Check:links and insecure HTTP usage

Author: soumeh01

.devcontainer/ubuntu-24.04/.p10k.zsh

@@ -1399,7 +1399,7 @@
 
   # Use POWERLEVEL9K_KUBECONTEXT_CONTENT_EXPANSION to specify the content displayed by kubecontext
   # segment. Parameter expansions are very flexible and fast, too. See reference:
-  # http://zsh.sourceforge.net/Doc/Release/Expansion.html#Parameter-Expansion.
+  # https://zsh.sourceforge.net/Doc/Release/Expansion.html#Parameter-Expansion.
   #
   # Within the expansion the following parameters are always available:
   #
@@ -1618,7 +1618,7 @@
 
   # Use POWERLEVEL9K_GOOGLE_APP_CRED_CONTENT_EXPANSION to specify the content displayed by
   # google_app_cred segment. Parameter expansions are very flexible and fast, too. See reference:
-  # http://zsh.sourceforge.net/Doc/Release/Expansion.html#Parameter-Expansion.
+  # https://zsh.sourceforge.net/Doc/Release/Expansion.html#Parameter-Expansion.
   #
   # You can use the following parameters in the expansion. Each of them corresponds to one of the
   # fields in the JSON file pointed to by GOOGLE_APPLICATION_CREDENTIALS.

LICENSE

@@ -17,7 +17,7 @@ The full license text of applicable licenses is provided below.
 
                                  Apache License
                            Version 2.0, January 2004
-                        http://www.apache.org/licenses/
+                        https://www.apache.org/licenses/
 
    TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
 

LICENSE-Apache-2.0

@@ -1,6 +1,6 @@
                                  Apache License
                            Version 2.0, January 2004
-                        http://www.apache.org/licenses/
+                        https://www.apache.org/licenses/
 
    TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
 

package.json

@@ -42,7 +42,7 @@
   "scripts": {
     "preprepare": "npm run download:rpc-interface",
     "prepare": "concurrently npm:download:uv2csolution npm:download:debug-adapters npm:download:toolbox",
-    "clean": "git clean -f -x ./dist ./out ./tools",
+    "clean": "git clean -f -x ./dist ./out ./tools ./coverage ./e2e-report ./e2e-screenshots ./test-results",
     "prebuild": "npm run font",
     "build": "webpack --mode production",
     "prewatch": "npm run font",
@@ -68,7 +68,8 @@
     "font": "fantasticon",
     "lint:md": "markdownlint **/*.md -c ./.github/markdownlint.jsonc -i ./node_modules -i ./dist -i ./coverage -i ./tools -i ./test-data -i ./src/e2e-tests/data -i CHANGELOG.md",
     "copyright:check": "tsx scripts/copyright-manager.ts --mode=check",
-    "copyright:fix": "tsx scripts/copyright-manager.ts --mode=fix"
+    "copyright:fix": "tsx scripts/copyright-manager.ts --mode=fix",
+    "check:links": "tsx scripts/check-links.ts -i ./node_modules/** -i ./.github/** -c ./.github/markdown-link-check.jsonc"
   },
   "dependencies": {
     "@ant-design/icons": "^5.6.1",

scripts/check-links.ts

@@ -0,0 +1,163 @@
+#!npx tsx
+
+/**
+ * Copyright 2026 Arm Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import { execFile as execFileCallback } from "child_process";
+import { readFile as readFileCallback } from "fs";
+import { glob } from "glob";
+import { resolve } from "path";
+import { promisify } from "util";
+import yargs from "yargs";
+import { hideBin } from "yargs/helpers";
+
+const execFile = promisify(execFileCallback);
+const readFile = promisify(readFileCallback);
+
+
+async function getChangedFiles(): Promise<string[]> {
+    const changedFiles = new Set<string>();
+
+    const unstaged = await execFile("git", [
+        "diff",
+        "--name-only",
+        "--diff-filter=ACMR"
+    ]);
+    unstaged.stdout
+        .split(/\r?\n/)
+        .map((f) => f.trim())
+        .filter(Boolean)
+        .forEach((f) => changedFiles.add(f));
+
+    const staged = await execFile("git", [
+        "diff",
+        "--name-only",
+        "--diff-filter=ACMR",
+        "--cached"
+    ]);
+    staged.stdout
+        .split(/\r?\n/)
+        .map((f) => f.trim())
+        .filter(Boolean)
+        .forEach((f) => changedFiles.add(f));
+
+    // Explicitly include newly added files from the index.
+    const stagedAdded = await execFile("git", [
+        "diff",
+        "--name-only",
+        "--diff-filter=A",
+        "--cached"
+    ]);
+    stagedAdded.stdout
+        .split(/\r?\n/)
+        .map((f) => f.trim())
+        .filter(Boolean)
+        .forEach((f) => changedFiles.add(f));
+
+    return Array.from(changedFiles);
+}
+
+async function checkForInsecureUrls(files: string[]): Promise<void> {
+    const insecurePattern = /http:\/\//;
+
+    for (const file of files) {
+        try {
+            const content = await readFile(file, "utf8");
+
+            // Skip likely binary files.
+            if (content.includes("\0")) {
+                continue;
+            }
+
+            const lines = content.split(/\r?\n/);
+            for (let i = 0; i < lines.length; i++) {
+                if (!insecurePattern.test(lines[i])) {
+                    continue;
+                }
+
+                console.error(`Insecure URL found in ${file}:${i + 1}`);
+                console.error(`  ${lines[i].trim()}`);
+                process.exitCode = 1;
+            }
+        } catch {
+            // Ignore unreadable/non-text files.
+        }
+    }
+}
+
+async function main() {
+    const argv = yargs(hideBin(process.argv))
+        .option("config", {
+            alias: "c",
+            type: "string",
+            description: "Path to markdown-link-check config file",
+            default: ".github/markdown-link-check.jsonc",
+        })
+        .option("ignore", {
+            alias: "i",
+            type: "array",
+            description: "Directories to ignore",
+            default: ["node_modules/**"],
+        })
+        .option("checkHttp", {
+            type: "boolean",
+            description: "Scan changed files for insecure http URLs",
+            default: true,
+        })
+        .help()
+        .alias("help", "h")
+        .parseSync();
+
+    const configPath = resolve(argv.config);
+    const mdFiles = await glob("**/*.md", {
+        ignore: argv.ignore as string[],
+    });
+
+    if (mdFiles.length === 0) {
+        console.log("No markdown files found.");
+    } else {
+        console.log(`Checking ${mdFiles.length} markdown file(s)...`);
+        for (const file of mdFiles) {
+            try {
+                const { stdout } = await execFile(
+                    "npx", ["markdown-link-check", "-v", "-c", configPath, file], { shell: true }
+                );
+                console.log(stdout);
+            } catch (err: any) {
+                console.error(`Error in file: ${file}`);
+                console.error(err.stdout || err.message);
+                process.exitCode = 1;
+            }
+        }
+    }
+
+    if (argv.checkHttp) {
+        const changedFiles = await getChangedFiles();
+
+        if (changedFiles.length === 0) {
+            console.log("No changed files found for insecure URL check.");
+            return;
+        }
+
+        console.log(`Checking ${changedFiles.length} changed file(s) for insecure URLs...`);
+        await checkForInsecureUrls(changedFiles);
+    }
+}
+
+main().catch((error) => {
+    console.error(error);
+    process.exit(1);
+});