falsegreen-js 0.1.0 → 0.2.0

package/CHANGELOG.md

@@ -6,6 +6,15 @@ All notable changes to this project are documented here. The format is based on
 
 ## [Unreleased]
 
+## [0.2.0] - 2026-06-22
+
+### Added
+- D8 (opt-in diagnostic): magic number in an assertion - a bare numeric literal as
+  the expected value. The most frequent smell in LLM-generated tests (2410.10628).
+- JS15: inappropriate assertion - the comparison is wrapped in a boolean
+  (`expect(a === b).toBe(true)`), so the failure message is blind and the oracle
+  weak. Sourced from the xNose "Inappropriate Assertions" smell (Paul et al., 2024).
+
 ## [0.1.0] - 2026-06-22
 
 ### Added
@@ -36,5 +45,6 @@ All notable changes to this project are documented here. The format is based on
 - pre-commit hook (`.pre-commit-hooks.yaml`), CI matrix (Node 18/20/22), and an npm
   trusted-publishing release workflow.
 
-[Unreleased]: https://github.com/vinicq/falsegreen-js/compare/v0.1.0...HEAD
+[Unreleased]: https://github.com/vinicq/falsegreen-js/compare/v0.2.0...HEAD
+[0.2.0]: https://github.com/vinicq/falsegreen-js/compare/v0.1.0...v0.2.0
 [0.1.0]: https://github.com/vinicq/falsegreen-js/releases/tag/v0.1.0

package/README.md

@@ -82,6 +82,7 @@ line up in the research. `JS*` codes are ecosystem-specific.
 | JS9 | high | assertion in a dead branch (`if(false)` / `if(true){}else`) — never runs |
 | JS11 | low | `try/catch` swallows the assertion — a failing `expect` is caught, test stays green |
 | JS13 | low | query (`getBy*`/`queryBy*`) as a loose statement — its result is never asserted |
+| JS15 | low | inappropriate assertion — comparison wrapped in a boolean (`expect(a===b).toBe(true)`), blind failure message |
 
 Each code carries a judgment tag (J1-J6) shared with the
 [falsegreen-skill](https://github.com/vinicq/falsegreen-skill) semantic framework.
@@ -99,6 +100,7 @@ default. Enable them with `--diagnostics`, or per code via config `severity`. Th
 | D4 | diagnostic | `it.each`/`test.each` without titled cases (index-only) |
 | D6 | diagnostic | `console.*` in a test body |
 | D7 | diagnostic | anonymous test — empty or missing description |
+| D8 | diagnostic | magic number — a bare numeric literal as the expected value |
 | M2 | coupling | test body exceeds the line-count threshold |
 
 ```bash

package/dist/cases.js

@@ -38,6 +38,7 @@ export const CASES = {
     JS9: { title: "assertion in a dead branch (if(false) / if(true){}else) — it never runs", confidence: "high", judgment: "J1" },
     JS11: { title: "try/catch swallows the assertion — a failing expect is caught and the test stays green", confidence: "low", judgment: "J1" },
     JS13: { title: "query (getBy*/queryBy*/wrapper.find) as a loose statement — its result is never asserted", confidence: "low", judgment: "J4" },
+    JS15: { title: "inappropriate assertion — the comparison is wrapped in a boolean (expect(a===b).toBe(true)), so the failure message is blind", confidence: "low", judgment: "J4" },
     // --- diagnostic group (maintainability; default off, opt-in via --diagnostics
     // or config severity). These are NOT false-green: the test still protects. They
     // are a "plus" for test-code health, mirroring falsegreen's D/M group. -------
@@ -46,6 +47,7 @@ export const CASES = {
     D4: { title: "it.each/test.each without titled cases — a failing case is identified only by its index", confidence: "off", judgment: "J4" },
     D6: { title: "console.* in a test body — a debug artifact that bypasses the oracle", confidence: "off", judgment: "J4" },
     D7: { title: "anonymous test — empty or missing description", confidence: "off", judgment: "J4" },
+    D8: { title: "magic number in an assertion — a bare numeric literal instead of a named constant", confidence: "off", judgment: "J4" },
     M2: { title: "test body exceeds the line-count threshold — hard to read and maintain", confidence: "off", judgment: "J5" },
 };
 /** Default thresholds for the diagnostic group (overridable later via config). */

package/dist/cli.js

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 import { JUDGMENTS, groupOf } from "./cases.js";
 import { scanPaths, scanFile, stagedFiles, loadConfig, } from "./scan.js";
-const VERSION = "0.1.0";
+const VERSION = "0.2.0";
 const TOOL_URI = "https://github.com/vinicq/falsegreen-js";
 const HELP = `falsegreen-js ${VERSION} - find false-positive JS/TS tests (static AST scan)
 

package/dist/rules.js

@@ -377,6 +377,32 @@ export function analyze(sf) {
                 if ((chain.matcher === "toThrow" || chain.matcher === "toThrowError") && chain.args.length === 0) {
                     push(lineOf(sf, node), "C9", "toThrow() with no error type or message accepts any error");
                 }
+                // JS15 inappropriate assertion: the comparison is wrapped in a boolean, so
+                // the matcher only sees true/false (expect(a === b).toBe(true)). The failure
+                // message is blind ("expected false to be true") and the oracle is weak.
+                const COMPARISON_OPS = new Set([
+                    ts.SyntaxKind.EqualsEqualsEqualsToken, ts.SyntaxKind.ExclamationEqualsEqualsToken,
+                    ts.SyntaxKind.EqualsEqualsToken, ts.SyntaxKind.ExclamationEqualsToken,
+                    ts.SyntaxKind.LessThanToken, ts.SyntaxKind.GreaterThanToken,
+                    ts.SyntaxKind.LessThanEqualsToken, ts.SyntaxKind.GreaterThanEqualsToken,
+                ]);
+                const subjIsComparison = subj !== undefined && ts.isBinaryExpression(subj) &&
+                    COMPARISON_OPS.has(subj.operatorToken.kind);
+                const boolMatcher = ((chain.matcher === "toBe" || chain.matcher === "toEqual" || chain.matcher === "toStrictEqual") &&
+                    arg !== undefined && (arg.kind === ts.SyntaxKind.TrueKeyword || arg.kind === ts.SyntaxKind.FalseKeyword)) ||
+                    chain.matcher === "toBeTruthy" || chain.matcher === "toBeFalsy";
+                if (subjIsComparison && boolMatcher) {
+                    push(lineOf(sf, node), "JS15", "comparison wrapped in a boolean; assert the values directly");
+                }
+                // D8 (diagnostic, opt-in): a magic integer literal as the expected value.
+                // Floats are C8's concern; D8 covers bare integers abs > 1.
+                if ((chain.matcher === "toBe" || chain.matcher === "toEqual" || chain.matcher === "toStrictEqual") &&
+                    arg && ts.isNumericLiteral(arg)) {
+                    const v = Number(arg.text);
+                    if (Number.isInteger(v) && Math.abs(v) > 1) {
+                        push(lineOf(sf, node), "D8", `magic number ${arg.text} in the assertion`);
+                    }
+                }
                 // C5 always-true
                 if (chain.matcher === "toBeTruthy" && literalTruthiness(subj) === true) {
                     push(lineOf(sf, node), "C5", "toBeTruthy on a constant truthy literal");

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "falsegreen-js",
-  "version": "0.1.0",
+  "version": "0.2.0",
   "description": "Find JavaScript/TypeScript unit tests that give false positives: green tests that protect nothing, and tests that pass while asserting the wrong thing. Deterministic AST scanner, sibling of falsegreen (Python).",
   "keywords": [
     "jest", "vitest", "mocha", "testing", "test-smells", "false-positive",