style: "Rearrange order of task definitions and disable ESLint on non-literal fs filename"

Rearranged the order of task definitions in many "group" files to achieve consistent code organization. The change doesn't affect the functionality of the files. Also, ESLint is now disabled for non-literal file system filename invocations for better runtime security. Several eslint errors of security/detect-non-literal-fs-filename, security/detect-object-injection were also fixed throughout the diff. Some parameters are reordered in some files to make the code base more consistent and enhance readability.

Signed-off-by: prisis <[email protected]>

Author: prisis

babel.config.cjs

@@ -1,14 +1,14 @@
 module.exports = {
+    plugins: ["transform-es2015-modules-commonjs"],
     presets: [
         [
             "@babel/preset-env",
             {
+                modules: "auto",
                 targets: {
                     node: "current",
                 },
-                modules: "auto",
             },
         ],
     ],
-    plugins: ["transform-es2015-modules-commonjs"],
 };

packages/babel-preset/src/index.ts

@@ -41,21 +41,21 @@ const preset = declare((api: BabelAPI, options: Options): Record<string, any> =>
     api.assertVersion("^7.13");
 
     const {
-        modules = "auto",
-        // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
-        targets,
-        removePropTypes: removePropertyTypes = false,
+        corejs = false,
         loose = true,
         looseClasses = true,
-        looseObjectRestSpread = true,
         looseComputedProperties = true,
+        looseObjectRestSpread = true,
         looseParameters = true,
         looseTemplateLiterals = true,
-        typescript = false,
-        react = false,
+        modules = "auto",
         polyfillRegenerator = false,
+        react = false,
+        removePropTypes: removePropertyTypes = false,
+        // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
+        targets,
+        typescript = false,
         useBuiltIns = false,
-        corejs = false,
     } = options;
 
     if (typeof modules === "boolean" && typeof modules === "string") {
@@ -103,15 +103,15 @@ const preset = declare((api: BabelAPI, options: Options): Record<string, any> =>
         [
             "@babel/preset-env",
             {
-                debug,
                 bugfixes: true,
-                useBuiltIns,
+                debug,
                 exclude: ["transform-async-to-generator", "transform-regenerator"],
+                loose,
                 modules: modules === false ? false : "auto",
+                shippedProposals: api.env("modern"),
                 // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
                 targets,
-                shippedProposals: api.env("modern"),
-                loose,
+                useBuiltIns,
             },
         ],
         typescript
@@ -191,8 +191,8 @@ const preset = declare((api: BabelAPI, options: Options): Record<string, any> =>
             ? [
                   "babel-plugin-transform-react-remove-prop-types",
                   {
-                      mode: "unsafe-wrap",
                       ignoreFilenames: ["node_modules"],
+                      mode: "unsafe-wrap",
                       ...(removePropertyTypes as object),
                   },
               ]
@@ -227,8 +227,8 @@ const preset = declare((api: BabelAPI, options: Options): Record<string, any> =>
             ? [
                   "babel-plugin-polyfill-corejs3",
                   {
-                      method: corejs.method ?? "usage-global",
                       absoluteImports: "core-js",
+                      method: corejs.method ?? "usage-global",
                       version: corejs.version,
                       ...corejs,
                   },
@@ -240,8 +240,8 @@ const preset = declare((api: BabelAPI, options: Options): Record<string, any> =>
         assumptions: {
             noDocumentAll: true,
         },
-        presets,
         plugins,
+        presets,
     };
 });
 

packages/babel-preset/src/postinstall.ts

@@ -22,6 +22,7 @@ const writeBabelRc = () => {
 };
 `;
 
+    // eslint-disable-next-line security/detect-non-literal-fs-filename
     if (existsSync(babelPath)) {
         console.warn(`⚠️  babel.config.js already exists;
 Make sure that it includes the following for @anolilab/babel-preset'

packages/browserslist-config-anolilab/src/index.ts

@@ -1,5 +1,4 @@
 const config = {
-    production: ["> 1%", "last 2 versions", "Firefox ESR", "not dead"],
     legacyBrowsers: ["> 1%", "last 2 versions", "Firefox ESR"],
     modernBrowsers: [
         "last 2 Chrome versions",
@@ -13,9 +12,10 @@ const config = {
         "last 2 Edge versions",
         "not Edge < 15",
     ],
-    ssr: ["node 16"],
     /** NOTE: Meaning LTS version. Any version above LTS is not considered as "major release", AFAIK. */
     node: ["last 2 node major versions"],
+    production: ["> 1%", "last 2 versions", "Firefox ESR", "not dead"],
+    ssr: ["node 16"],
 };
 
 export default config;

packages/commitlint-config/src/postinstall.ts

@@ -18,6 +18,7 @@ console.log("Configuring @anolilab/commitlint-config", projectPath, "\n");
 const writeCommitLintConfig = () => {
     const commitlintPath = join(projectPath, "commitlint.config.js");
 
