Skip to content

fix(lint): resolve eslint-plugin-unicorn 65.0.0 violations#533

Merged
nullvariant merged 2 commits into
mainfrom
fix-unicorn-65
Jun 11, 2026
Merged

fix(lint): resolve eslint-plugin-unicorn 65.0.0 violations#533
nullvariant merged 2 commits into
mainfrom
fix-unicorn-65

Conversation

@nullvariant

Copy link
Copy Markdown
Owner

Summary

Supersedes #526. Bumps eslint-plugin-unicorn from 64.0.0 to 65.0.0 (Dependabot commit cherry-picked as-is) and resolves all 39 lint violations introduced by the new recommended rules, so the build and Security Linting checks pass again.

Changes

  • Apply equivalent rewrites for new rules: prefer-split-limit, prefer-string-repeat, no-array-from-fill, prefer-array-some, prefer-string-pad-start-end, prefer-string-raw (all verified semantically identical)
  • Add test-only overrides: no-this-outside-of-class (mocha function-style hooks use this.timeout()) and prefer-https (intentional http:// test data for URL validation — the rule's auto-fix would silently erase the http-scheme branch coverage)
  • Exempt userName from consistent-compound-words via surgical replacements: { userName: false } (keeps the other ~62 compound-word detections active): GitConfig identifiers mirror git config keys (user.name / user.email / user.signingkey)
  • Rename GitConfig.signingKey to userSigningKey to complete the user.* key mirroring (userName / userEmail / userSigningKey); the SyncMismatch.field values ('name' | 'email' | 'signingKey') are a separate key-suffix naming scheme surfaced in user-facing tooltips and are intentionally unchanged

Checklist

General

  • Tests pass (npm test)
  • Linter passes (npm run lint)
  • Coverage not decreased (npm run test:coverage) — statements 100% maintained

Naming Conventions (if adding/renaming functions)

  • is* functions return boolean only
  • has* functions return boolean only
  • validate* functions return result object (not void)
  • Functions that throw use *OrThrow or assert* prefix
  • No check* prefix used for pure predicates
  • See ARCHITECTURE.md

(No functions added or renamed — only the GitConfig.userSigningKey field; conventions verified unaffected.)

Security (if touching validation/security code)

  • No new magic numbers (use constants from src/core/constants.ts)
  • No new regex literals (use patterns from src/validators/common.ts)
  • Security-critical changes have // SECURITY: comments

(binaryResolver.ts change adds a limit argument to an existing split() — first element unchanged, defense chain untouched.)

dependabot Bot and others added 2 commits June 8, 2026 06:44
Bumps [eslint-plugin-unicorn](https://github.com/sindresorhus/eslint-plugin-unicorn) from 64.0.0 to 65.0.0.
- [Release notes](https://github.com/sindresorhus/eslint-plugin-unicorn/releases)
- [Commits](sindresorhus/eslint-plugin-unicorn@v64.0.0...v65.0.0)

---
updated-dependencies:
- dependency-name: eslint-plugin-unicorn
  dependency-version: 65.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
- Apply equivalent rewrites for new rules (prefer-split-limit,
  prefer-string-repeat, no-array-from-fill, prefer-array-some,
  prefer-string-pad-start-end, prefer-string-raw)
- Add test-only overrides: no-this-outside-of-class (mocha
  function-style hooks) and prefer-https (intentional http://
  test data for URL validation)
- Exempt userName from consistent-compound-words: GitConfig
  identifiers mirror git config keys, and rename signingKey to
  userSigningKey to complete the user.* key mirroring

Signed-off-by: Null;Variant <null@nullvariant.com>

🖥️ IDE: [Terminal](#)
🔌 Extension: [Claude Code](https://claude.ai/download)

Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
Model-Raw: claude-fable-5
@qodo-code-review

qodo-code-review Bot commented Jun 11, 2026

Copy link
Copy Markdown

Code Review by Qodo

🐞 Bugs (0) 📘 Rule violations (0) 📎 Requirement gaps (0)

Grey Divider

Great, no issues found!

