From c5ca3c698cbc84fbc93e6cae7123a2675577494d Mon Sep 17 00:00:00 2001 From: "anthropic-code-agent[bot]" <242468646+Claude@users.noreply.github.com> Date: Wed, 18 Feb 2026 07:04:29 +0000 Subject: [PATCH] Fix ESLint errors in test files and package-manager.js Co-authored-by: pangerlkr <73515951+pangerlkr@users.noreply.github.com> --- scripts/lib/package-manager.js | 2 +- tests/hooks/suggest-compact.test.js | 46 +++--- tests/lib/package-manager.test.js | 217 ++++++++++------------------ tests/lib/session-aliases.test.js | 2 +- tests/lib/session-manager.test.js | 4 +- tests/lib/utils.test.js | 2 +- 6 files changed, 100 insertions(+), 173 deletions(-) diff --git a/scripts/lib/package-manager.js b/scripts/lib/package-manager.js index 7eefc3c9..cc919f57 100644 --- a/scripts/lib/package-manager.js +++ b/scripts/lib/package-manager.js @@ -282,7 +282,7 @@ function setProjectPackageManager(pmName, projectDir = process.cwd()) { // Allowed characters in script/binary names: alphanumeric, dash, underscore, dot, slash, @ // This prevents shell metacharacter injection while allowing scoped packages (e.g., @scope/pkg) -const SAFE_NAME_REGEX = /^[\[@a-zA-Z0-9_./-]+$/; +const SAFE_NAME_REGEX = /^[@a-zA-Z0-9_./-]+$/; /** * Get the command to run a script diff --git a/tests/hooks/suggest-compact.test.js b/tests/hooks/suggest-compact.test.js index 5b09631c..36dd8b17 100644 --- a/tests/hooks/suggest-compact.test.js +++ b/tests/hooks/suggest-compact.test.js @@ -21,9 +21,9 @@ function test(name, fn) { fn(); console.log(` \u2713 ${name}`); return true; - } catch (err) { + } catch (_err) { console.log(` \u2717 ${name}`); - console.log(` Error: ${err.message}`); + console.log(` Error: ${_err.message}`); return false; } } @@ -55,9 +55,7 @@ function getCounterFilePath(sessionId) { } function runTests() { - console.log(' -=== Testing suggest-compact.js === -'); + console.log('\n=== Testing suggest-compact.js ===\n'); let passed = 0; let failed = 0; @@ -70,7 +68,7 @@ function runTests() { function cleanupCounter() { try { fs.unlinkSync(counterFile); - } catch (err) { + } catch (_err) { // Ignore error } } @@ -101,8 +99,7 @@ function runTests() { else failed++; // Threshold suggestion - console.log(' -Threshold suggestion:'); + console.log('\nThreshold suggestion:'); if (test('suggests compact at threshold (COMPACT_THRESHOLD=3)', () => { cleanupCounter(); @@ -131,8 +128,7 @@ Threshold suggestion:'); else failed++; // Interval suggestion (every 25 calls after threshold) - console.log(' -Interval suggestion:'); + console.log('\nInterval suggestion:'); if (test('suggests at threshold + 25 interval', () => { cleanupCounter(); @@ -151,8 +147,7 @@ Interval suggestion:'); else failed++; // Environment variable handling - console.log(' -Environment variable handling:'); + console.log('\nEnvironment variable handling:'); if (test('uses default threshold (50) when COMPACT_THRESHOLD is not set', () => { cleanupCounter(); @@ -195,8 +190,7 @@ Environment variable handling:'); else failed++; // Corrupted counter file - console.log(' -Corrupted counter file:'); + console.log('\nCorrupted counter file:'); if (test('resets counter on corrupted file content', () => { cleanupCounter(); @@ -235,8 +229,7 @@ Corrupted counter file:'); else failed++; // Session isolation - console.log(' -Session isolation:'); + console.log('\nSession isolation:'); if (test('uses separate counter files per session ID', () => { const sessionA = `compact-a-${Date.now()}`; @@ -252,15 +245,14 @@ Session isolation:'); assert.strictEqual(countA, 2, 'Session A should have count 2'); assert.strictEqual(countB, 1, 'Session B should have count 1'); } finally { - try { fs.unlinkSync(fileA); } catch (err) { /* ignore */ } - try { fs.unlinkSync(fileB); } catch (err) { /* ignore */ } + try { fs.unlinkSync(fileA); } catch (_err) { /* ignore */ } + try { fs.unlinkSync(fileB); } catch (_err) { /* ignore */ } } })) passed++; else failed++; // Always exits 0 - console.log(' -Exit code:'); + console.log('\nExit code:'); if (test('always exits 0 (never blocks Claude)', () => { cleanupCounter(); @@ -271,8 +263,7 @@ Exit code:'); else failed++; // ── Round 29: threshold boundary values ── - console.log(' -Threshold boundary values:'); + console.log('\nThreshold