Add CI check for forbidden texts

[NullVoxPopuli]

This will help keep us from accidentally build code in production that shouldn't be there.

(the production assets being what we expect the output to be when someone using starbeam builds for production with the appropriate minifier settings)

Resolves: https://github.com/starbeamjs/starbeam/issues/153

Package Graph

Whole Repo Just @starbeam (without integration libraries)

Can this be the published set of packages: https://studio.commonality.co/starbeamjs/starbeam?packages=NoIgAgzgLghgTgIwKYwLYHoDGB7ANrpTKAS2wDsIQAacaeZNdVbAE2IDNik5rbZEUGOCiLEAbkl6R%2BDIUjItu3KXQGNhEbAFc4mSTWn1B6OFrIlU%2BvkcYRuY4npUzjEABbwkLZzYxnx3BAwuCAAukA

on disk task graph

```bash pnpm turbo run build --filter "@starbeam/*" --graph=graph.svg ``` 

[stackblitz[bot]]

Run & review this pull request in StackBlitz Codeflow.

[patricklx]

[patricklx]

how about adding mangle: false as well?

[patricklx]

this things are preventing terser to drop those: https://github.com/starbeamjs/starbeam/blob/bca55c9fb54d030b5a3076bea5bbb0649ec527d5/packages/universal/verify/src/assertions/basic.ts#L11

[NullVoxPopuli]

hmm, all these expectations may be causing problems.

[patricklx]

I would also suggest to change the validation script to parse the source map instead. Then you can look at the files list and check if a relative path lands in one of the debug packages. Edit: actually yoi might need both tests.

• check in js if the package imports are gone -> inlined
• check in source map relativ paths

[NullVoxPopuli]

so far, I haven't even gotten checking source to do what I want, so it doesn't make sense to check sourcemaps yet

[socket-security[bot]]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/eslint@8.57.0	environment, filesystem Transitive: eval, shell, unsafe	+71	9.85 MB	eslintbot

🚮 Removed packages: npm/@starbeam-dev/eslint-plugin@1.0.4, npm/eslint@8.56.0

View full report↗︎