git-pkgs 0.3.0 → 0.4.0

data/README.md

@@ -258,6 +258,23 @@ git pkgs show HEAD~5       # relative ref
 
 Like `git show` but for dependencies. Shows what was added, modified, or removed in a single commit.
 
+### Find where a package is declared
+
+```bash
+git pkgs where rails           # find in manifest files
+git pkgs where lodash -C 2     # show 2 lines of context
+git pkgs where express --ecosystem=npm
+```
+
+Shows which manifest files declare a package and the exact line:
+
+```
+Gemfile:5:gem "rails", "~> 7.0"
+Gemfile.lock:142:    rails (7.0.8)
+```
+
+Like `grep` but scoped to manifest files that git-pkgs knows about.
+
 ### List commits with dependency changes
 
 ```bash
@@ -328,6 +345,30 @@ jobs:
       - run: git pkgs diff --from=origin/${{ github.base_ref }} --to=HEAD
 ```
 
+### Diff driver
+
+Install a git textconv driver that shows semantic dependency changes instead of raw lockfile diffs:
+
+```bash
+git pkgs diff-driver --install
+```
+
+Now `git diff` on lockfiles shows a sorted dependency list instead of raw lockfile changes:
+
+```diff
+diff --git a/Gemfile.lock b/Gemfile.lock
+--- a/Gemfile.lock
++++ b/Gemfile.lock
+@@ -1,3 +1,3 @@
++kamal 1.0.0
+-puma 5.0.0
++puma 6.0.0
+ rails 7.0.0
+-sidekiq 6.0.0
+```
+
+Use `git diff --no-textconv` to see the raw lockfile diff. To remove: `git pkgs diff-driver --uninstall`
+
 ## Configuration
 
 git-pkgs respects [standard git configuration](https://git-scm.com/docs/git-config).

data/SECURITY.md

@@ -0,0 +1,7 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+To report a security vulnerability, please email andrewnez@gmail.com.
+
+Do not open a public issue for security vulnerabilities.

data/lib/git/pkgs/analyzer.rb

@@ -46,7 +46,7 @@ module Git
       QUICK_MANIFEST_REGEX = Regexp.union(
         QUICK_MANIFEST_PATTERNS.map do |pattern|
           if pattern.include?('*')
-            Regexp.new(pattern.gsub('.', '\\.').gsub('*', '.*'))
+            Regexp.new(Regexp.escape(pattern).gsub('\\*', '.*'))
           else
             /(?:^|\/)#{Regexp.escape(pattern)}$/
           end

data/lib/git/pkgs/cli.rb

@@ -5,7 +5,7 @@ require "optparse"
 module Git
   module Pkgs
     class CLI
-      COMMANDS = %w[init update hooks info list tree history search why blame stale stats diff branch show log upgrade schema].freeze
+      COMMANDS = %w[init update hooks info list tree history search where why blame stale stats diff branch show log upgrade schema diff-driver].freeze
       ALIASES = { "praise" => "blame", "outdated" => "stale" }.freeze
 
       def self.run(args)
@@ -36,7 +36,9 @@ module Git
 
       def run_command(command)
         command = ALIASES.fetch(command, command)
-        command_class = Commands.const_get(command.capitalize.gsub(/_([a-z])/) { $1.upcase })
+        # Convert kebab-case or snake_case to PascalCase
+        class_name = command.split(/[-_]/).map(&:capitalize).join
+        command_class = Commands.const_get(class_name)
         command_class.new(@args).run
       rescue NameError
         $stderr.puts "Command '#{command}' not yet implemented"
@@ -57,6 +59,7 @@ module Git
             tree      Show dependency tree grouped by type
             history   Show the history of a package
             search    Find a dependency across all history
+            where     Show where a package appears in manifest files
             why       Explain why a dependency exists
             blame     Show who added each dependency
             stale     Show dependencies that haven't been updated

