@vibecodeqa/cli 0.17.0 → 0.18.1

package/dist/runners/performance.js

@@ -0,0 +1,174 @@
+/** Performance check — barrel imports, dynamic import opportunities, large bundles.
+ *
+ * Sub-checks:
+ *   1. Barrel import smell — index.ts re-exports that defeat tree-shaking
+ *   2. Heavy dependencies — bundled packages known to bloat output
+ *   3. Dynamic import opportunities — large imports that could be lazy-loaded
+ *   4. CSS-in-JS overhead — detects runtime CSS solutions vs zero-runtime alternatives
+ */
+import { existsSync, readdirSync, statSync } from "node:fs";
+import { join } from "node:path";
+import { getProductionFiles, readDeps } from "../fs-utils.js";
+import { gradeFromScore } from "../types.js";
+// Packages known to be heavy (bundled KB, approx)
+const HEAVY_DEPS = {
+    moment: { kb: 300, alt: "date-fns or dayjs (2-7KB)" },
+    lodash: { kb: 70, alt: "lodash-es or native methods" },
+    "lodash.js": { kb: 70, alt: "lodash-es or native methods" },
+    rxjs: { kb: 50, alt: "only import operators you use" },
+    "@fortawesome/fontawesome-svg-core": { kb: 60, alt: "lucide-react or heroicons (tree-shakeable)" },
+    "@material-ui/core": { kb: 300, alt: "@mui/material with tree-shaking imports" },
+    "chart.js": { kb: 200, alt: "lightweight-charts or uPlot" },
+    firebase: { kb: 200, alt: "firebase/app + only needed modules" },
+    "aws-sdk": { kb: 400, alt: "@aws-sdk/client-* (v3 modular)" },
+    underscore: { kb: 25, alt: "native ES methods" },
+};
+export function runPerformance(cwd) {
+    const start = Date.now();
+    const issues = [];
+    const sourceFiles = getProductionFiles(cwd);
+    if (sourceFiles.length === 0) {
+        return {
+            name: "performance",
+            score: 100,
+            grade: "A",
+            details: { skipped: true, reason: "no source files" },
+            issues: [],
+            duration: Date.now() - start,
+        };
+    }
+    let barrelImports = 0;
+    let heavyDeps = 0;
+    let dynamicOpportunities = 0;
+    let cssInJsRuntime = 0;
+    // ── 1. Barrel import detection ──
+    // Find index.ts files that just re-export
+    for (const f of sourceFiles) {
+        if (f.base !== "index")
+            continue;
+        const lines = f.content.split("\n").filter((l) => l.trim().length > 0);
+        const exportLines = lines.filter((l) => /^export\s/.test(l.trim()));
+        // If >80% of non-empty lines are re-exports, it's a barrel
+        if (lines.length > 0 && exportLines.length / lines.length > 0.8 && exportLines.length >= 3) {
+            barrelImports++;
+            issues.push({
+                severity: "warning",
+                message: `Barrel file with ${exportLines.length} re-exports — defeats tree-shaking in many bundlers`,
+                file: f.path,
+                rule: "barrel-import",
+            });
+        }
+    }
+    // Check for imports from barrel files (importing from directory index)
+    for (const f of sourceFiles) {
+        const lines = f.content.split("\n");
+        for (let i = 0; i < lines.length; i++) {
+            const match = lines[i].match(/import\s+\{[^}]{50,}\}\s+from\s+['"](\.[^'"]+)['"]/);
+            if (match) {
+                issues.push({
+                    severity: "info",
+                    message: "Large destructured import — if from a barrel, only imported items should be bundled",
+                    file: f.path,
+                    line: i + 1,
+                    rule: "large-import",
+                });
+            }
+        }
+    }
+    // ── 2. Heavy dependency detection ──
+    const deps = readDeps(cwd);
+    for (const [name, info] of Object.entries(HEAVY_DEPS)) {
+        if (deps[name]) {
+            heavyDeps++;
+            issues.push({
+                severity: "warning",
+                message: `${name} (~${info.kb}KB) — consider ${info.alt}`,
+                rule: "heavy-dependency",
+            });
+        }
+    }
+    // lodash without lodash-es (non-tree-shakeable)
+    if (deps.lodash && !deps["lodash-es"]) {
+        issues.push({
+            severity: "warning",
+            message: "lodash (not lodash-es) — CommonJS build defeats tree-shaking",
+            rule: "non-esm-dep",
+        });
+    }
+    // ── 3. Dynamic import opportunities ──
+    // Large conditional imports that could be lazy-loaded
+    for (const f of sourceFiles) {
+        const lines = f.content.split("\n");
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i].trim();
+            // Static import of known-heavy visualization/editor libraries
+            if (/^import\s/.test(line) && /\b(monaco|codemirror|ace-builds|chart\.js|three|@react-three|recharts|d3)\b/.test(line)) {
+                dynamicOpportunities++;
+                issues.push({
+                    severity: "info",
+                    message: "Consider dynamic import() for heavy library — reduces initial bundle",
+                    file: f.path,
+                    line: i + 1,
+                    rule: "dynamic-import-opportunity",
+                });
+            }
+        }
+    }
+    // ── 4. CSS-in-JS runtime overhead ──
+    const runtimeCss = ["styled-components", "@emotion/styled", "@emotion/react"];
+    for (const pkg of runtimeCss) {
+        if (deps[pkg]) {
+            cssInJsRuntime++;
+            issues.push({
+                severity: "info",
+                message: `${pkg} adds runtime CSS overhead — consider Tailwind, CSS Modules, or vanilla-extract`,
+                rule: "runtime-css",
+            });
+        }
+    }
+    // ── 5. Bundle size check (if dist/ exists) ──
+    let bundleSizeKB = 0;
+    const distDirs = ["dist", "build", ".next", "out"];
+    for (const d of distDirs) {
+        const distPath = join(cwd, d);
+        if (existsSync(distPath)) {
+            try {
+                bundleSizeKB = Math.round(dirSizeKB(distPath));
+            }
+            catch { /* can't read dist */ }
+            break;
+        }
+    }
+    // Score
+    const penalty = barrelImports * 3 + heavyDeps * 8 + dynamicOpportunities * 2 + cssInJsRuntime * 2;
+    const score = Math.max(0, Math.min(100, 100 - penalty));
+    return {
+        name: "performance",
+        score,
+        grade: gradeFromScore(score),
+        details: {
+            filesScanned: sourceFiles.length,
+            barrelImports,
+            heavyDeps,
+            dynamicOpportunities,
+            cssInJsRuntime,
+            ...(bundleSizeKB > 0 ? { bundleSizeKB } : {}),
+        },
+        issues,
+        duration: Date.now() - start,
+    };
+}
+function dirSizeKB(dir) {
+    let total = 0;
+    for (const entry of readdirSync(dir)) {
+        const full = join(dir, entry);
+        const stat = statSync(full);
+        if (stat.isDirectory()) {
+            total += dirSizeKB(full);
+        }
+        else {
+            total += stat.size;
+        }
+    }
+    return total / 1024;
+}

