technical-debt-radar 1.5.0 → 1.6.1

package/dist/index.js

@@ -77,7 +77,8 @@ var require_constants = __commonJS({
       LARGE_JSON_STRINGIFY: "large-json-stringify",
       CPU_HEAVY_LOOP_IN_HANDLER: "cpu-heavy-loop-in-handler",
       UNBOUNDED_ARRAY_OPERATION: "unbounded-array-operation",
-      DYNAMIC_BUFFER_ALLOC: "dynamic-buffer-alloc"
+      DYNAMIC_BUFFER_ALLOC: "dynamic-buffer-alloc",
+      UNBOUNDED_PARALLEL_CALLS: "unbounded-parallel-external-calls"
     };
     exports2.RELIABILITY_RULES = {
       UNHANDLED_PROMISE_REJECTION: "unhandled-promise-rejection",
@@ -91,7 +92,8 @@ var require_constants = __commonJS({
       MISSING_DTO_VALIDATION: "missing-dto-validation",
       UNGUARDED_ROUTE_TODO: "unguarded-route-todo",
       ERROR_LOGGED_AS_INFO: "error-logged-as-info",
-      CATCH_SWALLOWS_CONTEXT: "catch-block-swallows-error-context"
+      CATCH_SWALLOWS_CONTEXT: "catch-block-swallows-error-context",
+      PROMISE_ALL_NO_ISOLATION: "promise-all-no-error-isolation"
     };
     exports2.PERFORMANCE_RULES = {
       UNBOUNDED_FIND_MANY: "unbounded-find-many",
@@ -111,6 +113,7 @@ var require_constants = __commonJS({
       CODE_DUPLICATION: "code-duplication",
       MISSING_TEST_FILE: "missing-test-file",
       UNUSED_EXPORT: "unused-export",
+      UNUSED_PUBLIC_METHOD: "unused-public-method",
       DEBUG_CONSOLE_LOG: "debug-console-log-in-production",
       LOW_TEST_COVERAGE: "low-test-coverage",
       LOW_BRANCH_COVERAGE: "low-branch-coverage",
@@ -12772,6 +12775,10 @@ var require_import_graph = __commonJS({
         const resolved = posixJoinAndNormalize(sourceDir, specifier);
         return resolveInProject(resolved, project) ?? resolved;
       }
+      const aliasStripped = specifier.replace(/^@\//, "src/").replace(/^~\//, "src/");
+      const aliasResolved = resolveInProject(aliasStripped, project);
+      if (aliasResolved)
+        return aliasResolved;
       const directResolved = resolveInProject(specifier, project);
       if (directResolved)
         return directResolved;
@@ -16185,6 +16192,7 @@ var require_reliability_detector = __commonJS({
     async function detectReliabilityIssues(input, policy) {
       const violations = [];
       const project = new ts_morph_1.Project({ useInMemoryFileSystem: true });
+      const schemaModuleMap = /* @__PURE__ */ new Map();
       for (const file of input.changedFiles) {
         if (file.status === "deleted")
           continue;
@@ -16205,6 +16213,10 @@ var require_reliability_detector = __commonJS({
         detectUnguardedRouteTodo(sourceFile, file.path, fns, policy, violations);
         detectCatchSwallowsContext(sourceFile, file.path, fns, policy, violations);
         detectDebugConsoleLog(sourceFile, file.path, fns, policy, violations);
+        detectProviderOutsideHomeModule(sourceFile, file.path, input.changedFiles, policy, violations);
+        detectSchemaMultiModule(sourceFile, file.path, schemaModuleMap, policy, violations);
+        detectPromiseAllNoIsolation(sourceFile, file.path, fns, policy, violations);
+        detectUnboundedParallelCalls(sourceFile, file.path, fns, policy, violations);
         project.removeSourceFile(sourceFile);
       }
       return applyExceptions(violations, policy);
@@ -16270,12 +16282,21 @@ var require_reliability_detector = __commonJS({
       }
       return false;
     }
+    function isNestJSInjectable(classNode) {
+      return classNode.getDecorators().some((d) => d.getName() === "Injectable");
+    }
     function isNestJSController(classNode) {
       return classNode.getDecorators().some((d) => {
         const name = d.getName();
         return name === "Controller" || name === "Resolver";
       });
     }
+    function isInsideNestJSInjectable(node) {
+      const classDecl = node.getFirstAncestorByKind(ts_morph_1.SyntaxKind.ClassDeclaration);
+      if (!classDecl)
+        return false;
+      return isNestJSInjectable(classDecl);
