@pixelated-tech/components 3.13.2 → 3.13.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -1 +1 @@
|
|
|
1
|
-
pxl:v1:
|
|
1
|
+
pxl:v1:70ac06651c42e04f4e82bac3:6265229bd16e0c1883871e752180ba63:a18cb6ac91da4aec707a91b27769c1ecca7b82d3e26587b4992ef0ba0d1d708ff05de4efe7d45262bad54f3bad0212f9862314e0f039144e7f573fa21cdced0f0b080fe486b38eb8fd43c31c10f9fa6058d4f987b2da3679bdd79b70967543cf1c31e76615f6c8f433d7b62a57361c64ab0c9915315011415c07f9281a94b32a4d603b135e3a202560aabb23dff299a00b147891f1a55af06247e7bc94ff47355f9310be038d0940d68424cdf1e5970f9c9bb1463bc3b5ebdcfb786d38e671365554bb3cce0d134936326148f586c118d2eaa43d496c45ffbf6c3a4d84e95b1fc5142a49bd1c0aa01e9b260adf3313c7a0dca25c186701f74f5389cff35dad3ef003235da34aceeb495fb14db7ce4e349bf9ff8186a63e659e317b030c888fb221f6eb697ce49e50b4f766a6541c5514aee61a7b413b1a712494c585e5cce55f495e27b992f75ab8cf6579007ad5daa8c794361da8f4f3dfb43cec63eea9bb0d81632d00a59ea7b2f132d9c1dd921058f17712f6ce8576bee285aa7d81784ed0e4550ed0fa4cae2a699b4d59cda4810ce5f75b4e53624ae8f471ba3ccc23d8177f8dc34807179238e33375568f6217a67594aee7fdfe96930c32107202c3a3c49b562db84cf725869f6546677bc875a86ca0621fe88d3514011a34299134662d645c110a25cac48ce351540095ce07fe6924d8fb01211fe9262e8dbebdc7c8dc28696d8ad4c874c38c7bc8c83a8eb8ce0454f5a02074ded67a823500215a87830370e5bb9e6cd66175c6683ed7100a73b6deac415a59ecf351a9f7efd5ec5352e65fc5e688adb6b70e62503435312d32bf1d48d98aa2667ce4af23dfd7d273bf690a1075fd684ae6be97fe50a30b7212bf82133022e648685123dc4155fa7017cfff8326bf01f79b6b4f35685533c708fe23d3aa78df1a8c038494ca392192939f0f9c6f22237df9465202d225a904ce6a3076d5e3483bd5ed07d0543a34253b000d799223e31f8239ef4372ba3b71c81aa7b3c10c275adecd90854d8cd935f51c00edefa3aa14e27cb906d485fa0a8a142339e0dc636bb189b32e53feeaab5f715fc23d6ce234a41c52fc12d036bca6ae81a75eb27c39b6ba22b297c977b318d40e16df7182aad8ca43ee7556e668f2582036cb8f7ef095d12e9d4750ef6e2e471e964c3bde991414d11f1c46da0ce88dee058b73db8999473af00f294bca7e1a2293c83acdcd9f973c7f3c3cee771ed37b5e6374d870d5f496b67d9ed4249f94ea41272ab3880f3f4337e310075693386f44638a03d569ba7a04ac028bb11f289aabafc95b1939c54b393a66f7ef2cb4db99ebd2741390b44b7bea4b2a2d0c165601ea0886466913e11624d4aa1ab4e92fd9788ae91d48c78b1171ddda854e9a6ee36502318037736f2e4c338c213efd80bec13b999e66c559e3a175778c660740bb8b55ee550e345d79076b5cfeaf855e66f02d8a5358d5ff90776e804b32979246055a1d639d6d8e15f01cdc456bc822e872cbeb450c5a63016c2d8e6320d1e82709020e67f0c783d26a810436db5d8ea8f6cac89846aef9c72cae88662377153bf294b3cc7b317a813561b0ec890f1673507f6ae53536c43e38bd8d1e9e25bdc7ff7aca69db713c762443626ee48f7075661d1a8bf7e6c38c4ae6c1eebf5c06b1730e92635a95ad03db7609ff476ec0f6129567d6455db9cbc57ddd714c81c285a791f4d47b159f7170e1ab4d00d2f9a5106e6ec12c8605a0be2b6b83039e5b988c26fcee5ea25ac1e4410cd2a4d33964765963f3