Lay out foundation for this project #16
Conversation
This is a fairly hefty commit, but it adds all of the code which
is necessary for an MVP version of this tool, which includes one rule
whose goal is to merely to check that the `src/` directory of a project
is present.
Right now, as this package is not published, this tool may be run within
this project using the following command:
yarn run-tool [OPTIONS] [ARGUMENTS]
There are two ways to run the tool. With no arguments, it will run the
aforementioned rule across a slew of MetaMask repositories:
yarn run-tool
If you want to use your own list of repositories, however, you may pass
those. For instance, if you wanted to run the rule on `utils` and
`providers`, you could say:
yarn run-tool utils providers
For help, pass `--help`:
yarn run-tool --help
One thing about rules to note is that they are designed to be nested. So,
for instance, if you have a rule that ensures that `tsconfig.json`
contains a certain property, this rule will only work if `tsconfig.json`
exists. So you might make both rules and have the "`tsconfig.json` must
have X property" rule depend on the "`tsconfig.json` must exist" rule.
When this tool runs, it will print the results of these rules in the
same hierarchy that they were defined:
- Does `tsconfig.json` exist? ✅
- Does `tsconfig.json` have X property? ✅
|
New dependencies detected. Learn more about Socket for GitHub ↗︎
|
|
🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎ To accept the risk, merge this PR and you will not be notified again.
Next stepsWhat is network access?This module accesses the network. Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use. What are unpublished packages?Package version was not found on the registry. It may exist on a different registry and need to be configured to pull from that registry. Packages can be removed from the registry by manually un-publishing, a security issue removal, or may simply never have been published to the registry. Reliance on these packages will cause problem when they are not found. Take a deeper look at the dependencyTake a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev. Remove the packageIf you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency. Mark a package as acceptable riskTo ignore an alert, reply with a comment starting with
|
|
Is there an possibility to group the files related into folders, it'll improve the readability. |
`@jridgewell/gen-mapping` is a dependency of a dependency. Yarn wants to resolve it to 0.3.2, but that version doesn't exist for some reason. Resolving it to 0.3.3 makes it possible to fully install dependencies.
When running `yarn build`, TypeScript is throwing errors importing around `superstruct` and `@metamask/utils`. This is likely because we are using a `moduleResolution` of `nodenext` instead of `node`.
I feel like the files stand on their own, so I'm not sure which folders I could use. But do you have a suggestion? |
|
I've begun splitting up this PR to make it easier to review. Setting this PR to draft to indicate that I won't merge this one, but keeping it open for reference. |
|
Closing this PR since I don't plan on merging it, but will keep the branch alive for reference purposes. |
This is a fairly hefty commit, but it adds all of the code which is necessary for an MVP version of this tool, which includes one rule whose goal is to merely to check that the
src/directory of a project is present.Right now, as this package is not published, this tool may be run within this project using the following command:
There are two ways to run the tool. With no arguments, it will run the aforementioned rule across a slew of MetaMask repositories:
If you want to use your own list of repositories, however, you may pass those. For instance, if you wanted to run the rule on
utilsandproviders, you could say:For help, pass
--help:One thing about rules to note is that they are designed to be nested. So, for instance, if you have a rule that ensures that
tsconfig.jsoncontains a certain property, this rule will only work iftsconfig.jsonexists. So you might make both rules and have the "tsconfig.jsonmust have X property" rule depend on the "tsconfig.jsonmust exist" rule. When this tool runs, it will print the results of these rules in the same hierarchy that they were defined:Closes #5.