npm - @sun-asterisk/sunlint - Versions diffs - 1.0.7 → 1.1.4 - Mend

@sun-asterisk/sunlint 1.0.7 → 1.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (219) hide show

package/.sunlint.json ADDED Viewed

@@ -0,0 +1,35 @@
+{
+  "extends": ["@sun/sunlint/recommended"],
+  "rules": {
+    "C019": "warn",
+    "C006": "warn",
+    "C029": "error",
+    "C031": "warn",
+    "S001": "warn",
+    "S002": "warn",
+    "S007": "warn",
+    "S013": "warn",
+    "T019": "error",
+    "T020": "warn",
+    "T021": "error"
+  },
+  "include": ["**/*.js", "**/*.ts", "**/*.jsx", "**/*.tsx"],
+  "exclude": [
+    "node_modules/**",
+    "coverage/**",
+    "**/*.min.*",
+    ".git/**",
+    "dist/**",
+    "build/**"
+  ],
+  "engine": "eslint",
+  "languages": ["typescript", "javascript"],
+  "output": {
+    "format": "summary",
+    "console": true
+  },
+  "fileTargeting": {
+    "followSymlinks": false,
+    "maxDepth": 10
+  }
+}

package/CHANGELOG.md CHANGED Viewed

@@ -1,7 +1,34 @@
-# 🎉 SunLint v1.0.7 Release Notes
+# 🎉 SunLint v1.1.0 Release Notes
-**Release Date**: July 20, 2025
-**Type**: Minor Release (Bug Fixes & Configuration Improvements)
+**Release Date**: July 23, 2025
+**Type**: Minor Release (AST Enhancement & CLI Options Fix)
+---
+## 🚀 **Key Improvements**
+### 🧠 **AST-Enhanced Analysis**
+- **Enhanced**: Heuristic engine now supports AST-based analysis using ESLint's parser infrastructure
+- **Improved**: Rule C010 (block nesting) now uses AST for accurate detection
+- **Modular**: AST modules integrated with silent fallback to regex when parsing fails
+- **Performance**: ESLint-based parsers (@babel/parser, @typescript-eslint/parser) for JS/TS analysis
+### 🎯 **CLI Options Fix**
+- **Fixed**: `--quality` option now correctly selects quality rules (30 rules)
+- **Fixed**: `--security` option now correctly selects security rules (41 rules)
+- **Enhanced**: Rule selection service properly filters by category
+- **Validated**: Both options tested and working correctly
+### 📦 **Package Optimization**
+- **Reduced**: Package size from 8MB to 243KB by excluding nested node_modules
+- **Clean**: Updated .npmignore to exclude development files
+- **Dependencies**: Moved AST parser dependencies to root package.json
+---
+## 📋 **Previous Changes (v1.0.7)**
+### 🔧 **Configuration Cleanup**
 ---