+    }
     function fileImportsNestJS(sourceFile) {
       for (const decl of sourceFile.getImportDeclarations()) {
         const spec = decl.getModuleSpecifierValue();
@@ -16386,6 +16407,8 @@ var require_reliability_detector = __commonJS({
           return;
         if (isNestJSControllerMethod(node, sourceFile))
           return;
+        if (fileImportsNestJS(sourceFile) && isInsideNestJSInjectable(node))
+          return;
         if (functionHasTryCatch(fn.node))
           return;
         const isRisky = isRiskyAwaitCall(node);
@@ -17010,6 +17033,226 @@ var require_reliability_detector = __commonJS({
         violations.push(makeViolation(shared_1.RELIABILITY_RULES.UNGUARDED_ROUTE_TODO, filePath, node.getStartLineNumber(), `Route handler '${node.getName?.() ?? "anonymous"}' has TODO/FIXME comment and no @UseGuards() \u2014 unprotected endpoint`, policy, fn?.name, "Add @UseGuards(JwtAuthGuard) or appropriate guard \u2014 this route is currently unprotected"));
       });
     }
+    function detectPromiseAllNoIsolation(sourceFile, filePath, fns, policy, violations) {
+      sourceFile.forEachDescendant((node) => {
+        if (!ts_morph_1.Node.isCallExpression(node))
+          return;
+        const expr = node.getExpression();
+        if (!ts_morph_1.Node.isPropertyAccessExpression(expr))
+          return;
+        if (expr.getName() !== "all")
+          return;
+        const obj = expr.getExpression();
+        if (!ts_morph_1.Node.isIdentifier(obj) || obj.getText() !== "Promise")
+          return;
+        const args = node.getArguments();
+        if (args.length === 0)
+          return;
+        const arrayArg = args[0];
+        if (!ts_morph_1.Node.isArrayLiteralExpression(arrayArg))
+          return;
+        const elements = arrayArg.getElements();
+        if (elements.length < 2)
+          return;
+        let hasExternalCalls = false;
+        let hasCatchHandlers = false;
+        for (const el of elements) {
+          const elText = el.getText();
+          if (/fetch|axios|http|this\.\w+Service|this\.\w+Model/.test(elText)) {
+            hasExternalCalls = true;
+          }
+          if (/\.catch\(/.test(elText)) {
+            hasCatchHandlers = true;
+          }
+        }
+        if (!hasExternalCalls)
+          return;
+        if (hasCatchHandlers)
+          return;
+        const fn = getEnclosingFn(node, fns);
+        violations.push(makeViolation(shared_1.RELIABILITY_RULES.PROMISE_ALL_NO_ISOLATION, filePath, node.getStartLineNumber(), `Promise.all() with ${elements.length} I/O calls \u2014 one failure rejects all with no error isolation`, policy, fn?.name, "Add .catch() to individual promises or use Promise.allSettled() for partial failure tolerance"));
+      });
+    }
+    function detectUnboundedParallelCalls(sourceFile, filePath, fns, policy, violations) {
+      sourceFile.forEachDescendant((node) => {
+        if (!ts_morph_1.Node.isCallExpression(node))
+          return;
+        const expr = node.getExpression();
+        if (!ts_morph_1.Node.isPropertyAccessExpression(expr))
+          return;
+        if (expr.getName() !== "all")
+          return;
+        const obj = expr.getExpression();
+        if (!ts_morph_1.Node.isIdentifier(obj) || obj.getText() !== "Promise")
+          return;
+        const args = node.getArguments();
+        if (args.length === 0)
+          return;
+        const firstArg = args[0];
+        if (!ts_morph_1.Node.isCallExpression(firstArg))
+          return;
+        const mapExpr = firstArg.getExpression();
+        if (!ts_morph_1.Node.isPropertyAccessExpression(mapExpr))
+          return;
+        if (mapExpr.getName() !== "map")
+          return;
+        const mapArgs = firstArg.getArguments();
+        if (mapArgs.length === 0)
+          return;
+        const callbackText = mapArgs[0].getText();
