npm - eslint-plugin-traceability - Versions diffs - 1.8.0 → 1.8.2 - Mend

eslint-plugin-traceability 1.8.0 → 1.8.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (110) hide show

package/CHANGELOG.md +5 -5
package/README.md +28 -29
package/SECURITY.md +135 -0
package/lib/src/index.d.ts +6 -35
package/lib/src/index.js +8 -5
package/lib/src/maintenance/cli.js +12 -16
package/lib/src/maintenance/detect.js +28 -1
package/lib/src/rules/helpers/require-story-io.d.ts +2 -2
package/lib/src/rules/helpers/require-story-io.js +13 -13
package/lib/src/rules/helpers/valid-annotation-format-internal.d.ts +2 -2
package/lib/src/rules/helpers/valid-annotation-format-internal.js +3 -3
package/lib/src/rules/helpers/valid-annotation-utils.d.ts +5 -0
package/lib/src/rules/helpers/valid-annotation-utils.js +43 -5
package/lib/src/rules/helpers/valid-implements-utils.d.ts +11 -11
package/lib/src/rules/helpers/valid-implements-utils.js +11 -11
package/lib/src/rules/helpers/valid-story-reference-helpers.js +19 -0
package/lib/src/rules/prefer-implements-annotation.d.ts +7 -7
package/lib/src/rules/prefer-implements-annotation.js +21 -21
package/lib/src/rules/valid-annotation-format.js +50 -24
package/lib/src/rules/valid-req-reference.js +9 -9
package/lib/src/utils/annotation-checker.js +3 -1
package/lib/src/utils/reqAnnotationDetection.d.ts +2 -2
package/lib/src/utils/reqAnnotationDetection.js +28 -28
package/lib/tests/config/flat-config-presets-integration.test.d.ts +1 -0
package/lib/tests/config/flat-config-presets-integration.test.js +75 -0
package/lib/tests/maintenance/batch.test.js +11 -11
package/lib/tests/maintenance/cli.test.js +34 -27
package/lib/tests/maintenance/report.test.js +7 -7
package/lib/tests/plugin-default-export-and-configs.test.js +0 -2
package/lib/tests/rules/prefer-implements-annotation.test.js +48 -15
package/lib/tests/rules/require-branch-annotation.test.js +15 -36
package/lib/tests/rules/require-req-annotation.test.js +31 -104
package/lib/tests/rules/require-story-annotation.test.js +3 -3
package/lib/tests/rules/require-story-io-behavior.test.js +2 -7
package/lib/tests/rules/require-story-io.edgecases.test.js +2 -7
package/lib/tests/rules/require-story-visitors-edgecases.test.js +8 -8
package/lib/tests/rules/valid-annotation-format.test.js +23 -23
package/lib/tests/rules/valid-req-reference.test.js +9 -9
package/lib/tests/rules/valid-story-reference.test.js +4 -43
package/lib/tests/utils/annotation-checker.test.js +2 -6
package/lib/tests/utils/fsTestHelpers.d.ts +7 -0
package/lib/tests/utils/fsTestHelpers.js +26 -0
package/lib/tests/utils/ioTestHelpers.d.ts +7 -0
package/lib/tests/utils/ioTestHelpers.js +24 -0
package/lib/tests/utils/temp-dir-helpers.d.ts +14 -0
package/lib/tests/utils/temp-dir-helpers.js +61 -0
package/package.json +8 -7
package/user-docs/api-reference.md +37 -20
package/user-docs/eslint-9-setup-guide.md +89 -6
package/user-docs/migration-guide.md +37 -21
package/docs/ci-cd-pipeline.md +0 -224
package/docs/cli-integration.md +0 -22
package/docs/code-quality-refactor-opportunities-2025-12-03.md +0 -78
package/docs/config-presets.md +0 -38
package/docs/conventional-commits-guide.md +0 -185
package/docs/custom-rules-development-guide.md +0 -659
package/docs/decisions/0001-allow-dynamic-require-for-built-plugins.md +0 -26
package/docs/decisions/001-typescript-for-eslint-plugin.accepted.md +0 -111
package/docs/decisions/002-jest-for-eslint-testing.accepted.md +0 -137
package/docs/decisions/003-code-quality-ratcheting-plan.md +0 -48
package/docs/decisions/004-automated-version-bumping-for-ci-cd.md +0 -196
