npm - @bobfrankston/npmglobalize - Versions diffs - 1.0.133 → 1.0.135 - Mend

@bobfrankston/npmglobalize 1.0.133 → 1.0.135

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/lib.js +52 -79
package/package.json +1 -1

package/lib.js CHANGED Viewed

@@ -1894,6 +1894,15 @@ function ensureGitignore(cwd) {
         fs.writeFileSync(gitignorePath, content);
         console.log(colors.green('  ✓ .gitignore updated'));
     }
+    // Untrack node_modules if already committed to git
+    const nmTracked = spawnSafe('git', ['ls-files', 'node_modules/'], {
+        cwd, encoding: 'utf-8', stdio: 'pipe', shell: true
+    });
+    if (nmTracked.status === 0 && nmTracked.stdout?.trim()) {
+        console.log(colors.yellow('  Untracking node_modules from git...'));
+        runCommand('git', ['rm', '-r', '--cached', 'node_modules/'], { cwd, silent: true });
+        gitCommit('Untrack node_modules', cwd);
+    }
 }
 /** Ensure .npmignore exists with recommended patterns */
 function ensureNpmignore(cwd) {
@@ -2064,94 +2073,51 @@ export async function initGit(cwd, visibility, dryRun) {
 /** Main globalize function */
 /** Run npm audit and optionally fix vulnerabilities */
 export function runNpmAudit(cwd, fix = false, verbose = false) {
-    console.log('');
-    console.log(colors.yellow('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━'));
-    console.log(colors.yellow('🔒 npm audit'));
-    console.log(colors.yellow('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━'));
     if (fix) {
-        console.log('Running npm audit fix...');
-        const fixResult = runCommand('npm', ['audit', 'fix'], { cwd, silent: false });
-        if (!fixResult.success) {
-            console.log(colors.yellow('⚠ Some vulnerabilities could not be automatically fixed'));
-        }
-        else {
-            console.log(colors.green('✓ Audit fixes applied'));
-        }
+        runCommand('npm', ['audit', 'fix'], { cwd, silent: true });
     }
-    // Always run audit to report status
+    // Check remaining vulnerabilities
     const auditResult = spawnSafe('npm', ['audit', '--json'], {
-        cwd,
-        encoding: 'utf-8',
-        stdio: 'pipe',
-        shell: true // Required on Windows to find npm.cmd
+        cwd, encoding: 'utf-8', stdio: 'pipe', shell: true
     });
     let hasVulnerabilities = false;
     let report = '';
-    if (auditResult.status !== 0 || auditResult.stdout) {
-        try {
-            const auditData = JSON.parse(auditResult.stdout || '{}');
-            const { vulnerabilities = {} } = auditData;
-            const critical = auditData.metadata?.vulnerabilities?.critical || 0;
-            const high = auditData.metadata?.vulnerabilities?.high || 0;
-            const moderate = auditData.metadata?.vulnerabilities?.moderate || 0;
-            const low = auditData.metadata?.vulnerabilities?.low || 0;
-            const info = auditData.metadata?.vulnerabilities?.info || 0;
-            const total = critical + high + moderate + low + info;
-            if (total > 0) {
-                hasVulnerabilities = true;
-                report = `Found ${total} vulnerabilities`;
-                const parts = [];
-                if (critical > 0)
-                    parts.push(colors.red(`${critical} critical`));
-                if (high > 0)
-                    parts.push(colors.red(`${high} high`));
-                if (moderate > 0)
-                    parts.push(colors.yellow(`${moderate} moderate`));
-                if (low > 0)
-                    parts.push(`${low} low`);
-                if (info > 0)
-                    parts.push(`${info} info`);
-                console.log('');
-                console.log(colors.yellow(`Vulnerabilities: ${parts.join(', ')}`));
-                if (verbose && Object.keys(vulnerabilities).length > 0) {
-                    console.log('');
-                    console.log('Details:');
-                    for (const [pkg, data] of Object.entries(vulnerabilities)) {
-                        const vulnData = data;
-                        const severity = vulnData.severity || 'unknown';
-                        const severityColor = severity === 'critical' || severity === 'high' ? colors.red :
-                            severity === 'moderate' ? colors.yellow : (s) => s;
-                        console.log(`  ${severityColor(severity)}: ${pkg}`);
-                    }
-                }
-                if (!fix) {
-                    console.log('');
-                    console.log(colors.yellow('Run with --fix to automatically fix vulnerabilities'));
-                }
+    try {
