@pkgdeps/secretlint-rule-checksum - npm Package Compare versions

Comparing version 1.1.1 to 1.2.0

package.json

 {
   "name": "@pkgdeps/secretlint-rule-checksum",
-  "version": "1.1.1",
+  "version": "1.2.0",
   "description": "secretlint rule that check if checking checksum.",
@@ -22,5 +22,6 @@ "keywords": [
   "sideEffects": false,
-  "main": "lib/secretlint-rule-checksum.js",
-  "module": "module/secretlint-rule-checksum.js",
-  "types": "lib/secretlint-rule-checksum.d.ts",
+  "type": "module",
+  "main": "./mjs/secretlint-rule-checksum.mjs",
+  "module": "./esm/index.js",
+  "types": "./dts/secretlint-rule-checksum.d.ts",
   "directories": {
@@ -31,14 +32,14 @@ "lib": "lib",
   "files": [
-    "bin/",
-    "lib/",
-    "module/",
-    "src/"
+    "dts/**/*.d.ts",
+    "esm/**/*.{js,map}",
+    "mjs/**/*.{mjs,map}",
+    "src/**/*.{ts,tsx,json}"
   ],
   "scripts": {
-    "test": "mocha \"test/**/*.ts\"",
+    "test": "mocha",
     "updateSnapshot": "UPDATE_SNAPSHOT=1 npm test",
     "format": "prettier --write \"**/*.{js,jsx,ts,tsx,css}\"",
-    "build": "tsc -p . && tsc -p ./tsconfig.module.json",
-    "watch": "tsc -p . --watch",
-    "clean": "rimraf lib/ module/",
+    "build": "packemon build --declaration standard",
+    "watch": "packemon watch",
+    "clean": "packemon clean",
     "prepublishOnly": "npm run clean && npm run build"
@@ -53,3 +54,3 @@ },
   "dependencies": {
-    "@pkgdeps/checksum-collector": "^1.1.1"
+    "@pkgdeps/checksum-collector": "^1.2.0"
   },
@@ -62,2 +63,3 @@ "devDependencies": {
     "mocha": "^9.1.1",
+    "packemon": "^1.5.0",
     "prettier": "^2.4.0",
@@ -72,3 +74,16 @@ "rimraf": "^3.0.2",
   },
-  "gitHead": "7c12241657e025caf894d5de3c7d0d77b686d3b5"
+  "packemon": {
+    "format": [
+      "mjs",
+      "esm"
+    ],
+    "inputs": {
+      "index": "src/secretlint-rule-checksum.ts"
+    },
+    "platform": [
+      "browser",
+      "node"
+    ]
+  },
+  "gitHead": "06fb7fd4c67e1c5ac277932595e9249d00bce630"
 }

README.md

@@ -5,3 +5,2 @@ # @pkgdeps/secretlint-rule-checksum
 
-
 ## Install
@@ -11,3 +10,3 @@
 
-    npm install @secretlint/secretlint-rule-github
+    npm install @pkgdeps/secretlint-rule-github
 
@@ -48,2 +47,25 @@ ## Usage
 
+## Manual Verify
+
+This rule report some false-positive, So You can verify the binary by comment.
+
+This rule ignore the error if following comment is found around `chmod`.
+
+```shell
+# {binary} is verified
+```
+
+For example, You can verify the `jq` binary by a comment.
+
+```shell
+# jq is verified
+chmod 755 jq
+```
+
+or 
+
+```shell
+chmod 755 jq # jq is verified
+```
+
 ## Options
@@ -53,3 +75,3 @@
     - Allows a list of binary name
-    - For example, `["git", "jq"]`
+    - For example, `["jq"]`
 
@@ -56,0 +78,0 @@ ## Changelog

src/secretlint-rule-checksum.ts

@@ -14,2 +14,10 @@ import { SecretLintRuleCreator, SecretLintSourceCode } from "@secretlint/types";
 };
+const hasVerifiedComment = (text: string, binaryName: string) => {
+    // # {binaryName} is verified
+    const match = text.match(/#(.*?)verified/);
+    if (match) {
+        return match[1].includes(binaryName);
+    }
+    return match;
+};
 export type Options = {
@@ -48,2 +56,17 @@ /**
                         }
+                        const currentLine = source.rangeToLocation(command.range);
+                        const ignoreCommentRange = source.locationToRange({
+                            start: {
+                                line: currentLine.start.line - 1,
+                                column: 0
+                            },
+                            end: {
+                                line: currentLine.end.line + 1,
+                                column: 0
+                            }
+                        });
+                        const commentText = source.content.slice(ignoreCommentRange[0], ignoreCommentRange[1] + 1);
+                        if (hasVerifiedComment(commentText, command.binary)) {
+                            return;
+                        }
                         context.report({
@@ -53,3 +76,2 @@ message: t("FOUND_UNVERIFIED_BINARY", {
                             }),
-                            // @ts-expect-error: range wider
                             range: command.range
@@ -56,0 +78,0 @@ });

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

19981

increased by26.56%

Lines of code

257

increased by18.98%

Number of lines in readme file

107

increased by25.88%

Is type module

Yes

Worsened metrics

Dev dependency count

11

increased by10%

Number of package files

9

decreased by-10%

Number of medium supply chain risk alerts

1

increased byInfinity%

Dependency changes

• Updated@pkgdeps/checksum-collector@^1.2.0