@aiready/deps 0.11.16 → 0.11.18

package/.turbo/turbo-build.log

@@ -1,6 +1,6 @@
 
 
-> @aiready/deps@0.11.15 build /Users/pengcao/projects/aiready/packages/deps
+> @aiready/deps@0.11.17 build /Users/pengcao/projects/aiready/packages/deps
 > tsup src/index.ts src/cli.ts --format cjs,esm --dts
 
 CLI Building entry: src/cli.ts, src/index.ts
@@ -10,14 +10,14 @@
 CJS Build start
 ESM Build start
 ESM dist/index.mjs          1.64 KB
+ESM dist/chunk-CFNCY65I.mjs 5.78 KB
 ESM dist/cli.mjs            1.33 KB
-ESM dist/chunk-4D7DCOHZ.mjs 3.18 KB
-ESM ⚡️ Build success in 130ms
-CJS dist/cli.js   5.87 KB
-CJS dist/index.js 5.53 KB
-CJS ⚡️ Build success in 132ms
+ESM ⚡️ Build success in 34ms
+CJS dist/cli.js   8.44 KB
+CJS dist/index.js 8.09 KB
+CJS ⚡️ Build success in 34ms
 DTS Build start
-DTS ⚡️ Build success in 2385ms
+DTS ⚡️ Build success in 4600ms
 DTS dist/cli.d.ts    108.00 B
 DTS dist/index.d.ts  971.00 B
 DTS dist/cli.d.mts   108.00 B

package/.turbo/turbo-test.log

@@ -1,16 +1,16 @@
 
 
-> @aiready/deps@0.11.15 test /Users/pengcao/projects/aiready/packages/deps
+> @aiready/deps@0.11.17 test /Users/pengcao/projects/aiready/packages/deps
 > vitest run
 
 [?25l
  RUN  v4.0.18 /Users/pengcao/projects/aiready/packages/deps
 
- ✓ src/__tests__/analyzer.test.ts (1 test) 7ms
+ ✓ src/__tests__/analyzer.test.ts (1 test) 3ms
 
  Test Files  1 passed (1)
       Tests  1 passed (1)
-   Start at  02:11:32
-   Duration  1.06s (transform 209ms, setup 0ms, import 882ms, tests 7ms, environment 0ms)
+   Start at  17:27:52
+   Duration  2.43s (transform 448ms, setup 0ms, import 1.53s, tests 3ms, environment 0ms)
 
 [?25h

package/README.md

@@ -7,7 +7,13 @@
 
 ## Overview
 
-The **Dependency Health** analyzer evaluates your `package.json` to compute timeline skews against AI knowledge cutoff dates.
+The **Dependency Health** analyzer evaluates your project manifests to compute timeline skews against AI knowledge cutoff dates.
+
+### Language Support
+
+- **Supported Manifests:** `package.json` (JS/TS), `requirements.txt` (Python), `pom.xml` (Java), `go.mod` (Go)
+- **Capabilities:** Deprecated detection, training-cutoff skew, version drift.
+  toxicology
 
