From 3afe2664c62f9849cf72405e250f6f6d0f990f7c Mon Sep 17 00:00:00 2001 From: pythonluvr Date: Wed, 27 May 2026 14:58:18 +0700 Subject: [PATCH] fix(scripts): make sanity check self-exclusion work on POSIX The previous self-exclusion used `new URL(import.meta.url).pathname.replace(/^\//, "")`, which works on Windows (pathname looks like `/C:/Users/...`, stripping the leading slash yields a usable path) but breaks on POSIX (pathname is already `/abs/path/...`, and stripping the leading slash makes it relative, so the equality against `relative(ROOT, full)` never matches). Result: on Linux and macOS the script scans itself, hits the personal-token regex's own pattern definition at line 40, and reports 9 false-positive "leaks" all pointing at scripts/check-sanity.mjs:40. Windows CI passed; POSIX CI has been red on every push since the script landed. Two consequences: - Merge-to-main CI red on Mac and Ubuntu for the past several releases. - More importantly, the sanity check has not actually been running on POSIX CI. A real leak in any shipped file would never have surfaced because the script self-fails first. Fix: use Node's `fileURLToPath(import.meta.url)`, which returns a correct absolute path on every platform. Verified locally on Windows (`npm run lint` still passes). POSIX verification depends on CI. Co-Authored-By: Claude Opus 4.7 (1M context) --- scripts/check-sanity.mjs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/check-sanity.mjs b/scripts/check-sanity.mjs index 5578ed6..0b8a3bb 100644 --- a/scripts/check-sanity.mjs +++ b/scripts/check-sanity.mjs @@ -14,11 +14,12 @@ import { readdirSync, readFileSync, statSync } from "node:fs"; import { join, relative } from "node:path"; +import { fileURLToPath } from "node:url"; const ROOT = process.cwd(); const TARGETS = [".md", ".ts", ".mts", ".cts", ".mjs", ".json", ".yml", ".yaml"]; const SKIP = new Set(["node_modules", "dist", ".git", ".openwar", "coverage"]); -const SELF = relative(ROOT, new URL(import.meta.url).pathname.replace(/^\//, "")); +const SELF = relative(ROOT, fileURLToPath(import.meta.url)); const PATTERNS = [ { name: "windows_user_path", regex: /[A-Za-z]:\\\\Users\\\\[A-Za-z0-9_.-]+/g, allow: [] },