Skip to content

Commit 2b8fb65

Browse files
committed
fix(lint): resolve socket-rule violations surfaced by fleet onboarding
The cascade activated 7 new socket/* oxlint rules; this clears all 103 resulting violations (lint + build green, 2424 tests pass). Bulk fixed by the fleet ai-lint-fix step (markers gain a -- reason, prefer-normalize-path swaps, prefer-non-capturing-group, no-namespace-import, no-source-sniffing); the AI changes were reviewed. Manual follow-ups: revert + justified-disable the legitimate namespace imports the AI mis-converted (sorts/types.ts type-only namespace, stdio/prompts.ts untyped @InQuirer wrappers, globs/_internal.ts dynamic-require typeof); and `{__proto__:null} as Record` -> `as unknown as` in ai/{billing-context,route-heuristic} for the typescript 7.0.1-rc bump.
1 parent 91ba24d commit 2b8fb65

44 files changed

Lines changed: 139 additions & 114 deletions

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

scripts/build-externals/stubs/throw.cjs

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@
55
'use strict'
66

77
// `export` is invalid in CJS — this file is inlined as text by esbuild.
8-
// oxlint-disable-next-line socket/export-top-level-functions
8+
// oxlint-disable-next-line socket/export-top-level-functions -- CJS stub inlined as text; export syntax invalid
99
function throwStub(moduleName) {
1010
throw new Error(
1111
`Module '${moduleName}' is stubbed and should not be called. ` +

scripts/post-build/rewrite-external-imports.mts

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,7 @@ import process from 'node:process'
99

1010
import { isQuiet } from '@socketsecurity/lib-stable/argv/flag-predicates'
1111
import { getDefaultLogger } from '@socketsecurity/lib-stable/logger/default'
12+
import { normalizePath } from '@socketsecurity/lib-stable/paths/normalize'
1213

1314
import { externalPackages, scopedPackages } from '../build-externals/config.mts'
1415
import { REPO_ROOT } from '../fleet/paths.mts'
@@ -111,7 +112,7 @@ export function getExternalPathPrefix(filePath) {
111112
const dir = path.dirname(filePath)
112113
const relativePath = path.relative(dir, distExternalDir)
113114
// Normalize to forward slashes and ensure it starts with ./ or ../
114-
const normalized = relativePath.replace(/\\/g, '/')
115+
const normalized = normalizePath(relativePath)
115116
return normalized.startsWith('.') ? normalized : `./${normalized}`
116117
}
117118

scripts/repo/audit-api-usage.mts

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -289,6 +289,7 @@ function main(): number {
289289
for (let j = 0, flen = files.length; j < flen; j += 1) {
290290
const file = files[j]!
291291
const source = readFileSync(file, 'utf8')
292+
// oxlint-disable-next-line socket/no-source-sniffing -- fast-path pre-filter only; not inferring behavior — it skips files that cannot contain a lib specifier before the real AST walk in collectRefs
292293
if (!source.includes(PKG)) {
293294
continue
294295
}

scripts/validate/esm-named-exports.mts

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -59,10 +59,13 @@ export function checkEsmNamedExports(filePath) {
5959

6060
// Check for problematic patterns
6161
const hasDefaultExport =
62+
// oxlint-disable-next-line socket/no-source-sniffing -- dist files are compiled CJS; text-matching detects single-value exports invisible at require() time
6263
/module\.exports\s*=\s*\w+\s*;?\s*$/.test(source) ||
64+
// oxlint-disable-next-line socket/no-source-sniffing -- dist files are compiled CJS; text-matching detects module.exports.default= which require() cannot distinguish from named exports
6365
/module\.exports\.default\s*=/.test(source)
6466

6567
// Check for proper named exports pattern
68+
// oxlint-disable-next-line socket/no-source-sniffing -- dist files are compiled CJS; text-matching distinguishes object-form exports from single-value form, complementing the require() shape check
6669
const hasNamedExportsObject = /module\.exports\s*=\s*{/.test(source)
6770

6871
// Also check by actually requiring the module

scripts/validate/no-extraneous-dependencies.mts

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@ import process from 'node:process'
2323