package/dist/runners/react.js

@@ -18,23 +18,28 @@ export function runReact(cwd, stack) {
     let indexKeys = 0;
     for (const f of files) {
         const lines = f.content.split("\n");
-        // Track if we're inside a conditional block
-        let condDepth = 0;
+        // Track brace depth inside conditional blocks
+        let condBraceDepth = 0; // > 0 means we're inside a conditional's body
         for (let i = 0; i < lines.length; i++) {
             const line = lines[i];
             const trimmed = line.trim();
             // Skip comments
             if (trimmed.startsWith("//") || trimmed.startsWith("*"))
                 continue;
-            // Track conditional blocks
-            if (/\b(if|else|switch)\s*\(/.test(trimmed))
-                condDepth++;
-            if (condDepth > 0 && trimmed.includes("{"))
-                condDepth++;
-            if (condDepth > 0 && trimmed.includes("}"))
-                condDepth--;
+            // Count braces on this line
+            const opens = (trimmed.match(/\{/g) || []).length;
+            const closes = (trimmed.match(/\}/g) || []).length;
+            // Enter conditional: set depth to 1 on the opening brace
+            if (/\b(if|else|switch)\s*[\s(]/.test(trimmed) && opens > 0) {
+                condBraceDepth = 1;
+            }
+            else if (condBraceDepth > 0) {
+                condBraceDepth += opens - closes;
+                if (condBraceDepth < 0)
+                    condBraceDepth = 0;
+            }
             // 1. Hooks called inside conditionals
-            if (condDepth > 0 && /\buse[A-Z]\w*\s*\(/.test(trimmed) && !/\/\//.test(trimmed.split("use")[0])) {
+            if (condBraceDepth > 0 && /\buse[A-Z]\w*\s*\(/.test(trimmed) && !/\/\//.test(trimmed.split("use")[0])) {
                 conditionalHooks++;
                 issues.push({ severity: "error", message: "Hook called inside conditional — violates Rules of Hooks", file: f.path, line: i + 1, rule: "conditional-hook" });
             }

