Currently, the require-valid-package-manifest rule is used as a dependency for any package that needs to access the manifest. Because it makes use of the PackageManifestSchema Superstruct schema under the hood, it essentially verifies that all of the properties of the manifest that we will ever need to access are present, i.e. that the manifest has the maximum number of properties present up front.
This creates a problem, because it would prevent feature-specific checks from being completely disabled in the future. For instance, let's say that a project doesn't have LavaMoat installed, and the maintainer for some reason does not want to add it at this present time, so they want to disable all of the LavaMoat-related rules. However, if they were to do this, the require-valid-package-manifest rule would still report that lavamoat was missing from the manifest.
To avoid this, it seems that we would want require-valid-package-manifest (and thus PackageManifestSchema) to only check the minimum required fields, i.e., fields that we can reasonably assume that all packages have, even if they are the furthest from conforming to the module template. These would be:
name
version
main
files
scripts
This is not to say that we want no type information for fields beyond this, but merely that anything else in the schema should be optional.
Unfortunately, making certain fields optional in a Superstruct schema is more difficult than it should be due to our use of the Json type. Perhaps there is a way around this using Zod instead?
Currently, the
require-valid-package-manifestrule is used as a dependency for any package that needs to access the manifest. Because it makes use of the PackageManifestSchema Superstruct schema under the hood, it essentially verifies that all of the properties of the manifest that we will ever need to access are present, i.e. that the manifest has the maximum number of properties present up front.This creates a problem, because it would prevent feature-specific checks from being completely disabled in the future. For instance, let's say that a project doesn't have LavaMoat installed, and the maintainer for some reason does not want to add it at this present time, so they want to disable all of the LavaMoat-related rules. However, if they were to do this, the
require-valid-package-manifestrule would still report thatlavamoatwas missing from the manifest.To avoid this, it seems that we would want
require-valid-package-manifest(and thus PackageManifestSchema) to only check the minimum required fields, i.e., fields that we can reasonably assume that all packages have, even if they are the furthest from conforming to the module template. These would be:nameversionmainfilesscriptsThis is not to say that we want no type information for fields beyond this, but merely that anything else in the schema should be optional.
Unfortunately, making certain fields optional in a Superstruct schema is more difficult than it should be due to our use of the Json type. Perhaps there is a way around this using Zod instead?