feat: allow ignore packages

[9romise]

Resolve #52

[coderabbitai]

📝 Walkthrough

Walkthrough

This pull request introduces an ignore-list feature for diagnostic warnings across three categories: deprecations, replacements, and vulnerabilities. New configuration properties (npmx.ignore.deprecation, npmx.ignore.replacement, npmx.ignore.vulnerability) are added to package.json and documented in README.md. Diagnostic rules for deprecation, replacement, and vulnerability are modified to skip emission when dependencies match ignore-list entries. The quick-fix code action provider is extended to generate additional "add to ignore" actions (for workspace and user scopes) alongside existing fix actions. Test mocks and setup files are updated to support the new configuration structure.

Possibly related PRs

• refactor(code-actions): unify quick fix providers with strategy pattern #46: Modifies the same code-actions quick-fix implementation and provider registration logic to unify quick-fix providers.
• feat: add vulnerability quick-fix + hint #39: Modifies vulnerability.ts diagnostic rules and vulnerability quick-fix-related code with overlapping changes to diagnostic message formatting.
• refactor: migrate to fast-npm-meta #18: Modifies the same diagnostics rule files (deprecation.ts, replacement.ts, vulnerability.ts) to adjust diagnostic emission logic.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description check	✅ Passed	The pull request description 'Resolve #52' directly references the linked issue and corresponds to the changeset.
Linked Issues check	✅ Passed	All primary objectives from issue #52 are met: ignore mechanism added for vulnerabilities, deprecation, and replacement notices with workspace-level default scope and user-level configuration options.
Out of Scope Changes check	✅ Passed	All changes align with the linked issue objectives; no out-of-scope modifications were introduced beyond the ignore/safelist feature requirements.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch ignore/vulnerability

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (2)

tests/code-actions/quick-fix.test.ts (2)

35-58: Consider verifying command arguments for ignore actions.

The tests verify action titles and counts, but do not assert that the command arguments are correct. Consider adding assertions to verify the action.command.arguments contain the expected values (code, ignoreTarget, configTarget). This would catch regressions if the argument order or values change.

Example addition for the "vulnerability with fix" test:

expect(actions[1]!.command?.arguments).toEqual([
  'vulnerability',
  'lodash@4.17.20',
  ConfigurationTarget.Workspace,
])

---

71-84: Add tests for deprecation and replacement ignore actions.

The test suite only covers upgrade and vulnerability scenarios. The addIgnoreRules function in src/providers/code-actions/quick-fix.ts defines handlers for deprecation and replacement diagnostic types, but no tests exercise these code paths. Adding test cases for both would improve coverage of the ignore-rule functionality.

---

ℹ️ Review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d880133 and c8f65c8.

📒 Files selected for processing (10)

• README.md
• package.json
• src/providers/code-actions/index.ts
• src/providers/code-actions/quick-fix.ts
• src/providers/diagnostics/rules/deprecation.ts
• src/providers/diagnostics/rules/replacement.ts
• src/providers/diagnostics/rules/vulnerability.ts
• tests/__mocks__/vscode.ts
• tests/__setup__/index.ts
• tests/code-actions/quick-fix.test.ts

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Validate command arguments before mutating configuration.

npmx.addToIgnore currently trusts runtime arguments. A malformed invocation can write unexpected keys or values into settings.

Suggested patch

   useCommand('npmx.addToIgnore', async (scope: string, name: string, target: ConfigurationTarget) => {
+    if (!scope || !name)
+      return
+    if (!['deprecation', 'replacement', 'vulnerability'].includes(scope))
+      return
+
     scope = `ignore.${scope}`
     const config = workspace.getConfiguration(scopedConfigs.scope)
     const current = config.get<string[]>(scope, [])
     if (current.includes(name))
       return
     await config.update(scope, [...current, name], target)
   })

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Mocked config shape is incomplete for modules that read diagnostics flags.

Only config.ignore is mocked here, but consumers like src/providers/code-actions/index.ts access config.diagnostics.*. Please include a minimal diagnostics object in the mock to keep test wiring realistic.

Suggested patch

 vi.mock('#state', () => ({
   logger: { info: vi.fn(), warn: vi.fn() },
   config: {
+    diagnostics: {
+      upgrade: true,
+      deprecation: true,
+      replacement: true,
+      vulnerability: true,
+    },
     ignore: {
       deprecation: [],
       replacement: [],
       vulnerability: [],
     },
   },
 }))

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	config: {
	ignore: {
	deprecation: [],
	replacement: [],
	vulnerability: [],
	},
	},
	config: {
	diagnostics: {
	upgrade: true,
	deprecation: true,
	replacement: true,
	vulnerability: true,
	},
	ignore: {
	deprecation: [],
	replacement: [],
	vulnerability: [],
	},
	},