Skip to content

chore: gitignore package-lock.json (mirror Cargo.lock policy)#57

Merged
hyperpolymath merged 1 commit into
mainfrom
chore/gitignore-vscode-package-lock
May 18, 2026
Merged

chore: gitignore package-lock.json (mirror Cargo.lock policy)#57
hyperpolymath merged 1 commit into
mainfrom
chore/gitignore-vscode-package-lock

Conversation

@hyperpolymath
Copy link
Copy Markdown
Owner

@hyperpolymath hyperpolymath commented May 18, 2026

vscode-extension/package-lock.json was untracked but not gitignored, so it perpetually showed in git status (it surfaced repeatedly during the stdlib PRs) and risked accidental staging.

This repo already deliberately gitignores Cargo.lock. Applying the same lockfile policy to the npm side keeps the working tree clean and consistent. The only such file in the repo is the VS Code extension's, so the bare package-lock.json pattern is safe.

🤖 Generated with Claude Code

@hyperpolymath @claude
chore: gitignore package-lock.json (mirror Cargo.lock policy)
581e29e 
vscode-extension/package-lock.json was untracked but not ignored, so it
permanently showed in `git status` and risked accidental staging. This
repo already deliberately gitignores Cargo.lock; apply the same lockfile
policy to the npm side (the only such file is the vscode extension's).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@hyperpolymath hyperpolymath merged commit aed5bfa into main May 18, 2026
10 of 11 checks passed
@hyperpolymath hyperpolymath deleted the chore/gitignore-vscode-package-lock branch May 18, 2026 10:06
@hyperpolymath hyperpolymath mentioned this pull request May 18, 2026
Merged
hyperpolymath added a commit that referenced this pull request May 18, 2026
@hyperpolymath @claude
fix(vscode): make the packaged .vsix actually load (Refs #62) (#63)
0dc33aa 
Building the .vsix per #62 surfaced a wiring defect: PR #58 switched the
compile to `--vscode-extension` codegen, whose auto-glue emits a top-level
`require("@hyperpolymath/affine-vscode")` — an unpublished npm package — while
the repo still routed activation through the hand-written `src/index.cjs` +
vendored `src/affine-vscode-adapter.cjs`. Result: VS Code loaded
`src/index.cjs` -> `require("../out/extension.cjs")` -> MODULE_NOT_FOUND on
`@hyperpolymath/affine-vscode`; the extension crashed on activation.

Fix, using the mechanism affinescript already provides:

- `compile`/`vscode:prepublish`: pass
  `--vscode-extension-adapter=../src/affine-vscode-adapter.cjs` so the
  auto-glue requires the already-vendored adapter by relative path (no npm
  package, resolves offline). `affinescript compile --help` documents this
  flag precisely for "vendoring a custom adapter".
- `main`: `./src/index.cjs` -> `./out/extension.cjs` — the directly-loadable
  entry the `--vscode-extension` codegen is designed to produce (#58/#105's
  stated end-state). `src/index.cjs` is now dead and removed.
- `vscode:prepublish`: no longer shells through `npm run` (repo CLAUDE.md
  bans npm) — it is the affinescript invocation directly.
- Add `.vscodeignore` so lockfiles/build noise stay out of the .vsix.
- `.gitignore`: ignore bun/deno lockfiles and the built `*.vsix`
  (distributed via GitHub Release, not git), extending the #57 policy.

Verified: `out/extension.cjs` loads standalone; from the packaged .vsix's
bundled tree `extraImports()` returns {Vscode, VscodeLanguageClient} with
only host-provided `vscode` stubbed; `activate`/`deactivate` present.
`my-lang-0.3.0.vsix` (324 files) now packages as a *functional* artifact.

Refs #62

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 19, 2026

🔍 Hypatia Security Scan

Findings: 35 issues detected

Severity Count
🔴 Critical 6
🟠 High 11
🟡 Medium 18

⚠️ Action Required: Critical security issues found!

View findings 
[
  {
    "reason": "Issue in quality.yml",
    "type": "missing_workflow",
    "file": "quality.yml",
    "action": "create",
    "rule_module": "workflow_audit",
    "severity": "high"
  },
  {
    "reason": "Issue in security-policy.yml",
    "type": "missing_workflow",
    "file": "security-policy.yml",
    "action": "create",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Action hyperpolymath/standards/.github/workflows/governance-reusable.yml@main needs attention",
    "type": "unpinned_action",
    "file": "governance.yml",
    "action": "pin_sha",
    "rule_module": "workflow_audit",
    "severity": "high"
  },
  {
    "reason": "unwrap_or(0) with dangerous default (1 occurrences, CWE-754)",
    "type": "unwrap_dangerous_default",
    "file": "/home/runner/work/my-lang/my-lang/_exploratory/me-scaffolding/crates/parser/src/lib.rs",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "critical"
  },
  {
    "reason": "expect() in hot path (80 occurrences, CWE-754)",
    "type": "expect_in_hot_path",
    "file": "/home/runner/work/my-lang/my-lang/_exploratory/me-scaffolding/crates/parser/src/lib.rs",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "medium"
  },
  {
    "reason": "unwrap() without prior check -- DoS via panic (1 occurrences, CWE-754)",
    "type": "unwrap_without_check",
    "file": "/home/runner/work/my-lang/my-lang/my-ssg/src/generator.rs",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "high"
  },
  {
    "reason": "expect() in hot path (5 occurrences, CWE-754)",
    "type": "expect_in_hot_path",
    "file": "/home/runner/work/my-lang/my-lang/crates/my-mir/src/lib.rs",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "medium"
  },
  {
    "reason": "unwrap() without prior check -- DoS via panic (26 occurrences, CWE-754)",
    "type": "unwrap_without_check",
    "file": "/home/runner/work/my-lang/my-lang/crates/my-fmt/src/lib.rs",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "high"
  },
  {
    "reason": "unwrap() without prior check -- DoS via panic (1 occurrences, CWE-754)",
    "type": "unwrap_without_check",
    "file": "/home/runner/work/my-lang/my-lang/crates/my-hir/src/lib.rs",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "high"
  },
  {
    "reason": "unwrap() without prior check -- DoS via panic (3 occurrences, CWE-754)",
    "type": "unwrap_without_check",
    "file": "/home/runner/work/my-lang/my-lang/crates/my-llvm/src/lib.rs",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "high"
  }
]

Powered by Hypatia Neurosymbolic CI/CD Intelligence

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@hyperpolymath