pr-checkmate 1.4.0 â 1.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.logger = exports.runSpellcheck = exports.runPrettier = exports.runDependencyCheck = exports.runLint = void 0;
|
|
3
|
+
exports.logger = exports.runSecurityScan = exports.runSpellcheck = exports.runPrettier = exports.runDependencyCheck = exports.runLint = void 0;
|
|
4
4
|
exports.runAllChecks = runAllChecks;
|
|
5
5
|
exports.runChecks = runChecks;
|
|
6
6
|
/**
|
|
@@ -20,6 +20,8 @@ var prettier_autoformat_2 = require("./scripts/prettier-autoformat");
|
|
|
20
20
|
Object.defineProperty(exports, "runPrettier", { enumerable: true, get: function () { return prettier_autoformat_2.runPrettier; } });
|
|
21
21
|
var spellcheck_2 = require("./scripts/spellcheck");
|
|
22
22
|
Object.defineProperty(exports, "runSpellcheck", { enumerable: true, get: function () { return spellcheck_2.runSpellcheck; } });
|
|
23
|
+
var security_1 = require("./scripts/security");
|
|
24
|
+
Object.defineProperty(exports, "runSecurityScan", { enumerable: true, get: function () { return security_1.runSecurityScan; } });
|
|
23
25
|
var utils_1 = require("./utils");
|
|
24
26
|
Object.defineProperty(exports, "logger", { enumerable: true, get: function () { return utils_1.logger; } });
|
|
25
27
|
/**
|
|
@@ -30,6 +32,7 @@ async function runAllChecks() {
|
|
|
30
32
|
await (0, lint_1.runLint)();
|
|
31
33
|
await (0, dependency_check_1.runDependencyCheck)();
|
|
32
34
|
await (0, spellcheck_1.runSpellcheck)();
|
|
35
|
+
// await runSecurityScan();
|
|
33
36
|
await (0, prettier_autoformat_1.runPrettier)(); // Last to commit any fixes
|
|
34
37
|
}
|
|
35
38
|
/**
|
package/dist/scripts/index.js
CHANGED
|
@@ -18,12 +18,14 @@ exports.runJob = runJob;
|
|
|
18
18
|
const dependency_check_1 = require("./dependency-check");
|
|
19
19
|
const prettier_autoformat_1 = require("./prettier-autoformat");
|
|
20
20
|
const spellcheck_1 = require("./spellcheck");
|
|
21
|
+
const security_1 = require("./security");
|
|
21
22
|
const utils_1 = require("../utils");
|
|
22
23
|
const lint_1 = require("./lint");
|
|
23
24
|
__exportStar(require("./dependency-check"), exports);
|
|
24
25
|
__exportStar(require("./lint"), exports);
|
|
25
26
|
__exportStar(require("./prettier-autoformat"), exports);
|
|
26
27
|
__exportStar(require("./spellcheck"), exports);
|
|
28
|
+
__exportStar(require("./security"), exports);
|
|
27
29
|
async function runJob(jobName) {
|
|
28
30
|
utils_1.logger.info(`đ Running job: ${jobName}`);
|
|
29
31
|
try {
|
|
@@ -31,6 +33,7 @@ async function runJob(jobName) {
|
|
|
31
33
|
case 'all':
|
|
32
34
|
await (0, lint_1.runLint)();
|
|
33
35
|
await (0, dependency_check_1.runDependencyCheck)();
|
|
36
|
+
// await runSecurityScan();
|
|
34
37
|
try {
|
|
35
38
|
await (0, prettier_autoformat_1.runPrettier)();
|
|
36
39
|
}
|
|
@@ -56,6 +59,9 @@ async function runJob(jobName) {
|
|
|
56
59
|
case 'spellcheck':
|
|
57
60
|
await (0, spellcheck_1.runSpellcheck)();
|
|
58
61
|
break;
|
|
62
|
+
case 'security':
|
|
63
|
+
await (0, security_1.runSecurityScan)();
|
|
64
|
+
break;
|
|
59
65
|
default:
|
|
60
66
|
utils_1.logger.warn(`[runJob]: Unknown job "${jobName}". Available: all, lint, deps, prettier, spellcheck`);
|
|
61
67
|
}
|
|
@@ -28,7 +28,7 @@ function cleanupTempIgnoreFile(filePath) {
|
|
|
28
28
|
}
|
|
29
29
|
}
|
|
30
30
|
catch (err) {
|
|
31
|
-
utils_1.logger.warn(
|
|
31
|
+