data/lib/git/pkgs/color.rb

@@ -74,6 +74,7 @@ module Git
       def self.green(text)   = colorize(text, :green)
       def self.yellow(text)  = colorize(text, :yellow)
       def self.blue(text)    = colorize(text, :blue)
+      def self.magenta(text) = colorize(text, :magenta)
       def self.cyan(text)    = colorize(text, :cyan)
       def self.bold(text)    = colorize(text, :bold)
       def self.dim(text)     = colorize(text, :dim)

data/lib/git/pkgs/commands/blame.rb

@@ -101,7 +101,7 @@ module Git
         def parse_coauthors(message)
           return [] unless message
 
-          message.scan(/^Co-authored-by:\s*(.+?)\s*<[^>]+>/i).flatten
+          message.scan(/^Co-authored-by:([^<]+)<[^>]+>/i).flatten.map(&:strip)
         end
 
         def bot_author?(name)

data/lib/git/pkgs/commands/diff_driver.rb

@@ -0,0 +1,169 @@
+# frozen_string_literal: true
+
+require "bibliothecary"
+
+module Git
+  module Pkgs
+    module Commands
+      class DiffDriver
+        include Output
+
+        # Only lockfiles - manifests are human-readable and diff fine normally
+        LOCKFILE_PATTERNS = %w[
+          Brewfile.lock.json
+          Cargo.lock
+          Cartfile.resolved
+          Gemfile.lock
+          Gopkg.lock
+          Package.resolved
+          Pipfile.lock
+          Podfile.lock
+          Project.lock.json
+          bun.lock
+          composer.lock
+          gems.locked
+          glide.lock
+          go.sum
+          mix.lock
+          npm-shrinkwrap.json
+          package-lock.json
+          packages.lock.json
+          paket.lock
+          pnpm-lock.yaml
+          poetry.lock
+          project.assets.json
+          pubspec.lock
+          pylock.toml
+          shard.lock
+          uv.lock
+          yarn.lock
+        ].freeze
+
+        def initialize(args)
+          @args = args
+          @options = parse_options
+        end
+
+        def run
+          if @options[:install]
+            install_driver
+            return
+          end
+
+          if @options[:uninstall]
+            uninstall_driver
+            return
+          end
+
+          # textconv mode: single file argument, output dependency list
+          if @args.length == 1
+            output_textconv(@args[0])
+            return
+          end
+
+          error "Usage: git pkgs diff-driver <file>"
+        end
+
+        def output_textconv(file_path)
+          content = read_file(file_path)
+          deps = parse_deps(file_path, content)
+
+          # Output sorted dependency list for git to diff
+          deps.keys.sort.each do |name|
+            dep = deps[name]
+            # Only show type if it's not runtime (the default)
+            type_suffix = dep[:type] && dep[:type] != "runtime" ? " [#{dep[:type]}]" : ""
+            puts "#{name} #{dep[:requirement]}#{type_suffix}"
+          end
+        end
+
+        def install_driver
+          # Set up git config for textconv
+          system("git", "config", "diff.pkgs.textconv", "git-pkgs diff-driver")
+
+          # Add to .gitattributes
+          gitattributes_path = File.join(Dir.pwd, ".gitattributes")
+          existing = File.exist?(gitattributes_path) ? File.read(gitattributes_path) : ""
+
+          new_entries = []
+          LOCKFILE_PATTERNS.each do |pattern|
+            entry = "#{pattern} diff=pkgs"
+            new_entries << entry unless existing.include?(entry)
+          end
+
+          if new_entries.any?
+            File.open(gitattributes_path, "a") do |f|
+              f.puts unless existing.end_with?("\n") || existing.empty?
+              f.puts "# git-pkgs textconv for lockfiles"
+              new_entries.each { |entry| f.puts entry }
+            end
+          end
+
+          puts "Installed textconv driver for lockfiles."
+          puts "  git config: diff.pkgs.textconv = git-pkgs diff-driver"
+          puts "  .gitattributes: #{new_entries.count} lockfile patterns added"
+          puts
+          puts "Now 'git diff' on lockfiles shows dependency changes."
+          puts "Use 'git diff --no-textconv' to see raw diff."
+        end
+
+        def uninstall_driver
+          system("git", "config", "--unset", "diff.pkgs.textconv")
+
+          gitattributes_path = File.join(Dir.pwd, ".gitattributes")
+          if File.exist?(gitattributes_path)
+            lines = File.readlines(gitattributes_path)
+            lines.reject! { |line| line.include?("diff=pkgs") || line.include?("# git-pkgs") }
+            File.write(gitattributes_path, lines.join)
+          end
+
+          puts "Uninstalled diff driver."
+        end
+
+        def read_file(path)
+          return "" if path == "/dev/null"
+          return "" unless File.exist?(path)
+
+          File.read(path)
+        end
+
+        def parse_deps(path, content)
+          return {} if content.empty?
+
+          result = Bibliothecary.analyse_file(path, content).first
+          return {} unless result
+
+          result[:dependencies].map { |d| [d[:name], d] }.to_h
+        rescue StandardError
+          {}
+        end
+
+        def parse_options
+          options = {}
+
+          parser = OptionParser.new do |opts|
+            opts.banner = "Usage: git pkgs diff-driver <file>"
+            opts.separator ""
+            opts.separator "Outputs dependency list for git textconv diffing."
+
+            opts.on("--install", "Install textconv driver for lockfiles") do
+              options[:install] = true
+            end
+
+            opts.on("--uninstall", "Uninstall textconv driver") do
+              options[:uninstall] = true
+            end
+
+            opts.on("-h", "--help", "Show this help") do
+              puts opts
+              exit
+            end
+          end
+
+          parser.parse!(@args)
+          options
+        end
+      end
+    end
+  end
+end