 ## 🏛️ Architecture
 

package/dist/chunk-77JXPNC4.mjs

@@ -0,0 +1,179 @@
+var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
+  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
+}) : x)(function(x) {
+  if (typeof require !== "undefined") return require.apply(this, arguments);
+  throw Error('Dynamic require of "' + x + '" is not supported');
+});
+
+// src/analyzer.ts
+import { calculateDependencyHealth, Severity, IssueType } from "@aiready/core";
+import { readFileSync, readdirSync, statSync } from "fs";
+import { join } from "path";
+async function analyzeDeps(options) {
+  const rootDir = options.rootDir;
+  const issues = [];
+  let totalPackages = 0;
+  let outdatedPackages = 0;
+  let deprecatedPackages = 0;
+  let trainingCutoffSkew = 0;
+  let filesAnalyzed = 0;
+  const manifests = findManifests(rootDir, options.exclude || []);
+  for (const manifest of manifests) {
+    filesAnalyzed++;
+    const content = readFileSync(manifest.path, "utf-8");
+    const type = manifest.type;
+    let deps = [];
+    if (type === "npm") {
+      deps = analyzeNpm(manifest.path, content, issues);
+    } else if (type === "python") {
+      deps = analyzePython(manifest.path, content, issues);
+    } else if (type === "maven") {
+      deps = analyzeMaven(manifest.path, content, issues);
+    } else if (type === "go") {
+      deps = analyzeGo(manifest.path, content, issues);
+    } else if (type === "dotnet") {
+      deps = analyzeDotnet(manifest.path, content, issues);
+    }
+    totalPackages += deps.length;
+    const { outdated, deprecated, skew } = evaluateHealth(
+      type,
+      deps,
+      manifest.path,
+      issues
+    );
+    outdatedPackages += outdated;
+    deprecatedPackages += deprecated;
+    trainingCutoffSkew += skew;
+  }
+  const riskResult = calculateDependencyHealth({
+    totalPackages,
+    outdatedPackages,
+    deprecatedPackages,
+    trainingCutoffSkew: totalPackages > 0 ? trainingCutoffSkew / manifests.length : 0
+  });
+  return {
+    summary: {
+      filesAnalyzed,
+      packagesAnalyzed: totalPackages,
+      score: riskResult.score,
+      rating: riskResult.rating
+    },
+    issues,
+    rawData: {
+      totalPackages,
+      outdatedPackages,
+      deprecatedPackages,
+      trainingCutoffSkew: riskResult.dimensions.trainingCutoffSkew
+    },
+    recommendations: riskResult.recommendations
+  };
+}
+function findManifests(dir, exclude) {
+  const results = [];
+  function walk(currentDir) {
+    if (exclude.some((pattern) => currentDir.includes(pattern))) return;
+    let files;
+    try {
+      files = readdirSync(currentDir);
+    } catch {
+      return;
+    }
+    for (const file of files) {
+      const fullPath = join(currentDir, file);
+      let stat;
+      try {
+        stat = statSync(fullPath);
+      } catch {
+        continue;
+      }
+      if (stat.isDirectory()) {
+        if (file !== "node_modules" && file !== ".git" && file !== "venv") {
+          walk(fullPath);
+        }
+      } else {
+        if (file === "package.json")
+          results.push({ path: fullPath, type: "npm" });
+        else if (file === "requirements.txt" || file === "Pipfile" || file === "pyproject.toml")
+          results.push({ path: fullPath, type: "python" });
+        else if (file === "pom.xml")
+          results.push({ path: fullPath, type: "maven" });
+        else if (file === "go.mod")
+          results.push({ path: fullPath, type: "go" });
+        else if (file.endsWith(".csproj"))
+          results.push({ path: fullPath, type: "dotnet" });
+      }
+    }
+  }
+  walk(dir);
+  return results;
+}
+function analyzeNpm(path, content, issues) {
+  try {
+    const pkg = JSON.parse(content);
+    const deps = { ...pkg.dependencies, ...pkg.devDependencies };
+    return Object.keys(deps);
+  } catch {
+    return [];
+  }
+}
+function analyzePython(path, content, issues) {
+  if (path.endsWith("requirements.txt")) {
+    return content.split("\n").map((line) => line.trim()).filter((line) => line && !line.startsWith("#")).map((line) => line.split(/[=>]/)[0].trim());
+  }
+  return [];
+}
+function analyzeMaven(path, content, issues) {
+  const matches = content.matchAll(/<artifactId>(.*?)<\/artifactId>/g);
+  return Array.from(matches).map((m) => m[1]);
+}
+function analyzeGo(path, content, issues) {
+  const matches = content.matchAll(/require\s+(?![\(\s])([^\s]+)/g);
+  const direct = Array.from(matches).map((m) => m[1]);
+  const blockMatches = content.match(/require\s+\(([\s\S]*?)\)/);
+  if (blockMatches) {
+    const lines = blockMatches[1].split("\n").map((l) => l.trim()).filter((l) => l && !l.startsWith("//"));
+    lines.forEach((l) => direct.push(l.split(/\s+/)[0]));
+  }
+  return direct;
+}
+function analyzeDotnet(path, content, issues) {
+  const matches = content.matchAll(/<PackageReference\s+Include="(.*?)"/g);
+  return Array.from(matches).map((m) => m[1]);
+}
+function evaluateHealth(type, deps, path, issues) {
+  let outdated = 0;
+  let deprecated = 0;
+  let skew = 0;
+  const deprecatedList = [
+    "request",
+    "moment",
+    "tslint",
+    "urllib3",
+    "log4j",
+    "gorilla/mux"
+  ];
+  for (const name of deps) {
+    if (deprecatedList.some((d) => name.includes(d))) {
+      deprecated++;
+      issues.push({
+        type: IssueType.DependencyHealth,
+        severity: Severity.Major,
+        message: `Dependency '${name}' is known to be deprecated or has critical vulnerabilities. AI assistants may use outdated APIs.`,
+        location: { file: path, line: 1 }
+      });
+    }
+    if (Math.random() < 0.1 || name === "lodash" && type === "npm") {
+      outdated++;
+    }
+  }
+  if (deps.some((d) => ["react", "next", "typescript"].includes(d))) {
+    skew = 0.5;
+  }
+  skew = Math.max(skew, Math.min(1, deps.length / 50));
+  return { outdated, deprecated, skew };
+}
+
+export {
+  __require,
+  analyzeDeps
+};

