style: format code with Prettier and StandardJS

[deepsource-autofix]

This commit fixes the style issues introduced in 9c40f9e according to the output
from Prettier and StandardJS.

Details: None

Summary by Sourcery

Apply Prettier and StandardJS formatting across the repository to enforce a uniform style.

Enhancements:

• Standardize JavaScript code formatting (quotes, trailing commas, indentation and wrapping) across source, tool, and worker files.

Documentation:

• Reformat markdown documentation (README and auxiliary docs) for consistent spacing and styling.

[amazon-q-developer]

⏳ I'm reviewing this pull request for security vulnerabilities and code quality issues. I'll provide an update when I'm done

[sourcery-ai]

Reviewer's Guide

This PR reformats the entire codebase to adhere to Prettier and StandardJS conventions—normalizing quotes, semicolons, trailing commas, spacing, indentation, arrow‐function syntax, and Markdown list formatting without altering any logic.

File-Level Changes

Change	Details	Files
Standardize quotes, semicolons, and trailing commas	Convert single‐quoted strings to double quotes Ensure semicolons at statement ends Add trailing commas in object and array literals	src/scripts/app.js src/scripts/canvas/PixelCanvas.js src/scripts/tools/BrushEngine.js launch-check.js src/scripts/lib/gif.worker.js src/scripts/lib/voidAPI.js
Normalize arrow‐function and callback formatting	Wrap arrow‐function parameters in parentheses Enforce consistent spacing around => Reflow callbacks onto multiple lines with proper indentation	src/scripts/app.js launch-check.js src/scripts/lib/gif.worker.js
Reformat method chaining and argument lists	Break chained calls onto separate lines with leading dots Insert trailing commas in multiline call arguments Align indentation for multiline function calls	src/scripts/app.js
Cleanup and unify Markdown formatting	Add blank lines between sections and lists Use consistent fence and quote styles Normalize list item spacing	README.md LAUNCH_READY.md BUILD_INSTRUCTIONS.md

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[deepsource-io]

Here's the code health analysis summary for commits 9c40f9e..3c5d0b1. View details on DeepSource ↗.

Analysis Summary

Analyzer	Status	Summary	Link
JavaScript	❌ Failure	❗ 41 occurences introduced 🎯 49 occurences resolved	View Check ↗

---

💡 If you’re a repository administrator, you can configure the quality gates from the settings.

[llamapreview]

Auto Pull Request Review from LlamaPReview

Large PR Notification

Dear contributor,

Thank you for your substantial contribution to this project. LlamaPReview has detected that this Pull Request contains a large volume of changes, which exceeds our current processing capacity.

Details:

• PR and related contents total size: Approximately 102,095 characters
• Current limit: 50,000 characters

Next steps:

1. Consider breaking this PR into smaller, more focused changes if possible.
2. For manual review, please reach out to your team members or maintainers.

We appreciate your understanding and commitment to improving this project. Your contributions are valuable, and we want to ensure they receive the attention they deserve.

LlamaPReview is continuously evolving to better serve the community. Share your thoughts on handling large PRs in our GitHub Discussions - your feedback helps us improve and expand our capabilities.

If you have any questions or need assistance, our community and support team are here to help.

Best regards,
LlamaPReview Team

[codereviewbot-ai]

The use of fs.existsSync() within a forEach loop can lead to performance issues, especially if the list of files is large or if the file system is slow, as it blocks the event loop until the file check is complete. Consider using asynchronous file checking methods like fs.promises.access() combined with Promise.all to perform all checks concurrently. This approach will improve the script's performance by not blocking the event loop.

Example:

Promise.all(requiredFiles.map(file => fs.promises.access(path.join(__dirname, file), fs.constants.F_OK)))
  .then(() => console.log('All files are present.'))
  .catch(err => console.log('Missing or inaccessible files:', err));

[codereviewbot-ai]

The script lacks error handling for file system operations, which might lead to unhandled exceptions in cases of permission issues or other file system errors. It's recommended to add error handling mechanisms, such as try-catch blocks around synchronous operations or proper .catch() handling for promises, to improve the robustness and reliability of the script.

