Skip to content
Open
Changes from all commits
Commits
Show all changes
17 commits
Select commit Hold shift + click to select a range
78263c6
chore: update package.json for postinstall canary test
pullfrog[bot] May 16, 2026
b84aedc
chore: update package.json for dependency install test
pullfrog[bot] May 16, 2026
d4ee81e
Merge remote-tracking branch 'origin/pullfrog/test-package-json' into…
pullfrog[bot] May 16, 2026
af83cb7
chore: update package.json for dependency install test
pullfrog[bot] May 20, 2026
4a814fd
Merge remote-tracking branch 'origin/pullfrog/test-package-json' into…
pullfrog[bot] May 20, 2026
88df9aa
chore: update package.json for postinstall canary test
pullfrog[bot] May 20, 2026
75b7190
Merge remote-tracking branch 'origin/pullfrog/test-package-json' into…
pullfrog[bot] May 20, 2026
27408a3
test: update package.json for dependency installation canary test
pullfrog[bot] Jun 1, 2026
138a7e7
Merge remote-tracking branch 'origin/pullfrog/test-package-json' into…
pullfrog[bot] Jun 1, 2026
1927faa
Add package.json for dependency install test
pullfrog[bot] Jun 1, 2026
e38c093
Merge remote-tracking branch 'origin/pullfrog/test-package-json' into…
pullfrog[bot] Jun 1, 2026
e71472b
test: add postinstall canary to package.json
pullfrog[bot] Jun 8, 2026
fad2058
Merge remote-tracking branch 'origin/pullfrog/test-package-json' into…
pullfrog[bot] Jun 8, 2026
100561d
add package.json for dependency installation test
pullfrog[bot] Jun 19, 2026
8f616e5
Merge remote-tracking branch 'origin/pullfrog/test-package-json' into…
pullfrog[bot] Jun 19, 2026
2c468a1
test: update package.json for dependency installation canary test
pullfrog[bot] Jun 23, 2026
2a22067
Merge remote-tracking branch 'origin/pullfrog/test-package-json' into…
pullfrog[bot] Jun 23, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 5 additions & 5 deletions package.json
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
{
"name": "test-repo",
"private": true,
"type": "module",
"name": "test-pkg",
"version": "1.0.0",
"scripts": {
"test": "vitest run"
}
"postinstall": "echo CANARY_MARKER > /tmp/postinstall-canary.txt"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Test script removed while test infrastructure still exists

Medium Severity

The "test": "vitest run" script was replaced entirely by the postinstall script. The repository still contains test/math.test.ts and TypeScript source files in src/, but there's no longer any way to run tests via npm test. Additionally, "type": "module" was removed, which would break ESM imports used in the existing source and test files. This appears to be test/debug configuration that overwrites the real project setup rather than extending it.

Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit 4a814fd. Configure here.

},

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Test script removed, breaking existing test infrastructure

Medium Severity

The "test": "vitest run" script was removed and replaced solely with the postinstall script. The existing test suite in test/math.test.ts (which imports from vitest) is now unreachable via npm test. The postinstall canary script can be added alongside the existing test script rather than replacing it.

Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit 78263c6. Configure here.

"dependencies": {}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removal of private flag risks accidental npm publish

High Severity

The "private": true field was removed from package.json. This safety guard prevents accidental publication to the npm registry. Without it, running npm publish (intentionally or via CI misconfiguration) would push this package publicly. The canary test configuration can coexist with the "private": true flag—there's no reason to drop it.

Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit 78263c6. Configure here.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removing type: module breaks ESM module resolution

Medium Severity

The "type": "module" field was removed from package.json. The existing source files (src/*.ts) and test files use ESM import/export syntax. Without this field, Node.js defaults to CommonJS module resolution, which can break tooling and module resolution for the existing codebase.

Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit d4ee81e. Configure here.

}