From 27530101da65b1ff150c99dcf01b32df484f4263 Mon Sep 17 00:00:00 2001
From: miccy <9729864+miccy@users.noreply.github.com>
Date: Tue, 5 May 2026 03:37:45 +0000
Subject: [PATCH] =?UTF-8?q?=F0=9F=A7=B9=20Resolve=20PR=20#24=20code=20revi?=
 =?UTF-8?q?ew=20comments=20and=20bump=20version=20to=202.0.0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/docs/playwright.config.ts              |  9 ++-------
 packages/engine/tests/osv.test.ts           | 18 +++++++++---------
 packages/scanner/src/detectors/injection.ts |  9 ++++++++-
 packages/scanner/src/parsers/js-yaml.d.ts   | 18 +++++++++---------
 packages/wiki-sync/src/index.ts             |  2 +-
 5 files changed, 29 insertions(+), 27 deletions(-)

diff --git a/apps/docs/playwright.config.ts b/apps/docs/playwright.config.ts
index 777a616..627fd37 100644
--- a/apps/docs/playwright.config.ts
+++ b/apps/docs/playwright.config.ts
@@ -19,14 +19,9 @@ export default defineConfig({
     },
   ],
   webServer: {
-    command: process.env.CI ? 'bun run build && bun run preview' : 'bun run dev',
+    command: 'bun run build && bun run preview',
     url: 'http://localhost:4321',
     reuseExistingServer: !process.env.CI,
-    timeout: (() => {
-      const parsed = Number.parseInt(process.env.PLAYWRIGHT_STARTUP_TIMEOUT || '', 10)
-      return Number.isNaN(parsed) ? 120_000 : parsed
-    })(),
-    stdout: 'pipe',
-    stderr: 'pipe',
+    timeout: 120000,
   },
 })
diff --git a/packages/engine/tests/osv.test.ts b/packages/engine/tests/osv.test.ts
index 1d88a28..c09fe3e 100644
--- a/packages/engine/tests/osv.test.ts
+++ b/packages/engine/tests/osv.test.ts
@@ -18,7 +18,7 @@ describe('osvToThreatProfile', () => {
   }
 
   test('converts basic OSV record correctly', () => {
-    const result = osvToThreatProfile(baseOsv) as any
+    const result = osvToThreatProfile(baseOsv) as unknown as Record<string, unknown>
     expect(result.id).toBe(baseOsv.id)
     expect(result.name).toBe('test-package')
     expect(result.ecosystem).toBe('npm')
@@ -43,7 +43,7 @@ describe('osvToThreatProfile', () => {
         ...baseOsv,
         severity: [{ type: 'CVSS_V3', score }],
       }
-      const result = osvToThreatProfile(osv) as any
+      const result = osvToThreatProfile(osv) as unknown as Record<string, unknown>
       expect(result.severity).toBe(expected)
     }
   })
@@ -53,7 +53,7 @@ describe('osvToThreatProfile', () => {
       ...baseOsv,
       severity: [{ type: 'CVSS_V2', score: '10.0' }],
     }
-    const result = osvToThreatProfile(osv) as any
+    const result = osvToThreatProfile(osv) as unknown as Record<string, unknown>
     expect(result.severity).toBe('LOW')
   })
 
@@ -62,7 +62,7 @@ describe('osvToThreatProfile', () => {
       ...baseOsv,
       severity: undefined,
     }
-    const result = osvToThreatProfile(osv) as any
+    const result = osvToThreatProfile(osv) as unknown as Record<string, unknown>
     expect(result.severity).toBe('LOW')
   })
 
@@ -74,7 +74,7 @@ describe('osvToThreatProfile', () => {
         { package: { name: 'pkg2', ecosystem: 'npm' } },
       ],
     }
-    const result = osvToThreatProfile(osv) as any
+    const result = osvToThreatProfile(osv) as unknown as Record<string, unknown>
     expect(result.name).toBe('pkg1')
     expect(result.ecosystem).toBe('pypi')
   })
@@ -84,7 +84,7 @@ describe('osvToThreatProfile', () => {
       ...baseOsv,
       affected: [],
     }
-    const result = osvToThreatProfile(osv) as any
+    const result = osvToThreatProfile(osv) as unknown as Record<string, unknown>
     expect(result.name).toBe(osv.id)
     expect(result.ecosystem).toBe('npm')
   })
@@ -94,7 +94,7 @@ describe('osvToThreatProfile', () => {
       ...baseOsv,
       summary: undefined,
     }
-    const result = osvToThreatProfile(osv) as any
+    const result = osvToThreatProfile(osv) as unknown as Record<string, unknown>
     expect(result.description).toBe('')
   })
 