e5ad01e313127d09c2f28a779b9425afc11640b82a536480c829728e4fa8429e737177cc5a8ace94c41be0713735e77307e492efe781ecd13416e87f7481bd8b082fff6db9533dc9a34ed9cc295528ea216aa3457e6734b3d2935c5d6c0231b312bb5e60dd86f6c3e88132fcad450b6a48553a1fc8bcead337771cfe28f44a3b6f9fb097e48881281b08661bafb3bcf4457d6fb5d4831d09226f777a7ad38127e776ac07bbb83d7d332cdac772b7253061a474fad36b14f433d8e4a95e3184b75cb5d13c5b91d2bffde22f3127882c05a104aba355f98cc6fae7772f8ab3b641ea46b952a250568f653b62806c68c8abc8f76ec12839f9dd6a1fdd61e5fb6bd8625c876af779aaedbcbba0496274d7c9df9890c5d196cdf10bf78edf10ad545edf4d3bac17432f7129825540795ec4fa1a5ba620a5cd2b5d457596dc6ff35417380508fc1ccc1e02f4802d6bf12da54b17ae0193616887c5391b7a2133e9ef92a725a79931e25a1677ff61b60962b73a53b7e4b0497a43a10d7565ae58e9b90a1d002d75c00e52ef48b5b5fd61901bc239e6e02516d47a7daa73bb194cd55eec6cbcd757711286911020e8a8644a9c8437432570fb6f5dc9f8c4d02124fcd09f56b20146901d38407977dd8062980dcb1bf0d7e20cb9286da3129f3f2a7dc73f72f55ae3250cfb641763eabd58772348f982eaed31632cbfe3015ef11b7644ccde7d3924a136bc3769454c53aa6f5c46cd3d21ca35ab666cf98ce211037724cfd0ce9d81634b9ba312721f4bd8a106499c9f552459661c7dbc0d890ed97795f87a54ae85b743289bfc8e46e9fd5fac6bd31673108d8239b15a981b4bb9cae59adec6330775bf9a8668f17c755f4c87fd096e4c5b8b3a5b4740419dadbadc84bd1668a10fbd5ff1061d516a8dd255d2b119a657d819698fa74c9649b2065cb4f3b037147d305d13319e1e8ea9005b6c21a75ae2ba5b0963e883fa60be15a5cc1fe80ea5068a5c1d1d4f0d35d17dff94cb0b5c4509a78bb4a1dce8dff79ed6453f41fa79cf95f83e605e253abae70c5062db2e399be14816ae8cf860c6508167ebf6202cf77a2bfa32a6c57285ff04a40f053eea6fe75f8ba4a31a71fd46e38874c840e65686e5cd6ccd56c295bbcd8af94be7b0f4a968710ca7ce92b671be4726f0595584a74217da1c903805ed48451b95258f7f7f2070fb71db54569d906e68a19400f4830a736efb0c318ff653e11cf6e872aacae103bf03c709e28cb2842fc449f8fb0dc111116a4563fb388c6a5664419ae3b9b246873774647ee864c7f48ef1a769572b0d88c1620da8da8a9b817b17650433abbf595bcab24fd2a4c75776c603bb854a5e926f9325114c8e586cdd954d16ab2f80d5bdd0cc8513b29f55bb1acfa2bfdc16f6efa8448ede6b48c1412e5ee0b6701220afaedf8b52a41914b6581d05d5cbec380cef8ba15ce40e8b941507888e91193e5500a0adb98b7a6e339fb07c07d0d5bd71a580c958536b3a892887e60ab41f99bdd1057945dad5e4cb7bfc419f7fd0d85161bd2afbb991976411a48d7a7c1b8de07295587d0e025e3679bc904175fd349b8bc8e8e1d7231afadf56383dead40d2959991f3b5d457e7669ec8163e3c487b8e4e37620b64dee667f8f65595d137019eea01510c4964af7c3921899255b1eddea700138fcb5229a9c14b0c907df826de211fcd3ef119078939314654d97363db37aaed2ff580df73722fa762b9e75118c3ea937b377142982b88597e9326939f1bc37d0fbd34e3b35daa0ed39de861daa6c14fadacd49134f083e36ff7f1b6a84a523e5b10cb404b9884fc205db2f5a7aa6ab5e341ff2514f93fe80a4f30f27929dd350d7e7cb511990540391311a048fe2d12c8bf9c7d56a412fc9331a9f13ddcd4c7338faeab0b898620cec34dc2ee416