@bobfrankston/npmglobalize 1.0.136 → 1.0.138

package/colors.d.ts

@@ -0,0 +1,29 @@
+/**
+ * Functional color module for npmglobalize.
+ * Uses semantic names (success, warn, error, info, muted) instead of raw colors.
+ * Adapts to light/dark terminal backgrounds.
+ */
+/** Semantic color functions — use these instead of raw colors */
+export declare const colors: {
+    /** Success: green on both themes */
+    success: (text: string) => string;
+    /** Warning: yellow on dark, magenta on light */
+    warn: (text: string) => string;
+    /** Error: red on both themes */
+    error: (text: string) => string;
+    /** Info: blue on both themes */
+    info: (text: string) => string;
+    /** Accent: cyan on both themes */
+    accent: (text: string) => string;
+    /** Muted/dim text */
+    muted: (text: string) => string;
+    /** Italic */
+    italic: (text: string) => string;
+    red: (text: string) => string;
+    yellow: (text: string) => string;
+    green: (text: string) => string;
+    blue: (text: string) => string;
+    cyan: (text: string) => string;
+    dim: (text: string) => string;
+};
+//# sourceMappingURL=colors.d.ts.map

package/colors.js

@@ -0,0 +1,64 @@
+/**
+ * Functional color module for npmglobalize.
+ * Uses semantic names (success, warn, error, info, muted) instead of raw colors.
+ * Adapts to light/dark terminal backgrounds.
+ */
+import { styleText } from 'util';
+/** Detect terminal theme from environment or default to dark */
+function detectTheme() {
+    // COLORFGBG is set by some terminals: "fg;bg" — high bg = light theme
+    const colorfgbg = process.env.COLORFGBG;
+    if (colorfgbg) {
+        const bg = parseInt(colorfgbg.split(';').pop() || '0', 10);
+        if (bg > 8)
+            return 'light';
+    }
+    // Explicit override
+    if (process.env.NPMG_THEME === 'light')
+        return 'light';
+    if (process.env.NPMG_THEME === 'dark')
+        return 'dark';
+    return 'dark';
+}
+const theme = detectTheme();
+// Raw ANSI colors per theme — semantic → [dark, light]
+const themeMap = {
+    success: ['green', 'green'],
+    warn: ['yellow', 'magenta'], // yellow is invisible on light bg
+    error: ['red', 'red'],
+    info: ['blue', 'blue'],
+    accent: ['cyan', 'cyan'],
+    muted: ['dim', 'dim'],
+    italic: ['italic', 'italic'],
+};
+function pick(semantic) {
+    const entry = themeMap[semantic];
+    if (!entry)
+        return semantic;
+    return theme === 'light' ? entry[1] : entry[0];
+}
+/** Semantic color functions — use these instead of raw colors */
+export const colors = {
+    /** Success: green on both themes */
+    success: (text) => styleText(pick('success'), text),
+    /** Warning: yellow on dark, magenta on light */
+    warn: (text) => styleText(pick('warn'), text),
+    /** Error: red on both themes */
+    error: (text) => styleText(pick('error'), text),
+    /** Info: blue on both themes */
+    info: (text) => styleText(pick('info'), text),
+    /** Accent: cyan on both themes */
+    accent: (text) => styleText(pick('accent'), text),
+    /** Muted/dim text */
+    muted: (text) => styleText(pick('muted'), text),
+    /** Italic */
+    italic: (text) => styleText('italic', text),
+    // Legacy aliases for gradual migration
+    red: (text) => styleText(pick('error'), text),
+    yellow: (text) => styleText(pick('warn'), text),
+    green: (text) => styleText(pick('success'), text),
+    blue: (text) => styleText(pick('info'), text),
+    cyan: (text) => styleText(pick('accent'), text),
+    dim: (text) => styleText(pick('muted'), text),
+};
+//# sourceMappingURL=colors.js.map

package/ignorepatterns.json5

@@ -35,6 +35,7 @@
         // Auto-added silently (security-sensitive)
         security: [
             "node_modules/",
+            "*.tgz",
             ".claude/",
             ".env*",
             "token*",