package/CONTRIBUTING.md ADDED Viewed

@@ -0,0 +1,235 @@
+# Contributing to Sun Lint
+Thank you for your interest in contributing to Sun Lint! 🌟
+## 🚀 **Getting Started**
+### **Prerequisites**
+- Node.js 16+
+- npm 8+
+- Git
+### **Setup Development Environment**
+```bash
+# Clone the repository
+git clone https://github.com/sun-engineering/sunlint.git
+cd sunlint
+# Install dependencies
+npm install
+# Run tests
+npm test
+# Try the CLI locally
+node cli.js --help
+```
+## 📋 **Coding Standards**
+When contributing to Sun Lint, please follow these coding rules:
+### **Code Quality Rules**
+- **Rule C005** – Each function should do one thing only
+- **Rule C006** – Function names must be verb/verb-noun
+- **Rule C007** – Avoid comments that just describe the code
+- **Rule C012** – Separate Command and Query operations (CQS principle)
+- **Rule C014** – Use Dependency Injection instead of direct instantiation
+- **Rule C015** – Use domain language in class/function names
+- **Rule C019** – Don't use `error` log level for non-critical errors
+- **Rule C031** – Keep validation logic separate
+- **Rule C032** – Don't call external APIs in constructors or static blocks
+- **Rule C033** – Separate processing logic and data queries in service layer
+- **Rule C034** – Limit direct access to global state in domain logic
+- **Rule C035** – When handling errors, log complete relevant information
+- **Rule C037** – API handlers should return standard response objects (not raw strings)
+- **Rule C038** – Avoid logic depending on file/module loading order
+- **Rule C040** – Don't scatter validation logic across multiple classes
+## 🔧 **Development Workflow**
+### **Adding a New Quality Rule**
+1. **Create Rule Implementation**
+```bash
+# Create the rule directory
+mkdir -p rules/quality/c042-new-rule
+cd rules/quality/c042-new-rule
+```
+2. **Implement the Rule**
+```javascript
+// rules/quality/c042-new-rule/analyzer.js
+class C042NewRuleAnalyzer {
+  analyze(code, filePath) {
+    // Implementation following Rule C005 (single responsibility)
+    return this.findViolations(code, filePath);
+  }
+  findViolations(code, filePath) {
+    // Rule C031: Keep validation logic separate
+    const violations = [];
+    // Analysis logic here
+    return violations;
+  }
+}
+module.exports = C042NewRuleAnalyzer;
+```
+3. **Add Configuration**
+```json
+// rules/quality/c042-new-rule/config.json
+{
+  "id": "C042",
+  "name": "New Rule Name",
+  "category": "quality",
+  "severity": "error",
+  "description": "Description following Rule C015 (domain language)",
+  "languages": ["typescript", "dart", "kotlin"],
+  "tags": ["maintainability", "readability"]
+}
+```
+4. **Update Registry**
+```javascript
+// Add to config/rules/rules-registry.json
+{
+  "C042": {
+    "id": "C042",
+    "name": "New Rule Name",
+    "category": "quality",
+    "path": "./rules/quality/c042-new-rule",
+    "analyzer": "analyzer.js",
+    "config": "config.json"
+  }
+}
+```
+5. **Add Tests**
+```javascript
+// test/fixtures/c042/valid.ts
+// test/fixtures/c042/invalid.ts
+// test/unit/rules/c042.test.js
+```
+### **Adding a New Security Rule**
+Same process but in `rules/security/` directory with `security` category.
+## 🧪 **Testing**
+### **Run All Tests**
+```bash
+npm test
+```
+### **Run Specific Tests**
+```bash
+# Test specific rule
+npm run test:c019
+# Test multiple rules
+npm run test:multi
+# Test all quality rules
+npm run test:quality
+# Test all security rules
+npm run test:security
+```
+### **Test Your Changes**
+```bash
+# Test your new rule
+node cli.js --rule=C042 --input=test/fixtures --format=eslint
+```
+## 📊 **Code Review Process**
+1. **Self-Review Checklist**
+   - [ ] Follows all Sun Lint coding rules (C005, C006, etc.)
+   - [ ] Rule C035: Error handling includes complete logging
+   - [ ] Rule C037: API responses use standard format
+   - [ ] Rule C040: Validation logic is centralized
+   - [ ] Tests pass and cover edge cases
+   - [ ] Documentation updated
+2. **Submit Pull Request**
+   - Clear title and description
+   - Reference related issues
+   - Include test results
+   - Follow template
+3. **Review Criteria**
+   - Code quality (follows our own rules!)
+   - Test coverage
+   - Documentation completeness
+   - Performance impact
+   - Backward compatibility
+## 📝 **Documentation**
+### **Update Documentation**
+When adding features:
+- Update `README.md`
+- Add rule documentation
+- Update configuration examples
+- Add usage examples
+### **Rule Documentation Template**
+```markdown
+## Rule C042: New Rule Name
+**Category**: Quality
+**Severity**: Error
+**Languages**: TypeScript, Dart, Kotlin
+### Description
+Following Rule C015 (domain language), use clear business terms...
+### Examples
+**❌ Bad:**
+```typescript
+// Code that violates the rule
+```
+**✅ Good:**
+```typescript
+// Code that follows the rule
+```
+```
+## 🐛 **Bug Reports**
+When reporting bugs:
+1. Use clear, descriptive title
+2. Include reproduction steps
+3. Provide sample code
+4. Include environment details
+5. Include sunlint output
+## 💡 **Feature Requests**
+For new features:
+1. Check existing issues first
+2. Describe the use case
+3. Provide examples
+4. Consider implementation complexity
+5. Think about backward compatibility
+## 🤝 **Community**
+- **Discord**: [Sun Engineering Discord](https://discord.gg/sun-engineering)
+- **Issues**: [GitHub Issues](https://github.com/sun-engineering/sunlint/issues)
+- **Discussions**: [GitHub Discussions](https://github.com/sun-engineering/sunlint/discussions)
+## 📄 **License**
+By contributing, you agree that your contributions will be licensed under the MIT License.
+---
+**Thank you for making Sun Lint better! ☀️**

