npm - pickier - Versions diffs - 0.1.26 → 0.1.28 - Mend

pickier 0.1.26 → 0.1.28

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (286) hide show

package/dist/utils.d.ts CHANGED Viewed

@@ -43,31 +43,12 @@ export declare function shouldIgnorePath(absPath: string, ignoreGlobs: string[])
  * This prevents infinite loops when fixers keep modifying content.
  */
 export declare const MAX_FIXER_PASSES: 5;
-/**
- * Environment variable configuration with defaults.
- * Centralized to avoid scattered parsing and provide documentation.
- */
-export declare const ENV: {
-  /** Enable verbose trace logging. Set PICKIER_TRACE=1 to enable. */
-  get TRACE: () => unknown;
-  /** Glob timeout in milliseconds. Default: 8000ms */
-  get TIMEOUT_MS: () => unknown;
-  /** Per-rule timeout in milliseconds. Default: 5000ms */
-  get RULE_TIMEOUT_MS: () => unknown;
-  /** Parallel file processing concurrency. Default: 8 */
-  get CONCURRENCY: () => unknown;
-  /** Enable diagnostics mode. Set PICKIER_DIAGNOSTICS=1 to enable. */
-  get DIAGNOSTICS: () => unknown;
-  /** Treat warnings as errors. Set PICKIER_FAIL_ON_WARNINGS=1 to enable. */
-  get FAIL_ON_WARNINGS: () => unknown;
-  /** Disable auto-loading of config. Set PICKIER_NO_AUTO_CONFIG=1 to disable. */
-  get NO_AUTO_CONFIG: () => unknown
-};
+export declare const ENV: EnvConfig;
 /**
  * Universal ignore patterns that should apply everywhere.
  * These are always excluded regardless of project-specific config.
  */
-export declare const UNIVERSAL_IGNORES: readonly ['**/node_modules/**', '**/dist/**', '**/build/**', '**/.git/**', '**/.next/**', '**/.nuxt/**', '**/.output/**', '**/.vercel/**', '**/.netlify/**', '**/.cache/**', '**/.turbo/**', '**/.vscode/**', '**/.idea/**', '**/.zed/**', '**/.cursor/**', '**/.claude/**', '**/.github/**', '**/coverage/**', '**/.nyc_output/**', '**/.tmp/**', '**/.temp/**', '**/vendor/**', '**/pantry/**', '**/target/**', unknown, unknown, unknown, unknown, unknown, unknown, unknown, unknown, '**/.DS_Store', '**/Thumbs.db'];
+export declare const UNIVERSAL_IGNORES: readonly string[];
 export declare const colors: {
   green: (text: string) => string
   red: (text: string) => string
@@ -88,3 +69,16 @@ declare interface GlobOptions {
   absolute?: boolean
   cwd?: string
 }
+/**
+ * Environment variable configuration with defaults.
+ * Centralized to avoid scattered parsing and provide documentation.
+ */
+export declare interface EnvConfig {
+  readonly TRACE: boolean
+  readonly TIMEOUT_MS: number
+  readonly RULE_TIMEOUT_MS: number
+  readonly CONCURRENCY: number
+  readonly DIAGNOSTICS: boolean
+  readonly FAIL_ON_WARNINGS: boolean
+  readonly NO_AUTO_CONFIG: boolean
+}

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "pickier",
   "type": "module",
-  "version": "0.1.26",
+  "version": "0.1.28",
   "description": "Format, lint and more in a fraction of seconds.",
   "author": "Chris Breuer <chris@stacksjs.org>",
   "license": "MIT",
@@ -77,12 +77,12 @@
     "test:watch": "PICKIER_NO_AUTO_CONFIG=1 bun test --watch"
   },
   "dependencies": {
-    "@stacksjs/clapp": "^0.2.0"
+    "@stacksjs/clapp": "^0.2.3"
   },
   "optionalDependencies": {
-    "ts-spell-check": "^0.1.0"
+    "@stacksjs/ts-spell-check": "^0.1.0"
   },
   "devDependencies": {
-    "bunfig": "^0.15.6"
+    "bunfig": "^0.15.11"
   }
 }

