megalinter customize config; local run ~7min...

```console $ npx mega-linter-runner -r v8 -f cupcake +----SUMMARY----+--------------------------+---------------+-------+-------+--------+----------+--------------+ | Descriptor | Linter | Mode | Files | Fixed | Errors | Warnings | Elapsed time | +---------------+--------------------------+---------------+-------+-------+--------+----------+--------------+ | ✅ ACTION | actionlint | list_of_files | 4 | | 0 | 0 | 3.25s | | ✅ BASH | bash-exec | file | 1 | | 0 | 0 | 2.77s | | ✅ BASH | shellcheck | list_of_files | 1 | | 0 | 0 | 1.16s | | ✅ BASH | shfmt | list_of_files | 1 | 0 | 0 | 0 | 0.6s | | ⚠️ COPYPASTE | jscpd | project | n/a | | 8 | 0 | 24.82s | | ⚠️ DOCKERFILE | hadolint | list_of_files | 1 | | 4 | 0 | 6.74s | | ⚠️ JAVASCRIPT | eslint | list_of_files | 15 | 0 | 1 | 0 | 11.04s | | ✅ JSON | jsonlint | list_of_files | 7 | | 0 | 0 | 4.76s | | ✅ JSON | npm-package-json-lint | project | n/a | | 0 | 0 | 3.26s | | ✅ JSON | prettier | list_of_files | 7 | 0 | 0 | 0 | 5.08s | | ✅ JSON | v8r | list_of_files | 7 | | 0 | 0 | 47.96s | | ✅ MARKDOWN | markdownlint | list_of_files | 2 | 0 | 0 | 0 | 12.16s | | ✅ MARKDOWN | markdown-table-formatter | list_of_files | 2 | 0 | 0 | 0 | 4.15s | | ⚠️ REPOSITORY | checkov | project | n/a | | 3 | 0 | 112.11s | | ✅ REPOSITORY | gitleaks | project | n/a | | 0 | 0 | 3.09s | | ✅ REPOSITORY | git_diff | project | n/a | | 0 | 0 | 1.22s | | ✅ REPOSITORY | grype | project | n/a | | 0 | 0 | 159.7s | | ⚠️ REPOSITORY | kics | project | n/a | | 24 | 0 | 14.82s | | ✅ REPOSITORY | secretlint | project | n/a | | 0 | 0 | 7.24s | | ✅ REPOSITORY | syft | project | n/a | | 0 | 0 | 7.83s | | ⚠️ REPOSITORY | trivy | project | n/a | | 2 | 0 | 28.16s | | ✅ REPOSITORY | trufflehog | project | n/a | | 0 | 0 | 26.51s | | ⚠️ SPELL | cspell | list_of_files | 40 | | 224 | 0 | 82.25s | | ⚠️ SPELL | lychee | list_of_files | 17 | | 9 | 0 | 10.28s | | ✅ YAML | prettier | list_of_files | 8 | 1 | 0 | 0 | 9.12s | | ✅ YAML | v8r | list_of_files | 8 | | 0 | 0 | 39.07s | | ✅ YAML | yamllint | list_of_files | 8 | | 0 | 0 | 5.39s | +---------------+--------------------------+---------------+-------+-------+--------+----------+--------------+ ```
2025-05-24 19:41:20 +02:00 · 2025-05-24 19:41:20 +02:00 · 056494c9dc
commit 056494c9dc
parent 76af81de56
10 changed files with 73 additions and 24 deletions
--- a/.cspell.json
+++ b/.cspell.json
@ -1,5 +1,9 @@
 {
  "ignorePaths": [
+    "**/data/**",
+    "docker.yml",
+    "Dockerfile",
+    ".jscpd.json",
    "**/node_modules/**",
    "**/vscode-extension/**",
    "**/.git/**",
@ -11,6 +15,6 @@
  ],
  "language": "en",
  "noConfigSearch": true,
-  "words": ["megalinter", "oxsecurity"],
+  "words": ["megalinter", "oxsecurity", "ralf", "vogler", "DOCKERHUB"],
  "version": "0.2"
 }
--- a/.github/renovate.json
+++ b/.github/renovate.json
@ -1,7 +1,5 @@
 {
  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
  "enabled": false,
-  "extends": [
-    "config:recommended"
-  ]
+  "extends": ["config:recommended"]
 }
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@ -8,7 +8,7 @@ on:
      - "**"
      - "!*.md"
      # - '!.github/**'
-  pull_request: # runs when opened/reopned or when the head branch is updated
