auto-cr-rules 2.0.63 → 2.0.66

package/README.md

@@ -43,6 +43,9 @@ Common flags:
 - `--language <zh|en>`: Switch CLI output language (defaults to auto-detection).
 - `--rule-dir <directory>`: Load additional custom rules from a directory or package.
 - `--output <text|json>`: Choose between human-friendly text logs or structured JSON results (defaults to `text`).
+- `--config <path>`: Point to a `.autocrrc.json` or `.autocrrc.js` file to enable/disable rules.
+- `--ignore-path <path>`: Point to a `.autocrignore.json` or `.autocrignore.js` file to exclude files/directories from scanning.
+- `--tsconfig <path>`: Use a custom `tsconfig.json` (defaults to `<cwd>/tsconfig.json`).
 - `--help`: Display the full command reference.
 
 Sample output:
@@ -108,6 +111,45 @@ npx auto-cr-cmd --output json -- ./src | jq
 }
 ```
 
+## Configuration (.autocrrc)
+
+- Place `.autocrrc.json` or `.autocrrc.js` in your repo root (search order as listed). Use `--config <path>` to point elsewhere.
+- `rules` accepts `off | warning | error | optimizing | true/false | 0/1/2`; unspecified rules keep their default severity.
+
+```jsonc
+// .autocrrc.json
+{
+  "rules": {
+    "no-deep-relative-imports": "error",
+    "no-swallowed-errors": "off"
+  }
+}
+```
+
+### Ignore paths (.autocrignore)
+
+- Place `.autocrignore.json` or `.autocrignore.js` in repo root (search order as listed), or pass `--ignore-path <file>`.
+- Supports glob patterns (picomatch) via JSON/JS arrays (`{ ignore: [...] }`).
+
+```js
+// .autocrignore.js
+module.exports = {
+  ignore: ['node_modules', 'dist/**', '**/*.test.ts', 'public/**']
+}
+```
+
+```json
+// .autocrignore.json
+{
+  "ignore": [
+    "node_modules",
+    "dist/**",
+    "**/*.test.ts",
+    "public/**"
+  ]
+}
+```
+
 ## Writing Custom Rules
 
 The CLI consumes rules from the `auto-cr-rules` package by default, and you can extend it with your own logic.

package/README.zh-CN.md

@@ -43,6 +43,9 @@ npx auto-cr-cmd --language zh [需要扫描的代码目录]
 - `--language <zh|en>`：切换 CLI 输出语言（默认为自动检测）。
 - `--rule-dir <directory>`：加载额外的自定义规则目录或包。
 - `--output <text|json>`：选择输出格式，`text` 为友好的终端日志，`json` 用于集成脚本（默认为 `text`）。
+- `--config <path>`：指定 `.autocrrc.json` 或 `.autocrrc.js` 配置文件路径，用于开启/关闭规则。
+- `--ignore-path <path>`：指定 `.autocrignore.json` 或 `.autocrignore.js` 忽略文件路径，用于排除扫描。
+- `--tsconfig <path>`：指定自定义 `tsconfig.json` 路径（默认读取 `<cwd>/tsconfig.json`）。
 - `--help`：查看完整命令说明。
 
 示例输出：
@@ -108,6 +111,55 @@ npx auto-cr-cmd --output json -- ./src | jq
 }
 ```
 
+## 配置（.autocrrc）
+
+- 在仓库根目录放置 `.autocrrc.json` 或 `.autocrrc.js`（按此顺序查找）；如需放在其他位置，可通过 `--config <path>` 指定。
+- `rules` 支持的值：`off | warning | error | optimizing | true/false | 0/1/2`，未写明的规则沿用默认严重级别。
+
+```jsonc
+// .autocrrc.json
+{
+  "rules": {
+    "no-deep-relative-imports": "error",
+    "no-swallowed-errors": "off"
+  }
+}
+```
+
+### 忽略文件（.autocrignore）
+
+- 在仓库根目录放置 `.autocrignore.json` 或 `.autocrignore.js`（按此顺序查找），或通过 `--ignore-path <file>` 指定自定义路径。
+- 仅支持 JSON/JS 写法，基于 picomatch 的 glob 模式，数组键为 `ignore`。
+
+```js
+// .autocrignore.js
+module.exports = {
+  ignore: ['node_modules', 'dist/**', '**/*.test.ts', 'public/**']
+}
+```
+
+```json
+// .autocrignore.json
+{
+  "ignore": [
+    "node_modules",
+    "dist/**",
+    "**/*.test.ts",
+    "public/**"
+  ]
+}
+```
+
+```js
+// .autocrrc.js
+module.exports = {
+  rules: {
+    'no-swallowed-errors': 'warning', // 覆盖严重级别
+    'no-deep-relative-imports': true  // 保持规则默认严重级别
+  }
+}
+```
+
 ## 编写自定义规则
 
