chore: modernize dev tooling — ESLint 10 + Prettier 3 + mocha 11 + chai 4#5
Merged
Merged
Conversation
…ai 4 Dev-only change; no runtime behavior shift. Verified: 82 mocha tests still pass, conformance spec green, Node 4 floor smoke green, runtime audit clean (0 vulns). Tooling changes: - Remove .jshintrc, .jscs.json, Gruntfile.js (JSCS dead since 2016, JSHint vestigial, Grunt 0.4 unmaintained). - Add eslint.config.js (flat config, ES5-targeted for lib/test files). - Add .prettierrc.json + .prettierignore. - Replace grunt-* devDeps with eslint + @eslint/js + prettier. - Bump mocha ~1.12.0 → ^11 and chai ~1.7.2 → ^4 (chai 4 is last CJS-compatible; chai 5 is ESM-only). Tests use should() API which is compatible across both major versions. Source files reformatted by Prettier (no semantic changes — verified by conformance spec staying green). Scripts: - New: npm run lint, npm run format, npm run format:check - npm test now runs lint + format:check + mocha CI: - New job: Lint + format (eslint + prettier --check) - npm install no longer needs --legacy-peer-deps - npm audit job removed `|| echo` swallow; now hard-fails on runtime vulns. Full audit (incl. devDeps) reduced from 27 vulns to 3 (all in mocha's transitive deps on latest mocha; dev-only, doesn't ship).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Dev tooling brought up to 2026 standards. No runtime behavior change — all 82 mocha tests still pass, conformance spec green, Node 4 floor smoke green, runtime
npm audit --omit=devreports 0 vulnerabilities.What changed
.jshintrc(JSHint, vestigial)eslint.config.js(ESLint 10 flat config, ES5-targeted).jscs.json(JSCS, archived 2016).prettierrc.json(Prettier 3)Gruntfile.js(Grunt 0.4)lint,format,format:check,test)mocha ~1.12.0(2013)mocha ^11.7.5chai ~1.7.2(2013)chai ^4.5.0(last CJS-compatible)Source files reformatted by Prettier — verified semantics-preserving by conformance spec staying green.
Audit picture
npm audit --omit=dev(runtime)npm audit(full, incl. devDeps)Remaining 3 are upstream in
mocha@11.7.5's transitivediffandserialize-javascript(mocha is on its latest; no downstream fix). Dev-only, doesn't ship.CI changes
Lint + format—eslint .+prettier --check .npm installno longer needs--legacy-peer-depsauditjob no longer swallows non-zero with|| echo— hard-fails on runtime vulnsTest plan
Lint + formatjob greenConformance against qs@latestgreennpm audit (runtime only)greenNotes
npm pack --dry-runwill still ship the same 7 files (LICENSE, README, SECURITY.md, index.js, lib/param.js, lib/deparam.js, package.json)npm packitself unchanged in size — devDeps don't ship