Tighten linters, update Node, and tweak JS#293
Conversation
coliff
commented
Apr 5, 2026
- Strengthen linting configuration and CI, bump Node, and make small JS/test tweaks.
- Added stricter ESLint rules and enabled the browser env; expanded htmlhint rules and adjusted the html-lint glob.
- Introduced a combined "lint" npm script and added an "npm install" step in the super-linter workflow (removing the explicit VALIDATE_CSS=false so CSS validation runs).
- Bumped Node from v20 to v22.22.2 (.nvmrc and volta).
- Replace var with const in show-password-toggle (and updated the minified file)
- Removed the Bootstrap IE11 polyfill from the test page.
Strengthen linting configuration and CI, bump Node, and make small JS/test tweaks. Added stricter ESLint rules and enabled the browser env; expanded htmlhint rules and adjusted the html-lint glob. Introduced a combined "lint" npm script and added an "npm install" step in the super-linter workflow (removing the explicit VALIDATE_CSS=false so CSS validation runs). Bumped Node from v20 to v22.22.2 (.nvmrc and volta). Replace var with const in show-password-toggle (and updated the minified file) and removed the Bootstrap IE11 polyfill from the test page.
Super-linter summary
All files and directories linted successfully For more information, see the GitHub Actions workflow run Powered by Super-linter |
There was a problem hiding this comment.
Pull request overview
This PR tightens linting across the repo (ESLint + HTMLHint + CI), bumps the project’s Node version to v22.22.2, and makes small JavaScript/test-page updates.
Changes:
- Strengthen ESLint/HTMLHint configs and expand HTML linting scope; add a combined
lintscript. - Update CI super-linter workflow to install npm dependencies and re-enable CSS validation.
- Bump Node version (Volta +
.nvmrc), update JS to useconst, and remove the Bootstrap IE11 polyfill link from the Bootstrap 5 test page.
Reviewed changes
Copilot reviewed 7 out of 8 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
tests/bootstrap5-sign-in/index.html |
Removes IE11 polyfill stylesheet from the Bootstrap 5 test page. |
package.json |
Expands HTML lint glob, adds lint script, bumps Volta Node patch version. |
js/show-password-toggle.js |
Replaces top-level var with const. |
js/show-password-toggle.min.js |
Updates minified output to match const change. |
.nvmrc |
Bumps Node from v20 to v22.22.2. |
.htmlhintrc |
Tightens HTMLHint rule set. |
.github/workflows/super-linter.yml |
Adds npm install step and re-enables CSS validation. |
.eslintrc.json |
Enables browser env and adds stricter ESLint rules. |
| const ShowPasswordToggle = document.querySelector("[type='password']"); | ||
| ShowPasswordToggle.onclick = function () { |
There was a problem hiding this comment.
Changing the top-level binding from var to const alters the public global surface: var ShowPasswordToggle becomes a window.ShowPasswordToggle property, but a top-level const does not. If any consumers reference window.ShowPasswordToggle, this will be a breaking change; consider explicitly assigning to window (or otherwise avoiding a global name) if backward compatibility matters.
| const ShowPasswordToggle = document.querySelector("[type='password']"); | |
| ShowPasswordToggle.onclick = function () { | |
| window.ShowPasswordToggle = document.querySelector("[type='password']"); | |
| window.ShowPasswordToggle.onclick = function () { |
| @@ -27,6 +27,9 @@ jobs: | |||
| fetch-depth: 0 | |||
| persist-credentials: false | |||
|
|
|||
There was a problem hiding this comment.
The workflow now runs npm install, but there is no explicit Node setup step. This means CI will use whatever Node/npm is preinstalled on ubuntu-latest, which may not match the repo’s .nvmrc/Volta Node version and can cause inconsistent installs/lint results. Consider adding a pinned actions/setup-node step (e.g., using node-version-file: .nvmrc) before installing dependencies.
| - name: Setup Node.js | |
| uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 | |
| with: | |
| node-version: "20" |
| persist-credentials: false | ||
|
|
||
| - name: Install Dependencies | ||
| run: npm install |
There was a problem hiding this comment.
Running npm install in CI without a lockfile makes the lint job non-deterministic over time (and this repo disables package-lock in .npmrc). If the intent is reproducible CI, consider committing a lockfile and switching to npm ci (or otherwise pinning dependencies) so new upstream releases don’t change lint results unexpectedly.
| run: npm install | |
| run: npm ci |