package/dist/ast.d.ts DELETED Viewed

@@ -1,13 +0,0 @@
-export declare function buildSourceMap(text: string): SourceMap;
-// Very small tokenizer sufficient for structural tasks. Tracks strings, template, regex, comments.
-export declare function tokenize(text: string): Token[];
-export declare function findMatching(text: string, start: number, open: string, close: string): number;
-// Lightweight parsing utilities (no deps). Intentionally minimal for Pickier rules.
-// Provides tokenization, simple bracket matching, and loc <-> index mapping.
-export declare interface Loc { line: number, column: number }
-export declare interface Range { start: number, end: number }
-export declare interface Token { type: string, value: string, start: number, end: number }
-export declare interface SourceMap {
-  lineStarts: number[]
-  indexToLoc: (idx: number) => Loc
-}

package/dist/plugins/eslint.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import type { PickierPlugin } from '../types';
2	- export declare const eslintPlugin: PickierPlugin;

package/dist/plugins/general.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import type { PickierPlugin } from '../types';
2	- export declare const generalPlugin: PickierPlugin;

package/dist/plugins/index.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import type { PickierPlugin } from '../types';
2	- export declare function getAllPlugins(): PickierPlugin[];

package/dist/plugins/lockfile.d.ts DELETED Viewed

@@ -1,22 +0,0 @@
-import type { PickierPlugin } from '../types';
-/**
- * Lockfile security plugin for pickier.
- *
- * Validates lockfiles (package-lock.json, yarn.lock, bun.lock) for security issues
- * that could indicate supply chain attacks.
- *
- * Rules:
- * - validate-host: Ensure packages are from allowed registry hosts
- * - validate-https: Ensure packages use HTTPS protocol
- * - validate-integrity: Ensure packages use strong integrity hashes (SHA512)
- * - validate-package-names: Ensure package names match their resolved URLs
- * - validate-scheme: Ensure packages use allowed URL schemes
- *
- * Attack vectors protected against:
- * 1. Malicious Host Injection - Attacker modifies lockfile to point to malicious registries
- * 2. Package Name Substitution - Lockfile references wrong package name in URL
- * 3. Unencrypted Protocol Usage - Using HTTP instead of HTTPS (MITM attacks)
- * 4. Weak Integrity Hashes - Using SHA1/SHA256 instead of SHA512 (collision attacks)
- * 5. Unauthorized URL Schemes - Using file://, data://, git+http://, etc.
- */
-export declare const lockfilePlugin: PickierPlugin;

package/dist/plugins/markdown.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import type { PickierPlugin } from '../types';
2	- export declare const markdownPlugin: PickierPlugin;

package/dist/plugins/node.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import type { PickierPlugin } from '../types';
2	- export declare const nodePlugin: PickierPlugin;

package/dist/plugins/perfectionist.d.ts DELETED Viewed

@@ -1,6 +0,0 @@
-import type { PickierPlugin } from '../types';
-/**
- * Perfectionist plugin - provides compatibility with perfectionist ESLint plugin
- * These rules are aliases to existing Pickier rules under different namespaces
- */
-export declare const perfectionistPlugin: PickierPlugin;

package/dist/plugins/pickier.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import type { PickierPlugin } from '../types';
2	- export declare const pickierPlugin: PickierPlugin;

package/dist/plugins/publint.d.ts DELETED Viewed

@@ -1,10 +0,0 @@
-import type { PickierPlugin } from '../types';
-/**
- * publint plugin for pickier.
- *
- * Validates package.json files for correct npm publishing configuration.
- * Checks exports/imports ordering, field types, file format, module system, etc.
- *
- * Ported from publint (https://publint.dev).
- */
-export declare const publintPlugin: PickierPlugin;

package/dist/plugins/quality.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import type { PickierPlugin } from '../types';
2	- export declare const qualityPlugin: PickierPlugin;

package/dist/plugins/regexp.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import type { PickierPlugin } from '../types';
2	- export declare const regexpPlugin: PickierPlugin;

package/dist/plugins/shell.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import type { PickierPlugin } from '../types';
2	- export declare const shellPlugin: PickierPlugin;

