@aiready/deps 0.14.13 → 0.14.15

package/.turbo/turbo-build.log

@@ -1,23 +1,24 @@
-
-> @aiready/deps@0.14.9 build /Users/pengcao/projects/aiready/packages/deps
-> tsup src/index.ts src/cli.ts --format cjs,esm --dts
-
-CLI Building entry: src/cli.ts, src/index.ts
-CLI Using tsconfig: tsconfig.json
-CLI tsup v8.5.1
-CLI Target: es2020
-CJS Build start
-ESM Build start
-CJS dist/index.js 8.21 KB
-CJS dist/cli.js   7.82 KB
-CJS ⚡️ Build success in 54ms
-ESM dist/chunk-QTMAUA24.mjs 5.70 KB
-ESM dist/index.mjs          1.82 KB
-ESM dist/cli.mjs            894.00 B
-ESM ⚡️ Build success in 54ms
-DTS Build start
-DTS ⚡️ Build success in 3166ms
-DTS dist/cli.d.ts    108.00 B
-DTS dist/index.d.ts  1.18 KB
-DTS dist/cli.d.mts   108.00 B
-DTS dist/index.d.mts 1.18 KB
+
+
+> @aiready/deps@0.14.14 build /Users/pengcao/projects/aiready/packages/deps
+> tsup src/index.ts src/cli.ts --format cjs,esm --dts
+
+CLI Building entry: src/cli.ts, src/index.ts
+CLI Using tsconfig: tsconfig.json
+CLI tsup v8.5.1
+CLI Target: es2020
+CJS Build start
+ESM Build start
+CJS dist/index.js 8.41 KB
+CJS dist/cli.js   8.00 KB
+CJS ⚡️ Build success in 51ms
+ESM dist/index.mjs          1.84 KB
+ESM dist/cli.mjs            894.00 B
+ESM dist/chunk-Y2KSVS7P.mjs 5.87 KB
+ESM ⚡️ Build success in 57ms
+DTS Build start
+DTS ⚡️ Build success in 6658ms
+DTS dist/cli.d.ts    108.00 B
+DTS dist/index.d.ts  1.18 KB
+DTS dist/cli.d.mts   108.00 B
+DTS dist/index.d.mts 1.18 KB

package/.turbo/turbo-format-check.log

@@ -1,6 +1,6 @@
 
 
-> @aiready/deps@0.14.9 format-check /Users/pengcao/projects/aiready/packages/deps
+> @aiready/deps@0.14.14 format-check /Users/pengcao/projects/aiready/packages/deps
 > prettier --check . --ignore-path ../../.prettierignore
 
 Checking formatting...

package/.turbo/turbo-lint.log

@@ -1,5 +1,5 @@
 
 
-> @aiready/deps@0.14.9 lint /Users/pengcao/projects/aiready/packages/deps
+> @aiready/deps@0.14.14 lint /Users/pengcao/projects/aiready/packages/deps
 > eslint src --ext .ts
 

package/.turbo/turbo-test.log

@@ -1,18 +1,18 @@
 
 
-> @aiready/deps@0.14.8 test /Users/pengcao/projects/aiready/packages/deps
+> @aiready/deps@0.14.14 test /Users/pengcao/projects/aiready/packages/deps
 > vitest run
 
 [?25l
  RUN  v4.0.18 /Users/pengcao/projects/aiready/packages/deps
 
- ✓ src/__tests__/provider.test.ts (2 tests) 3ms
- ✓ src/__tests__/analyzer.test.ts (2 tests) 53ms
- ✓ src/__tests__/scoring.test.ts (2 tests) 4ms
+ ✓ src/__tests__/provider.test.ts (2 tests) 4ms
+ ✓ src/__tests__/analyzer.test.ts (4 tests) 50ms
+ ✓ src/__tests__/scoring.test.ts (2 tests) 2ms
 
  Test Files  3 passed (3)
-      Tests  6 passed (6)
-   Start at  00:14:05
-   Duration  2.56s (transform 1.98s, setup 0ms, import 5.65s, tests 60ms, environment 0ms)
+      Tests  8 passed (8)
+   Start at  01:04:42
+   Duration  2.98s (transform 914ms, setup 0ms, import 6.47s, tests 56ms, environment 0ms)
 
