,eAAe,CAAC,EAAE,WAAW,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC,CAAC;IAC7F,CAAC;AACH,CAAC;AAED,yDAAyD;AACzD,MAAM,UAAU,iBAAiB,CAC/B,OAAe,EACf,QAAgB,EAChB,IAAY;IAEZ,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAClC,MAAM,UAAU,GAA0B,EAAE,CAAC;IAE7C,MAAM,KAAK,GAAkB;QAC3B,cAAc,EAAE,KAAK;QACrB,cAAc,EAAE,KAAK;QACrB,iBAAiB,EAAE,IAAI;QACvB,oBAAoB,EAAE,KAAK;QAC3B,qBAAqB,EAAE,KAAK;QAC5B,UAAU,EAAE,EAAE;QACd,SAAS,EAAE,CAAC;QACZ,eAAe,EAAE,KAAK;QACtB,oBAAoB,EAAE,IAAI;QAC1B,YAAY,EAAE,CAAC;QACf,UAAU,EAAE,EAAE;QACd,uBAAuB,EAAE,KAAK;QAC9B,qBAAqB,EAAE,CAAC;QACxB,wBAAwB,EAAE,KAAK;QAC/B,cAAc,EAAE,CAAC;KAClB,CAAC;IAEF,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,qBAAqB,CAAC;YACpB,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC;YACd,KAAK,EAAE,CAAC;YACR,KAAK;YACL,KAAK;YACL,UAAU;YACV,IAAI;YACJ,QAAQ;SACT,CAAC,CAAC;IACL,CAAC;IAED,UAAU,CAAC,IAAI,CAAC,GAAG,gCAAgC,CAAC,IAAI,EAAE,QAAQ,EAAE,KAAK,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;IAE1F,OAAO,UAAU,CAAC;AACpB,CAAC"}
@@ -0,0 +1,50 @@
1
+ /**
2
+ * Pre-compiled regex patterns and state types for docker-best-practices.
3
+ */
4
+ export interface DockerfileViolation {
5
+ file: string;
6
+ filePath: string;
7
+ line: number;
8
+ rule: string;
9
+ message: string;
10
+ severity: 'error' | 'warning';
11
+ suggestion?: string;
12
+ }
13
+ export interface AnalysisState {
14
+ hasNonRootUser: boolean;
15
+ hasHealthcheck: boolean;
16
+ hasFrozenLockfile: boolean;
17
+ hasNodeEnvProduction: boolean;
18
+ hasProductionDepsFlag: boolean;
19
+ baseImages: string[];
20
+ fromCount: number;
21
+ isInRunnerStage: boolean;
22
+ runnerStageBaseImage: string | null;
23
+ lastFromLine: number;
24
+ stageNames: string[];
25
+ runnerCopiesNodeModules: boolean;
26
+ runnerNodeModulesLine: number;
27
+ runnerInheritsBuildStage: boolean;
28
+ runnerFromLine: number;
29
+ }
30
+ export declare function safeDockerLine(line: string): string;
31
+ export declare const SECRET_PATTERNS: RegExp[];
32
+ interface PackageManagerPattern {
33
+ pattern: RegExp;
34
+ manager: string;
35
+ fix: string;
36
+ }
37
+ export declare const PACKAGE_MANAGER_PATTERNS: PackageManagerPattern[];
38
+ export declare const PKG_INSTALL_PATTERN: RegExp;
39
+ export declare const PROD_DEPS_FLAG_PATTERN: RegExp;
40
+ export declare const APT_UPGRADE_PATTERN: RegExp;
41
+ export declare const COPY_PATTERN: RegExp;
42
+ export declare const PACKAGE_FILE_COPY_PATTERN: RegExp;
