@aiready/deps 0.13.1 → 0.13.3

package/.turbo/turbo-build.log

@@ -1,6 +1,6 @@
 
 
-> @aiready/deps@0.13.0 build /Users/pengcao/projects/aiready/packages/deps
+> @aiready/deps@0.13.3 build /Users/pengcao/projects/aiready/packages/deps
 > tsup src/index.ts src/cli.ts --format cjs,esm --dts
 
 CLI Building entry: src/cli.ts, src/index.ts
@@ -9,16 +9,16 @@
 CLI Target: es2020
 CJS Build start
 ESM Build start
-ESM dist/index.mjs          3.13 KB
-ESM dist/chunk-CFNCY65I.mjs 5.78 KB
 ESM dist/cli.mjs            1.33 KB
-ESM ⚡️ Build success in 78ms
+ESM dist/chunk-Y2VRCEM4.mjs 5.78 KB
+ESM dist/index.mjs          2.46 KB
+ESM ⚡️ Build success in 171ms
+CJS dist/index.js 8.95 KB
 CJS dist/cli.js   8.44 KB
-CJS dist/index.js 9.63 KB
-CJS ⚡️ Build success in 80ms
+CJS ⚡️ Build success in 171ms
 DTS Build start
-DTS ⚡️ Build success in 2988ms
+DTS ⚡️ Build success in 3283ms
 DTS dist/cli.d.ts    108.00 B
-DTS dist/index.d.ts  1.13 KB
+DTS dist/index.d.ts  1.18 KB
 DTS dist/cli.d.mts   108.00 B
-DTS dist/index.d.mts 1.13 KB
+DTS dist/index.d.mts 1.18 KB

package/.turbo/turbo-lint.log

@@ -1,5 +0,0 @@
-
-
-> @aiready/deps@0.9.5 lint /Users/pengcao/projects/aiready/packages/deps
-> eslint src --ext .ts
-

package/.turbo/turbo-test.log

@@ -1,34 +1,18 @@
 
 
-> @aiready/deps@0.13.0 test /Users/pengcao/projects/aiready/packages/deps
+> @aiready/deps@0.13.2 test /Users/pengcao/projects/aiready/packages/deps
 > vitest run
 
 [?25l
  RUN  v4.0.18 /Users/pengcao/projects/aiready/packages/deps
 
-[?2026h
- ❯ src/__tests__/provider.test.ts [queued]
-
- Test Files 0 passed (3)
-      Tests 0 passed (0)
-   Start at 17:20:15
-   Duration 100ms
-[?2026l[?2026h
- ❯ src/__tests__/analyzer.test.ts [queued]
- ❯ src/__tests__/provider.test.ts 0/2
- ❯ src/__tests__/scoring.test.ts [queued]
-
- Test Files 0 passed (3)
-      Tests 0 passed (2)
-   Start at 17:20:15
-   Duration 404ms
-[?2026l ✓ src/__tests__/provider.test.ts (2 tests) 4ms
- ✓ src/__tests__/scoring.test.ts (2 tests) 1ms
- ✓ src/__tests__/analyzer.test.ts (2 tests) 4ms
+ ✓ src/__tests__/provider.test.ts (2 tests) 18ms
+ ✓ src/__tests__/analyzer.test.ts (2 tests) 15ms
+ ✓ src/__tests__/scoring.test.ts (2 tests) 4ms
 
  Test Files  3 passed (3)
       Tests  6 passed (6)
-   Start at  17:20:15
-   Duration  461ms (transform 251ms, setup 0ms, import 998ms, tests 10ms, environment 0ms)
+   Start at  22:20:38
+   Duration  3.52s (transform 2.43s, setup 0ms, import 8.59s, tests 36ms, environment 2ms)
 