boundary values:'); if (test('rejects COMPACT_THRESHOLD=0 (falls back to 50)', () => { cleanupCounter(); @@ -332,7 +323,7 @@ Threshold boundary values:'); if (test('counter value at exact boundary 1000000 is valid', () => { cleanupCounter(); fs.writeFileSync(counterFile, '999999'); - const result = runCompact({ CLAUDE_SESSION_ID: testSession, COMPACT_THRESHOLD: '3' }); + runCompact({ CLAUDE_SESSION_ID: testSession, COMPACT_THRESHOLD: '3' }); // 999999 is valid (> 0, <= 1000000), count becomes 1000000 const count = parseInt(fs.readFileSync(counterFile, 'utf8').trim(), 10); assert.strictEqual(count, 1000000, 'Counter at 1000000 boundary should be valid'); @@ -343,7 +334,7 @@ Threshold boundary values:'); if (test('counter value at 1000001 is clamped (reset to 1)', () => { cleanupCounter(); fs.writeFileSync(counterFile, '1000001'); - const result = runCompact({ CLAUDE_SESSION_ID: testSession }); + runCompact({ CLAUDE_SESSION_ID: testSession }); const count = parseInt(fs.readFileSync(counterFile, 'utf8').trim(), 10); assert.strictEqual(count, 1, 'Counter > 1000000 should be reset to 1'); cleanupCounter(); @@ -351,12 +342,11 @@ Threshold boundary values:'); else failed++; // ── Round 64: default session ID fallback ── - console.log(' -Default session ID fallback (Round 64):'); + console.log('\nDefault session ID fallback (Round 64):'); if (test('uses "default" session ID when CLAUDE_SESSION_ID is empty', () => { const defaultCounterFile = getCounterFilePath('default'); - try { fs.unlinkSync(defaultCounterFile); } catch (err) { /* ignore */ } + try { fs.unlinkSync(defaultCounterFile); } catch (_err) { /* ignore */ } try { // Pass empty CLAUDE_SESSION_ID — falsy, so script uses 'default' const env = { ...process.env, CLAUDE_SESSION_ID: '' }; @@ -371,7 +361,7 @@ Default session ID fallback (Round 64):'); const count = parseInt(fs.readFileSync(defaultCounterFile, 'utf8').trim(), 10); assert.strictEqual(count, 1, 'Counter should be 1 for first run with default session'); } finally { - try { fs.unlinkSync(defaultCounterFile); } catch (err) { /* ignore */ } + try { fs.unlinkSync(defaultCounterFile); } catch (_err) { /* ignore */ } } })) passed++; else failed++; diff --git a/tests/lib/package-manager.test.js b/tests/lib/package-manager.test.js index 58818e93..99bf67e4 100644 --- a/tests/lib/package-manager.test.js +++ b/tests/lib/package-manager.test.js @@ -18,9 +18,9 @@ function test(name, fn) { fn(); console.log(` ✓ ${name}`); return true; - } catch (err) { + } catch (_err) { console.log(` ✗ ${name}`); - console.log(` Error: ${err.message}`); + console.log(` Error: ${_err.message}`); return false; } } @@ -39,9 +39,7 @@ function cleanupTestDir(testDir) { // Test suite function runTests() { - console.log(' -=== Testing package-manager.js === -'); + console.log('\n=== Testing package-manager.js ===\n'); let passed = 0; let failed = 0; @@ -68,8 +66,7 @@ function runTests() { else failed++; // detectFromLockFile tests - console.log(' -detectFromLockFile:'); + console.log('\ndetectFromLockFile:'); if (test('detects npm from package-lock.json', () => { const testDir = createTestDir(); @@ -146,8 +143,7 @@ detectFromLockFile:'); else failed++; // detectFromPackageJson tests - console.log(' -detectFromPackageJson:'); + console.log('\ndetectFromPackageJson:'); if (test('detects package manager from packageManager field', () => { const testDir = createTestDir(); @@ -197,8 +193,7 @@ detectFromPackageJson:'); else failed++; // getAvailablePackageManagers tests - console.log(' -getAvailablePackageManagers:'); + console.log('\ngetAvailablePackageManagers:'); if (test('returns array of available managers', () => { const available = pm.getAvailablePackageManagers(); @@ -209,8 +204,7 @@ getAvailablePackageManagers:'); else failed++; // getPackageManager tests - console.log(' -getPackageManager:'); + console.log('\ngetPackageManager:'); if (test('returns object with name, config, and source', () => { const result = pm.getPackageManager(); @@ -256,8 +250,7 @@ getPackageManager:'); else failed++; // getRunCommand tests - console.log(' -getRunCommand:'); + console.log('\ngetRunCommand:'); if (test('returns correct install command', () => { const originalEnv = process.env.CLAUDE_PACKAGE_MANAGER; @@ -292,8 +285,7 @@ getRunCommand:'); else failed++; // getExecCommand tests - console.log(' -getExecCommand:'); + console.log('\ngetExecCommand:'); if (test('returns correct exec command for npm', () => { const originalEnv = process.env.CLAUDE_PACKAGE_MANAGER; @@ -328,8 +320,7 @@ getExecCommand:'); else failed++; // getCommandPattern tests - console.log(' -getCommandPattern:'); + console.log('\ngetCommandPattern:'); if (test('generates pattern for dev command', () => { const pattern = pm.getCommandPattern('dev'); @@ -352,8 +343,7 @@ getCommandPattern:'); else failed++; // getSelectionPrompt tests - console.log(' -getSelectionPrompt:'); + console.log('\ngetSelectionPrompt:'); if (test('returns informative prompt', () => { const prompt = pm.getSelectionPrompt(); @@ -364,8 +354,7 @@ getSelectionPrompt:'); else failed++; // setProjectPackageManager tests - console.log(' -setProjectPackageManager:'); + console.log('\nsetProjectPackageManager:'); if (test('sets project package manager', () => { const testDir = createTestDir(); @@ -392,8 +381,7 @@ setProjectPackageManager:'); else failed++; // setPreferredPackageManager tests - console.log(' -setPreferredPackageManager:'); + console.log('\nsetPreferredPackageManager:'); if (test('rejects unknown package manager', () => { assert.throws(() => { @@ -403,8 +391,7 @@ setPreferredPackageManager:'); else failed++; // detectFromPackageJson edge cases - console.log(' -detectFromPackageJson (edge cases):'); + console.log('\ndetectFromPackageJson (edge cases):'); if (test('handles invalid JSON in package.json', () => { const testDir = createTestDir(); @@ -431,8 +418,7 @@ detectFromPackageJson (edge cases):'); else failed++; // getExecCommand edge cases - console.log(' -getExecCommand (edge cases):'); + console.log('\ngetExecCommand (edge cases):'); if (test('returns exec command without args', () => { const originalEnv = process.env.CLAUDE_PACKAGE_MANAGER; @@ -451,8 +437,7 @@ getExecCommand (edge cases):'); else failed++; // getRunCommand additional cases - console.log(' -getRunCommand (additional):'); + console.log('\ngetRunCommand (additional):'); if (test('returns correct build command', () => { const originalEnv = process.env.CLAUDE_PACKAGE_MANAGER; @@ -500,8 +485,7 @@ getRunCommand (additional):'); else failed++; // DETECTION_PRIORITY tests - console.log(' -DETECTION_PRIORITY:'); + console.log('\nDETECTION_PRIORITY:'); if (test('has pnpm first', () => { assert.strictEqual(pm.DETECTION_PRIORITY[0], 'pnpm'); @@ -514,8 +498,7 @@ DETECTION_PRIORITY:'); else failed++; // getCommandPattern additional cases - console.log(' -getCommandPattern (additional):'); + console.log('\ngetCommandPattern (additional):'); if (test('generates pattern for install command', () => { const pattern = pm.getCommandPattern('install'); @@ -538,8 +521,7 @@ getCommandPattern (additional):'); else failed++; // getPackageManager robustness tests - console.log(' -getPackageManager (robustness):'); + console.log('\ngetPackageManager (robustness):'); if (test('falls through on corrupted project config JSON', () => { const testDir = fs.mkdtempSync(path.join(os.tmpdir(), 'pm-robust-')); @@ -583,8 +565,7 @@ getPackageManager (robustness):'); else failed++; // getRunCommand validation tests - console.log(' -getRunCommand (validation):'); + console.log('\ngetRunCommand (validation):'); if (test('rejects empty script name', () => { assert.throws(() => pm.getRunCommand(''), /non-empty string/); @@ -623,8 +604,7 @@ getRunCommand (validation):'); else failed++; // getExecCommand validation tests - console.log(' -getExecCommand (validation):'); + console.log('\ngetExecCommand (validation):'); if (test('rejects empty binary name', () => { assert.throws(() => pm.getExecCommand(''), /non-empty string/); @@ -658,8 +638,7 @@ getExecCommand (validation):'); else failed++; // getPackageManager source detection tests - console.log(' -getPackageManager (source detection):'); + console.log('\ngetPackageManager (source detection):'); if (test('detects from valid project-config (.claude/package-manager.json)', () => { const testDir = fs.mkdtempSync(path.join(os.tmpdir(), 'pm-projcfg-')); @@ -745,8 +724,7 @@ getPackageManager (source detection):'); else