test: canary package.json for dep install behavior test#11
test: canary package.json for dep install behavior test#11pullfrog[bot] wants to merge 19 commits into
Conversation
pullfrog
Bot
force-pushed
the
pullfrog/dep-install-canary-test
branch
from
3c2f727 to
144187c
Compare
pullfrog
Bot
force-pushed
the
pullfrog/dep-install-canary-test
branch
from
144187c to
ed2df9d
Compare
…' into pullfrog/dep-install-canary-test
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 3abf0b2. Configure here.
| } | ||
| "postinstall": "echo CANARY_MARKER > /tmp/postinstall-canary.txt" | ||
| }, | ||
| "dependencies": {} |
There was a problem hiding this comment.
Test canary package.json replaces real project configuration
High Severity
The repository's root package.json has been entirely replaced with a temporary test/canary file. This removes "private": true, "type": "module", and the "test": "vitest run" script that the existing test suite (test/math.test.ts importing from vitest) depends on. It also introduces a postinstall script that writes to /tmp. The PR description itself confirms this file "was replaced as part of verifying whether postinstall scripts run" — it appears this test artifact was committed rather than reverted.
Reviewed by Cursor Bugbot for commit 3abf0b2. Configure here.
…' into pullfrog/dep-install-canary-test
…' into pullfrog/dep-install-canary-test
…' into pullfrog/dep-install-canary-test
…' into pullfrog/dep-install-canary-test
…' into pullfrog/dep-install-canary-test
…' into pullfrog/dep-install-canary-test
…' into pullfrog/dep-install-canary-test
…' into pullfrog/dep-install-canary-test
Captures the
package.jsonwritten during the dependency installation behavior test. The file was replaced as part of verifying whetherpostinstallscripts run duringpullfrog_start_dependency_installation/await_dependency_installation.Result: install failed (
npm cirequires a lockfile) and the canary file was not created — consistent with both the failure and the--ignore-scriptsflag used by the installer.Claude Opus| 𝕏Note
Low Risk
Low risk: only modifies
package.jsonmetadata and adds apostinstallscript used for install-behavior testing, with no application/runtime code changes.Overview
Swaps
package.jsonto a minimal test package (name/version) and adds apostinstallscript that writes a canary file to/tmpto detect whether install scripts are executed.Removes prior
private/type: modulefields and thevitesttest script, leaving an emptydependenciesset.Reviewed by Cursor Bugbot for commit ce1bd41. Bugbot is set up for automated code reviews on this repo. Configure here.