npm - @antongolub/lockfile - Versions diffs - 0.0.0-snapshot.67 → 0.0.0-snapshot.68 - Mend

@antongolub/lockfile 0.0.0-snapshot.67 → 0.0.0-snapshot.68

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/enrich.d.ts ADDED Viewed

@@ -0,0 +1,34 @@
+import { D as Diagnostic, N as NodeId, G as Graph } from './graph-CPo-SvS2.js';
+/** Supplies the npm tarball bytes for recompute (ADR-0034 §3) — a CacheAdapter
+ *  or a registry-backed fetch wired by the orchestrator. */
+interface TarballSource {
+    tarball(name: string, version: string): Promise<Uint8Array | undefined>;
+}
+interface RefurbishOptions {
+    /** Stream diagnostics as they fire (ADR-0024 §3). */
+    onDiagnostic?: (d: Diagnostic) => void;
+    /** Bound the fill to these NodeIds (the modifier's recently-changed set);
+     *  absent ⇒ scan every non-workspace node. */
+    seed?: ReadonlySet<NodeId>;
+}
+interface RefurbishResult {
+    graph: Graph;
+    /** NodeIds that gained ≥1 field. */
+    enriched: NodeId[];
+    /** All diagnostics this call emitted, in emission order. */
+    unresolved: Diagnostic[];
+}
+/**
+ * Fill install-required fields the graph's own format needs (v1: the yarn-berry
+ * `checksum`). `format` is the lock's own format (caller-supplied, from
+ * `detect()`); `source` supplies tarball bytes for recompute.
+ */
+declare function refurbish(graph: Graph, format: string, source: TarballSource, opts?: RefurbishOptions): Promise<RefurbishResult>;
+type EnrichDiagnosticCode = 'ENRICH_FIELD_FILLED' | 'ENRICH_CHECKSUM_DEFERRED' | 'ENRICH_NOOP';
+interface EnrichDiagnostic extends Diagnostic {
+    code: EnrichDiagnosticCode;
+}
+export { type EnrichDiagnostic, type EnrichDiagnosticCode, type RefurbishOptions, type RefurbishResult, type TarballSource, refurbish };