failed++; // setPreferredPackageManager success - console.log(' -setPreferredPackageManager (success):'); + console.log('\nsetPreferredPackageManager (success):'); if (test('successfully saves preferred package manager', () => { // This writes to ~/.claude/package-manager.json — read original to restore @@ -767,7 +745,7 @@ setPreferredPackageManager (success):'); } else { try { fs.unlinkSync(configPath); - } catch (err) { + } catch (_err) { // ignore } } @@ -776,8 +754,7 @@ setPreferredPackageManager (success):'); else failed++; // getCommandPattern completeness - console.log(' -getCommandPattern (completeness):'); + console.log('\ngetCommandPattern (completeness):'); if (test('generates pattern for test command', () => { const pattern = pm.getCommandPattern('test'); @@ -795,8 +772,7 @@ getCommandPattern (completeness):'); else failed++; // getRunCommand PM-specific format tests - console.log(' -getRunCommand (PM-specific formats):'); + console.log('\ngetRunCommand (PM-specific formats):'); if (test('pnpm custom script: pnpm (no run keyword)', () => { const originalEnv = process.env.CLAUDE_PACKAGE_MANAGER; @@ -887,8 +863,7 @@ getRunCommand (PM-specific formats):'); else failed++; // getExecCommand PM-specific format tests - console.log(' -getExecCommand (PM-specific formats):'); + console.log('\ngetExecCommand (PM-specific formats):'); if (test('pnpm exec: pnpm dlx ', () => { const originalEnv = process.env.CLAUDE_PACKAGE_MANAGER; @@ -944,8 +919,7 @@ getExecCommand (PM-specific formats):'); else failed++; // ─── Round 21: getExecCommand args validation ─── - console.log(' -getExecCommand (args validation):'); + console.log('\ngetExecCommand (args validation):'); if (test('rejects args with shell metacharacter semicolon', () => { assert.throws(() => pm.getExecCommand('prettier', '; rm -rf /'), /unsafe characters/); @@ -985,8 +959,7 @@ getExecCommand (args validation):'); else failed++; // ─── Round 21: getCommandPattern regex escaping ─── - console.log(' -getCommandPattern (regex escaping):'); + console.log('\ngetCommandPattern (regex escaping):'); if (test('escapes dot in action name for regex safety', () => { const pattern = pm.getCommandPattern('test.all'); @@ -1012,8 +985,7 @@ getCommandPattern (regex escaping):'); else failed++; // ── Round 27: input validation and escapeRegex edge cases ── - console.log(' -getRunCommand (non-string input):'); + console.log('\ngetRunCommand (non-string input):'); if (test('rejects undefined script name', () => { assert.throws(() => pm.getRunCommand(undefined), /non-empty string/); @@ -1030,8 +1002,7 @@ getRunCommand (non-string input):'); })) passed++; else failed++; - console.log(' -getExecCommand (non-string binary):'); + console.log('\ngetExecCommand (non-string binary):'); if (test('rejects undefined binary name', () => { assert.throws(() => pm.getExecCommand(undefined), /non-empty string/); @@ -1043,8 +1014,7 @@ getExecCommand (non-string binary):'); })) passed++; else failed++; - console.log(' -getCommandPattern (escapeRegex completeness):'); + console.log('\ngetCommandPattern (escapeRegex completeness):'); if (test('escapes all regex metacharacters in action', () => { // All regex metacharacters: . * + ? ^ $ { } ( ) | [ ] \ @@ -1066,8 +1036,7 @@ getCommandPattern (escapeRegex completeness):'); })) passed++; else failed++; - console.log(' -getPackageManager (global config edge cases):'); + console.log('\ngetPackageManager (global config edge cases):'); if (test('ignores global config with non-string packageManager', () => { // This tests the path through loadConfig where packageManager is not a valid PM name @@ -1087,8 +1056,7 @@ getPackageManager (global config edge cases):'); else failed++; // ── Round 30: getCommandPattern with special action patterns ── - console.log(' -Round 30: getCommandPattern edge cases:'); + console.log('\nRound 30: getCommandPattern edge cases:'); if (test('escapes pipe character in action name', () => { const pattern = pm.getCommandPattern('lint|fix'); @@ -1113,8 +1081,8 @@ Round 30: getCommandPattern edge cases:'); })) passed++; else failed++; - if (test('known action \"dev\" does NOT use escapeRegex path', () => { - // \"dev\" is a known action with hardcoded patterns, not