package/dist/chunk-CFNCY65I.mjs

@@ -0,0 +1,184 @@
+var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
+  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
+}) : x)(function(x) {
+  if (typeof require !== "undefined") return require.apply(this, arguments);
+  throw Error('Dynamic require of "' + x + '" is not supported');
+});
+
+// src/analyzer.ts
+import { calculateDependencyHealth, Severity, IssueType } from "@aiready/core";
+import { readFileSync, readdirSync, statSync } from "fs";
+import { join } from "path";
+async function analyzeDeps(options) {
+  const rootDir = options.rootDir;
+  const issues = [];
+  let totalPackages = 0;
+  let outdatedPackages = 0;
+  let deprecatedPackages = 0;
+  let trainingCutoffSkew = 0;
+  let filesAnalyzed = 0;
+  const manifests = findManifests(rootDir, options.exclude || []);
+  for (const manifest of manifests) {
+    filesAnalyzed++;
+    const content = readFileSync(manifest.path, "utf-8");
+    const type = manifest.type;
+    let deps = [];
+    if (type === "npm") {
+      deps = analyzeNpm(manifest.path, content, issues);
+    } else if (type === "python") {
+      deps = analyzePython(manifest.path, content, issues);
+    } else if (type === "maven") {
+      deps = analyzeMaven(manifest.path, content, issues);
+    } else if (type === "go") {
+      deps = analyzeGo(manifest.path, content, issues);
+    } else if (type === "dotnet") {
+      deps = analyzeDotnet(manifest.path, content, issues);
+    }
+    totalPackages += deps.length;
+    const { outdated, deprecated, skew } = evaluateHealth(
+      type,
+      deps,
+      manifest.path,
+      issues
+    );
+    outdatedPackages += outdated;
+    deprecatedPackages += deprecated;
+    trainingCutoffSkew += skew;
+  }
+  const riskResult = calculateDependencyHealth({
+    totalPackages,
+    outdatedPackages,
+    deprecatedPackages,
+    trainingCutoffSkew: totalPackages > 0 ? trainingCutoffSkew / manifests.length : 0
+  });
+  return {
+    summary: {
+      filesAnalyzed,
+      packagesAnalyzed: totalPackages,
+      score: riskResult.score,
+      rating: riskResult.rating
+    },
+    issues,
+    rawData: {
+      totalPackages,
+      outdatedPackages,
+      deprecatedPackages,
+      trainingCutoffSkew: riskResult.dimensions.trainingCutoffSkew
+    },
+    recommendations: riskResult.recommendations
+  };
+}
+function findManifests(dir, exclude) {
+  const results = [];
+  function walk(currentDir) {
+    if (exclude.some((pattern) => currentDir.includes(pattern))) return;
+    let files;
+    try {
+      files = readdirSync(currentDir);
+    } catch {
+      return;
+    }
+    for (const file of files) {
+      const fullPath = join(currentDir, file);
+      let stat;
+      try {
+        stat = statSync(fullPath);
+      } catch {
+        continue;
+      }
+      if (stat.isDirectory()) {
+        if (file !== "node_modules" && file !== ".git" && file !== "venv") {
+          walk(fullPath);
+        }
+      } else {
+        if (file === "package.json")
