Context
The perfectionist dylint library was upgraded to 0.0.0-rc.21 (branch claude/perfectionist-rc21-upgrade-9rfgpq). The new active-by-default rule perfectionist::unpinned_repo_ref flags repository URLs in comments / doc comments whose ref is a branch or tag instead of a commit SHA — exactly the convention pacquet/AGENTS.md documents ("link to a specific commit SHA, not a branch name").
It fired 37 times, all on doc-comment citations of upstream source. Pinning them is the documented convention, but doing it correctly is a dedicated pass — and this sandbox could not reach some of the cited repos. The rule is disabled in dylint.toml for now:
[perfectionist]
disable = ["unpinned_repo_ref"]
Follow-up (this issue)
- Decide policy for permanent release-tag citations (
npm/hosted-git-info@v4.1.0, pnpm/version-selector-type@v3.0.0, …): either SHA-pin them too, or accept them via ["perfectionist::unpinned_repo_ref"] allow_version_patterns = true.
- SHA-pin the branch-ref citations. Current resolved HEADs (first 10 hex), to make this mostly mechanical:
pnpm/pnpm main / HEAD → 4cd45a3e15
zkochan/packages main → e65701a6ae
ds300/patch-package master → be4dfd77d9
npm/registry master → ae49abf1ba
- Repoint the dead citations (these no longer resolve and need a real target, not just a SHA):
pnpm/pnpm@deps (crates/cli/src/cli_args/why.rs) — the deps branch is gone; the why/inspection sources moved.
whitecolor/is-subdir and pnpm/util.lex-comparator — repos not reachable / renamed.
- Remove
unpinned_repo_ref from the disable list and run cargo dylint locally.
Written by an agent (Claude Code).
Context
The
perfectionistdylint library was upgraded to0.0.0-rc.21(branchclaude/perfectionist-rc21-upgrade-9rfgpq). The new active-by-default ruleperfectionist::unpinned_repo_refflags repository URLs in comments / doc comments whose ref is a branch or tag instead of a commit SHA — exactly the conventionpacquet/AGENTS.mddocuments ("link to a specific commit SHA, not a branch name").It fired 37 times, all on doc-comment citations of upstream source. Pinning them is the documented convention, but doing it correctly is a dedicated pass — and this sandbox could not reach some of the cited repos. The rule is disabled in
dylint.tomlfor now:Follow-up (this issue)
npm/hosted-git-info@v4.1.0,pnpm/version-selector-type@v3.0.0, …): either SHA-pin them too, or accept them via["perfectionist::unpinned_repo_ref"] allow_version_patterns = true.pnpm/pnpmmain/HEAD→4cd45a3e15zkochan/packagesmain→e65701a6aeds300/patch-packagemaster→be4dfd77d9npm/registrymaster→ae49abf1bapnpm/pnpm@deps(crates/cli/src/cli_args/why.rs) — thedepsbranch is gone; thewhy/inspection sources moved.whitecolor/is-subdirandpnpm/util.lex-comparator— repos not reachable / renamed.unpinned_repo_reffrom thedisablelist and runcargo dylintlocally.Written by an agent (Claude Code).