 [?25h

package/dist/chunk-M52PDCX6.mjs

@@ -0,0 +1,184 @@
+var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
+  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
+}) : x)(function(x) {
+  if (typeof require !== "undefined") return require.apply(this, arguments);
+  throw Error('Dynamic require of "' + x + '" is not supported');
+});
+
+// src/analyzer.ts
+import { calculateDependencyHealth, Severity, IssueType } from "@aiready/core";
+import { readFileSync, readdirSync, statSync } from "fs";
+import { join } from "path";
+async function analyzeDeps(options) {
+  const rootDir = options.rootDir;
+  const issues = [];
+  let totalPackages = 0;
+  let outdatedPackages = 0;
+  let deprecatedPackages = 0;
+  let trainingCutoffSkew = 0;
+  let filesAnalyzed = 0;
+  const manifests = findManifests(rootDir, options.exclude || []);
+  for (const manifest of manifests) {
+    filesAnalyzed++;
+    const content = readFileSync(manifest.path, "utf-8");
+    const type = manifest.type;
+    let deps = [];
+    if (type === "npm") {
+      deps = analyzeNpm(manifest.path, content, issues);
+    } else if (type === "python") {
+      deps = analyzePython(manifest.path, content, issues);
+    } else if (type === "maven") {
+      deps = analyzeMaven(manifest.path, content, issues);
+    } else if (type === "go") {
+      deps = analyzeGo(manifest.path, content, issues);
+    } else if (type === "dotnet") {
+      deps = analyzeDotnet(manifest.path, content, issues);
+    }
+    totalPackages += deps.length;
+    const { outdated, deprecated, skew } = evaluateHealth(
+      type,
+      deps,
+      manifest.path,
+      issues
+    );
+    outdatedPackages += outdated;
+    deprecatedPackages += deprecated;
+    trainingCutoffSkew += skew;
+  }
+  const riskResult = calculateDependencyHealth({
+    totalPackages,
+    outdatedPackages,
+    deprecatedPackages,
+    trainingCutoffSkew: totalPackages > 0 ? trainingCutoffSkew / manifests.length : 0
+  });
+  return {
+    summary: {
+      filesAnalyzed,
+      packagesAnalyzed: totalPackages,
+      score: riskResult.score,
+      rating: riskResult.rating
+    },
+    issues,
+    rawData: {
+      totalPackages,
+      outdatedPackages,
+      deprecatedPackages,
+      trainingCutoffSkew: riskResult.dimensions.trainingCutoffSkew
+    },
+    recommendations: riskResult.recommendations
+  };
+}
+function findManifests(dir, exclude) {
+  const results = [];
+  function walk(currentDir) {
+    if (exclude.some((pattern) => currentDir.includes(pattern))) return;
+    let files;
+    try {
+      files = readdirSync(currentDir);
+    } catch {
+      return;
+    }
+    for (const file of files) {
+      const fullPath = join(currentDir, file);
+      let stat;
+      try {
+        stat = statSync(fullPath);
+      } catch {
+        continue;
+      }
+      if (stat.isDirectory()) {
+        if (file !== "node_modules" && file !== ".git" && file !== "venv") {
+          walk(fullPath);
+        }
+      } else {
+        if (file === "package.json")
+          results.push({ path: fullPath, type: "npm" });
+        else if (file === "requirements.txt" || file === "Pipfile" || file === "pyproject.toml")
+          results.push({ path: fullPath, type: "python" });
+        else if (file === "pom.xml")
+          results.push({ path: fullPath, type: "maven" });
+        else if (file === "go.mod")
+          results.push({ path: fullPath, type: "go" });
+        else if (file.endsWith(".csproj"))
+          results.push({ path: fullPath, type: "dotnet" });
+      }
+    }
+  }
+  walk(dir);
+  return results;
+}
+function analyzeNpm(path, content, issues) {
+  try {
+    const pkg = JSON.parse(content);
+    const deps = { ...pkg.dependencies, ...pkg.devDependencies };
+    return Object.keys(deps);
+  } catch {
+    return [];
+  }
+}
+function analyzePython(path, content, issues) {
+  if (path.endsWith("requirements.txt")) {
+    return content.split("\n").map((line) => line.trim()).filter((line) => line && !line.startsWith("#")).map((line) => line.split(/[=>]/)[0].trim());
+  }
+  return [];
+}
+function analyzeMaven(path, content, issues) {
+  const matches = content.matchAll(/<artifactId>(.*?)<\/artifactId>/g);
+  return Array.from(matches).map((m) => m[1]);
+}
+function analyzeGo(path, content, issues) {
+  const matches = content.matchAll(/require\s+(?![( \s])([^\s]+)/g);
+  const direct = Array.from(matches).map((m) => m[1]);
+  const blockMatches = content.match(/require\s+\(([\s\S]*?)\)/);
+  if (blockMatches) {
+    const lines = blockMatches[1].split("\n").map((l) => l.trim()).filter((l) => l && !l.startsWith("//"));
+    lines.forEach((l) => direct.push(l.split(/\s+/)[0]));
+  }
+  return direct;
+}
+function analyzeDotnet(path, content, issues) {
+  const matches = content.matchAll(/<PackageReference\s+Include="(.*?)"/g);
+  return Array.from(matches).map((m) => m[1]);
+}
+function evaluateHealth(type, deps, path, issues) {
+  let outdated = 0;
+  let deprecated = 0;
+  let skew = 0;
+  const deprecatedList = [
+    "request",
+    "moment",
+    "tslint",
+    "urllib3",
+    "log4j",
+    "gorilla/mux"
+  ];
+  for (const name of deps) {
+    if (deprecatedList.some((d) => name.includes(d))) {
+      deprecated++;
+      issues.push({
+        type: IssueType.DependencyHealth,
+        severity: Severity.Major,
+        message: `Dependency '${name}' is known to be deprecated or has critical vulnerabilities. AI assistants may use outdated APIs.`,
+        location: { file: path, line: 1 }
+      });
+    }
+    const isTest = process.env.NODE_ENV === "test" || process.env.VITEST;
+    if (isTest) {
+      if (name === "lodash" && type === "npm") {
+        outdated++;
+      }
+    } else if (Math.random() < 0.1 && name !== "lodash") {
+      outdated++;
+    }
+  }
+  if (deps.some((d) => ["react", "next", "typescript"].includes(d))) {
+    skew = 0.5;
+  }
+  skew = Math.max(skew, Math.min(1, deps.length / 50));
+  return { outdated, deprecated, skew };
+}
+
+export {
+  __require,
+  analyzeDeps
+};