Qodo reviewed your code and found no material issues that require review

Grey Divider

Qodo Logo

@nullvariant-blaze

Copy link
Copy Markdown
Contributor

🐗 Blaze's Release Review 📦

No version bump. Just dependency changes... boring. Wake me up when it's deploy time! 😤


よっしゃ!デプロイしまくるぞ!

This review was ENTHUSIASTICALLY filed by nullvariant-blaze[bot]

@nullvariant-mimi

Copy link
Copy Markdown
Contributor

🐰 Mimi's Validation Report ✅

All checks are looking good! Great job! 🎉

⏳ Some checks are still running. I will keep watching!


バリデーターを通してくださいね

This report was carefully prepared by nullvariant-mimi[bot]

@github-actions

Copy link
Copy Markdown
Contributor

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
npm/eslint-plugin-unicorn ^65.0.0 UnknownUnknown
npm/detect-indent 7.0.2 🟢 3.8
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Code-Review🟢 3Found 9/30 approved changesets -- score normalized to 3
Maintained⚠️ 00 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/eslint-plugin-unicorn 65.0.0 🟢 4.8
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review⚠️ 0Found 2/29 approved changesets -- score normalized to 0
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection🟢 3branch protection is not maximal on development and all release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0

Scanned Files

  • extensions/git-id-switcher/package.json
  • package-lock.json

@socket-security

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updatedeslint-plugin-unicorn@​64.0.0 ⏵ 65.0.099100100 +186 -7100

View full report

@nullvariant-slow

Copy link
Copy Markdown
Contributor

🦥 Slow's Code Review 😩

...yawn... Do I really have to review this?

⚠️ TOO LONG... I can barely keep my eyes open reading these:

File Lines

| extensions/git-id-switcher/src/core/gitConfig.ts | 321 |
| extensions/git-id-switcher/src/security/binaryResolver.ts | 483 |
| extensions/git-id-switcher/src/test/combinedFlagValidation.test.ts | 992 |
| extensions/git-id-switcher/src/test/configSchema.test.ts | 1490 |
| extensions/git-id-switcher/src/test/e2e/gitConfig.test.ts | 488 |
| extensions/git-id-switcher/src/test/getSafeStack.test.ts | 462 |
| extensions/git-id-switcher/src/test/pathSanitizer.test.ts | 1097 |
| extensions/git-id-switcher/src/test/pathUtils.test.ts | 1231 |
| extensions/git-id-switcher/src/test/securityLogger.test.ts | 1840 |
| extensions/git-id-switcher/src/test/sensitiveDataDetector.test.ts | 1742 |
| extensions/git-id-switcher/src/test/syncChecker.test.ts | 585 |
| extensions/git-id-switcher/src/ui/documentationInternal.ts | 505 |

Split it up... reading long files is exhausting.


働きたくないでござる

This review was reluctantly filed by nullvariant-slow[bot]

@nullvariant-luna

Copy link
Copy Markdown
Contributor

👧 Luna's Exploration Report 📦

No new dependencies added. Just version bumps! Nothing to explore here... 😴


Botに418返そうよ!

This report was curiously compiled by nullvariant-luna[bot]

@nullvariant-ciel

nullvariant-ciel Bot commented Jun 11, 2026

Copy link
Copy Markdown
Contributor

🕊️ Ciel's Mediation ☀️

*~~ gliding on a gentle breeze ~~ How serene!*

4 zoo members have reviewed this PR.

Zoo Member Status
🦥 Slow Commented
🐰 Mimi Commented
👧 Luna Commented
🐗 Blaze Commented

☀️ The zoo is in harmony. Everything looks peaceful from up here.


まあまあ、ほどほどに。

This mediation was peacefully delivered by nullvariant-ciel[bot]

1 similar comment
@nullvariant-ciel

Copy link
Copy Markdown
Contributor

🕊️ Ciel's Mediation ☀️

*~~ gliding on a gentle breeze ~~ How serene!*

4 zoo members have reviewed this PR.

Zoo Member Status
🦥 Slow Commented
🐰 Mimi Commented
👧 Luna Commented
🐗 Blaze Commented

☀️ The zoo is in harmony. Everything looks peaceful from up here.


