@bobfrankston/npmglobalize 1.0.133 → 1.0.134

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/lib.js +43 -79
  2. package/package.json +1 -1
package/lib.js CHANGED
@@ -2064,94 +2064,51 @@ export async function initGit(cwd, visibility, dryRun) {
2064
2064
  /** Main globalize function */
2065
2065
  /** Run npm audit and optionally fix vulnerabilities */
2066
2066
  export function runNpmAudit(cwd, fix = false, verbose = false) {
2067
- console.log('');
2068
- console.log(colors.yellow('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━'));
2069
- console.log(colors.yellow('🔒 npm audit'));
2070
- console.log(colors.yellow('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━'));
2071
2067
  if (fix) {
2072
- console.log('Running npm audit fix...');
2073
- const fixResult = runCommand('npm', ['audit', 'fix'], { cwd, silent: false });
2074
- if (!fixResult.success) {
2075
- console.log(colors.yellow('⚠ Some vulnerabilities could not be automatically fixed'));
2076
- }
2077
- else {
2078
- console.log(colors.green('✓ Audit fixes applied'));
2079
- }
2068
+ runCommand('npm', ['audit', 'fix'], { cwd, silent: true });
2080
2069
  }
2081
- // Always run audit to report status
2070
+ // Check remaining vulnerabilities
2082
2071
  const auditResult = spawnSafe('npm', ['audit', '--json'], {
2083
- cwd,
2084
- encoding: 'utf-8',
2085
- stdio: 'pipe',
2086
- shell: true // Required on Windows to find npm.cmd
2072
+ cwd, encoding: 'utf-8', stdio: 'pipe', shell: true
2087
2073
  });
2088
2074
  let hasVulnerabilities = false;
2089
2075
  let report = '';
2090
- if (auditResult.status !== 0 || auditResult.stdout) {
2091
- try {
2092
- const auditData = JSON.parse(auditResult.stdout || '{}');
2093
- const { vulnerabilities = {} } = auditData;
2094
- const critical = auditData.metadata?.vulnerabilities?.critical || 0;
2095
- const high = auditData.metadata?.vulnerabilities?.high || 0;
2096
- const moderate = auditData.metadata?.vulnerabilities?.moderate || 0;
2097
- const low = auditData.metadata?.vulnerabilities?.low || 0;
2098
- const info = auditData.metadata?.vulnerabilities?.info || 0;
2099
- const total = critical + high + moderate + low + info;
2100
- if (total > 0) {
2101
- hasVulnerabilities = true;
2102
- report = `Found ${total} vulnerabilities`;
2103
- const parts = [];
2104
- if (critical > 0)
2105
- parts.push(colors.red(`${critical} critical`));
2106
- if (high > 0)
2107
- parts.push(colors.red(`${high} high`));
2108
- if (moderate > 0)
2109
- parts.push(colors.yellow(`${moderate} moderate`));
2110
- if (low > 0)
2111
- parts.push(`${low} low`);
2112
- if (info > 0)
2113
- parts.push(`${info} info`);
2114
- console.log('');
2115
- console.log(colors.yellow(`Vulnerabilities: ${parts.join(', ')}`));
2116
- if (verbose && Object.keys(vulnerabilities).length > 0) {
2117
- console.log('');
2118
- console.log('Details:');
2119
- for (const [pkg, data] of Object.entries(vulnerabilities)) {
2120
- const vulnData = data;
2121
- const severity = vulnData.severity || 'unknown';
2122
- const severityColor = severity === 'critical' || severity === 'high' ? colors.red :
2123
- severity === 'moderate' ? colors.yellow : (s) => s;
2124
- console.log(` ${severityColor(severity)}: ${pkg}`);
2125
- }
2126
- }
2127
- if (!fix) {
2128
- console.log('');
2129
- console.log(colors.yellow('Run with --fix to automatically fix vulnerabilities'));
2130
- }
2076
+ try {
2077
+ const auditData = JSON.parse(auditResult.stdout || '{}');
2078
+ const m = auditData.metadata?.vulnerabilities || {};
2079
+ const critical = m.critical || 0;
2080
+ const high = m.high || 0;
2081
+ const moderate = m.moderate || 0;
2082
+ const low = m.low || 0;
2083
+ const total = critical + high + moderate + low + (m.info || 0);
2084
+ if (total > 0) {
2085
+ hasVulnerabilities = true;
2086
+ const parts = [];
2087
+ if (critical > 0)
2088
+ parts.push(colors.red(`${critical} critical`));