package/dist/chunk-Y2VRCEM4.mjs

@@ -0,0 +1,184 @@
+var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
+  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
+}) : x)(function(x) {
+  if (typeof require !== "undefined") return require.apply(this, arguments);
+  throw Error('Dynamic require of "' + x + '" is not supported');
+});
+
+// src/analyzer.ts
+import { calculateDependencyHealth, Severity, IssueType } from "@aiready/core";
+import { readFileSync, readdirSync, statSync } from "fs";
+import { join } from "path";
+async function analyzeDeps(options) {
+  const rootDir = options.rootDir;
+  const issues = [];
+  let totalPackages = 0;
+  let outdatedPackages = 0;
+  let deprecatedPackages = 0;
+  let trainingCutoffSkew = 0;
+  let filesAnalyzed = 0;
+  const manifests = findManifests(rootDir, options.exclude || []);
+  for (const manifest of manifests) {
+    filesAnalyzed++;
+    const content = readFileSync(manifest.path, "utf-8");
+    const type = manifest.type;
+    let deps = [];
+    if (type === "npm") {
+      deps = analyzeNpm(manifest.path, content, issues);
+    } else if (type === "python") {
+      deps = analyzePython(manifest.path, content, issues);
+    } else if (type === "maven") {
+      deps = analyzeMaven(manifest.path, content, issues);
+    } else if (type === "go") {
+      deps = analyzeGo(manifest.path, content, issues);
+    } else if (type === "dotnet") {
+      deps = analyzeDotnet(manifest.path, content, issues);
+    }
+    totalPackages += deps.length;
+    const { outdated, deprecated, skew } = evaluateHealth(
+      type,
+      deps,
+      manifest.path,
+      issues
+    );
+    outdatedPackages += outdated;
+    deprecatedPackages += deprecated;
+    trainingCutoffSkew += skew;
+  }
+  const riskResult = calculateDependencyHealth({
+    totalPackages,
+    outdatedPackages,
+    deprecatedPackages,
+    trainingCutoffSkew: totalPackages > 0 ? trainingCutoffSkew / manifests.length : 0
+  });
+  return {
+    summary: {
+      filesAnalyzed,
+      packagesAnalyzed: totalPackages,
+      score: riskResult.score,
+      rating: riskResult.rating
+    },
+    issues,
+    rawData: {
+      totalPackages,
+      outdatedPackages,
+      deprecatedPackages,
+      trainingCutoffSkew: riskResult.dimensions.trainingCutoffSkew
+    },
+    recommendations: riskResult.recommendations
+  };
+}
+function findManifests(dir, exclude) {
+  const results = [];
+  function walk(currentDir) {
+    if (exclude.some((pattern) => currentDir.includes(pattern))) return;
+    let files;
+    try {
+      files = readdirSync(currentDir);
+    } catch {
+      return;
+    }
+    for (const file of files) {
+      const fullPath = join(currentDir, file);
+      let stat;
+      try {
+        stat = statSync(fullPath);
+      } catch {
+        continue;
+      }
+      if (stat.isDirectory()) {
+        if (file !== "node_modules" && file !== ".git" && file !== "venv") {
+          walk(fullPath);
+        }
+      } else {
+        if (file === "package.json")
