npm - aislop - Versions diffs - 0.1.1 → 0.1.2 - Mend

aislop 0.1.1 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/cli.js +7 -3
package/dist/{engine-info-Bw_OOj3G.js → engine-info-B4Eq4giL.js} +1 -1
package/dist/index.js +8 -4
package/dist/{json-SHDiefXX.js → json-BMSa_G7o.js} +1 -1
package/package.json +1 -1

package/dist/cli.js CHANGED Viewed

@@ -2760,7 +2760,7 @@ const RISKY_PATTERNS = [
 		help: "Avoid dynamic code execution — refactor to use static code paths"
 	},
 	{
-		pattern: /\.innerHTML\s*=/g,
+		pattern: new RegExp(`\\.innerHTML\\s*=`, "g"),
 		extensions: [
 			".ts",
 			".tsx",
@@ -2857,6 +2857,10 @@ const detectRiskyConstructs = async (context) => {
 			let match;
 			while ((match = regex.exec(content)) !== null) {
 				const line = content.slice(0, match.index).split("\n").length;
+				if (name === "innerhtml") {
+					const beforeMatch = content.slice(Math.max(0, match.index - 200), match.index);
+					if (/(?:template|tmpl|tpl)$/i.test(beforeMatch.trimEnd()) || /createElement\s*\(\s*['"]template['"]\s*\)$/.test(beforeMatch.trimEnd())) continue;
+				}
 				if (name === "sql-injection") {
 					const afterMatch = content.slice(match.index + match[0].length, match.index + match[0].length + 100);
 					if (/^(?:\w+\.join\s*\(|[A-Z_]+\}|tableName\}|table\})/.test(afterMatch)) continue;
@@ -3114,7 +3118,7 @@ const logger = {
 * Application version — injected at build time by tsdown from package.json.
 * The fallback should always match the "version" field in package.json.
 */
-const APP_VERSION = "0.1.1";
+const APP_VERSION = "0.1.2";
 //#endregion
 //#region src/output/layout.ts
@@ -3768,7 +3772,7 @@ const scanCommand = async (directory, config, options) => {
 	const allDiagnostics = results.flatMap((r) => r.diagnostics);
 	const elapsedMs = performance.now() - startTime;
 	const scoreResult = calculateScore(allDiagnostics, config.scoring.weights, config.scoring.thresholds);
-	const exitCode = scoreResult.score < config.ci.failBelow ? 1 : 0;
+	const exitCode = allDiagnostics.some((d) => d.severity === "error") || scoreResult.score < config.ci.failBelow ? 1 : 0;
 	if (!isTelemetryDisabled(config.telemetry?.enabled)) {
 		const engineIssues = {};
 		const engineTimings = {};

package/dist/{engine-info-Bw_OOj3G.js → engine-info-B4Eq4giL.js} RENAMED Viewed

@@ -3,7 +3,7 @@
 * Application version — injected at build time by tsdown from package.json.
 * The fallback should always match the "version" field in package.json.
 */
-const APP_VERSION = "0.1.1";
+const APP_VERSION = "0.1.2";
 //#endregion
 //#region src/output/engine-info.ts

package/dist/index.js CHANGED Viewed

@@ -1,4 +1,4 @@
-import { n as getEngineLabel, r as APP_VERSION, t as ENGINE_INFO } from "./engine-info-Bw_OOj3G.js";
+import { n as getEngineLabel, r as APP_VERSION, t as ENGINE_INFO } from "./engine-info-B4Eq4giL.js";
 import { n as runSubprocess, t as isToolInstalled } from "./subprocess-99puEEGl.js";
 import { createRequire } from "node:module";
 import fs from "node:fs";
@@ -3358,7 +3358,7 @@ const RISKY_PATTERNS = [
 		help: "Avoid dynamic code execution — refactor to use static code paths"
 	},
 	{
-		pattern: /\.innerHTML\s*=/g,
+		pattern: new RegExp(`\\.innerHTML\\s*=`, "g"),
 		extensions: [
 			".ts",
 			".tsx",
@@ -3455,6 +3455,10 @@ const detectRiskyConstructs = async (context) => {
 			let match;
 			while ((match = regex.exec(content)) !== null) {
 				const line = content.slice(0, match.index).split("\n").length;
+				if (name === "innerhtml") {
+					const beforeMatch = content.slice(Math.max(0, match.index - 200), match.index);
+					if (/(?:template|tmpl|tpl)$/i.test(beforeMatch.trimEnd()) || /createElement\s*\(\s*['"]template['"]\s*\)$/.test(beforeMatch.trimEnd())) continue;
+				}
 				if (name === "sql-injection") {
 					const afterMatch = content.slice(match.index + match[0].length, match.index + match[0].length + 100);
 					if (/^(?:\w+\.join\s*\(|[A-Z_]+\}|tableName\}|table\})/.test(afterMatch)) continue;
@@ -3968,7 +3972,7 @@ const scanCommand = async (directory, config, options) => {
 	const allDiagnostics = results.flatMap((r) => r.diagnostics);
 	const elapsedMs = performance.now() - startTime;
 	const scoreResult = calculateScore(allDiagnostics, config.scoring.weights, config.scoring.thresholds);
-	const exitCode = scoreResult.score < config.ci.failBelow ? 1 : 0;
+	const exitCode = allDiagnostics.some((d) => d.severity === "error") || scoreResult.score < config.ci.failBelow ? 1 : 0;
 	if (!isTelemetryDisabled(config.telemetry?.enabled)) {
 		const engineIssues = {};
 		const engineTimings = {};
@@ -3987,7 +3991,7 @@ const scanCommand = async (directory, config, options) => {
 		});
 	}
 	if (options.json) {
-		const { buildJsonOutput } = await import("./json-SHDiefXX.js");
+		const { buildJsonOutput } = await import("./json-BMSa_G7o.js");
 		const jsonOut = buildJsonOutput(results, scoreResult, projectInfo.sourceFileCount, elapsedMs);
 		console.log(JSON.stringify(jsonOut, null, 2));
 		return { exitCode };

package/dist/{json-SHDiefXX.js → json-BMSa_G7o.js} RENAMED Viewed

@@ -1,4 +1,4 @@
-import { r as APP_VERSION, t as ENGINE_INFO } from "./engine-info-Bw_OOj3G.js";
+import { r as APP_VERSION, t as ENGINE_INFO } from "./engine-info-B4Eq4giL.js";
 //#region src/output/json.ts
 const buildJsonOutput = (results, scoreResult, fileCount, elapsedMs) => {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
 	"name": "aislop",
-	"version": "0.1.1",
+	"version": "0.1.2",
 	"description": "Stop AI slop from shipping. A unified code quality CLI that catches the lazy patterns AI coding tools leave behind.",
 	"type": "module",
 	"bin": {