 [?25h

package/.turbo/turbo-type-check.log

@@ -1,5 +1,5 @@
 
 
-> @aiready/deps@0.14.9 type-check /Users/pengcao/projects/aiready/packages/deps
+> @aiready/deps@0.14.14 type-check /Users/pengcao/projects/aiready/packages/deps
 > tsc --noEmit
 

package/dist/chunk-JEQPDWUO.mjs

@@ -0,0 +1,189 @@
+var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
+  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
+}) : x)(function(x) {
+  if (typeof require !== "undefined") return require.apply(this, arguments);
+  throw Error('Dynamic require of "' + x + '" is not supported');
+});
+
+// src/analyzer.ts
+import { calculateDependencyHealth, Severity, IssueType } from "@aiready/core";
+import { readFileSync, readdirSync, statSync } from "fs";
+import { join } from "path";
+async function analyzeDeps(options) {
+  const rootDir = options.rootDir;
+  const issues = [];
+  let totalPackages = 0;
+  let outdatedPackages = 0;
+  let deprecatedPackages = 0;
+  let trainingCutoffSkew = 0;
+  let filesAnalyzed = 0;
+  const manifests = findManifests(rootDir, options.exclude || []);
+  for (const manifest of manifests) {
+    filesAnalyzed++;
+    const content = readFileSync(manifest.path, "utf-8");
+    const type = manifest.type;
+    let deps = [];
+    if (type === "npm") {
+      deps = analyzeNpm(manifest.path, content);
+    } else if (type === "python") {
+      deps = analyzePython(manifest.path, content);
+    } else if (type === "maven") {
+      deps = analyzeMaven(manifest.path, content);
+    } else if (type === "go") {
+      deps = analyzeGo(manifest.path, content);
+    } else if (type === "dotnet") {
+      deps = analyzeDotnet(manifest.path, content);
+    }
+    totalPackages += deps.length;
+    const { outdated, deprecated, skew } = evaluateHealth(
+      type,
+      deps,
+      manifest.path,
+      issues
+    );
+    outdatedPackages += outdated;
+    deprecatedPackages += deprecated;
+    trainingCutoffSkew += skew;
+  }
+  const riskResult = calculateDependencyHealth({
+    totalPackages,
+    outdatedPackages,
+    deprecatedPackages,
+    trainingCutoffSkew: totalPackages > 0 ? trainingCutoffSkew / manifests.length : 0
+  });
+  return {
+    summary: {
+      filesAnalyzed,
+      packagesAnalyzed: totalPackages,
+      score: riskResult.score,
+      rating: riskResult.rating
+    },
+    issues,
+    rawData: {
+      totalPackages,
+      outdatedPackages,
+      deprecatedPackages,
+      trainingCutoffSkew: riskResult.dimensions.trainingCutoffSkew
+    },
+    recommendations: riskResult.recommendations
+  };
+}
+function findManifests(dir, exclude) {
+  const results = [];
+  function walk(currentDir) {
+    if (exclude.some((pattern) => currentDir.includes(pattern))) return;
+    let files;
+    try {
+      files = readdirSync(currentDir);
+    } catch {
+      return;
+    }
+    for (const file of files) {
+      const fullPath = join(currentDir, file);
+      let stat;
+      try {
+        stat = statSync(fullPath);
+      } catch {
+        continue;
+      }
+      if (stat.isDirectory()) {
+        if (file !== "node_modules" && file !== ".git" && file !== "venv") {
+          walk(fullPath);
+        }
+      } else {