d575ac843f124315f1440093303284f9b8cf30b7b83d791ee6fabd9b6dd51af5e9fe293c7934a2c1272f4f6ad85f853865c8192981b8efbe39fe1e7abd07905aa0b64d170a1d8cf98886aeabee5de52afb9e9f6c797b4c0535107906ce65f9c6309ee9b1e306991193bd4517d537cbb11fbebc220bf9b461c740e0bc35b9e4908bbbeb2ac8c5d01f783c95e81fa37d25b0d5486d8b0d2781314742e7950543a8893718cf45ab99b34958e52a40945054a0932ab7afbe33e722fd50b211590864824d7a213ac49109d59424449148cb00a7d862f58d7c91477de605275141d592e4960cb450d077b6985df87f7f1eec339dbf4faaf2565e254b9c72c5ad47553c6478abb0fd3a103f9446c72d75b8d6ad7e125bd2cfd1857c549ef67596a939652ab202ed9cbe6b52646a0a74ad9690e2cd75bd4b02cd0852838ef19af9f22d27c1f15866e8c1b6caf2c260b951ddb2866d641fa180e7b4f1f5811400142fd4d1383b59ec312b89d14738e19d1628da0a55136261a5e7fda5942e3ca0fccbe0b4d227f219fba631dad771a83f4f608a0a80b3c5244b8e2af9bfe73b1a145cd7978a8b919b88dc1c9c0eaaf1e8690369eed397a78cf324f545b8ef337b861355c18954a743298f1938223240e1d1080b2b3d287540effad8f8faf2b526acd9010db9df9e52fd997ff9274a95a89c8d2f48344a14d820d0fb1870fe7fb0802e83dd53cd82c0447115f7b0adeda14e0a27cd884f90f81ccf6e2c1b172fd0f094983ca2678fa9ce3393a7423eb9be7c954714e95025ffd2e2cf0b5a697e8ffc44ef285fe6824e0d966cd731004c82dca10513343d7dd532d183898ee3f31af7543438bb13284e239a8819e43bf4062216a3620af1fd97d64b3cd91808b00157c4eabe7c659f85aa8860d4a4f103b3f89765795516d19b6a497640422003f3c7b95ebcb29280e1c620c8d6bedbc2343204bdfa947348fa1cb730f67a4186fa2c682f8eb449489b7937ea0b977ac8d6492c650df0058906a80edf0307e89dc04891516548120f39e5cc5fd5cb593420610164e36dda560a5ec0200e40a6d460004cca4d66a86a9004e6131adf579d2d2cf35effba7d2aacd402bd9a6eef83e8dbdb2a54daf33c2db029ae8b3eb18915c991c8c9c5bac75df4a7bb93426b205b503b483d8499c5540a8131d2888ce930d1a8a88fa6e3f2dea7b30da6d91f3920060c52aad2c16a712d3203fb2279acf0cd71d0745fbdfe88575e7611af4f1ad691d3250bacdaab022877f7c2dd55351d7de6c4407c830909c96aed6b2263c0682d62606b2819df5717bb5b56c9e12f2fce757fec843037c15c5340acb2045452918cfca0e3fdd1b59b38acd679bc88cc6be4e5fa6e258b33f7a2ea5b3329266da12e91ab035298ef8cbe59aa8d3230e8527ff4ca7e133df5433f563da57f
|
|
@@ -311,9 +311,10 @@ const noTempDependencyRule = {
|
|
|
311
311
|
},
|
|
312
312
|
create(context) {
|
|
313
313
|
let ran = false;
|
|
314
|
+
|
|
314
315
|
function cmpParts(a, b) {
|
|
315
|
-
const A = a.split('.').map(n => parseInt(n,10) || 0);
|
|
316
|
-
const B = b.split('.').map(n => parseInt(n,10) || 0);
|
|
316
|
+
const A = (a || '').split('.').map(n => parseInt(n,10) || 0);
|
|
317
|
+
const B = (b || '').split('.').map(n => parseInt(n,10) || 0);
|
|
317
318
|
for (let i=0;i<3;i++) {
|
|
318
319
|
if ((A[i]||0) < (B[i]||0)) return -1;
|
|
319
320
|
if ((A[i]||0) > (B[i]||0)) return 1;
|
|
@@ -321,44 +322,104 @@ const noTempDependencyRule = {
|
|
|
321
322
|
return 0;
|
|
322