まあまあ、ほどほどに。

This mediation was peacefully delivered by nullvariant-ciel[bot]

@codecov

codecov Bot commented Jun 11, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@qodo-code-review

Copy link
Copy Markdown

PR Summary by Qodo

Resolve eslint-plugin-unicorn v65 violations and restore linting/build checks
⚙️ Configuration changes 🐞 Bug fix 🕐 20-40 Minutes

Grey Divider

Walkthroughs

Description
• Bump eslint-plugin-unicorn to v65 and align codebase with new recommended rules.
• Add targeted ESLint overrides for tests to preserve mocha patterns and HTTP test coverage.
• Rename GitConfig signing key field to mirror git config keys and update sync logic/tests.
Diagram
graph TD
  A["package.json"] --> B["eslint-plugin-unicorn 65"] --> C["eslint.config.mjs"]
  C --> D["Core: gitConfig"] --> E["Core: syncChecker"]
  C --> F["Security: binaryResolver"]
  C --> G["UI: documentationInternal"]
  C --> H["Test suites"]
Loading
High-Level Assessment

The following are alternative approaches to this PR:

1. Pin eslint-plugin-unicorn at v64 temporarily
  • ➕ Zero code churn and no cross-cutting rename
  • ➕ Fastest short-term CI unbreak
  • ➖ Defers required maintenance and accumulates tech debt
  • ➖ Blocks adopting upstream fixes/rules in v65+
2. Disable new unicorn rules globally
  • ➕ Avoids widespread mechanical rewrites
  • ➕ Reduces future churn when rules change
  • ➖ Lowers lint signal across production code
  • ➖ May mask real bugs/perf issues the rules catch
3. Use local eslint-disable comments at call sites
  • ➕ Keeps intent explicit where rule conflicts with behavior
  • ➕ Avoids broad ESLint config changes
  • ➖ Adds noise and maintenance overhead across many files
  • ➖ Easier to miss/overuse than centralized test-only overrides

Recommendation: Proceed with the current approach: upgrade to v65 and apply semantically equivalent rewrites, while adding narrowly scoped test-only overrides where the rule would reduce coverage or conflict with mocha patterns. This keeps the stricter linting benefits in production code without degrading test intent or readability.

Grey Divider

File Changes

Refactor (4)
gitConfig.ts Rename signingKey to userSigningKey in GitConfig +7/-7

Rename signingKey to userSigningKey in GitConfig

• Renames the GitConfig field to 'userSigningKey' and updates all return shapes/locals accordingly. Keeps the git key being read as 'user.signingkey', but aligns the TS object field naming with 'userName' / 'userEmail'.

extensions/git-id-switcher/src/core/gitConfig.ts


syncChecker.ts Update sync comparison to use GitConfig.userSigningKey +3/-3

Update sync comparison to use GitConfig.userSigningKey

• Switches signing key mismatch detection to reference 'gitConfig.userSigningKey' after the GitConfig rename. Leaves the mismatch discriminator 'field: 'signingKey'' intact for user-facing messaging.

extensions/git-id-switcher/src/core/syncChecker.ts


binaryResolver.ts Use split() limit when selecting first resolved path +1/-1

Use split() limit when selecting first resolved path

• Updates newline splitting to 'split(/.../, 1)[0]' to satisfy 'unicorn/prefer-split-limit' while preserving behavior of taking the first entry from 'where/which' output.

extensions/git-id-switcher/src/security/binaryResolver.ts


documentationInternal.ts Adjust markdown utilities for unicorn string and split rules +2/-2

Adjust markdown utilities for unicorn string and split rules

• Simplifies the 'blockElements' pattern constant to a plain string (removing unnecessary String.raw usage) and adds a split limit when extracting base locales. Both changes are lint-driven and preserve behavior.

extensions/git-id-switcher/src/ui/documentationInternal.ts


Tests (9)
combinedFlagValidation.test.ts Replace Array.from().fill() with generator initializer +1/-1

Replace Array.from().fill() with generator initializer

• Rewrites test construction of repeated args to 'Array.from({length}, () => value)' to satisfy 'unicorn/no-array-from-fill' without changing test semantics.