data/lib/git/pkgs/commands/info.rb

@@ -69,7 +69,11 @@ module Git
           puts "  Commits with snapshots: #{snapshot_commits}"
           if total_dep_commits > 0
             ratio = (snapshot_commits.to_f / total_dep_commits * 100).round(1)
-            puts "  Coverage: #{ratio}% (1 snapshot per ~#{(total_dep_commits.to_f / snapshot_commits).round(0)} changes)"
+            if snapshot_commits > 0
+              puts "  Coverage: #{ratio}% (1 snapshot per ~#{(total_dep_commits / snapshot_commits)} changes)"
+            else
+              puts "  Coverage: #{ratio}%"
+            end
           end
         end
 

data/lib/git/pkgs/commands/init.rb

@@ -17,6 +17,9 @@ module Git
         def run
           repo = Repository.new
 
+          branch_name = @options[:branch] || repo.default_branch
+          error "Branch '#{branch_name}' not found" unless repo.branch_exists?(branch_name)
+
           if Database.exists?(repo.git_dir) && !@options[:force]
             puts "Database already exists. Use --force to rebuild."
             return
@@ -27,9 +30,6 @@ module Git
           Database.create_schema(with_indexes: false)
           Database.optimize_for_bulk_writes
 
-          branch_name = @options[:branch] || repo.default_branch
-          error "Branch '#{branch_name}' not found" unless repo.branch_exists?(branch_name)
-
           branch = Models::Branch.find_or_create(branch_name)
           analyzer = Analyzer.new(repo)
 
@@ -73,6 +73,7 @@ module Git
           dependency_commit_count = 0
           snapshots_stored = 0
           processed = 0
+          last_processed_sha = nil
 
           flush = lambda do
             return if pending_commits.empty?
@@ -160,6 +161,8 @@ module Git
               position: processed
             }
 
+            last_processed_sha = rugged_commit.oid
+
             if has_changes
               dependency_commit_count += 1
 
@@ -206,13 +209,12 @@ module Git
             flush.call if pending_commits.size >= BATCH_SIZE
           end
 
