UNPKG

@jobgetapp/rush-enforce-categories-plugin

Version:

Utility to ensure rush projects to not leak internal code.

github.com/jobgetapp/jobgetapp

jobgetapp/jobgetapp

93 lines (74 loc) 2.15 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
# @jobgetapp/rush-enforce-categories-plugin ## Project description This is a script that ensures public or externally facing projects do not leak code from private projects. Consider the following ``` #rush.json ... { "packageName": "@jobgetapp/secret-code", "projectFolder": "packages/libs/secret-code", "reviewCategory": "private", "versionPolicyName": "packable" }, { "packageName": "@jobgetapp/public-site", "projectFolder": "packages/deployments/web", "reviewCategory": "public", "versionPolicyName": "packable" }, ... ``` We would want to ensure that nowhere in the dependency tree of `@jobgetapp/public-site` is `@jobgetapp/secret-code`, as tree shaking may not remove code containing private intellectual property. To do this we rely on the rush approved packages system, and using the following configuration. ``` # common/config/rush-plugins/enforce-categories.json { "categoryRestrictions": [{ "category": "private", "forbiddenCategories": ["public"] }] } ``` When the `rush enforce-categories` utility is ran, it will ensure that no project with the `private` review category shows up inside `browser-approved-packages.json` with `allowedCategories` containing `public`. ## Usage ### Failing Example ``` # browser-approved-packages.json { "$schema": "https://developer.microsoft.com/json-schemas/rush/v5/approved-packages.schema.json", "packages": [ { "name": "@jobgetapp/secret-code", "allowedCategories": [ "private", "public" ] }, { "name": "@jobgetapp/public-site", "allowedCategories": [ "public" ] }, ... ] ``` ``` rush enforce-categories @jobgetapp/secret-code is restricted by category: public Found 1 category errors ``` ### Passing Example ``` # browser-approved-packages.json { "$schema": "https://developer.microsoft.com/json-schemas/rush/v5/approved-packages.schema.json", "packages": [ { "name": "@jobgetapp/secret-code", "allowedCategories": [ "private" ] }, { "name": "@jobgetapp/public-site", "allowedCategories": [ "public" ] }, ... ] ``` ``` rush enforce-categories ```