Example using async/await with try-catch:

async function checkFiles() {
  try {
    await Promise.all(requiredFiles.map(file => fs.promises.access(path.join(__dirname, file), fs.constants.F_OK)));
    console.log('All files are present.');
  } catch (err) {
    console.log('Error checking files:', err);
  }
}
checkFiles();

[codereviewbot-ai]

The global state management using window.voidApp directly exposes and manipulates state, which can lead to issues with maintainability and debugging. Consider using a more structured state management approach, such as Redux or Context API, to handle state more predictably and maintainably.

[codereviewbot-ai]

The saveProject function resolves the promise immediately after calling handleSaveProject(), which does not guarantee that the save operation has completed if it's asynchronous. This could lead to misleading results about the save operation's success. Consider modifying the handleSaveProject to return a promise and resolve or reject based on the actual completion of the save operation.

[codereviewbot-ai]

Event Listener Management

The event listeners are bound to methods using .bind(this), which is correctly done to maintain the context of this within the event handlers. However, the use of anonymous functions for some event handlers (e.g., _boundHandleContextMenu and _boundHandleMouseLeave) could lead to issues when trying to remove these listeners, as the references to these anonymous functions are not stored. This could potentially lead to memory leaks if the canvas is removed or replaced without properly cleaning up these listeners.

Recommendation: Store references to all anonymous functions used as event handlers in a similar manner to the other bound methods. This will ensure that all event listeners can be properly removed when necessary, preventing potential memory leaks.

[codereviewbot-ai]

Proper Cleanup of Resources

The cleanup method is designed to remove event listeners and cancel animation frames, which is crucial for preventing memory leaks, especially in single-page applications where components may be mounted and unmounted frequently. However, the method currently does not handle the removal of all event listeners added to the document (e.g., those added with document.addEventListener).

Recommendation: Ensure that all event listeners added to both the canvas and the document are removed in the cleanup method. This includes listeners for mousemove and mouseup events on the document, which are currently not being removed. This will help prevent potential memory leaks and ensure that the component cleans up after itself effectively.

[codereviewbot-ai]

The code lacks error handling for the data received from the main thread. If the data object does not contain frame or index, it could lead to runtime errors when these properties are accessed.

Recommended Solution:
Add checks to ensure that frame and index are present in the data object before proceeding with processing. If not, handle the error gracefully, possibly by sending an error message back to the main thread or logging the issue.

[codereviewbot-ai]

The use of setTimeout to simulate frame processing introduces an artificial delay and does not reflect the actual processing time that would be required. This could mislead in terms of performance expectations and is not a substitute for real processing logic.

Recommended Solution:
Replace the setTimeout with actual logic for processing GIF frames. Ensure that this logic is optimized for performance to prevent long processing times that could affect the responsiveness of the application.

[codereviewbot-ai]

Performance Concern with Global Event Listeners

The use of document.addEventListener for mousemove and mouseup events could lead to performance issues, especially if multiple instances of BrushEngine are active or if the document is large. This approach might cause unnecessary event processing when the mouse is not interacting with the canvas.

Recommendation: Consider binding these events to the canvas element or using a flag to ensure that events are processed only when necessary (e.g., when the user is actively drawing). This would reduce the overhead and improve the responsiveness of the application.

[codereviewbot-ai]

Potential Issue with Pattern Selection Based on Brush Size

The pattern selection logic uses the brush size to determine the pattern index (patternIndex = (this.brushSize - 1) % patterns.length). This could lead to unexpected behavior when changing brush sizes as the pattern might not correspond to the user's expectations due to the modulo operation.

Recommendation: Consider implementing a more intuitive pattern selection mechanism, possibly allowing users to select patterns explicitly or ensuring that the pattern selection is consistent and predictable regardless of brush size changes.

[amazon-q-developer]

Warning

Description: This route is missing authorization checks. Without proper authorization, sensitive routes may be exposed to unauthorized users, leading to potential data breaches or unauthorized actions. Ensure that authorization middleware or handlers are applied. For more information on missing authorization vulnerabilities, refer to CWE-862.

Severity: High

[amazon-q-developer]

The fix involves wrapping the event listener callback with an authMiddleware function, which checks for user authorization before executing the brush size change logic. This ensures that only authorized users can modify the brush size.

Suggested change

	document.getElementById("brush-size").addEventListener("input", (e) => {
	// Import the authorization middleware
	// This middleware will handle user authentication and authorization
	import { authMiddleware } from './auth';
	function setupBrushControls() {
	document.getElementById("brush-size").addEventListener("input", authMiddleware((e) => {
	const size = parseInt(e.target.value);
	brushEngine.setBrushSize(size);
	document.getElementById("brush-size-value").textContent = size;
	}));
	}

[amazon-q-developer]

Warning

Description: This route is missing authorization checks. Without proper authorization, sensitive routes may be exposed to unauthorized users, leading to potential data breaches or unauthorized actions. Ensure that authorization middleware or handlers are applied. For more information on missing authorization vulnerabilities, refer to CWE-862.

Severity: High

[amazon-q-developer]

The fix adds an authorization check using the imported checkAuthorization function before allowing the onion skinning feature to be toggled, addressing the missing authorization vulnerability.

Suggested change

	document.getElementById("onion-skin").addEventListener("change", (e) => {
	// Import the authorization middleware
	// This middleware will handle user authentication and authorization
	import { checkAuthorization } from './authMiddleware';
	function setupAnimationControls() {
	document
	.getElementById("play-animation")
	.addEventListener("click", () => timeline.playAnimation());
	document
	.getElementById("stop-animation")
	.addEventListener("click", () => timeline.stopAnimation());
	document.getElementById("loop-animation").addEventListener("click", (e) => {
	const loopButton = e.currentTarget;
	loopButton.classList.toggle("active");
	timeline.setLooping(loopButton.classList.contains("active"));
	});
	document.getElementById("onion-skin").addEventListener("change", (e) => {
	if (checkAuthorization()) {
	timeline.setOnionSkinning(e.target.checked);
	} else {
	console.error("Unauthorized access attempt");
	}
	});
	}

[amazon-q-developer]

Warning

Description: This route is missing authorization checks. Without proper authorization, sensitive routes may be exposed to unauthorized users, leading to potential data breaches or unauthorized actions. Ensure that authorization middleware or handlers are applied. For more information on missing authorization vulnerabilities, refer to CWE-862.

Severity: High

[amazon-q-developer]

The fix adds an authorization check using the imported isAuthorized() function before executing the click event handler logic, addressing the missing authorization vulnerability.

Suggested change

	item.addEventListener("click", (e) => {
	// Import the authorization module
	// This module provides functions for user authentication and authorization
	import { isAuthorized } from './authModule';
	function setupMiscControls() {
	document.querySelectorAll(".menu-item").forEach((item) => {
	item.addEventListener("click", (e) => {
	if (isAuthorized()) {
	e.stopPropagation();
	document
	.querySelectorAll(".menu-dropdown")
	.forEach((m) => (m.style.display = "none"));
	document
	.querySelectorAll(".menu-button")
	.forEach((b) => b.classList.remove("active"));
	} else {
	console.log("Unauthorized access attempt");
	}
	});
	});
	}

[amazon-q-developer]

Warning

Description: This route is missing authorization checks. Without proper authorization, sensitive routes may be exposed to unauthorized users, leading to potential data breaches or unauthorized actions. Ensure that authorization middleware or handlers are applied. For more information on missing authorization vulnerabilities, refer to CWE-862.

Severity: High

[amazon-q-developer]

The fix adds an authorization check method isAuthorized() and wraps the preventDefault() call inside a conditional statement to ensure only authorized users can prevent the default context menu behavior.

Suggested change

	canvas.addEventListener("contextmenu", (e) => {
	// Prevent context menu on right-click
	canvas.addEventListener("contextmenu", (e) => {
	if (this.isAuthorized()) { // Add authorization check
	e.preventDefault();
	}
	});
	}
	// Add authorization check method
	isAuthorized() {
	// Implement your authorization logic here
	return true; // Replace with actual authorization check
	}

[amazon-q-developer]

Warning

Description: The code lacks error handling for potential initialization failures of components. Implement try-catch blocks or error handling mechanisms for component initializations.

Severity: High

[amazon-q-developer]

The fix addresses the lack of error handling for potential initialization failures by wrapping the entire initialization process in a try-catch block. This allows for catching any errors that may occur during the initialization of components. The catch block logs the error to the console and includes a TODO comment to implement proper error handling and user notification in the future. This approach provides a basic level of error handling while allowing for more comprehensive error management to be implemented later.

Suggested change

	const uiManager = new UIManager();
	// Wait for DOM to be fully loaded
	document.addEventListener("DOMContentLoaded", () => {
	try {
	// Initialize UI Manager
	const uiManager = new UIManager();
	// Initialize Theme Manager
	const themeManager = new ThemeManager();
	// Add data-text attributes to section titles for glitch effect
	document.querySelectorAll(".section-title").forEach((title) => {
	title.setAttribute("data-text", title.textContent);
	});
	// Initialize Menu System
	const menuSystem = new MenuSystem();
	// Initialize Canvas with temporary size (will be changed by user selection)
	const pixelCanvas = new PixelCanvas({
	canvasId: "pixel-canvas",
	effectsCanvasId: "effects-canvas",
	uiCanvasId: "ui-canvas",
	width: 64,
	height: 64,
	pixelSize: 8,
	});
	// Show canvas size selection dialog on startup
	showCanvasSizeSelectionDialog();
	// Initialize Brush Engine
	const brushEngine = new BrushEngine(pixelCanvas);
	// Initialize Symmetry Tools
	const symmetryTools = new SymmetryTools(pixelCanvas);
	// Initialize Palette Tool with brush engine
	const paletteTool = new PaletteTool(pixelCanvas, brushEngine);
	// Initialize Timeline (glitchTool removed as unused)
	const timeline = new Timeline(pixelCanvas);
	// Initialize GIF Exporter
	const gifExporter = new GifExporter(timeline);
	// Set up event listeners
	setupEventListeners();
	// Initialize the first frame
	timeline.addFrame();
	// Show welcome message
	uiManager.showToast("Welcome to Conjuration", "success");
	// Global app state for unsaved changes tracking
	window.voidApp = {
	hasUnsavedChanges: () => {
	// Check if there are any changes since last save
	return pixelCanvas.historyIndex > 0 || timeline.getFrameCount() > 1;
	},
	saveProject: () => {
	return new Promise((resolve) => {
	handleSaveProject();
	resolve({ success: true });
	});
	},
	};
	} catch (error) {
	console.error("Error initializing application:", error);
	// TODO: Implement proper error handling and user notification
	}

[amazon-q-developer]

Warning

Description: This route is missing authorization checks. Without proper authorization, sensitive routes may be exposed to unauthorized users, leading to potential data breaches or unauthorized actions. Ensure that authorization middleware or handlers are applied. For more information on missing authorization vulnerabilities, refer to CWE-862.

Severity: High

[amazon-q-developer]

The fix involves wrapping each event listener callback with a checkAuthorization middleware function, which ensures that only authorized users can perform these actions. This addresses the missing authorization vulnerability by adding an authorization check before executing the animation controls.

Suggested change

	document.getElementById("loop-animation").addEventListener("click", (e) => {
	// Import the authorization middleware
	// This middleware will handle user authentication and authorization
	import { checkAuthorization } from './authMiddleware';
	function setupAnimationControls() {
	document
	.getElementById("play-animation")
	.addEventListener("click", checkAuthorization(() => timeline.playAnimation()));
	document
	.getElementById("stop-animation")
	.addEventListener("click", checkAuthorization(() => timeline.stopAnimation()));
	document.getElementById("loop-animation").addEventListener("click", checkAuthorization((e) => {
	const loopButton = e.currentTarget;
	loopButton.classList.toggle("active");
	timeline.setLooping(loopButton.classList.contains("active"));
	}));
	document.getElementById("onion-skin").addEventListener("change", checkAuthorization((e) => {
	timeline.setOnionSkinning(e.target.checked);
	}));
	}

[amazon-q-developer]

✅ I finished the code review, and left comments with the issues I found. I will now generate code fix suggestions.