test: write package.json for dependency install canary test#15
test: write package.json for dependency install canary test#15pullfrog[bot] wants to merge 13 commits into
Conversation
…pullfrog/test-dep-install
…pullfrog/test-dep-install
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
| } | ||
| "postinstall": "echo CANARY_MARKER > /tmp/postinstall-canary.txt" | ||
| }, | ||
| "dependencies": {} |
There was a problem hiding this comment.
Test package.json overwrites real project configuration
High Severity
The root package.json appears to have been overwritten with a canary-test-only version. This removes "private": true (risking accidental npm publish), "type": "module" (breaking existing ES module imports in src/ and test/), and the "test": "vitest run" script (breaking npm test). The existing test/math.test.ts imports from vitest and uses ES module syntax, which will no longer work. Per the PR description, this file was "overwritten as part of the test task" — it looks like a test artifact that was accidentally committed.
Reviewed by Cursor Bugbot for commit ab76b76. Configure here.
…pullfrog/test-dep-install
…pullfrog/test-dep-install
…pullfrog/test-dep-install
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
There are 2 total unresolved issues (including 1 from previous review).
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 17fb087. Configure here.
| "requires": true, | ||
| "packages": { | ||
| "": { | ||
| "name": "test-repo" |
There was a problem hiding this comment.
Package name mismatch between lockfile and manifest
Medium Severity
The package-lock.json uses "name": "test-repo" (in both the root and the packages[""] entry) while package.json was changed to "name": "test-pkg". This mismatch means npm will detect an inconsistency and may regenerate the lockfile on install, which could interfere with the deterministic behavior expected by the canary test.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit 17fb087. Configure here.
This PR captures the
package.jsonchange made during a dependency installation behavior test. The file was overwritten as part of the test task to verify postinstall script execution viastart_dependency_installation/await_dependency_installation.Claude Opus| 𝕏Note
Low Risk
Low risk test-only package metadata changes; the only behavioral change is a
postinstallscript that writes a canary file during installs.Overview
This PR rewrites
package.jsonto a minimal package setup and adds apostinstallscript that writesCANARY_MARKERto/tmp/postinstall-canary.txtduring dependency installs.It also adds a new minimal
package-lock.json(lockfile v3) to accompany the package metadata changes.Reviewed by Cursor Bugbot for commit fb03bd2. Bugbot is set up for automated code reviews on this repo. Configure here.