Loading workspace insights... Statistics interval
7 days30 daysLatest CI Pipeline Executions
2d42788e feat(gonx): add static analysis dependency detection
Why?
====
The existing go-runtime dependency detection requires Go to be
installed and a go.work file to be configured. This is
problematic for teams where not everyone has Go installed
(e.g., frontend devs) or CI environments without Go.
This adds a static-analysis strategy that uses tree-sitter WASM
to parse Go source files directly, requiring no Go toolchain.
How?
====
- Chose web-tree-sitter (WASM) over tree-sitter (native) to
avoid native compilation requirements — the WASM build runs
everywhere Node.js does with no platform-specific binaries.
- Investigated web-tree-sitter's module export shape across
environments (native Node.js vs ts-jest). Found that ts-jest
returns the raw Emscripten Module instead of the expected
named exports. Solved with a static import in production
code and a jest.mock normalizing the module shape in tests,
keeping type assertions out of production code entirely.
- Validated go.mod parsing against the Go module reference
spec, covering quoted/unquoted module paths, single-line
and block replace directives, versioned replacements, and
inline/multi-line comments.
- Verified import extraction handles all Go import patterns:
single, grouped, aliased, dot, blank, raw string literals,
and cgo pseudo-import filtering.
- Used longest-prefix matching for import resolution with
per-project replace directive scoping and caching.
- Adopted jest.mock('fs/promises') patterns matching the rest
of the gonx test suite instead of introducing memfs as a
new dependency.
- 206 unit tests and E2E tests pass locally; format and build
checks clean.
----
Addresses https://github.com/naxodev/oss/issues/98.