package/docs/decisions/005-github-actions-validation-tooling.accepted.md +0 -144
package/docs/decisions/006-semantic-release-for-automated-publishing.accepted.md +0 -227
package/docs/decisions/007-github-releases-over-changelog.accepted.md +0 -216
package/docs/decisions/008-ci-audit-flags.accepted.md +0 -60
package/docs/decisions/009-security-focused-lint-rules.accepted.md +0 -64
package/docs/decisions/010-implements-annotation-for-multi-story-requirements.proposed.md +0 -184
package/docs/decisions/adr-0001-console-usage-for-cli-guards.md +0 -190
package/docs/decisions/adr-accept-dev-dep-risk-glob.md +0 -40
package/docs/decisions/adr-commit-branch-tests.md +0 -54
package/docs/decisions/adr-maintenance-cli-interface.md +0 -140
package/docs/decisions/adr-pre-push-parity.md +0 -112
package/docs/decisions/code-quality-ratcheting-plan.md +0 -53
package/docs/dependency-health.md +0 -238
package/docs/eslint-9-setup-guide.md +0 -517
package/docs/eslint-plugin-development-guide.md +0 -487
package/docs/functionality-coverage-2025-12-03.md +0 -250
package/docs/jest-testing-guide.md +0 -100
package/docs/rules/prefer-implements-annotation.md +0 -219
package/docs/rules/require-branch-annotation.md +0 -71
package/docs/rules/require-req-annotation.md +0 -203
package/docs/rules/require-story-annotation.md +0 -159
package/docs/rules/valid-annotation-format.md +0 -418
package/docs/rules/valid-req-reference.md +0 -153
package/docs/rules/valid-story-reference.md +0 -120
package/docs/security-incidents/2025-11-17-glob-cli-incident.md +0 -45
package/docs/security-incidents/2025-11-18-brace-expansion-redos.md +0 -45
package/docs/security-incidents/2025-11-18-bundled-dev-deps-accepted-risk.md +0 -93
package/docs/security-incidents/2025-11-18-tar-race-condition.md +0 -43
package/docs/security-incidents/2025-12-03-dependency-health-review.md +0 -58
package/docs/security-incidents/SECURITY-INCIDENT-2025-11-18-semantic-release-bundled-npm.known-error.md +0 -104
package/docs/security-incidents/SECURITY-INCIDENT-TEMPLATE.md +0 -37
package/docs/security-incidents/dependency-override-rationale.md +0 -57
package/docs/security-incidents/dev-deps-high.json +0 -116
package/docs/security-incidents/handling-procedure.md +0 -54
package/docs/stories/001.0-DEV-PLUGIN-SETUP.story.md +0 -92
package/docs/stories/002.0-DEV-ESLINT-CONFIG.story.md +0 -82
package/docs/stories/003.0-DEV-FUNCTION-ANNOTATIONS.story.md +0 -112
package/docs/stories/004.0-DEV-BRANCH-ANNOTATIONS.story.md +0 -153
package/docs/stories/005.0-DEV-ANNOTATION-VALIDATION.story.md +0 -138
package/docs/stories/006.0-DEV-FILE-VALIDATION.story.md +0 -144
package/docs/stories/007.0-DEV-ERROR-REPORTING.story.md +0 -163
package/docs/stories/008.0-DEV-AUTO-FIX.story.md +0 -150
package/docs/stories/009.0-DEV-MAINTENANCE-TOOLS.story.md +0 -117
package/docs/stories/010.0-DEV-DEEP-VALIDATION.story.md +0 -124
package/docs/stories/010.1-DEV-CONFIGURABLE-PATTERNS.story.md +0 -149
package/docs/stories/010.2-DEV-MULTI-STORY-SUPPORT.story.md +0 -216
package/docs/stories/010.3-DEV-MIGRATE-TO-IMPLEMENTS.story.md +0 -236
package/docs/stories/developer-story.map.md +0 -120
package/docs/ts-jest-presets-guide.md +0 -548

package/docs/eslint-plugin-development-guide.md DELETED Viewed

@@ -1,487 +0,0 @@
-# ESLint Plugin Development Guidance
-This document provides comprehensive guidance for developing ESLint plugins, specifically tailored for the eslint-plugin-traceability project. It's based on the official [ESLint plugin documentation](https://eslint.org/docs/latest/extend/plugins) and includes project-specific considerations.