+        const auditData = JSON.parse(auditResult.stdout || '{}');
+        const m = auditData.metadata?.vulnerabilities || {};
+        const critical = m.critical || 0;
+        const high = m.high || 0;
+        const moderate = m.moderate || 0;
+        const low = m.low || 0;
+        const total = critical + high + moderate + low + (m.info || 0);
+        if (total > 0) {
+            hasVulnerabilities = true;
+            const parts = [];
+            if (critical > 0)
+                parts.push(colors.red(`${critical} critical`));
+            if (high > 0)
+                parts.push(colors.red(`${high} high`));
+            if (moderate > 0)
+                parts.push(colors.yellow(`${moderate} moderate`));
+            if (low > 0)
+                parts.push(`${low} low`);
+            report = `${total} vulnerabilities`;
+            // Only show if high/critical remain after fix
+            if (critical > 0 || high > 0) {
+                console.log(colors.red(`  Audit: ${parts.join(', ')}`));
             }
-            else {
-                console.log(colors.green('✓ No vulnerabilities found'));
-                report = 'No vulnerabilities';
+            else if (verbose) {
+                console.log(colors.dim(`  Audit: ${parts.join(', ')}`));
             }
         }
-        catch (e) {
-            // Fallback to text output if JSON parsing fails
-            console.log('Running text audit...');
-            const textResult = runCommand('npm', ['audit'], { cwd, silent: false });
-            report = 'Audit completed (see output above)';
+        else {
+            report = 'No vulnerabilities';
         }
     }
-    else {
-        console.log(colors.green('✓ No vulnerabilities found'));
-        report = 'No vulnerabilities';
+    catch {
+        report = 'Audit check failed';
     }
-    console.log(colors.yellow('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━'));
-    console.log('');
-    return {
-        success: true,
-        report,
-        hasVulnerabilities
-    };
+    return { success: true, report, hasVulnerabilities };
 }
 /** Get the version of npmglobalize itself */
 export function getToolVersion() {
@@ -2229,7 +2195,7 @@ async function doLocalInstall(cwd, options) {
 }
 export async function globalize(cwd, options = {}, configOptions = {}) {
     const { bump = 'patch', noPublish = false, cleanup = false, install = false, link = false, wsl = false, force = false, files = true, dryRun = false, quiet = true, verbose = false, init = false, gitVisibility = 'private', npmVisibility = 'private', message, conform = false, asis = false, updateDeps = false, updateMajor = false, publishDeps = true, // Default to publishing deps for safety
-    forcePublish = false, fix = false, fixTags = false, rebase = false, show = false, local = false, freeze = false } = options;
+    forcePublish = false, fix = true, fixTags = false, rebase = false, show = false, local = false, freeze = false } = options;
     // Show tool version only for recursive dep calls (CLI already prints it at startup)
     const toolVersion = getToolVersion();
     if (!options._fromWorkspace && !options._fromCli) {
@@ -3637,8 +3603,15 @@ export async function globalize(cwd, options = {}, configOptions = {}) {
                 }
             }
             else if (error.message?.includes('not clean') || error.message?.includes('working directory')) {
-                // Working directory not clean — commit stray changes and retry
-                console.log(colors.yellow('\nWorking directory not clean — committing stray changes and retrying...'));
+                // Show what's dirty
+                const dirtyCheck = spawnSafe('git', ['status', '--porcelain'], {
+                    cwd, encoding: 'utf-8', stdio: 'pipe', shell: true
+                });
+                if (dirtyCheck.stdout?.trim()) {
+                    console.log(colors.dim('  Dirty files: ' + dirtyCheck.stdout.trim().split('\n').join(', ')));
+                }
+                // Commit stray changes and retry
+                console.log(colors.yellow('  Committing stray changes and retrying...'));
                 const addRes = runCommand('git', ['add', '-A'], { cwd, silent: true });
                 if (addRes.success) {
                     const commitRes = gitCommit('Pre-version cleanup', cwd);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@bobfrankston/npmglobalize",
-  "version": "1.0.133",
+  "version": "1.0.135",
   "description": "Transform file: dependencies to npm versions for publishing",
   "main": "index.js",
   "type": "module",