323
|
}
|
|
323
324
|
|
|
325
|
+
function normalizeVersion(v) {
|
|
326
|
+
if (!v || typeof v !== 'string') return '';
|
|
327
|
+
return v.trim().replace(/^[^0-9]*/, '').replace(/\s+.*$/, '');
|
|
328
|
+
}
|
|
329
|
+
|
|
324
330
|
function satisfiesRange(version, rangeSpec) {
|
|
325
331
|
if (!rangeSpec || typeof rangeSpec !== 'string') return false;
|
|
326
332
|
rangeSpec = rangeSpec.trim();
|
|
333
|
+
const ver = normalizeVersion(version);
|
|
327
334
|
// simple operators: <=, <, >=, >, =, exact
|
|
328
335
|
if (rangeSpec.startsWith('<=')) {
|
|
329
336
|
const v = rangeSpec.slice(2).trim();
|
|
330
|
-
return cmpParts(
|
|
337
|
+
return cmpParts(ver,v) <= 0;
|
|
331
338
|
}
|
|
332
339
|
if (rangeSpec.startsWith('<')) {
|
|
333
340
|
const v = rangeSpec.slice(1).trim();
|
|
334
|
-
return cmpParts(
|
|
341
|
+
return cmpParts(ver,v) < 0;
|
|
335
342
|
}
|
|
336
343
|
if (rangeSpec.startsWith('>=')) {
|
|
337
344
|
const v = rangeSpec.slice(2).trim();
|
|
338
|
-
return cmpParts(
|
|
345
|
+
return cmpParts(ver,v) >= 0;
|
|
339
346
|
}
|
|
340
347
|
if (rangeSpec.startsWith('>')) {
|
|
341
348
|
const v = rangeSpec.slice(1).trim();
|
|
342
|
-
return cmpParts(
|
|
349
|
+
return cmpParts(ver,v) > 0;
|
|
343
350
|
}
|
|
344
351
|
if (rangeSpec.startsWith('^')) {
|
|
345
352
|
const v = rangeSpec.slice(1).trim();
|
|
346
353
|
const [maj, min] = v.split('.').map(n=>parseInt(n,10)||0);
|
|
347
354
|
if (maj > 0) {
|
|
348
|
-
return cmpParts(
|
|
355
|
+
return cmpParts(ver, v) >= 0 && cmpParts(ver, (maj+1)+'.0.0') < 0;
|
|
349
356
|
}
|
|
350
357
|
if (maj === 0 && min > 0) {
|
|
351
|
-
return cmpParts(
|
|
358
|
+
return cmpParts(ver, v) >= 0 && cmpParts(ver, '0.'+(min+1)+'.0') < 0;
|
|
352
359
|
}
|
|
353
|
-
return cmpParts(
|
|
360
|
+
return cmpParts(ver, v) >= 0 && cmpParts(ver, '0.0.'+((parseInt(v.split('.')[2]||'0',10)||0)+1)) < 0;
|
|
354
361
|
}
|
|
355
362
|
if (rangeSpec.startsWith('~')) {
|
|
356
363
|
const v = rangeSpec.slice(1).trim();
|
|
357
364
|
const [maj, min] = v.split('.').map(n=>parseInt(n,10)||0);
|
|
358
|
-
return cmpParts(
|
|
365
|
+
return cmpParts(ver, v) >= 0 && cmpParts(ver, maj + '.' + (min+1) + '.0') < 0;
|
|
359
366
|
}
|
|
360
367
|
// exact equality
|
|
361
|
-
return cmpParts(
|
|
368
|
+
return cmpParts(ver, normalizeVersion(rangeSpec)) === 0 || rangeSpec === '=' + ver;
|
|
369
|
+
}
|
|
370
|
+
|
|
371
|
+
function overrideCoversTarget(overrides, targetName) {
|
|
372
|
+
if (!overrides || typeof overrides !== 'object') return false;
|
|
373
|
+
if (Object.prototype.hasOwnProperty.call(overrides, targetName)) return true;
|
|
374
|
+
for (const [k,v] of Object.entries(overrides)) {
|
|
375
|
+
if (k === targetName) return true;
|
|
376