2089
+ if (high > 0)
2090
+ parts.push(colors.red(`${high} high`));
2091
+ if (moderate > 0)
2092
+ parts.push(colors.yellow(`${moderate} moderate`));
2093
+ if (low > 0)
2094
+ parts.push(`${low} low`);
2095
+ report = `${total} vulnerabilities`;
2096
+ // Only show if high/critical remain after fix
2097
+ if (critical > 0 || high > 0) {
2098
+ console.log(colors.red(` Audit: ${parts.join(', ')}`));
2131
2099
  }
2132
- else {
2133
- console.log(colors.green(' No vulnerabilities found'));
2134
- report = 'No vulnerabilities';
2100
+ else if (verbose) {
2101
+ console.log(colors.dim(` Audit: ${parts.join(', ')}`));
2135
2102
  }
2136
2103
  }
2137
- catch (e) {
2138
- // Fallback to text output if JSON parsing fails
2139
- console.log('Running text audit...');
2140
- const textResult = runCommand('npm', ['audit'], { cwd, silent: false });
2141
- report = 'Audit completed (see output above)';
2104
+ else {
2105
+ report = 'No vulnerabilities';
2142
2106
  }
2143
2107
  }
2144
- else {
2145
- console.log(colors.green(' No vulnerabilities found'));
2146
- report = 'No vulnerabilities';
2108
+ catch {
2109
+ report = 'Audit check failed';
2147
2110
  }
2148
- console.log(colors.yellow('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━'));
2149
- console.log('');
2150
- return {
2151
- success: true,
2152
- report,
2153
- hasVulnerabilities
2154
- };
2111
+ return { success: true, report, hasVulnerabilities };
2155
2112
  }
2156
2113
  /** Get the version of npmglobalize itself */
2157
2114
  export function getToolVersion() {
@@ -2229,7 +2186,7 @@ async function doLocalInstall(cwd, options) {
2229
2186
  }
2230
2187
  export async function globalize(cwd, options = {}, configOptions = {}) {
2231
2188
  const { bump = 'patch', noPublish = false, cleanup = false, install = false, link = false, wsl = false, force = false, files = true, dryRun = false, quiet = true, verbose = false, init = false, gitVisibility = 'private', npmVisibility = 'private', message, conform = false, asis = false, updateDeps = false, updateMajor = false, publishDeps = true, // Default to publishing deps for safety
2232
- forcePublish = false, fix = false, fixTags = false, rebase = false, show = false, local = false, freeze = false } = options;
2189
+ forcePublish = false, fix = true, fixTags = false, rebase = false, show = false, local = false, freeze = false } = options;
2233
2190
  // Show tool version only for recursive dep calls (CLI already prints it at startup)
2234
2191
  const toolVersion = getToolVersion();
2235
2192
  if (!options._fromWorkspace && !options._fromCli) {
@@ -3637,8 +3594,15 @@ export async function globalize(cwd, options = {}, configOptions = {}) {
3637
3594
  }
3638
3595
  }
3639
3596
  else if (error.message?.includes('not clean') || error.message?.includes('working directory')) {
3640
- // Working directory not clean — commit stray changes and retry
3641
- console.log(colors.yellow('\nWorking directory not clean committing stray changes and retrying...'));
3597
+ // Show what's dirty
3598
+ const dirtyCheck = spawnSafe('git', ['status', '--porcelain'], {
3599
+ cwd, encoding: 'utf-8', stdio: 'pipe', shell: true
3600
+ });
3601
+ if (dirtyCheck.stdout?.trim()) {
3602
+ console.log(colors.dim(' Dirty files: ' + dirtyCheck.stdout.trim().split('\n').join(', ')));
3603
+ }
3604
+ // Commit stray changes and retry
3605
+ console.log(colors.yellow(' Committing stray changes and retrying...'));
3642
3606
  const addRes = runCommand('git', ['add', '-A'], { cwd, silent: true });
3643
3607
  if (addRes.success) {
3644
3608
  const commitRes = gitCommit('Pre-version cleanup', cwd);
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@bobfrankston/npmglobalize",
3
- "version": "1.0.133",
3
+ "version": "1.0.134",
4
4
  "description": "Transform file: dependencies to npm versions for publishing",
5
5
  "main": "index.js",
6
6
  "type": "module",