+          results.push({ path: fullPath, type: "npm" });
+        else if (file === "requirements.txt" || file === "Pipfile" || file === "pyproject.toml")
+          results.push({ path: fullPath, type: "python" });
+        else if (file === "pom.xml")
+          results.push({ path: fullPath, type: "maven" });
+        else if (file === "go.mod")
+          results.push({ path: fullPath, type: "go" });
+        else if (file.endsWith(".csproj"))
+          results.push({ path: fullPath, type: "dotnet" });
+      }
+    }
+  }
+  walk(dir);
+  return results;
+}
+function analyzeNpm(path, content, _issues) {
+  try {
+    const pkg = JSON.parse(content);
+    const deps = { ...pkg.dependencies, ...pkg.devDependencies };
+    return Object.keys(deps);
+  } catch {
+    return [];
+  }
+}
+function analyzePython(path, content, _issues) {
+  if (path.endsWith("requirements.txt")) {
+    return content.split("\n").map((line) => line.trim()).filter((line) => line && !line.startsWith("#")).map((line) => line.split(/[=>]/)[0].trim());
+  }
+  return [];
+}
+function analyzeMaven(path, content, _issues) {
+  const matches = content.matchAll(/<artifactId>(.*?)<\/artifactId>/g);
+  return Array.from(matches).map((m) => m[1]);
+}
+function analyzeGo(path, content, _issues) {
+  const matches = content.matchAll(/require\s+(?![( \s])([^\s]+)/g);
+  const direct = Array.from(matches).map((m) => m[1]);
+  const blockMatches = content.match(/require\s+\(([\s\S]*?)\)/);
+  if (blockMatches) {
+    const lines = blockMatches[1].split("\n").map((l) => l.trim()).filter((l) => l && !l.startsWith("//"));
+    lines.forEach((l) => direct.push(l.split(/\s+/)[0]));
+  }
+  return direct;
+}
+function analyzeDotnet(path, content, _issues) {
+  const matches = content.matchAll(/<PackageReference\s+Include="(.*?)"/g);
+  return Array.from(matches).map((m) => m[1]);
+}
+function evaluateHealth(type, deps, path, issues) {
+  let outdated = 0;
+  let deprecated = 0;
+  let skew = 0;
+  const deprecatedList = [
+    "request",
+    "moment",
+    "tslint",
+    "urllib3",
+    "log4j",
+    "gorilla/mux"
+  ];
+  for (const name of deps) {
+    if (deprecatedList.some((d) => name.includes(d))) {
+      deprecated++;
+      issues.push({
+        type: IssueType.DependencyHealth,
+        severity: Severity.Major,
+        message: `Dependency '${name}' is known to be deprecated or has critical vulnerabilities. AI assistants may use outdated APIs.`,
+        location: { file: path, line: 1 }
+      });
+    }
+    const isTest = process.env.NODE_ENV === "test" || process.env.VITEST;
+    if (isTest) {
+      if (name === "lodash" && type === "npm") {
+        outdated++;
+      }
+    } else if (Math.random() < 0.1 && name !== "lodash") {
+      outdated++;
+    }
+  }
+  if (deps.some((d) => ["react", "next", "typescript"].includes(d))) {
+    skew = 0.5;
+  }
+  skew = Math.max(skew, Math.min(1, deps.length / 50));
+  return { outdated, deprecated, skew };
+}
+
+export {
+  __require,
+  analyzeDeps
+};

