stacklok / toolhive-studio / 25786258611 / 1
70%
main: 70%

DEFAULT BRANCH: main
Ran
Files 511
Run time 14s
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 68.652%. Remained the same
25786258611.1

push

github

web-flow 
chore(pnpm): migrate to pnpm 11.1.1 (#2239)

* chore(pnpm): migrate to pnpm 11.1.1

pnpm 11 stops reading settings from .npmrc and the \`pnpm\` field of package.json, replaces onlyBuiltDependencies with allowBuilds, and turns blockExoticSubdeps on by default. Consolidates all pnpm config into pnpm-workspace.yaml (nodeLinker, engineStrict, allowBuilds with @swc/core + @tailwindcss/oxide added back, auditConfig, overrides, patchedDependencies), drops .npmrc, removes the package.json pnpm field, and pins corepack via \`packageManager: pnpm@11.1.1\`.

The previously needed \`blockExoticSubdeps: false\` opt-out is no longer required: pnpm 11 applies overrides before the exotic-subdep check (unlike pnpm 10.31), so the @electron/rebuild@^4.0.4 override prevents the git-sourced @electron/node-gyp transitive from ever entering the tree. The redundant @electron/node-gyp pin from #2234 is also dropped.

Drops the plist@3.1.0 compat patch (added in #1901 alongside the xmldom 0.9 bump). pnpm 11's fresh resolve no longer pulls plist@3.1.0 into the tree, and the underlying xmldom security override (@xmldom/xmldom: >=0.9.10) stays in place. pnpm 11 also promoted unused-patch from warning to hard error (ERR_PNPM_UNUSED_PATCH), so the stale entry had to go.

Bumps CI pnpm to 11.1.1 in .github/actions/setup and renovate-post-upgrade. Teaches the security-fix-agent workflow that overrides now live in pnpm-workspace.yaml (fingerprint, diff check, git add). Updates the security-vuln-remediation skill (Claude canonical + Codex/Cursor mirrors) and the .grype.yaml comment to point at the new override location.

Refs #2224, #2231, #2234, #2238.

* chore(security): add pnpm audit signatures and drop --ignore-registry-errors

Adds \`pnpm audit signatures\` (new in pnpm 11.1) as a second step in the existing PNPM Audit job. Verifies ECDSA signatures of installed packages against the registry's public keys at /-/npm/v1/keys — catches post-publish tampering, which the existing CVE-... (continued)

4838 of 7610 branches covered (63.57%)

7227 of 10527 relevant lines covered (68.65%)

118.77 hits per line

Source Files on job 25786258611.1