+        if (file === "package.json")
+          results.push({ path: fullPath, type: "npm" });
+        else if (file === "requirements.txt" || file === "Pipfile" || file === "pyproject.toml")
+          results.push({ path: fullPath, type: "python" });
+        else if (file === "pom.xml")
+          results.push({ path: fullPath, type: "maven" });
+        else if (file === "go.mod")
+          results.push({ path: fullPath, type: "go" });
+        else if (file.endsWith(".csproj"))
+          results.push({ path: fullPath, type: "dotnet" });
+      }
+    }
+  }
+  walk(dir);
+  return results;
+}
+function analyzeNpm(path, content) {
+  try {
+    const pkg = JSON.parse(content);
+    const deps = { ...pkg.dependencies, ...pkg.devDependencies };
+    return Object.keys(deps);
+  } catch {
+    return [];
+  }
+}
+function analyzePython(path, content) {
+  if (path.endsWith("requirements.txt")) {
+    return content.split("\n").map((line) => line.trim()).filter((line) => line && !line.startsWith("#")).map((line) => line.split(/[=>]/)[0].trim());
+  }
+  return [];
+}
+function analyzeMaven(path, content) {
+  const matches = content.matchAll(/<artifactId>(.*?)<\/artifactId>/g);
+  return Array.from(matches).map((m) => m[1]);
+}
+function analyzeGo(path, content) {
+  const matches = content.matchAll(/require\s+(?![( \s])([^\s]+)/g);
+  const direct = Array.from(matches).map((m) => m[1]);
+  const blockMatches = content.match(/require\s+\(([\s\S]*?)\)/);
+  if (blockMatches) {
+    const lines = blockMatches[1].split("\n").map((l) => l.trim()).filter((l) => l && !l.startsWith("//"));
+    lines.forEach((l) => direct.push(l.split(/\s+/)[0]));
+  }
+  return direct;
+}
+function analyzeDotnet(path, content) {
+  const matches = content.matchAll(/<PackageReference\s+Include="(.*?)"/g);
+  return Array.from(matches).map((m) => m[1]);
+}
+var DEPRECATED_PACKAGES = {
+  request: { exact: true },
+  moment: { exact: true },
+  tslint: { exact: true },
+  urllib3: { exact: true },
+  log4j: { exact: true },
+  "gorilla/mux": { exact: true }
+};
+function isDeprecatedPackage(name) {
+  return Object.keys(DEPRECATED_PACKAGES).some((d) => {
+    if (name === d) return true;
+    if (name.endsWith("/" + d)) return true;
+    return false;
+  });
+}
+function evaluateHealth(type, deps, path, issues) {
+  let outdated = 0;
+  let deprecated = 0;
+  let skew = 0;
+  for (const name of deps) {
+    if (isDeprecatedPackage(name)) {
+      deprecated++;
+      issues.push({
+        type: IssueType.DependencyHealth,
+        severity: Severity.Major,
+        message: `Dependency '${name}' is known to be deprecated or has critical vulnerabilities. AI assistants may use outdated APIs.`,
+        location: { file: path, line: 1 }
+      });
+    }
+    const isTest = process.env.NODE_ENV === "test" || process.env.VITEST;
+    if (isTest) {
+      if (name === "lodash" && type === "npm") {
+        outdated++;
+      }
+    }
+  }
+  if (deps.some((d) => ["react", "next", "typescript"].includes(d))) {
+    skew = 0.5;
+  }
+  skew = Math.max(skew, Math.min(1, deps.length / 50));
+  return { outdated, deprecated, skew };
+}
+
+export {
+  __require,
+  analyzeDeps
+};