43
+ export declare const NODE_MODULES_FROM_STAGE_PATTERN: RegExp;
44
+ export declare const FROM_IMAGE_PATTERN: RegExp;
45
+ export declare const FROM_STAGE_PATTERN: RegExp;
46
+ export declare const USER_PATTERN: RegExp;
47
+ export declare const NODE_ENV_PROD_PATTERN: RegExp;
48
+ export declare function isRunnerStageName(stageName: string): boolean;
49
+ export {};
50
+ //# sourceMappingURL=docker-best-practices-patterns.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"docker-best-practices-patterns.d.ts","sourceRoot":"","sources":["../../../src/checks/architecture/docker-best-practices-patterns.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,OAAO,GAAG,SAAS,CAAC;IAC9B,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,aAAa;IAC5B,cAAc,EAAE,OAAO,CAAC;IACxB,cAAc,EAAE,OAAO,CAAC;IACxB,iBAAiB,EAAE,OAAO,CAAC;IAC3B,oBAAoB,EAAE,OAAO,CAAC;IAC9B,qBAAqB,EAAE,OAAO,CAAC;IAC/B,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,eAAe,EAAE,OAAO,CAAC;IACzB,oBAAoB,EAAE,MAAM,GAAG,IAAI,CAAC;IACpC,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,uBAAuB,EAAE,OAAO,CAAC;IACjC,qBAAqB,EAAE,MAAM,CAAC;IAC9B,wBAAwB,EAAE,OAAO,CAAC;IAClC,cAAc,EAAE,MAAM,CAAC;CACxB;AAID,wBAAgB,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAKnD;AAaD,eAAO,MAAM,eAAe,UAO3B,CAAC;AAQF,UAAU,qBAAqB;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,GAAG,EAAE,MAAM,CAAC;CACb;AAED,eAAO,MAAM,wBAAwB,EAAE,qBAAqB,EAQ3D,CAAC;AAEF,eAAO,MAAM,mBAAmB,QACsC,CAAC;AAEvE,eAAO,MAAM,sBAAsB,QAAgC,CAAC;AAEpE,eAAO,MAAM,mBAAmB,QAA4B,CAAC;AAC7D,eAAO,MAAM,YAAY,QAA0D,CAAC;AACpF,eAAO,MAAM,yBAAyB,QAC0C,CAAC;AACjF,eAAO,MAAM,+BAA+B,QACa,CAAC;AAC1D,eAAO,MAAM,kBAAkB,QAA6B,CAAC;AAC7D,eAAO,MAAM,kBAAkB,QAA6B,CAAC;AAC7D,eAAO,MAAM,YAAY,QAA6B,CAAC;AACvD,eAAO,MAAM,qBAAqB,QAAyC,CAAC;AAI5E,wBAAgB,iBAAiB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAE5D"}
@@ -0,0 +1,51 @@
1
+ /**
2
+ * Pre-compiled regex patterns and state types for docker-best-practices.
3
+ */
4
+ const MAX_DOCKERFILE_LINE_LENGTH = 2000;
5
+ export function safeDockerLine(line) {
6
+ /* v8 ignore next */
7
+ return line.length > MAX_DOCKERFILE_LINE_LENGTH
8
+ ? line.slice(0, MAX_DOCKERFILE_LINE_LENGTH)
9
+ : line;
10
+ }
11
+ const SECRET_API_KEY_PATTERN = /(?:API_KEY|APIKEY|API_SECRET|SECRET_KEY|AUTH_TOKEN|ACCESS_TOKEN)\s{0,10}=\s{0,10}['"]?[\w-]{16,200}/i;
12
+ const SECRET_AWS_PATTERN = /(?:AWS_ACCESS_KEY_ID|AWS_SECRET_ACCESS_KEY)\s{0,10}=\s{0,10}['"]?[\w/+=]{20,200}/i;