-          # Always store final snapshot for HEAD
-          if snapshot.any?
-            last_sha = commits.last&.oid
-            if last_sha && !pending_snapshots.any? { |s| s[:sha] == last_sha }
+          # Always store final snapshot for the last processed commit
+          if snapshot.any? && last_processed_sha
+            unless pending_snapshots.any? { |s| s[:sha] == last_processed_sha }
               snapshot.each do |(manifest_path, name), dep_info|
                 pending_snapshots << {
-                  sha: last_sha,
+                  sha: last_processed_sha,
                   manifest_path: manifest_path,
                   name: name,
                   ecosystem: dep_info[:ecosystem],

data/lib/git/pkgs/commands/where.rb

@@ -0,0 +1,166 @@
+# frozen_string_literal: true
+
+module Git
+  module Pkgs
+    module Commands
+      class Where
+        include Output
+
+        def initialize(args)
+          @args = args
+          @options = parse_options
+        end
+
+        def run
+          name = @args.first
+
+          error "Usage: git pkgs where <package-name>" unless name
+
+          repo = Repository.new
+          require_database(repo)
+
+          Database.connect(repo.git_dir)
+
+          workdir = File.dirname(repo.git_dir)
+          branch = Models::Branch.find_by(name: @options[:branch] || repo.default_branch)
+
+          unless branch
+            error "Branch not found. Run 'git pkgs init' first."
+          end
+
+          snapshots = Models::DependencySnapshot.current_for_branch(branch)
+          snapshots = snapshots.where(ecosystem: @options[:ecosystem]) if @options[:ecosystem]
+
+          manifest_paths = snapshots.for_package(name).joins(:manifest).pluck("manifests.path").uniq
+
+          if manifest_paths.empty?
+            empty_result "Package '#{name}' not found in current dependencies"
+            return
+          end
+
+          results = manifest_paths.flat_map do |path|
+            find_in_manifest(name, File.join(workdir, path), path)
+          end
+
+          if results.empty?
+            empty_result "Package '#{name}' tracked but not found in current files"
+            return
+          end
+
+          if @options[:format] == "json"
+            output_json(results)
+          else
+            paginate { output_text(results, name) }
+          end
+        end
+
+        def find_in_manifest(name, full_path, display_path)
+          return [] unless File.exist?(full_path)
+
+          lines = File.readlines(full_path)
+          matches = []
+
+          lines.each_with_index do |line, idx|
+            next unless line.include?(name)
+
+            match = { path: display_path, line: idx + 1, content: line.rstrip }
+
+            if context_lines > 0
+              match[:before] = context_before(lines, idx)
+              match[:after] = context_after(lines, idx)
+            end
+
+            matches << match
+          end
+
+          matches
+        end
+
+        def context_lines
+          @options[:context] || 0
+        end
+
+        def context_before(lines, idx)
+          start_idx = [0, idx - context_lines].max
+          (start_idx...idx).map { |i| { line: i + 1, content: lines[i].rstrip } }
+        end
+
+        def context_after(lines, idx)
+          end_idx = [lines.length - 1, idx + context_lines].min
+          ((idx + 1)..end_idx).map { |i| { line: i + 1, content: lines[i].rstrip } }
+        end
+
+        def output_text(results, name)
+          results.each_with_index do |result, i|
+            puts "--" if i > 0 && context_lines > 0
+
+            result[:before]&.each do |ctx|
+              puts format_context_line(result[:path], ctx[:line], ctx[:content])
+            end
+
+            puts format_match_line(result[:path], result[:line], result[:content], name)
+
+            result[:after]&.each do |ctx|
+              puts format_context_line(result[:path], ctx[:line], ctx[:content])
+            end
+          end
+        end
+
+        def format_match_line(path, line_num, content, name)
+          path_str = Color.magenta(path)
+          line_str = Color.green(line_num.to_s)
+          highlighted = content.gsub(name, Color.red(name))
+          "#{path_str}:#{line_str}:#{highlighted}"
+        end
+
+        def format_context_line(path, line_num, content)
+          path_str = Color.magenta(path)
+          line_str = Color.green(line_num.to_s)
+          content_str = Color.dim(content)
+          "#{path_str}-#{line_str}-#{content_str}"
+        end
+
+        def output_json(results)
+          require "json"
+          puts JSON.pretty_generate(results)
+        end
+
+        def parse_options
+          options = {}
+
+          parser = OptionParser.new do |opts|
+            opts.banner = "Usage: git pkgs where <package-name> [options]"
+
+            opts.on("-b", "--branch=NAME", "Branch to search (default: current)") do |v|
+              options[:branch] = v
+            end
+
+            opts.on("-e", "--ecosystem=NAME", "Filter by ecosystem") do |v|
+              options[:ecosystem] = v
+            end
+
+            opts.on("-C", "--context=NUM", Integer, "Show NUM lines of context") do |v|
+              options[:context] = v
+            end
+
+            opts.on("-f", "--format=FORMAT", "Output format (text, json)") do |v|
+              options[:format] = v
+            end
+
+            opts.on("--no-pager", "Do not pipe output into a pager") do
+              options[:no_pager] = true
+            end
+
+            opts.on("-h", "--help", "Show this help") do
+              puts opts
+              exit
+            end
+          end
+
+          parser.parse!(@args)
+          options
+        end
+      end
+    end
+  end
+end

