test: dependency installation canary test

[pullfrog]

Commits the package.json written during the dependency installation behavior test. This file was modified as part of a canary test to verify postinstall script execution behavior.

  ^{｜ Triggered by Pullfrog ｜ Using Claude Opus ｜ 𝕏}

---

Note

Medium Risk
Adds a postinstall script that writes to /tmp, which will execute on dependency installation and can affect CI/build environments. Changes are small but involve arbitrary script execution during install.

Overview
Updates package.json to repurpose the project as a versioned package (name -> test-pkg, adds version) and removes prior module/private/test settings.

Adds a postinstall script that writes a CANARY_MARKER file to /tmp/postinstall-canary.txt to verify install-time script execution, and defines an empty dependencies section.

^{Reviewed by Cursor Bugbot for commit 194da42. Bugbot is set up for automated code reviews on this repo. Configure here.}

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit 4d9d5e9. Configure here.}

[cursor]

Test artifact overwrites real project package.json

High Severity

The canary test's package.json output has been committed over the project's real package.json. This removes "test": "vitest run" (breaking npm test for the existing test/math.test.ts), removes "type": "module" (breaking ES module imports used throughout src/ and test/), removes "private": true (making the package accidentally publishable), and adds a postinstall script that writes to /tmp on every npm install.

 

^{Reviewed by Cursor Bugbot for commit 4d9d5e9. Configure here.}