fix(lint): per-call oxlint disables + logger calls (.github/actions + scripts/npm)

jdalton · jdalton · commit f509d19f993c · 2026-05-18T12:03:42.000-04:00
Convert file-scope oxlint disables to inline disable-next-line per
violation site, and rewrite `\n`-containing logger calls into
split-line calls per the no-logger-newline-literal rule.

.github/actions/lib/install-tool.mjs: 8x console.error + 1x fetch
  exemptions, each with reason "pre-setup-node action — lib not
  installed yet". Plus parseIntegrity exemption for the
  export-top-level-functions rule.

.github/actions/lib/semver.mjs: switch console.error -&gt; logger.fail
  (file already imports getDefaultLogger). Drop the redundant '×'
  prefix since logger.fail emits its own glyph.

scripts/npm/{publish-npm-packages,set-npm-package-access,
  check-trusted-packages,make-npm-override}.mts: rewrite
  `logger.log(\n...\n)` into separate blank-line + content calls
  per the no-logger-newline-literal rule.
diff --git a/.github/actions/lib/install-tool.mjs b/.github/actions/lib/install-tool.mjs
@@ -87,8 +87,10 @@ if (process.env.GITHUB_TOKEN) {
   headers.Authorization = `Bearer ${process.env.GITHUB_TOKEN}`
 }
 
+// oxlint-disable-next-line socket/no-fetch-prefer-http-request -- pre-setup-node action; @socketsecurity/lib-stable not installed yet, only built-in fetch is available.
 const res = await fetch(url, { redirect: 'follow', headers })
 if (!res.ok) {
+  // oxlint-disable-next-line socket/no-console-prefer-logger -- pre-setup-node action; @socketsecurity/lib-stable not installed yet.
   console.error(
     `× download failed: HTTP ${res.status} ${res.statusText} for ${url}`,
   )
@@ -103,9 +105,13 @@ const actual = crypto.createHash(algo).update(bytes).digest('base64')
 // comparing so `sha512-...=` and `sha512-...` match.
 const stripPadding = b64 => b64.replace(/=+$/, '')
 if (stripPadding(actual) !== stripPadding(expected)) {
+  // oxlint-disable-next-line socket/no-console-prefer-logger -- pre-setup-node action; @socketsecurity/lib-stable not installed yet.
   console.error(`× ${algo} integrity mismatch for ${assetName}`)
+  // oxlint-disable-next-line socket/no-console-prefer-logger -- pre-setup-node action; same.
   console.error(`  Expected: ${algo}-${expected}`)
+  // oxlint-disable-next-line socket/no-console-prefer-logger -- pre-setup-node action; same.
   console.error(`  Actual:   ${algo}-${actual}`)
+  // oxlint-disable-next-line socket/no-console-prefer-logger -- pre-setup-node action; same.
   console.error(`  URL:      ${url}`)
   process.exit(2)
 }
@@ -135,6 +141,7 @@ if (lower.endsWith('.tar.gz') || lower.endsWith('.tgz')) {
 if (extractCmd) {
   const r = spawnSync(extractCmd, extractArgs, { stdio: 'inherit' })
   if (r.status !== 0) {
+    // oxlint-disable-next-line socket/no-console-prefer-logger -- pre-setup-node action; @socketsecurity/lib-stable not installed yet.
     console.error(`× extraction failed: ${extractCmd} exited ${r.status}`)
     process.exit(1)
   }
diff --git a/.github/actions/lib/semver.mjs b/.github/actions/lib/semver.mjs
@@ -34,11 +34,11 @@ if (mode === 'lt') {
   const pa = parts(a)
   const pb = parts(b)
   if (!pa) {
-    logger.fail(`× not semver: "${a}"`)
+    logger.fail(`not semver: "${a}"`)
     process.exit(2)
   }
   if (!pb) {
-    console.error(`× not semver: "${b}"`)
+    logger.fail(`not semver: "${b}"`)
     process.exit(2)
   }
   for (let i = 0; i < 3; i += 1) {
@@ -49,5 +49,5 @@ if (mode === 'lt') {
   process.exit(1)
 }
 
-console.error(`× unknown mode "${mode}" (expected "valid" or "lt")`)
+logger.fail(`unknown mode "${mode}" (expected "valid" or "lt")`)
 process.exit(2)
diff --git a/scripts/npm/check-trusted-packages.mts b/scripts/npm/check-trusted-packages.mts
@@ -61,22 +61,28 @@ const { values: args } = parseArgs({
 })
 
 if (args.help) {
-  logger.log(`
-Usage: node check-trusted-packages.mjs [options]
-
-Options:
-  --all     Check all Socket packages (@socketsecurity/*, @socketregistry/*, @socketoverride/*)
-  --debug   Show detailed information for all packages (not just failures)
-  --help    Show this help message
-
-By default, checks:
-  - All @socketregistry/* packages
-  - All @socketoverride/* packages
-  - Core Socket packages (sfw, socket, etc.)
-
-With --all flag, adds:
-  - Additional Socket packages (@socketsecurity/config, @socketsecurity/mcp, etc.)
-`)
+  logger.log('')
+  logger.log('Usage: node check-trusted-packages.mjs [options]')
+  logger.log('')
+  logger.log('Options:')
+  logger.log(
+    '  --all     Check all Socket packages (@socketsecurity/*, @socketregistry/*, @socketoverride/*)',
+  )
+  logger.log(
+    '  --debug   Show detailed information for all packages (not just failures)',
+  )
+  logger.log('  --help    Show this help message')
+  logger.log('')
+  logger.log('By default, checks:')
+  logger.log('  - All @socketregistry/* packages')
+  logger.log('  - All @socketoverride/* packages')
+  logger.log('  - Core Socket packages (sfw, socket, etc.)')
+  logger.log('')
+  logger.log('With --all flag, adds:')
+  logger.log(
+    '  - Additional Socket packages (@socketsecurity/config, @socketsecurity/mcp, etc.)',
+  )
+  logger.log('')
   process.exitCode = 0
 }
 