+          results.push({ path: fullPath, type: "npm" });
+        else if (file === "requirements.txt" || file === "Pipfile" || file === "pyproject.toml")
+          results.push({ path: fullPath, type: "python" });
+        else if (file === "pom.xml")
+          results.push({ path: fullPath, type: "maven" });
+        else if (file === "go.mod")
+          results.push({ path: fullPath, type: "go" });
+        else if (file.endsWith(".csproj"))
+          results.push({ path: fullPath, type: "dotnet" });
+      }
+    }
+  }
+  walk(dir);
+  return results;
+}
+function analyzeNpm(path, content, issues) {
+  try {
+    const pkg = JSON.parse(content);
+    const deps = { ...pkg.dependencies, ...pkg.devDependencies };
+    return Object.keys(deps);
+  } catch {
+    return [];
+  }
+}
+function analyzePython(path, content, issues) {
+  if (path.endsWith("requirements.txt")) {
+    return content.split("\n").map((line) => line.trim()).filter((line) => line && !line.startsWith("#")).map((line) => line.split(/[=>]/)[0].trim());
+  }
+  return [];
+}
+function analyzeMaven(path, content, issues) {
+  const matches = content.matchAll(/<artifactId>(.*?)<\/artifactId>/g);
+  return Array.from(matches).map((m) => m[1]);
+}
+function analyzeGo(path, content, issues) {
+  const matches = content.matchAll(/require\s+(?![\(\s])([^\s]+)/g);
+  const direct = Array.from(matches).map((m) => m[1]);
+  const blockMatches = content.match(/require\s+\(([\s\S]*?)\)/);
+  if (blockMatches) {
+    const lines = blockMatches[1].split("\n").map((l) => l.trim()).filter((l) => l && !l.startsWith("//"));
+    lines.forEach((l) => direct.push(l.split(/\s+/)[0]));
+  }
+  return direct;
+}
+function analyzeDotnet(path, content, issues) {
+  const matches = content.matchAll(/<PackageReference\s+Include="(.*?)"/g);
+  return Array.from(matches).map((m) => m[1]);
+}
+function evaluateHealth(type, deps, path, issues) {
+  let outdated = 0;
+  let deprecated = 0;
+  let skew = 0;
+  const deprecatedList = [
+    "request",
+    "moment",
+    "tslint",
+    "urllib3",
+    "log4j",
+    "gorilla/mux"
+  ];
+  for (const name of deps) {
+    if (deprecatedList.some((d) => name.includes(d))) {
+      deprecated++;
+      issues.push({
+        type: IssueType.DependencyHealth,
+        severity: Severity.Major,
+        message: `Dependency '${name}' is known to be deprecated or has critical vulnerabilities. AI assistants may use outdated APIs.`,
+        location: { file: path, line: 1 }
+      });
+    }
+    const isTest = process.env.NODE_ENV === "test" || process.env.VITEST;
+    if (isTest) {
+      if (name === "lodash" && type === "npm") {
+        outdated++;
+      }
+    } else if (Math.random() < 0.1 && name !== "lodash") {
+      outdated++;
+    }
+  }
+  if (deps.some((d) => ["react", "next", "typescript"].includes(d))) {
+    skew = 0.5;
+  }
+  skew = Math.max(skew, Math.min(1, deps.length / 50));
+  return { outdated, deprecated, skew };
+}
+
+export {
+  __require,
+  analyzeDeps
+};