package/dist/enrich.js ADDED Viewed

@@ -0,0 +1,245 @@
+import zlib, { gunzipSync } from 'zlib';
+import { createHash } from 'crypto';
+// src/main/ts/recipe/integrity.ts
+function emptyIntegrity() {
+  return { hashes: [] };
+}
+function emitBerryChecksum(i) {
+  var _a;
+  return (_a = i.hashes.find((h) => h.algorithm === "sha512" && h.origin === "berry-zip")) == null ? void 0 : _a.digest;
+}
+function mergeIntegrity(a, b) {
+  const seen = /* @__PURE__ */ new Set();
+  const hashes = [];
+  for (const h of [...a.hashes, ...b.hashes]) {
+    const key = `${h.algorithm} ${h.origin} ${h.digest}`;
+    if (seen.has(key)) continue;
+    seen.add(key);
+    hashes.push(h);
+  }
+  return { hashes };
+}
+var DOS_TIME = 44608;
+var DOS_DATE = 2262;
+var MADE_BY = 831;
+var EMPTY = Buffer.alloc(0);
+var CRC_TABLE = (() => {
+  const t = new Uint32Array(256);
+  for (let n = 0; n < 256; n++) {
+    let c = n;
+    for (let k = 0; k < 8; k++) c = (c & 1) !== 0 ? 3988292384 ^ c >>> 1 : c >>> 1;
+    t[n] = c >>> 0;
+  }
+  return t;
+})();
+function crc32Table(buf) {
+  let c = 4294967295;
+  for (let i = 0; i < buf.length; i++) c = (CRC_TABLE[(c ^ buf[i]) & 255] ^ c >>> 8) >>> 0;
+  return (c ^ 4294967295) >>> 0;
+}
+var nativeCrc32 = zlib.crc32;
+var crc32 = typeof nativeCrc32 === "function" ? (buf) => nativeCrc32(buf) >>> 0 : crc32Table;
+var tarField = (b, off, len) => {
+  const slice = b.subarray(off, off + len);
+  const nul = slice.indexOf(0);
+  return slice.toString("latin1", 0, nul === -1 ? len : nul);
+};
+function parseTar(tar) {
+  const out = [];
+  for (let o = 0; o + 512 <= tar.length; ) {
+    const header = tar.subarray(o, o + 512);
+    let allZero = true;
+    for (let i = 0; i < 512; i++) if (header[i] !== 0) {
+      allZero = false;
+      break;
+    }
+    if (allZero) break;
+    const prefix = tarField(header, 345, 155);
+    const rawName = tarField(header, 0, 100);
+    const name = prefix !== "" ? `${prefix}/${rawName}` : rawName;
+    const size = parseInt(tarField(header, 124, 12).trim() || "0", 8) || 0;
+    const mode = parseInt(tarField(header, 100, 8).trim() || "0", 8) || 0;
+    const type = String.fromCharCode(header[156] ?? 0);
+    o += 512;
+    if (type === "0" || type === "\0" || type === "") out.push({ name, mode, data: tar.subarray(o, o + size) });
+    o += Math.ceil(size / 512) * 512;
+  }
+  return out;
+}
+function buildStoreZip(entries) {
+  const parts = [];
+  const central = [];
+  let off = 0;
+  for (const e of entries) {
+    const nm = Buffer.from(e.name, "latin1");
+    const data = e.dir ? EMPTY : e.data;
+    const crc = e.dir ? 0 : crc32(data);
+    const vn = e.dir ? 20 : 10;
+    const ext = e.dir ? 1106051072 : (e.mode & 73) !== 0 ? 2179792896 : 2175008768;
+    const lh = Buffer.alloc(30);
+    lh.writeUInt32LE(67324752, 0);
+    lh.writeUInt16LE(vn, 4);
+    lh.writeUInt16LE(0, 6);
+    lh.writeUInt16LE(0, 8);
+    lh.writeUInt16LE(DOS_TIME, 10);
+    lh.writeUInt16LE(DOS_DATE, 12);
+    lh.writeUInt32LE(crc, 14);
+    lh.writeUInt32LE(data.length, 18);
+    lh.writeUInt32LE(data.length, 22);
+    lh.writeUInt16LE(nm.length, 26);
+    lh.writeUInt16LE(0, 28);
+    parts.push(lh, nm, data);
+    central.push({ name: nm, crc, size: data.length, vn, ext, off });
+    off += 30 + nm.length + data.length;
+  }
+  const cdStart = off;
+  for (const c of central) {
+    const h = Buffer.alloc(46);
+    h.writeUInt32LE(33639248, 0);
+    h.writeUInt16LE(MADE_BY, 4);
+    h.writeUInt16LE(c.vn, 6);
+    h.writeUInt16LE(0, 8);
+    h.writeUInt16LE(0, 10);
+    h.writeUInt16LE(DOS_TIME, 12);
+    h.writeUInt16LE(DOS_DATE, 14);
+    h.writeUInt32LE(c.crc, 16);
+    h.writeUInt32LE(c.size, 20);
+    h.writeUInt32LE(c.size, 24);
+    h.writeUInt16LE(c.name.length, 28);
+    h.writeUInt16LE(0, 30);
+    h.writeUInt16LE(0, 32);
+    h.writeUInt16LE(0, 34);
+    h.writeUInt16LE(0, 36);
+    h.writeUInt32LE(c.ext, 38);
+    h.writeUInt32LE(c.off, 42);
+    parts.push(h, c.name);
+    off += 46 + c.name.length;
+  }
+  const eocd = Buffer.alloc(22);
+  eocd.writeUInt32LE(101010256, 0);
+  eocd.writeUInt16LE(central.length, 8);
+  eocd.writeUInt16LE(central.length, 10);
+  eocd.writeUInt32LE(off - cdStart, 12);
+  eocd.writeUInt32LE(cdStart, 16);
+  parts.push(eocd);
+  return Buffer.concat(parts);
+}
+function cacheKeyCompressionLevel(cacheKey) {
+  const m = /c(\d)$/.exec(cacheKey);
+  return m ? Number(m[1]) : -1;
+}
+function computeBerryChecksum(tgz, ident, cacheKey) {
+  if (cacheKeyCompressionLevel(cacheKey) !== 0)
+    throw new Error(`computeBerryChecksum: only STORE (cacheKey ending 'c0') is supported; got '${cacheKey}'`);
+  const tar = gunzipSync(Buffer.from(tgz));
+  const prefix = `node_modules/${ident}/`;
+  const entries = [];
