[New] add TypeScript types

[G-Rath]

For now I've just typed these out manually based on what we're using internally - while it would be good to have some tests at some point, I'm hoping/recommending not blocking on that for now as I think the types are small enough to be easy to maintain manually for the time being.

Resolves #3090

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 95.46%. Comparing base (67cc798) to head (e7392f5).

Additional details and impacted files

@@             Coverage Diff             @@
##             main    #3097       +/-   ##
===========================================
+ Coverage   81.99%   95.46%   +13.46%     
===========================================
  Files          94       83       -11     
  Lines        4154     3570      -584     
  Branches     1395     1247      -148     
===========================================
+ Hits         3406     3408        +2     
+ Misses        748      162      -586     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[ljharb]

Can we add a tsc run, at least?

[OlivierZal]

We could also add types for settings, something like:

settings?: Record<string, unknown> & {
  // we can add here every known property
  'import/resolver'?: Record<string, unknown> &
    { typescript?: { alwaysTryTypes?: boolean } }
  'import/extensions'?: ...
}

[G-Rath]

Yup in the long-run that'd be ideal and I'm happy to help work on that but I'd prefer to not block this on that since I'm not super familiar with all the settings and really right now their types won't get used out of the box since the new config system doesn't result in the types getting automatically applied.

i.e. they'd be useful for letting you manually type an object via pluginImport['settings'] but that's a more complex setup

[G-Rath]

(I actually only happened to include rules at all as I had that type on hand from what we've got in eslint-plugin-jest - you could make the same point that ideally the rules could be typed with all their settings, but again that'd be a lot of work for something that right now wouldn't be that usable)

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@angular-eslint/[email protected]	Transitive: environment, eval, filesystem, unsafe	+78	11 MB	jameshenry
npm/@types/[email protected]	None	+2	250 kB	types
npm/@typescript-eslint/[email protected]	Transitive: environment, eval, filesystem, unsafe	+90	8.63 MB	jameshenry
npm/[email protected]	Transitive: environment, eval, filesystem, shell	+128	7.96 MB	hzoo
npm/[email protected]	Transitive: environment, filesystem	+19	4.65 MB	kaicataldo
npm/[email protected]	filesystem Transitive: environment	+2	180 kB	tleunen
npm/[email protected]	Transitive: environment, eval, filesystem	+101	7.68 MB	lencioni
npm/[email protected]	Transitive: environment, eval, filesystem	+5	2.34 MB	loganfsmyth
npm/[email protected]	None	+6	872 kB	chaijs
npm/[email protected]	environment Transitive: filesystem, shell	+6	74.5 kB	kentcdodds
npm/[email protected]	Transitive: eval	+14	1.51 MB	nzakas
npm/[email protected]	Transitive: environment, eval, filesystem, shell, unsafe	+123	11.9 MB	bmishkin
npm/[email protected]	Transitive: environment, filesystem	+3	161 kB	bradzacher
npm/[email protected]	filesystem	0	105 kB	not-an-aardvark
npm/[email protected]	None	+1	1.43 MB	abandeali
npm/find-babel-config@=1.2.0	None	0	13.8 kB	tleunen
npm/[email protected]	filesystem	0	8.57 kB	coderaiser
npm/[email protected]	None	0	4.01 kB	iarna
npm/jackspeak@=2.1.1	None	0	210 kB	isaacs
npm/jsonc-parser@=3.2.0	None	0	205 kB	alexandrudima, joaomoreno.ms, kaimaetzel, ...4 more
npm/[email protected]	filesystem Transitive: shell	+5	338 kB	timoxley
npm/[email protected]	None	0	3.36 kB	jdalton
npm/[email protected]	Transitive: environment, filesystem, shell	+30	5.1 MB	davidanson
npm/[email protected]	environment Transitive: filesystem, shell	+2	117 kB	timoxley
npm/[email protected]	environment Transitive: eval	+4	2.2 MB	timdorr
npm/[email protected]	filesystem	0	15.5 kB	isaacs
npm/[email protected]	environment, shell	0	19 kB	ljharb
npm/[email protected]	None	+7	6.9 MB	mrgnrdrck

🚮 Removed packages: npm/@types/[email protected], npm/@typescript-eslint/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected]

View full report↗︎

[G-Rath]

Can we add a tsc run, at least?

Done - note that it requires using typescript v5 since types like @types/node require that version, which led to a weird "works locally but not in CI", but I think I've got that resolved and should be good enough for now 🤞

[ljharb]

shouldn't noEmit be set in tsconfig, and tsc be run on the whole project?

also, let's add typescript to the dev deps rather than using npx.

[G-Rath]

The issue is typescripts already a dev dependency but supporting versions from 2 through to 4, whereas this check has to use v5 because @types requires that as a min. version and I assume that the older versions are required for a reason.

I didn't create a tsconfig.json as that will be picked up by any running of typescript, and having it defined can change other aspects of linting such as what files are included by default.

[G-Rath]

shouldn't noEmit be set in tsconfig, and tsc be run on the whole project?

That'd mean the whole codebase would get type checked, requiring it to be correctly typed - while I personally would support that, I think it's out of scope for this pr

[G-Rath]

So I did have a go at running tsc across the whole codebase just to see how much we'd get, and well with strict mode its 3498 errors and without it its 857 😅

Technically, we could have a tsconfig.json that includes just the .d.ts (and even .js because checkJs is false by default), but it feels weird to me having that as that only config option and for just a single small file...

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source	CI
Protestware or potentially unwanted behavior	npm/[email protected]	Note: This package prints a protestware console message on install regarding Ukraine for users with Russian language locale	package.json	⚠︎
Protestware or potentially unwanted behavior	npm/[email protected]	Note: The script attempts to run a local post-install script, which could potentially contain malicious code. The error handling suggests that it is designed to fail silently, which is a common tactic in malicious scripts.	package.json	⚠︎

View full report↗︎

Next steps

What is protestware?

This package is a joke, parody, or includes undocumented or hidden behavior unrelated to its primary function.

Consider that consuming this package may come along with functionality unrelated to its primary purpose.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/[email protected]