13
+ const SECRET_DB_URL_PATTERN = /(?:DATABASE_URL|DB_URL|MONGO_URL|REDIS_URL)\s{0,10}=\s{0,10}['"]?[a-z]{1,20}:\/\/[^:]{1,100}:[^@]{1,100}@/i;
14
+ const SECRET_PASSWORD_PATTERN = /(?:PASSWORD|PASSWD|DB_PASSWORD|ADMIN_PASSWORD)\s{0,10}=\s{0,10}['"]?[^\s'"]{8,200}/i;
15
+ const SECRET_PRIVATE_KEY_PATTERN = /-----BEGIN\s{1,10}(?:RSA\s{1,10})?PRIVATE\s{1,10}KEY-----/;
16
+ const SECRET_JWT_PATTERN = /JWT_SECRET\s{0,10}=\s{0,10}['"]?[\w-]{32,500}/i;
17
+ export const SECRET_PATTERNS = [
18
+ SECRET_API_KEY_PATTERN,
19
+ SECRET_AWS_PATTERN,
20
+ SECRET_DB_URL_PATTERN,
21
+ SECRET_PASSWORD_PATTERN,
22
+ SECRET_PRIVATE_KEY_PATTERN,
23
+ SECRET_JWT_PATTERN,
24
+ ];
25
+ const PNPM_INSTALL_PATTERN = /pnpm\s{1,10}install(?!\s{1,10}--frozen-lockfile)/;
26
+ const NPM_INSTALL_PATTERN = /npm\s{1,10}(?:install|ci)(?!\s{1,10}-g)(?!\s{1,10}--global)(?!\s{1,10}--ci)(?!\s{1,10}--frozen-lockfile)/;
27
+ const YARN_INSTALL_PATTERN = /yarn\s{1,10}install(?!\s{1,10}--frozen-lockfile)(?!\s{1,10}--immutable)/;
28
+ export const PACKAGE_MANAGER_PATTERNS = [
29
+ { pattern: PNPM_INSTALL_PATTERN, manager: 'pnpm', fix: '--frozen-lockfile' },
30
+ { pattern: NPM_INSTALL_PATTERN, manager: 'npm', fix: '--ci or npm ci' },
31
+ {
32
+ pattern: YARN_INSTALL_PATTERN,
33
+ manager: 'yarn',
34
+ fix: '--frozen-lockfile or --immutable',
35
+ },
36
+ ];
37
+ export const PKG_INSTALL_PATTERN = /(?:pnpm|npm|yarn)\s{1,10}install(?!\s{1,10}-g)(?!\s{1,10}--global)/;
38
+ export const PROD_DEPS_FLAG_PATTERN = /(?:--prod\b|--production\b)/;
39
+ export const APT_UPGRADE_PATTERN = /apt-get\s{1,10}upgrade/i;
40
+ export const COPY_PATTERN = /COPY\s{1,10}(?:--from=\S{1,100}\s{1,10})?(\S{1,500})/i;
41
+ export const PACKAGE_FILE_COPY_PATTERN = /COPY\s{1,10}[^\n]{0,500}(?:package\.json|pnpm-lock|yarn\.lock|package-lock)/i;
42
+ export const NODE_MODULES_FROM_STAGE_PATTERN = /COPY\s{1,10}--from=\S{1,100}[^\n]{0,500}node_modules/i;
43
+ export const FROM_IMAGE_PATTERN = /FROM\s{1,10}(\S{1,200})/i;
44
+ export const FROM_STAGE_PATTERN = /\bAS\s{1,10}(\w{1,100})/i;
45
+ export const USER_PATTERN = /USER\s{1,10}(\S{1,100})/i;
46
+ export const NODE_ENV_PROD_PATTERN = /NODE_ENV\s{0,10}=\s{0,10}production/i;
47
+ const RUNNER_STAGE_NAMES = ['runner', 'production', 'prod', 'final', 'runtime'];
48
+ export function isRunnerStageName(stageName) {
49
+ return RUNNER_STAGE_NAMES.includes(stageName);
50
+ }
51