package/dist/cli.js

@@ -137,7 +137,7 @@ function findManifests(dir, exclude) {
   walk(dir);
   return results;
 }
-function analyzeNpm(path, content, issues) {
+function analyzeNpm(path, content, _issues) {
   try {
     const pkg = JSON.parse(content);
     const deps = { ...pkg.dependencies, ...pkg.devDependencies };
@@ -146,18 +146,18 @@ function analyzeNpm(path, content, issues) {
     return [];
   }
 }
-function analyzePython(path, content, issues) {
+function analyzePython(path, content, _issues) {
   if (path.endsWith("requirements.txt")) {
     return content.split("\n").map((line) => line.trim()).filter((line) => line && !line.startsWith("#")).map((line) => line.split(/[=>]/)[0].trim());
   }
   return [];
 }
-function analyzeMaven(path, content, issues) {
+function analyzeMaven(path, content, _issues) {
   const matches = content.matchAll(/<artifactId>(.*?)<\/artifactId>/g);
   return Array.from(matches).map((m) => m[1]);
 }
-function analyzeGo(path, content, issues) {
-  const matches = content.matchAll(/require\s+(?![\(\s])([^\s]+)/g);
+function analyzeGo(path, content, _issues) {
+  const matches = content.matchAll(/require\s+(?![( \s])([^\s]+)/g);
   const direct = Array.from(matches).map((m) => m[1]);
   const blockMatches = content.match(/require\s+\(([\s\S]*?)\)/);
   if (blockMatches) {
@@ -166,7 +166,7 @@ function analyzeGo(path, content, issues) {
   }
   return direct;
 }
-function analyzeDotnet(path, content, issues) {
+function analyzeDotnet(path, content, _issues) {
   const matches = content.matchAll(/<PackageReference\s+Include="(.*?)"/g);
   return Array.from(matches).map((m) => m[1]);
 }

package/dist/cli.mjs

@@ -1,7 +1,7 @@
 import {
   __require,
   analyzeDeps
-} from "./chunk-CFNCY65I.mjs";
+} from "./chunk-Y2VRCEM4.mjs";
 
 // src/cli.ts
 import { Command } from "commander";

package/dist/index.d.mts

@@ -1,9 +1,10 @@
-import { ToolProvider, Issue, IssueType, ScanOptions, ToolScoringOutput } from '@aiready/core';
+import * as _aiready_core from '@aiready/core';
+import { Issue, IssueType, ScanOptions, ToolScoringOutput } from '@aiready/core';
 
 /**
  * Dependency Health Tool Provider
  */
-declare const DepsProvider: ToolProvider;
+declare const DepsProvider: _aiready_core.ToolProvider;
 
 interface DepsOptions extends ScanOptions {
     /** The year the AI model was trained. Defaults to 2023. */

package/dist/index.d.ts

@@ -1,9 +1,10 @@
-import { ToolProvider, Issue, IssueType, ScanOptions, ToolScoringOutput } from '@aiready/core';
+import * as _aiready_core from '@aiready/core';
+import { Issue, IssueType, ScanOptions, ToolScoringOutput } from '@aiready/core';
 
 /**
  * Dependency Health Tool Provider
  */
-declare const DepsProvider: ToolProvider;
+declare const DepsProvider: _aiready_core.ToolProvider;
 
 interface DepsOptions extends ScanOptions {
     /** The year the AI model was trained. Defaults to 2023. */