the generic path + if (test('known action "dev" does NOT use escapeRegex path', () => { + // "dev" is a known action with hardcoded patterns, not the generic path const pattern = pm.getCommandPattern('dev'); // Should match pnpm dev (without \"run\") const regex = new RegExp(pattern); @@ -1123,8 +1091,7 @@ Round 30: getCommandPattern edge cases:'); else failed++; // ── Round 31: setProjectPackageManager write verification ── - console.log(' -setProjectPackageManager (write verification, Round 31):'); + console.log('\nsetProjectPackageManager (write verification, Round 31):'); if (test('setProjectPackageManager creates .claude directory if missing', () => { const testDir = fs.mkdtempSync(path.join(os.tmpdir(), 'pm-mkdir-')); @@ -1156,8 +1123,7 @@ setProjectPackageManager (write verification, Round 31):'); else failed++; // ── Round 31: getExecCommand safe argument edge cases ── - console.log(' -getExecCommand (safe argument edge cases, Round 31):'); + console.log('\ngetExecCommand (safe argument edge cases, Round 31):'); if (test('allows colons in args (e.g. --fix:all)', () => { const originalEnv = process.env.CLAUDE_PACKAGE_MANAGER; @@ -1199,8 +1165,7 @@ getExecCommand (safe argument edge cases, Round 31):'); else failed++; // ── Round 34: getExecCommand non-string args & packageManager type ── - console.log(' -Round 34: getExecCommand non-string args:'); + console.log('\nRound 34: getExecCommand non-string args:'); if (test('getExecCommand with args=0 produces command without extra args', () => { const originalEnv = process.env.CLAUDE_PACKAGE_MANAGER; @@ -1245,8 +1210,7 @@ Round 34: getExecCommand non-string args:'); })) passed++; else failed++; - console.log(' -Round 34: detectFromPackageJson with non-string packageManager:'); + console.log('\nRound 34: detectFromPackageJson with non-string packageManager:'); if (test('detectFromPackageJson handles array packageManager field gracefully', () => { const tmpDir = createTestDir(); @@ -1275,8 +1239,7 @@ Round 34: detectFromPackageJson with non-string packageManager:'); else failed++; // ── Round 48: detectFromPackageJson format edge cases ── - console.log(' -Round 48: detectFromPackageJson (version format edge cases):'); + console.log('\nRound 48: detectFromPackageJson (version format edge cases):'); if (test('returns null for packageManager with non-@ separator', () => { const testDir = createTestDir(); @@ -1345,8 +1308,7 @@ Round 48: detectFromPackageJson (version format edge cases):'); else failed++; // ── Round 69: getPackageManager global-config success path ── - console.log(' -Round 69: getPackageManager (global-config success):'); + console.log('\nRound 69: getPackageManager (global-config success):'); if (test('getPackageManager returns source global-config when valid global config exists', () => { const tmpDir = createTestDir(); @@ -1391,8 +1353,7 @@ Round 69: getPackageManager (global-config success):'); else failed++; // ── Round 71: setPreferredPackageManager save failure wraps error ── - console.log(' -Round 71: setPreferredPackageManager (save failure):'); + console.log('\nRound 71: setPreferredPackageManager (save failure):'); if (test('setPreferredPackageManager throws wrapped error when save fails', () => { if (process.platform === 'win32' || process.getuid?.() === 0) { @@ -1418,7 +1379,7 @@ Round 71: setPreferredPackageManager (save failure):'); } finally { try { fs.chmodSync(claudeDir, 0o755); - } catch (err) { + } catch (_err) { /* best-effort */ } process.env.HOME = savedHome; @@ -1431,8 +1392,7 @@ Round 71: setPreferredPackageManager (save failure):'); else failed++; // ── Round 72: setProjectPackageManager save failure wraps error ── - console.log(' -Round 72: setProjectPackageManager (save failure):'); + console.log('\nRound 72: setProjectPackageManager (save failure):'); if (test('setProjectPackageManager throws wrapped error when write fails', () => { if (process.platform === 'win32' || process.getuid?.