+ //# sourceMappingURL=docker-best-practices-patterns.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"docker-best-practices-patterns.js","sourceRoot":"","sources":["../../../src/checks/architecture/docker-best-practices-patterns.ts"],"names":[],"mappings":"AAAA;;GAEG;AA8BH,MAAM,0BAA0B,GAAG,IAAI,CAAC;AAExC,MAAM,UAAU,cAAc,CAAC,IAAY;IACzC,oBAAoB;IACpB,OAAO,IAAI,CAAC,MAAM,GAAG,0BAA0B;QAC7C,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,0BAA0B,CAAC;QAC3C,CAAC,CAAC,IAAI,CAAC;AACX,CAAC;AAED,MAAM,sBAAsB,GAC1B,sGAAsG,CAAC;AACzG,MAAM,kBAAkB,GACtB,mFAAmF,CAAC;AACtF,MAAM,qBAAqB,GACzB,4GAA4G,CAAC;AAC/G,MAAM,uBAAuB,GAC3B,qFAAqF,CAAC;AACxF,MAAM,0BAA0B,GAAG,2DAA2D,CAAC;AAC/F,MAAM,kBAAkB,GAAG,gDAAgD,CAAC;AAE5E,MAAM,CAAC,MAAM,eAAe,GAAG;IAC7B,sBAAsB;IACtB,kBAAkB;IAClB,qBAAqB;IACrB,uBAAuB;IACvB,0BAA0B;IAC1B,kBAAkB;CACnB,CAAC;AAEF,MAAM,oBAAoB,GAAG,kDAAkD,CAAC;AAChF,MAAM,mBAAmB,GACvB,0GAA0G,CAAC;AAC7G,MAAM,oBAAoB,GACxB,yEAAyE,CAAC;AAQ5E,MAAM,CAAC,MAAM,wBAAwB,GAA4B;IAC/D,EAAE,OAAO,EAAE,oBAAoB,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,mBAAmB,EAAE;IAC5E,EAAE,OAAO,EAAE,mBAAmB,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,gBAAgB,EAAE;IACvE;QACE,OAAO,EAAE,oBAAoB;QAC7B,OAAO,EAAE,MAAM;QACf,GAAG,EAAE,kCAAkC;KACxC;CACF,CAAC;AAEF,MAAM,CAAC,MAAM,mBAAmB,GAC9B,oEAAoE,CAAC;AAEvE,MAAM,CAAC,MAAM,sBAAsB,GAAG,6BAA6B,CAAC;AAEpE,MAAM,CAAC,MAAM,mBAAmB,GAAG,yBAAyB,CAAC;AAC7D,MAAM,CAAC,MAAM,YAAY,GAAG,uDAAuD,CAAC;AACpF,MAAM,CAAC,MAAM,yBAAyB,GACpC,8EAA8E,CAAC;AACjF,MAAM,CAAC,MAAM,+BAA+B,GAC1C,uDAAuD,CAAC;AAC1D,MAAM,CAAC,MAAM,kBAAkB,GAAG,0BAA0B,CAAC;AAC7D,MAAM,CAAC,MAAM,kBAAkB,GAAG,0BAA0B,CAAC;AAC7D,MAAM,CAAC,MAAM,YAAY,GAAG,0BAA0B,CAAC;AACvD,MAAM,CAAC,MAAM,qBAAqB,GAAG,sCAAsC,CAAC;AAE5E,MAAM,kBAAkB,GAAG,CAAC,QAAQ,EAAE,YAAY,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,CAAU,CAAC;AAEzF,MAAM,UAAU,iBAAiB,CAAC,SAAiB;IACjD,OAAQ,kBAAwC,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;AACvE,CAAC"}
@@ -1 +1 @@
1
- {"version":3,"file":"docker-best-practices.d.ts","sourceRoot":"","sources":["../../../src/checks/architecture/docker-best-practices.ts"],"names":[],"mappings":"AAEA;;;;;;GAMG;AA2hBH;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,mBAAmB,sCAqC9B,CAAC"}
1
+ {"version":3,"file":"docker-best-practices.d.ts","sourceRoot":"","sources":["../../../src/checks/architecture/docker-best-practices.ts"],"names":[],"mappings":"AACA;;;;;;GAMG;AAQH;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,mBAAmB,sCAqC9B,CAAC"}