-## Plugin Structure Overview
-An ESLint plugin is a JavaScript object that exposes specific properties to ESLint:
-- `meta` - information about the plugin
-- `configs` - an object containing named configurations
-- `rules` - an object containing custom rule definitions
-- `processors` - an object containing named processors
-## Basic Plugin Template
-```typescript
-// src/index.ts
-const plugin = {
-  meta: {
-    name: "eslint-plugin-traceability",
-    version: "1.0.0",
-    namespace: "traceability",
-  },
-  configs: {},
-  rules: {},
-  processors: {},
-};
-// for ESM source (compiled to CommonJS)
-export default plugin;
-```
-## Meta Data Requirements
-### Essential Meta Properties
-Every plugin should include meta information for debugging and caching:
-```typescript
-const plugin = {
-  meta: {
-    name: "eslint-plugin-traceability", // npm package name
-    version: "1.0.0", // npm package version
-    namespace: "traceability", // prefix for rules/configs
-  },
-  // ... other properties
-};
-```
-### Reading from package.json
-For maintainability, read name and version from package.json:
-```typescript
-import fs from "fs";
-import { fileURLToPath } from "url";
-import { dirname, join } from "path";
-const __filename = fileURLToPath(import.meta.url);
-const __dirname = dirname(__filename);
-const pkg = JSON.parse(
-  fs.readFileSync(join(__dirname, "../package.json"), "utf8"),
-);
-const plugin = {
-  meta: {
-    name: pkg.name,
-    version: pkg.version,
-    namespace: "traceability",
-  },
-  // ... other properties
-};
-```
-## Rule Development
-### Rule Structure
-Rules are the core functionality of an ESLint plugin:
-```typescript
-const plugin = {
-  meta: {
-    name: "eslint-plugin-traceability",
-    version: "1.0.0",
-    namespace: "traceability",
-  },
-  rules: {
-    "require-story-annotation": {
-      meta: {
-        type: "problem",
-        docs: {
-          description: "require @story annotations on functions",
-          category: "Traceability",
-          recommended: true,
-        },
-        schema: [
-          {
-            type: "object",
-            properties: {
-              // rule options
-            },
-            additionalProperties: false,
-          },
-        ],
-        messages: {
-          missingStory: "Function '{{name}}' is missing @story annotation",
-          invalidStoryFormat: "@story annotation format is invalid: {{format}}",
-        },
-      },
-      create(context) {
-        return {
-          FunctionDeclaration(node) {
-            // rule implementation
-          },
-        };
-      },
-    },
-  },
-};
-```
-### Rule Implementation Guidelines
-1. **Use TypeScript for type safety**: Leverage @typescript-eslint/utils for AST manipulation
-2. **Clear error messages**: Provide helpful, actionable error messages
-3. **Configurable options**: Allow users to customize rule behavior
-4. **Performance**: Avoid expensive operations in visitors
-5. **Testing**: Use ESLint's RuleTester for comprehensive testing
-### AST Node Handling
-When working with AST nodes, use TypeScript for safety:
-```typescript
-import { TSESTree } from "@typescript-eslint/utils";
-function checkFunctionAnnotation(node: TSESTree.FunctionDeclaration) {
-  // Type-safe AST manipulation
-  if (node.id?.name) {
-    // Check for @story annotation in comments
-  }
-}
-```
-## Configuration Presets
-### Recommended Configuration
-Provide a recommended configuration for common use cases:
-```typescript
-const plugin = {
-  // ... meta and rules
-  configs: {},
-};
-// Assign configs after plugin definition to reference plugin
-Object.assign(plugin.configs, {
-  recommended: [
-    {
-      plugins: {
-        traceability: plugin,
-      },
-      rules: {
-        "traceability/require-story-annotation": "error",
-        "traceability/require-req-annotation": "error",
-        "traceability/valid-story-reference": "error",
-        "traceability/valid-req-reference": "error",