() === 0) { @@ -1456,8 +1416,7 @@ Round 72: setProjectPackageManager (save failure):'); else failed++; // ── Round 80: getExecCommand with truthy non-string args ── - console.log(' -Round 80: getExecCommand (truthy non-string args):'); + console.log('\nRound 80: getExecCommand (truthy non-string args):'); if (test('getExecCommand with args=42 (truthy number) appends stringified value', () => { const originalEnv = process.env.CLAUDE_PACKAGE_MANAGER; @@ -1477,8 +1436,7 @@ Round 80: getExecCommand (truthy non-string args):'); else failed++; // ── Round 86: detectFromPackageJson with empty (0-byte) package.json ── - console.log(' -Round 86: detectFromPackageJson (empty package.json):'); + console.log('\nRound 86: detectFromPackageJson (empty package.json):'); if (test('detectFromPackageJson returns null for empty (0-byte) package.json', () => { // package-manager.js line 109-111: readFile returns "" for empty file. @@ -1492,8 +1450,7 @@ Round 86: detectFromPackageJson (empty package.json):'); else failed++; // ── Round 91: getCommandPattern with empty action string ── - console.log(' -Round 91: getCommandPattern (empty action):'); + console.log('\nRound 91: getCommandPattern (empty action):'); if (test('getCommandPattern with empty string returns valid regex pattern', () => { // package-manager.js line 401-409: Empty action falls to the else branch. @@ -1512,8 +1469,7 @@ Round 91: getCommandPattern (empty action):'); else failed++; // ── Round 91: detectFromPackageJson with whitespace-only packageManager ── - console.log(' -Round 91: detectFromPackageJson (whitespace-only packageManager):'); + console.log('\nRound 91: detectFromPackageJson (whitespace-only packageManager):'); if (test('detectFromPackageJson returns null for whitespace-only packageManager field', () => { // package-manager.js line 114-119: \" \" is truthy, so enters the if block. @@ -1530,8 +1486,7 @@ Round 91: detectFromPackageJson (whitespace-only packageManager):'); else failed++; // ── Round 92: detectFromPackageJson with empty string packageManager ── - console.log(' -Round 92: detectFromPackageJson (empty string packageManager):'); + console.log('\nRound 92: detectFromPackageJson (empty string packageManager):'); if (test('detectFromPackageJson returns null for empty string packageManager field', () => { // package-manager.js line 114: if (pkg.packageManager) — empty string \"\" is falsy, @@ -1549,15 +1504,14 @@ Round 92: detectFromPackageJson (empty string packageManager):'); else failed++; // ── Round 94: detectFromPackageJson with scoped package name ── - console.log(' -Round 94: detectFromPackageJson (scoped package name @scope/pkg@version):'); + console.log('\nRound 94: detectFromPackageJson (scoped package name @scope/pkg@version):'); if (test('detectFromPackageJson returns null for scoped package name (@scope/pkg@version)', () => { // package-manager.js line 116: pmName = pkg.packageManager.split('@')[0]\ - // For \\\"@pnpm/exe@8.0.0\\\", split('@') -> ['', 'pnpm/exe', '8.0.0'], so [0] = ''\ + // For \"@pnpm/exe@8.0.0\", split('@') -> ['', 'pnpm/exe', '8.0.0'], so [0] = ''\ // PACKAGE_MANAGERS[''] is undefined -> returns null.\ // Scoped npm packages like @pnpm/exe are a real-world pattern but the\ - // packageManager field spec uses unscoped names (e.g., \\\"pnpm@8\\\"), so returning\ + // packageManager field spec uses unscoped names (e.g., \"pnpm@8\"), so returning\ // null is the correct defensive behaviour for this edge case. const testDir = createTestDir(); fs.writeFileSync( @@ -1565,14 +1519,13 @@ Round 94: detectFromPackageJson (scoped package name @scope/pkg@version):'); JSON.stringify({ name: 'test', packageManager: '@pnpm/exe@8.0.0' }) ); const result = pm.detectFromPackageJson(testDir); - assert.strictEqual(result, null, 'Scoped package name should return null (split(\"@\")[0] is empty string)'); + assert.strictEqual(result, null, 'Scoped package name should return null (split("@")[0] is empty string)'); cleanupTestDir(testDir); })) passed++; else failed++; // ── Round 94: getPackageManager with empty string CLAUDE_PACKAGE_MANAGER ── - console.log(' -Round 94: getPackageManager (empty string CLAUDE_PACKAGE_MANAGER env var):'); + console.log('\nRound 94: getPackageManager (empty string CLAUDE_PACKAGE_MANAGER env var):'); if (test('getPackageManager skips empty string CLAUDE_PACKAGE_MANAGER (falsy short-circuit)', () => { // package-manager.js line 168: if (envPm && PACKAGE_MANAGERS[envPm])\ @@ -1595,8 +1548,7 @@ Round 94: getPackageManager (empty