+  const seen = /* @__PURE__ */ new Set();
+  for (const f of parseTar(tar)) {
+    const rel = f.name.split("/").slice(1).join("/");
+    if (rel === "") continue;
+    const full = prefix + rel;
+    const segs = full.split("/");
+    segs.pop();
+    let cur = "";
+    for (const s of segs) {
+      cur += `${s}/`;
+      if (!seen.has(cur)) {
+        seen.add(cur);
+        entries.push({ name: cur, dir: true, mode: 493, data: EMPTY });
+      }
+    }
+    entries.push({ name: full, dir: false, mode: f.mode, data: f.data });
+  }
+  return createHash("sha512").update(buildStoreZip(entries)).digest("hex");
+}
+// src/main/ts/enrich/diagnostics.ts
+function enrichFieldFilled(nodeId, field, rung) {
+  return {
+    code: "ENRICH_FIELD_FILLED",
+    severity: "info",
+    subject: nodeId,
+    message: `enrich: filled ${field} on ${nodeId} (rung: ${rung})`
+  };
+}
+function enrichChecksumDeferred(nodeId) {
+  return {
+    code: "ENRICH_CHECKSUM_DEFERRED",
+    severity: "warning",
+    subject: nodeId,
+    message: `enrich: berry checksum for ${nodeId} not recomputable (DEFLATE cacheKey or tarball bytes unavailable) \u2014 line omitted; plain \`yarn install\` recovers it, \`yarn install --immutable\` will reject this node`
+  };
+}
+function enrichNoop() {
+  return {
+    code: "ENRICH_NOOP",
+    severity: "info",
+    // 'graph' literal per ADR-0023 §7.3 — per-call event; NodeId is `string`.
+    subject: "graph",
+    message: "enrich: nothing to fill"
+  };
+}
+// src/main/ts/enrich/refurbish.ts
+var isBerryFormat = (format) => format.startsWith("yarn-berry");
+function berryCacheKeyFor(graph) {
+  var _a;
+  for (const node of graph.nodes()) {
+    const ck = (_a = graph.tarballOf(node.id)) == null ? void 0 : _a.berryChecksumCacheKey;
+    if (ck !== void 0) return ck;
+  }
+  return "10c0";
+}
+async function refurbish(graph, format, source, opts = {}) {
+  const unresolved = [];
+  const enriched = [];
+  let next = graph;
+  const record = (d) => {
+    next = next.mutate((m) => {
+      m.diagnostic(d);
+    }).graph;
+    unresolved.push(d);
+    if (opts.onDiagnostic !== void 0) opts.onDiagnostic(d);
+  };
+  if (!isBerryFormat(format)) {
+    record(enrichNoop());
+    return { graph: next, enriched, unresolved };
+  }
+  const cacheKey = berryCacheKeyFor(graph);
+  const isStore = cacheKeyCompressionLevel(cacheKey) === 0;
+  for (const node of graph.nodes()) {
+    if (opts.seed !== void 0 && !opts.seed.has(node.id)) continue;
+    if (node.workspacePath !== void 0) continue;
+    const payload = graph.tarballOf(node.id) ?? {};
+    if (emitBerryChecksum(payload.integrity ?? emptyIntegrity()) !== void 0) continue;
+    if (!isStore) {
+      record(enrichChecksumDeferred(node.id));
+      continue;
+    }
+    const tgz = await source.tarball(node.name, node.version);
+    if (tgz === void 0) {
+      record(enrichChecksumDeferred(node.id));
+      continue;
+    }
+    const hex = computeBerryChecksum(tgz, node.name, cacheKey);
+    const integrity = mergeIntegrity(
+      payload.integrity ?? emptyIntegrity(),
+      { hashes: [{ algorithm: "sha512", digest: hex, origin: "berry-zip" }] }
+    );
+    const merged = { ...payload, integrity, berryChecksumCacheKey: cacheKey };
+    const diag = enrichFieldFilled(node.id, "berryChecksum", "recompute");
+    next = next.mutate((m) => {
+      m.setTarball({ name: node.name, version: node.version, patch: node.patch }, merged);
+      m.diagnostic(diag);
+    }).graph;
+    enriched.push(node.id);
+    unresolved.push(diag);
+    if (opts.onDiagnostic !== void 0) opts.onDiagnostic(diag);
+  }
+  if (unresolved.length === 0) record(enrichNoop());
+  return { graph: next, enriched, unresolved };
+}
+export { refurbish };

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@antongolub/lockfile",
-  "version": "0.0.0-snapshot.67",
+  "version": "0.0.0-snapshot.68",
   "private": false,
   "description": "Universal lockfile model and converter for npm, yarn, pnpm, bun",
   "type": "module",
@@ -27,6 +27,10 @@
       "types": "./dist/registry.d.ts",
       "default": "./dist/registry.js"
     },
+    "./enrich": {
+      "types": "./dist/enrich.d.ts",
+      "default": "./dist/enrich.js"
+    },
     "./formats/bun-text": {
       "types": "./dist/formats/bun-text.d.ts",
       "default": "./dist/formats/bun-text.js"
@@ -92,6 +96,16 @@
       "default": "./dist/formats/lockgraph.js"
     }
   },
+  "typesVersions": {
+    "*": {
+      "modify": ["./dist/modify.d.ts"],
+      "complete": ["./dist/complete.d.ts"],
+      "optimize": ["./dist/optimize.d.ts"],
+      "registry": ["./dist/registry.d.ts"],
+      "enrich": ["./dist/enrich.d.ts"],
+      "formats/*": ["./dist/formats/*.d.ts"]
+    }
+  },
   "files": [
     "dist",
     "README.md",