fix(export,import): validate --module flag value before execution#266
Conversation
🔒 Security Scan Results
⏱️ SLA Breach Summary
ℹ️ Vulnerabilities Without Available Fixes (Informational Only)The following vulnerabilities were detected but do not have fixes available (no upgrade or patch). These are excluded from failure thresholds:
Consider reviewing these vulnerabilities when fixes become available. |
🔒 Security Scan Results
⏱️ SLA Breach Summary
ℹ️ Vulnerabilities Without Available Fixes (Informational Only)The following vulnerabilities were detected but do not have fixes available (no upgrade or patch). These are excluded from failure thresholds:
Consider reviewing these vulnerabilities when fixes become available. |
There was a problem hiding this comment.
Pull request overview
This PR improves the UX of the cm:stacks:export and cm:stacks:import commands by constraining the --module flag to a known set of module names so invalid values are rejected during flag parsing (instead of failing later during dynamic module loading).
Changes:
- Added
options: [...]constraints to the--moduleflag for both export and import commands. - Added/updated unit tests to assert the presence and contents of the
moduleflag options list. - Updated lockfile (and talisman checksum) as part of dependency resolution.
Reviewed changes
Copilot reviewed 5 out of 6 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
packages/contentstack-export/src/commands/cm/stacks/export.ts |
Adds an options allowlist to validate --module values during parsing. |
packages/contentstack-import/src/commands/cm/stacks/import.ts |
Adds an options allowlist to validate --module values during parsing (includes variant-entries). |
packages/contentstack-export/test/unit/commands/cm/stacks/export.test.ts |
New unit tests asserting module flag options exist and contain expected modules. |
packages/contentstack-import/test/unit/commands/cm/stacks/import.test.ts |
Adds unit tests asserting module flag options exist and contain expected modules. |
pnpm-lock.yaml |
Updates resolved dependency versions (includes more than just the OCLIF-related bump). |
.talismanrc |
Updates the stored checksum for pnpm-lock.yaml ignore configuration. |
Files not reviewed (1)
- pnpm-lock.yaml: Generated file
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
🔒 Security Scan Results
⏱️ SLA Breach Summary
ℹ️ Vulnerabilities Without Available Fixes (Informational Only)The following vulnerabilities were detected but do not have fixes available (no upgrade or patch). These are excluded from failure thresholds:
Consider reviewing these vulnerabilities when fixes become available. |
Summary
--moduleflag incm:stacks:exportandcm:stacks:importnow validates its value at parse time using OCLIF'soptionsconstraint--module foo) immediately prints a clear error listing all valid options instead of proceeding and failing with an opaque internal errorProblem
When running either command with an unrecognised module name, the CLI accepted the value without complaint, proceeded past flag parsing, and only failed deep inside
startModuleExport/startModuleImportwhen it attemptedawait import('./<moduleName>')on a file that didn't exist. The resulting error was confusing and gave no hint about what values are valid.Root Cause
Both
--moduleflag definitions were plainflags.string()with nooptionsconstraint:OCLIF only performs enum validation when
optionsis provided.Fix
Added
options: [...]to themoduleflag in both command files:Now the framework rejects invalid values immediately:
Files Changed
packages/contentstack-export/src/commands/cm/stacks/export.tsoptionsarray tomoduleflag (17 valid modules)packages/contentstack-import/src/commands/cm/stacks/import.tsoptionsarray tomoduleflag (18 valid modules, incl.variant-entries)packages/contentstack-export/test/unit/commands/cm/stacks/export.test.tspackages/contentstack-import/test/unit/commands/cm/stacks/import.test.ts