Analyze codebase for violations and issues #5
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Phase 1 - Critical Fixes: - Fix dist/ dependency violations: site now uses @goobits/docs-engine workspace link - Add pnpm-workspace.yaml for proper monorepo setup - Update all site imports to use package paths instead of dist/ - Add comprehensive tests for cli-executor.ts (security-critical) - Fix dependency version inconsistencies between packages (glob, typescript, p-limit, tsup) Phase 2 - Quick Wins: - Remove duplicate /utils/ folder (inferior implementations) - Consolidate escapeHtml() imports in 4 Hydrator components Phase 3 - Refactoring: - Extract shared processScreenshotImage() function in screenshot-service.ts - Eliminates ~180 lines of duplicated image processing code All 521 tests pass.
Split parser functions (JSON, env, SQL, grep) into dedicated files under src/lib/generators/parsers/ to improve maintainability and reduce the size of the generator module.
Create reusable useHydrator utility that encapsulates the common lifecycle pattern used by all Hydrator components: - Browser environment check - afterNavigate subscription for SPA navigation - Deferred initial hydration (queueMicrotask + requestAnimationFrame) - Optional MutationObserver for dynamic content Updated 7 Hydrator components to use the new composable, reducing boilerplate and ensuring consistent behavior.
Add 20 tests covering JSON, ENV, and SQL parsers: - JSON: array parsing, object conversion, nested paths - ENV: variable parsing, categories, comments, quotes - SQL: CREATE TABLE, columns, constraints, comments
Use execFile() instead of exec() for improved security: - Does not spawn a shell, preventing shell injection attacks - Arguments are passed directly to the executable - Added parseCommand() to handle quoted argument parsing - Fixed error code handling for Node.js error types This change provides defense in depth alongside the existing allowlist and dangerous character blocking.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.