string CLAUDE_PACKAGE_MANAGER env var):'); else failed++; // ── Round 104: detectFromLockFile with null projectDir (no input validation) ── - console.log(' -Round 104: detectFromLockFile (null projectDir — throws TypeError):'); + console.log('\nRound 104: detectFromLockFile (null projectDir — throws TypeError):'); if (test('detectFromLockFile(null) throws TypeError (path.join rejects null)', () => { // package-manager.js line 95: `path.join(projectDir, pm.lockFile)` — there is no\ @@ -1612,18 +1564,17 @@ Round 104: detectFromLockFile (null projectDir — throws TypeError):'); else failed++; // ── Round 105: getExecCommand with object args (bypasses SAFE_ARGS_REGEX, coerced to [object Object]) ── - console.log(' -Round 105: getExecCommand (object args — typeof bypass coerces to [object Object]):'); + console.log('\nRound 105: getExecCommand (object args — typeof bypass coerces to [object Object]):'); - if (test('getExecCommand with args={} bypasses SAFE_ARGS validation and coerces to \"[object Object]\"', () => { - // package-manager.js line 334: `if (args && typeof args === 'string' && !SAFE_ARGS_REGEX.test(args))`\ - // When args is an object: typeof {} === 'object' (not 'string'), so the\ + if (test('getExecCommand with args={} bypasses SAFE_ARGS validation and coerces to "[object Object]"', () => { + // package-manager.js line 334: `if (args && typeof args === 'string' && !SAFE_ARGS_REGEX.test(args))` + // When args is an object: typeof {} === 'object' (not 'string'), so the // SAFE_ARGS_REGEX check is entirely SKIPPED.\ // Line 339: `args ? ' ' + args : ''` — object is truthy, so it reaches\ // string concatenation which calls {}.toString() -> \"[object Object]\"\ - // Final command: \"npx prettier [object Object]\" — brackets bypass validation. + // Final command: "npx prettier [object Object]" — brackets bypass validation. const cmd = pm.getExecCommand('prettier', {}); - assert.ok(cmd.includes('[object Object]'), 'Object args should be coerced to \"[object Object]\" via implicit toString()'); + assert.ok(cmd.includes('[object Object]'), 'Object args should be coerced to "[object Object]" via implicit toString()'); // Verify the SAFE_ARGS regex WOULD reject this string if it were a string arg assert.throws( () => pm.getExecCommand('prettier', '[object Object]'), @@ -1634,8 +1585,7 @@ Round 105: getExecCommand (object args — typeof bypass coerces to [object Obje else failed++; // ── Round 109: getExecCommand with ../ path traversal in binary — SAFE_NAME_REGEX allows it ── - console.log(' -Round 109: getExecCommand (path traversal in binary — SAFE_NAME_REGEX permits ../ in binary name):'); + console.log('\nRound 109: getExecCommand (path traversal in binary — SAFE_NAME_REGEX permits ../ in binary name):'); if (test('getExecCommand accepts ../../../etc/passwd as binary because SAFE_NAME_REGEX allows ../', () => { const originalEnv = process.env.CLAUDE_PACKAGE_MANAGER; @@ -1658,8 +1608,7 @@ Round 109: getExecCommand (path traversal in binary — SAFE_NAME_REGEX permits else failed++; // ── Round 108: getRunCommand with path traversal — SAFE_NAME_REGEX allows ../ sequences ── - console.log(' -Round 108: getRunCommand (path traversal — SAFE_NAME_REGEX permits ../ via allowed / and . chars):'); + console.log('\nRound 108: getRunCommand (path traversal — SAFE_NAME_REGEX permits ../ via allowed / and . chars):'); if (test('getRunCommand accepts @scope/../../evil because SAFE_NAME_REGEX allows ../', () => { const originalEnv = process.env.CLAUDE_PACKAGE_MANAGER; @@ -1682,35 +1631,24 @@ Round 108: getRunCommand (path traversal — SAFE_NAME_REGEX permits ../ via all })) passed++; else failed++; - // ── Round 111: getExecCommand with newline in args — SAFE_ARGS_REGEX \\s includes - ── - console.log(' -Round 111: getExecCommand (newline in args — SAFE_ARGS_REGEX \\\\\\\\s matches \\\\\ -):'); + // Round 111: getExecCommand with newline in args + console.log('\nRound 111: getExecCommand (newline in args — SAFE_ARGS_REGEX \\\\\\\\s matches \\\\\\n):'); - if (test('getExecCommand accepts newline in args because SAFE_ARGS_REGEX \\\\\\\\s includes \\\\\ -', () => { - // SAFE_ARGS_REGEX = /^[@a-zA-Z0-9\\\\s_.\\\\/:=,'\\\"*+-\\\\]+$/\ - // \\\\\\\\s matches [\\\ \\\ -\\\\v\\\\f\\\\r ] — includes newline!