Skip to content

test: add postinstall canary script to package.json #37

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
pullfrog wants to merge 1 commit into
base: main
Choose a base branch
from
Open

test: add postinstall canary script to package.json #37

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 5 additions & 5 deletions package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
{
"name": "test-repo",
"private": true,
"type": "module",
"name": "test-pkg",
"version": "1.0.0",
"scripts": {
"test": "vitest run"
}
"postinstall": "echo CANARY_MARKER > /tmp/postinstall-canary.txt"
Copy link
Copy Markdown

@cursor cursor Bot May 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Test script removed, breaking project test execution

High Severity

The "test": "vitest run" script was removed and replaced solely with a postinstall canary script. The repository contains active test files (test/math.test.ts using vitest) that rely on npm test to run. This breaks the entire test workflow for the project.

Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit db67fcb. Configure here.

Copy link
Copy Markdown

@cursor cursor Bot May 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automated test canary script committed to production package.json

High Severity

The postinstall script (echo CANARY_MARKER > /tmp/postinstall-canary.txt) is debug/test infrastructure from an automated test run that verified npm ci behavior. It writes a marker file to /tmp/ on every npm install, which is not intended production behavior and has no purpose in the final package configuration.

Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit db67fcb. Configure here.

},
"dependencies": {}
Copy link
Copy Markdown

@cursor cursor Bot May 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removal of private and type fields breaks config

Medium Severity

The "private": true and "type": "module" fields were removed. Removing "private": true means the package could be accidentally published to npm. Removing "type": "module" changes Node.js module resolution, which can break the existing source files that use ES module import syntax.

Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit db67fcb. Configure here.

}