@vibecodeqa/cli 0.21.0 → 0.23.0

package/dist/runners/duplication.js

@@ -28,7 +28,14 @@ export function runDuplication(cwd) {
             const block = lines
                 .slice(i, i + MIN_LINES)
                 .map((l) => l.trim())
-                .filter((l) => l.length > 0 && !l.startsWith("//") && !l.startsWith("*") && !l.startsWith("import ") && !l.startsWith("export {") && l !== "{" && l !== "}" && l !== "");
+                .filter((l) => l.length > 0 &&
+                !l.startsWith("//") &&
+                !l.startsWith("*") &&
+                !l.startsWith("import ") &&
+                !l.startsWith("export {") &&
+                l !== "{" &&
+                l !== "}" &&
+                l !== "");
             if (block.length < MIN_LINES - 2)
                 continue; // too many empty/trivial lines
             const key = block.join("\n");

package/dist/runners/error-handling.js

@@ -1,12 +1,19 @@
 /** Error handling check — detects poor error handling patterns. */
-import { gradeFromScore } from "../types.js";
 import { getProductionFiles } from "../fs-utils.js";
+import { gradeFromScore } from "../types.js";
 export function runErrorHandling(cwd, stack) {
     const start = Date.now();
     const issues = [];
     const files = getProductionFiles(cwd);
     if (files.length === 0) {
-        return { name: "error-handling", score: 100, grade: "A", details: { skipped: true, reason: "no source files" }, issues: [], duration: Date.now() - start };
+        return {
+            name: "error-handling",
+            score: 100,
+            grade: "A",
+            details: { skipped: true, reason: "no source files" },
+            issues: [],
+            duration: Date.now() - start,
+        };
     }
     let emptyCatch = 0;
     let throwString = 0;
@@ -20,7 +27,13 @@ export function runErrorHandling(cwd, stack) {
             }
             if (/\bthrow\s+["'`]/.test(line)) {
                 throwString++;
-                issues.push({ severity: "warning", message: "throw string literal — use throw new Error()", file: f.path, line: i + 1, rule: "throw-string" });
+                issues.push({
+                    severity: "warning",
+                    message: "throw string literal — use throw new Error()",
+                    file: f.path,
+                    line: i + 1,
+                    rule: "throw-string",
+                });
             }
         }
     }

package/dist/runners/performance.js

@@ -135,7 +135,9 @@ export function runPerformance(cwd) {
             try {
                 bundleSizeKB = Math.round(dirSizeKB(distPath));
             }
-            catch { /* can't read dist */ }
+            catch {
+                /* can't read dist */
+            }
             break;
         }
     }