utils_1.logger.warn(`[cleanupTempIgnoreFile]: â ī¸ Failed to cleanup temp file: ${filePath}\n${err}`);
|
|
32
32
|
}
|
|
33
33
|
}
|
|
34
34
|
async function runPrettier() {
|
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.runSecurityScan = runSecurityScan;
|
|
4
|
+
const execa_1 = require("execa");
|
|
5
|
+
const utils_1 = require("../utils");
|
|
6
|
+
const fs_1 = require("fs");
|
|
7
|
+
const child_process_1 = require("child_process");
|
|
8
|
+
async function runSecurityScan() {
|
|
9
|
+
utils_1.logger.info('đ Running secret scan with gitleaks-secret-scanner...');
|
|
10
|
+
try {
|
|
11
|
+
let headSha = process.env.HEAD_SHA;
|
|
12
|
+
if (!headSha) {
|
|
13
|
+
try {
|
|
14
|
+
headSha = (0, child_process_1.execSync)('git rev-parse HEAD').toString().trim();
|
|
15
|
+
process.env.HEAD_SHA = headSha;
|
|
16
|
+
utils_1.logger.info(`âšī¸ Detected HEAD_SHA=${headSha}`);
|
|
17
|
+
}
|
|
18
|
+
catch {
|
|
19
|
+
utils_1.logger.warn('â ī¸ Could not determine HEAD SHA, skipping diff-mode ci');
|
|
20
|
+
}
|
|
21
|
+
}
|
|
22
|
+
const cmd = (0, fs_1.existsSync)('node_modules/.bin/gitleaks-secret-scanner')
|
|
23
|
+
? './node_modules/.bin/gitleaks-secret-scanner'
|
|
24
|
+
: 'npx gitleaks-secret-scanner';
|
|
25
|
+
await (0, execa_1.execa)(cmd, ['--diff-mode', 'ci', '--html-report', 'gitleaks-report.html'], {
|
|
26
|
+
stdio: 'inherit',
|
|
27
|
+
env: process.env,
|
|
28
|
+
});
|
|
29
|
+
utils_1.logger.info('â
Secret scan completed');
|
|
30
|
+
}
|
|
31
|
+
catch (err) {
|
|
32
|
+
utils_1.logger.error('â Secrets found or scan failed');
|
|
33
|
+
throw err;
|
|
34
|
+
}
|
|
35
|
+
}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "pr-checkmate",
|
|
3
|
-
"version": "1.
|
|
3
|
+
"version": "1.6.0",
|
|
4
4
|
"description": "Automated PR quality checks: linting, formatting, dependency analysis, and spellcheck",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"github-actions",
|
|
@@ -35,6 +35,7 @@
|
|
|
35
35
|
"lint": "eslint \"src/**/*.{ts,tsx}\" --fix",
|
|
36
36
|
"prettier": "prettier --write \"src/**/*.{ts,tsx,js,jsx,json,md}\"",
|
|
37
37
|
"spellcheck": "cspell '**/*.{ts,tsx,js,jsx,md,json}' --no-progress",
|
|
38
|
+
"scan:secrets": "gitleaks-secret-scanner --diff-mode ci --html-report gitleaks-report.html",
|
|
38
39
|
"test": "echo 'Tests coming soon'",
|
|
39
40
|
"clean": "rm -rf dist",
|
|
40
41
|
"release": "standard-version"
|
|
@@ -54,19 +55,20 @@
|
|
|
54
55
|
"author": "Artur Polishchuk",
|
|
55
56
|
"license": "LicenseRef-Proprietary",
|
|
56
57
|
"dependencies": {
|
|
58
|
+
"@typescript-eslint/eslint-plugin": "^8.47.0",
|
|
59
|
+
"@typescript-eslint/parser": "^8.47.0",
|
|
57
60
|
"cspell": "^9.3.2",
|
|
58
61
|
"dotenv": "^17.2.3",
|
|
59
62
|
"eslint": ">=8.0.0",
|
|
63
|
+
"eslint-config-prettier": "^9.1.2",
|
|
64
|
+
"eslint-plugin-import": "^2.29.0",
|
|
65
|
+
"eslint-plugin-prettier": "^5.5.4",
|
|
60
66
|
"execa": "^9.6.0",
|
|
67
|
+
"gitleaks-secret-scanner": "^1.2.2",
|
|
61
68
|
"inquirer": "^13.0.1",
|
|
62
69
|
"prettier": ">=3.0.0",
|
|
63
70
|
"ts-node": "^10.9.1",
|
|
64
|
-
"typescript": "^5.9.3"
|
|
65
|
-
"@typescript-eslint/eslint-plugin": "^8.47.0",
|
|
66
|
-
"@typescript-eslint/parser": "^8.47.0",
|
|
67
|
-
"eslint-config-prettier": "^9.1.2",
|
|
68
|
-
"eslint-plugin-import": "^2.29.0",
|
|
69
|
-
"eslint-plugin-prettier": "^5.5.4"
|
|
71
|
+
"typescript": "^5.9.3"
|
|
70
72
|
},
|
|
71
73
|
"devDependencies": {
|
|
72
74
|
"standard-version": "^9.5.0"
|