package/dist/plugins/spell.d.ts DELETED Viewed

@@ -1,3 +0,0 @@
-import type { PickierPlugin } from '../types';
-// ── Plugin export ───────────────────────────────────────────────
-export declare const spellPlugin: PickierPlugin;

package/dist/plugins/style.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import type { PickierPlugin } from '../types';
2	- export declare const stylePlugin: PickierPlugin;

package/dist/plugins/ts.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import type { PickierPlugin } from '../types';
2	- export declare const tsPlugin: PickierPlugin;

package/dist/plugins/unused-imports.d.ts DELETED Viewed

@@ -1,6 +0,0 @@
-import type { PickierPlugin } from '../types';
-/**
- * unused-imports plugin - provides compatibility with unused-imports ESLint plugin
- * These rules are aliases to existing Pickier rules under different namespaces
- */
-export declare const unusedImportsPlugin: PickierPlugin;

package/dist/plugins/utils.d.ts DELETED Viewed

@@ -1,4 +0,0 @@
-import type { RuleModule } from '../types';
-export declare function codeOnly(rule: RuleModule): RuleModule;
-export declare function shellOnly(rule: RuleModule): RuleModule;
-export declare function packageJsonOnly(rule: RuleModule): RuleModule;

package/dist/rules/general/_template-tracking.d.ts DELETED Viewed

@@ -1,31 +0,0 @@
-/**
- * Compute, for each line of a TS/JS source, whether the line begins inside
- * a template-literal body (i.e. between an unclosed backtick and its
- * matching close).
- *
- * Used by rules like `prefer-const` and `pickier/no-unused-vars` to skip
- * generated code embedded in template strings — declarations and function
- * bodies inside a `\`<script>...\`` blob aren't real top-level code, and
- * applying lint rules to them produces false positives that fixers will
- * happily turn into broken runtime code.
- *
- * Tracks: single-quoted strings, double-quoted strings, template-literal
- * bodies + their `${}` expressions (with brace depth), regex literals
- * (with character-class awareness), line and block comments.
- *
- * Regex-vs-division disambiguation uses the previous "significant"
- * character on the logical statement: `/` after operators / punctuation
- * starts a regex; `/` after an identifier or closing bracket is division.
- */
-export declare function computeLineStartsInTemplate(text: string): boolean[];
-/**
- * On a single line, return [start, end] ranges of characters that fall
- * inside a backtick-bounded template literal. If a backtick opens but
- * doesn't close on this line, the range extends to the line's end (it's
- * the first line of a multi-line template).
- *
- * Used by per-line fixers to refuse to rewrite identifiers that fall
- * inside an embedded code blob whose other usages live in the same
- * template string and aren't visible to the syntactic rename.
- */
-export declare function backtickRangesOnLine(line: string): Array<[number, number]>;

package/dist/rules/general/array-callback-return.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import type { RuleModule } from '../../types';
2	- export declare const arrayCallbackReturnRule: RuleModule;

package/dist/rules/general/constructor-super.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import type { RuleModule } from '../../types';
2	- export declare const constructorSuperRule: RuleModule;

package/dist/rules/general/for-direction.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import type { RuleModule } from '../../types';
2	- export declare const forDirectionRule: RuleModule;

package/dist/rules/general/getter-return.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import type { RuleModule } from '../../types';
2	- export declare const getterReturnRule: RuleModule;

package/dist/rules/general/no-async-promise-executor.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import type { RuleModule } from '../../types';
2	- export declare const noAsyncPromiseExecutorRule: RuleModule;

package/dist/rules/general/no-compare-neg-zero.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import type { RuleModule } from '../../types';
2	- export declare const noCompareNegZeroRule: RuleModule;

package/dist/rules/general/no-cond-assign.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import type { RuleModule } from '../../types';
2	- export declare const noCondAssignRule: RuleModule;

package/dist/rules/general/no-const-assign.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import type { RuleModule } from '../../types';
2	- export declare const noConstAssignRule: RuleModule;

package/dist/rules/general/no-constant-condition.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import type { RuleModule } from '../../types';
2	- export declare const noConstantConditionRule: RuleModule;

package/dist/rules/general/no-constructor-return.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import type { RuleModule } from '../../types';
2	- export declare const noConstructorReturnRule: RuleModule;