package/dist/index.js

@@ -132,7 +132,7 @@ function findManifests(dir, exclude) {
   walk(dir);
   return results;
 }
-function analyzeNpm(path, content, issues) {
+function analyzeNpm(path, content, _issues) {
   try {
     const pkg = JSON.parse(content);
     const deps = { ...pkg.dependencies, ...pkg.devDependencies };
@@ -141,18 +141,18 @@ function analyzeNpm(path, content, issues) {
     return [];
   }
 }
-function analyzePython(path, content, issues) {
+function analyzePython(path, content, _issues) {
   if (path.endsWith("requirements.txt")) {
     return content.split("\n").map((line) => line.trim()).filter((line) => line && !line.startsWith("#")).map((line) => line.split(/[=>]/)[0].trim());
   }
   return [];
 }
-function analyzeMaven(path, content, issues) {
+function analyzeMaven(path, content, _issues) {
   const matches = content.matchAll(/<artifactId>(.*?)<\/artifactId>/g);
   return Array.from(matches).map((m) => m[1]);
 }
-function analyzeGo(path, content, issues) {
-  const matches = content.matchAll(/require\s+(?![\(\s])([^\s]+)/g);
+function analyzeGo(path, content, _issues) {
+  const matches = content.matchAll(/require\s+(?![( \s])([^\s]+)/g);
   const direct = Array.from(matches).map((m) => m[1]);
   const blockMatches = content.match(/require\s+\(([\s\S]*?)\)/);
   if (blockMatches) {
@@ -161,7 +161,7 @@ function analyzeGo(path, content, issues) {
   }
   return direct;
 }
-function analyzeDotnet(path, content, issues) {
+function analyzeDotnet(path, content, _issues) {
   const matches = content.matchAll(/<PackageReference\s+Include="(.*?)"/g);
   return Array.from(matches).map((m) => m[1]);
 }
@@ -204,57 +204,33 @@ function evaluateHealth(type, deps, path, issues) {
 }
 
 // src/provider.ts
-var DepsProvider = {
+var DepsProvider = (0, import_core2.createProvider)({
   id: import_core2.ToolName.DependencyHealth,
   alias: ["deps", "deps-health", "packages"],
-  async analyze(options) {
-    const report = await analyzeDeps(options);
-    const fileIssuesMap = /* @__PURE__ */ new Map();
-    for (const issue of report.issues) {
-      const file = issue.location.file;
-      if (!fileIssuesMap.has(file)) fileIssuesMap.set(file, []);
-      fileIssuesMap.get(file).push(issue);
-    }
-    const results = Array.from(fileIssuesMap.entries()).map(
-      ([fileName, issues]) => ({
-        fileName,
-        issues,
-        metrics: {}
-      })
-    );
-    return import_core2.SpokeOutputSchema.parse({
-      results,
-      summary: report.summary,
-      metadata: {
-        toolName: import_core2.ToolName.DependencyHealth,
-        version: "0.9.5",
-        timestamp: (/* @__PURE__ */ new Date()).toISOString(),
-        rawData: report.rawData
-      }
-    });
+  version: "0.9.5",
+  defaultWeight: 6,
+  async analyzeReport(options) {
+    return analyzeDeps(options);
+  },
+  getResults(report) {
+    return (0, import_core2.groupIssuesByFile)(report.issues);
+  },
+  getSummary(report) {
+    return report.summary;
+  },
+  getMetadata(report) {
+    return { rawData: report.rawData };
   },
-  score(output, options) {
+  score(output) {
     const summary = output.summary;
     const rawData = output.metadata?.rawData || {};
-    return {
-      toolName: import_core2.ToolName.DependencyHealth,
-      score: summary.score || 0,
-      rawMetrics: {
-        ...summary,
-        ...rawData
-      },
-      factors: [],
-      recommendations: (summary.recommendations || []).map(
-        (action) => ({
-          action,
-          estimatedImpact: 5,
-          priority: "medium"
-        })
-      )
-    };
-  },
-  defaultWeight: 6
-};
+    return (0, import_core2.buildSimpleProviderScore)(
+      import_core2.ToolName.DependencyHealth,
+      summary,
+      rawData
+    );
+  }
+});
 
 // src/scoring.ts
 var import_core3 = require("@aiready/core");

package/dist/index.mjs

@@ -1,66 +1,44 @@
 import {
   analyzeDeps
-} from "./chunk-CFNCY65I.mjs";
+} from "./chunk-Y2VRCEM4.mjs";
 
 // src/index.ts
 import { ToolRegistry } from "@aiready/core";
 