package/dist/runners/secrets.js

@@ -1,6 +1,5 @@
 /** Secret detection — scans for hardcoded keys/tokens in source files. */
-import { readdirSync, readFileSync, statSync } from "node:fs";
-import { extname, join } from "node:path";
+import { collectAllFiles } from "../fs-utils.js";
 import { gradeFromScore } from "../types.js";
 const SECRET_PATTERNS = [
     { name: "AWS Access Key", pattern: /AKIA[0-9A-Z]{16}/ },
@@ -35,26 +34,23 @@ const SECRET_PATTERNS = [
 export function runSecrets(cwd) {
     const start = Date.now();
     const issues = [];
-    const files = [];
-    collectFiles(cwd, files);
-    for (const file of files) {
-        const content = readFileSync(file, "utf-8");
-        const relPath = file.replace(`${cwd}/`, "");
-        const lines = content.split("\n");
+    const sourceFiles = collectAllFiles(cwd, { extraExts: true });
+    for (const sf of sourceFiles) {
+        // Skip test files and mock data
+        if (sf.isTest || sf.path.includes("__mock"))
+            continue;
+        const lines = sf.content.split("\n");
         for (let i = 0; i < lines.length; i++) {
             const line = lines[i];
             // Skip comments
             if (line.trim().startsWith("//") || line.trim().startsWith("*"))
                 continue;
-            // Skip test files and mock data
-            if (relPath.includes(".test.") || relPath.includes("__mock"))
-                continue;
             for (const { name, pattern } of SECRET_PATTERNS) {
                 if (pattern.test(line)) {
                     issues.push({
                         severity: "error",
                         message: `Possible ${name}`,
-                        file: relPath,
+                        file: sf.path,
                         line: i + 1,
                         rule: "secret-detected",
                     });
@@ -72,20 +68,3 @@ export function runSecrets(cwd) {
         duration: Date.now() - start,
     };
 }
-function collectFiles(dir, out) {
-    for (const entry of readdirSync(dir)) {
-        if (["node_modules", "dist", ".git", ".vibe-check", "coverage", "test-results"].includes(entry))
-            continue;
-        const full = join(dir, entry);
-        const stat = statSync(full);
-        if (stat.isDirectory()) {
-            collectFiles(full, out);
-        }
-        else {
-            const ext = extname(entry);
-            if ([".ts", ".tsx", ".js", ".jsx", ".json", ".env", ".yaml", ".yml", ".toml"].includes(ext)) {
-                out.push(full);
-            }
-        }
-    }
-}

