datagrok-tools 4.14.70 → 4.14.71

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/CHANGELOG.md +14 -0
  2. package/bin/commands/check.js +35 -0
  3. package/package.json +1 -1
package/CHANGELOG.md CHANGED
@@ -1,5 +1,19 @@
1
1
  # Datagrok-tools changelog
2
2
 
3
+ ## 4.14.71 (2026-01-10)
4
+
5
+ ### Features
6
+
7
+ * Grok Check: Added validation to restrict datagrok-api imports to public API paths only (GROK-19504)
8
+ * Only allows imports from 'datagrok-api/dg', 'datagrok-api/grok', 'datagrok-api/ui'
9
+ * Rejects deep imports like 'datagrok-api/dg/events' or 'datagrok-api/src/...'
10
+ * Validates both import and export statements
11
+
12
+ ### Bug Fixes
13
+
14
+ * Fixed invalid datagrok-api imports in UsageAnalysis, ChatGPT, and PowerPack packages
15
+
16
+
3
17
  ## 4.14.70 (2026-01-10)
4
18
 
5
19
  ### Bug Fixes
package/bin/commands/check.js CHANGED
@@ -6,6 +6,7 @@ Object.defineProperty(exports, "__esModule", {
6
6
  });
7
7
  exports.check = check;
8
8
  exports.checkChangelog = checkChangelog;
9
+ exports.checkDatagrokApiImports = checkDatagrokApiImports;
9
10
  exports.checkFuncSignatures = checkFuncSignatures;
10
11
  exports.checkImportStatements = checkImportStatements;
11
12
  exports.checkNpmIgnore = checkNpmIgnore;
@@ -66,6 +67,7 @@ function runChecks(packagePath, soft = false, noExit = false) {
66
67
  externals = extractExternals(content);
67
68
  if (externals) errors.push(...checkImportStatements(packagePath, jsTsFiles, externals));
68
69
  }
70
+ errors.push(...checkDatagrokApiImports(packagePath, jsTsFiles));
69
71
  if (!soft) errors.push(...checkSourceMap(packagePath));
70
72
  errors.push(...checkNpmIgnore(packagePath));
71
73
  warnings.push(...checkScriptNames(packagePath));
@@ -157,6 +159,39 @@ function checkImportStatements(packagePath, files, externals) {
157
159
  }
158
160
  return warnings;
159
161
  }
162
+ function checkDatagrokApiImports(packagePath, files) {
163
+ const errors = [];
164
+
165
+ // Regex to find all datagrok-api imports/exports (including re-exports)
166
+ const datagrokApiImportRegex = /^\s*(import|export)\s+.*['"]datagrok-api\/[^'"]+['"]/gm;
167
+
168
+ // Regex to validate if import/export is allowed (only dg, grok, ui)
169
+ const allowedImportRegex = /^\s*(import|export)\s+.*['"]datagrok-api\/(dg|grok|ui)['"]/;
170
+
171
+ // Regex to extract the import path for error messages
172
+ const importPathRegex = /['"]datagrok-api\/([^'"]+)['"]/;
173
+ for (const file of files) {
174
+ const content = _fs.default.readFileSync(_path.default.join(packagePath, file), {
175
+ encoding: 'utf-8'
176
+ });
177
+ const matchedImports = content.match(datagrokApiImportRegex);
178
+ if (matchedImports) {
179
+ for (const match of matchedImports) {
180
+ // Check if this import/export is allowed
181
+ if (!allowedImportRegex.test(match)) {
182
+ // Extract the problematic path for error message
183
+ const pathMatch = match.match(importPathRegex);
184
+ const importedPath = pathMatch ? `datagrok-api/${pathMatch[1]}` : 'unknown';
185
+ errors.push(`File "${file}": Invalid datagrok-api import.
186
+ ` + ` Found: ${match.trim()}
187
+ ` + ` Only these paths are allowed: 'datagrok-api/dg', 'datagrok-api/grok', 'datagrok-api/ui'
188
+ ` + ` Deep imports like '${importedPath}' are not permitted.`);
189
+ }
190
+ }
191
+ }
192
+ }
193
+ return errors;
194
+ }
160
195
  const TYPE_ALIASES = {
161
196
  file: ['fileinfo'],
162
197
  dynamic: ['searchprovider']
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "datagrok-tools",
3
- "version": "4.14.70",
3
+ "version": "4.14.71",
4
4
  "description": "Utility to upload and publish packages to Datagrok",
5
5
  "homepage": "https://github.com/datagrok-ai/public/tree/master/tools#readme",
6
6
  "dependencies": {