Releases: compactbench/hardened
Releases · compactbench/hardened
v0.1.2
Install
npm install -D hardened
npx hardened risk scanFixed
--versionoutput and SARIFtool.driver.versionnow match the installed package version.- Auto-fix declares
hardened-runtime@^0.1.2.
Full changelog
v0.1.1
Initial working release of hardened — a deterministic TypeScript CLI that finds production-reliability risks in source and applies reviewable codemod-style fixes.
Install
npm install -D hardened
npx hardened risk scanPackages
hardened@0.1.1— CLI (hardened risk scan/hardened risk fix/hardened risk fix --pr/hardened init)@hardened/core@0.1.1— scanner + fixer engine@hardened/rules-risk@0.1.1— 7 production-reliability ruleshardened-runtime@0.1.1—resilient()wrapper with caller-side deadlines
Rules shipped
| Rule | Severity | Auto-fix |
|---|---|---|
risk/http-no-timeout |
error | yes |
risk/db-no-query-timeout |
error | yes |
risk/prisma-no-timeout |
error | yes |
risk/fetch-no-abort-signal |
warning | finding-only |
risk/floating-promise |
warning | finding-only |
risk/await-in-loop |
warning | finding-only |
risk/promise-all-no-settled |
info | finding-only |
See the full CHANGELOG.md for platform features, known limitations, and benchmarks.
Note on 0.1.0
0.1.0 was briefly published but shipped with unresolved workspace:* markers in its dependency specs (an npm publish vs pnpm publish quirk), causing npm install hardened to fail with EUNSUPPORTEDPROTOCOL. 0.1.1 fixes that. The 0.1.0 tarballs remain on npm but are deprecated — install 0.1.1 or newer.
Known issue
npx hardened --version currently reports 0.1.0 due to a hard-coded version string. Functionality is unaffected (this is the 0.1.1 release). Will be fixed in 0.1.2.