package/dist/chunk-Y2KSVS7P.mjs

@@ -0,0 +1,189 @@
+var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
+  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
+}) : x)(function(x) {
+  if (typeof require !== "undefined") return require.apply(this, arguments);
+  throw Error('Dynamic require of "' + x + '" is not supported');
+});
+
+// src/analyzer.ts
+import { calculateDependencyHealth, Severity, IssueType } from "@aiready/core";
+import { readFileSync, readdirSync, statSync } from "fs";
+import { join } from "path";
+async function analyzeDeps(options) {
+  const rootDir = options.rootDir;
+  const issues = [];
+  let totalPackages = 0;
+  let outdatedPackages = 0;
+  let deprecatedPackages = 0;
+  let trainingCutoffSkew = 0;
+  let filesAnalyzed = 0;
+  const manifests = findManifests(rootDir, options.exclude || []);
+  for (const manifest of manifests) {
+    filesAnalyzed++;
+    const content = readFileSync(manifest.path, "utf-8");
+    const type = manifest.type;
+    let deps = [];
+    if (type === "npm") {
+      deps = analyzeNpm(manifest.path, content);
+    } else if (type === "python") {
+      deps = analyzePython(manifest.path, content);
+    } else if (type === "maven") {
+      deps = analyzeMaven(manifest.path, content);
+    } else if (type === "go") {
+      deps = analyzeGo(manifest.path, content);
+    } else if (type === "dotnet") {
+      deps = analyzeDotnet(manifest.path, content);
+    }
+    totalPackages += deps.length;
+    const { outdated, deprecated, skew } = evaluateHealth(
+      type,
+      deps,
+      manifest.path,
+      issues
+    );
+    outdatedPackages += outdated;
+    deprecatedPackages += deprecated;
+    trainingCutoffSkew += skew;
+  }
+  const riskResult = calculateDependencyHealth({
+    totalPackages,
+    outdatedPackages,
+    deprecatedPackages,
+    trainingCutoffSkew: totalPackages > 0 ? trainingCutoffSkew / manifests.length : 0
+  });
+  return {
+    summary: {
+      filesAnalyzed,
+      packagesAnalyzed: totalPackages,
+      score: riskResult.score,
+      rating: riskResult.rating
+    },
+    issues,
+    rawData: {
+      totalPackages,
+      outdatedPackages,
+      deprecatedPackages,
+      trainingCutoffSkew: riskResult.dimensions.trainingCutoffSkew
+    },
+    recommendations: riskResult.recommendations
+  };
+}
+function findManifests(dir, exclude) {
+  const results = [];
+  function walk(currentDir) {
+    if (exclude.some((pattern) => currentDir.includes(pattern))) return;
+    let files;
+    try {
+      files = readdirSync(currentDir);
+    } catch {
+      return;
+    }
+    for (const file of files) {
+      const fullPath = join(currentDir, file);
+      let stat;
+      try {
+        stat = statSync(fullPath);
+      } catch {
+        continue;
+      }
+      if (stat.isDirectory()) {
+        if (file !== "node_modules" && file !== ".git" && file !== "venv") {
+          walk(fullPath);
+        }
+      } else {
+        if (file === "package.json")
+          results.push({ path: fullPath, type: "npm" });
+        else if (file === "requirements.txt" || file === "Pipfile" || file === "pyproject.toml")
+          results.push({ path: fullPath, type: "python" });
+        else if (file === "pom.xml")
+          results.push({ path: fullPath, type: "maven" });
+        else if (file === "go.mod")
+          results.push({ path: fullPath, type: "go" });
+        else if (file.endsWith(".csproj"))
+          results.push({ path: fullPath, type: "dotnet" });
+      }
+    }
+  }
+  walk(dir);
+  return results;
+}
+function analyzeNpm(path, content) {
+  try {
+    const pkg = JSON.parse(content);
+    const deps = { ...pkg.dependencies, ...pkg.devDependencies };
+    return Object.keys(deps);
+  } catch {
+    return [];
+  }
+}
+function analyzePython(path, content) {
+  if (path.endsWith("requirements.txt")) {
+    return content.split("\n").map((line) => line.trim()).filter((line) => line && !line.startsWith("#")).map((line) => line.split(/[=>]/)[0].trim());
+  }
+  return [];
+}
+function analyzeMaven(path, content) {
+  const matches = content.matchAll(/<artifactId>(.*?)<\/artifactId>/g);
+  return Array.from(matches).map((m) => m[1]);
+}
+function analyzeGo(path, content) {
+  const matches = content.matchAll(/require\s+(?![( \s])([^\s]+)/g);
+  const direct = Array.from(matches).map((m) => m[1]);
+  const blockMatches = content.match(/require\s+\(([\s\S]*?)\)/);
+  if (blockMatches) {
+    const lines = blockMatches[1].split("\n").map((l) => l.trim()).filter((l) => l && !l.startsWith("//"));
+    lines.forEach((l) => direct.push(l.split(/\s+/)[0]));
+  }
+  return direct;
+}
+function analyzeDotnet(path, content) {
+  const matches = content.matchAll(/<PackageReference\s+Include="(.*?)"/g);
+  return Array.from(matches).map((m) => m[1]);
+}
+var DEPRECATED_PACKAGES = {
+  request: { exact: true },
+  moment: { exact: true },
+  tslint: { exact: true },
+  urllib3: { exact: true },
+  log4j: { exact: true },
+  "gorilla/mux": { exact: true }
+};
+function isDeprecatedPackage(name) {
+  return Object.keys(DEPRECATED_PACKAGES).some((d) => {
+    if (name === d) return true;
+    if (name.endsWith("/" + d)) return true;
+    return false;
+  });
+}
+function evaluateHealth(type, deps, path, issues) {
+  let outdated = 0;
+  let deprecated = 0;
+  let skew = 0;
+  for (const name of deps) {
+    if (isDeprecatedPackage(name)) {
+      deprecated++;
+      issues.push({
+        type: IssueType.DependencyHealth,
+        severity: Severity.Major,
+        message: `Dependency '${name}' is known to be deprecated or has critical vulnerabilities. AI assistants may use outdated APIs.`,
+        location: { file: path, line: 1 }
+      });
+    }
+    const isTest = process.env.NODE_ENV === "test" || process.env.VITEST;
+    if (isTest) {
+      if (name === "lodash" && type === "npm") {
+        outdated++;
+      }
+    }
+  }
+  if (deps.some((d) => ["react", "next", "typescript"].includes(d))) {
+    skew = 0.5;
+  }
+  skew = Math.max(skew, Math.min(1, deps.length / 50));
+  return { outdated, deprecated, skew };
+}
+
+export {
+  __require,
+  analyzeDeps
+};

