Lay out foundation for this project

[mcmire]

This is a fairly hefty commit, but it adds all of the code which is necessary for an MVP version of this tool, which includes one rule whose goal is to merely to check that the src/ directory of a project is present.

Right now, as this package is not published, this tool may be run within this project using the following command:

yarn run-tool [OPTIONS] [ARGUMENTS]

There are two ways to run the tool. With no arguments, it will run the aforementioned rule across a slew of MetaMask repositories:

yarn run-tool

If you want to use your own list of repositories, however, you may pass those. For instance, if you wanted to run the rule on utils and providers, you could say:

yarn run-tool utils providers

For help, pass --help:

yarn run-tool --help

One thing about rules to note is that they are designed to be nested. So, for instance, if you have a rule that ensures that tsconfig.json contains a certain property, this rule will only work if tsconfig.json exists. So you might make both rules and have the "tsconfig.json must have X property" rule depend on the "tsconfig.json must exist" rule. When this tool runs, it will print the results of these rules in the same hierarchy that they were defined:

- Does `tsconfig.json` exist? ✅
  - Does `tsconfig.json` have X property? ✅

---

Closes #5.

---

Note You'll need to have the GitHub CLI installed to test this branch out. I'll add a check soon, but in the meantime make sure to download that.

[socket-security[bot]]

New dependencies detected. Learn more about Socket for GitHub ↗︎

Packages	Version	New capabilities	Transitives	Size	Publisher
@types/jest-when	3.5.4	None	+0	6.45 kB	types
stdio-mock	1.2.0	None	+0	26.4 kB	tylors
rimraf	5.0.5	filesystem, environment	+0	277 kB	isaacs
@metamask/utils	8.2.0	filesystem	+17	4.96 MB	metamaskbot
dependency-graph	0.11.0	None	+0	38.6 kB	jriecken
axios	1.6.0	network, environment	+7	1.95 MB
jest-mock-extended	3.0.5	None	+1	144 kB	marchaos
nock	13.3.6	network, filesystem, environment	+2	207 kB	nockbot

[socket-security[bot]]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Issue	Package	Version	Note	Source
Network access	axios	1.6.0	Module: https Location: dist/node/axios.cjs +3 more instances...	package.json
Unpublished package	axios	1.6.0	Version: 1/6/2000, 12:00:00 AM	package.json
Network access	nock	13.3.6	Module: https Location: lib/common.js +4 more instances...	package.json

Next steps

What is network access?

This module accesses the network.

Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use.

What are unpublished packages?

Package version was not found on the registry. It may exist on a different registry and need to be configured to pull from that registry.

Packages can be removed from the registry by manually un-publishing, a security issue removal, or may simply never have been published to the registry. Reliance on these packages will cause problem when they are not found.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore axios@1.6.0
• @SocketSecurity ignore nock@13.3.6

[kanthesha]

Is there an possibility to group the files related into folders, it'll improve the readability.

[mcmire]

Is there an possibility to group the files related into folders, it'll improve the readability.

I feel like the files stand on their own, so I'm not sure which folders I could use. But do you have a suggestion?

[mcmire]

I've begun splitting up this PR to make it easier to review. Setting this PR to draft to indicate that I won't merge this one, but keeping it open for reference.

[mcmire]

Closing this PR since I don't plan on merging it, but will keep the branch alive for reference purposes.