@soulbatical/tetra-dev-toolkit 1.20.20 → 1.20.21
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -0,0 +1,91 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Detect local file/link dependencies that break Railway/CI deploys.
|
|
3
|
+
*
|
|
4
|
+
* Blocks push when package.json contains:
|
|
5
|
+
* - "file:../..." or "file:../../..." local path references
|
|
6
|
+
* - "link:..." npm link references
|
|
7
|
+
* - workspace:* protocol references outside the monorepo
|
|
8
|
+
*
|
|
9
|
+
* Also ensures @soulbatical/* packages use the latest published versions.
|
|
10
|
+
*/
|
|
11
|
+
|
|
12
|
+
import { glob } from 'glob'
|
|
13
|
+
import { readFileSync } from 'fs'
|
|
14
|
+
|
|
15
|
+
export const meta = {
|
|
16
|
+
id: 'local-deps',
|
|
17
|
+
name: 'Local Dependency Detection',
|
|
18
|
+
category: 'stability',
|
|
19
|
+
severity: 'critical',
|
|
20
|
+
description: 'Blocks deploy-breaking file: and link: dependencies in package.json'
|
|
21
|
+
}
|
|
22
|
+
|
|
23
|
+
const TETRA_PACKAGES = {
|
|
24
|
+
'@soulbatical/tetra-core': '0.3.5',
|
|
25
|
+
'@soulbatical/tetra-ui': '0.7.2',
|
|
26
|
+
'@soulbatical/tetra-dev-toolkit': '1.20.20',
|
|
27
|
+
}
|
|
28
|
+
|
|
29
|
+
export async function run(config, projectRoot) {
|
|
30
|
+
const results = {
|
|
31
|
+
passed: true,
|
|
32
|
+
findings: [],
|
|
33
|
+
summary: { total: 0, critical: 0, high: 0, medium: 0, low: 0 }
|
|
34
|
+
}
|
|
35
|
+
|
|
36
|
+
const files = await glob('**/package.json', {
|
|
37
|
+
cwd: projectRoot,
|
|
38
|
+
ignore: ['**/node_modules/**', '**/dist/**', '**/.next/**', ...config.ignore]
|
|
39
|
+
})
|
|
40
|
+
|
|
41
|
+
for (const file of files) {
|
|
42
|
+
try {
|
|
43
|
+
const content = readFileSync(`${projectRoot}/${file}`, 'utf-8')
|
|
44
|
+
const pkg = JSON.parse(content)
|
|
45
|
+
const allDeps = {
|
|
46
|
+
...(pkg.dependencies || {}),
|
|
47
|
+
...(pkg.devDependencies || {})
|
|
48
|
+
}
|
|
49
|
+
|
|
50
|
+
for (const [name, version] of Object.entries(allDeps)) {
|
|
51
|
+
const ver = String(version)
|
|
52
|
+
|
|
53
|
+
// Block file: and link: references
|
|
54
|
+
if (ver.startsWith('file:') || ver.startsWith('link:')) {
|
|
55
|
+
results.findings.push({
|
|
56
|
+
severity: 'critical',
|
|
57
|
+
file,
|
|
58
|
+
line: 0,
|
|
59
|
+
message: `"${name}": "${ver}" — local dependency will break Railway/CI deploy. Use npm version instead.`,
|
|
60
|
+
snippet: `${name}: ${ver}`
|
|
61
|
+
})
|
|
62
|
+
results.summary.critical++
|
|
63
|
+
results.summary.total++
|
|
64
|
+
results.passed = false
|
|
65
|
+
}
|
|
66
|
+
|
|
67
|
+
// Check @soulbatical/* packages are on latest
|
|
68
|
+
if (TETRA_PACKAGES[name]) {
|
|
69
|
+
const minVersion = TETRA_PACKAGES[name]
|
|
70
|
+
// Extract version number from range (^0.3.5 -> 0.3.5)
|
|
71
|
+
const versionNum = ver.replace(/^[\^~>=<]*/, '')
|
|
72
|
+
if (ver.startsWith('file:') || ver.startsWith('link:')) {
|
|
73
|
+
// Already caught above
|
|
74
|
+
} else if (versionNum && versionNum < minVersion && !ver.includes('||')) {
|
|
75
|
+
results.findings.push({
|
|
76
|
+
severity: 'medium',
|
|
77
|
+
file,
|
|
78
|
+
line: 0,
|
|
79
|
+
message: `"${name}": "${ver}" — outdated. Latest: ${minVersion}. Run: npm install ${name}@latest`,
|
|
80
|
+
snippet: `${name}: ${ver} (latest: ^${minVersion})`
|
|
81
|
+
})
|
|
82
|
+
results.summary.medium++
|
|
83
|
+
results.summary.total++
|
|
84
|
+
}
|
|
85
|
+
}
|
|
86
|
+
}
|
|
87
|
+
} catch { /* skip unparseable */ }
|
|
88
|
+
}
|
|
89
|
+
|
|
90
|
+
return results
|
|
91
|
+
}
|