package/dist/runners/react.js

@@ -1,14 +1,28 @@
 /** React-specific checks — hooks rules, conditional hooks, missing keys, prop spreading. */
-import { gradeFromScore } from "../types.js";
 import { getProductionFiles } from "../fs-utils.js";
+import { gradeFromScore } from "../types.js";
 export function runReact(cwd, stack) {
     const start = Date.now();
     if (stack.framework !== "react") {
-        return { name: "react", score: 100, grade: "A", details: { skipped: true, reason: "not a React project" }, issues: [], duration: Date.now() - start };
+        return {
+            name: "react",
+            score: 100,
+            grade: "A",
+            details: { skipped: true, reason: "not a React project" },
+            issues: [],
+            duration: Date.now() - start,
+        };
     }
     const files = getProductionFiles(cwd).filter((f) => f.ext === ".tsx" || f.ext === ".jsx");
     if (files.length === 0) {
-        return { name: "react", score: 100, grade: "A", details: { skipped: true, reason: "no JSX/TSX files" }, issues: [], duration: Date.now() - start };
+        return {
+            name: "react",
+            score: 100,
+            grade: "A",
+            details: { skipped: true, reason: "no JSX/TSX files" },
+            issues: [],
+            duration: Date.now() - start,
+        };
     }
     const issues = [];
     let conditionalHooks = 0;
@@ -41,7 +55,13 @@ export function runReact(cwd, stack) {
             // 1. Hooks called inside conditionals
             if (condBraceDepth > 0 && /\buse[A-Z]\w*\s*\(/.test(trimmed) && !/\/\//.test(trimmed.split("use")[0])) {
                 conditionalHooks++;
-                issues.push({ severity: "error", message: "Hook called inside conditional — violates Rules of Hooks", file: f.path, line: i + 1, rule: "conditional-hook" });
+                issues.push({
+                    severity: "error",
+                    message: "Hook called inside conditional — violates Rules of Hooks",
+                    file: f.path,
+                    line: i + 1,
+                    rule: "conditional-hook",
+                });
             }
             // 2. Missing key in .map() returning JSX
             if (/\.map\s*\(/.test(trimmed)) {
@@ -55,12 +75,24 @@ export function runReact(cwd, stack) {
             // 3. index as key
             if (/key=\{(?:i|idx|index)\}/.test(trimmed) || /key=\{.*(?:, *(?:i|idx|index)\))/.test(trimmed)) {
                 indexKeys++;
-                issues.push({ severity: "warning", message: "Using index as key — can cause rendering bugs with reorderable lists", file: f.path, line: i + 1, rule: "index-key" });
+                issues.push({
+                    severity: "warning",
+                    message: "Using index as key — can cause rendering bugs with reorderable lists",
+                    file: f.path,
+                    line: i + 1,
+                    rule: "index-key",
+                });
             }
             // 4. Prop spreading ({...props} on DOM elements)
             if (/\{\.\.\.(?!children)\w+\}/.test(trimmed) && /<[a-z]/.test(trimmed)) {
                 propSpreading++;
-                issues.push({ severity: "warning", message: "Spreading props onto DOM element — can pass unexpected attributes", file: f.path, line: i + 1, rule: "prop-spreading" });
+                issues.push({
+                    severity: "warning",
+                    message: "Spreading props onto DOM element — can pass unexpected attributes",
+                    file: f.path,
+                    line: i + 1,
+                    rule: "prop-spreading",
+                });
             }
             // 5. Inline arrow functions in JSX event handlers (performance)
             if (/on[A-Z]\w*=\{(?:\(\) =>|function)/.test(trimmed)) {
@@ -70,7 +102,11 @@ export function runReact(cwd, stack) {
     }
     // Only warn about inline handlers if there are many
     if (inlineHandlers > 15) {
-        issues.push({ severity: "warning", message: `${inlineHandlers} inline arrow functions in JSX handlers — extract to named functions for readability`, rule: "inline-handlers" });
+        issues.push({
+            severity: "warning",
+            message: `${inlineHandlers} inline arrow functions in JSX handlers — extract to named functions for readability`,
+            rule: "inline-handlers",
+        });
     }
     const errors = issues.filter((i) => i.severity === "error").length;
     const warnings = issues.filter((i) => i.severity === "warning").length;

package/dist/runners/standards.js

@@ -28,7 +28,7 @@ const CODE_SMELLS = [
         message: "dangerouslySetInnerHTML bypasses React's XSS protection",
     },
     { name: "document.write", pattern: /document\.write\s*\(/, severity: "error", message: "document.write blocks rendering" },
-    { name: "http:// URL", pattern: /['"]http:\/\/(?!localhost|127\.0\.0\.1)/, severity: "warning", message: "Non-HTTPS URL — use https://" },
+    { name: "http:// URL", pattern: /['"]http:\/\/(?!localhost|127\.0\.0\.1|www\.w3\.org|schemas?\.)/, severity: "warning", message: "Non-HTTPS URL — use https://" },
     { name: "TODO/FIXME", pattern: /\b(TODO|FIXME|HACK|XXX)\b/, severity: "warning", message: "Unresolved TODO/FIXME comment" },
     {
         name: "magic number",
@@ -96,6 +96,9 @@ export function runStandards(cwd, stack) {
                 continue;
             if (/\bpattern\s*:|name:\s*["']|message:\s*["']|description:\s*["']|risk:\s*["']|recommendation:\s*["']/.test(trimmed))
                 continue;
+            // Skip string-only lines (check-meta descriptions, inline scripts)
+            if (/^\s*["'`].*["'`][,;]?\s*$/.test(line))
+                continue;
             for (const check of CODE_SMELLS) {
                 // Skip console.log in CLI entry points (intentional output)
                 if (check.name === "console.log" && (f.path.includes("cli.") || f.path.includes("bin/")))

package/dist/runners/type-safety.js

@@ -42,9 +42,11 @@ export function runTypeSafety(cwd, isDart = false) {
             const trimmed = line.trim();
             if (trimmed.startsWith("//") || trimmed.startsWith("*"))
                 continue;
-            // Skip pattern definition lines (prevents false positives when scanning own code)
+            // Skip pattern definition lines and string-heavy lines (prevents false positives)
             if (/\bpattern\s*:|name:\s*["']|message:\s*["']|description:\s*["']|risk:\s*["']|recommendation:\s*["']/.test(trimmed))
                 continue;
+            if (/^\s*["'`].*["'`][,;]?\s*$/.test(line))
+                continue;
             for (const p of PATTERNS) {
                 const matches = line.match(p.pattern);
                 if (matches) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@vibecodeqa/cli",
-  "version": "0.21.0",
+  "version": "0.23.0",
   "description": "Code health scanner for the AI coding era. 21 checks, zero config, full report.",
   "type": "module",
   "bin": {