package/PROJECT_STRUCTURE.md ADDED Viewed

@@ -0,0 +1,60 @@
+# SunLint Project Structure
+## 📁 **Organized Directory Structure**
+```
+sunlint/
+├── 📄 README.md                 # Main documentation (490 lines, focused)
+├── 📄 CHANGELOG.md              # Version history (concise)
+├── 🚀 cli.js                    # Main CLI entry point
+├── ⚙️ config/                   # Configuration presets & schemas
+├── 🔧 core/                     # Core services & engines
+├── 📖 docs/                     # Detailed documentation
+├── 🔗 integrations/              # External tool integrations
+│   └── eslint/                  # ESLint plugin & configurations
+├── 📋 examples/                 # Configuration examples & workflows
+├── 🧪 test/                     # Test projects & fixtures
+├── 📦 release/                  # Release artifacts
+├── 🎯 rules/                    # SunLint rule implementations
+└── 🛠️ scripts/                  # Build & deployment scripts
+```
+## 🎯 **Key Changes Made**
+### ✅ **Files Removed**
+- `CLI_STRUCTURE.md` - Temporary documentation (unnecessary)
+### ✅ **Structure Reorganized**
+- **examples/** - Now pure configuration examples & CI/CD workflows
+- **test/** - All test projects consolidated here
+  - `sunlint-test-project/` - ESLint v9 integration test
+  - `conflict-test-project/` - ESLint v8 legacy test
+  - `examples/integration-project/` - Integration example
+  - `fixtures/` - Unit test files
+- **project-test/** - Real projects (gitignored, separate from test suite)
+### ✅ **Documentation Updated**
+- **README.md** - Streamlined from 650 → 490 lines (25% reduction)
+- **CHANGELOG.md** - Security rules section condensed
+- **test/README.md** - Test project documentation
+- **examples/README.md** - Configuration examples guide
+## 🎉 **Benefits**
+1. **Clear Separation**: Examples vs Tests vs Real Projects
+2. **Reduced Duplication**: Single source of truth for each purpose
+3. **Better Documentation**: Focused README + detailed CHANGELOG
+4. **Cleaner Repository**: No redundant files, proper gitignore
+5. **Developer Friendly**: Clear structure for contributors
+## 🔍 **Quick Navigation**
+- **Getting Started**: `README.md`
+- **Version History**: `CHANGELOG.md`
+- **Configuration Help**: `examples/`
+- **Testing**: `test/`
+- **Development**: `docs/ARCHITECTURE.md`
+---
+**Structure optimized for both users and contributors! 🚀**

