openclaw/reporting-governance-plugin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(reporting-governance): tighten packed tarball hygiene

Browse Source
This commit is contained in:
Eve
2026-05-08 15:53:07 +08:00
parent 8a91206e07
commit c3b9e12474
2 changed files with 34 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
plugins/reporting-governance/test/packed-consumer-install.smoke.test.mjs
View File

@@ -6,6 +6,12 @@ import path from 'node:path';
import { spawnSync } from 'node:child_process';
const packageRoot = path.resolve(import.meta.dirname, '..');
const unexpectedPackedPathMatchers = [
/\.tgz$/,
/^state\//,
/^docs\//,
/^node_modules\//,
];
function run(command, args, { cwd, env = {} } = {}) {
const result = spawnSync(command, args, {
@@ -31,6 +37,24 @@ function run(command, args, { cwd, env = {} } = {}) {
return result;
}
test('packed tarball excludes nested tarballs and obvious repo junk', () => {
const packResult = run('npm', ['pack', '--json', '--dry-run'], { cwd: packageRoot });
const packPayload = JSON.parse(packResult.stdout.trim());
const files = packPayload.at(-1)?.files?.map((entry) => entry.path) ?? [];
assert.ok(files.length > 0, 'npm pack --dry-run should report packed files');
for (const packedPath of files) {
for (const matcher of unexpectedPackedPathMatchers) {
assert.equal(
matcher.test(packedPath),
false,
`packed tarball should not include ${packedPath}`
);
}
}
});
test('packed tarball installs into clean consumer and works via public exports/bin only', () => {
const root = fs.mkdtempSync(path.join(os.tmpdir(), 'reporting-governance-packed-consumer-'));