aislop 0.5.1 → 0.6.0

package/dist/index.js

@@ -1,4 +1,4 @@
-import { n as ENGINE_INFO, r as getEngineLabel, t as APP_VERSION } from "./version-CIlgPf8Q.js";
+import { n as ENGINE_INFO, r as getEngineLabel, t as APP_VERSION } from "./version-C2lM_2fE.js";
 import { n as runSubprocess, t as isToolInstalled } from "./subprocess-CQUJDGgn.js";
 import { r as runGenericLinter, t as fixRubyLint } from "./generic-BrcWMW7E.js";
 import { n as runExpoDoctor } from "./expo-doctor-Bz0LZhQ6.js";
@@ -1611,7 +1611,49 @@ const MEANINGFUL_JSDOC_TAGS = new Set([
 	"todo",
 	"link",
 	"license",
-	"preserve"
+	"preserve",
+	"swagger",
+	"openapi",
+	"route",
+	"group",
+	"summary",
+	"description",
+	"operationid",
+	"response",
+	"responses",
+	"request",
+	"requestbody",
+	"security",
+	"tag",
+	"tags",
+	"path",
+	"body",
+	"query",
+	"queryparam",
+	"header",
+	"headers",
+	"produces",
+	"accept",
+	"middleware",
+	"api",
+	"apiname",
+	"apidefine",
+	"apigroup",
+	"apiparam",
+	"apiquery",
+	"apibody",
+	"apiheader",
+	"apisuccess",
+	"apierror",
+	"apiexample",
+	"apiversion",
+	"apidescription",
+	"apipermission",
+	"apiuse",
+	"apiignore",
+	"apiprivate",
+	"namespace",
+	"category"
 ]);
 const SUPPORTED_EXTS = new Set([
 	".ts",
@@ -4951,7 +4993,7 @@ const renderCleanRun = (input, deps = {}) => {
 //#region src/utils/git.ts
 const MAX_BUFFER = 50 * 1024 * 1024;
 const getChangedFiles = (cwd, base) => {
-	const result = spawnSync("git", [
+	const diff = spawnSync("git", [
 		"diff",
 		"--name-only",
 		"--diff-filter=ACMR",
@@ -4961,8 +5003,22 @@ const getChangedFiles = (cwd, base) => {
 		encoding: "utf-8",
 		maxBuffer: MAX_BUFFER
 	});
-	if (result.error || result.status !== 0) return [];
-	return result.stdout.split("\n").filter((f) => f.length > 0).map((f) => path.resolve(cwd, f));
+	if (diff.error || diff.status !== 0) return [];
+	const untracked = spawnSync("git", [
+		"ls-files",
+		"--others",
+		"--exclude-standard"
+	], {
+		cwd,
+		encoding: "utf-8",
+		maxBuffer: MAX_BUFFER
+	});
+	const names = /* @__PURE__ */ new Set();
+	for (const line of diff.stdout.split("\n")) if (line.length > 0) names.add(line);
+	if (!untracked.error && untracked.status === 0) {
+		for (const line of untracked.stdout.split("\n")) if (line.length > 0) names.add(line);
+	}
+	return Array.from(names).map((f) => path.resolve(cwd, f));
 };
 const getStagedFiles = (cwd) => {
 	const result = spawnSync("git", [
@@ -5133,7 +5189,7 @@ const scanCommand = async (directory, config, options) => {
 		});
 	}
 	if (options.json) {
-		const { buildJsonOutput } = await import("./json-D_i2_5_-.js");
+		const { buildJsonOutput } = await import("./json-DcE9soYJ.js");
 		const jsonOut = buildJsonOutput(results, scoreResult, projectInfo.sourceFileCount, elapsedMs);
 		console.log(JSON.stringify(jsonOut, null, 2));
 		return { exitCode };
@@ -5919,7 +5975,13 @@ const fixDependencyAudit = async (context, onProgress) => {
 		await tryNpmOverrides(context.rootDirectory, onProgress);
 		return;
 	}
-	await tryPnpmOverrides(context.rootDirectory, onProgress);
+	if (await tryPnpmOverrides(context.rootDirectory, onProgress)) return;
+	if (fs.existsSync(path.join(context.rootDirectory, "package-lock.json"))) {
+		await runNpmAuditFix(context.rootDirectory, onProgress);
+		await tryNpmOverrides(context.rootDirectory, onProgress);
+		return;
+	}
+	onProgress?.("Dependency audit fixes · skipping (pnpm audit unavailable and no package-lock.json for npm fallback)");
 };
 const runNpmAuditFix = async (rootDir, onProgress) => {
 	onProgress?.("Dependency audit fixes · running npm audit fix (can take a few minutes)");
@@ -5951,11 +6013,11 @@ const fetchLatestVersion = async (rootDir, pkgName, pm) => {
 		return null;
 	}
 };
-const collectNpmOverrides = async (rootDir, vulnerabilities) => {
+const collectOverrides = async (rootDir, vulnerabilities, pm) => {
 	const overrides = {};
 	for (const [pkgName, vuln] of Object.entries(vulnerabilities)) {
 		if (vuln.fixAvailable !== false || !vuln.range) continue;
-		const latest = await fetchLatestVersion(rootDir, pkgName, "npm");
+		const latest = await fetchLatestVersion(rootDir, pkgName, pm);
 		if (latest) overrides[pkgName] = latest;
 	}
 	return overrides;
@@ -5969,7 +6031,7 @@ const tryNpmOverrides = async (rootDir, onProgress) => {
 		if (!auditResult.stdout) return;
 		const vulnerabilities = JSON.parse(auditResult.stdout).vulnerabilities;
 		if (!vulnerabilities) return;
-		const overrides = await collectNpmOverrides(rootDir, vulnerabilities);
+		const overrides = await collectOverrides(rootDir, vulnerabilities, "npm");
 		if (Object.keys(overrides).length === 0) return;
 		const pkgPath = path.join(rootDir, "package.json");
 		const pkg = JSON.parse(fs.readFileSync(pkgPath, "utf-8"));
@@ -6005,23 +6067,31 @@ const collectPnpmOverrides = (advisories) => {
 	}
 	return overrides;
 };
+const isPnpmAuditRetired = (stdout, stderr) => {
+	const haystack = `${stdout}\n${stderr}`.toLowerCase();
+	return haystack.includes("410") || haystack.includes("gone") || haystack.includes("retired") || haystack.includes("endpoint") || haystack.includes("err_pnpm_audit") || haystack.includes("audit endpoint");
+};
 const tryPnpmOverrides = async (rootDir, onProgress) => {
 	onProgress?.("Dependency audit fixes · running pnpm audit");
 	const auditResult = await runSubprocess("pnpm", ["audit", "--json"], {
 		cwd: rootDir,
 		timeout: AUDIT_TIMEOUT
 	});
-	if (!auditResult.stdout) return;
+	if (!auditResult.stdout) {
+		if (isPnpmAuditRetired(auditResult.stdout ?? "", auditResult.stderr ?? "")) return false;
+		return auditResult.exitCode === 0;
+	}
 	let parsed;
 	try {
 		parsed = JSON.parse(auditResult.stdout);
 	} catch {
-		return;
+		if (auditResult.exitCode !== 0 || isPnpmAuditRetired(auditResult.stdout, auditResult.stderr ?? "")) return false;
+		return true;
 	}
 	const advisories = parsed.advisories;
-	if (!advisories || Object.keys(advisories).length === 0) return;
+	if (!advisories || Object.keys(advisories).length === 0) return true;
 	const overrides = collectPnpmOverrides(advisories);
-	if (Object.keys(overrides).length === 0) return;
+	if (Object.keys(overrides).length === 0) return true;
 	const pkgPath = path.join(rootDir, "package.json");
 	const pkg = JSON.parse(fs.readFileSync(pkgPath, "utf-8"));
 	const pnpmBlock = pkg.pnpm ?? {};
@@ -6039,6 +6109,7 @@ const tryPnpmOverrides = async (rootDir, onProgress) => {
 		cwd: rootDir,
 		timeout: INSTALL_TIMEOUT
 	});
+	return true;
 };
 const fixExpoDependencies = async (context, onProgress) => {
 	await removeDisallowedExpoPackages(context.rootDirectory, onProgress);
@@ -6064,6 +6135,10 @@ const fixExpoDependencies = async (context, onProgress) => {
 	});
 	if (checkResult.exitCode !== 0) throw new Error(checkResult.stderr || checkResult.stdout || "expo dependency check failed");
 };
+/**
+* Run expo-doctor to detect packages that should not be installed directly,
+* then uninstall them. No hardcoded list — expo-doctor is the source of truth.
+*/
 const removeDisallowedExpoPackages = async (rootDir, onProgress) => {
 	try {
 		onProgress?.("Expo dependency alignment · running expo-doctor");