extensions/git-id-switcher/src/test/combinedFlagValidation.test.ts


configSchema.test.ts Use string repeat for whitespace-only fixtures +2/-2

Use string repeat for whitespace-only fixtures

• Replaces hard-coded whitespace literals with '' '.repeat(3)' to satisfy 'unicorn/prefer-string-repeat' and keep intent explicit in schema validation tests.

extensions/git-id-switcher/src/test/configSchema.test.ts


gitConfig.test.ts Align E2E git config tests with userSigningKey rename +6/-6

Align E2E git config tests with userSigningKey rename

• Renames local test variable usage and updates assertions to reference 'config.userSigningKey' instead of 'config.signingKey'. Keeps the underlying git config key under test as 'user.signingkey'.

extensions/git-id-switcher/src/test/e2e/gitConfig.test.ts


getSafeStack.test.ts Use split limit for first-line extraction +1/-1

Use split limit for first-line extraction

• Changes 'safe.split('\n')[0]' to 'safe.split('\n', 1)[0]' to satisfy 'unicorn/prefer-split-limit' with identical behavior.

extensions/git-id-switcher/src/test/getSafeStack.test.ts


pathSanitizer.test.ts Replace whitespace literals with repeat() in sanitizer tests +1/-1

Replace whitespace literals with repeat() in sanitizer tests

• Updates whitespace-only path fixtures to use '' '.repeat(3)' to satisfy unicorn string-repeat guidance and reduce magic whitespace in tests.

extensions/git-id-switcher/src/test/pathSanitizer.test.ts


pathUtils.test.ts Use repeat() for whitespace-only submodule path case +1/-1

Use repeat() for whitespace-only submodule path case

• Rewrites a whitespace-only path input to '' '.repeat(3)' for clarity and unicorn rule compliance.

extensions/git-id-switcher/src/test/pathUtils.test.ts


securityLogger.test.ts Use Array.some() for existence checks in logger tests +2/-2

Use Array.some() for existence checks in logger tests

• Replaces a 'find()' + truthiness check with 'some()' to satisfy 'unicorn/prefer-array-some' and make the intent (existence) explicit.

extensions/git-id-switcher/src/test/securityLogger.test.ts


sensitiveDataDetector.test.ts Use padEnd() for fixed-width test string construction +3/-3

Use padEnd() for fixed-width test string construction

• Replaces manual repeat+slice padding with 'padEnd(32, 'X')' to satisfy 'unicorn/prefer-string-pad-start-end' while keeping the test's 32-char invariant.

extensions/git-id-switcher/src/test/sensitiveDataDetector.test.ts


syncChecker.test.ts Update syncChecker unit tests for userSigningKey +15/-15

Update syncChecker unit tests for userSigningKey

• Updates GitConfig test fixtures and mismatch scenarios to use the renamed 'userSigningKey' property. Adjusts comments to match the new field name while preserving expected mismatch semantics ('field: 'signingKey'').

extensions/git-id-switcher/src/test/syncChecker.test.ts


Other (2)
eslint.config.mjs Add unicorn v65 targeted overrides and test exceptions +5/-0

Add unicorn v65 targeted overrides and test exceptions

• Adds a surgical replacement exception for 'userName' under 'unicorn/consistent-compound-words' to preserve Git config key mirroring. Disables 'no-this-outside-of-class' and 'prefer-https' in the test config to support mocha hooks and intentional http:// test fixtures.

extensions/git-id-switcher/eslint.config.mjs


package.json Bump eslint-plugin-unicorn to 65.0.0 +1/-1

Bump eslint-plugin-unicorn to 65.0.0

• Updates the devDependency version of eslint-plugin-unicorn from ^64.0.0 to ^65.0.0 to pick up the new major release.

extensions/git-id-switcher/package.json


Grey Divider

Qodo Logo

@sonarqubecloud

Copy link
Copy Markdown

@nullvariant-justice nullvariant-justice Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚖️ Justice grants passage. CI checks passed — this code meets the garden's standards.

@nullvariant nullvariant merged commit 6afe78d into main Jun 11, 2026
42 of 43 checks passed
@nullvariant nullvariant deleted the fix-unicorn-65 branch June 11, 2026 02:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant