From ce57eea99648adffbb579ad717a8bb5537e235f8 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 26 Jun 2026 03:11:32 +0000 Subject: [PATCH] chore: version packages --- .changeset/ai-training-license.md | 11 -- .changeset/ci-management-command.md | 11 -- .changeset/expo-plugin-package-names.md | 15 --- .changeset/faster-cold-scans.md | 8 -- .changeset/feat-959-runtime-globals.md | 14 --- .changeset/fix-875-jsx-namespace-member.md | 12 -- .../fix-921-validate-projects-config.md | 10 -- .changeset/fix-924-git-spawn-defect.md | 6 - .../fix-950-incompatible-library-copy.md | 18 --- .changeset/fix-961-self-toolchain.md | 16 --- .changeset/fix-964-cursor-windows-launcher.md | 5 - .changeset/fix-969-precommit-show-output.md | 12 -- .changeset/fix-bunx-typescript-6.md | 22 ---- .changeset/fix-jsx-key-spread-position.md | 6 - .changeset/fix-object-prototype-keys.md | 9 -- .changeset/fix-project-basename-resolution.md | 9 -- .changeset/fix-staged-error-logging.md | 7 -- .../fix-supabase-rls-false-positives.md | 23 ---- .changeset/fix-unicode-encoding-issue.md | 10 -- .changeset/fix-windows-agent-hooks.md | 5 - .changeset/graceful-git-unavailable.md | 6 - .changeset/install-error-handling.md | 11 -- .changeset/install-recommended-agents-only.md | 13 -- .changeset/json-out-flag.md | 5 - .changeset/namespace-wide-event-telemetry.md | 5 - .changeset/remember-handoff-target.md | 5 - .changeset/rn-no-raw-text-conservative.md | 14 --- .changeset/triage-925-environment-errors.md | 5 - .../unused-dep-binary-false-positive.md | 10 -- packages/api/CHANGELOG.md | 7 ++ packages/api/package.json | 2 +- packages/core/CHANGELOG.md | 63 ++++++++++ packages/core/package.json | 2 +- packages/deslop-cli/CHANGELOG.md | 11 ++ packages/deslop-cli/package.json | 2 +- packages/deslop-js/CHANGELOG.md | 54 +++++++++ packages/deslop-js/package.json | 2 +- .../eslint-plugin-react-doctor/CHANGELOG.md | 13 ++ .../eslint-plugin-react-doctor/package.json | 2 +- packages/language-server/CHANGELOG.md | 7 ++ packages/language-server/package.json | 2 +- .../oxlint-plugin-react-doctor/CHANGELOG.md | 41 +++++++ .../oxlint-plugin-react-doctor/package.json | 2 +- packages/react-doctor/CHANGELOG.md | 111 ++++++++++++++++++ packages/react-doctor/package.json | 2 +- 45 files changed, 315 insertions(+), 311 deletions(-) delete mode 100644 .changeset/ai-training-license.md delete mode 100644 .changeset/ci-management-command.md delete mode 100644 .changeset/expo-plugin-package-names.md delete mode 100644 .changeset/faster-cold-scans.md delete mode 100644 .changeset/feat-959-runtime-globals.md delete mode 100644 .changeset/fix-875-jsx-namespace-member.md delete mode 100644 .changeset/fix-921-validate-projects-config.md delete mode 100644 .changeset/fix-924-git-spawn-defect.md delete mode 100644 .changeset/fix-950-incompatible-library-copy.md delete mode 100644 .changeset/fix-961-self-toolchain.md delete mode 100644 .changeset/fix-964-cursor-windows-launcher.md delete mode 100644 .changeset/fix-969-precommit-show-output.md delete mode 100644 .changeset/fix-bunx-typescript-6.md delete mode 100644 .changeset/fix-jsx-key-spread-position.md delete mode 100644 .changeset/fix-object-prototype-keys.md delete mode 100644 .changeset/fix-project-basename-resolution.md delete mode 100644 .changeset/fix-staged-error-logging.md delete mode 100644 .changeset/fix-supabase-rls-false-positives.md delete mode 100644 .changeset/fix-unicode-encoding-issue.md delete mode 100644 .changeset/fix-windows-agent-hooks.md delete mode 100644 .changeset/graceful-git-unavailable.md delete mode 100644 .changeset/install-error-handling.md delete mode 100644 .changeset/install-recommended-agents-only.md delete mode 100644 .changeset/json-out-flag.md delete mode 100644 .changeset/namespace-wide-event-telemetry.md delete mode 100644 .changeset/remember-handoff-target.md delete mode 100644 .changeset/rn-no-raw-text-conservative.md delete mode 100644 .changeset/triage-925-environment-errors.md delete mode 100644 .changeset/unused-dep-binary-false-positive.md diff --git a/.changeset/ai-training-license.md b/.changeset/ai-training-license.md deleted file mode 100644 index 714b875af..000000000 --- a/.changeset/ai-training-license.md +++ /dev/null @@ -1,11 +0,0 @@ ---- -"react-doctor": patch -"eslint-plugin-react-doctor": patch -"oxlint-plugin-react-doctor": patch -"deslop-js": patch -"deslop-cli": patch ---- - -Update the license to MIT with additional restrictions: the software may not be used as training, fine-tuning, or evaluation data for machine-learning models or AI systems, nor sold or resold as a commercial product or service (e.g. a paid API, SaaS, or hosted/managed service) whose value derives substantially from the software, without prior written permission (contact founders@million.dev). Each version's additional restrictions expire on the second anniversary of its release, after which that version is available under the standard MIT License (an FSL-style grant of future license). Each published package now ships its own up-to-date `LICENSE` file so the terms travel with the tarball. - -The `react-doctor` CLI also now prints a one-time notice (once per run) when it detects it is running inside an AI/ML training pipeline or agent sandbox, pointing to the license terms. diff --git a/.changeset/ci-management-command.md b/.changeset/ci-management-command.md deleted file mode 100644 index a1761da1f..000000000 --- a/.changeset/ci-management-command.md +++ /dev/null @@ -1,11 +0,0 @@ ---- -"react-doctor": minor ---- - -Add `react-doctor ci `, a dedicated command for managing React Doctor in CI. - -- `ci install` adds a workflow that scans every pull request. It auto-detects the provider (GitHub Actions or GitLab CI), bakes a gate from `--blocking`/`--scope`/`--comment`/`--review-comments`/`--commit-status`, and can open a pull request with `--pr`. -- `ci config` walks you through the gate, scan scope, and pull-request reporting interactively (with a plain-language recap of what each setting does), or applies the same flags non-interactively. It edits any workflow that contains the React Doctor action step in place — preserving your other steps, jobs, inputs, and comments — and only prints a paste snippet when the file has no React Doctor step. -- `ci upgrade` bumps the GitHub Action to its current floating major. - -GitHub Actions is fully supported; GitLab CI gets a gate-only scaffold. The `install` command's CI setup is unchanged; `ci` is the focused home for managing CI on its own. diff --git a/.changeset/expo-plugin-package-names.md b/.changeset/expo-plugin-package-names.md deleted file mode 100644 index 4405292cc..000000000 --- a/.changeset/expo-plugin-package-names.md +++ /dev/null @@ -1,15 +0,0 @@ ---- -"deslop-js": patch ---- - -Fix false positives in Expo config plugin detection for package-name plugins and nested expo config - -Expo config plugins can be referenced by package name (not just local file paths) from `app.json` / `app.config.*`, but the collector dropped any plugin entry that didn't resolve to a local file — so packages referenced only as config plugins were reported as unused. The `app.config.{js,ts}` AST path also only matched a top-level `plugins` property and never descended into the standard `{ expo: { plugins: [...] } }` shape (the JSON `app.json` path already read `expo.plugins`). - -Fixed by: - -- Tracking package-name plugins (e.g. `@config-plugins/detox`, `@react-native-firebase/app`) alongside local file-path plugins -- Descending into the nested `expo` object in the config-object AST collector -- Marking those package-name plugins as used in `detectStalePackages` (gated on the declared dependency set, so unrelated strings can't suppress real unused deps) - -Closes #914 diff --git a/.changeset/faster-cold-scans.md b/.changeset/faster-cold-scans.md deleted file mode 100644 index ff1e22fcd..000000000 --- a/.changeset/faster-cold-scans.md +++ /dev/null @@ -1,8 +0,0 @@ ---- -"react-doctor": patch ---- - -Speed up cold scans and bound dead-code memory on multi-project workspaces. - -- Overlap the project security scan with the lint pass instead of running it synchronously beforehand. The content-regex security sweep (shipped artifacts, dotenv, SQL — files lint never parses) was the single heaviest CPU phase on real repos and blocked the event loop the whole time. It now runs on a cooperative background fiber that yields between file chunks, so its cost hides under the subprocess-bound lint pass and stops starving a multi-project scan's concurrent git/network work. Cold scans are measurably faster (~30% on a mid-size project and workspace in local benchmarks); diagnostics are byte-identical. -- Cap concurrent dead-code (deslop) workers by a memory budget so a multi-project scan can't oversubscribe memory with many simultaneous worker processes on a small CI runner. On a roomy machine the cap exceeds the project count, so nothing serializes and scan time is unchanged. diff --git a/.changeset/feat-959-runtime-globals.md b/.changeset/feat-959-runtime-globals.md deleted file mode 100644 index f2c8db841..000000000 --- a/.changeset/feat-959-runtime-globals.md +++ /dev/null @@ -1,14 +0,0 @@ ---- -"@react-doctor/core": patch ---- - -Add `runtimeGlobals` config to silence jsx-no-undef false positives for runtime-injected identifiers - -`jsx-no-undef` is a single-file rule, so it flags capitalized JSX identifiers -that are provided at runtime rather than imported in the file — react-live's -``, Storybook globals, MDX live blocks, or an ambient -`declare global` in a separate `.d.ts`. List those names in the new -`runtimeGlobals` config array and `jsx-no-undef` treats them as known. Opt-in — -an empty/absent list leaves behavior unchanged. - -Closes #959 diff --git a/.changeset/fix-875-jsx-namespace-member.md b/.changeset/fix-875-jsx-namespace-member.md deleted file mode 100644 index 20ae1dc68..000000000 --- a/.changeset/fix-875-jsx-namespace-member.md +++ /dev/null @@ -1,12 +0,0 @@ ---- -"deslop-js": patch ---- - -Fix `deslop/unused-export` false positive for namespace-imported components used in JSX - -A component referenced only through a namespace import in JSX — -`import * as S from "./style"` then `` — was reported as an unused -export. The usage walker recorded namespace member access in regular expressions -(`MemberExpression`, e.g. `S.helper()`) but not in JSX (`JSXMemberExpression`), -so a member used solely as `` was missed whenever the namespace had any -other accessed member. Closes #875. diff --git a/.changeset/fix-921-validate-projects-config.md b/.changeset/fix-921-validate-projects-config.md deleted file mode 100644 index 74f636508..000000000 --- a/.changeset/fix-921-validate-projects-config.md +++ /dev/null @@ -1,10 +0,0 @@ ---- -"@react-doctor/core": patch -"react-doctor": patch ---- - -fix: validate string array config fields (projects, textComponents, etc.) - -Non-string entries in `config.projects` caused `selectProjects` to crash with `requestedName.trim is not a function`. The validator now filters non-string entries from `projects`, `textComponents`, `rawTextWrapperComponents`, and `serverAuthFunctionNames` with warnings instead of crashing. - -Fixes #921 (Sentry REACT-DOCTOR-1R) diff --git a/.changeset/fix-924-git-spawn-defect.md b/.changeset/fix-924-git-spawn-defect.md deleted file mode 100644 index 356dc54b8..000000000 --- a/.changeset/fix-924-git-spawn-defect.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -"react-doctor": patch -"@react-doctor/core": patch ---- - -Stop a scan from crashing when a git subprocess fails synchronously (fixes REACT-DOCTOR-1E, REACT-DOCTOR-1P, REACT-DOCTOR-20). Unlike a missing binary (`ENOENT`, which arrives on the catchable `'error'` event), `child_process.spawn` **throws synchronously** when the working directory isn't a directory (`ENOTDIR`) or the argument list exceeds the OS command-line limit (`ENAMETOOLONG` — e.g. `--scope lines` on a 1,000+-file diff on Windows). That throw escaped Effect's error channel entirely and took down the whole scan (reported to Sentry as a raw `spawn` error). The git runner now pre-flights both conditions and fails on its normal channel, so the existing fallbacks recover instead: a bad working directory degrades like an unavailable git, and an over-long `--scope lines` diff degrades to file-level scope. diff --git a/.changeset/fix-950-incompatible-library-copy.md b/.changeset/fix-950-incompatible-library-copy.md deleted file mode 100644 index f9ec3c571..000000000 --- a/.changeset/fix-950-incompatible-library-copy.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -"@react-doctor/core": patch ---- - -Fix misleading remediation for react-hooks-js/incompatible-library - -`react-hooks-js/incompatible-library` fires when the React Compiler can't -memoize through a third-party hook (e.g. `@tanstack/react-virtual`'s -`useVirtualizer`). The diagnostic carried the generic React Compiler action — -"Rewrite the flagged code so the compiler can optimize it" — which reads as -"reimplement the library locally" and steered users off mature libraries. - -The rule stays active (the compiler's own bail-out reason is informative), but -its remediation now names the real fix: it's how the library works, not a bug in -your code — memoize values you pass from it into other memoized components, or -suppress it with `// react-doctor-disable-next-line react-hooks-js/incompatible-library`. - -Closes #950 diff --git a/.changeset/fix-961-self-toolchain.md b/.changeset/fix-961-self-toolchain.md deleted file mode 100644 index 0e2aa554b..000000000 --- a/.changeset/fix-961-self-toolchain.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -"@react-doctor/core": patch ---- - -Stop react-doctor from flagging its own toolchain as an unused dependency - -After `react-doctor install` — especially via `bunx`, where react-doctor is -declared in `package.json` but never materialized in `node_modules` — a scan -reported `react-doctor` itself as an unused devDependency. It's used via the CLI, -git hooks, CI, and the agent skill (never imported in source), so the dead-code -import graph can't see it, and deslop's "ships a binary → used" heuristic can't -read its `bin` when it isn't installed. The dead-code pass now never reports -react-doctor's own CLI / plugin packages (`react-doctor`, -`eslint-plugin-react-doctor`, `oxlint-plugin-react-doctor`) as unused. - -Closes #961 diff --git a/.changeset/fix-964-cursor-windows-launcher.md b/.changeset/fix-964-cursor-windows-launcher.md deleted file mode 100644 index 13369142c..000000000 --- a/.changeset/fix-964-cursor-windows-launcher.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"react-doctor": patch ---- - -Fix Cursor agent handoff on Windows. Cursor installs its CLI as a PowerShell-wrapped `.cmd` that Node's `spawn()` cannot execute without `shell: true` (which would mangle the multi-line handoff prompt). The launcher now resolves Cursor's bundled `node.exe` + `index.js` under `%LOCALAPPDATA%\cursor-agent\versions\\` and spawns it directly — preserving argv integrity and bypassing the PowerShell hop. Closes #964. diff --git a/.changeset/fix-969-precommit-show-output.md b/.changeset/fix-969-precommit-show-output.md deleted file mode 100644 index fd0382eee..000000000 --- a/.changeset/fix-969-precommit-show-output.md +++ /dev/null @@ -1,12 +0,0 @@ ---- -"react-doctor": patch ---- - -Show staged findings in the pre-commit hook instead of swallowing them - -The generated pre-commit hook captured react-doctor's output to a temp file and -deleted it before printing, so a failing scan showed only a generic "found -staged regressions" notice — never the actual findings (#969). The hook now -writes the scan output to stderr before cleanup, in both the raw hook and the -hook-manager command. It stays non-blocking by design (the commit still -proceeds); the diagnostics are simply visible now so you know what to fix. diff --git a/.changeset/fix-bunx-typescript-6.md b/.changeset/fix-bunx-typescript-6.md deleted file mode 100644 index 39d7dc7de..000000000 --- a/.changeset/fix-bunx-typescript-6.md +++ /dev/null @@ -1,22 +0,0 @@ ---- -"react-doctor": patch -"deslop-js": patch ---- - -Exclude TypeScript 6.x to fix bunx installation crash - -TypeScript 6.0.3 has an internal circular dependency with its `Comparison` enum -that triggers a known Bun module loader bug, causing `bunx react-doctor install` -to crash with "ReferenceError: Cannot access 'Comparison' before initialization". -Narrow the dependency range to `>=5.0.4 <6` until Bun fixes enum initialization -order (see oven-sh/bun#12805). - -The constraint covers both `react-doctor` (whose CLI imports `typescript` at -startup) and `deslop-js` (loaded by the dead-code scan, which can run under bun), -so no published package pulls TypeScript 6.x into a consumer's install tree. - -`npx` continues to work because npm's resolver handles the circular dependency -correctly. TypeScript 5.9.3 is stable and tested; TypeScript 6.x support will -return once the upstream bug is resolved. - -Closes #962 diff --git a/.changeset/fix-jsx-key-spread-position.md b/.changeset/fix-jsx-key-spread-position.md deleted file mode 100644 index f5439a382..000000000 --- a/.changeset/fix-jsx-key-spread-position.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -"oxlint-plugin-react-doctor": patch -"eslint-plugin-react-doctor": patch ---- - -Fix `jsx-key`'s spread-overwrites-`key` check to key off the spread's position. A `{...spread}` can only clobber an explicit `key` when it appears _after_ the key — the later attribute wins under the classic runtime (`{ key, ...spread }`) and React falls back to `createElement` under the automatic runtime, so the later spread wins there too. The rule now reports `` (and the sandwiched ``) and stays silent on ``, which previously produced a false positive. Spreads of object literals that provably carry no `key` (e.g. `{...{}}`, `{...{ className }}`) are never treated as overwriting. diff --git a/.changeset/fix-object-prototype-keys.md b/.changeset/fix-object-prototype-keys.md deleted file mode 100644 index fc4fc48e4..000000000 --- a/.changeset/fix-object-prototype-keys.md +++ /dev/null @@ -1,9 +0,0 @@ ---- -"@react-doctor/core": patch ---- - -Fix crash when disable comments contain Object.prototype keys (constructor, toString, valueOf, etc.) - -Resolves REACT-DOCTOR-1Y and fixes #920. - -The suppression near-miss detector would crash with `TypeError: bareRuleKey.includes is not a function` when an eslint-disable or oxlint-disable comment contained a token matching an Object.prototype member name. Indexing the LEGACY_RULE_KEY_TO_NATIVE_RULE_KEY lookup map with such a token returned an inherited method (which the `??` fallback let through), so `canonicalizeRuleKey` now guards the lookup with a `typeof` check and only treats the result as an alias when it is a string. diff --git a/.changeset/fix-project-basename-resolution.md b/.changeset/fix-project-basename-resolution.md deleted file mode 100644 index 7c607a47f..000000000 --- a/.changeset/fix-project-basename-resolution.md +++ /dev/null @@ -1,9 +0,0 @@ ---- -"react-doctor": patch ---- - -Fix `--project` resolution when scanning from within a project directory whose basename matches the requested project name. - -When running react-doctor from a subdirectory (e.g., `apps/website`) and passing `--project website`, the CLI now correctly recognizes that the current directory is the requested project instead of failing with "Project 'website' is not a directory under /path/to/apps/website." - -This affects users who scan a single (non-workspace) project directory and pass that directory's own name as the project — e.g. `directory: apps/website` together with `--project website` (or `projects: ["website"]` in config). The `*` ("all projects") default is unaffected: it short-circuits to the root directory and never goes through name resolution. diff --git a/.changeset/fix-staged-error-logging.md b/.changeset/fix-staged-error-logging.md deleted file mode 100644 index 78cd459a9..000000000 --- a/.changeset/fix-staged-error-logging.md +++ /dev/null @@ -1,7 +0,0 @@ ---- -"react-doctor": patch ---- - -fix(staged): log warning when getStagedSourceFiles encounters git errors - -When git commands fail (missing git binary, corrupted repo, permission errors), `getStagedSourceFiles` now logs a warning message showing the error instead of silently returning an empty array. This makes `--staged` failures much easier to debug while still gracefully degrading. diff --git a/.changeset/fix-supabase-rls-false-positives.md b/.changeset/fix-supabase-rls-false-positives.md deleted file mode 100644 index 94bb9d7cf..000000000 --- a/.changeset/fix-supabase-rls-false-positives.md +++ /dev/null @@ -1,23 +0,0 @@ ---- -"oxlint-plugin-react-doctor": patch ---- - -fix: reduce false positives in supabase-rls-policy-risk - -The rule now classifies each `CREATE POLICY` statement individually (over -comment/string-sanitized SQL) instead of matching the whole file with one -regex. A permissive `using/with check (true)` policy whose `TO` clause names -**only** server-only roles (`service_role`, `postgres`, `supabase_admin`) is -treated as hardening, not a public bypass — including two-clause `FOR ALL` / -`FOR UPDATE` forms and all-server-only role lists that the previous -negative-lookbehind missed. `anon` / `authenticated` (and a `TO` clause that -mixes one in, or no `TO` clause at all → `PUBLIC`) stay flagged, since those are -client-reachable via a JWT. - -`auth.role() = 'service_role'` checks inside policy bodies are still flagged -(true runtime bypasses). The previous `IF EXISTS` suppression on `DISABLE ROW -LEVEL SECURITY` was removed: it silently downgraded a real risk on live tables, -and the dropped-table case it targeted needs cross-migration analysis — deferred -with the issue's cross-migration class. - -Fixes #910 diff --git a/.changeset/fix-unicode-encoding-issue.md b/.changeset/fix-unicode-encoding-issue.md deleted file mode 100644 index f8435a935..000000000 --- a/.changeset/fix-unicode-encoding-issue.md +++ /dev/null @@ -1,10 +0,0 @@ ---- -"react-doctor": patch ---- - -Fix mojibake (`ÔÇö`, `├ù`) in CLI output on Windows. The console was decoding -react-doctor's UTF-8 bytes with a non-UTF-8 code page (CP-850/437 in cmd.exe), -so `—`, `×`, `›`, and box-drawing rendered as garbage — including in VS Code's -terminal. Switch the Windows console to UTF-8 (code page 65001) once at CLI -startup (console-only, best-effort), which fixes every glyph at the source -rather than swapping individual characters for ASCII. Closes #956. diff --git a/.changeset/fix-windows-agent-hooks.md b/.changeset/fix-windows-agent-hooks.md deleted file mode 100644 index 2a732eae1..000000000 --- a/.changeset/fix-windows-agent-hooks.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"react-doctor": patch ---- - -Install agent hooks (Cursor, Claude Code) as a Node `.mjs` runner invoked via `node` instead of a `#!/bin/sh` script, so they run on Windows without Git Bash/WSL/Cygwin. Closes #965. diff --git a/.changeset/graceful-git-unavailable.md b/.changeset/graceful-git-unavailable.md deleted file mode 100644 index eaf9e599b..000000000 --- a/.changeset/graceful-git-unavailable.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -"react-doctor": patch -"@react-doctor/core": patch ---- - -Degrade gracefully when git is unavailable or diff base ref is missing (fixes REACT-DOCTOR-F, REACT-DOCTOR-1K, REACT-DOCTOR-14, REACT-DOCTOR-22). CI containers without git installed and shallow clones missing the diff base ref now fall back to a full scan with a clear warning instead of crashing and reporting to Sentry. diff --git a/.changeset/install-error-handling.md b/.changeset/install-error-handling.md deleted file mode 100644 index 5176c1bef..000000000 --- a/.changeset/install-error-handling.md +++ /dev/null @@ -1,11 +0,0 @@ ---- -"react-doctor": patch ---- - -Fix `react-doctor install` crashes on pre-existing malformed/conflicting agent config. The install command now handles three user-environment failure modes gracefully with clear error messages instead of unhandled exceptions: - -1. Malformed JSON in `~/.claude/settings.json` or `~/.cursor/hooks.json` (REACT-DOCTOR-25) -2. Directory path blocked by an existing file at `~/.claude/skills` or parent paths (REACT-DOCTOR-17) -3. Permission denied when target directories aren't writable (REACT-DOCTOR-1A) - -These errors are now treated as expected user-environment conditions (not react-doctor bugs) and surface actionable messages without Sentry reports. diff --git a/.changeset/install-recommended-agents-only.md b/.changeset/install-recommended-agents-only.md deleted file mode 100644 index 8844a8f2f..000000000 --- a/.changeset/install-recommended-agents-only.md +++ /dev/null @@ -1,13 +0,0 @@ ---- -"react-doctor": patch ---- - -Align `react-doctor install`'s agent selection with the Vercel `skills` CLI so it stops scattering skill directories across your project. The prompt previously detected every agent with a config dir anywhere in `$HOME` (`~/.codebuddy`, `~/.crush`, `~/.goose`, `~/.kilocode`, …) and **pre-selected all of them**, so a single Enter copied `.codebuddy/`, `.crush/`, `.goose/`, … into the project root. - -Now, following that CLI's heuristic, the default selection is: - -- your **remembered** last pick (persisted globally, like `skills`' `lastSelectedAgents` lock), else -- a small curated set of popular agents (`claude-code`, `cursor`, `codex`, `opencode`), else -- a lone detected agent when that's the only one — and otherwise nothing, so you make a deliberate choice. - -Every detected agent is still shown so the rest are one keystroke away; they're just no longer pre-checked. A non-interactive run (`--yes` / CI) still installs to all detected agents, matching `skills`' `--yes`. diff --git a/.changeset/json-out-flag.md b/.changeset/json-out-flag.md deleted file mode 100644 index 99f8b96aa..000000000 --- a/.changeset/json-out-flag.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"react-doctor": patch ---- - -Add `--json-out ` flag to write JSON reports to a file instead of stdout diff --git a/.changeset/namespace-wide-event-telemetry.md b/.changeset/namespace-wide-event-telemetry.md deleted file mode 100644 index 8ebbb61d5..000000000 --- a/.changeset/namespace-wide-event-telemetry.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"react-doctor": patch ---- - -Organize the per-scan Sentry "wide event" under dotted namespaces. The root-span attributes had accreted into a flat, half-namespaced set (~50 keys, most bare); each now carries a namespace matching its concept — `scan.*` (config + `scan.fileCount`), `action.*` (CI/action knobs), `outcome.*` (verdict), `diag.*` (findings), `score.*`, `lint.*`, `deadCode.*`, `supplyChain.*`, `timing.*` — alongside the already-namespaced `migration.*`/`baseline.*`. Applied via a single `withNamespace` helper so the prefix lives in one place instead of being hand-spelled per key. Pure rename: value types are preserved (numbers stay numeric so `p75`/`avg` keep working) and the keys stay filter-/group-/aggregate-able in Sentry's Spans dataset. Run/project base tags and all metrics are unchanged. diff --git a/.changeset/remember-handoff-target.md b/.changeset/remember-handoff-target.md deleted file mode 100644 index 33287ad75..000000000 --- a/.changeset/remember-handoff-target.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"react-doctor": patch ---- - -Remember the post-scan "What would you like to do next?" pick. The interactive handoff prompt now pre-selects whatever the user chose last (an agent, "copy to clipboard", or "skip"), so the common "always hand off to the same agent" path is a single Enter. The choice is remembered per user in the existing CLI state file via a new `Preference` lifecycle primitive; a remembered agent that's since been uninstalled falls back to highlighting the first option, and pressing Esc leaves the prior preference untouched. diff --git a/.changeset/rn-no-raw-text-conservative.md b/.changeset/rn-no-raw-text-conservative.md deleted file mode 100644 index a70ed8bbc..000000000 --- a/.changeset/rn-no-raw-text-conservative.md +++ /dev/null @@ -1,14 +0,0 @@ ---- -"oxlint-plugin-react-doctor": patch ---- - -fix(rn-no-raw-text): report raw text by where it actually crashes, resolving imported wrappers across files - -The `rn-no-raw-text` rule reported raw text inside any element it couldn't prove was a text component — including a custom component imported from another file (e.g. a `` that wraps its label in `` internally), which produced false positives on the common "custom component that renders Text" pattern. - -The rule now anchors its report on where React Native actually crashes — a host boundary — and resolves imported components across files instead of guessing: - -- Raw text is reported inside a known host primitive (`View`, `ScrollView`, `Pressable`, the `Touchable*` family, `Modal`, …), a lowercase intrinsic, or an in-file component proven to forward its children into one. -- A component imported from another first-party file (relative or tsconfig-alias) is resolved and classified the same way: one that wraps its children in `` is left alone, while one that renders them into a `` is still reported — so genuine crashes inside imported wrappers are kept. -- Components the resolver can't follow (`node_modules`, namespace imports, unanalyzable exports) are left unreported rather than assumed to crash; `rawTextWrapperComponents` / `textComponents` config still covers those. -- React's structural `` / `` now counts as a transparent wrapper alongside fbtee's `` / ``, so an `` nested under a `` inside a `` is no longer falsely flagged. diff --git a/.changeset/triage-925-environment-errors.md b/.changeset/triage-925-environment-errors.md deleted file mode 100644 index 360df88d6..000000000 --- a/.changeset/triage-925-environment-errors.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"react-doctor": patch ---- - -Stop reporting unactionable environment errors to Sentry. A narrow set of filesystem conditions react-doctor cannot fix — a full disk (`ENOSPC`), a failing or read-only disk (`EIO`/`EROFS`), denied permissions (`EACCES`/`EPERM`), a path blocked by a file (`ENOTDIR`), or a missing binary (`spawn … ENOENT`) — now exit cleanly with an actionable message instead of crashing with a stack trace and appearing as product defects in Sentry. The set is deliberately narrow: codes that usually indicate a react-doctor bug (a missing file we expected, or an over-long argv such as `ENAMETOOLONG`) keep reaching Sentry. A low-cardinality `cli.env_error` metric, keyed by code, tracks how often these occur without inflating the crash dashboard. Closes REACT-DOCTOR-13, REACT-DOCTOR-1V, REACT-DOCTOR-24. diff --git a/.changeset/unused-dep-binary-false-positive.md b/.changeset/unused-dep-binary-false-positive.md deleted file mode 100644 index adaa3d48c..000000000 --- a/.changeset/unused-dep-binary-false-positive.md +++ /dev/null @@ -1,10 +0,0 @@ ---- -"deslop-js": patch ---- - -Rework unused-dependency detection to lean on real package metadata instead of hand-maintained whitelists. - -- Treat any installed dependency that ships a CLI binary as used. A package that declares a `bin` is routinely invoked outside what a static scan can see (Makefiles, CI, git hooks, ad-hoc `npx`), so it's no longer flagged just because no `package.json` script names the binary. Empty `bin` fields (`""` / `{}`) don't count. -- Drop the hardcoded fallback tables now that the bin/peer scans read real `node_modules` metadata: the binary→package map (`CLI_BINARY_TO_PACKAGE` + the `babel`/`jest`/`remark` fallbacks), the env-wrapper binary set, the static peer-dependency map, and the implicit-companion map. With dependencies installed (the normal scan condition) detection is unchanged — a package's real `bin` and `peerDependencies` cover what the tables used to hardcode. - -Trade-off: when scanning **without** `node_modules`, a CLI dependency whose binary name differs from its package name (e.g. `vp` → `vite-plus`) can no longer be resolved from scripts, and a few heuristic peer relationships that aren't declared `peerDependencies` (e.g. `@hookform/resolvers` → `zod`) are no longer inferred. The always-used lists for tooling that can't be detected statically (`typescript`, `eslint`, `@types/*`, `eslint-plugin-*`, …) are unchanged. diff --git a/packages/api/CHANGELOG.md b/packages/api/CHANGELOG.md index ecd2c2b0c..4ae07aa4d 100644 --- a/packages/api/CHANGELOG.md +++ b/packages/api/CHANGELOG.md @@ -1,5 +1,12 @@ # @react-doctor/api +## 0.6.0 + +### Patch Changes + +- Updated dependencies [[`99f2417`](https://github.com/millionco/react-doctor/commit/99f2417d8c181916919e6ae0a5ea0722770c7857), [`5f2bd72`](https://github.com/millionco/react-doctor/commit/5f2bd7254362109555194e43a019824478cb9ab5), [`441e6af`](https://github.com/millionco/react-doctor/commit/441e6afb55ee154e70e56f10a79565b9fd1f3295), [`c16e8ea`](https://github.com/millionco/react-doctor/commit/c16e8ea6f6cd455c837d02aafedb916817a4008e), [`fff9466`](https://github.com/millionco/react-doctor/commit/fff946689638bab3641474b6f8712a62777934ab), [`c2ce298`](https://github.com/millionco/react-doctor/commit/c2ce2989add3e43d21b7f609cad975e0284b6c42), [`ea4d9af`](https://github.com/millionco/react-doctor/commit/ea4d9afd4f2afc15c5d52217c3d001bd02b84046)]: + - @react-doctor/core@0.6.0 + ## 0.5.8 ### Patch Changes diff --git a/packages/api/package.json b/packages/api/package.json index c55299461..26890cca3 100644 --- a/packages/api/package.json +++ b/packages/api/package.json @@ -1,6 +1,6 @@ { "name": "@react-doctor/api", - "version": "0.5.8", + "version": "0.6.0", "private": true, "description": "Programmatic API for React Doctor.", "license": "SEE LICENSE IN LICENSE", diff --git a/packages/core/CHANGELOG.md b/packages/core/CHANGELOG.md index 4038f38fc..a580ae286 100644 --- a/packages/core/CHANGELOG.md +++ b/packages/core/CHANGELOG.md @@ -1,5 +1,68 @@ # @react-doctor/core +## 0.6.0 + +### Patch Changes + +- [#973](https://github.com/millionco/react-doctor/pull/973) [`99f2417`](https://github.com/millionco/react-doctor/commit/99f2417d8c181916919e6ae0a5ea0722770c7857) Thanks [@rayhanadev](https://github.com/rayhanadev)! - Add `runtimeGlobals` config to silence jsx-no-undef false positives for runtime-injected identifiers + + `jsx-no-undef` is a single-file rule, so it flags capitalized JSX identifiers + that are provided at runtime rather than imported in the file — react-live's + ``, Storybook globals, MDX live blocks, or an ambient + `declare global` in a separate `.d.ts`. List those names in the new + `runtimeGlobals` config array and `jsx-no-undef` treats them as known. Opt-in — + an empty/absent list leaves behavior unchanged. + + Closes [#959](https://github.com/millionco/react-doctor/issues/959) + +- [#929](https://github.com/millionco/react-doctor/pull/929) [`5f2bd72`](https://github.com/millionco/react-doctor/commit/5f2bd7254362109555194e43a019824478cb9ab5) Thanks [@skoshx](https://github.com/skoshx)! - fix: validate string array config fields (projects, textComponents, etc.) + + Non-string entries in `config.projects` caused `selectProjects` to crash with `requestedName.trim is not a function`. The validator now filters non-string entries from `projects`, `textComponents`, `rawTextWrapperComponents`, and `serverAuthFunctionNames` with warnings instead of crashing. + + Fixes [#921](https://github.com/millionco/react-doctor/issues/921) (Sentry REACT-DOCTOR-1R) + +- [#940](https://github.com/millionco/react-doctor/pull/940) [`441e6af`](https://github.com/millionco/react-doctor/commit/441e6afb55ee154e70e56f10a79565b9fd1f3295) Thanks [@rayhanadev](https://github.com/rayhanadev)! - Stop a scan from crashing when a git subprocess fails synchronously (fixes REACT-DOCTOR-1E, REACT-DOCTOR-1P, REACT-DOCTOR-20). Unlike a missing binary (`ENOENT`, which arrives on the catchable `'error'` event), `child_process.spawn` **throws synchronously** when the working directory isn't a directory (`ENOTDIR`) or the argument list exceeds the OS command-line limit (`ENAMETOOLONG` — e.g. `--scope lines` on a 1,000+-file diff on Windows). That throw escaped Effect's error channel entirely and took down the whole scan (reported to Sentry as a raw `spawn` error). The git runner now pre-flights both conditions and fails on its normal channel, so the existing fallbacks recover instead: a bad working directory degrades like an unavailable git, and an over-long `--scope lines` diff degrades to file-level scope. + +- [#951](https://github.com/millionco/react-doctor/pull/951) [`c16e8ea`](https://github.com/millionco/react-doctor/commit/c16e8ea6f6cd455c837d02aafedb916817a4008e) Thanks [@skoshx](https://github.com/skoshx)! - Fix misleading remediation for react-hooks-js/incompatible-library + + `react-hooks-js/incompatible-library` fires when the React Compiler can't + memoize through a third-party hook (e.g. `@tanstack/react-virtual`'s + `useVirtualizer`). The diagnostic carried the generic React Compiler action — + "Rewrite the flagged code so the compiler can optimize it" — which reads as + "reimplement the library locally" and steered users off mature libraries. + + The rule stays active (the compiler's own bail-out reason is informative), but + its remediation now names the real fix: it's how the library works, not a bug in + your code — memoize values you pass from it into other memoized components, or + suppress it with `// react-doctor-disable-next-line react-hooks-js/incompatible-library`. + + Closes [#950](https://github.com/millionco/react-doctor/issues/950) + +- [#972](https://github.com/millionco/react-doctor/pull/972) [`fff9466`](https://github.com/millionco/react-doctor/commit/fff946689638bab3641474b6f8712a62777934ab) Thanks [@rayhanadev](https://github.com/rayhanadev)! - Stop react-doctor from flagging its own toolchain as an unused dependency + + After `react-doctor install` — especially via `bunx`, where react-doctor is + declared in `package.json` but never materialized in `node_modules` — a scan + reported `react-doctor` itself as an unused devDependency. It's used via the CLI, + git hooks, CI, and the agent skill (never imported in source), so the dead-code + import graph can't see it, and deslop's "ships a binary → used" heuristic can't + read its `bin` when it isn't installed. The dead-code pass now never reports + react-doctor's own CLI / plugin packages (`react-doctor`, + `eslint-plugin-react-doctor`, `oxlint-plugin-react-doctor`) as unused. + + Closes [#961](https://github.com/millionco/react-doctor/issues/961) + +- [#927](https://github.com/millionco/react-doctor/pull/927) [`c2ce298`](https://github.com/millionco/react-doctor/commit/c2ce2989add3e43d21b7f609cad975e0284b6c42) Thanks [@skoshx](https://github.com/skoshx)! - Fix crash when disable comments contain Object.prototype keys (constructor, toString, valueOf, etc.) + + Resolves REACT-DOCTOR-1Y and fixes [#920](https://github.com/millionco/react-doctor/issues/920). + + The suppression near-miss detector would crash with `TypeError: bareRuleKey.includes is not a function` when an eslint-disable or oxlint-disable comment contained a token matching an Object.prototype member name. Indexing the LEGACY_RULE_KEY_TO_NATIVE_RULE_KEY lookup map with such a token returned an inherited method (which the `??` fallback let through), so `canonicalizeRuleKey` now guards the lookup with a `typeof` check and only treats the result as an alias when it is a string. + +- [#930](https://github.com/millionco/react-doctor/pull/930) [`ea4d9af`](https://github.com/millionco/react-doctor/commit/ea4d9afd4f2afc15c5d52217c3d001bd02b84046) Thanks [@skoshx](https://github.com/skoshx)! - Degrade gracefully when git is unavailable or diff base ref is missing (fixes REACT-DOCTOR-F, REACT-DOCTOR-1K, REACT-DOCTOR-14, REACT-DOCTOR-22). CI containers without git installed and shallow clones missing the diff base ref now fall back to a full scan with a clear warning instead of crashing and reporting to Sentry. + +- Updated dependencies [[`ba2af1b`](https://github.com/millionco/react-doctor/commit/ba2af1b7faa5ef4e1ae39e6c3b786259fba23f1f), [`b69f4a7`](https://github.com/millionco/react-doctor/commit/b69f4a75360ad17d1d149aeb9de16835e792606a), [`a7ad969`](https://github.com/millionco/react-doctor/commit/a7ad969e5621ce1f61422b9bf578da600220d3e2), [`03b7a5f`](https://github.com/millionco/react-doctor/commit/03b7a5f79e50d42f1d4f1aaddb2587605c8edde0), [`c72b560`](https://github.com/millionco/react-doctor/commit/c72b560682f1254aa4dd793898f2eed48afdbe27), [`f69f216`](https://github.com/millionco/react-doctor/commit/f69f21681dd7f17d632a09d742d501ef0b9b3047), [`6339f71`](https://github.com/millionco/react-doctor/commit/6339f715cc1a30521a699b818140ec2fae6f569e), [`7f9e7f4`](https://github.com/millionco/react-doctor/commit/7f9e7f42832f40a32d7583126c096067f948856f)]: + - oxlint-plugin-react-doctor@0.6.0 + - deslop-js@0.6.0 + ## 0.5.8 ### Patch Changes diff --git a/packages/core/package.json b/packages/core/package.json index 862965eca..f871a9d1b 100644 --- a/packages/core/package.json +++ b/packages/core/package.json @@ -1,6 +1,6 @@ { "name": "@react-doctor/core", - "version": "0.5.8", + "version": "0.6.0", "private": true, "description": "Diagnostic engine for React Doctor.", "license": "SEE LICENSE IN LICENSE", diff --git a/packages/deslop-cli/CHANGELOG.md b/packages/deslop-cli/CHANGELOG.md index 71dcaeecd..4128147a5 100644 --- a/packages/deslop-cli/CHANGELOG.md +++ b/packages/deslop-cli/CHANGELOG.md @@ -1,5 +1,16 @@ # deslop-cli +## 0.6.0 + +### Patch Changes + +- [#936](https://github.com/millionco/react-doctor/pull/936) [`ba2af1b`](https://github.com/millionco/react-doctor/commit/ba2af1b7faa5ef4e1ae39e6c3b786259fba23f1f) Thanks [@aidenybai](https://github.com/aidenybai)! - Update the license to MIT with additional restrictions: the software may not be used as training, fine-tuning, or evaluation data for machine-learning models or AI systems, nor sold or resold as a commercial product or service (e.g. a paid API, SaaS, or hosted/managed service) whose value derives substantially from the software, without prior written permission (contact founders@million.dev). Each version's additional restrictions expire on the second anniversary of its release, after which that version is available under the standard MIT License (an FSL-style grant of future license). Each published package now ships its own up-to-date `LICENSE` file so the terms travel with the tarball. + + The `react-doctor` CLI also now prints a one-time notice (once per run) when it detects it is running inside an AI/ML training pipeline or agent sandbox, pointing to the license terms. + +- Updated dependencies [[`ba2af1b`](https://github.com/millionco/react-doctor/commit/ba2af1b7faa5ef4e1ae39e6c3b786259fba23f1f), [`b69f4a7`](https://github.com/millionco/react-doctor/commit/b69f4a75360ad17d1d149aeb9de16835e792606a), [`a7ad969`](https://github.com/millionco/react-doctor/commit/a7ad969e5621ce1f61422b9bf578da600220d3e2), [`03b7a5f`](https://github.com/millionco/react-doctor/commit/03b7a5f79e50d42f1d4f1aaddb2587605c8edde0), [`7f9e7f4`](https://github.com/millionco/react-doctor/commit/7f9e7f42832f40a32d7583126c096067f948856f)]: + - deslop-js@0.6.0 + ## 0.5.8 ### Patch Changes diff --git a/packages/deslop-cli/package.json b/packages/deslop-cli/package.json index 64b5eaf99..e0b3e0112 100644 --- a/packages/deslop-cli/package.json +++ b/packages/deslop-cli/package.json @@ -1,6 +1,6 @@ { "name": "deslop-cli", - "version": "0.5.8", + "version": "0.6.0", "description": "CLI to remove AI slop from JavaScript codebases.", "keywords": [ "cli", diff --git a/packages/deslop-js/CHANGELOG.md b/packages/deslop-js/CHANGELOG.md index 5f4a971c9..047d2ea37 100644 --- a/packages/deslop-js/CHANGELOG.md +++ b/packages/deslop-js/CHANGELOG.md @@ -1,5 +1,59 @@ # deslop-js +## 0.6.0 + +### Patch Changes + +- [#936](https://github.com/millionco/react-doctor/pull/936) [`ba2af1b`](https://github.com/millionco/react-doctor/commit/ba2af1b7faa5ef4e1ae39e6c3b786259fba23f1f) Thanks [@aidenybai](https://github.com/aidenybai)! - Update the license to MIT with additional restrictions: the software may not be used as training, fine-tuning, or evaluation data for machine-learning models or AI systems, nor sold or resold as a commercial product or service (e.g. a paid API, SaaS, or hosted/managed service) whose value derives substantially from the software, without prior written permission (contact founders@million.dev). Each version's additional restrictions expire on the second anniversary of its release, after which that version is available under the standard MIT License (an FSL-style grant of future license). Each published package now ships its own up-to-date `LICENSE` file so the terms travel with the tarball. + + The `react-doctor` CLI also now prints a one-time notice (once per run) when it detects it is running inside an AI/ML training pipeline or agent sandbox, pointing to the license terms. + +- [#915](https://github.com/millionco/react-doctor/pull/915) [`b69f4a7`](https://github.com/millionco/react-doctor/commit/b69f4a75360ad17d1d149aeb9de16835e792606a) Thanks [@skoshx](https://github.com/skoshx)! - Fix false positives in Expo config plugin detection for package-name plugins and nested expo config + + Expo config plugins can be referenced by package name (not just local file paths) from `app.json` / `app.config.*`, but the collector dropped any plugin entry that didn't resolve to a local file — so packages referenced only as config plugins were reported as unused. The `app.config.{js,ts}` AST path also only matched a top-level `plugins` property and never descended into the standard `{ expo: { plugins: [...] } }` shape (the JSON `app.json` path already read `expo.plugins`). + + Fixed by: + + - Tracking package-name plugins (e.g. `@config-plugins/detox`, `@react-native-firebase/app`) alongside local file-path plugins + - Descending into the nested `expo` object in the config-object AST collector + - Marking those package-name plugins as used in `detectStalePackages` (gated on the declared dependency set, so unrelated strings can't suppress real unused deps) + + Closes [#914](https://github.com/millionco/react-doctor/issues/914) + +- [#971](https://github.com/millionco/react-doctor/pull/971) [`a7ad969`](https://github.com/millionco/react-doctor/commit/a7ad969e5621ce1f61422b9bf578da600220d3e2) Thanks [@rayhanadev](https://github.com/rayhanadev)! - Fix `deslop/unused-export` false positive for namespace-imported components used in JSX + + A component referenced only through a namespace import in JSX — + `import * as S from "./style"` then `` — was reported as an unused + export. The usage walker recorded namespace member access in regular expressions + (`MemberExpression`, e.g. `S.helper()`) but not in JSX (`JSXMemberExpression`), + so a member used solely as `` was missed whenever the namespace had any + other accessed member. Closes [#875](https://github.com/millionco/react-doctor/issues/875). + +- [#963](https://github.com/millionco/react-doctor/pull/963) [`03b7a5f`](https://github.com/millionco/react-doctor/commit/03b7a5f79e50d42f1d4f1aaddb2587605c8edde0) Thanks [@skoshx](https://github.com/skoshx)! - Exclude TypeScript 6.x to fix bunx installation crash + + TypeScript 6.0.3 has an internal circular dependency with its `Comparison` enum + that triggers a known Bun module loader bug, causing `bunx react-doctor install` + to crash with "ReferenceError: Cannot access 'Comparison' before initialization". + Narrow the dependency range to `>=5.0.4 <6` until Bun fixes enum initialization + order (see oven-sh/bun#12805). + + The constraint covers both `react-doctor` (whose CLI imports `typescript` at + startup) and `deslop-js` (loaded by the dead-code scan, which can run under bun), + so no published package pulls TypeScript 6.x into a consumer's install tree. + + `npx` continues to work because npm's resolver handles the circular dependency + correctly. TypeScript 5.9.3 is stable and tested; TypeScript 6.x support will + return once the upstream bug is resolved. + + Closes [#962](https://github.com/millionco/react-doctor/issues/962) + +- [#916](https://github.com/millionco/react-doctor/pull/916) [`7f9e7f4`](https://github.com/millionco/react-doctor/commit/7f9e7f42832f40a32d7583126c096067f948856f) Thanks [@rayhanadev](https://github.com/rayhanadev)! - Rework unused-dependency detection to lean on real package metadata instead of hand-maintained whitelists. + + - Treat any installed dependency that ships a CLI binary as used. A package that declares a `bin` is routinely invoked outside what a static scan can see (Makefiles, CI, git hooks, ad-hoc `npx`), so it's no longer flagged just because no `package.json` script names the binary. Empty `bin` fields (`""` / `{}`) don't count. + - Drop the hardcoded fallback tables now that the bin/peer scans read real `node_modules` metadata: the binary→package map (`CLI_BINARY_TO_PACKAGE` + the `babel`/`jest`/`remark` fallbacks), the env-wrapper binary set, the static peer-dependency map, and the implicit-companion map. With dependencies installed (the normal scan condition) detection is unchanged — a package's real `bin` and `peerDependencies` cover what the tables used to hardcode. + + Trade-off: when scanning **without** `node_modules`, a CLI dependency whose binary name differs from its package name (e.g. `vp` → `vite-plus`) can no longer be resolved from scripts, and a few heuristic peer relationships that aren't declared `peerDependencies` (e.g. `@hookform/resolvers` → `zod`) are no longer inferred. The always-used lists for tooling that can't be detected statically (`typescript`, `eslint`, `@types/*`, `eslint-plugin-*`, …) are unchanged. + ## 0.5.8 ### Patch Changes diff --git a/packages/deslop-js/package.json b/packages/deslop-js/package.json index 075e36789..6332b4f41 100644 --- a/packages/deslop-js/package.json +++ b/packages/deslop-js/package.json @@ -1,6 +1,6 @@ { "name": "deslop-js", - "version": "0.5.8", + "version": "0.6.0", "description": "Remove AI slop from JavaScript code.", "keywords": [ "dead-code", diff --git a/packages/eslint-plugin-react-doctor/CHANGELOG.md b/packages/eslint-plugin-react-doctor/CHANGELOG.md index 40dcde5d4..02a3230a8 100644 --- a/packages/eslint-plugin-react-doctor/CHANGELOG.md +++ b/packages/eslint-plugin-react-doctor/CHANGELOG.md @@ -1,5 +1,18 @@ # eslint-plugin-react-doctor +## 0.6.0 + +### Patch Changes + +- [#936](https://github.com/millionco/react-doctor/pull/936) [`ba2af1b`](https://github.com/millionco/react-doctor/commit/ba2af1b7faa5ef4e1ae39e6c3b786259fba23f1f) Thanks [@aidenybai](https://github.com/aidenybai)! - Update the license to MIT with additional restrictions: the software may not be used as training, fine-tuning, or evaluation data for machine-learning models or AI systems, nor sold or resold as a commercial product or service (e.g. a paid API, SaaS, or hosted/managed service) whose value derives substantially from the software, without prior written permission (contact founders@million.dev). Each version's additional restrictions expire on the second anniversary of its release, after which that version is available under the standard MIT License (an FSL-style grant of future license). Each published package now ships its own up-to-date `LICENSE` file so the terms travel with the tarball. + + The `react-doctor` CLI also now prints a one-time notice (once per run) when it detects it is running inside an AI/ML training pipeline or agent sandbox, pointing to the license terms. + +- [#958](https://github.com/millionco/react-doctor/pull/958) [`c72b560`](https://github.com/millionco/react-doctor/commit/c72b560682f1254aa4dd793898f2eed48afdbe27) Thanks [@aidenybai](https://github.com/aidenybai)! - Fix `jsx-key`'s spread-overwrites-`key` check to key off the spread's position. A `{...spread}` can only clobber an explicit `key` when it appears _after_ the key — the later attribute wins under the classic runtime (`{ key, ...spread }`) and React falls back to `createElement` under the automatic runtime, so the later spread wins there too. The rule now reports `` (and the sandwiched ``) and stays silent on ``, which previously produced a false positive. Spreads of object literals that provably carry no `key` (e.g. `{...{}}`, `{...{ className }}`) are never treated as overwriting. + +- Updated dependencies [[`ba2af1b`](https://github.com/millionco/react-doctor/commit/ba2af1b7faa5ef4e1ae39e6c3b786259fba23f1f), [`c72b560`](https://github.com/millionco/react-doctor/commit/c72b560682f1254aa4dd793898f2eed48afdbe27), [`f69f216`](https://github.com/millionco/react-doctor/commit/f69f21681dd7f17d632a09d742d501ef0b9b3047), [`6339f71`](https://github.com/millionco/react-doctor/commit/6339f715cc1a30521a699b818140ec2fae6f569e)]: + - oxlint-plugin-react-doctor@0.6.0 + ## 0.5.8 ### Patch Changes diff --git a/packages/eslint-plugin-react-doctor/package.json b/packages/eslint-plugin-react-doctor/package.json index 1a195d2ae..b525e778d 100644 --- a/packages/eslint-plugin-react-doctor/package.json +++ b/packages/eslint-plugin-react-doctor/package.json @@ -1,6 +1,6 @@ { "name": "eslint-plugin-react-doctor", - "version": "0.5.8", + "version": "0.6.0", "description": "React Doctor rules for ESLint.", "keywords": [ "accessibility", diff --git a/packages/language-server/CHANGELOG.md b/packages/language-server/CHANGELOG.md index 368de84de..4cdd155a3 100644 --- a/packages/language-server/CHANGELOG.md +++ b/packages/language-server/CHANGELOG.md @@ -1,5 +1,12 @@ # @react-doctor/language-server +## 0.6.0 + +### Patch Changes + +- Updated dependencies [[`99f2417`](https://github.com/millionco/react-doctor/commit/99f2417d8c181916919e6ae0a5ea0722770c7857), [`5f2bd72`](https://github.com/millionco/react-doctor/commit/5f2bd7254362109555194e43a019824478cb9ab5), [`441e6af`](https://github.com/millionco/react-doctor/commit/441e6afb55ee154e70e56f10a79565b9fd1f3295), [`c16e8ea`](https://github.com/millionco/react-doctor/commit/c16e8ea6f6cd455c837d02aafedb916817a4008e), [`fff9466`](https://github.com/millionco/react-doctor/commit/fff946689638bab3641474b6f8712a62777934ab), [`c2ce298`](https://github.com/millionco/react-doctor/commit/c2ce2989add3e43d21b7f609cad975e0284b6c42), [`ea4d9af`](https://github.com/millionco/react-doctor/commit/ea4d9afd4f2afc15c5d52217c3d001bd02b84046)]: + - @react-doctor/core@0.6.0 + ## 0.5.8 ### Patch Changes diff --git a/packages/language-server/package.json b/packages/language-server/package.json index 935706e5f..dbed368da 100644 --- a/packages/language-server/package.json +++ b/packages/language-server/package.json @@ -1,6 +1,6 @@ { "name": "@react-doctor/language-server", - "version": "0.5.8", + "version": "0.6.0", "private": true, "description": "Language server for React Doctor editor integrations.", "license": "SEE LICENSE IN LICENSE", diff --git a/packages/oxlint-plugin-react-doctor/CHANGELOG.md b/packages/oxlint-plugin-react-doctor/CHANGELOG.md index 9d2509cfb..d8ca1891d 100644 --- a/packages/oxlint-plugin-react-doctor/CHANGELOG.md +++ b/packages/oxlint-plugin-react-doctor/CHANGELOG.md @@ -1,5 +1,46 @@ # oxlint-plugin-react-doctor +## 0.6.0 + +### Patch Changes + +- [#936](https://github.com/millionco/react-doctor/pull/936) [`ba2af1b`](https://github.com/millionco/react-doctor/commit/ba2af1b7faa5ef4e1ae39e6c3b786259fba23f1f) Thanks [@aidenybai](https://github.com/aidenybai)! - Update the license to MIT with additional restrictions: the software may not be used as training, fine-tuning, or evaluation data for machine-learning models or AI systems, nor sold or resold as a commercial product or service (e.g. a paid API, SaaS, or hosted/managed service) whose value derives substantially from the software, without prior written permission (contact founders@million.dev). Each version's additional restrictions expire on the second anniversary of its release, after which that version is available under the standard MIT License (an FSL-style grant of future license). Each published package now ships its own up-to-date `LICENSE` file so the terms travel with the tarball. + + The `react-doctor` CLI also now prints a one-time notice (once per run) when it detects it is running inside an AI/ML training pipeline or agent sandbox, pointing to the license terms. + +- [#958](https://github.com/millionco/react-doctor/pull/958) [`c72b560`](https://github.com/millionco/react-doctor/commit/c72b560682f1254aa4dd793898f2eed48afdbe27) Thanks [@aidenybai](https://github.com/aidenybai)! - Fix `jsx-key`'s spread-overwrites-`key` check to key off the spread's position. A `{...spread}` can only clobber an explicit `key` when it appears _after_ the key — the later attribute wins under the classic runtime (`{ key, ...spread }`) and React falls back to `createElement` under the automatic runtime, so the later spread wins there too. The rule now reports `` (and the sandwiched ``) and stays silent on ``, which previously produced a false positive. Spreads of object literals that provably carry no `key` (e.g. `{...{}}`, `{...{ className }}`) are never treated as overwriting. + +- [#911](https://github.com/millionco/react-doctor/pull/911) [`f69f216`](https://github.com/millionco/react-doctor/commit/f69f21681dd7f17d632a09d742d501ef0b9b3047) Thanks [@skoshx](https://github.com/skoshx)! - fix: reduce false positives in supabase-rls-policy-risk + + The rule now classifies each `CREATE POLICY` statement individually (over + comment/string-sanitized SQL) instead of matching the whole file with one + regex. A permissive `using/with check (true)` policy whose `TO` clause names + **only** server-only roles (`service_role`, `postgres`, `supabase_admin`) is + treated as hardening, not a public bypass — including two-clause `FOR ALL` / + `FOR UPDATE` forms and all-server-only role lists that the previous + negative-lookbehind missed. `anon` / `authenticated` (and a `TO` clause that + mixes one in, or no `TO` clause at all → `PUBLIC`) stay flagged, since those are + client-reachable via a JWT. + + `auth.role() = 'service_role'` checks inside policy bodies are still flagged + (true runtime bypasses). The previous `IF EXISTS` suppression on `DISABLE ROW +LEVEL SECURITY` was removed: it silently downgraded a real risk on live tables, + and the dropped-table case it targeted needs cross-migration analysis — deferred + with the issue's cross-migration class. + + Fixes [#910](https://github.com/millionco/react-doctor/issues/910) + +- [#954](https://github.com/millionco/react-doctor/pull/954) [`6339f71`](https://github.com/millionco/react-doctor/commit/6339f715cc1a30521a699b818140ec2fae6f569e) Thanks [@rayhanadev](https://github.com/rayhanadev)! - fix(rn-no-raw-text): report raw text by where it actually crashes, resolving imported wrappers across files + + The `rn-no-raw-text` rule reported raw text inside any element it couldn't prove was a text component — including a custom component imported from another file (e.g. a `` that wraps its label in `` internally), which produced false positives on the common "custom component that renders Text" pattern. + + The rule now anchors its report on where React Native actually crashes — a host boundary — and resolves imported components across files instead of guessing: + + - Raw text is reported inside a known host primitive (`View`, `ScrollView`, `Pressable`, the `Touchable*` family, `Modal`, …), a lowercase intrinsic, or an in-file component proven to forward its children into one. + - A component imported from another first-party file (relative or tsconfig-alias) is resolved and classified the same way: one that wraps its children in `` is left alone, while one that renders them into a `` is still reported — so genuine crashes inside imported wrappers are kept. + - Components the resolver can't follow (`node_modules`, namespace imports, unanalyzable exports) are left unreported rather than assumed to crash; `rawTextWrapperComponents` / `textComponents` config still covers those. + - React's structural `` / `` now counts as a transparent wrapper alongside fbtee's `` / ``, so an `` nested under a `` inside a `` is no longer falsely flagged. + ## 0.5.8 ### Patch Changes diff --git a/packages/oxlint-plugin-react-doctor/package.json b/packages/oxlint-plugin-react-doctor/package.json index a51dae645..b06f59d17 100644 --- a/packages/oxlint-plugin-react-doctor/package.json +++ b/packages/oxlint-plugin-react-doctor/package.json @@ -1,6 +1,6 @@ { "name": "oxlint-plugin-react-doctor", - "version": "0.5.8", + "version": "0.6.0", "description": "React Doctor rules for oxlint.", "keywords": [ "accessibility", diff --git a/packages/react-doctor/CHANGELOG.md b/packages/react-doctor/CHANGELOG.md index aab84728c..0b635970b 100644 --- a/packages/react-doctor/CHANGELOG.md +++ b/packages/react-doctor/CHANGELOG.md @@ -1,5 +1,116 @@ # react-doctor +## 0.6.0 + +### Minor Changes + +- [#955](https://github.com/millionco/react-doctor/pull/955) [`e2393c4`](https://github.com/millionco/react-doctor/commit/e2393c4a6b842efc72d5c225273c0de918a13450) Thanks [@rayhanadev](https://github.com/rayhanadev)! - Add `react-doctor ci `, a dedicated command for managing React Doctor in CI. + + - `ci install` adds a workflow that scans every pull request. It auto-detects the provider (GitHub Actions or GitLab CI), bakes a gate from `--blocking`/`--scope`/`--comment`/`--review-comments`/`--commit-status`, and can open a pull request with `--pr`. + - `ci config` walks you through the gate, scan scope, and pull-request reporting interactively (with a plain-language recap of what each setting does), or applies the same flags non-interactively. It edits any workflow that contains the React Doctor action step in place — preserving your other steps, jobs, inputs, and comments — and only prints a paste snippet when the file has no React Doctor step. + - `ci upgrade` bumps the GitHub Action to its current floating major. + + GitHub Actions is fully supported; GitLab CI gets a gate-only scaffold. The `install` command's CI setup is unchanged; `ci` is the focused home for managing CI on its own. + +### Patch Changes + +- [#936](https://github.com/millionco/react-doctor/pull/936) [`ba2af1b`](https://github.com/millionco/react-doctor/commit/ba2af1b7faa5ef4e1ae39e6c3b786259fba23f1f) Thanks [@aidenybai](https://github.com/aidenybai)! - Update the license to MIT with additional restrictions: the software may not be used as training, fine-tuning, or evaluation data for machine-learning models or AI systems, nor sold or resold as a commercial product or service (e.g. a paid API, SaaS, or hosted/managed service) whose value derives substantially from the software, without prior written permission (contact founders@million.dev). Each version's additional restrictions expire on the second anniversary of its release, after which that version is available under the standard MIT License (an FSL-style grant of future license). Each published package now ships its own up-to-date `LICENSE` file so the terms travel with the tarball. + + The `react-doctor` CLI also now prints a one-time notice (once per run) when it detects it is running inside an AI/ML training pipeline or agent sandbox, pointing to the license terms. + +- [#941](https://github.com/millionco/react-doctor/pull/941) [`5774deb`](https://github.com/millionco/react-doctor/commit/5774debe1e912b109ca4d9e4093a92426c221218) Thanks [@rayhanadev](https://github.com/rayhanadev)! - Speed up cold scans and bound dead-code memory on multi-project workspaces. + + - Overlap the project security scan with the lint pass instead of running it synchronously beforehand. The content-regex security sweep (shipped artifacts, dotenv, SQL — files lint never parses) was the single heaviest CPU phase on real repos and blocked the event loop the whole time. It now runs on a cooperative background fiber that yields between file chunks, so its cost hides under the subprocess-bound lint pass and stops starving a multi-project scan's concurrent git/network work. Cold scans are measurably faster (~30% on a mid-size project and workspace in local benchmarks); diagnostics are byte-identical. + - Cap concurrent dead-code (deslop) workers by a memory budget so a multi-project scan can't oversubscribe memory with many simultaneous worker processes on a small CI runner. On a roomy machine the cap exceeds the project count, so nothing serializes and scan time is unchanged. + +- [#929](https://github.com/millionco/react-doctor/pull/929) [`5f2bd72`](https://github.com/millionco/react-doctor/commit/5f2bd7254362109555194e43a019824478cb9ab5) Thanks [@skoshx](https://github.com/skoshx)! - fix: validate string array config fields (projects, textComponents, etc.) + + Non-string entries in `config.projects` caused `selectProjects` to crash with `requestedName.trim is not a function`. The validator now filters non-string entries from `projects`, `textComponents`, `rawTextWrapperComponents`, and `serverAuthFunctionNames` with warnings instead of crashing. + + Fixes [#921](https://github.com/millionco/react-doctor/issues/921) (Sentry REACT-DOCTOR-1R) + +- [#940](https://github.com/millionco/react-doctor/pull/940) [`441e6af`](https://github.com/millionco/react-doctor/commit/441e6afb55ee154e70e56f10a79565b9fd1f3295) Thanks [@rayhanadev](https://github.com/rayhanadev)! - Stop a scan from crashing when a git subprocess fails synchronously (fixes REACT-DOCTOR-1E, REACT-DOCTOR-1P, REACT-DOCTOR-20). Unlike a missing binary (`ENOENT`, which arrives on the catchable `'error'` event), `child_process.spawn` **throws synchronously** when the working directory isn't a directory (`ENOTDIR`) or the argument list exceeds the OS command-line limit (`ENAMETOOLONG` — e.g. `--scope lines` on a 1,000+-file diff on Windows). That throw escaped Effect's error channel entirely and took down the whole scan (reported to Sentry as a raw `spawn` error). The git runner now pre-flights both conditions and fails on its normal channel, so the existing fallbacks recover instead: a bad working directory degrades like an unavailable git, and an over-long `--scope lines` diff degrades to file-level scope. + +- [#966](https://github.com/millionco/react-doctor/pull/966) [`bd0f465`](https://github.com/millionco/react-doctor/commit/bd0f465e61ffb93b5716cd056b0e288365cb32ea) Thanks [@skoshx](https://github.com/skoshx)! - Fix Cursor agent handoff on Windows. Cursor installs its CLI as a PowerShell-wrapped `.cmd` that Node's `spawn()` cannot execute without `shell: true` (which would mangle the multi-line handoff prompt). The launcher now resolves Cursor's bundled `node.exe` + `index.js` under `%LOCALAPPDATA%\cursor-agent\versions\\` and spawns it directly — preserving argv integrity and bypassing the PowerShell hop. Closes [#964](https://github.com/millionco/react-doctor/issues/964). + +- [#974](https://github.com/millionco/react-doctor/pull/974) [`b6d1a87`](https://github.com/millionco/react-doctor/commit/b6d1a87cb86113a7caae072f5c9c2e1ba8ca3e31) Thanks [@rayhanadev](https://github.com/rayhanadev)! - Show staged findings in the pre-commit hook instead of swallowing them + + The generated pre-commit hook captured react-doctor's output to a temp file and + deleted it before printing, so a failing scan showed only a generic "found + staged regressions" notice — never the actual findings ([#969](https://github.com/millionco/react-doctor/issues/969)). The hook now + writes the scan output to stderr before cleanup, in both the raw hook and the + hook-manager command. It stays non-blocking by design (the commit still + proceeds); the diagnostics are simply visible now so you know what to fix. + +- [#963](https://github.com/millionco/react-doctor/pull/963) [`03b7a5f`](https://github.com/millionco/react-doctor/commit/03b7a5f79e50d42f1d4f1aaddb2587605c8edde0) Thanks [@skoshx](https://github.com/skoshx)! - Exclude TypeScript 6.x to fix bunx installation crash + + TypeScript 6.0.3 has an internal circular dependency with its `Comparison` enum + that triggers a known Bun module loader bug, causing `bunx react-doctor install` + to crash with "ReferenceError: Cannot access 'Comparison' before initialization". + Narrow the dependency range to `>=5.0.4 <6` until Bun fixes enum initialization + order (see oven-sh/bun#12805). + + The constraint covers both `react-doctor` (whose CLI imports `typescript` at + startup) and `deslop-js` (loaded by the dead-code scan, which can run under bun), + so no published package pulls TypeScript 6.x into a consumer's install tree. + + `npx` continues to work because npm's resolver handles the circular dependency + correctly. TypeScript 5.9.3 is stable and tested; TypeScript 6.x support will + return once the upstream bug is resolved. + + Closes [#962](https://github.com/millionco/react-doctor/issues/962) + +- [#934](https://github.com/millionco/react-doctor/pull/934) [`970babc`](https://github.com/millionco/react-doctor/commit/970babcb09a597f2d0891b283c2bac7f8afaef1d) Thanks [@skoshx](https://github.com/skoshx)! - Fix `--project` resolution when scanning from within a project directory whose basename matches the requested project name. + + When running react-doctor from a subdirectory (e.g., `apps/website`) and passing `--project website`, the CLI now correctly recognizes that the current directory is the requested project instead of failing with "Project 'website' is not a directory under /path/to/apps/website." + + This affects users who scan a single (non-workspace) project directory and pass that directory's own name as the project — e.g. `directory: apps/website` together with `--project website` (or `projects: ["website"]` in config). The `*` ("all projects") default is unaffected: it short-circuits to the root directory and never goes through name resolution. + +- [#938](https://github.com/millionco/react-doctor/pull/938) [`229ea2e`](https://github.com/millionco/react-doctor/commit/229ea2e12e95e8af3279988c6c1c7a653bf5f6c5) Thanks [@skoshx](https://github.com/skoshx)! - fix(staged): log warning when getStagedSourceFiles encounters git errors + + When git commands fail (missing git binary, corrupted repo, permission errors), `getStagedSourceFiles` now logs a warning message showing the error instead of silently returning an empty array. This makes `--staged` failures much easier to debug while still gracefully degrading. + +- [#957](https://github.com/millionco/react-doctor/pull/957) [`5893a56`](https://github.com/millionco/react-doctor/commit/5893a56f03c70eb9ca1ff5f88879a9acf3306f36) Thanks [@skoshx](https://github.com/skoshx)! - Fix mojibake (`ÔÇö`, `├ù`) in CLI output on Windows. The console was decoding + react-doctor's UTF-8 bytes with a non-UTF-8 code page (CP-850/437 in cmd.exe), + so `—`, `×`, `›`, and box-drawing rendered as garbage — including in VS Code's + terminal. Switch the Windows console to UTF-8 (code page 65001) once at CLI + startup (console-only, best-effort), which fixes every glyph at the source + rather than swapping individual characters for ASCII. Closes [#956](https://github.com/millionco/react-doctor/issues/956). + +- [#967](https://github.com/millionco/react-doctor/pull/967) [`43267da`](https://github.com/millionco/react-doctor/commit/43267da930fa25b9fa78e30de80f8d102c753a45) Thanks [@skoshx](https://github.com/skoshx)! - Install agent hooks (Cursor, Claude Code) as a Node `.mjs` runner invoked via `node` instead of a `#!/bin/sh` script, so they run on Windows without Git Bash/WSL/Cygwin. Closes [#965](https://github.com/millionco/react-doctor/issues/965). + +- [#930](https://github.com/millionco/react-doctor/pull/930) [`ea4d9af`](https://github.com/millionco/react-doctor/commit/ea4d9afd4f2afc15c5d52217c3d001bd02b84046) Thanks [@skoshx](https://github.com/skoshx)! - Degrade gracefully when git is unavailable or diff base ref is missing (fixes REACT-DOCTOR-F, REACT-DOCTOR-1K, REACT-DOCTOR-14, REACT-DOCTOR-22). CI containers without git installed and shallow clones missing the diff base ref now fall back to a full scan with a clear warning instead of crashing and reporting to Sentry. + +- [#926](https://github.com/millionco/react-doctor/pull/926) [`b8188e0`](https://github.com/millionco/react-doctor/commit/b8188e096bd0107e6ed350c7d77f582c99f79bbc) Thanks [@skoshx](https://github.com/skoshx)! - Fix `react-doctor install` crashes on pre-existing malformed/conflicting agent config. The install command now handles three user-environment failure modes gracefully with clear error messages instead of unhandled exceptions: + + 1. Malformed JSON in `~/.claude/settings.json` or `~/.cursor/hooks.json` (REACT-DOCTOR-25) + 2. Directory path blocked by an existing file at `~/.claude/skills` or parent paths (REACT-DOCTOR-17) + 3. Permission denied when target directories aren't writable (REACT-DOCTOR-1A) + + These errors are now treated as expected user-environment conditions (not react-doctor bugs) and surface actionable messages without Sentry reports. + +- [#939](https://github.com/millionco/react-doctor/pull/939) [`986557d`](https://github.com/millionco/react-doctor/commit/986557d4ccebe26d16f73468773bed6cefa7d52f) Thanks [@rayhanadev](https://github.com/rayhanadev)! - Align `react-doctor install`'s agent selection with the Vercel `skills` CLI so it stops scattering skill directories across your project. The prompt previously detected every agent with a config dir anywhere in `$HOME` (`~/.codebuddy`, `~/.crush`, `~/.goose`, `~/.kilocode`, …) and **pre-selected all of them**, so a single Enter copied `.codebuddy/`, `.crush/`, `.goose/`, … into the project root. + + Now, following that CLI's heuristic, the default selection is: + + - your **remembered** last pick (persisted globally, like `skills`' `lastSelectedAgents` lock), else + - a small curated set of popular agents (`claude-code`, `cursor`, `codex`, `opencode`), else + - a lone detected agent when that's the only one — and otherwise nothing, so you make a deliberate choice. + + Every detected agent is still shown so the rest are one keystroke away; they're just no longer pre-checked. A non-interactive run (`--yes` / CI) still installs to all detected agents, matching `skills`' `--yes`. + +- [#947](https://github.com/millionco/react-doctor/pull/947) [`05cafc6`](https://github.com/millionco/react-doctor/commit/05cafc669a5ff1e6c87daf83e9fa2972fe90c7e4) Thanks [@skoshx](https://github.com/skoshx)! - Add `--json-out ` flag to write JSON reports to a file instead of stdout + +- [#944](https://github.com/millionco/react-doctor/pull/944) [`0c19858`](https://github.com/millionco/react-doctor/commit/0c198589d81702cc0b59cfe6d41e63329154e203) Thanks [@rayhanadev](https://github.com/rayhanadev)! - Organize the per-scan Sentry "wide event" under dotted namespaces. The root-span attributes had accreted into a flat, half-namespaced set (~50 keys, most bare); each now carries a namespace matching its concept — `scan.*` (config + `scan.fileCount`), `action.*` (CI/action knobs), `outcome.*` (verdict), `diag.*` (findings), `score.*`, `lint.*`, `deadCode.*`, `supplyChain.*`, `timing.*` — alongside the already-namespaced `migration.*`/`baseline.*`. Applied via a single `withNamespace` helper so the prefix lives in one place instead of being hand-spelled per key. Pure rename: value types are preserved (numbers stay numeric so `p75`/`avg` keep working) and the keys stay filter-/group-/aggregate-able in Sentry's Spans dataset. Run/project base tags and all metrics are unchanged. + +- [#917](https://github.com/millionco/react-doctor/pull/917) [`7a673d2`](https://github.com/millionco/react-doctor/commit/7a673d20238903b4ef2d2b525379bec96cec2642) Thanks [@rayhanadev](https://github.com/rayhanadev)! - Remember the post-scan "What would you like to do next?" pick. The interactive handoff prompt now pre-selects whatever the user chose last (an agent, "copy to clipboard", or "skip"), so the common "always hand off to the same agent" path is a single Enter. The choice is remembered per user in the existing CLI state file via a new `Preference` lifecycle primitive; a remembered agent that's since been uninstalled falls back to highlighting the first option, and pressing Esc leaves the prior preference untouched. + +- [#928](https://github.com/millionco/react-doctor/pull/928) [`734c564`](https://github.com/millionco/react-doctor/commit/734c564db30507b99246f08308fa4ab68235194b) Thanks [@skoshx](https://github.com/skoshx)! - Stop reporting unactionable environment errors to Sentry. A narrow set of filesystem conditions react-doctor cannot fix — a full disk (`ENOSPC`), a failing or read-only disk (`EIO`/`EROFS`), denied permissions (`EACCES`/`EPERM`), a path blocked by a file (`ENOTDIR`), or a missing binary (`spawn … ENOENT`) — now exit cleanly with an actionable message instead of crashing with a stack trace and appearing as product defects in Sentry. The set is deliberately narrow: codes that usually indicate a react-doctor bug (a missing file we expected, or an over-long argv such as `ENAMETOOLONG`) keep reaching Sentry. A low-cardinality `cli.env_error` metric, keyed by code, tracks how often these occur without inflating the crash dashboard. Closes REACT-DOCTOR-13, REACT-DOCTOR-1V, REACT-DOCTOR-24. + +- Updated dependencies [[`ba2af1b`](https://github.com/millionco/react-doctor/commit/ba2af1b7faa5ef4e1ae39e6c3b786259fba23f1f), [`b69f4a7`](https://github.com/millionco/react-doctor/commit/b69f4a75360ad17d1d149aeb9de16835e792606a), [`a7ad969`](https://github.com/millionco/react-doctor/commit/a7ad969e5621ce1f61422b9bf578da600220d3e2), [`03b7a5f`](https://github.com/millionco/react-doctor/commit/03b7a5f79e50d42f1d4f1aaddb2587605c8edde0), [`c72b560`](https://github.com/millionco/react-doctor/commit/c72b560682f1254aa4dd793898f2eed48afdbe27), [`f69f216`](https://github.com/millionco/react-doctor/commit/f69f21681dd7f17d632a09d742d501ef0b9b3047), [`6339f71`](https://github.com/millionco/react-doctor/commit/6339f715cc1a30521a699b818140ec2fae6f569e), [`7f9e7f4`](https://github.com/millionco/react-doctor/commit/7f9e7f42832f40a32d7583126c096067f948856f)]: + - oxlint-plugin-react-doctor@0.6.0 + - deslop-js@0.6.0 + ## 0.5.8 ### Patch Changes diff --git a/packages/react-doctor/package.json b/packages/react-doctor/package.json index a64cbd97e..98c1ac2d8 100644 --- a/packages/react-doctor/package.json +++ b/packages/react-doctor/package.json @@ -1,6 +1,6 @@ { "name": "react-doctor", - "version": "0.5.8", + "version": "0.6.0", "description": "Your agent writes bad React. This catches it", "keywords": [ "accessibility",