-      },
-    },
-  ],
-  strict: [
-    {
-      plugins: {
-        traceability: plugin,
-      },
-      rules: {
-        "traceability/require-story-annotation": "error",
-        "traceability/require-req-annotation": "error",
-        "traceability/valid-story-reference": "error",
-        "traceability/valid-req-reference": "error",
-        "traceability/require-branch-annotation": "error",
-      },
-    },
-  ],
-});
-```
-### Configuration Usage
-Users can extend configurations in their eslint.config.js:
-```javascript
-// eslint.config.js
-import { defineConfig } from "eslint/config";
-import traceability from "eslint-plugin-traceability";
-export default defineConfig([
-  {
-    files: ["src/**/*.{js,ts}"],
-    plugins: {
-      traceability,
-    },
-    extends: ["traceability/recommended"],
-  },
-]);
-```
-## Testing Strategy
-### Using ESLint's RuleTester
-```typescript
-// tests/rules/require-story-annotation.test.ts
-import { RuleTester } from "eslint";
-import rule from "../../src/rules/require-story-annotation";
-const ruleTester = new RuleTester({
-  parser: require.resolve("@typescript-eslint/parser"),
-  parserOptions: {
-    ecmaVersion: 2020,
-    sourceType: "module",
-  },
-});
-ruleTester.run("require-story-annotation", rule, {
-  valid: [
-    {
-      code: `
-        /**
-         * @story docs/stories/001.0-DEV-EXAMPLE.story.md
-         * @req REQ-EXAMPLE
-         */
-        function validFunction() {}
-      `,
-    },
-  ],
-  invalid: [
-    {
-      code: `function invalidFunction() {}`,
-      errors: [
-        {
-          messageId: "missingStory",
-          data: { name: "invalidFunction" },
-        },
-      ],
-    },
-  ],
-});
-```
-### Test Organization
-- **Unit tests**: Test individual rules in isolation
-- **Integration tests**: Test plugin loading and configuration
-- **File system tests**: Test file reference validation (use temporary directories)
-## Project-Specific Considerations
-### File System Integration
-For validating @story references to actual files:
-```typescript
-import fs from "fs/promises";
-import path from "path";
-async function validateStoryFile(
-  storyPath: string,
-  context: any,
-): Promise<boolean> {
-  try {
-    const fullPath = path.resolve(context.getCwd(), storyPath);
-    // Check file exists
-    await fs.access(fullPath);
-    // Check file extension
-    if (!fullPath.endsWith(".story.md")) {
-      return false;
-    }
-    return true;
-  } catch {
-    return false;
-  }
-}
-```
-### Requirement Reference Validation
-For validating @req references within story files:
-```typescript
-async function validateRequirement(
-  storyPath: string,
-  reqId: string,
-): Promise<boolean> {
-  try {
-    const content = await fs.readFile(storyPath, "utf8");
-    // Look for requirement ID in story content
-    const reqPattern = new RegExp(`\\*\\*${reqId}\\*\\*:`, "g");
-    return reqPattern.test(content);
-  } catch {
-    return false;
-  }
-}
-```
-### Configuration Options
-Allow users to customize behavior:
-```typescript
-interface RuleOptions {
-  storyFilePattern?: string; // Default: "**/*.story.md"
-  requirementPattern?: string; // Default: "REQ-*"
-  excludePatterns?: string[]; // Files to exclude
-  includePrivateFunctions?: boolean; // Default: false
-}
-```
-## Build and Distribution
-### TypeScript Configuration
-Configure TypeScript to output CommonJS for ESLint compatibility:
-```json
-// tsconfig.json
-{
-  "compilerOptions": {
-    "target": "ES2020",
-    "module": "commonjs",
-    "moduleResolution": "node",
-    "declaration": true,
-    "outDir": "./lib",
-    "strict": true
-  },
-  "include": ["src/**/*"],
-  "exclude": ["node_modules", "lib", "tests"]
-}
-```
-### Package.json Configuration
-Essential package.json settings for ESLint plugins:
-```json
-{
-  "name": "eslint-plugin-traceability",
-  "version": "1.0.0",
-  "description": "ESLint plugin for enforcing code traceability annotations",