 CLI 默认使用 `auto-cr-rules` 包提供的规则，你也可以扩展自己的逻辑。

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "auto-cr-rules",
-  "version": "2.0.63",
+  "version": "2.0.66",
   "description": "Extensible static analysis rule set for the auto-cr automated code review toolkit",
   "main": "dist/index.js",
   "types": "dist/types/index.d.ts",

package/dist/rules/missingAsyncCleanup.js

@@ -1,113 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.missingAsyncCleanup = void 0;
-var types_1 = require("../types");
-var isIdentifier = function (node, name) {
-    return node.type === 'Identifier' && node.value === name;
-};
-var isMemberExpressionWithIdentifier = function (node, name) {
-    if (node.type !== 'MemberExpression') {
-        return false;
-    }
-    if (node.property.type === 'Identifier' && node.property.value === name) {
-        return true;
-    }
-    return false;
-};
-var createMetrics = function () { return ({
-    setInterval: {
-        api: 'setInterval',
-        cleanup: 'clearInterval',
-        calls: [],
-        cleanupCount: 0,
-        codeSample: 'setInterval(() => {/* ... */}, delay)',
-    },
-    addEventListener: {
-        api: 'addEventListener',
-        cleanup: 'removeEventListener',
-        calls: [],
-        cleanupCount: 0,
-        codeSample: 'target.addEventListener("type", handler)',
-    },
-}); };
-function isTargetedCall(callee, name) {
-    return isIdentifier(callee, name) || isMemberExpressionWithIdentifier(callee, name);
-}
-function visit(node, cb) {
-    var _a;
-    if (!node) {
-        return;
-    }
-    if (Array.isArray(node)) {
-        node.forEach(function (child) { return visit(child, cb); });
-        return;
-    }
-    if (typeof node !== 'object') {
-        return;
-    }
-    var candidate = node;
-    if (candidate.type === 'CallExpression') {
-        cb(candidate);
-        var call = candidate;
-        visit(call.callee, cb);
-        if (call.arguments) {
-            for (var _i = 0, _b = call.arguments; _i < _b.length; _i++) {
-                var arg = _b[_i];
-                visit((_a = arg.expression) !== null && _a !== void 0 ? _a : arg, cb);
-            }
-        }
-        if (call.typeArguments) {
-            visit(call.typeArguments, cb);
-        }
-        return;
-    }
-    for (var _c = 0, _d = Object.values(candidate); _c < _d.length; _c++) {
-        var value = _d[_c];
-        visit(value, cb);
-    }
-}
-exports.missingAsyncCleanup = (0, types_1.defineRule)('require-cleanup-for-async-effects', { tag: 'base', severity: types_1.RuleSeverity.Warning }, function (_a) {
-    var ast = _a.ast, helpers = _a.helpers, language = _a.language, messages = _a.messages;
-    var metrics = createMetrics();
-    visit(ast, function (call) {
-        var callee = call.callee;
-        if (isTargetedCall(callee, 'setInterval')) {
-            metrics.setInterval.calls.push(call);
-            return;
-        }
-        if (isTargetedCall(callee, 'clearInterval')) {
-            metrics.setInterval.cleanupCount += 1;
-            return;
-        }
-        if (isTargetedCall(callee, 'addEventListener')) {
-            metrics.addEventListener.calls.push(call);
-            return;
-        }
-        if (isTargetedCall(callee, 'removeEventListener')) {
-            metrics.addEventListener.cleanupCount += 1;
-            return;
-        }
-    });
-    var suggestionsByLanguage = language === 'zh'
-        ? [
-            { text: '在 useEffect 的返回函数或组件卸载时调用对应的清理函数。' },
-            { text: '确保自定义 Hook 在调用组件卸载时执行 clearInterval/removeEventListener。' },
-        ]
-        : [
-            { text: 'Return a cleanup function from useEffect to clear timers or listeners.' },
-            { text: 'Ensure custom hooks expose a teardown that calls clearInterval/removeEventListener.' },
-        ];
-    Object.values(metrics).forEach(function (metric) {
-        if (metric.calls.length === 0 || metric.cleanupCount > 0) {
-            return;
-        }
-        var description = messages.missingAsyncCleanup({ api: metric.api, cleanup: metric.cleanup });
-        var firstCall = metric.calls[0];
-        helpers.reportViolation({
-            description: description,
-            code: metric.codeSample,
-            suggestions: suggestionsByLanguage,
-            span: firstCall.span,
-        }, firstCall.span);
-    });
-});

