npm - @vibecodeqa/cli - Versions diffs - 0.12.1 → 0.13.0 - Mend

@vibecodeqa/cli 0.12.1 → 0.13.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/cli.js CHANGED Viewed

@@ -145,9 +145,9 @@ async function main() {
     }
     if (!jsonOnly && !ciMode && !watchMode) {
         try {
-            const { execSync } = await import("node:child_process");
+            const { execFileSync } = await import("node:child_process");
             const openCmd = process.platform === "darwin" ? "open" : "xdg-open";
-            execSync(`${openCmd} "${join(outputDir, "report.html")}"`, { stdio: "ignore" });
+            execFileSync(openCmd, [join(outputDir, "report.html")], { stdio: "ignore" });
         }
         catch { /* failed to open browser */ }
     }
@@ -162,15 +162,20 @@ async function main() {
         console.log("  \x1b[2mWatching for changes... (Ctrl+C to stop)\x1b[0m");
         console.log("");
         let debounce = null;
+        let running = false;
         for (const dir of srcDirs) {
             watch(dir, { recursive: true }, (_event, filename) => {
                 if (!filename || filename.includes("node_modules") || filename.includes(".vibe-check"))
                     return;
+                if (running)
+                    return; // prevent concurrent re-runs (M5)
                 if (debounce)
                     clearTimeout(debounce);
-                debounce = setTimeout(() => {
+                debounce = setTimeout(async () => {
+                    running = true;
                     console.log(`  \x1b[2mChanged: ${filename} — re-scanning...\x1b[0m`);
-                    main().catch(() => { });
+                    await main().catch(() => { });
+                    running = false;
                 }, 500);
             });
         }

package/dist/fs-utils.js CHANGED Viewed

@@ -1,5 +1,5 @@
 /** Shared filesystem utilities — eliminates duplicate file-walking across runners. */
-import { readdirSync, readFileSync, statSync } from "node:fs";
+import { lstatSync, readdirSync, readFileSync, statSync } from "node:fs";
 import { basename, extname, join } from "node:path";
 const SKIP_DIRS = new Set(["node_modules", "dist", ".git", ".vibe-check", "coverage", "test-results", "__pycache__"]);
 const CODE_EXTS = new Set([".ts", ".tsx", ".js", ".jsx"]);
@@ -53,6 +53,9 @@ function walk(dir, cwd, out, exts) {
         if (SKIP_DIRS.has(entry))
             continue;
         const full = join(dir, entry);
+        // Skip symlinks to prevent traversal attacks (H3)
+        if (lstatSync(full).isSymbolicLink())
+            continue;
         if (statSync(full).isDirectory()) {
             walk(full, cwd, out, exts);
         }
@@ -60,6 +63,9 @@ function walk(dir, cwd, out, exts) {
             const ext = extname(entry);
             if (!exts.has(ext))
                 continue;
+            // Skip files over 1MB to prevent memory issues (M1)
+            if (statSync(full).size > 1_000_000)
+                continue;
             const content = readFileSync(full, "utf-8");
             const relPath = full.replace(cwd + "/", "");
             const isTest = entry.includes(".test.") || entry.includes(".spec.") || relPath.includes("__tests__");

package/dist/report/html.js CHANGED Viewed

@@ -11,12 +11,12 @@
 import { getCheckMeta } from "../check-meta.js";
 import { generateArchSVG } from "../runners/architecture.js";
 function e(s) {
-    return s.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;");
+    return s.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&#39;");
 }
 /** Make a file path a clickable GitHub link if repoUrl is available. */
 function fileLink(path, line, repoUrl, branch) {
-    const clean = path.split(":")[0]; // strip :line from composite paths
-    if (!repoUrl)
+    const clean = path.split(":")[0];
+    if (!repoUrl || !/^https?:\/\//.test(repoUrl))
         return e(path);
     const href = `${repoUrl}/blob/${branch}/${clean}${line ? "#L" + line : ""}`;
     return `<a href="${e(href)}" target="_blank" rel="noopener" class="flink">${e(path)}</a>`;
@@ -140,9 +140,8 @@ export function generateHTML(report) {
             for (const [file, issues] of byFile) {
                 issuesHtml += `<div class="fg"><div class="fn">${fl(file)} <span class="fc">${issues.length}</span></div>`;
                 for (const iss of issues) {
-                    const promptText = `Fix this issue in ${e(file)}${iss.line ? ":" + iss.line : ""}\n${iss.severity}: ${e(iss.message)}${iss.rule ? " (" + e(iss.rule) + ")" : ""}\nCheck: ${e(c.name)}`;
-                    const safePrompt = promptText.replace(/\\/g, "\\\\").replace(/'/g, "\\'").replace(/\n/g, "\\n");
-                    issuesHtml += `<div class="ir ${iss.severity}"><span class="is">${iss.severity[0].toUpperCase()}</span>${iss.line ? `<span class="il">${iss.line}</span>` : ""}<span class="im">${e(iss.message)}</span>${iss.rule ? `<span class="iru">${e(iss.rule)}</span>` : ""}<button class="cp-btn" onclick="navigator.clipboard.writeText('${safePrompt}');this.textContent='✓';setTimeout(()=>this.textContent='📋',1000)" title="Copy fix prompt">📋</button></div>`;
+                    const prompt = `Fix this issue in ${file}${iss.line ? ":" + iss.line : ""}\n${iss.severity}: ${iss.message}${iss.rule ? " (" + iss.rule + ")" : ""}\nCheck: ${c.name}`;
+                    issuesHtml += `<div class="ir ${iss.severity}"><span class="is">${iss.severity[0].toUpperCase()}</span>${iss.line ? `<span class="il">${iss.line}</span>` : ""}<span class="im">${e(iss.message)}</span>${iss.rule ? `<span class="iru">${e(iss.rule)}</span>` : ""}<button class="cp-btn" data-prompt="${e(prompt)}" title="Copy fix prompt">📋</button></div>`;
                 }
                 issuesHtml += `</div>`;
             }
@@ -390,6 +389,13 @@ function sub(el,cat){
   el.classList.add('active');
   document.querySelectorAll('#p-'+cat+' .sp').forEach(s=>{s.classList.toggle('active',s.dataset.sub===id)});
 }
+// Copy-prompt buttons — read from data-attribute (no inline JS with user data)
+document.addEventListener('click',function(ev){
+  var btn=ev.target.closest('.cp-btn');
+  if(!btn)return;
+  navigator.clipboard.writeText(btn.dataset.prompt||'');
+  btn.textContent='\\u2713';setTimeout(function(){btn.textContent='\\ud83d\\udccb'},1000);
+});
 // Init: show overview
 document.querySelector('.tn').classList.add('active');
 </script>

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@vibecodeqa/cli",
-  "version": "0.12.1",
+  "version": "0.13.0",
   "description": "Code health scanner for the AI coding era. 15 checks, zero config, full report.",
   "type": "module",
   "bin": {