|
+
if (v && typeof v === 'object' && Object.prototype.hasOwnProperty.call(v, targetName)) return true;
|
|
377
|
+
}
|
|
378
|
+
return false;
|
|
379
|
+
}
|
|
380
|
+
|
|
381
|
+
function collectVersions(lock, pkgName) {
|
|
382
|
+
const versions = [];
|
|
383
|
+
try {
|
|
384
|
+
// New lockfile format (package-lock v3) exposes package paths under lock.packages
|
|
385
|
+
if (lock && lock.packages && typeof lock.packages === 'object') {
|
|
386
|
+
for (const [pkgPath, pkgObj] of Object.entries(lock.packages)) {
|
|
387
|
+
if (!pkgObj || !pkgObj.version) continue;
|
|
388
|
+
if (!pkgPath || pkgPath === '') continue; // skip root
|
|
389
|
+
if (!pkgPath.startsWith('node_modules/')) continue;
|
|
390
|
+
// Handle nested package paths like 'node_modules/@aws-sdk/xml-builder/node_modules/fast-xml-parser'
|
|
391
|
+
const segments = pkgPath.split('node_modules/').slice(1);
|
|
392
|
+
for (const seg of segments) {
|
|
393
|
+
let candidate;
|
|
394
|
+
if (seg.startsWith('@')) {
|
|
395
|
+
const p = seg.split('/'); candidate = p.slice(0,2).join('/');
|
|
396
|
+
} else {
|
|
397
|
+
candidate = seg.split('/')[0];
|
|
398
|
+
}
|
|
399
|
+
if (candidate === pkgName) {
|
|
400
|
+
versions.push(pkgObj.version);
|
|
401
|
+
break;
|
|
402
|
+
}
|
|
403
|
+
}
|
|
404
|
+
}
|
|
405
|
+
}
|
|
406
|
+
|
|
407
|
+
// Also search nested dependency trees if present (older lockfile layout)
|
|
408
|
+
function walk(deps) {
|
|
409
|
+
if (!deps) return;
|
|
410
|
+
for (const [k,v] of Object.entries(deps)) {
|
|
411
|
+
if (k === pkgName) {
|
|
412
|
+
if (v && typeof v === 'string') versions.push(v);
|
|
413
|
+
else if (v && v.version) versions.push(v.version);
|
|
414
|
+
}
|
|
415
|
+
if (v && v.dependencies) walk(v.dependencies);
|
|
416
|
+
}
|
|
417
|
+
}
|
|
418
|
+
if (lock && lock.dependencies) walk(lock.dependencies);
|
|
419
|
+
} catch (e) {
|
|
420
|
+
// defensive
|
|
421
|
+
}
|
|
422
|
+
return versions;
|
|
362
423
|
}
|
|
363
424
|
|
|
364
425
|
return {
|
|
@@ -369,22 +430,112 @@ const noTempDependencyRule = {
|
|
|
369
430
|
if (!fs.existsSync(lockPath)) return; // lockfile-only check
|
|
370
431
|
let lock;
|
|
371
432
|
try { lock = JSON.parse(fs.readFileSync(lockPath, 'utf8')); } catch (e) { return; }
|
|
372
|
-
const found = [];
|
|
373
|
-
function walk(deps) {
|
|
374
|
-
if (!deps) return;
|
|
375
|
-
for (const [k,v] of Object.entries(deps)) {
|
|
376
|
-
if (v && v.version) found.push({ name: k, version: v.version });
|
|
377
|
-
if (v && v.dependencies) walk(v.dependencies);
|
|
378
|
-
}
|
|
379
|
-
}
|
|
380
|
-
walk(lock.dependencies);
|
|
381
433
|
|
|
382
434
|
const rules = context.options[0] || [{ name: 'fast-xml-parser', vulnerableRange: '<=5.3.3', note: 'temporary security pin' }];