package/dist/rules/general/no-dupe-class-members.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import type { RuleModule } from '../../types';
2	- export declare const noDupeClassMembersRule: RuleModule;

package/dist/rules/general/no-dupe-keys.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import type { RuleModule } from '../../types';
2	- export declare const noDupeKeysRule: RuleModule;

package/dist/rules/general/no-duplicate-case.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import type { RuleModule } from '../../types';
2	- export declare const noDuplicateCaseRule: RuleModule;

package/dist/rules/general/no-empty-pattern.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import type { RuleModule } from '../../types';
2	- export declare const noEmptyPatternRule: RuleModule;

package/dist/rules/general/no-fallthrough.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import type { RuleModule } from '../../types';
2	- export declare const noFallthroughRule: RuleModule;

package/dist/rules/general/no-irregular-whitespace.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import type { RuleModule } from '../../types';
2	- export declare const noIrregularWhitespaceRule: RuleModule;

package/dist/rules/general/no-loss-of-precision.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import type { RuleModule } from '../../types';
2	- export declare const noLossOfPrecisionRule: RuleModule;

package/dist/rules/general/no-new.d.ts DELETED Viewed

@@ -1,13 +0,0 @@
-import type { RuleModule } from '../../types';
-/**
- * Disallow `new` operators outside of assignments or comparisons.
- * Prevents using `new` for side effects without storing the result.
- *
- * Violations:
- * - `new MyClass()` (result not used)
- *
- * Valid:
- * - `const instance = new MyClass()`
- * - `return new MyClass()`
- */
-export declare const noNew: RuleModule;

package/dist/rules/general/no-promise-executor-return.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import type { RuleModule } from '../../types';
2	- export declare const noPromiseExecutorReturnRule: RuleModule;

package/dist/rules/general/no-redeclare.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import type { RuleModule } from '../../types';
2	- export declare const noRedeclareRule: RuleModule;

package/dist/rules/general/no-regex-spaces.d.ts DELETED Viewed

@@ -1,10 +0,0 @@
-import type { RuleModule } from '../../types';
-/**
- * Disallow multiple spaces in regular expressions.
- * Use quantifiers like {2} instead for clarity.
- *
- * Violations:
- * - `/foo  bar/` (use /foo {2}bar/ instead)
- * - `/  +/` (multiple spaces)
- */
-export declare const noRegexSpaces: RuleModule;

package/dist/rules/general/no-self-assign.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import type { RuleModule } from '../../types';
2	- export declare const noSelfAssignRule: RuleModule;

package/dist/rules/general/no-self-compare.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import type { RuleModule } from '../../types';
2	- export declare const noSelfCompareRule: RuleModule;

package/dist/rules/general/no-sparse-arrays.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import type { RuleModule } from '../../types';
2	- export declare const noSparseArraysRule: RuleModule;

package/dist/rules/general/no-undef.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import type { RuleModule } from '../../types';
2	- export declare const noUndefRule: RuleModule;

package/dist/rules/general/no-unreachable.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import type { RuleModule } from '../../types';
2	- export declare const noUnreachableRule: RuleModule;

package/dist/rules/general/no-unsafe-negation.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import type { RuleModule } from '../../types';
2	- export declare const noUnsafeNegationRule: RuleModule;

package/dist/rules/general/no-unused-vars.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import type { RuleModule } from '../../types';
2	- export declare const noUnusedVarsRule: RuleModule;

package/dist/rules/general/no-useless-catch.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import type { RuleModule } from '../../types';
2	- export declare const noUselessCatchRule: RuleModule;

package/dist/rules/general/prefer-const.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import type { RuleModule } from '../../types';
2	- export declare const preferConstRule: RuleModule;

package/dist/rules/general/prefer-object-spread.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import type { RuleModule } from '../../types';
2	- export declare const preferObjectSpreadRule: RuleModule;

package/dist/rules/general/prefer-template.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import type { RuleModule } from '../../types';
2	- export declare const preferTemplate: RuleModule;

package/dist/rules/general/use-isnan.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import type { RuleModule } from '../../types';
2	- export declare const useIsNaNRule: RuleModule;

package/dist/rules/general/valid-typeof.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import type { RuleModule } from '../../types';
2	- export declare const validTypeofRule: RuleModule;