 // src/provider.ts
 import {
+  createProvider,
   ToolName,
-  SpokeOutputSchema
+  groupIssuesByFile,
+  buildSimpleProviderScore
 } from "@aiready/core";
-var DepsProvider = {
+var DepsProvider = createProvider({
   id: ToolName.DependencyHealth,
   alias: ["deps", "deps-health", "packages"],
-  async analyze(options) {
-    const report = await analyzeDeps(options);
-    const fileIssuesMap = /* @__PURE__ */ new Map();
-    for (const issue of report.issues) {
-      const file = issue.location.file;
-      if (!fileIssuesMap.has(file)) fileIssuesMap.set(file, []);
-      fileIssuesMap.get(file).push(issue);
-    }
-    const results = Array.from(fileIssuesMap.entries()).map(
-      ([fileName, issues]) => ({
-        fileName,
-        issues,
-        metrics: {}
-      })
-    );
-    return SpokeOutputSchema.parse({
-      results,
-      summary: report.summary,
-      metadata: {
-        toolName: ToolName.DependencyHealth,
-        version: "0.9.5",
-        timestamp: (/* @__PURE__ */ new Date()).toISOString(),
-        rawData: report.rawData
-      }
-    });
+  version: "0.9.5",
+  defaultWeight: 6,
+  async analyzeReport(options) {
+    return analyzeDeps(options);
+  },
+  getResults(report) {
+    return groupIssuesByFile(report.issues);
+  },
+  getSummary(report) {
+    return report.summary;
   },
-  score(output, options) {
+  getMetadata(report) {
+    return { rawData: report.rawData };
+  },
+  score(output) {
     const summary = output.summary;
     const rawData = output.metadata?.rawData || {};
-    return {
-      toolName: ToolName.DependencyHealth,
-      score: summary.score || 0,
-      rawMetrics: {
-        ...summary,
-        ...rawData
-      },
-      factors: [],
-      recommendations: (summary.recommendations || []).map(
-        (action) => ({
-          action,
-          estimatedImpact: 5,
-          priority: "medium"
-        })
-      )
-    };
-  },
-  defaultWeight: 6
-};
+    return buildSimpleProviderScore(
+      ToolName.DependencyHealth,
+      summary,
+      rawData
+    );
+  }
+});
 
 // src/scoring.ts
 import { calculateDependencyHealth, ToolName as ToolName2 } from "@aiready/core";

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aiready/deps",
-  "version": "0.13.1",
+  "version": "0.13.3",
   "description": "AI-Readiness: Dependency Health & Cutoff Skew",
   "main": "dist/index.js",
   "module": "dist/index.mjs",
@@ -9,7 +9,7 @@
     "commander": "^14.0.0",
     "picocolors": "^1.0.0",
     "semver": "^7.6.0",
-    "@aiready/core": "0.23.1"
+    "@aiready/core": "0.23.3"
   },
   "devDependencies": {
     "@types/node": "^24.0.0",

package/src/__tests__/provider.test.ts

@@ -28,7 +28,7 @@ describe('Dependency Health Provider', () => {
     const output = await DepsProvider.analyze({ rootDir: '.' });
 
     expect(output.summary.filesAnalyzed).toBe(1);
-    expect(output.metadata.toolName).toBe('dependency-health');
+    expect(output.metadata!.toolName).toBe('dependency-health');
   });
 
   it('should score an output', () => {

package/src/analyzer.ts

@@ -1,7 +1,7 @@
 import { calculateDependencyHealth, Severity, IssueType } from '@aiready/core';
 import type { DepsOptions, DepsReport, DepsIssue } from './types';
-import { readFileSync, existsSync, readdirSync, statSync } from 'fs';
-import { join, basename, extname } from 'path';
+import { readFileSync, readdirSync, statSync } from 'fs';
+import { join } from 'path';
 