|
|
383
435
|
for (const r of rules) {
|
|
384
|
-
|
|
385
|
-
|
|
386
|
-
|
|
387
|
-
|
|
436
|
+
// Check all installed copies (including nested) for vulnerable versions
|
|
437
|
+
const versions = collectVersions(lock, r.name);
|
|
438
|
+
const vulnerable = versions.some(v => satisfiesRange(v, r.vulnerableRange));
|
|
439
|
+
if (vulnerable) {
|
|
440
|
+
context.report({ node, messageId: 'tempDepPresent', data: { name: r.name, version: versions[0], range: r.vulnerableRange } });
|
|
441
|
+
continue;
|
|
442
|
+
}
|
|
443
|
+
|
|
444
|
+
// No vulnerable hits — do not report on overrides here; stale override checks are handled by `no-stale-override` rule.
|
|
445
|
+
// This rule only reports actual vulnerable installed copies.
|
|
446
|
+
// nothing to report here
|
|
447
|
+
}
|
|
448
|
+
}
|
|
449
|
+
};
|
|
450
|
+
}
|
|
451
|
+
};
|
|
452
|
+
|
|
453
|
+
/* ===== RULE: no-stale-override ===== */
|
|
454
|
+
const noStaleOverrideRule = {
|
|
455
|
+
meta: {
|
|
456
|
+
type: 'problem',
|
|
457
|
+
docs: {
|
|
458
|
+
description: 'Detect overrides that are now unnecessary because the target library already requires an equal-or-higher version.',
|
|
459
|
+
category: 'Security',
|
|
460
|
+
recommended: true
|
|
461
|
+
},
|
|
462
|
+
fixable: false,
|
|
463
|
+
messages: {
|
|
464
|
+
staleOverride: 'Override for "{{library}}" -> "{{dep}}" is stale: library declares "{{libConstraint}}" which satisfies or exceeds override "{{override}}". Remove the override.'
|
|
465
|
+
},
|
|
466
|
+
schema: [],
|
|
467
|
+
},
|
|
468
|
+
create(context) {
|
|
469
|
+
let ran = false;
|
|
470
|
+
|
|
471
|
+
function cmpParts(a, b) {
|
|
472
|
+
const A = (a || '').split('.').map(n => parseInt(n,10) || 0);
|
|
473
|
+
const B = (b || '').split('.').map(n => parseInt(n,10) || 0);
|
|
474
|
+
for (let i=0;i<3;i++) {
|
|
475
|
+
if ((A[i]||0) < (B[i]||0)) return -1;
|
|
476
|
+
if ((A[i]||0) > (B[i]||0)) return 1;
|
|
477
|
+
}
|
|
478
|
+
return 0;
|
|
479
|
+
}
|
|
480
|
+
|
|
481
|
+
function normalizeVersion(v) {
|
|
482
|
+
if (!v || typeof v !== 'string') return '';
|
|
483
|
+
return v.trim().replace(/^[^0-9]*/, '').replace(/\s+.*$/, '');
|
|
484
|
+
}
|
|
485
|
+
|
|
486
|
+
function parseBaseVersion(range) {
|
|
487
|
+
if (!range || typeof range !== 'string') return '';
|
|
488
|
+
const s = range.trim();
|
|
489
|
+
if (s.startsWith('^') || s.startsWith('~') || s.startsWith('>=') || s.startsWith('<=') || s.startsWith('>') || s.startsWith('<') || s.startsWith('=')) {
|
|
490
|
+
return normalizeVersion(s.replace(/^[^0-9]*/, ''));
|
|
491
|
+
}
|
|
492
|
+
return normalizeVersion(s);
|
|
493
|
+
}
|
|
494
|
+
|
|
495
|
+
function findLibraryEntry(lock, library) {