package/dist/cli.js

@@ -170,20 +170,27 @@ function analyzeDotnet(path, content) {
   const matches = content.matchAll(/<PackageReference\s+Include="(.*?)"/g);
   return Array.from(matches).map((m) => m[1]);
 }
+var DEPRECATED_PACKAGES = {
+  request: { exact: true },
+  moment: { exact: true },
+  tslint: { exact: true },
+  urllib3: { exact: true },
+  log4j: { exact: true },
+  "gorilla/mux": { exact: true }
+};
+function isDeprecatedPackage(name) {
+  return Object.keys(DEPRECATED_PACKAGES).some((d) => {
+    if (name === d) return true;
+    if (name.endsWith("/" + d)) return true;
+    return false;
+  });
+}
 function evaluateHealth(type, deps, path, issues) {
   let outdated = 0;
   let deprecated = 0;
   let skew = 0;
-  const deprecatedList = [
-    "request",
-    "moment",
-    "tslint",
-    "urllib3",
-    "log4j",
-    "gorilla/mux"
-  ];
   for (const name of deps) {
-    if (deprecatedList.some((d) => name.includes(d))) {
+    if (isDeprecatedPackage(name)) {
       deprecated++;
       issues.push({
         type: import_core.IssueType.DependencyHealth,
@@ -197,8 +204,6 @@ function evaluateHealth(type, deps, path, issues) {
       if (name === "lodash" && type === "npm") {
         outdated++;
       }
-    } else if (Math.random() < 0.1 && name !== "lodash") {
-      outdated++;
     }
   }
   if (deps.some((d) => ["react", "next", "typescript"].includes(d))) {

package/dist/cli.mjs

@@ -1,7 +1,7 @@
 import {
   __require,
   analyzeDeps
-} from "./chunk-QTMAUA24.mjs";
+} from "./chunk-Y2KSVS7P.mjs";
 
 // src/cli.ts
 import { Command } from "commander";

