@safetnsr/vet 1.20.0 → 1.20.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/checks/deep.js +7 -1
- package/dist/checks/deps.js +15 -0
- package/dist/checks/semantic.js +1 -1
- package/package.json +1 -1
package/dist/checks/deep.js
CHANGED
|
@@ -26,10 +26,16 @@ function analyzeCatch(node) {
|
|
|
26
26
|
const block = node.block;
|
|
27
27
|
const stmts = block.statements;
|
|
28
28
|
const line = node.getSourceFile().getLineAndCharacterOfPosition(node.getStart()).line + 1;
|
|
29
|
+
const text = block.getText();
|
|
29
30
|
if (stmts.length === 0) {
|
|
31
|
+
// Check if there's a deliberate comment (/* skip */, /* ignore */, etc.)
|
|
32
|
+
const hasComment = /\/[/*]\s*(skip|ignore|noop|intentional|expected|ok|no-op)/i.test(text);
|
|
33
|
+
if (hasComment) {
|
|
34
|
+
// Deliberate empty catch — not a bug
|
|
35
|
+
return { line, isEmpty: false, isLazy: false, isRethrow: false };
|
|
36
|
+
}
|
|
30
37
|
return { line, isEmpty: true, isLazy: false, isRethrow: false };
|
|
31
38
|
}
|
|
32
|
-
const text = block.getText();
|
|
33
39
|
const isLazy = stmts.length === 1 && /console\.(log|error|warn)\s*\(/.test(text) && !text.includes('throw');
|
|
34
40
|
const isRethrow = text.includes('throw');
|
|
35
41
|
return { line, isEmpty: false, isLazy, isRethrow };
|
package/dist/checks/deps.js
CHANGED
|
@@ -311,6 +311,16 @@ const TOOLING_PACKAGES = new Set([
|
|
|
311
311
|
'del-cli', 'make-node',
|
|
312
312
|
// Type packages (consumed by TS compiler, not imported)
|
|
313
313
|
'@types/react', '@types/react-dom', '@types/jest', '@types/mocha',
|
|
314
|
+
// Test runners / e2e (used via CLI, not imported)
|
|
315
|
+
'playwright', '@playwright/test', 'cypress', 'puppeteer',
|
|
316
|
+
// Package quality tools (used via CLI)
|
|
317
|
+
'publint', 'arethetypeswrong', 'are-the-types-wrong', 'attw',
|
|
318
|
+
'pkg-pr-new', 'size-limit', '@size-limit/preset-small-lib',
|
|
319
|
+
// Monorepo/workspace tools
|
|
320
|
+
'update-ts-references', 'syncpack', 'manypkg',
|
|
321
|
+
// Prettier plugins (loaded via config, not imported)
|
|
322
|
+
'prettier-plugin-svelte', 'prettier-plugin-tailwindcss',
|
|
323
|
+
'prettier-plugin-organize-imports', 'prettier-plugin-packagejson',
|
|
314
324
|
]);
|
|
315
325
|
// ── Collect all deps declared in workspace sub-packages ──────────────────────
|
|
316
326
|
export function collectWorkspaceDeps(cwd) {
|
|
@@ -500,6 +510,11 @@ export async function checkDeps(cwd) {
|
|
|
500
510
|
// Skip known tooling packages that are devDependencies (used via CLI scripts, not imports)
|
|
501
511
|
if (TOOLING_PACKAGES.has(pkg) && devDepNames.has(pkg))
|
|
502
512
|
continue;
|
|
513
|
+
// Wildcard tooling patterns (eslint configs, prettier plugins, @types/*)
|
|
514
|
+
if (devDepNames.has(pkg) && (pkg.startsWith('eslint-config-') || pkg.startsWith('eslint-plugin-') ||
|
|
515
|
+
pkg.startsWith('prettier-plugin-') || pkg.startsWith('@types/') ||
|
|
516
|
+
pkg.startsWith('@typescript-eslint/') || pkg.startsWith('@eslint/')))
|
|
517
|
+
continue;
|
|
503
518
|
// Check if it's a CLI tool / plugin / type package (common false positives)
|
|
504
519
|
// Still flag it, but as info
|
|
505
520
|
issues.push({
|
package/dist/checks/semantic.js
CHANGED
|
@@ -130,7 +130,7 @@ export async function checkSemantic(cwd) {
|
|
|
130
130
|
patternEmbeddings.push({ pattern, embedding: new Float32Array(result.data) });
|
|
131
131
|
}
|
|
132
132
|
// Embed and compare each function
|
|
133
|
-
const THRESHOLD = 0.
|
|
133
|
+
const THRESHOLD = 0.45; // similarity threshold — code-to-code embeddings (0.40 gave false positives)
|
|
134
134
|
for (const func of funcsToAnalyze) {
|
|
135
135
|
const result = await extractor(func.body, { pooling: 'mean', normalize: true });
|
|
136
136
|
const funcEmb = new Float32Array(result.data);
|