package/dist/runners/security.js

@@ -1,6 +1,7 @@
 /** Security analysis — beyond secrets, checks for vulnerable code patterns. */
-import { existsSync, readdirSync, readFileSync, statSync } from "node:fs";
-import { extname, join } from "node:path";
+import { existsSync, readFileSync } from "node:fs";
+import { join } from "node:path";
+import { getProductionFiles } from "../fs-utils.js";
 import { gradeFromScore } from "../types.js";
 const PATTERNS = [
     // XSS
@@ -44,7 +45,7 @@ const PATTERNS = [
     },
     {
         name: "child_process.exec",
-        pattern: /\bexec(?:Sync)?\s*\((?!.*\{[^}]*encoding)/,
+        pattern: /\b(?:child_process|cp)\.exec(?:Sync)?\s*\(|(?:^|\s)execSync\s*\(/,
         severity: "warning",
         message: "Command injection risk: prefer execFile with argument array",
         cwe: "CWE-78",
@@ -105,7 +106,7 @@ const PATTERNS = [
     // Sensitive data
     {
         name: "password in URL",
-        pattern: /(?:password|secret|token|key)=[^&\s'"]+/i,
+        pattern: /(?:password|secret|api_?token)=[^&\s'"]{8,}/i,
         severity: "warning",
         message: "Sensitive data in URL query string",
         cwe: "CWE-598",
@@ -122,17 +123,8 @@ const PATTERNS = [
 export function runSecurity(cwd) {
     const start = Date.now();
     const issues = [];
-    const files = [];
-    const dirs = ["src", "web/src"];
-    for (const dir of dirs) {
-        try {
-            collectFiles(join(cwd, dir), files);
-        }
-        catch {
-            /* dir doesn't exist */
-        }
-    }
-    if (files.length === 0) {
+    const sourceFiles = getProductionFiles(cwd);
+    if (sourceFiles.length === 0) {
         return {
             name: "security",
             score: 100,
@@ -143,24 +135,25 @@ export function runSecurity(cwd) {
         };
     }
     const cwePrefixes = new Set();
-    for (const file of files) {
-        const content = readFileSync(file, "utf-8");
-        const relPath = file.replace(`${cwd}/`, "");
-        const lines = content.split("\n");
+    for (const sf of sourceFiles) {
+        const lines = sf.content.split("\n");
         for (let i = 0; i < lines.length; i++) {
             const line = lines[i];
             const trimmed = line.trim();
             if (trimmed.startsWith("//") || trimmed.startsWith("*"))
                 continue;
-            // Skip pattern/config definition lines (prevents false positives on own code)
+            // Skip pattern/config definition lines and string-heavy metadata (prevents false positives on own code)
             if (/\bpattern\s*:|name:\s*["']|message:\s*["']|description:\s*["']|risk:\s*["']|recommendation:\s*["']/.test(trimmed))
                 continue;
+            // Skip lines that are primarily string content (check-meta descriptions, etc.)
+            if (/^\s*["'`].*["'`][,;]?\s*$/.test(line))
+                continue;
             for (const p of PATTERNS) {
                 if (p.pattern.test(line)) {
                     issues.push({
                         severity: p.severity,
                         message: p.message,
-                        file: relPath,
+                        file: sf.path,
                         line: i + 1,
                         rule: p.cwe || p.name,
                     });
@@ -200,24 +193,8 @@ export function runSecurity(cwd) {
         name: "security",
         score,
         grade: gradeFromScore(score),
-        details: { filesScanned: files.length, patterns: issues.length, cweCategories: cwePrefixes.size, errors, warnings },
+        details: { filesScanned: sourceFiles.length, patterns: issues.length, cweCategories: cwePrefixes.size, errors, warnings },
         issues,
         duration: Date.now() - start,
     };
 }
-function collectFiles(dir, out) {
-    for (const entry of readdirSync(dir)) {
-        if (["node_modules", "dist", ".git", ".vibe-check", "coverage", "test-results"].includes(entry))
-            continue;
-        const full = join(dir, entry);
-        if (statSync(full).isDirectory()) {
-            collectFiles(full, out);
-        }
-        else {
-            const ext = extname(entry);
-            if ([".ts", ".tsx", ".js", ".jsx"].includes(ext) && !entry.includes(".test.") && !entry.includes(".spec.")) {
-                out.push(full);
-            }
-        }
-    }
-}

package/dist/runners/standards.js

@@ -1,6 +1,7 @@
 /** Code standards check — naming conventions, anti-patterns, config hygiene. */
-import { readdirSync, readFileSync, statSync } from "node:fs";
+import { readFileSync } from "node:fs";
 import { basename, extname, join } from "node:path";
+import { getProductionFiles, readDeps } from "../fs-utils.js";
 import { gradeFromScore } from "../types.js";
 const CODE_SMELLS = [
     {
@@ -40,16 +41,7 @@ export function runStandards(cwd, stack) {
     const start = Date.now();
     const issues = [];
     // Collect source files
-    const files = [];
-    const dirs = ["src", "web/src"];
-    for (const dir of dirs) {
-        try {
-            collectFiles(join(cwd, dir), cwd, files);
-        }
-        catch {
-            /* dir doesn't exist */
-        }
-    }
+    const files = getProductionFiles(cwd);
     // ── File naming conventions ──
     let namingViolations = 0;
     for (const f of files) {
@@ -170,28 +162,3 @@ export function runStandards(cwd, stack) {
         duration: Date.now() - start,
     };
 }
-function collectFiles(dir, cwd, out) {
-    for (const entry of readdirSync(dir)) {
-        if (entry === "node_modules" || entry === "dist" || entry === ".git")
-            continue;
-        const full = join(dir, entry);
-        if (statSync(full).isDirectory()) {
-            collectFiles(full, cwd, out);
-        }
-        else {
-            const ext = extname(entry);
-            if ([".ts", ".tsx", ".js", ".jsx"].includes(ext) && !entry.includes(".test.") && !entry.includes(".spec.")) {
-                out.push({ path: full.replace(`${cwd}/`, ""), content: readFileSync(full, "utf-8") });
-            }
-        }
-    }
-}
-function readDeps(cwd) {
-    try {
-        const pkg = JSON.parse(readFileSync(join(cwd, "package.json"), "utf-8"));
-        return { ...pkg.dependencies, ...pkg.devDependencies };
-    }
-    catch {
-        return {};
-    }
-}

