Configuration should be treated as untrusted input: validate and normalize it, ignore unknown/invalid fields, and ensure user misconfiguration can’t crash initialization or produce misleading warnings. Also gate checks by what’s actually configured and implement a clear precedence order (env → explicit config → user paths → canonical defaults → PATH lookup) with platform-correct behavior.
Apply it like this:
typeof and only assigning known fields.where resolving shims) is correct.Example pattern (parser + guard):
export function parseTimeouts(raw: Record<string, unknown>) {
const out: { firstEventTimeoutMs?: number; processTimeoutMs?: number } = {};
const toFinitePositiveMs = (v: unknown) =>
typeof v === 'number' && Number.isFinite(v) && v > 0 ? Math.trunc(v) : undefined;
const first = toFinitePositiveMs(raw.firstEventTimeoutMs);
if (first !== undefined) out.firstEventTimeoutMs = first;
const proc = toFinitePositiveMs(raw.processTimeoutMs);
if (proc !== undefined) out.processTimeoutMs = proc;
return out;
}
function shouldCheckGhAuth() {
const hasGhToken = !!(process.env.GH_TOKEN || process.env.GITHUB_TOKEN);
const hasOtherForge = !!(process.env.GITEA_URL || process.env.GITLAB_URL);
return hasGhToken || !hasOtherForge; // skip GH warning for non-GH-only setups
}
Enter the URL of a public GitHub repository