package/dist/rules/imports/first.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import type { RuleModule } from '../../types';
2	- export declare const firstRule: RuleModule;

package/dist/rules/imports/import-dedupe.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import type { RuleModule } from '../../types';
2	- export declare const importDedupeRule: RuleModule;

package/dist/rules/imports/named.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import type { RuleModule } from '../../types';
2	- export declare const namedRule: RuleModule;

package/dist/rules/imports/no-cycle.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import type { RuleModule } from '../../types';
2	- export declare const noCycleRule: RuleModule;

package/dist/rules/imports/no-duplicate-imports.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import type { RuleModule } from '../../types';
2	- export declare const noDuplicateImportsRule: RuleModule;

package/dist/rules/imports/no-import-dist.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import type { RuleModule } from '../../types';
2	- export declare const noImportDistRule: RuleModule;

package/dist/rules/imports/no-import-node-modules-by-path.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import type { RuleModule } from '../../types';
2	- export declare const noImportNodeModulesByPathRule: RuleModule;

package/dist/rules/imports/no-unresolved.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import type { RuleModule } from '../../types';
2	- export declare const noUnresolvedRule: RuleModule;

package/dist/rules/lockfile/index.d.ts DELETED Viewed

@@ -1,6 +0,0 @@
-export * from './parser';
-export * from './validate-host';
-export * from './validate-https';
-export * from './validate-integrity';
-export * from './validate-package-names';
-export * from './validate-scheme';

package/dist/rules/lockfile/parser.d.ts DELETED Viewed

@@ -1,79 +0,0 @@
-/**
- * Detect lockfile type from filename
- */
-export declare function detectLockfileType(filePath: string): 'npm' | 'yarn' | 'bun' | null;
-/**
- * Check if content is a lockfile based on structure
- */
-export declare function isLockfileContent(content: string, filePath: string): boolean;
-/**
- * Parse npm package-lock.json (supports v1, v2, v3)
- */
-export declare function parseNpmLockfile(content: string): ParsedLockfile;
-/**
- * Parse yarn.lock (supports classic v1 and berry/v2+)
- */
-export declare function parseYarnLockfile(content: string): ParsedLockfile;
-/**
- * Parse bun.lock (JSON format)
- *
- * Bun lockfile format (v1):
- * {
- *   "lockfileVersion": 1,
- *   "packages": {
- *     "pkg-name": ["pkg-name@version", "resolved-url", { deps }, "integrity-hash"],
- *     "@scope/pkg": ["@scope/pkg@version", "", { deps }, "sha512-..."],
- *   }
- * }
- *
- * Array format: [name@version, resolved_url, meta_object, integrity_hash]
- * Note: resolved_url is often empty string for packages from default registry
- */
-export declare function parseBunLockfile(content: string): ParsedLockfile;
-/**
- * Parse a lockfile based on its type
- */
-export declare function parseLockfile(content: string, filePath: string): ParsedLockfile | null;
-/**
- * Extract host from a resolved URL
- */
-export declare function extractHost(resolvedUrl: string): string | null;
-/**
- * Extract protocol/scheme from a resolved URL
- */
-export declare function extractScheme(resolvedUrl: string): string | null;
-/**
- * Extract package name from a resolved URL
- * Works for npm/yarn registry URLs like:
- * - https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz
- * - https://registry.npmjs.org/@babel/core/-/core-7.0.0.tgz
- */
-export declare function extractPackageNameFromUrl(resolvedUrl: string): string | null;
-/**
- * Extract integrity hash type (sha1, sha256, sha512, etc.)
- */
-export declare function extractIntegrityType(integrity: string): string | null;
-/**
- * Expand host aliases to actual hostnames
- */
-export declare function expandHostAliases(hosts: string[]): string[];
-// Registry aliases for convenience
-export declare const REGISTRY_ALIASES: {
-  npm: 'registry.npmjs.org';
-  yarn: 'registry.yarnpkg.com';
-  verdaccio: 'registry.verdaccio.org'
-};
-/**
- * Lockfile parser for npm, yarn, and bun lockfiles.
- * Normalizes different formats into a unified structure for validation.
- */
-export declare interface ParsedPackage {
-  name: string
-  version: string
-  resolved?: string
-  integrity?: string
-}
-export declare interface ParsedLockfile {
-  type: 'npm' | 'yarn' | 'yarn-berry' | 'bun'
-  packages: Map<string, ParsedPackage>
-}