package/dist/runners/structure.js

@@ -1,19 +1,29 @@
 /** Project structure check — does the repo have standard files and conventions? */
-import { existsSync, readdirSync, readFileSync, statSync } from "node:fs";
-import { extname, join } from "node:path";
+import { existsSync, readFileSync } from "node:fs";
+import { join } from "node:path";
+import { collectSourceFiles } from "../fs-utils.js";
 import { gradeFromScore } from "../types.js";
-const EXPECTED_FILES = [
+const NODE_FILES = [
     { name: "package.json", path: "package.json", required: true, description: "Package manifest" },
     { name: "tsconfig.json", path: "tsconfig.json", required: false, description: "TypeScript configuration" },
     { name: "LICENSE", path: "LICENSE", required: true, description: "Open source license" },
     { name: ".gitignore", path: ".gitignore", required: true, description: "Git ignore rules" },
     { name: "README.md", path: "README.md", required: false, description: "Project documentation" },
 ];
+const DART_FILES = [
+    { name: "pubspec.yaml", path: "pubspec.yaml", required: true, description: "Dart package manifest" },
+    { name: "analysis_options.yaml", path: "analysis_options.yaml", required: true, description: "Dart analysis options" },
+    { name: "LICENSE", path: "LICENSE", required: true, description: "Open source license" },
+    { name: ".gitignore", path: ".gitignore", required: true, description: "Git ignore rules" },
+    { name: "README.md", path: "README.md", required: false, description: "Project documentation" },
+];
 export function runStructure(cwd, stack) {
     const start = Date.now();
     const issues = [];
     const found = [];
     const missing = [];
+    const isDart = stack.language === "dart";
+    const EXPECTED_FILES = isDart ? DART_FILES : NODE_FILES;
     // Check standard files
     for (const fc of EXPECTED_FILES) {
         // tsconfig is required only for TS projects
@@ -31,24 +41,24 @@ export function runStructure(cwd, stack) {
         }
     }
     // Check for lockfile
-    const hasLock = ["pnpm-lock.yaml", "package-lock.json", "yarn.lock", "bun.lockb"].some((f) => existsSync(join(cwd, f)));
+    const lockfiles = isDart ? ["pubspec.lock"] : ["pnpm-lock.yaml", "package-lock.json", "yarn.lock", "bun.lockb"];
+    const hasLock = lockfiles.some((f) => existsSync(join(cwd, f)));
     if (hasLock) {
         found.push("lockfile");
     }
     else {
         issues.push({ severity: "warning", message: "No lockfile found — builds may not be reproducible", rule: "missing-lockfile" });
     }
-    // Check for src directory
-    const hasSrc = existsSync(join(cwd, "src")) || existsSync(join(cwd, "web/src"));
+    // Check for source directory
+    const srcDirs = isDart ? ["lib"] : ["src", "web/src"];
+    const hasSrc = srcDirs.some((d) => existsSync(join(cwd, d)));
     if (!hasSrc) {
-        issues.push({ severity: "error", message: "No src/ directory found", rule: "no-src" });
+        issues.push({ severity: "error", message: `No ${srcDirs[0]}/ directory found`, rule: "no-src" });
     }
     // Count source vs test files
-    const srcFiles = [];
-    const testFiles = [];
-    collectAll(cwd, srcFiles, testFiles);
-    const srcCount = srcFiles.length;
-    const testCount = testFiles.length;
+    const allFiles = collectSourceFiles(cwd, { includeTests: true });
+    const srcCount = allFiles.filter((f) => !f.isTest).length;
+    const testCount = allFiles.filter((f) => f.isTest).length;
     const testRatio = srcCount > 0 ? testCount / srcCount : 0;
     if (testCount === 0 && srcCount > 0) {
         issues.push({ severity: "error", message: `No test files found (${srcCount} source files with zero tests)`, rule: "no-tests" });
@@ -60,17 +70,19 @@ export function runStructure(cwd, stack) {
             rule: "low-test-ratio",
         });
     }
-    // Check package.json has essential scripts
-    try {
-        const pkg = JSON.parse(readFileSync(join(cwd, "package.json"), "utf-8"));
-        const scripts = pkg.scripts || {};
-        if (!scripts.test)
-            issues.push({ severity: "warning", message: "No 'test' script in package.json", rule: "no-test-script" });
-        if (!scripts.build && !scripts.dev)
-            issues.push({ severity: "info", message: "No 'build' or 'dev' script in package.json", rule: "no-build-script" });
-    }
-    catch {
-        /* no package.json or parse error */
+    // Check manifest has essential config
+    if (!isDart) {
+        try {
+            const pkg = JSON.parse(readFileSync(join(cwd, "package.json"), "utf-8"));
+            const scripts = pkg.scripts || {};
+            if (!scripts.test)
+                issues.push({ severity: "warning", message: "No 'test' script in package.json", rule: "no-test-script" });
+            if (!scripts.build && !scripts.dev)
+                issues.push({ severity: "info", message: "No 'build' or 'dev' script in package.json", rule: "no-build-script" });
+        }
+        catch {
+            /* no package.json or parse error */
+        }
     }
     const errors = issues.filter((i) => i.severity === "error").length;
     const warnings = issues.filter((i) => i.severity === "warning").length;
@@ -84,35 +96,3 @@ export function runStructure(cwd, stack) {
         duration: Date.now() - start,
     };
 }
-function collectAll(cwd, src, test) {
-    const dirs = ["src", "web/src"];
-    for (const dir of dirs) {
-        try {
-            walk(join(cwd, dir), src, test);
-        }
-        catch {
-            /* dir doesn't exist */
-        }
-    }
-}
-function walk(dir, src, test) {
-    for (const entry of readdirSync(dir)) {
-        if (entry === "node_modules" || entry === "dist")
-            continue;
-        const full = join(dir, entry);
-        if (statSync(full).isDirectory()) {
-            walk(full, src, test);
-        }
-        else {
-            const ext = extname(entry);
-            if ([".ts", ".tsx", ".js", ".jsx"].includes(ext)) {
-                if (entry.includes(".test.") || entry.includes(".spec.")) {
-                    test.push(full);
-                }
-                else {
-                    src.push(full);
-                }
-            }
-        }
-    }
-}

