fix(project-detect): match packageKeys on boundaries, not substrings (#2181)

Framework detection matched a dependency against a framework's packageKeys
with unbounded substring containment (dep.includes(key)), so any dependency
whose name merely contained a key was misclassified: `preact` and even
`reactive` were both detected as `react`.

Match only when the dependency equals the key, or the key is a prefix
immediately followed by a delimiter (/ . _ -). This still matches every real
case (react-dom, @remix-run/node, spring-boot-starter, org.springframework.boot,
github.com/labstack/echo/v4, phoenix_live_view) while excluding preact/reactive
(and incidentally nextra). Adds regression tests.

Co-authored-by: bymle <229636660+bymle@users.noreply.github.com>

scripts/lib/project-detect.js

@@ -390,7 +390,20 @@ function detectProjectType(projectDir) {
           depList = elixirDeps;
           break;
       }
-      hasDep = rule.packageKeys.some(key => depList.some(dep => dep.toLowerCase().includes(key.toLowerCase())));
+      // Boundary-aware match: a dependency matches a packageKey only when it
+      // equals the key, or the key is a prefix immediately followed by a
+      // delimiter (/ . _ -). Plain substring matching wrongly classified
+      // `preact` / `reactive` as `react`. This still matches the real cases:
+      // react-dom, @remix-run/node, spring-boot-starter, org.springframework.boot,
+      // github.com/labstack/echo/v4, phoenix_live_view.
+      hasDep = rule.packageKeys.some(key => {
+        const k = key.toLowerCase();
+        return depList.some(dep => {
+          const d = dep.toLowerCase();
+          if (!d.startsWith(k)) return false;
+          return d.length === k.length || /[/._-]/.test(d[k.length]);
+        });
+      });
     }
 
     if (hasMarker || hasDep) {