npm - safelaunch - Versions diffs - 1.0.31 → 1.0.33 - Mend

safelaunch 1.0.31 → 1.0.33

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/package.json +1 -1
package/src/scan.js +96 -11

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "safelaunch",
-  "version": "1.0.31",
+  "version": "1.0.33",
   "description": "Backend Reliability Infrastructure - catch what breaks production before it breaks",
   "main": "index.js",
   "bin": {

package/src/scan.js CHANGED Viewed

@@ -63,16 +63,41 @@ const IMPACTS = {
     impact: "Different tools read different copies. Behaviour is unpredictable — one service may use the wrong value.",
     fix:    `Remove the duplicate ${name} entry from your .env file.`,
   }),
+  NODE_MODULES_STALE: () => ({
+    title:  "node_modules may be out of date",
+    impact: "package.json was modified after node_modules was last updated. You may be running old or missing dependencies.",
+    fix:    "Run npm install to sync your dependencies.",
+  }),
   MISSING_NODE_MODULES: () => ({
     title:  "node_modules is missing",
     impact: "The app won't start. Nothing is installed.",
     fix:    "Run npm install.",
   }),
+  AUDIT_HIGH: (count) => ({
+    title:  `${count} high-severity vulnerability${count > 1 ? "ies" : "y"} in dependencies`,
+    impact: "Known vulnerabilities exist that could be exploited. These should be fixed before deploying.",
+    fix:    "Run npm audit fix or check npm audit for manual fixes.",
+  }),
+  AUDIT_HIGH: (count) => ({
+    title:  `${count} high-severity vulnerability${count > 1 ? "ies" : "y"} in dependencies`,
+    impact: "Known vulnerabilities exist that could be exploited. These should be fixed before deploying.",
+    fix:    "Run npm audit fix or check npm audit for manual fixes.",
+  }),
   AUDIT_CRITICAL: (count) => ({
     title:  `${count} critical vulnerability${count > 1 ? "ies" : "y"} in dependencies`,
     impact: "Known exploits exist for these packages. Shipping them puts your users and infrastructure at risk.",
     fix:    "Run npm audit fix or check npm audit for manual fixes.",
   }),
+  PYTHON_MISMATCH: (expected, actual) => ({
+    title:  `Python version mismatch (expected: ${expected}, running: ${actual})`,
+    impact: "Code that works locally may fail in CI or production if they use the expected version.",
+    fix:    `Switch to Python ${expected} or update .python-version to match your runtime.`,
+  }),
+  NODE_ENGINES_MISMATCH: (expected, actual) => ({
+    title:  `Node version mismatch (package.json engines: ${expected}, running: ${actual})`,
+    impact: "Your package.json declares a required Node version that differs from what is running.",
+    fix:    `Switch to Node ${expected} or update the engines field in package.json.`,
+  }),
   NODE_MISMATCH: (expected, actual) => ({
     title:  `Node version mismatch (.nvmrc: ${expected}, running: ${actual})`,
     impact: "Code that works locally may fail in CI or production if they use the expected version.",
@@ -190,12 +215,21 @@ function checkNodeModules(cwd) {
   if (!fileExists(pkgPath)) return issues;
   try {
     const pkg = JSON.parse(fs.readFileSync(pkgPath, "utf8"));
-    const deps = Object.keys(pkg.dependencies || {});
+    const deps = Object.keys({ ...pkg.dependencies, ...pkg.devDependencies });
     if (deps.length === 0) return issues;
   } catch { return issues; }
-  if (!fileExists(path.join(cwd, "node_modules"))) {
+  const nmPath = path.join(cwd, "node_modules");
+  if (!fileExists(nmPath)) {
     issues.push({ severity: "block", ...IMPACTS.MISSING_NODE_MODULES() });
+    return issues;
   }
+  try {
+    const pkgStat = fs.statSync(pkgPath);
+    const nmStat  = fs.statSync(nmPath);
+    if (pkgStat.mtimeMs > nmStat.mtimeMs) {
+      issues.push({ severity: "warn", ...IMPACTS.NODE_MODULES_STALE() });