@@ -106,7 +106,7 @@ describe('osvToThreatProfile', () => {
         { type: 'WEB', url: 'https://example.com/web' },
       ],
     }
-    const result = osvToThreatProfile(osv) as any
+    const result = osvToThreatProfile(osv) as unknown as Record<string, unknown>
     expect(result.references).toEqual([
       { type: 'ADVISORY', url: 'https://example.com/advisory' },
       { type: 'WEB', url: 'https://example.com/web' },
@@ -118,7 +118,7 @@ describe('osvToThreatProfile', () => {
       ...baseOsv,
       references: undefined,
     }
-    const result = osvToThreatProfile(osv) as any
+    const result = osvToThreatProfile(osv) as unknown as Record<string, unknown>
     expect(result.references).toEqual([])
   })
 })
diff --git a/packages/scanner/src/detectors/injection.ts b/packages/scanner/src/detectors/injection.ts
index ffa6319..0109858 100644
--- a/packages/scanner/src/detectors/injection.ts
+++ b/packages/scanner/src/detectors/injection.ts
@@ -11,6 +11,8 @@ import { validatePath } from '../utils.js'
 interface PackageJsonManifest {
   dependencies?: Record<string, string>
   devDependencies?: Record<string, string>
+  peerDependencies?: Record<string, string>
+  optionalDependencies?: Record<string, string>
 }
 
 /**
@@ -23,7 +25,12 @@ function loadPackageJsonDeps(targetDir: string): Set<string> | null {
       readFileSync(resolve(targetDir, 'package.json'), 'utf-8')
     ) as PackageJsonManifest
     const declared = new Set<string>()
-    for (const deps of [pkg.dependencies ?? {}, pkg.devDependencies ?? {}]) {
+    for (const deps of [
+      pkg.dependencies ?? {},
+      pkg.devDependencies ?? {},
+      pkg.peerDependencies ?? {},
+      pkg.optionalDependencies ?? {},
+    ]) {
       for (const name of Object.keys(deps)) {
         declared.add(name)
       }
diff --git a/packages/scanner/src/parsers/js-yaml.d.ts b/packages/scanner/src/parsers/js-yaml.d.ts
index afd8149..e3403cf 100644
--- a/packages/scanner/src/parsers/js-yaml.d.ts
+++ b/packages/scanner/src/parsers/js-yaml.d.ts
@@ -1,14 +1,14 @@
 declare module 'js-yaml' {
   export interface LoadOptions {
-    filename?: string;
-    onWarning?: (warning: Error) => void;
-    schema?: any;
-    json?: boolean;
-    listener?: (eventType: string, state: any) => void;
+    filename?: string
+    onWarning?: (warning: Error) => void
+    schema?: unknown
+    json?: boolean
+    listener?: (eventType: string, state: unknown) => void
   }
-  
+
   /** @deprecated Unsafe for untrusted input. Use safeLoad or supply a safe schema. */
-  export function load(source: string, options?: LoadOptions): unknown;
-  
-  export function safeLoad(source: string, options?: LoadOptions): unknown;
+  export function load(source: string, options?: LoadOptions): unknown
+
+  export function safeLoad(source: string, options?: LoadOptions): unknown
 }
diff --git a/packages/wiki-sync/src/index.ts b/packages/wiki-sync/src/index.ts
index b7ba4e1..072a3b1 100644
--- a/packages/wiki-sync/src/index.ts
+++ b/packages/wiki-sync/src/index.ts
@@ -185,7 +185,7 @@ function generateSidebar(docs: DocFile[], lang: 'en' | 'cs'): string {
  */
 function generateFooter(): string {
   return `---
-📖 [Documentation](https://hulud.dev) | 🐙 [GitHub](https://github.com/miccy/wormsCTRL) | 🪱 v1.5.1
+📖 [Documentation](https://hulud.dev) | 🐙 [GitHub](https://github.com/miccy/wormsCTRL) | 🪱 v2.0.0
 `
 }