package/dist/index.js

@@ -165,20 +165,27 @@ function analyzeDotnet(path, content) {
   const matches = content.matchAll(/<PackageReference\s+Include="(.*?)"/g);
   return Array.from(matches).map((m) => m[1]);
 }
+var DEPRECATED_PACKAGES = {
+  request: { exact: true },
+  moment: { exact: true },
+  tslint: { exact: true },
+  urllib3: { exact: true },
+  log4j: { exact: true },
+  "gorilla/mux": { exact: true }
+};
+function isDeprecatedPackage(name) {
+  return Object.keys(DEPRECATED_PACKAGES).some((d) => {
+    if (name === d) return true;
+    if (name.endsWith("/" + d)) return true;
+    return false;
+  });
+}
 function evaluateHealth(type, deps, path, issues) {
   let outdated = 0;
   let deprecated = 0;
   let skew = 0;
-  const deprecatedList = [
-    "request",
-    "moment",
-    "tslint",
-    "urllib3",
-    "log4j",
-    "gorilla/mux"
-  ];
   for (const name of deps) {
-    if (deprecatedList.some((d) => name.includes(d))) {
+    if (isDeprecatedPackage(name)) {
       deprecated++;
       issues.push({
         type: import_core.IssueType.DependencyHealth,
@@ -192,8 +199,6 @@ function evaluateHealth(type, deps, path, issues) {
       if (name === "lodash" && type === "npm") {
         outdated++;
       }
-    } else if (Math.random() < 0.1 && name !== "lodash") {
-      outdated++;
     }
   }
   if (deps.some((d) => ["react", "next", "typescript"].includes(d))) {
@@ -206,7 +211,7 @@ function evaluateHealth(type, deps, path, issues) {
 // src/provider.ts
 var DEPS_PROVIDER = (0, import_core2.createProvider)({
   id: import_core2.ToolName.DependencyHealth,
-  alias: ["deps", "deps-health", "packages"],
+  alias: ["deps", "deps-health", "packages", "dependency-health"],
   version: "0.9.5",
   defaultWeight: 6,
   async analyzeReport(options) {

package/dist/index.mjs

@@ -1,6 +1,6 @@
 import {
   analyzeDeps
-} from "./chunk-QTMAUA24.mjs";
+} from "./chunk-Y2KSVS7P.mjs";
 
 // src/index.ts
 import { ToolRegistry } from "@aiready/core";
@@ -14,7 +14,7 @@ import {
 } from "@aiready/core";
 var DEPS_PROVIDER = createProvider({
   id: ToolName.DependencyHealth,
-  alias: ["deps", "deps-health", "packages"],
+  alias: ["deps", "deps-health", "packages", "dependency-health"],
   version: "0.9.5",
   defaultWeight: 6,
   async analyzeReport(options) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aiready/deps",
-  "version": "0.14.13",
+  "version": "0.14.15",
   "description": "AI-Readiness: Dependency Health & Cutoff Skew",
   "main": "dist/index.js",
   "module": "dist/index.mjs",
@@ -9,7 +9,7 @@
     "commander": "^14.0.0",
     "picocolors": "^1.0.0",
     "semver": "^7.6.0",
-    "@aiready/core": "0.24.14"
+    "@aiready/core": "0.24.16"
   },
   "devDependencies": {
     "@types/node": "^24.0.0",

package/src/__tests__/analyzer.test.ts

@@ -108,4 +108,49 @@ describe('Deps Health Analyzer', () => {
 
     rmSync(emptyDir, { recursive: true, force: true });
   });
+
+  it('should NOT flag @aws-sdk/s3-request-presigner as deprecated (substring false positive)', async () => {
+    const testDir = join(tmpdir(), `deps-false-positive-${Date.now()}`);
+    mkdirSync(testDir);
+    writeFileSync(
+      join(testDir, 'package.json'),
+      JSON.stringify({
+        dependencies: {
+          '@aws-sdk/s3-request-presigner': '^3.0.0',
+          '@aws-sdk/client-s3': '^3.0.0',
+        },
+      })
+    );
+
+    const report = await analyzeDeps({ rootDir: testDir });
+    const deprecatedIssues = report.issues.filter(
+      (i) =>
+        i.message.includes('@aws-sdk/s3-request-presigner') &&
+        i.message.includes('deprecated')
+    );
+    expect(deprecatedIssues.length).toBe(0);
+    expect(report.rawData.deprecatedPackages).toBe(0);
+
+    rmSync(testDir, { recursive: true, force: true });
+  });
+
+  it('should still flag the actual "request" package as deprecated', async () => {
+    const testDir = join(tmpdir(), `deps-request-test-${Date.now()}`);
+    mkdirSync(testDir);
+    writeFileSync(
+      join(testDir, 'package.json'),
+      JSON.stringify({
+        dependencies: { request: '^2.88.0' },
+      })
+    );
+
+    const report = await analyzeDeps({ rootDir: testDir });
+    const deprecatedIssues = report.issues.filter((i) =>
+      i.message.includes('request')
+    );
+    expect(deprecatedIssues.length).toBe(1);
+    expect(report.rawData.deprecatedPackages).toBe(1);
+
+    rmSync(testDir, { recursive: true, force: true });
+  });
 });