data/lib/git/pkgs/version.rb

@@ -2,6 +2,6 @@
 
 module Git
   module Pkgs
-    VERSION = "0.3.0"
+    VERSION = "0.4.0"
   end
 end

data/lib/git/pkgs.rb

@@ -30,9 +30,11 @@ require_relative "pkgs/commands/tree"
 require_relative "pkgs/commands/branch"
 require_relative "pkgs/commands/search"
 require_relative "pkgs/commands/show"
+require_relative "pkgs/commands/where"
 require_relative "pkgs/commands/log"
 require_relative "pkgs/commands/upgrade"
 require_relative "pkgs/commands/schema"
+require_relative "pkgs/commands/diff_driver"
 
 module Git
   module Pkgs

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: git-pkgs
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.4.0
 platform: ruby
 authors:
 - Andrew Nesbitt
@@ -76,9 +76,11 @@ extra_rdoc_files: []
 files:
 - CHANGELOG.md
 - CODE_OF_CONDUCT.md
+- CONTRIBUTING.md
 - LICENSE
 - README.md
 - Rakefile
+- SECURITY.md
 - benchmark_bulk.rb
 - benchmark_db.rb
 - benchmark_detailed.rb
@@ -92,6 +94,7 @@ files:
 - lib/git/pkgs/commands/blame.rb
 - lib/git/pkgs/commands/branch.rb
 - lib/git/pkgs/commands/diff.rb
+- lib/git/pkgs/commands/diff_driver.rb
 - lib/git/pkgs/commands/history.rb
 - lib/git/pkgs/commands/hooks.rb
 - lib/git/pkgs/commands/info.rb
@@ -106,6 +109,7 @@ files:
 - lib/git/pkgs/commands/tree.rb
 - lib/git/pkgs/commands/update.rb
 - lib/git/pkgs/commands/upgrade.rb
+- lib/git/pkgs/commands/where.rb
 - lib/git/pkgs/commands/why.rb
 - lib/git/pkgs/database.rb
 - lib/git/pkgs/models/branch.rb
@@ -125,6 +129,7 @@ metadata:
   homepage_uri: https://github.com/andrew/git-pkgs
   source_code_uri: https://github.com/andrew/git-pkgs
   changelog_uri: https://github.com/andrew/git-pkgs/blob/main/CHANGELOG.md
+  funding_uri: https://github.com/sponsors/andrew
 rdoc_options: []
 require_paths:
 - lib