+  pull_request: # runs when opened/reopened or when the head branch is updated

 permissions:
  contents: read
--- a/.github/workflows/mega-linter.yml
+++ b/.github/workflows/mega-linter.yml
@ -1,9 +1,7 @@
 # MegaLinter GitHub Action configuration file
 # More info at https://megalinter.io
-# Run this locally via Docker:
-# npx mega-linter-runner -r v8 -f cupcake # run as configured in .mega-linter
-# npx mega-linter-runner -r v8 -f cupcake -e "'ENABLE=MARKDOWN,YAML'" -e "APPLY_FIXES=none" # only enable certain groups and disable automatic fixes (note that the '' are required for multiple values)
-# npx mega-linter-runner -r v8 -f cupcake -e "ENABLE_LINTERS=MARKDOWN_MARKDOWN_LINK_CHECK" # run a specific linter
+
+# See .mega-linter.yml for actual config and examples how to run this locally.
 ---
 name: MegaLinter

@ -198,3 +196,10 @@ jobs:
          commit_message: "[MegaLinter] Apply linters fixes"
          commit_user_name: megalinter-bot
          commit_user_email: 129584137+megalinter-bot@users.noreply.github.com
+
+      # https://megalinter.io/latest/reporters/SarifReporter/
+      - name: Upload MegaLinter scan results to GitHub Security tab
+        if: success() || failure()
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: "megalinter-reports/megalinter-report.sarif"
--- a/.mega-linter.yml
+++ b/.mega-linter.yml
@ -3,6 +3,14 @@
 # See all available variables at https://megalinter.io/latest/config-file/ and in
 # linters documentation

+# See .github/workflows/mega-linter.yml for GitHub config.
+
+# Run this locally via Docker:
+# npx mega-linter-runner -r v8 -f cupcake # run as configured here
+# npx mega-linter-runner -r v8 -f cupcake -e "'ENABLE=MARKDOWN,YAML'" -e "APPLY_FIXES=none" # only enable certain groups and disable automatic fixes (note that the '' are required for multiple values)
+# npx mega-linter-runner -r v8 -f cupcake -e "ENABLE_LINTERS=MARKDOWN_MARKDOWN_LINK_CHECK" # run a specific linter
+# https://github.com/oxsecurity/megalinter#cli-lint-mode most linters will respect .gitignore, but the ones running in 'project' mode will not and may take forever if not configured right
+
 # all, none, or list of linter keys
 APPLY_FIXES: all

@ -26,17 +34,51 @@ SHOW_ELAPSED_TIME: true
 # ---
 # Custom config:

-# PRINT_ALPACA: false
+PRINT_ALPACA: false
+
+JAVASCRIPT_DEFAULT_STYLE: prettier # disables JAVASCRIPT_STANDARD in favor of JAVASCRIPT_PRETTIER - disabled below since I prefer my local eslint
+
+# DISABLE: # groups of linters/formatters
+#   - REPOSITORY # ignore this for now (at least locally) since all project-based and need extra config like .gitignore

 # npx mega-linter-runner -r v8 -f cupcake -e "ENABLE_LINTERS=MARKDOWN_MARKDOWN_LINK_CHECK" # run a specific linter locally
-DISABLE_LINTERS:
-  - MARKDOWN_MARKDOWN_LINK_CHECK # took 32s and only reported 0 (e.g. for localhost) or 403 (forbidden) for working links to settings or due to DDoS/bot protections
+DISABLE_LINTERS: # times are for running locally with 30GB swap, 65% pressure and several GB in data/ (relevant for project-mode linters that don't respect .gitignore)
+  - MARKDOWN_MARKDOWN_LINK_CHECK # 30s, only reported 0 (e.g. for localhost) or 403 (forbidden) for working links to settings or due to DDoS/bot protections