+        if (!/fetch|axios|http|this\.\w+Service|this\.\w+Model|\.upload|\.send|\.post|\.get|\.put|\.delete/i.test(callbackText)) {
+          return;
+        }
+        const fn = getEnclosingFn(node, fns);
+        violations.push({
+          category: "runtime_risk",
+          type: shared_1.RUNTIME_RISK_RULES.UNBOUNDED_PARALLEL_CALLS,
+          ruleId: shared_1.RUNTIME_RISK_RULES.UNBOUNDED_PARALLEL_CALLS,
+          severity: "warning",
+          source: "deterministic",
+          confidence: "high",
+          file: filePath,
+          line: node.getStartLineNumber(),
+          function: fn?.name,
+          message: "Promise.all(array.map()) with unbounded I/O calls \u2014 may overwhelm external service or exhaust connections",
+          suggestion: "Use p-limit or batch processing to limit concurrency: const limit = pLimit(5); await Promise.all(items.map(item => limit(() => fn(item))))",
+          debtPoints: 5,
+          gateAction: "warn"
+        });
+      });
+    }
+    function detectProviderOutsideHomeModule(sourceFile, filePath, allFiles, policy, violations) {
+      if (!filePath.endsWith(".module.ts") && !filePath.endsWith(".module.js"))
+        return;
+      sourceFile.forEachDescendant((node) => {
+        if (!ts_morph_1.Node.isDecorator(node) || node.getName() !== "Module")
+          return;
+        const args = node.getArguments?.();
+        if (!args || args.length === 0)
+          return;
+        const callExpr = node.getCallExpression?.();
+        if (!callExpr)
+          return;
+        const moduleArgs = callExpr.getArguments();
+        if (moduleArgs.length === 0 || !ts_morph_1.Node.isObjectLiteralExpression(moduleArgs[0]))
+          return;
+        const objLit = moduleArgs[0];
+        const providersProp = objLit.getProperty("providers");
+        if (!providersProp || !ts_morph_1.Node.isPropertyAssignment(providersProp))
+          return;
+        const providersInit = providersProp.getInitializer();
+        if (!providersInit || !ts_morph_1.Node.isArrayLiteralExpression(providersInit))
+          return;
+        const moduleFolder = filePath.replace(/\/[^/]+$/, "");
+        for (const element of providersInit.getElements()) {
+          if (!ts_morph_1.Node.isIdentifier(element))
+            continue;
+          const providerName = element.getText();
+          for (const importDecl of sourceFile.getImportDeclarations()) {
+            const namedImports = importDecl.getNamedImports();
+            const matchingImport = namedImports.find((n) => n.getName() === providerName);
+            if (!matchingImport)
+              continue;
+            const specifier = importDecl.getModuleSpecifierValue();
+            if (specifier.startsWith(".") || specifier.startsWith("/")) {
+              const resolvedPath = specifier.replace(/^\.\//, moduleFolder + "/").replace(/^\.\.\//, moduleFolder + "/../");
+              if (!resolvedPath.startsWith(moduleFolder) && !specifier.startsWith("./")) {
+                violations.push({
+                  category: "architecture",
+                  type: shared_1.ARCHITECTURE_RULES.PROVIDER_OUTSIDE_HOME,
+                  ruleId: shared_1.ARCHITECTURE_RULES.PROVIDER_OUTSIDE_HOME,
+                  severity: "warning",
+                  source: "deterministic",
+                  confidence: "high",
+                  file: filePath,
+                  line: element.getStartLineNumber(),
+                  message: `Provider '${providerName}' is imported from outside this module's folder \u2014 consider moving it to its home module or a shared module`,
+                  suggestion: `Move ${providerName} to this module's folder or register it in the module where it's defined`,
+                  debtPoints: 3,
+                  gateAction: "warn"
+                });
+              }
+            }
+          }
+        }
+      });
+    }
+    function detectSchemaMultiModule(sourceFile, filePath, schemaMap, policy, violations) {