package/lib/git.js

@@ -659,12 +659,36 @@ export function showPushProtectionGuidance(ppInfo) {
 /** Push to git with push-protection detection and auto-bypass for installed OAuth.
  *  Returns true if push succeeded (possibly after auto-bypass). */
 export function pushWithProtection(cwd, verbose) {
-    const pushResult = runCommand('git', ['push'], { cwd, silent: true });
+    let pushResult = runCommand('git', ['push'], { cwd, silent: true });
     if (pushResult.success) {
         if (verbose)
             console.log(colors.green('  ✓ Pushed to remote'));
         return true;
     }
+    // Check for "Everything up-to-date" — git sometimes returns non-zero
+    // alongside transient errors even though there's nothing to push
+    const combined = (pushResult.output + ' ' + pushResult.stderr).toLowerCase();
+    if (combined.includes('everything up-to-date')) {
+        if (verbose)
+            console.log(colors.green('  ✓ Already up-to-date'));
+        return true;
+    }
+    // Transient network errors (HTTP 408, RPC failed, unexpected disconnect) — retry once
+    if (/rpc failed|curl \d+|unexpected disconnect|hung up unexpectedly/i.test(pushResult.stderr)) {
+        console.log(colors.yellow('Git push failed with transient error — retrying...'));
+        pushResult = runCommand('git', ['push'], { cwd, silent: true });
+        if (pushResult.success) {
+            if (verbose)
+                console.log(colors.green('  ✓ Pushed to remote (retry)'));
+            return true;
+        }
+        const retryCombo = (pushResult.output + ' ' + pushResult.stderr).toLowerCase();
+        if (retryCombo.includes('everything up-to-date')) {
+            if (verbose)
+                console.log(colors.green('  ✓ Already up-to-date'));
+            return true;
+        }
+    }
     const ppInfo = parsePushProtection(pushResult.stderr, cwd);
     if (!ppInfo.detected) {
         console.error(colors.red('Git push failed:'));

