prodlint 0.8.1 → 0.9.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +3 -3
- package/dist/cli.js +263 -124
- package/dist/index.d.ts +7 -5
- package/dist/index.js +262 -121
- package/dist/mcp.js +267 -126
- package/package.json +2 -1
package/README.md
CHANGED
|
@@ -13,7 +13,7 @@ npx prodlint
|
|
|
13
13
|
```
|
|
14
14
|
|
|
15
15
|
```
|
|
16
|
-
prodlint v0.
|
|
16
|
+
prodlint v0.9.1
|
|
17
17
|
Scanned 148 files · 3 critical · 5 warnings
|
|
18
18
|
|
|
19
19
|
src/app/api/checkout/route.ts
|
|
@@ -72,7 +72,7 @@ npm i -g prodlint # Global install
|
|
|
72
72
|
| `auth-checks` | API routes with no authentication |
|
|
73
73
|
| `env-exposure` | `NEXT_PUBLIC_` on server-only secrets |
|
|
74
74
|
| `input-validation` | Request body used without validation |
|
|
75
|
-
| `cors-config` | `Access-Control-Allow-Origin:
|
|
75
|
+
| `cors-config` | `Access-Control-Allow-Origin: *`, wildcard + credentials escalated to critical |
|
|
76
76
|
| `unsafe-html` | `dangerouslySetInnerHTML` with user data |
|
|
77
77
|
| `sql-injection` | String-interpolated SQL queries (ORM-aware) |
|
|
78
78
|
| `open-redirect` | User input passed to `redirect()` |
|
|
@@ -121,7 +121,7 @@ npm i -g prodlint # Global install
|
|
|
121
121
|
| `no-unbounded-query` | `.findMany()` / `.select('*')` with no limit |
|
|
122
122
|
| `no-dynamic-import-loop` | `import()` inside loops |
|
|
123
123
|
| `server-component-fetch-self` | Server components fetching their own API routes |
|
|
124
|
-
| `missing-abort-controller` | Fetch calls without timeout or AbortController |
|
|
124
|
+
| `missing-abort-controller` | Fetch/axios calls without timeout or AbortController |
|
|
125
125
|
|
|
126
126
|
### AI Quality (8 rules)
|
|
127
127
|
|