package/dist/rules/lockfile/validate-host.d.ts DELETED Viewed

@@ -1,18 +0,0 @@
-import type { RuleModule } from '../../types';
-/**
- * Validate that all packages in a lockfile are from allowed hosts.
- * Prevents supply chain attacks where an attacker modifies the lockfile
- * to point packages to malicious registries.
- *
- * Options:
- * - allowedHosts: Array of allowed hostnames or aliases ('npm', 'yarn', 'verdaccio')
- * - emptyHostname: Whether to allow packages with empty/missing resolved URLs (default: true)
- *
- * Example config:
- * ```ts
- * pluginRules: {
- *   'lockfile/validate-host': ['error', { allowedHosts: ['npm', 'yarn'] }]
- * }
- * ```
- */
-export declare const validateHost: RuleModule;

package/dist/rules/lockfile/validate-https.d.ts DELETED Viewed

@@ -1,14 +0,0 @@
-import type { RuleModule } from '../../types';
-/**
- * Validate that all packages use HTTPS protocol.
- * Prevents man-in-the-middle attacks where packages could be intercepted
- * and replaced when downloaded over unencrypted HTTP.
- *
- * Example config:
- * ```ts
- * pluginRules: {
- *   'lockfile/validate-https': 'error'
- * }
- * ```
- */
-export declare const validateHttps: RuleModule;

package/dist/rules/lockfile/validate-integrity.d.ts DELETED Viewed

@@ -1,19 +0,0 @@
-import type { RuleModule } from '../../types';
-/**
- * Validate that all packages use strong integrity hashes (SHA512).
- * Weak hash algorithms like SHA1 and SHA256 are more susceptible to
- * collision attacks, potentially allowing attackers to substitute
- * malicious packages that match the same hash.
- *
- * Options:
- * - requiredAlgorithm: The minimum required hash algorithm (default: 'sha512')
- * - exclude: Array of package names to exclude from validation
- *
- * Example config:
- * ```ts
- * pluginRules: {
- *   'lockfile/validate-integrity': ['error', { requiredAlgorithm: 'sha512', exclude: [] }]
- * }
- * ```
- */
-export declare const validateIntegrity: RuleModule;

package/dist/rules/lockfile/validate-package-names.d.ts DELETED Viewed

@@ -1,23 +0,0 @@
-import type { RuleModule } from '../../types';
-/**
- * Validate that package names in lockfile match the resolved URL.
- * Detects package substitution attacks where an attacker replaces a legitimate
- * package with a malicious one by pointing to a different package in the URL.
- *
- * Example attack:
- * Package key: meow@1.0.0
- * Resolved URL: https://registry.npmjs.org/meowlicious/-/meow-4.0.1.tgz
- * The URL points to a different package (meowlicious) than expected (meow).
- *
- * Options:
- * - aliases: Object mapping package names to allowed URL names
- *   Example: { 'foo': 'foo-package' } allows 'foo' to resolve to 'foo-package'
- *
- * Example config:
- * ```ts
- * pluginRules: {
- *   'lockfile/validate-package-names': ['error', { aliases: {} }]
- * }
- * ```
- */
-export declare const validatePackageNames: RuleModule;

package/dist/rules/lockfile/validate-scheme.d.ts DELETED Viewed

@@ -1,17 +0,0 @@
-import type { RuleModule } from '../../types';
-/**
- * Validate that all packages use allowed URL schemes/protocols.
- * Prevents attacks using unexpected schemes like file://, data://,
- * git+http://, or other protocols that might bypass security policies.
- *
- * Options:
- * - allowedSchemes: Array of allowed URL schemes (default: ['https:', 'git+https:', 'git+ssh:'])
- *
- * Example config:
- * ```ts
- * pluginRules: {
- *   'lockfile/validate-scheme': ['error', { allowedSchemes: ['https:', 'git+ssh:'] }]
- * }
- * ```
- */
-export declare const validateScheme: RuleModule;