+  - JAVASCRIPT_STANDARD # don't like standard format
+  - JAVASCRIPT_PRETTIER # prefer my local eslint config
+  - REPOSITORY_TRIVY_SBOM # 11s, don't need SBOM

-# DISABLE_ERRORS_LINTERS: # error -> warning
-#   - MARKDOWN_MARKDOWN_LINK_CHECK
+DISABLE_ERRORS_LINTERS: # error -> warning
+  - DOCKERFILE_HADOLINT # mostly wants to pin versions for apt and pip installs and merge consecutive RUN instructions
+  - COPYPASTE_JSCPD # default threshold is 0% duplicates -> can make this error once sep. scripts are refactored
+  - SPELL_CSPELL # needs config in .cspell.json, but looks annoying since it also flags apt packages
+  - SPELL_LYCHEE # dead link checking, 9/332 errors all false positives (Forbidden etc.)
+  - JAVASCRIPT_ES # this uses old eslint 8.57.1 instead of local 9.26.0 and complains about stuff that newer version has no problem with
+  - REPOSITORY_CHECKOV # docker healthcheck not needed for CLI
+  - REPOSITORY_KICS # wants to pin GitHub Actions to commit sha etc.
+  - REPOSITORY_TRIVY # docker healthcheck not needed for CLI

-# DISABLE_LINTERS: JAVASCRIPT_STANDARD
+# Customizations via CLI arguments:
+
+# https://github.com/prantlf/jsonlint#command-line-interface
+JSON_JSONLINT_ARGUMENTS: --comments --trailing-commas --no-duplicate-keys
+
+# https://prettier.io/docs/options#trailing-commas
+# JSON_PRETTIER_ARGUMENTS: --trailing-comma all --parser jsonc # need to change parser too since the default json parser still strips trailing commas
+# -> let prettier remove trailing commas since e.g. npm will fail to JSON.parse package.json otherwise...
+
+# megalinter still expects the old .eslintrc file... https://github.com/oxsecurity/megalinter/issues/3570#issuecomment-2138193684
+JAVASCRIPT_ES_CONFIG_FILE: eslint.config.js
+JAVASCRIPT_ES_COMMAND_REMOVE_ARGUMENTS: ["--no-eslintrc"] # not a valid option for eslint with flat config
+# worked, but behaved differently than local `npm run lint` and complained about while(true) with break - probably due old version 8.57.1 (same with -r beta) instead of my local 9.26.0
+
+# https://github.com/oxsecurity/megalinter#cli-lint-mode
+REPOSITORY_SECRETLINT_ARGUMENTS: --secretlintignore .gitignore
+
+# https://www.checkov.io/2.Basics/CLI%20Command%20Reference.html
+REPOSITORY_CHECKOV_ARGUMENTS: --skip-path node_modules --skip-path data

 # CI will comment on PRs etc., but for running locally (or downloading the results), we want more than the default megalinter-reports/megalinter.log as an overview:
 JSON_REPORTER: true # mega-linter-report.json
 MARKDOWN_SUMMARY_REPORTER: true # megalinter-report.md
+SARIF_REPORTER: true # mega-linter-report.sarif - results for supported lintes should be shown in GitHub Security tab - https://megalinter.io/latest/reporters/SarifReporter/
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@ -6,5 +6,5 @@
    "source.fixAll.eslint": "explicit"
  },
  "eslint.experimental.useFlatConfig": true,
-  "eslint.codeActionsOnSave.rules": null,
+  "eslint.codeActionsOnSave.rules": null
 }
--- a/README.md
+++ b/README.md
@ -114,7 +114,7 @@ You can also put options in `data/config.env` which will be loaded by [dotenv](h
 The scripts will try to send notifications for successfully claimed games and any errors like needing to log in or encountered captchas (should not happen).

