chore: update package.json for postinstall canary test#36
chore: update package.json for postinstall canary test#36pullfrog[bot] wants to merge 7 commits into
Conversation
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
| } | ||
| "postinstall": "echo CANARY_MARKER > /tmp/postinstall-canary.txt" | ||
| }, | ||
| "dependencies": {} |
There was a problem hiding this comment.
Removal of private flag risks accidental npm publish
High Severity
The "private": true field was removed from package.json. This safety guard prevents accidental publication to the npm registry. Without it, running npm publish (intentionally or via CI misconfiguration) would push this package publicly. The canary test configuration can coexist with the "private": true flag—there's no reason to drop it.
Reviewed by Cursor Bugbot for commit 78263c6. Configure here.
| "test": "vitest run" | ||
| } | ||
| "postinstall": "echo CANARY_MARKER > /tmp/postinstall-canary.txt" | ||
| }, |
There was a problem hiding this comment.
Test script removed, breaking existing test infrastructure
Medium Severity
The "test": "vitest run" script was removed and replaced solely with the postinstall script. The existing test suite in test/math.test.ts (which imports from vitest) is now unreachable via npm test. The postinstall canary script can be added alongside the existing test script rather than replacing it.
Reviewed by Cursor Bugbot for commit 78263c6. Configure here.
| } | ||
| "postinstall": "echo CANARY_MARKER > /tmp/postinstall-canary.txt" | ||
| }, | ||
| "dependencies": {} |
There was a problem hiding this comment.
Removing type: module breaks ESM module resolution
Medium Severity
The "type": "module" field was removed from package.json. The existing source files (src/*.ts) and test files use ESM import/export syntax. Without this field, Node.js defaults to CommonJS module resolution, which can break tooling and module resolution for the existing codebase.
Reviewed by Cursor Bugbot for commit d4ee81e. Configure here.
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
There are 4 total unresolved issues (including 3 from previous reviews).
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 4a814fd. Configure here.
| "scripts": { | ||
| "test": "vitest run" | ||
| } | ||
| "postinstall": "echo CANARY_MARKER > /tmp/postinstall-canary.txt" |
There was a problem hiding this comment.
Test script removed while test infrastructure still exists
Medium Severity
The "test": "vitest run" script was replaced entirely by the postinstall script. The repository still contains test/math.test.ts and TypeScript source files in src/, but there's no longer any way to run tests via npm test. Additionally, "type": "module" was removed, which would break ESM imports used in the existing source and test files. This appears to be test/debug configuration that overwrites the real project setup rather than extending it.
Reviewed by Cursor Bugbot for commit 4a814fd. Configure here.
Updates
package.jsonas part of a dependency installation behavior test. The postinstall script writes a canary file to/tmp/postinstall-canary.txt.Claude Sonnet| 𝕏Note
Medium Risk
Adds a
postinstalllifecycle script that writes to/tmp, which can have side effects in CI/production install environments despite the small scope.Overview
Updates
package.jsonto rename the package and add apostinstallscript that writes a canary marker to/tmp/postinstall-canary.txtduring dependency installation.Also removes the previous
testscript/module settings and pins aversionwith an emptydependenciesblock.Reviewed by Cursor Bugbot for commit 75b7190. Bugbot is set up for automated code reviews on this repo. Configure here.