threadlines 0.2.17 → 0.2.19
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/commands/check.js +8 -0
- package/dist/git/diff.js +17 -1
- package/package.json +1 -1
package/dist/commands/check.js
CHANGED
|
@@ -227,6 +227,14 @@ async function checkCommand(options) {
|
|
|
227
227
|
console.error(chalk_1.default.bold('ℹ️ No changes detected.'));
|
|
228
228
|
process.exit(0);
|
|
229
229
|
}
|
|
230
|
+
// Safety limit: prevent expensive API calls on large diffs
|
|
231
|
+
const MAX_CHANGED_FILES = 20;
|
|
232
|
+
if (gitDiff.changedFiles.length > MAX_CHANGED_FILES) {
|
|
233
|
+
console.error(chalk_1.default.red(`❌ Too many changed files: ${gitDiff.changedFiles.length} (max: ${MAX_CHANGED_FILES})`));
|
|
234
|
+
console.error(chalk_1.default.gray(' This limit prevents expensive API calls on large diffs.'));
|
|
235
|
+
console.error(chalk_1.default.gray(' Consider reviewing smaller batches of changes.'));
|
|
236
|
+
process.exit(1);
|
|
237
|
+
}
|
|
230
238
|
// Check for zero diff (files changed but no actual code changes)
|
|
231
239
|
if (!gitDiff.diff || gitDiff.diff.trim() === '') {
|
|
232
240
|
console.log(chalk_1.default.blue('ℹ️ No code changes detected. Diff contains zero lines added or removed.'));
|
package/dist/git/diff.js
CHANGED
|
@@ -26,6 +26,21 @@ const child_process_1 = require("child_process");
|
|
|
26
26
|
* @param repoRoot - Path to the repository root
|
|
27
27
|
* @returns Repository URL (e.g., "https://github.com/user/repo.git")
|
|
28
28
|
*/
|
|
29
|
+
/**
|
|
30
|
+
* Sanitize a git remote URL by removing embedded credentials.
|
|
31
|
+
*
|
|
32
|
+
* CI environments often embed tokens in the remote URL for authentication:
|
|
33
|
+
* - GitLab CI: https://gitlab-ci-token:TOKEN@gitlab.com/user/repo
|
|
34
|
+
* - GitHub Actions: https://x-access-token:TOKEN@github.com/user/repo
|
|
35
|
+
*
|
|
36
|
+
* This function strips credentials to prevent token exposure in logs/UI.
|
|
37
|
+
*/
|
|
38
|
+
function sanitizeRepoUrl(url) {
|
|
39
|
+
// Handle HTTPS URLs with credentials: https://user:pass@host/path
|
|
40
|
+
// The regex matches: protocol://anything@host/path and removes "anything@"
|
|
41
|
+
const sanitized = url.replace(/^(https?:\/\/)([^@]+@)/, '$1');
|
|
42
|
+
return sanitized;
|
|
43
|
+
}
|
|
29
44
|
async function getRepoUrl(repoRoot) {
|
|
30
45
|
try {
|
|
31
46
|
const url = (0, child_process_1.execSync)('git remote get-url origin', {
|
|
@@ -35,7 +50,8 @@ async function getRepoUrl(repoRoot) {
|
|
|
35
50
|
if (!url) {
|
|
36
51
|
throw new Error('Empty URL returned');
|
|
37
52
|
}
|
|
38
|
-
|
|
53
|
+
// Remove embedded credentials (CI tokens) from the URL
|
|
54
|
+
return sanitizeRepoUrl(url);
|
|
39
55
|
}
|
|
40
56
|
catch (error) {
|
|
41
57
|
const message = error instanceof Error ? error.message : String(error);
|