package/README.md CHANGED Viewed

@@ -7,25 +7,32 @@
 Sun Lint is a universal coding standards checker providing comprehensive code quality and security analysis. Built by Sun* Engineering Team with integrated security rules from OWASP and industry best practices.
 ### **✨ Key Features**
-- ✅ **93+ Coding Rules**: Quality, security, and best practices
-- ✅ **ESLint Integration**: Merge with existing ESLint configurations
+- ✅ **97+ Coding Rules**: Quality (30), Security (47), TypeScript-specific
+- ✅ **Built-in AST Analysis**: JavaScript/TypeScript parsing out of the box
+- ✅ **Multi-Engine Architecture**: Heuristic + ESLint + OpenAI integration
 - ✅ **Git Integration**: `--changed-files`, `--staged-files`, `--pr-mode`
-- ✅ **TypeScript Support**: Native TypeScript analysis engine
+- ✅ **TypeScript Support**: Native TypeScript 5.8+ analysis
+- ✅ **Zero Config**: Works immediately after `npm install`
 - ✅ **CI/CD Ready**: Baseline comparison, fail-on-new-violations
 - ✅ **Advanced File Targeting**: Include/exclude patterns, language filtering
 ### **🚀 Quick Start**
 ```bash
-# Install globally
+# Install
 npm install -g @sun-asterisk/sunlint
-# Basic usage
+# Basic usage - works immediately!
+sunlint --all
+sunlint --rules=C019,C006
+# With input specification
 sunlint --all --input=src
 sunlint --rules=C019,C006 --input=src
 sunlint --quality --input=src
+sunlint --security --input=src
-# ESLint integration
-sunlint --all --eslint-integration --input=src
+# ESLint integration (requires eslint dependency)
+sunlint --rules=C010,C006 --eslint-integration --input=src
 # Git integration
 sunlint --all --changed-files
@@ -42,12 +49,66 @@ sunlint --version
 ### **Project Installation**
 ```bash
 npm install --save-dev @sun-asterisk/sunlint
+```
+**✅ Works immediately** with JavaScript analysis using built-in AST parsers (`@babel/parser`, `espree`)
+### **Enhanced TypeScript Support**
+For advanced TypeScript analysis with ESLint integration:
+```bash
+npm install --save-dev @sun-asterisk/sunlint eslint @typescript-eslint/parser @typescript-eslint/eslint-plugin typescript
+```
+### **What's Included by Default**
+- ✅ **JavaScript Analysis**: High-accuracy AST analysis out of the box
+- ✅ **Basic TypeScript**: Works with built-in Babel parser
+- ✅ **97+ Rules**: All quality and security rules available
+- ✅ **Heuristic Engine**: Pattern-based analysis for all languages
+### **Optional Dependencies (Install as needed)**
+```bash
+# For ESLint engine integration
+npm install eslint --save-dev
+# For enhanced TypeScript analysis
+npm install @typescript-eslint/parser @typescript-eslint/eslint-plugin --save-dev
+# For TypeScript compiler integration
+npm install typescript --save-dev
+```
+**Quick setup for TypeScript projects:**
+```bash
+npm install --save-dev @sun-asterisk/sunlint eslint @typescript-eslint/parser @typescript-eslint/eslint-plugin typescript
+```
+> 💡 **Note**: SunLint gracefully handles missing dependencies. Install only what your project needs. See [docs/DEPENDENCIES.md](docs/DEPENDENCIES.md) for detailed guidance.
 # Package.json scripts
+```json
 {
   "scripts": {
     "lint": "sunlint --all --input=src",
-    "lint:changed": "sunlint --all --changed-files"
+    "lint:changed": "sunlint --all --changed-files",
+    "lint:typescript": "sunlint --all --input=src",
+    "lint:eslint-integration": "sunlint --all --eslint-integration --input=src"
+  },
+  "devDependencies": {
+    "@sun-asterisk/sunlint": "^1.2.0"
+  }
+}
+```
+**For TypeScript projects, add:**
+```json
+{
+  "devDependencies": {
+    "@sun-asterisk/sunlint": "^1.2.0",
+    "eslint": "^8.50.0",
+    "@typescript-eslint/parser": "^7.2.0",