+      if (!filePath.endsWith(".module.ts") && !filePath.endsWith(".module.js"))
+        return;
+      sourceFile.forEachDescendant((node) => {
+        if (!ts_morph_1.Node.isCallExpression(node))
+          return;
+        const expr = node.getExpression();
+        if (!ts_morph_1.Node.isPropertyAccessExpression(expr))
+          return;
+        const methodName = expr.getName();
+        if (methodName !== "forFeature")
+          return;
+        const obj = expr.getExpression();
+        const objText = ts_morph_1.Node.isIdentifier(obj) ? obj.getText() : "";
+        if (objText !== "MongooseModule" && objText !== "TypeOrmModule")
+          return;
+        const args = node.getArguments();
+        if (args.length === 0)
+          return;
+        const arrayArg = args[0];
+        if (!ts_morph_1.Node.isArrayLiteralExpression(arrayArg))
+          return;
+        for (const element of arrayArg.getElements()) {
+          if (ts_morph_1.Node.isObjectLiteralExpression(element)) {
+            const nameProp = element.getProperty("name");
+            if (nameProp && ts_morph_1.Node.isPropertyAssignment(nameProp)) {
+              const init = nameProp.getInitializer();
+              if (init) {
+                const schemaName = init.getText().replace(/\.name$/, "");
+                const existing = schemaMap.get(schemaName) ?? [];
+                existing.push(filePath);
+                schemaMap.set(schemaName, existing);
+                if (existing.length > 1) {
+                  violations.push({
+                    category: "architecture",
+                    type: shared_1.ARCHITECTURE_RULES.SCHEMA_MULTI_MODULE,
+                    ruleId: shared_1.ARCHITECTURE_RULES.SCHEMA_MULTI_MODULE,
+                    severity: "warning",
+                    source: "deterministic",
+                    confidence: "high",
+                    file: filePath,
+                    line: element.getStartLineNumber(),
+                    message: `Schema '${schemaName}' registered in multiple modules: ${existing.join(", ")}`,
+                    suggestion: "Register the schema in one module and import that module where needed",
+                    debtPoints: 3,
+                    gateAction: "warn"
+                  });
+                }
+              }
+            }
+          }
+          if (ts_morph_1.Node.isIdentifier(element)) {
+            const entityName = element.getText();
+            const existing = schemaMap.get(entityName) ?? [];
+            existing.push(filePath);
+            schemaMap.set(entityName, existing);
+            if (existing.length > 1) {
+              violations.push({
+                category: "architecture",
+                type: shared_1.ARCHITECTURE_RULES.SCHEMA_MULTI_MODULE,
+                ruleId: shared_1.ARCHITECTURE_RULES.SCHEMA_MULTI_MODULE,
+                severity: "warning",
+                source: "deterministic",
+                confidence: "high",
+                file: filePath,
+                line: element.getStartLineNumber(),
+                message: `Entity '${entityName}' registered in multiple modules: ${existing.join(", ")}`,
+                suggestion: "Register the entity in one module and import that module where needed",
+                debtPoints: 3,
+                gateAction: "warn"
+              });
+            }
+          }
+        }
+      });
+    }
     var DEBUG_LOG_PATTERN = /\b(RESULT|DEBUG|TEST|TODO|FIXME|HACK|XXX)\b/i;
     var EXCLUDE_LOG_FILES = /\.(spec|test)\.(ts|js)|seed|migration|main\.(ts|js)$/;
     function detectDebugConsoleLog(sourceFile, filePath, fns, policy, violations) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "technical-debt-radar",
-  "version": "1.5.0",
+  "version": "1.6.1",
   "description": "Stop Node.js production crashes before merge. 47 detection patterns across 5 categories.",
   "bin": {
     "radar": "dist/index.js",