safelaunch 1.0.33 → 1.0.34

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/package.json +1 -1
  2. package/src/scan.js +22 -0
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "safelaunch",
3
- "version": "1.0.33",
3
+ "version": "1.0.34",
4
4
  "description": "Backend Reliability Infrastructure - catch what breaks production before it breaks",
5
5
  "main": "index.js",
6
6
  "bin": {
package/src/scan.js CHANGED
@@ -63,6 +63,11 @@ const IMPACTS = {
63
63
  impact: "Different tools read different copies. Behaviour is unpredictable — one service may use the wrong value.",
64
64
  fix: `Remove the duplicate ${name} entry from your .env file.`,
65
65
  }),
66
+ ENV_NOT_GITIGNORED: () => ({
67
+ title: ".env is not in .gitignore",
68
+ impact: "Your .env file could be committed to git, exposing secrets to anyone with repo access.",
69
+ fix: "Add .env to your .gitignore file immediately.",
70
+ }),
66
71
  NODE_MODULES_STALE: () => ({
67
72
  title: "node_modules may be out of date",
68
73
  impact: "package.json was modified after node_modules was last updated. You may be running old or missing dependencies.",
@@ -394,6 +399,22 @@ function renderInteractiveOutput(blockers, warnings, infos, elapsed) {
394
399
  return lines.join("\n");
395
400
  }
396
401
 
402
+
403
+ function checkEnvGitignored(cwd) {
404
+ const issues = [];
405
+ if (!fileExists(path.join(cwd, ".env"))) return issues;
406
+ const gitignore = readFileSafe(path.join(cwd, ".gitignore"));
407
+ if (!gitignore) {
408
+ issues.push({ severity: "block", ...IMPACTS.ENV_NOT_GITIGNORED() });
409
+ return issues;
410
+ }
411
+ const lines = gitignore.split("\n").map(l => l.trim());
412
+ const ignored = lines.some(l => l === ".env" || l === "*.env" || l === ".env*");
413
+ if (!ignored) {
414
+ issues.push({ severity: "block", ...IMPACTS.ENV_NOT_GITIGNORED() });
415
+ }
416
+ return issues;
417
+ }
397
418
  async function runScan(options = {}) {
398
419
  const { hookMode = false, quiet = false, cwd = process.cwd() } = options;
399
420
  const start = Date.now();
@@ -408,6 +429,7 @@ async function runScan(options = {}) {
408
429
  ...checkLockfileSync(cwd),
409
430
  ...checkTypeScript(cwd),
410
431
  ...checkNpmAudit(cwd),
432
+ ...checkEnvGitignored(cwd),
411
433
  ...checkNodeVersion(cwd),
412
434
  ...checkPythonVersion(cwd),
413
435
  ];