+    "@typescript-eslint/eslint-plugin": "^7.18.0",
+    "typescript": "^5.0.0"
   }
 }
 ```
@@ -57,14 +118,25 @@ npm install --save-dev @sun-asterisk/sunlint
 Seamlessly integrate with existing ESLint configurations:
 ```bash
-# Analyze with both SunLint + existing ESLint rules
+# Analyze with both SunLint + existing ESLint rules
 sunlint --all --eslint-integration --input=src
+# Mix ESLint and heuristic engines based on rule compatibility
+sunlint --rules=C010,C006 --eslint-integration --input=src
 ```
-Benefits:
+**✅ Current Status:**
+- ✅ **Multi-engine orchestration**: Rules automatically routed to optimal engine
+- ✅ **ESLint v8/v9 compatibility**: Production-ready with both major versions
+- ✅ **TypeScript support**: Full TS/TSX parsing with custom rule implementation
+- ✅ **Custom rule integration**: 27+ SunLint custom rules via ESLint engine
+- ✅ **Smart fallback**: Automatic engine fallback for maximum rule coverage
+- ✅ **Production tested**: Successfully processes real projects with mixed violations
+**Benefits:**
 - ✅ **No workflow disruption**: Existing ESLint continues working
-- ✅ **Single command**: Execute 93 SunLint + your existing ESLint rules
-- ✅ **Combined reporting**: Unified violation tracking
+- ✅ **Engine flexibility**: Automatic best-engine selection per rule
+- ✅ **Combined reporting**: Unified violation tracking from multiple engines
 ## 🔀 **Git Integration**
@@ -107,69 +179,59 @@ sunlint --all --only-source --input=src
 ## 📋 **Available Rules**
-### **Quality Rules** ✨ (9 rules)
+### **Quality Rules** ✨ (30 rules)
 | Rule ID | Name | Status |
 |---------|------|--------|
-| **C005** | Single Responsibility | ✅ Stable |
-| **C006** | Function Naming | ✅ Stable |
-| **C007** | Comment Quality | ✅ Stable |
-| **C012** | Command Query Separation | ✅ Stable |
+| **C002** | No Duplicate Code | ✅ Stable |
+| **C003** | No Vague Abbreviations | ✅ Stable |
+| **C006** | Function Naming Convention | ✅ Stable |
+| **C010** | Limit Block Nesting | ✅ Stable |
+| **C013** | No Dead Code | ✅ Stable |
 | **C014** | Dependency Injection | ✅ Stable |
-| **C015** | Domain Language | ✅ Stable |
+| **C017** | Limit Constructor Logic | ✅ Stable |
+| **C018** | No Generic Throw | ✅ Stable |
 | **C019** | Log Level Usage | ✅ Stable |
+| **C023** | No Duplicate Variable Names | ✅ Stable |
+| **C029** | Catch Block Logging | ✅ Stable |
+| **C030** | Use Custom Error Classes | ✅ Stable |
 | **C031** | Validation Separation | ✅ Stable |
-| **C037** | API Response Format | ✅ Stable |
-### **Security Rules** 🔒 (43 rules)
+| **C041** | No Hardcoded Config | ✅ Stable |
+| **C042** | Boolean Name Prefix | ✅ Stable |
+| **C043** | No Console or Print | ✅ Stable |
+| **C047** | No Duplicate Retry Logic | ✅ Stable |
+| **C075** | Explicit Function Return Types | ✅ Stable |
+| **C076** | Single Test Behavior | ✅ Stable |
+| **T002-T021** | TypeScript-specific rules | ✅ Stable |
+### **Security Rules** 🔒 (47 rules)
 | Rule ID | Name | Status |
 |---------|------|--------|
 | **S001** | Fail Securely Access Control | ✅ Stable |
 | **S002** | Prevent IDOR Vulnerabilities | ✅ Stable |
+| **S003** | URL Redirect Validation | ✅ Stable |
 | **S005** | No Origin Header Authentication | ✅ Stable |
+| **S006** | Activation Recovery Not Plaintext | ✅ Stable |
 | **S007** | Secure OTP Storage | ✅ Stable |
 | **S008** | Crypto Agility | ✅ Stable |
+| **S009** | No Insecure Crypto | ✅ Stable |
+| **S010** | Secure Random Generation | ✅ Stable |
+| **S011** | Secure UUID Generation | ✅ Stable |
 | **S012** | No Hardcoded Secrets | ✅ Stable |
 | **S013** | Always Use TLS | ✅ Stable |
-| **S014-S058** | *...36 additional security rules* | ✅ Stable |