|
|
496
|
+
try {
|
|
497
|
+
if (!lock || !lock.packages) return null;
|
|
498
|
+
for (const [pkgPath, pkgObj] of Object.entries(lock.packages)) {
|
|
499
|
+
if (!pkgPath || !pkgPath.startsWith('node_modules/')) continue;
|
|
500
|
+
const after = pkgPath.split('node_modules/').pop();
|
|
501
|
+
let candidate;
|
|
502
|
+
if (after.startsWith('@')) {
|
|
503
|
+
const p = after.split('/'); candidate = p.slice(0,2).join('/');
|
|
504
|
+
} else {
|
|
505
|
+
candidate = after.split('/')[0];
|
|
506
|
+
}
|
|
507
|
+
if (candidate === library) return pkgObj;
|
|
508
|
+
}
|
|
509
|
+
} catch (e) { /* defensive */ }
|
|
510
|
+
return null;
|
|
511
|
+
}
|
|
512
|
+
|
|
513
|
+
return {
|
|
514
|
+
Program(node) {
|
|
515
|
+
if (ran) return; ran = true;
|
|
516
|
+
const projectRoot = process.cwd();
|
|
517
|
+
const lockPath = path.join(projectRoot, 'package-lock.json');
|
|
518
|
+
const pkgPath = path.join(projectRoot, 'package.json');
|
|
519
|
+
if (!fs.existsSync(lockPath) || !fs.existsSync(pkgPath)) return;
|
|
520
|
+
let lock, pkg;
|
|
521
|
+
try { lock = JSON.parse(fs.readFileSync(lockPath, 'utf8')); pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf8')); } catch (e) { return; }
|
|
522
|
+
|
|
523
|
+
const overrides = pkg.overrides || pkg.resolutions || (pkg['pnpm'] && pkg['pnpm'].overrides) || {};
|
|
524
|
+
for (const [k,v] of Object.entries(overrides)) {
|
|
525
|
+
// only consider nested mapping overrides: library -> { dep: version }
|
|
526
|
+
if (v && typeof v === 'object') {
|
|
527
|
+
const library = k;
|
|
528
|
+
for (const [dep, overrideSpec] of Object.entries(v)) {
|
|
529
|
+
const libEntry = findLibraryEntry(lock, library);
|
|
530
|
+
if (!libEntry) continue;
|
|
531
|
+
const libDep = (libEntry.dependencies && libEntry.dependencies[dep]) || (libEntry.requires && libEntry.requires[dep]);
|
|
532
|
+
if (!libDep) continue;
|
|
533
|
+
const libBase = normalizeVersion(libDep);
|
|
534
|
+
const overrideBase = parseBaseVersion(overrideSpec);
|
|
535
|
+
if (libBase && overrideBase && cmpParts(libBase, overrideBase) >= 0) {
|
|
536
|
+
context.report({ node, messageId: 'staleOverride', data: { library, dep, libConstraint: libDep, override: overrideSpec } });
|
|
537
|
+
}
|
|
538
|
+
}
|
|
388
539
|
}
|
|
389
540
|
}
|
|
390
541
|
}
|
|
@@ -1014,6 +1165,7 @@ export default {
|
|
|
1014
1165
|
'no-debug-true': noDebugTrueRule,
|
|
1015
1166
|
'required-proptypes-jsdoc': propTypesJsdocRule,
|
|
1016
1167
|
'no-temp-dependency': noTempDependencyRule,
|
|
1168
|
+
'no-stale-override': noStaleOverrideRule,
|
|
1017
1169
|
'file-name-kebab-case': fileNameKebabCaseRule,
|
|
1018
1170
|
'no-duplicate-export-names': noDuplicateExportNamesRule,
|
|
1019
1171
|