package/dist/{json-D_i2_5_-.js → json-DcE9soYJ.js}

@@ -1,4 +1,4 @@
-import { n as ENGINE_INFO, t as APP_VERSION } from "./version-CIlgPf8Q.js";
+import { n as ENGINE_INFO, t as APP_VERSION } from "./version-C2lM_2fE.js";
 
 //#region src/output/json.ts
 const buildJsonOutput = (results, scoreResult, fileCount, elapsedMs) => {

package/dist/{version-CIlgPf8Q.js → version-C2lM_2fE.js}

@@ -33,7 +33,7 @@ const getEngineLabel = (engine) => ENGINE_INFO[engine].label;
 * Application version — injected at build time by tsdown from package.json.
 * The fallback should always match the "version" field in package.json.
 */
-const APP_VERSION = "0.5.1";
+const APP_VERSION = "0.6.0";
 
 //#endregion
 export { ENGINE_INFO as n, getEngineLabel as r, APP_VERSION as t };

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "aislop",
-	"version": "0.5.1",
+	"version": "0.6.0",
 	"description": "Stop AI slop from shipping. A unified code quality CLI that catches the lazy patterns AI coding tools leave behind.",
 	"type": "module",
 	"bin": {
@@ -47,13 +47,13 @@
 	],
 	"author": "heavykenny",
 	"license": "MIT",
-	"homepage": "https://github.com/heavykenny/aislop#readme",
+	"homepage": "https://github.com/scanaislop/aislop#readme",
 	"repository": {
 		"type": "git",
-		"url": "git+https://github.com/heavykenny/aislop.git"
+		"url": "git+https://github.com/scanaislop/aislop.git"
 	},
 	"bugs": {
-		"url": "https://github.com/heavykenny/aislop/issues"
+		"url": "https://github.com/scanaislop/aislop/issues"
 	},
 	"engines": {
 		"node": ">=20"

package/scripts/postinstall-tools.mjs

@@ -70,8 +70,8 @@ const TOOL_DEFINITIONS = [
 const isWindows = process.platform === "win32";
 const withExecutableExtension = (name) => (isWindows ? `${name}.exe` : name);
 
-const info = (message) => console.log(`[aislop] ${message}`);
-const warn = (message) => console.warn(`[aislop] ${message}`);
+const info = (message) => console.error(`[aislop] ${message}`);
+const warn = (message) => console.error(`[aislop] ${message}`);
 
 const downloadFile = async (url, destination) => {
 	const response = await fetch(url, {