+| **S014** | Secure TLS Version | ✅ Stable |
+| **S015** | Valid TLS Certificate | ✅ Stable |
+| **S016-S058** | *...Additional security rules* | ✅ Stable |
 ## ⚙️ **Configuration**
 Create `.sunlint.json` in your project root:
-> **🚨 BREAKING CHANGE**: `ignorePatterns` has been deprecated. Please use `exclude` instead for better consistency.
-### **Basic Configuration**
-```json
-{
-  "extends": "@sun/sunlint/recommended",
-  "rules": {
-    "C019": "error",
-    "C006": "warn",
-    "S005": "error"
-  }
-}
-```
-### **Advanced Configuration**
+### **Quick Start Configuration**
 ```json
 {
   "extends": "@sun/sunlint/recommended",
-  "include": ["src/**", "lib/**"],
+  "input": ["src"],
   "exclude": ["**/*.test.*", "**/*.generated.*"],
-  "languages": {
-    "typescript": {
-      "include": ["**/*.ts", "**/*.tsx"],
-      "exclude": ["**/*.d.ts"]
-    }
-  },
-  "testPatterns": {
-    "include": ["**/*.test.*", "**/*.spec.*"],
-    "rules": { "C006": "off" }
-  },
   "rules": {
     "C019": "error",
     "C006": "warn",
@@ -178,27 +240,52 @@ Create `.sunlint.json` in your project root:
 }
 ```
-### **Preset Configurations**
+### **Available Presets**
 - `@sun/sunlint/recommended` - Balanced rules for all projects
-- `@sun/sunlint/security` - Security-focused rules only
+- `@sun/sunlint/security` - Security-focused rules only
 - `@sun/sunlint/quality` - Quality-focused rules only
 - `@sun/sunlint/beginner` - Gentle introduction for new teams
 - `@sun/sunlint/ci` - Optimized for CI/CD environments
+### **Full Configuration Reference**
+📖 **[View Complete Configuration Guide](./docs/CONFIGURATION.md)**
+Complete reference with all available options:
+- File targeting (`include`, `exclude`, `languages`)
+- Rule configurations with detailed descriptions
+- Git integration settings (`changedFiles`, `baseline`)
+- ESLint integration options
+- Performance and caching settings
+- CI/CD optimizations
+> **🚨 MIGRATION NOTE**: `ignorePatterns` is deprecated. Use `exclude` instead. Run `npx sunlint migrate-config` to auto-migrate.
 ## 🎮 **Usage Examples**
 ### **Development**
 ```bash
-# Run all rules
-sunlint --all --input=src
+# Quick start - works immediately
+npm install --save-dev @sun-asterisk/sunlint
+npx sunlint --all --input=src
 # Check specific rules
 sunlint --rules=C019,S005 --input=src
-# ESLint + Git integration
+# ESLint integration (requires eslint dependency)
+npm install --save-dev eslint
 sunlint --all --eslint-integration --changed-files
 ```
+### **TypeScript Projects**
+```bash
+# Enhanced TypeScript setup
+npm install --save-dev @sun-asterisk/sunlint eslint @typescript-eslint/parser @typescript-eslint/eslint-plugin typescript
+# Full TypeScript analysis
+sunlint --all --input=src
+sunlint --all --eslint-integration --input=src
+```
 ### **CI/CD**
 ```bash
 # Full project scan
@@ -207,12 +294,13 @@ sunlint --all --input=. --format=json --output=report.json
 # PR validation
 sunlint --all --changed-files --fail-on-new-violations
-# Pre-commit hook
+# Pre-commit hook
 sunlint --all --staged-files --format=summary
 ```
 ## 📚 **Documentation**
+- **[Configuration Guide](./docs/CONFIGURATION.md)** - Complete config options with examples
 - [ESLint Integration Guide](./docs/ESLINT_INTEGRATION.md)
 - [CI/CD Guide](./docs/CI-CD-GUIDE.md)
 - [Architecture](./docs/ARCHITECTURE.md)

package/cli.js CHANGED Viewed

@@ -16,6 +16,7 @@ const program = createCliProgram();
 // Set up main action handler
 program.action(async (options) => {
+  // Always use modern architecture (legacy removed)
   const actionHandler = new CliActionHandler(options);
   await actionHandler.execute();
 });