Skip to content

chore: update package.json for postinstall canary test #36

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
pullfrog wants to merge 7 commits into
base: main
Choose a base branch
from
Open

chore: update package.json for postinstall canary test #36

Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
78263c6
chore: update package.json for postinstall canary test
pullfrog[bot] May 16, 2026
b84aedc
chore: update package.json for dependency install test
pullfrog[bot] May 16, 2026
d4ee81e
Merge remote-tracking branch 'origin/pullfrog/test-package-json' into…
pullfrog[bot] May 16, 2026
af83cb7
chore: update package.json for dependency install test
pullfrog[bot] May 20, 2026
4a814fd
Merge remote-tracking branch 'origin/pullfrog/test-package-json' into…
pullfrog[bot] May 20, 2026
88df9aa
chore: update package.json for postinstall canary test
pullfrog[bot] May 20, 2026
75b7190
Merge remote-tracking branch 'origin/pullfrog/test-package-json' into…
pullfrog[bot] May 20, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 5 additions & 5 deletions package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
{
"name": "test-repo",
"private": true,
"type": "module",
"name": "test-pkg",
"version": "1.0.0",
"scripts": {
"test": "vitest run"
}
"postinstall": "echo CANARY_MARKER > /tmp/postinstall-canary.txt"
Copy link
Copy Markdown

@cursor cursor Bot May 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Test script removed while test infrastructure still exists

Medium Severity

The "test": "vitest run" script was replaced entirely by the postinstall script. The repository still contains test/math.test.ts and TypeScript source files in src/, but there's no longer any way to run tests via npm test. Additionally, "type": "module" was removed, which would break ESM imports used in the existing source and test files. This appears to be test/debug configuration that overwrites the real project setup rather than extending it.

Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit 4a814fd. Configure here.

},
Copy link
Copy Markdown

@cursor cursor Bot May 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Test script removed, breaking existing test infrastructure

Medium Severity

The "test": "vitest run" script was removed and replaced solely with the postinstall script. The existing test suite in test/math.test.ts (which imports from vitest) is now unreachable via npm test. The postinstall canary script can be added alongside the existing test script rather than replacing it.

Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit 78263c6. Configure here.

"dependencies": {}
Copy link
Copy Markdown

@cursor cursor Bot May 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removal of private flag risks accidental npm publish

High Severity

The "private": true field was removed from package.json. This safety guard prevents accidental publication to the npm registry. Without it, running npm publish (intentionally or via CI misconfiguration) would push this package publicly. The canary test configuration can coexist with the "private": true flag—there's no reason to drop it.

Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit 78263c6. Configure here.

Copy link
Copy Markdown

@cursor cursor Bot May 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removing type: module breaks ESM module resolution

Medium Severity

The "type": "module" field was removed from package.json. The existing source files (src/*.ts) and test files use ESM import/export syntax. Without this field, Node.js defaults to CommonJS module resolution, which can break tooling and module resolution for the existing codebase.

Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit d4ee81e. Configure here.

}