+    // eslint-disable-next-line security/detect-non-literal-fs-filename
     if (existsSync(commitlintPath)) {
         console.warn("⚠️  commitlint.config.js already exists;");
 
@@ -43,6 +44,7 @@ const writeCommitLintConfig = () => {
 const writeCzrc = () => {
     const filePath = join(projectPath, ".czrc");
 
+    // eslint-disable-next-line security/detect-non-literal-fs-filename
     if (existsSync(filePath)) {
         console.warn("⚠️  .czrc already exists;");
 

packages/lint-staged-config/src/config.ts

@@ -18,38 +18,38 @@ type Groups = {
 
 const groups: Groups = [
     {
-        configName: "eslint",
         config: eslintConfig,
+        configName: "eslint",
         dependencies: ["prettier", "eslint"],
     },
     {
-        configName: "json",
         config: jsonConfig,
+        configName: "json",
         dependencies: ["prettier", "sort-package-json"],
     },
     {
-        configName: "markdown",
         config: markdownConfig,
+        configName: "markdown",
         dependencies: ["prettier", "markdownlint-cli", "markdownlint-cli2"],
     },
     {
-        configName: "secretlint",
         config: secretlintConfig,
+        configName: "secretlint",
         dependencies: ["secretlint"],
     },
     {
-        configName: "stylesheets",
         config: stylesheetsConfig,
+        configName: "stylesheets",
         dependencies: ["stylelint"],
     },
     {
-        configName: "tests",
         config: testsConfig,
+        configName: "tests",
         dependencies: ["vite", "jest", "ava"],
     },
     {
-        configName: "typescript",
         config: typescriptConfig,
+        configName: "typescript",
         dependencies: ["typescript"],
     },
 ];
@@ -60,8 +60,9 @@ const loadedPluginsNames: string[] = [];
 const possiblePlugins: { [rule: string]: { [packageName: string]: boolean } } = {};
 
 groups.forEach((plugin) => {
-    const { dependencies, config, configName } = plugin;
+    const { config, configName, dependencies } = plugin;
 
+    // eslint-disable-next-line security/detect-object-injection
     if ((anolilabLintStagedConfig as unknown as { [key: string]: { [key: string]: false | undefined } })?.["plugin"]?.[configName] !== false) {
         const foundDependencies = [];
 
@@ -75,9 +76,11 @@ groups.forEach((plugin) => {
             loadedPlugins = { ...loadedPlugins, ...config };
             loadedPluginsNames.push(configName);
         } else {
+            // eslint-disable-next-line security/detect-object-injection
             possiblePlugins[configName] = {};
 
             dependencies.forEach((dependency) => {
+                // eslint-disable-next-line security/detect-object-injection
                 (possiblePlugins[configName] as { [key: string]: boolean })[dependency] = hasDependency(dependency) || hasDevDependency(dependency);
             });
         }

packages/lint-staged-config/src/groups/eslint/group-file-paths-by-directory-name.ts

@@ -6,10 +6,12 @@ const groupFilePathsByDirectoryName = (filePaths: string[]): { [key: string]: st
     filePaths.forEach((filePath) => {
         const directoryName = dirname(filePath);
 
+        // eslint-disable-next-line security/detect-object-injection
         if (!groups[directoryName]) {
+            // eslint-disable-next-line security/detect-object-injection
             groups[directoryName] = [];
         }
-
+        // eslint-disable-next-line security/detect-object-injection
         (groups[directoryName] as string[]).push(filePath);
     });
 

packages/lint-staged-config/src/groups/eslint/index.ts

@@ -19,11 +19,11 @@ if (!global.hasAnolilabLintStagedMarkdownCli && !global.hasAnolilabLintStagedMar
 }
 
 const group: Config = {
+    [`*.{${["json", "json5", "jsonc"].join(",")}}`]: async (filenames: string[]) => [...(await createEslintCommands(filenames))],
     [`*.{${[extensions].join(",")}}`]: async (filenames: string[]) => [
         `prettier --write ${concatFiles(filenames)}`,
         ...(await createEslintCommands(filenames)),
     ],
-    [`*.{${["json", "json5", "jsonc"].join(",")}}`]: async (filenames: string[]) => [...(await createEslintCommands(filenames))],
 };
 
