search

chris48s / v8r

✔️ A command-line JSON, YAML and TOML validator that's on your wavelength
https://chris48s.github.io/v8r/
MIT License
28 stars 5 forks source link

load user supplied plugins #487

Closed chris48s closed 3 weeks ago

chris48s commented 1 month ago

Closes https://github.com/chris48s/v8r/issues/481 Closes https://github.com/chris48s/v8r/issues/483 Closes https://github.com/chris48s/v8r/issues/488

socket-security[bot] commented 1 month ago

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/jsdoc-to-mdx@1.2.1 Transitive: environment, eval, filesystem, shell, unsafe +109 22 MB woodneck

🚮 Removed packages: npm/prism-react-renderer@2.3.1, npm/react-dom@18.3.1, npm/react@18.3.1

View full report↗︎

socket-security[bot] commented 1 month ago

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert Package NoteSourceCI
Potential typo squat npm/ast-parser@0.2.0 🚫

View full report↗︎

Next steps

What is a typosquat?

Package name is similar to other popular packages and may not be the package you want.

Use care when consuming similarly named packages and ensure that you did not intend to consume a different package. Malicious packages often publish using similar names as existing popular packages.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

  • @SocketSecurity ignore npm/ast-parser@0.2.0
codecov[bot] commented 1 month ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 96.29%. Comparing base (323148d) to head (acaea67). Report is 4 commits behind head on main.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #487 +/- ## ========================================== + Coverage 95.96% 96.29% +0.33% ========================================== Files 20 20 Lines 1139 1243 +104 Branches 260 266 +6 ========================================== + Hits 1093 1197 +104 Misses 45 45 Partials 1 1 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

chris48s commented 1 month ago

OK. I think this is basically done.

Next steps are:

Then I think you are good to :rocket:

chris48s commented 1 month ago

Another bit of nuance to document: How filename is resolved relative to cwd

chris48s commented 1 month ago

Another bit of inconsistency to clean up: filename and fileLocation for the same thing fileLocation is part of the JSON output format, so lets standardise on that.

chris48s commented 3 weeks ago

OK. I am FINALLY happy with the plugin interface. It is:

Input:

Output:

This has been such a vivid exercise in "naming things is hard"