From 898fd231ced920e022878be0d225934081cd0220 Mon Sep 17 00:00:00 2001 From: Chris Yau Date: Sun, 7 Jun 2026 13:01:21 +0800 Subject: [PATCH] fix: guard two script edge cases (tolerant package.json parse, set -u empty array) (#2088) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * fix: guard two script edge cases - scripts/harness-audit.js: getRepoChecks() parsed package.json with raw JSON.parse(readText(...)), while the rest of the file (lines 218, 822) uses the tolerant safeParseJson(safeRead(...)). In repo target mode a project lacking package.json — or with malformed JSON — threw an uncaught exception and crashed the audit instead of degrading. Match the existing convention so the audit tolerates a missing/invalid package.json. - skills/frontend-slides/scripts/export-pdf.sh: `set -- "${POSITIONAL[@]}"` expands an empty array under `set -u` on bash 3.2 (the macOS system bash), aborting with "POSITIONAL[@]: unbound variable" instead of printing the usage message when invoked with no positional args. Guard the expansion with ${POSITIONAL[@]+"${POSITIONAL[@]}"} (no-op safe under bash 3.2 set -u). Generated with [Claude Code](https://claude.ai/code) via [Happy](https://happy.engineering) Co-Authored-By: Claude Co-Authored-By: Happy * fix: null-safe package.json access in getRepoChecks Review follow-up (CodeRabbit + cubic): switching to safeParseJson at line 389 means packageJson can be null on a missing/malformed package.json, but the quality-ci-validations check dereferenced packageJson.scripts before the optional chaining could help — throwing TypeError instead of degrading. Guard the base object with packageJson?.scripts?.test at the access site, matching the file's existing convention (e.g. line 220 uses packageJson?.name). Generated with [Claude Code](https://claude.ai/code) via [Happy](https://happy.engineering) Co-Authored-By: Claude Co-Authored-By: Happy --------- Co-authored-by: Claude Co-authored-by: Happy --- scripts/harness-audit.js | 4 ++-- skills/frontend-slides/scripts/export-pdf.sh | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/harness-audit.js b/scripts/harness-audit.js index 3e525ca7..a523eca9 100644 --- a/scripts/harness-audit.js +++ b/scripts/harness-audit.js @@ -386,7 +386,7 @@ function findPluginInstall(rootDir) { } function getRepoChecks(rootDir) { - const packageJson = JSON.parse(readText(rootDir, 'package.json')); + const packageJson = safeParseJson(safeRead(rootDir, 'package.json')); const commandPrimary = safeRead(rootDir, 'commands/harness-audit.md').trim(); const commandParity = safeRead(rootDir, '.opencode/commands/harness-audit.md').trim(); const hooksJson = safeRead(rootDir, 'hooks/hooks.json'); @@ -499,7 +499,7 @@ function getRepoChecks(rootDir) { scopes: ['repo'], path: 'package.json', description: 'Test script runs validator chain before tests', - pass: typeof packageJson.scripts?.test === 'string' && packageJson.scripts.test.includes('validate-commands.js') && packageJson.scripts.test.includes('tests/run-all.js'), + pass: typeof packageJson?.scripts?.test === 'string' && packageJson?.scripts?.test.includes('validate-commands.js') && packageJson?.scripts?.test.includes('tests/run-all.js'), fix: 'Update package.json test script to run validators plus tests/run-all.js.', }, { diff --git a/skills/frontend-slides/scripts/export-pdf.sh b/skills/frontend-slides/scripts/export-pdf.sh index df0b1807..ee446b79 100755 --- a/skills/frontend-slides/scripts/export-pdf.sh +++ b/skills/frontend-slides/scripts/export-pdf.sh @@ -52,7 +52,7 @@ for arg in "$@"; do ;; esac done -set -- "${POSITIONAL[@]}" +set -- ${POSITIONAL[@]+"${POSITIONAL[@]}"} # --- Input validation ---