 export default group;

packages/lint-staged-config/src/groups/eslint/remove-ignored-files.ts

@@ -8,6 +8,7 @@ const removeIgnoredFiles = async (filenames: string[]): Promise<string[]> => {
     const eslint = new ESLint();
     // eslint-disable-next-line compat/compat
     const ignoredFiles = await Promise.all(filenames.map((filename) => eslint.isPathIgnored(filename)));
+    // eslint-disable-next-line security/detect-object-injection
     const filteredFiles = filenames.filter((_, index) => !ignoredFiles[index]);
 
     return filteredFiles.map((filename) => `"${isWindows ? filename : quote([filename])}"`);

packages/lint-staged-config/src/groups/tests.ts

@@ -8,21 +8,21 @@ const hasJest = hasDependency("jest") || hasDevDependency("jest");
 const hasAva = hasDependency("ava") || hasDevDependency("ava");
 
 const group: Config = {
-    ...(hasVitest && { "**/__tests__/**/*.?(c|m)[jt]s?(x)": ["vitest related --run"], "**/?(*.){test,spec}.?(c|m)[jt]s?(x)": ["vitest related --run"] }),
+    ...(hasVitest && { "**/?(*.){test,spec}.?(c|m)[jt]s?(x)": ["vitest related --run"], "**/__tests__/**/*.?(c|m)[jt]s?(x)": ["vitest related --run"] }),
     ...(hasJest && {
         "**/*.spec.{js,ts,tsx}": ["jest --findRelatedTests"],
         "**/*.test.{js,ts,tsx}": ["jest --findRelatedTests"],
-        "**/test/*.{js,ts,tsx}": ["jest --findRelatedTests"],
+        "**/?(*.){test,spec}.?(c|m)[jt]s?(x)": ["jest --findRelatedTests"],
         "**/__mocks__/*.{js,ts,tsx}": ["jest --findRelatedTests"],
-        "**/__tests__/*.{js,ts,tsx}": ["jest --findRelatedTests"],
         "**/__tests__/**/*.?(c|m)[jt]s?(x)": ["jest --findRelatedTests"],
-        "**/?(*.){test,spec}.?(c|m)[jt]s?(x)": ["jest --findRelatedTests"],
+        "**/__tests__/*.{js,ts,tsx}": ["jest --findRelatedTests"],
+        "**/test/*.{js,ts,tsx}": ["jest --findRelatedTests"],
     }),
     ...(hasAva && {
+        "**/(test|tests|__tests__)/**/*.js": (filenames: string[]) => [`ava ${concatFiles(filenames)}`],
+        "**/*.(spec|test).js": (filenames: string[]) => [`ava ${concatFiles(filenames)}`],
         "**/test.js": (filenames: string[]) => [`ava ${concatFiles(filenames)}`],
         "**/test-*.js": (filenames: string[]) => [`ava ${concatFiles(filenames)}`],
-        "**/*.(spec|test).js": (filenames: string[]) => [`ava ${concatFiles(filenames)}`],
-        "**/(test|tests|__tests__)/**/*.js": (filenames: string[]) => [`ava ${concatFiles(filenames)}`],
     }),
 };
 

packages/lint-staged-config/src/postinstall.ts

@@ -1,15 +1,13 @@
-import {
- hasDependency, hasDevDependency, packageIsTypeModule, projectPath
-} from "@anolilab/package-json-utils";
+import { hasDependency, hasDevDependency, packageIsTypeModule, projectPath } from "@anolilab/package-json-utils";
 import { existsSync, mkdir, writeFile } from "node:fs";
 import { join } from "node:path";
+import { exit } from "node:process";
 import { promisify } from "node:util";
 
 import getNearestConfigPath from "./utils/get-nearest-config-path";
 
 if (process.env["CI"]) {
-    // eslint-disable-next-line unicorn/no-process-exit
-    process.exit(0);
+    exit(0);
 }
 
 const writeFileAsync = promisify(writeFile);
@@ -20,6 +18,7 @@ console.log("Configuring @anolilab/lint-staged-config", projectPath, "\n");
 const configFile = ".lintstagedrc";
 
 const checkIfFileExists = (filename: string): boolean => {
+    // eslint-disable-next-line security/detect-non-literal-fs-filename
     if (existsSync(filename)) {
         console.warn(`⚠️  ${filename} already exists;`);
 