package/dist/rules/noUnsafeDangerouslySetInnerHTML.js

@@ -1,101 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.noUnsafeDangerouslySetInnerHTML = void 0;
-var types_1 = require("../types");
-var ATTRIBUTE_NAME = 'dangerouslySetInnerHTML';
-var HTML_KEY = '__html';
-var isIdentifierAttribute = function (attribute, name) {
-    return attribute.name.type === 'Identifier' && attribute.name.value === name;
-};
-var isTrustedLiteral = function (expression) {
-    if (expression.type === 'StringLiteral') {
-        return true;
-    }
-    if (expression.type === 'TemplateLiteral') {
-        var template = expression;
-        return template.expressions.length === 0;
-    }
-    return false;
-};
-var extractHtmlExpression = function (attribute) {
-    if (!attribute.value) {
-        return null;
-    }
-    if (attribute.value.type === 'StringLiteral') {
-        return attribute.value;
-    }
-    if (attribute.value.type !== 'JSXExpressionContainer') {
-        return null;
-    }
-    var container = attribute.value;
-    var expression = container.expression;
-    if (!expression || expression.type === 'JSXEmptyExpression') {
-        return null;
-    }
-    if (expression.type === 'ObjectExpression') {
-        for (var _i = 0, _a = expression.properties; _i < _a.length; _i++) {
-            var property = _a[_i];
-            if (property.type !== 'KeyValueProperty') {
-                continue;
-            }
-            var key = property.key;
-            var keyName = key.type === 'Identifier'
-                ? key.value
-                : key.type === 'StringLiteral'
-                    ? key.value
-                    : null;
-            if (keyName === HTML_KEY) {
-                return property.value;
-            }
-        }
-        return expression;
-    }
-    return expression;
-};
-var visit = function (node, callback) {
-    if (!node) {
-        return;
-    }
-    if (Array.isArray(node)) {
-        node.forEach(function (child) { return visit(child, callback); });
-        return;
-    }
-    if (typeof node !== 'object') {
-        return;
-    }
-    var candidate = node;
-    if (candidate.type === 'JSXAttribute') {
-        callback(candidate);
-    }
-    for (var _i = 0, _a = Object.values(candidate); _i < _a.length; _i++) {
-        var value = _a[_i];
-        visit(value, callback);
-    }
-};
-exports.noUnsafeDangerouslySetInnerHTML = (0, types_1.defineRule)('no-unsafe-dangerously-set-inner-html', { tag: 'security', severity: types_1.RuleSeverity.Error }, function (_a) {
-    var ast = _a.ast, helpers = _a.helpers, language = _a.language, messages = _a.messages;
-    visit(ast, function (attribute) {
-        if (!isIdentifierAttribute(attribute, ATTRIBUTE_NAME)) {
-            return;
-        }
-        var expression = extractHtmlExpression(attribute);
-        if (expression && isTrustedLiteral(expression)) {
-            return;
-        }
-        var suggestions = language === 'zh'
-            ? [
-                { text: '优先使用经过消毒的 HTML（例如 DOMPurify.sanitize）。' },
-                { text: '避免直接渲染来自外部或用户输入的字符串。' },
-            ]
-            : [
-                { text: 'Sanitize the HTML string before passing it in (e.g. DOMPurify.sanitize).' },
-                { text: 'Avoid rendering user-generated strings with dangerouslySetInnerHTML.' },
-            ];
-        helpers.reportViolation({
-            description: messages.unsafeDangerouslySetInnerHTML(),
-            code: ATTRIBUTE_NAME,
-            suggestions: suggestions,
-            span: attribute.span,
-        });
-    });
-});

package/dist/types/rules/missingAsyncCleanup.d.ts

@@ -1 +0,0 @@
-export declare const missingAsyncCleanup: import("../types").Rule;

package/dist/types/rules/noUnsafeDangerouslySetInnerHTML.d.ts

@@ -1 +0,0 @@
-export declare const noUnsafeDangerouslySetInnerHTML: import("../types").Rule;