npm - configsentry - Versions diffs - 0.0.27 → 0.0.28 - Mend

configsentry 0.0.27 → 0.0.28

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md CHANGED Viewed

@@ -102,6 +102,7 @@ Tip: for machine output use `--format json` / `--format sarif`.
 ## Docs
+- Proof in the wild (public repo tests): [`repo-tests/`](repo-tests/)
 - GitHub Action usage examples: [`docs/action-usage.md`](docs/action-usage.md)
 - Baselines (incremental adoption): [`docs/baselines.md`](docs/baselines.md)
 - Compatibility & scope: [`docs/compatibility.md`](docs/compatibility.md)

package/dist/rules.js CHANGED Viewed

@@ -263,6 +263,44 @@ export function runRules(compose, targetPath) {
                 });
             }
         }
+        // Rule: depends_on without healthchecks / service_healthy
+        // Compose nuance: service_healthy requires healthchecks and is not universally used.
+        // We keep this as a gentle reliability warning.
+        const dependsOn = svc?.depends_on;
+        if (dependsOn != null) {
+            // Collect dependency service names.
+            const deps = [];
+            if (Array.isArray(dependsOn)) {
+                for (const d of dependsOn)
+                    if (typeof d === 'string')
+                        deps.push(d);
+            }
+            else if (dependsOn && typeof dependsOn === 'object') {
+                for (const k of Object.keys(dependsOn))
+                    deps.push(k);
+            }
+            // Detect whether any condition: service_healthy is used.
+            let hasServiceHealthy = false;
+            if (dependsOn && typeof dependsOn === 'object' && !Array.isArray(dependsOn)) {
+                for (const v of Object.values(dependsOn)) {
+                    if (v && typeof v === 'object' && String(v.condition ?? '').toLowerCase() === 'service_healthy') {
+                        hasServiceHealthy = true;
+                    }
+                }
+            }
+            const depsMissingHealthchecks = deps.filter((d) => services?.[d]?.healthcheck == null);
+            if (depsMissingHealthchecks.length > 0 || !hasServiceHealthy) {
+                findings.push({
+                    id: 'compose.depends-on-without-health',
+                    title: 'depends_on without healthcheck gating',
+                    severity: 'low',
+                    message: `Service '${serviceName}' uses depends_on without robust healthcheck gating.`,
+                    service: serviceName,
+                    path: `${targetPath}#services.${serviceName}.depends_on`,
+                    suggestion: "Prefer adding healthchecks and (where supported) depends_on: { <svc>: { condition: service_healthy } } to avoid startup race conditions."
+                });
+            }
+        }
         // Rule: restart policy
         if (svc?.restart == null) {
             findings.push({

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "configsentry",
-  "version": "0.0.27",
+  "version": "0.0.28",
   "description": "Developer-first guardrails for docker-compose.yml (security + ops footguns).",
   "type": "module",
   "license": "MIT",