npm - @safets-org/cli - Versions diffs - 1.0.1 → 1.0.2 - Mend

@safets-org/cli 1.0.1 → 1.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md CHANGED Viewed

@@ -36,6 +36,16 @@ The npm package is scoped as `@safets-org/cli`, but the installed command is sti
 ## Usage
+Run the installed `safets` binary with your package manager:
+```bash
+npx safets doctor
+pnpm exec safets doctor
+bunx safets doctor
+```
+Or add package scripts and run `safets` directly inside those scripts:
 ```bash
 safets doctor
 safets doctor --include-tests
@@ -106,6 +116,13 @@ No target fell back to AST-only mode. See [docs/real-world-validation.md](./docs
 ---
+## End-To-End Guides
+- [SafeTS documentation website](./docs-site/README.md)
+- [TanStack Start, shadcn/ui, Tailwind CSS, and dark mode](./docs/tanstack-start-shadcn-tailwind.md)
+---
 ## The 9 Patterns
 | Pattern | Confidence | Example |
@@ -145,7 +162,7 @@ The baseline stores scan options such as `includeTests`. If you run `doctor --fa
 SafeTS can run directly in GitHub Actions:
 ```yaml
-- uses: Dioman-Keita/safets@v1.0.1
+- uses: Dioman-Keita/safets@v1.0.2
   with:
     fail-on-new: "true"
 ```
@@ -179,6 +196,22 @@ SafeTS releases follow the documented workflow in [docs/release.md](./docs/relea
 Detector architecture and contribution expectations are documented in [docs/detectors.md](./docs/detectors.md).
+## AI Agent Skill
+SafeTS includes an installable skill for agents that support the `skills` CLI:
+```bash
+npx skills add Dioman-Keita/safets
+```
+For a non-interactive install, pass the target agent explicitly. For Codex:
+```bash
+npx skills add Dioman-Keita/safets --skill safets-agent -a codex -g -y
+```
+The skill is not coupled to Codex; Codex is only one supported target. After installation, restart the agent and invoke `$safets-agent` when an agent should run or interpret SafeTS on a TypeScript project.
 ## Roadmap
 The launch plan is tracked in [ROADMAP.md](./ROADMAP.md).

package/dist/detectors/index.js CHANGED Viewed

@@ -282,9 +282,35 @@ export function detectUnsafeEnvAccess(sf, checker) {
             return false;
         }
     }
+    function isOptionalChainReceiver(node) {
+        let current = node;
+        while (ts.isParenthesizedExpression(current.parent)) {
+            current = current.parent;
+        }
+        const parent = current.parent;
+        const isOptionalReceiver = ((ts.isPropertyAccessExpression(parent) || ts.isElementAccessExpression(parent)) &&
+            parent.expression === current &&
+            parent.questionDotToken !== undefined) ||
+            (ts.isCallExpression(parent) &&
+                parent.expression === current &&
+                parent.questionDotToken !== undefined);
+        if (!isOptionalReceiver) {
+            return false;
+        }
+        let optionalAccess = parent;
+        let sawParentheses = false;
+        while (ts.isParenthesizedExpression(optionalAccess.parent)) {
+            sawParentheses = true;
+            optionalAccess = optionalAccess.parent;
+        }
+        return (!sawParentheses ||
+            !(ts.isCallExpression(optionalAccess.parent) &&
+                optionalAccess.parent.expression === optionalAccess));
+    }
     function visit(node) {
         if (isEnvAccess(node) &&
             !isSafelyDefaulted(node) &&
+            !isOptionalChainReceiver(node) &&
             !ts.isNonNullExpression(node.parent)) {
             try {
                 const envVar = node.name.getText();

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@safets-org/cli",
-  "version": "1.0.1",
+  "version": "1.0.2",
   "description": "Finds common runtime crashes TypeScript can't detect",
   "type": "module",
   "bin": {