+    }
+  } catch {}
   return issues;
 }
@@ -203,12 +237,15 @@ function checkNpmAudit(cwd) {
   const issues = [];
   if (!fileExists(path.join(cwd, "package.json"))) return issues;
   try {
-    execSync("npm audit --audit-level=critical --json", { cwd, encoding: "utf8", stdio: ["pipe","pipe","pipe"] });
+    execSync("npm audit --json", { cwd, encoding: "utf8", stdio: ["pipe","pipe","pipe"] });
   } catch (e) {
     try {
       const data = JSON.parse(e.stdout || "");
-      const critCount = (data.metadata && data.metadata.vulnerabilities && data.metadata.vulnerabilities.critical) || 0;
-      if (critCount > 0) issues.push({ severity: "warn", ...IMPACTS.AUDIT_CRITICAL(critCount) });
+      const vulns = (data.metadata && data.metadata.vulnerabilities) || {};
+      const critCount = vulns.critical || 0;
+      const highCount = vulns.high || 0;
+      if (critCount > 0) issues.push({ severity: "block", ...IMPACTS.AUDIT_CRITICAL(critCount) });
+      if (highCount > 0) issues.push({ severity: "warn", ...IMPACTS.AUDIT_HIGH(highCount) });
     } catch {}
   }
   return issues;
@@ -216,16 +253,63 @@ function checkNpmAudit(cwd) {
 function checkNodeVersion(cwd) {
   const issues = [];
-  const content = readFileSafe(path.join(cwd, ".nvmrc"));
-  if (!content) return issues;
-  const expected = content.trim().replace(/^v/, "");
-  const actual   = process.version.replace(/^v/, "");
-  if (expected.split(".")[0] !== actual.split(".")[0]) {
-    issues.push({ severity: "info", ...IMPACTS.NODE_MISMATCH(expected, actual) });
+  const actual = process.version.replace(/^v/, "");
+  // Check .nvmrc
+  const nvmrc = readFileSafe(path.join(cwd, ".nvmrc"));
+  if (nvmrc) {
+    const expected = nvmrc.trim().replace(/^v/, "");
+    if (expected.split(".")[0] !== actual.split(".")[0]) {
+      issues.push({ severity: "warn", ...IMPACTS.NODE_MISMATCH(expected, actual) });
+    }
   }
+  // Check package.json engines.node
+  const pkgRaw = readFileSafe(path.join(cwd, "package.json"));
+  if (pkgRaw) {
+    try {
+      const pkg = JSON.parse(pkgRaw);
+      const enginesNode = pkg.engines && pkg.engines.node;
+      if (enginesNode) {
+        const match = enginesNode.match(/(\d+)/);
+        if (match && match[1] !== actual.split(".")[0]) {
+          issues.push({ severity: "warn", ...IMPACTS.NODE_ENGINES_MISMATCH(enginesNode, actual) });
+        }
+      }
+    } catch {}
+  }
   return issues;
 }
+function checkPythonVersion(cwd) {
+  const issues = [];
+  const actual = exec("python3 --version") || exec("python --version");
+  if (!actual) return issues;
+  const actualVer = actual.replace(/^Python\s+/i, "").trim();
+  // Check .python-version
+  const pyVer = readFileSafe(path.join(cwd, ".python-version"));
+  if (pyVer) {
+    const expected = pyVer.trim();
+    if (expected.split(".")[0] !== actualVer.split(".")[0]) {
+      issues.push({ severity: "warn", ...IMPACTS.PYTHON_MISMATCH(expected, actualVer) });
+    }
+  }
+  // Check runtime.txt (Heroku/Render style)
+  const runtimeTxt = readFileSafe(path.join(cwd, "runtime.txt"));
+  if (runtimeTxt && runtimeTxt.startsWith("python-")) {
+    const expected = runtimeTxt.replace("python-", "").trim();
+    if (expected.split(".")[0] !== actualVer.split(".")[0]) {
+      issues.push({ severity: "warn", ...IMPACTS.PYTHON_MISMATCH(expected, actualVer) });
+    }
+  }
+  return issues;
+}
 function renderHookOutput(blockers, warnings, infos, elapsed) {
   const lines = [];
   const hr = gray("─".repeat(49));
@@ -325,6 +409,7 @@ async function runScan(options = {}) {
     ...checkTypeScript(cwd),
     ...checkNpmAudit(cwd),
     ...checkNodeVersion(cwd),
+    ...checkPythonVersion(cwd),
   ];
   const blockers = allIssues.filter((i) => i.severity === "block");
   const warnings = allIssues.filter((i) => i.severity === "warn");