[fix] Refine OSS build verification patterns to reduce false positives

- Make telemetry detection patterns more specific - Target actual Mixpanel API calls instead of generic patterns - Avoid flagging benign code like `.track()` from other libraries - Focus on MixpanelTelemetryProvider and actual tracking methods This reduces false positives while maintaining security. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2026-02-02 06:19:58 +00:00 · 2025-12-03 10:43:09 +00:00
parent 611f01dafb
commit e474eaef16
1 changed files with 8 additions and 5 deletions
--- a/scripts/verify-oss-build.js
+++ b/scripts/verify-oss-build.js
@@ -35,16 +35,19 @@ const VIOLATION_PATTERNS = {
    patterns: [/ABCROM/gi, /ABCROMExtended/gi, /ABC\s*ROM/gi],
    description: 'ABCROM proprietary font references'
  },
-  // Telemetry checks
+  // Telemetry checks - more specific patterns to avoid false positives
  telemetry: {
    patterns: [
-      /mixpanel/gi,
+      /mixpanel\.init/gi,
+      /mixpanel\.identify/gi,
      /MixpanelTelemetryProvider/gi,
      /mp\.comfy\.org/gi,
      /mixpanel-browser/gi,
-      /trackWorkflow/g,
-      /trackEvent/g,
-      /\.track\s*\(/g
+      // Only check for our specific tracking methods with context
+      /useTelemetry\(\).*?trackWorkflow/gs,
+      /useTelemetry\(\).*?trackEvent/gs,
+      // Check for Mixpanel tracking in a more specific way
+      /mixpanel\.track\s*\(/gi
    ],
    description: 'Mixpanel telemetry code'
  }