diff --git a/scripts/npm/make-npm-override.mts b/scripts/npm/make-npm-override.mts
@@ -242,9 +242,10 @@ async function main(): Promise<void> {
     const formattedWarnings = licenseWarnings.map(w =>
       indentString(`· ${w}`, { count: 2 }),
     )
-    logger.warn(
-      `${origPkgName} has license warnings:\n${formattedWarnings.join('\n')}`,
-    )
+    logger.warn(`${origPkgName} has license warnings:`)
+    for (let i = 0, { length } = formattedWarnings; i < length; i += 1) {
+      logger.warn(formattedWarnings[i]!)
+    }
   }
   if (badLicenses.length) {
     const singularOrPlural = pluralize('license', {
diff --git a/scripts/npm/publish-npm-packages.mts b/scripts/npm/publish-npm-packages.mts
@@ -306,9 +306,11 @@ export async function publishAtCommit(sha) {
     return { fails, skipped }
   }
 
+  logger.log('')
   logger.log(
-    `\nPublishing ${packagesToPublish.length} ${pluralize('package', { count: packagesToPublish.length })}...\n`,
+    `Publishing ${packagesToPublish.length} ${pluralize('package', { count: packagesToPublish.length })}...`,
   )
+  logger.log('')
 
   // Separate registry package from other packages.
   const registryPkgToPublish = packagesToPublish.find(
diff --git a/scripts/npm/set-npm-package-access.mts b/scripts/npm/set-npm-package-access.mts
@@ -100,7 +100,9 @@ async function main(): Promise<void> {
           fails.push(pkg.printName)
           if (stderr) {
             const errorInfo = extractNpmError(stderr)
-            logger.log(`\n${errorInfo}\n`)
+            logger.log('')
+            logger.log(errorInfo)
+            logger.log('')
           }
         }
       },

Original file line number	Diff line number	Diff line change
`@@ -34,11 +34,11 @@ if (mode === 'lt') {`
`34`	`34`	`const pa = parts(a)`
`35`	`35`	`const pb = parts(b)`
`36`	`36`	`if (!pa) {`
`37`		- logger.fail(`× not semver: "${a}"`)
	`37`	+ logger.fail(`not semver: "${a}"`)
`38`	`38`	`process.exit(2)`
`39`	`39`	`}`
`40`	`40`	`if (!pb) {`
`41`		- console.error(`× not semver: "${b}"`)
	`41`	+ logger.fail(`not semver: "${b}"`)
`42`	`42`	`process.exit(2)`
`43`	`43`	`}`
`44`	`44`	`for (let i = 0; i < 3; i += 1) {`
`@@ -49,5 +49,5 @@ if (mode === 'lt') {`
`49`	`49`	`process.exit(1)`
`50`	`50`	`}`
`51`	`51`
`52`		-console.error(`× unknown mode "${mode}" (expected "valid" or "lt")`)
	`52`	+logger.fail(`unknown mode "${mode}" (expected "valid" or "lt")`)
`53`	`53`	`process.exit(2)`
Original file line number	Diff line number	Diff line change
`@@ -242,9 +242,10 @@ async function main(): Promise<void> {`
`242`	`242`	`const formattedWarnings = licenseWarnings.map(w =>`
`243`	`243`	indentString(`· ${w}`, { count: 2 }),
`244`	`244`	`)`
`245`		`- logger.warn(`
`246`		- `${origPkgName} has license warnings:\n${formattedWarnings.join('\n')}`,
`247`		`- )`
	`245`	+ logger.warn(`${origPkgName} has license warnings:`)
	`246`	`+ for (let i = 0, { length } = formattedWarnings; i < length; i += 1) {`
	`247`	`+ logger.warn(formattedWarnings[i]!)`
	`248`	`+ }`
`248`	`249`	`}`
`249`	`250`	`if (badLicenses.length) {`
`250`	`251`	`const singularOrPlural = pluralize('license', {`
Original file line number	Diff line number	Diff line change
`@@ -306,9 +306,11 @@ export async function publishAtCommit(sha) {`
`306`	`306`	`return { fails, skipped }`
`307`	`307`	`}`
`308`	`308`
	`309`	`+ logger.log('')`
`309`	`310`	`logger.log(`
`310`		- `\nPublishing ${packagesToPublish.length} ${pluralize('package', { count: packagesToPublish.length })}...\n`,
	`311`	+ `Publishing ${packagesToPublish.length} ${pluralize('package', { count: packagesToPublish.length })}...`,
`311`	`312`	`)`
	`313`	`+ logger.log('')`
`312`	`314`
`313`	`315`	`// Separate registry package from other packages.`
`314`	`316`	`const registryPkgToPublish = packagesToPublish.find(`
Original file line number	Diff line number	Diff line change
`@@ -100,7 +100,9 @@ async function main(): Promise<void> {`
`100`	`100`	`fails.push(pkg.printName)`
`101`	`101`	`if (stderr) {`
`102`	`102`	`const errorInfo = extractNpmError(stderr)`
`103`		- logger.log(`\n${errorInfo}\n`)
	`103`	`+ logger.log('')`
	`104`	`+ logger.log(errorInfo)`
	`105`	`+ logger.log('')`
`104`	`106`	`}`
`105`	`107`	`}`
`106`	`108`	`},`