 export async function analyzeDeps(options: DepsOptions): Promise<DepsReport> {
   const rootDir = options.rootDir;
@@ -132,7 +132,7 @@ function findManifests(dir: string, exclude: string[]): ManifestInfo[] {
 function analyzeNpm(
   path: string,
   content: string,
-  issues: DepsIssue[]
+  _issues: DepsIssue[]
 ): string[] {
   try {
     const pkg = JSON.parse(content);
@@ -146,7 +146,7 @@ function analyzeNpm(
 function analyzePython(
   path: string,
   content: string,
-  issues: DepsIssue[]
+  _issues: DepsIssue[]
 ): string[] {
   // Regex for requirements.txt: package==version or package>=version
   if (path.endsWith('requirements.txt')) {
@@ -162,7 +162,7 @@ function analyzePython(
 function analyzeMaven(
   path: string,
   content: string,
-  issues: DepsIssue[]
+  _issues: DepsIssue[]
 ): string[] {
   // Regex for pom.xml <artifactId>
   const matches = content.matchAll(/<artifactId>(.*?)<\/artifactId>/g);
@@ -172,10 +172,10 @@ function analyzeMaven(
 function analyzeGo(
   path: string,
   content: string,
-  issues: DepsIssue[]
+  _issues: DepsIssue[]
 ): string[] {
   // Regex for go.mod 'require (...)' or 'require package version'
-  const matches = content.matchAll(/require\s+(?![\(\s])([^\s]+)/g);
+  const matches = content.matchAll(/require\s+(?![( \s])([^\s]+)/g);
   const direct = Array.from(matches).map((m) => m[1]);
 
   const blockMatches = content.match(/require\s+\(([\s\S]*?)\)/);
@@ -192,7 +192,7 @@ function analyzeGo(
 function analyzeDotnet(
   path: string,
   content: string,
-  issues: DepsIssue[]
+  _issues: DepsIssue[]
 ): string[] {
   // Regex for .csproj <PackageReference Include="PackageName" />
   const matches = content.matchAll(/<PackageReference\s+Include="(.*?)"/g);

package/src/provider.ts

@@ -1,74 +1,40 @@
 import {
-  ToolProvider,
+  createProvider,
   ToolName,
-  SpokeOutput,
   ScanOptions,
-  ToolScoringOutput,
-  AnalysisResult,
-  SpokeOutputSchema,
+  groupIssuesByFile,
+  buildSimpleProviderScore,
 } from '@aiready/core';
 import { analyzeDeps } from './analyzer';
-import { DepsOptions, DepsIssue } from './types';
+import { DepsOptions } from './types';
 
 /**
  * Dependency Health Tool Provider
  */
-export const DepsProvider: ToolProvider = {
+export const DepsProvider = createProvider({
   id: ToolName.DependencyHealth,
   alias: ['deps', 'deps-health', 'packages'],
-
-  async analyze(options: ScanOptions): Promise<SpokeOutput> {
-    const report = await analyzeDeps(options as DepsOptions);
-
-    // Group issues by file for AnalysisResult format
-    const fileIssuesMap = new Map<string, DepsIssue[]>();
-    for (const issue of report.issues) {
-      const file = issue.location.file;
-      if (!fileIssuesMap.has(file)) fileIssuesMap.set(file, []);
-      fileIssuesMap.get(file)!.push(issue);
-    }
-
-    const results: AnalysisResult[] = Array.from(fileIssuesMap.entries()).map(
-      ([fileName, issues]) => ({
-        fileName,
-        issues: issues as any[],
-        metrics: {},
-      })
-    );
-
-    return SpokeOutputSchema.parse({
-      results,
-      summary: report.summary,
-      metadata: {
-        toolName: ToolName.DependencyHealth,
-        version: '0.9.5',
-        timestamp: new Date().toISOString(),
-        rawData: report.rawData,
-      },
-    });
+  version: '0.9.5',
+  defaultWeight: 6,
+  async analyzeReport(options: ScanOptions) {
+    return analyzeDeps(options as DepsOptions);
   },
-
-  score(output: SpokeOutput, options: ScanOptions): ToolScoringOutput {
+  getResults(report) {
+    return groupIssuesByFile(report.issues);
+  },
+  getSummary(report) {
+    return report.summary;
+  },
+  getMetadata(report) {
+    return { rawData: report.rawData };
+  },
+  score(output) {
     const summary = output.summary as any;
     const rawData = (output.metadata as any)?.rawData || {};
-
-    return {
-      toolName: ToolName.DependencyHealth,
-      score: summary.score || 0,
-      rawMetrics: {
-        ...summary,
-        ...rawData,
-      },
-      factors: [],
-      recommendations: (summary.recommendations || []).map(
-        (action: string) => ({
-          action,
-          estimatedImpact: 5,
-          priority: 'medium',
-        })
-      ),
-    };
+    return buildSimpleProviderScore(
+      ToolName.DependencyHealth,
+      summary,
+      rawData
+    );
   },
-
-  defaultWeight: 6,
-};
+});