 [apprise](https://github.com/caronc/apprise) is used for notifications and offers many services including Pushover, Slack, Telegram, SMS, Email, desktop and custom notifications.
-You just need to set `NOTIFY` to the notification services you want to use, e.g. `NOTIFY='mailto://myemail:mypass@gmail.com' 'pbul://o.gn5kj6nfhv736I7jC3cj3QLRiyhgl98b'` - refer to their list of services and [examples](https://github.com/caronc/apprise#command-line-usage).
+You just need to set `NOTIFY` to the notification services you want to use, e.g. `NOTIFY='mailto://myemail@gmail.com' 'pbul://o.gn5kj6nfhv736I7jC3cj3QLRiyhgl98b'` - refer to their list of services and [examples](https://github.com/caronc/apprise#command-line-usage).

 ### Automatic login, two-factor authentication
 If you set the options for email, password and OTP key, there will be no prompts and logins should happen automatically. This is optional since all stores should stay logged in since cookies are refreshed.
--- a/docker-entrypoint.sh
+++ b/docker-entrypoint.sh
@ -17,7 +17,7 @@ rm -f /fgc/data/browser/SingletonLock
 mkdir -p /fgc/data/browser
 # fix for 'Incorrect response' after solving a captcha correctly - https://github.com/vogler/free-games-claimer/issues/261#issuecomment-1868385830
 # echo 'user_pref("privacy.resistFingerprinting", true);' > /fgc/data/browser/user.js
-cat << EOT >/fgc/data/browser/user.js
+cat <<EOT >/fgc/data/browser/user.js
 user_pref("privacy.resistFingerprinting", true);
 // user_pref("privacy.resistFingerprinting.letterboxing", true);
 // user_pref("browser.contentblocking.category", "strict");
@ -41,11 +41,11 @@ export DISPLAY=:1 # need to export this, otherwise playwright complains with 'Lo
 Xvfb $DISPLAY -ac -screen 0 "${WIDTH}x${HEIGHT}x${DEPTH}" &
 echo "Xvfb display server created screen with resolution ${WIDTH}x${HEIGHT}"
 if [ -z "$VNC_PASSWORD" ]; then
-  pw="-nopw"
-  pwt="no password!"
+	pw="-nopw"
+	pwt="no password!"
 else
-  pw="-passwd $VNC_PASSWORD"
-  pwt="with password"
+	pw="-passwd $VNC_PASSWORD"
+	pwt="with password"
 fi
 x11vnc -display $DISPLAY -forever -shared -rfbport "$VNC_PORT" -bg "$pw" 2>/dev/null 1>&2
 echo "VNC is running on port $VNC_PORT ($pwt)"
--- a/eslint.config.js
+++ b/eslint.config.js
@ -9,7 +9,7 @@ export default [
  // object with just `ignores` applies to all configuration objects
  // had `ln -s .gitignore .eslintignore` before, but .eslintignore no longer supported
  {
-    ignores: ['data/**'],
+    ignores: ['data/**', 'megalinter-reports/**'],
  },
  js.configs.recommended, // TODO still needed?
  {
--- a/jsconfig.json
+++ b/jsconfig.json
@ -3,7 +3,7 @@
    "checkJs": true,
    "target": "es2021",
    "module": "NodeNext",
-    "moduleResolution": "NodeNext", // https://github.com/typicode/lowdb/issues/554
+    "moduleResolution": "NodeNext" // https://github.com/typicode/lowdb/issues/554
  },
  "exclude": ["node_modules", "**/node_modules"]
 }