'class-name-kebab-case': classNameKebabCaseRule,
|
|
@@ -1024,6 +1176,7 @@ export default {
|
|
|
1024
1176
|
'pixelated/prop-types-inferprops': 'error',
|
|
1025
1177
|
'pixelated/required-schemas': 'warn',
|
|
1026
1178
|
'pixelated/no-temp-dependency': 'error',
|
|
1179
|
+
'pixelated/no-stale-override': 'error',
|
|
1027
1180
|
'pixelated/required-files': 'warn',
|
|
1028
1181
|
'pixelated/no-raw-img': 'warn',
|
|
1029
1182
|
'pixelated/require-section-ids': 'error',
|
|
@@ -233,6 +233,24 @@ declare namespace _default {
|
|
|
233
233
|
Program(node: any): void;
|
|
234
234
|
};
|
|
235
235
|
};
|
|
236
|
+
'no-stale-override': {
|
|
237
|
+
meta: {
|
|
238
|
+
type: string;
|
|
239
|
+
docs: {
|
|
240
|
+
description: string;
|
|
241
|
+
category: string;
|
|
242
|
+
recommended: boolean;
|
|
243
|
+
};
|
|
244
|
+
fixable: boolean;
|
|
245
|
+
messages: {
|
|
246
|
+
staleOverride: string;
|
|
247
|
+
};
|
|
248
|
+
schema: never[];
|
|
249
|
+
};
|
|
250
|
+
create(context: any): {
|
|
251
|
+
Program(node: any): void;
|
|
252
|
+
};
|
|
253
|
+
};
|
|
236
254
|
'file-name-kebab-case': {
|
|
237
255
|
meta: {
|
|
238
256
|
type: string;
|
|
@@ -303,6 +321,7 @@ declare namespace _default {
|
|
|
303
321
|
'pixelated/prop-types-inferprops': string;
|
|
304
322
|
'pixelated/required-schemas': string;
|
|
305
323
|
'pixelated/no-temp-dependency': string;
|
|
324
|
+
'pixelated/no-stale-override': string;
|
|
306
325
|
'pixelated/required-files': string;
|
|
307
326
|
'pixelated/no-raw-img': string;
|
|
308
327
|
'pixelated/require-section-ids': string;
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@pixelated-tech/components",
|
|
3
|
-
"version": "3.13.
|
|
3
|
+
"version": "3.13.3",
|
|
4
4
|
"private": false,
|
|
5
5
|
"author": {
|
|
6
6
|
"name": "Pixelated Technologies",
|
|
@@ -105,18 +105,18 @@
|
|
|
105
105
|
},
|
|
106
106
|
"dependencies": {
|
|
107
107
|
"date-fns": "^4.1.0",
|
|
108
|
+
"fast-xml-parser": "^5.3.4",
|
|
108
109
|
"globals": "^17.2.0",
|
|
109
|
-
"html-entities": "^2.6.0"
|
|
110
|
-
"fast-xml-parser": "^5.3.4"
|
|
110
|
+
"html-entities": "^2.6.0"
|
|
111
111
|
},
|
|
112
112
|
"devDependencies": {
|
|
113
113
|
"@aws-sdk/client-amplify": "^3.980.0",
|
|
114
114
|
"@aws-sdk/client-iam": "^3.980.0",
|
|
115
115
|
"@babel/cli": "^7.28.6",
|
|
116
|
-
"@babel/core": "^7.
|
|
116
|
+
"@babel/core": "^7.29.0",
|
|
117
117
|
"@babel/plugin-proposal-class-properties": "^7.18.6",
|
|
118
118
|
"@babel/plugin-proposal-object-rest-spread": "^7.20.7",
|
|
119
|
-
"@babel/preset-env": "^7.
|
|
119
|
+
"@babel/preset-env": "^7.29.0",
|
|
120
120
|
"@babel/preset-react": "^7.28.5",
|
|
121
121
|
"@babel/preset-typescript": "^7.28.5",
|
|
122
122
|
"@eslint/json": "^1.0.0",
|