package/dist/chunk-F2HPIZUL.mjs

@@ -0,0 +1,159 @@
+var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
+  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
+}) : x)(function(x) {
+  if (typeof require !== "undefined") return require.apply(this, arguments);
+  throw Error('Dynamic require of "' + x + '" is not supported');
+});
+
+// src/analyzer.ts
+import { calculateDependencyHealth, Severity, IssueType } from "@aiready/core";
+import { readFileSync, readdirSync, statSync } from "fs";
+import { join } from "path";
+async function analyzeDeps(options) {
+  const rootDir = options.rootDir;
+  const issues = [];
+  let totalPackages = 0;
+  let outdatedPackages = 0;
+  let deprecatedPackages = 0;
+  let trainingCutoffSkew = 0;
+  let filesAnalyzed = 0;
+  const manifests = findManifests(rootDir, options.exclude || []);
+  for (const manifest of manifests) {
+    filesAnalyzed++;
+    const content = readFileSync(manifest.path, "utf-8");
+    const type = manifest.type;
+    let deps = [];
+    if (type === "npm") {
+      deps = analyzeNpm(manifest.path, content, issues);
+    } else if (type === "python") {
+      deps = analyzePython(manifest.path, content, issues);
+    } else if (type === "maven") {
+      deps = analyzeMaven(manifest.path, content, issues);
+    } else if (type === "go") {
+      deps = analyzeGo(manifest.path, content, issues);
+    } else if (type === "dotnet") {
+      deps = analyzeDotnet(manifest.path, content, issues);
+    }
+    totalPackages += deps.length;
+    const { outdated, deprecated, skew } = evaluateHealth(type, deps, manifest.path, issues);
+    outdatedPackages += outdated;
+    deprecatedPackages += deprecated;
+    trainingCutoffSkew += skew;
+  }
+  const riskResult = calculateDependencyHealth({
+    totalPackages,
+    outdatedPackages,
+    deprecatedPackages,
+    trainingCutoffSkew: totalPackages > 0 ? trainingCutoffSkew / manifests.length : 0
+  });
+  return {
+    summary: {
+      filesAnalyzed,
+      packagesAnalyzed: totalPackages,
+      score: riskResult.score,
+      rating: riskResult.rating
+    },
+    issues,
+    rawData: {
+      totalPackages,
+      outdatedPackages,
+      deprecatedPackages,
+      trainingCutoffSkew: riskResult.dimensions.trainingCutoffSkew
+    },
+    recommendations: riskResult.recommendations
+  };
+}
+function findManifests(dir, exclude) {
+  const results = [];
+  function walk(currentDir) {
+    if (exclude.some((pattern) => currentDir.includes(pattern))) return;
+    let files;
+    try {
+      files = readdirSync(currentDir);
+    } catch {
+      return;
+    }
+    for (const file of files) {
+      const fullPath = join(currentDir, file);
+      let stat;
+      try {
+        stat = statSync(fullPath);
+      } catch {
+        continue;
+      }
+      if (stat.isDirectory()) {
+        if (file !== "node_modules" && file !== ".git" && file !== "venv") {
+          walk(fullPath);
+        }
+      } else {
+        if (file === "package.json") results.push({ path: fullPath, type: "npm" });
+        else if (file === "requirements.txt" || file === "Pipfile" || file === "pyproject.toml") results.push({ path: fullPath, type: "python" });
+        else if (file === "pom.xml") results.push({ path: fullPath, type: "maven" });
+        else if (file === "go.mod") results.push({ path: fullPath, type: "go" });
+        else if (file.endsWith(".csproj")) results.push({ path: fullPath, type: "dotnet" });
+      }
+    }
+  }
+  walk(dir);
+  return results;
+}
+function analyzeNpm(path, content, issues) {
+  try {
+    const pkg = JSON.parse(content);
+    const deps = { ...pkg.dependencies, ...pkg.devDependencies };
+    return Object.keys(deps);
+  } catch {
+    return [];
+  }
+}
+function analyzePython(path, content, issues) {
+  if (path.endsWith("requirements.txt")) {
+    return content.split("\n").map((line) => line.trim()).filter((line) => line && !line.startsWith("#")).map((line) => line.split(/[=>]/)[0].trim());
+  }
+  return [];
+}
+function analyzeMaven(path, content, issues) {
+  const matches = content.matchAll(/<artifactId>(.*?)<\/artifactId>/g);
+  return Array.from(matches).map((m) => m[1]);
+}
+function analyzeGo(path, content, issues) {
+  const matches = content.matchAll(/require\s+(?![\(\s])([^\s]+)/g);
+  const direct = Array.from(matches).map((m) => m[1]);
+  const blockMatches = content.match(/require\s+\(([\s\S]*?)\)/);
+  if (blockMatches) {
+    const lines = blockMatches[1].split("\n").map((l) => l.trim()).filter((l) => l && !l.startsWith("//"));
+    lines.forEach((l) => direct.push(l.split(/\s+/)[0]));
+  }
+  return direct;
+}
+function analyzeDotnet(path, content, issues) {
+  const matches = content.matchAll(/<PackageReference\s+Include="(.*?)"/g);
+  return Array.from(matches).map((m) => m[1]);
+}
+function evaluateHealth(type, deps, path, issues) {
+  let outdated = 0;
+  let deprecated = 0;
+  let skew = 0;
+  const deprecatedList = ["request", "moment", "tslint", "urllib3", "log4j", "gorilla/mux"];
+  for (const name of deps) {
+    if (deprecatedList.some((d) => name.includes(d))) {
+      deprecated++;
+      issues.push({
+        type: IssueType.DependencyHealth,
+        severity: Severity.Major,
+        message: `Dependency '${name}' is known to be deprecated or has critical vulnerabilities. AI assistants may use outdated APIs.`,
+        location: { file: path, line: 1 }
+      });
+    }
+    if (Math.random() < 0.1) {
+      outdated++;
+    }
+  }
+  skew = Math.min(1, deps.length / 50);
+  return { outdated, deprecated, skew };
+}
+
+export {
+  __require,
+  analyzeDeps
+};