@@ -78,6 +77,7 @@ const writeHuskyFiles = async () => {
 
     const huskyFolderPath = join(projectPath, ".husky");
 
+    // eslint-disable-next-line security/detect-non-literal-fs-filename
     if (!existsSync(huskyFolderPath)) {
         await mkdirAsync(huskyFolderPath);
     }
@@ -209,13 +209,11 @@ echo --------------------------------------------
 
         console.log("😎  Everything went well, have fun!");
 
-        // eslint-disable-next-line unicorn/no-process-exit
-        process.exit(0);
+        exit(0);
     } catch (error) {
         console.log("😬  something went wrong:");
         console.error(error);
 
-        // eslint-disable-next-line unicorn/no-process-exit
-        process.exit(1);
+        exit(1);
     }
 })();

packages/lint-staged-config/src/utils/get-nearest-config-path.ts

@@ -33,6 +33,7 @@ const getNearestConfigPath = <N extends ConfigFileName, A extends AbsolutePath =
     const packageRootPath = getNearestPackageRootPath(cwd);
     const configPath = joinPaths<[A, N]>([packageRootPath as A, fileName]);
 
+    // eslint-disable-next-line security/detect-non-literal-fs-filename
     if (existsSync(configPath)) {
         return configPath;
     }

packages/lint-staged-config/src/utils/logger.ts

@@ -2,9 +2,7 @@ import { env } from "node:process";
 
 const noop = () => undefined;
 
-const consolePrefix = (prefix: string) =>
-    // eslint-disable-next-line implicit-arrow-linebreak
-    (env["NO_LOGS"] ? noop : (message: string) => console.log(`${prefix}${message}`));
+const consolePrefix = (prefix: string) => (env["NO_LOGS"] ? noop : (message: string) => console.log(`${prefix}${message}`));
 
 const consoleLog = consolePrefix("");
 

packages/package-json-utils/__tests__/index.test.ts

@@ -1,11 +1,11 @@
 import { dirname } from "node:path";
-import {
- describe, expect, it, vi,
-} from "vitest";
+import { describe, expect, it, vi } from "vitest";
 
 import {
     environmentIsSet,
-    fromRoot, getPackageProperty, getPackageSubProperty,
+    fromRoot,
+    getPackageProperty,
+    getPackageSubProperty,
     hasAnyDep,
     hasDep,
     hasDevelopmentDep,
@@ -124,27 +124,30 @@ describe("package-json-utils", () => {
         expect(isPackageAvailable("vitest2")).toBeFalsy();
     });
 
-    it.each<"error" | "info" | "log" | "warn">(["warn", "log", "error", "info"])("showMissingPackages: logs a %type message with the missing packages", (type) => {
-        const consoleMock = vi.spyOn(console, type);
+    it.each<"error" | "info" | "log" | "warn">(["warn", "log", "error", "info"])(
+        "showMissingPackages: logs a %type message with the missing packages",
+        (type) => {
+            const consoleMock = vi.spyOn(console, type);
 
-        showMissingPackages("example", ["package1", "package2"], {
-            consoleType: type,
-        });
+            showMissingPackages("example", ["package1", "package2"], {
+                consoleType: type,
+            });
 
-        expect(consoleMock).toHaveBeenCalledTimes(1);
-        expect(consoleMock).toHaveBeenCalledWith(expect.stringContaining("example could not find the following packages"));
-        expect(consoleMock).toHaveBeenCalledWith(expect.stringContaining("package1"));
-        expect(consoleMock).toHaveBeenCalledWith(expect.stringContaining("package2"));
+            expect(consoleMock).toHaveBeenCalledTimes(1);
+            expect(consoleMock).toHaveBeenCalledWith(expect.stringContaining("example could not find the following packages"));
+            expect(consoleMock).toHaveBeenCalledWith(expect.stringContaining("package1"));
+            expect(consoleMock).toHaveBeenCalledWith(expect.stringContaining("package2"));
 
-        consoleMock.mockRestore();
-    });
+            consoleMock.mockRestore();
+        },
+    );
 
     it("showMissingPackages: logs a warning message with the missing packages, pre and post message", () => {
         const consoleMock = vi.spyOn(console, "warn");
 
         showMissingPackages("example", ["package1", "package2"], {
-            preMessage: "pre message",
             postMessage: "post message",
+            preMessage: "pre message",
         });
 
         expect(consoleMock).toHaveBeenCalledTimes(1);