\ - // This means \\\"file.js\\\ -malicious\\\" passes the regex. + if (test('getExecCommand accepts newline in args because SAFE_ARGS_REGEX includes newline', () => { + // SAFE_ARGS_REGEX = /^[@a-zA-Z0-9\\s_.\\/:=,'\"*+-\\]+$/ + // \\s matches whitespace including newline const originalEnv = process.env.CLAUDE_PACKAGE_MANAGER; try { process.env.CLAUDE_PACKAGE_MANAGER = 'npm'; - // Newline in args should pass SAFE_ARGS_REGEX because \\\\\\\\s matches \\\\\ -\ - const cmd = pm.getExecCommand('prettier', 'file.js\ -echo injected'); - assert.strictEqual(cmd, 'npx prettier file.js\ -echo injected', 'Newline passes SAFE_ARGS_REGEX (\\\\\\\\s includes \\\\\ -) — potential command injection vector'); + // Newline in args should pass SAFE_ARGS_REGEX because \\s matches newline + const cmd = pm.getExecCommand('prettier', 'file.js\necho injected'); + assert.strictEqual(cmd, 'npx prettier file.js\necho injected', 'Newline passes SAFE_ARGS_REGEX'); // Tab also passes - const cmd2 = pm.getExecCommand('eslint', 'file.js\ --fix'); - assert.strictEqual(cmd2, 'npx eslint file.js\ --fix', 'Tab also passes SAFE_ARGS_REGEX via \\\\\\\\s'); + const cmd2 = pm.getExecCommand('eslint', 'file.js\t--fix'); + assert.strictEqual(cmd2, 'npx eslint file.js\t--fix', 'Tab also passes SAFE_ARGS_REGEX via \\s'); // Carriage return also passes - const cmd3 = pm.getExecCommand('tsc', 'src\\r--strict'); - assert.strictEqual(cmd3, 'npx tsc src\\r--strict', 'Carriage return passes via \\\\\\\\s'); + const cmd3 = pm.getExecCommand('tsc', 'src\r--strict'); + assert.strictEqual(cmd3, 'npx tsc src\r--strict', 'Carriage return passes via \\s'); } finally { if (originalEnv !== undefined) process.env.CLAUDE_PACKAGE_MANAGER = originalEnv; else delete process.env.CLAUDE_PACKAGE_MANAGER; @@ -1719,8 +1657,7 @@ echo injected', 'Newline passes SAFE_ARGS_REGEX (\\\\\\\\s includes \\\\\ else failed++; // Summary - console.log(' -=== Test Results ==='); + console.log('\n=== Test Results ==='); console.log(`Passed: ${passed}`); console.log(`Failed: ${failed}`); console.log(`Total: ${passed + failed} diff --git a/tests/lib/session-aliases.test.js b/tests/lib/session-aliases.test.js index a9e5a2ee..4f8a6b45 100644 --- a/tests/lib/session-aliases.test.js +++ b/tests/lib/session-aliases.test.js @@ -787,7 +787,7 @@ function runTests() { // Verify the file exists const aliasesPath = path.join(tmpHome, '.claude', 'session-aliases.json'); assert.ok(fs.existsSync(aliasesPath), 'Aliases file should exist'); - const contentBefore = fs.readFileSync(aliasesPath, 'utf8'); + const _contentBefore = fs.readFileSync(aliasesPath, 'utf8'); // Attempt to save circular data — will fail const circular = { aliases: {}, metadata: {} }; diff --git a/tests/lib/session-manager.test.js b/tests/lib/session-manager.test.js index 95a47d5d..691b85da 100644 --- a/tests/lib/session-manager.test.js +++ b/tests/lib/session-manager.test.js @@ -1124,7 +1124,7 @@ src/main.ts } else { delete process.env.USERPROFILE; } - try { fs.rmSync(r33Home, { recursive: true, force: true }); } catch {} + try { fs.rmSync(r33Home, { recursive: true, force: true }); } catch (_e) { /* ignore cleanup errors */ } // ── Round 46: path heuristic and checklist edge cases ── console.log('\ngetSessionStats Windows path heuristic (Round 46):'); @@ -1985,7 +1985,7 @@ file.ts assert.ok(!afterContent.includes('Appended data'), 'Original content should be unchanged'); } finally { - try { fs.chmodSync(readOnlyFile, 0o644); } catch {} + try { fs.chmodSync(readOnlyFile, 0o644); } catch (_e) { /* ignore permission errors */ } fs.rmSync(tmpDir, { recursive: true, force: true }); } })) passed++; else failed++; diff --git a/tests/lib/utils.test.js b/tests/lib/utils.test.js index fe067d5b..cf991a47 100644 --- a/tests/lib/utils.test.js +++ b/tests/lib/utils.test.js @@ -1697,7 +1697,7 @@ function runTests() { 'Recursive search on unreadable root should also return empty array'); } finally { // Restore permissions before cleanup - try { fs.chmodSync(unreadableDir, 0o755); } catch {} + try { fs.chmodSync(unreadableDir, 0o755); } catch (_e) { /* ignore permission errors */ } fs.rmSync(tmpDir, { recursive: true, force: true }); } })) passed++; else failed++;