miccy · miccy · May 5, 2026 · May 5, 2026
diff --git a/apps/docs/playwright.config.ts b/apps/docs/playwright.config.ts
@@ -19,14 +19,9 @@ export default defineConfig({
     },
   ],
   webServer: {
-    command: process.env.CI ? 'bun run build && bun run preview' : 'bun run dev',
+    command: 'bun run build && bun run preview',
     url: 'http://localhost:4321',
     reuseExistingServer: !process.env.CI,
-    timeout: (() => {
-      const parsed = Number.parseInt(process.env.PLAYWRIGHT_STARTUP_TIMEOUT || '', 10)
-      return Number.isNaN(parsed) ? 120_000 : parsed
-    })(),
-    stdout: 'pipe',
-    stderr: 'pipe',
+    timeout: 120000,
   },
 })
diff --git a/packages/engine/tests/osv.test.ts b/packages/engine/tests/osv.test.ts
@@ -18,7 +18,7 @@ describe('osvToThreatProfile', () => {
   }
 
   test('converts basic OSV record correctly', () => {
-    const result = osvToThreatProfile(baseOsv) as any
+    const result = osvToThreatProfile(baseOsv) as unknown as Record<string, unknown>
     expect(result.id).toBe(baseOsv.id)
     expect(result.name).toBe('test-package')
     expect(result.ecosystem).toBe('npm')
@@ -43,7 +43,7 @@ describe('osvToThreatProfile', () => {
         ...baseOsv,
         severity: [{ type: 'CVSS_V3', score }],
       }
-      const result = osvToThreatProfile(osv) as any
+      const result = osvToThreatProfile(osv) as unknown as Record<string, unknown>
       expect(result.severity).toBe(expected)
     }
   })
@@ -53,7 +53,7 @@ describe('osvToThreatProfile', () => {
       ...baseOsv,
       severity: [{ type: 'CVSS_V2', score: '10.0' }],
     }
-    const result = osvToThreatProfile(osv) as any
+    const result = osvToThreatProfile(osv) as unknown as Record<string, unknown>
     expect(result.severity).toBe('LOW')
   })
 
@@ -62,7 +62,7 @@ describe('osvToThreatProfile', () => {
       ...baseOsv,
       severity: undefined,
     }
-    const result = osvToThreatProfile(osv) as any
+    const result = osvToThreatProfile(osv) as unknown as Record<string, unknown>
     expect(result.severity).toBe('LOW')
   })
 
@@ -74,7 +74,7 @@ describe('osvToThreatProfile', () => {
         { package: { name: 'pkg2', ecosystem: 'npm' } },
       ],
     }
-    const result = osvToThreatProfile(osv) as any
+    const result = osvToThreatProfile(osv) as unknown as Record<string, unknown>
     expect(result.name).toBe('pkg1')
     expect(result.ecosystem).toBe('pypi')
   })
@@ -84,7 +84,7 @@ describe('osvToThreatProfile', () => {
       ...baseOsv,
       affected: [],
     }
-    const result = osvToThreatProfile(osv) as any
+    const result = osvToThreatProfile(osv) as unknown as Record<string, unknown>
     expect(result.name).toBe(osv.id)
     expect(result.ecosystem).toBe('npm')
   })
@@ -94,7 +94,7 @@ describe('osvToThreatProfile', () => {
       ...baseOsv,
       summary: undefined,
     }
-    const result = osvToThreatProfile(osv) as any
+    const result = osvToThreatProfile(osv) as unknown as Record<string, unknown>
     expect(result.description).toBe('')
   })
 
@@ -106,7 +106,7 @@ describe('osvToThreatProfile', () => {
         { type: 'WEB', url: 'https://example.com/web' },
       ],
     }
-    const result = osvToThreatProfile(osv) as any
+    const result = osvToThreatProfile(osv) as unknown as Record<string, unknown>
     expect(result.references).toEqual([
       { type: 'ADVISORY', url: 'https://example.com/advisory' },
       { type: 'WEB', url: 'https://example.com/web' },
@@ -118,7 +118,7 @@ describe('osvToThreatProfile', () => {
       ...baseOsv,
       references: undefined,
     }
-    const result = osvToThreatProfile(osv) as any
+    const result = osvToThreatProfile(osv) as unknown as Record<string, unknown>
     expect(result.references).toEqual([])
   })
 })
diff --git a/packages/scanner/src/detectors/injection.ts b/packages/scanner/src/detectors/injection.ts
@@ -11,6 +11,8 @@ import { validatePath } from '../utils.js'
 interface PackageJsonManifest {
   dependencies?: Record<string, string>
   devDependencies?: Record<string, string>
+  peerDependencies?: Record<string, string>
+  optionalDependencies?: Record<string, string>
 }
 
 /**
@@ -23,7 +25,12 @@ function loadPackageJsonDeps(targetDir: string): Set<string> | null {
       readFileSync(resolve(targetDir, 'package.json'), 'utf-8')
     ) as PackageJsonManifest
     const declared = new Set<string>()
-    for (const deps of [pkg.dependencies ?? {}, pkg.devDependencies ?? {}]) {
+    for (const deps of [
+      pkg.dependencies ?? {},
+      pkg.devDependencies ?? {},
+      pkg.peerDependencies ?? {},
+      pkg.optionalDependencies ?? {},
+    ]) {
       for (const name of Object.keys(deps)) {
         declared.add(name)
       }

diff --git a/packages/scanner/src/parsers/js-yaml.d.ts b/packages/scanner/src/parsers/js-yaml.d.ts
@@ -1,14 +1,14 @@
 declare module 'js-yaml' {
   export interface LoadOptions {
-    filename?: string;
-    onWarning?: (warning: Error) => void;
-    schema?: any;
-    json?: boolean;
-    listener?: (eventType: string, state: any) => void;
+    filename?: string
+    onWarning?: (warning: Error) => void
+    schema?: unknown
+    json?: boolean
+    listener?: (eventType: string, state: unknown) => void
   }
-  
+
   /** @deprecated Unsafe for untrusted input. Use safeLoad or supply a safe schema. */
-  export function load(source: string, options?: LoadOptions): unknown;
-  
-  export function safeLoad(source: string, options?: LoadOptions): unknown;
+  export function load(source: string, options?: LoadOptions): unknown
+
+  export function safeLoad(source: string, options?: LoadOptions): unknown
 }
diff --git a/packages/wiki-sync/src/index.ts b/packages/wiki-sync/src/index.ts
@@ -185,7 +185,7 @@ function generateSidebar(docs: DocFile[], lang: 'en' | 'cs'): string {
  */
 function generateFooter(): string {
   return `---
-📖 [Documentation](https://hulud.dev) | 🐙 [GitHub](https://github.com/miccy/wormsCTRL) | 🪱 v1.5.1
+📖 [Documentation](https://hulud.dev) | 🐙 [GitHub](https://github.com/miccy/wormsCTRL) | 🪱 v2.0.0
 `
 }