package/dist/runners/testing.js

@@ -10,6 +10,7 @@
  */
 import { existsSync, readdirSync, readFileSync, statSync } from "node:fs";
 import { basename, extname, join } from "node:path";
+import { getProductionFiles, readDeps } from "../fs-utils.js";
 import { gradeFromScore } from "../types.js";
 import { run } from "./exec.js";
 // ── Classification rules ──
@@ -88,33 +89,7 @@ function walkTests(dir, cwd, out) {
     }
 }
 function findSourceFiles(cwd) {
-    const files = [];
-    const dirs = ["src", "web/src"];
-    for (const dir of dirs) {
-        try {
-            walkSource(join(cwd, dir), cwd, files);
-        }
-        catch {
-            /* dir doesn't exist */
-        }
-    }
-    return files;
-}
-function walkSource(dir, cwd, out) {
-    for (const entry of readdirSync(dir)) {
-        if (entry === "node_modules" || entry === "dist")
-            continue;
-        const full = join(dir, entry);
-        if (statSync(full).isDirectory()) {
-            walkSource(full, cwd, out);
-        }
-        else {
-            const ext = extname(entry);
-            if ([".ts", ".tsx", ".js", ".jsx"].includes(ext) && !entry.includes(".test.") && !entry.includes(".spec.")) {
-                out.push(full.replace(`${cwd}/`, ""));
-            }
-        }
-    }
+    return getProductionFiles(cwd).map((f) => f.path);
 }
 // ── Pairing analysis ──
 function computePairing(srcFiles, testFiles) {
@@ -151,15 +126,6 @@ function detectE2E(cwd) {
     }
     return { tool: "none", configured: false };
 }
-function readDeps(cwd) {
-    try {
-        const pkg = JSON.parse(readFileSync(join(cwd, "package.json"), "utf-8"));
-        return { ...pkg.dependencies, ...pkg.devDependencies };
-    }
-    catch {
-        return {};
-    }
-}
 // ── Coverage collection ──
 function collectCoverage(cwd, stack) {
     if (stack.testRunner === "none")

package/dist/runners/type-safety.d.ts

@@ -1,3 +1,3 @@
 /** Type safety check — count unsafe patterns: `as any`, explicit `any`, non-null assertions. */
 import type { CheckResult } from "../types.js";
-export declare function runTypeSafety(cwd: string): CheckResult;
+export declare function runTypeSafety(cwd: string, isDart?: boolean): CheckResult;