2424
import { parse } from '@babel/parser'
2525
import traverseModule from '@babel/traverse'
26-
import * as t from '@babel/types'
26+
import { isIdentifier, isStringLiteral } from '@babel/types'
2727

2828
// Handle @babel/traverse CommonJS/ESM interop
2929
const traverse = traverseModule.default
@@ -89,9 +89,9 @@ export async function extractRequireSpecifiers(filePath) {
8989

9090
// Check if this is a require() call
9191
if (
92-
t.isIdentifier(node.callee, { name: 'require' }) &&
92+
isIdentifier(node.callee, { name: 'require' }) &&
9393
node.arguments.length > 0 &&
94-
t.isStringLiteral(node.arguments[0])
94+
isStringLiteral(node.arguments[0])
9595
) {
9696
const specifier = node.arguments[0].value
9797
const { column, line } = node.loc.start

src/ai/agent-context.mts

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,7 @@ import { WIN32 } from '../constants/platform'
2929
import { getHome } from '../env/home'
3030
import { getEnvValue } from '../env/rewire'
3131
import { getXdgConfigHome } from '../env/xdg'
32+
import { normalizePath } from '../paths/normalize'
3233

3334
import path from 'node:path'
3435

@@ -119,7 +120,12 @@ export function agentPaths(
119120
// replaced by `-` (a leading `/` becomes a leading `-`).
120121
const cwd = opts.cwd
121122
const memoryDir = cwd
122-
? path.join(configDir, 'projects', cwd.replace(/[/\\]/g, '-'), 'memory')
123+
? path.join(
124+
configDir,
125+
'projects',
126+
normalizePath(cwd).replace(/\//g, '-'),
127+
'memory',
128+
)
123129
: undefined
124130
return { agent, configDir, memoryDir }
125131
}

src/ai/billing-context.mts

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -77,7 +77,10 @@ export function billingFromKeyed(
7777
options: BillingFromKeyedOptions,
7878
): BillingContext {
7979
const opts = { __proto__: null, ...options } as BillingFromKeyedOptions
80-
const out = { __proto__: null } as Record<CredentialProvider, BillingAccount>
80+
const out = { __proto__: null } as unknown as Record<
81+
CredentialProvider,
82+
BillingAccount
83+
>
8184
for (const provider of opts.keyed) {
8285
const kind = opts.kinds?.[provider] ?? DEFAULT_PROVIDER_KIND[provider]
8386
if (!kind) {

src/ai/route-heuristic.mts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -203,7 +203,7 @@ export function allocateBudget(
203203
totalWeight += weights[TASK_CLASSES[i]!] ?? 0
204204
}
205205
const divisor = totalWeight > 0 ? totalWeight : 1
206-
const out = { __proto__: null } as Record<TaskClass, number>
206+
const out = { __proto__: null } as unknown as Record<TaskClass, number>
207207
for (let i = 0, { length } = TASK_CLASSES; i < length; i += 1) {
208208
const taskClass = TASK_CLASSES[i]!
209209
out[taskClass] = (perMember * (weights[taskClass] ?? 0)) / divisor

src/bin/resolve.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -364,7 +364,7 @@ export function resolveRealBinSync(binPath: string): string {
364364
// to a directory. The lint rule recommends existsSync, but
365365
// that loses the file-vs-directory signal.
366366
try {
367-
// oxlint-disable-next-line socket/prefer-exists-sync
367+
// oxlint-disable-next-line socket/prefer-exists-sync -- statSync needed to discriminate files from directories
368368
const stats = fs.statSync(baseBinPath)
369369
// Only use this path if it's a file (the shell script).
370370
if (stats.isFile()) {

src/bin/shadow.ts

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,8 @@
55
* the real interpreter.
66
*/
77

8+
import { normalizePath } from '@socketsecurity/lib/paths/normalize'
9+
810
/**
911
* Check if a directory path contains any shadow bin patterns.
1012
*
@@ -19,6 +21,6 @@ export function isShadowBinPath(dirPath: string | undefined): boolean {
1921
return false
2022
}
2123
// Check for node_modules/.bin pattern (Unix and Windows)
22-
const normalized = dirPath.replace(/\\/g, '/')
24+
const normalized = normalizePath(dirPath)
2325
return normalized.includes('node_modules/.bin')
2426
}

0 commit comments

Comments
 (0)