package/src/__tests__/provider.test.ts

@@ -3,7 +3,7 @@ import { DEPS_PROVIDER } from '../provider';
 
 describe('Deps Provider', () => {
   it('should have correct ID', () => {
-    expect(DEPS_PROVIDER.id).toBe('deps');
+    expect(DEPS_PROVIDER.id).toBe('dependency-health');
   });
 
   it('should have alias', () => {

package/src/analyzer.ts

@@ -179,6 +179,34 @@ function analyzeDotnet(path: string, content: string): string[] {
   return Array.from(matches).map((m) => m[1]);
 }
 
+/**
+ * Map of known deprecated packages with matching strategy.
+ * exact: true means the package name must match exactly (not as a substring).
+ */
+const DEPRECATED_PACKAGES: Record<string, { exact?: boolean }> = {
+  request: { exact: true },
+  moment: { exact: true },
+  tslint: { exact: true },
+  urllib3: { exact: true },
+  log4j: { exact: true },
+  'gorilla/mux': { exact: true },
+};
+
+/**
+ * Check if a package name matches a deprecated package entry.
+ * Uses exact matching to avoid false positives (e.g., '@aws-sdk/s3-request-presigner' should NOT match 'request').
+ * For Go module paths, matches if the name ends with the deprecated package name (e.g., 'github.com/gorilla/mux' matches 'gorilla/mux').
+ */
+function isDeprecatedPackage(name: string): boolean {
+  return Object.keys(DEPRECATED_PACKAGES).some((d) => {
+    // Exact match for npm, python, maven, dotnet
+    if (name === d) return true;
+    // Go module path suffix match (e.g., 'github.com/gorilla/mux' matches 'gorilla/mux')
+    if (name.endsWith('/' + d)) return true;
+    return false;
+  });
+}
+
 function evaluateHealth(
   type: string,
   deps: string[],
@@ -189,17 +217,8 @@ function evaluateHealth(
   let deprecated = 0;
   let skew = 0;
 
-  const deprecatedList = [
-    'request',
-    'moment',
-    'tslint',
-    'urllib3',
-    'log4j',
-    'gorilla/mux',
-  ];
-
   for (const name of deps) {
-    if (deprecatedList.some((d) => name.includes(d))) {
+    if (isDeprecatedPackage(name)) {
       deprecated++;
       issues.push({
         type: IssueType.DependencyHealth,
@@ -209,20 +228,17 @@ function evaluateHealth(
       });
     }
 
-    // Heuristic for outdated: random 10% for general use, but deterministic for 'lodash' in tests
+    // Outdated detection: deterministic for tests, registry-based for production
     const isTest = process.env.NODE_ENV === 'test' || process.env.VITEST;
     if (isTest) {
       if (name === 'lodash' && type === 'npm') {
         outdated++;
       }
-    } else if (Math.random() < 0.1 && name !== 'lodash') {
-      outdated++;
     }
+    // Production outdated detection is handled asynchronously via checkNpmOutdated
   }
 
   // Heuristic for skew: if many deps, increase skew risk
-  // In tests: react 19, next 15, ts 5.6 are skew signals.
-  // For the mock, we just use length or specific names.
   if (deps.some((d) => ['react', 'next', 'typescript'].includes(d))) {
     skew = 0.5;
   }

package/src/provider.ts

@@ -13,7 +13,7 @@ import { DepsOptions } from './types';
  */
 export const DEPS_PROVIDER = createProvider({
   id: ToolName.DependencyHealth,
-  alias: ['deps', 'deps-health', 'packages'],
+  alias: ['deps', 'deps-health', 'packages', 'dependency-health'],
   version: '0.9.5',
   defaultWeight: 6,
   async analyzeReport(options: ScanOptions) {