-  "main": "lib/index.js",
-  "types": "lib/index.d.ts",
-  "keywords": ["eslint", "eslintplugin", "eslint-plugin", "traceability"],
-  "peerDependencies": {
-    "eslint": ">=9.0.0"
-  },
-  "engines": {
-    "node": ">=18.0.0"
-  }
-}
-```
-## Development Workflow
-### Local Testing
-1. **Link locally**: Use `npm link` for local development
-2. **Test project**: Create a test project to verify plugin behavior
-3. **Rule tester**: Use ESLint's RuleTester for individual rule testing
-4. **Integration testing**: Test complete plugin configuration
-### Quality Checks
-Recommended linting for the plugin itself:
-```javascript
-// eslint.config.js (for the plugin project)
-import js from "@eslint/js";
-import typescript from "@typescript-eslint/eslint-plugin";
-import eslintPlugin from "eslint-plugin-eslint-plugin";
-export default [
-  js.configs.recommended,
-  {
-    plugins: {
-      "@typescript-eslint": typescript,
-      "eslint-plugin": eslintPlugin,
-    },
-    rules: {
-      // Plugin-specific linting rules
-    },
-  },
-];
-```
-## Performance Considerations
-### Efficient AST Traversal
-- **Minimal visitors**: Only register for needed node types
-- **Early returns**: Exit early when conditions aren't met
-- **Caching**: Cache expensive operations (file reads, regex compilation)
-- **Async handling**: Use proper async patterns for file operations
-### Memory Management
-- **Avoid global state**: Keep rule instances isolated
-- **Clean up resources**: Properly handle file handles and timers
-- **Limit recursion**: Avoid deep recursive operations
-## Documentation Requirements
-### Rule Documentation
-Each rule should have comprehensive documentation:
-```typescript
-const rule = {
-  meta: {
-    docs: {
-      description: "require @story annotations on functions",
-      category: "Traceability",
-      recommended: true,
-      url: "https://github.com/voder-ai/eslint-plugin-traceability#require-story-annotation",
-    },
-    // ... other meta properties
-  },
-  // ... rule implementation
-};
-```
-### README Structure
-Include in the plugin README:
-1. **Installation instructions**
-2. **Configuration examples**
-3. **Rule documentation**
-4. **Usage examples**
-5. **Troubleshooting guide**
-## Security Considerations
-### File System Access
-- **Validate paths**: Prevent directory traversal attacks
-- **Sanitize input**: Validate user-provided file patterns
-- **Limit scope**: Restrict file access to project directory
-### Input Validation
-- **Schema validation**: Use JSON Schema for rule options
-- **Type checking**: Leverage TypeScript for compile-time safety
-- **Runtime checks**: Validate configuration at runtime
-## Maintenance Guidelines
-### Version Management
-- **Semantic versioning**: Follow semver for releases
-- **Breaking changes**: Document breaking changes clearly
-- **Migration guides**: Provide upgrade instructions
-### Community Support
-- **Issue templates**: Provide clear bug report templates
-- **Contributing guide**: Document contribution process
-- **Code of conduct**: Establish community guidelines
----
-### Security and Dependency Tooling
-Plugin development in this repo is protected by the same security and dependency checks described in the main README. `npm run ci-verify:full` runs `npm audit --omit=dev --audit-level=high`, `npm run safety:deps`, and `npm run audit:dev-high`. These commands are executed both locally via Husky pre-push hooks and in CI, so contributors working on rules or plugin internals automatically benefit from the same security and dependency guarantees promised to end users.
-## Related Resources
-- [ESLint Plugin Development Guide](https://eslint.org/docs/latest/extend/plugins)
-- [ESLint Custom Rules](https://eslint.org/docs/latest/extend/custom-rules)
-- [@typescript-eslint/utils](https://typescript-eslint.io/packages/utils/)
-- [ESLint RuleTester](https://eslint.org/docs/latest/integrate/nodejs-api#ruletester)