package/lib.js

@@ -30,17 +30,9 @@ import readline from 'readline';
 import libversion from 'libnpmversion';
 import JSON5 from 'json5';
 import { fileURLToPath } from 'url';
-import { styleText } from 'util';
-/** Color/style helpers using Node.js styleText (Node 24+) */
-const colors = {
-    red: (text) => styleText('red', text),
-    yellow: (text) => styleText('yellow', text),
-    green: (text) => styleText('green', text),
-    italic: (text) => styleText('italic', text),
-    blue: (text) => styleText('blue', text),
-    cyan: (text) => styleText('cyan', text),
-    dim: (text) => styleText('dim', text),
-};
+import { themeColors } from '@bobfrankston/themecolors';
+/** Semantic color functions — adapts to terminal light/dark theme */
+const colors = themeColors();
 /**
  * Remove 'nul' files from a directory tree (Windows reserved name issue).
  * These files break git and npm on Windows. Uses \\?\ prefix to bypass name validation.
@@ -697,7 +689,18 @@ function hasLocalChanges(packageName, version, targetPath, verbose) {
             }
             return true;
         }
-        // Check 2: Compare latest commit time in directory vs npm publish time
+        // Check 2: Compare latest non-bookkeeping commit time vs npm publish time
+        // Skip npmglobalize's own commits (restore deps, pre-release, cleanup)
+        const bookkeepingPatterns = ['Restore file: dependencies', 'Pre-release commit', 'Pre-version cleanup', 'Untrack node_modules'];
+        const logResult = spawnSafe('git', ['-C', targetPath, 'log', '-1', '--format=%aI',
+            '--invert-grep', ...bookkeepingPatterns.map(p => `--grep=${p}`),
+            '--', '.'], {
+            encoding: 'utf-8',
+            stdio: 'pipe',
+            shell: true
+        });
+        if (logResult.status !== 0 || !logResult.stdout.trim())
+            return false;
         const timeResult = spawnSafe('npm', ['view', packageName, 'time', '--json'], {
             encoding: 'utf-8',
             stdio: 'pipe',
@@ -710,13 +713,6 @@ function hasLocalChanges(packageName, version, targetPath, verbose) {
         if (!publishTime)
             return false;
         const publishDate = new Date(publishTime);
-        const logResult = spawnSafe('git', ['-C', targetPath, 'log', '-1', '--format=%aI', '--', '.'], {
-            encoding: 'utf-8',
-            stdio: 'pipe',
-            shell: true
-        });
-        if (logResult.status !== 0 || !logResult.stdout.trim())
-            return false;
         const latestCommitDate = new Date(logResult.stdout.trim());
         if (latestCommitDate > publishDate) {
             if (verbose) {
@@ -1637,12 +1633,36 @@ function showPushProtectionGuidance(ppInfo) {
 /** Push to git with push-protection detection and auto-bypass for installed OAuth.
  *  Returns true if push succeeded (possibly after auto-bypass). */
 function pushWithProtection(cwd, verbose) {
-    const pushResult = runCommand('git', ['push'], { cwd, silent: true });
+    let pushResult = runCommand('git', ['push'], { cwd, silent: true });
     if (pushResult.success) {
         if (verbose)
             console.log(colors.green('  ✓ Pushed to remote'));
         return true;
     }
+    // Check for "Everything up-to-date" — git sometimes returns non-zero
+    // alongside transient errors even though there's nothing to push
+    const combined = (pushResult.output + ' ' + pushResult.stderr).toLowerCase();
+    if (combined.includes('everything up-to-date')) {
+        if (verbose)
+            console.log(colors.green('  ✓ Already up-to-date'));
+        return true;
+    }
+    // Transient network errors (HTTP 408, RPC failed, unexpected disconnect) — retry once
+    if (/rpc failed|curl \d+|unexpected disconnect|hung up unexpectedly/i.test(pushResult.stderr)) {
+        console.log(colors.yellow('Git push failed with transient error — retrying...'));
+        pushResult = runCommand('git', ['push'], { cwd, silent: true });
+        if (pushResult.success) {
+            if (verbose)
+                console.log(colors.green('  ✓ Pushed to remote (retry)'));
+            return true;
+        }
+        const retryCombo = (pushResult.output + ' ' + pushResult.stderr).toLowerCase();
+        if (retryCombo.includes('everything up-to-date')) {
+            if (verbose)
+                console.log(colors.green('  ✓ Already up-to-date'));
+            return true;
+        }
+    }
     const ppInfo = parsePushProtection(pushResult.stderr, cwd);
     if (!ppInfo.detected) {
         console.error(colors.red('Git push failed:'));
@@ -2031,9 +2051,17 @@ export async function initGit(cwd, visibility, dryRun) {
     const createResult = runCommand('gh', ['repo', 'create', repoName, visFlag, '--source=.', '--push'], { cwd, silent: true });
     if (!createResult.success) {
         const errText = createResult.stderr + createResult.output;
-        if (errText.includes('Name already exists')) {
+        // Check if repo was created but push failed (GitHub propagation delay)
+        const repoCreatedButPushFailed = /repository not found|hung up unexpectedly|rpc failed/i.test(errText)
+            && /https?:\/\/github\.com\//i.test(errText);
+        if (errText.includes('Name already exists') || repoCreatedButPushFailed) {
             // Repo exists on GitHub — look up the owner and add as remote
-            console.log(colors.yellow(`  GitHub repo '${repoName}' already exists — linking as remote...`));
+            if (repoCreatedButPushFailed) {
+                console.log(colors.yellow(`  GitHub repo created but initial push failed — retrying...`));
+            }
+            else {
+                console.log(colors.yellow(`  GitHub repo '${repoName}' already exists — linking as remote...`));
+            }
             const whoResult = runCommand('gh', ['api', 'user', '--jq', '.login'], { cwd, silent: true });
             const ghUser = (whoResult.output || '').trim();
             if (!ghUser) {
@@ -2046,9 +2074,22 @@ export async function initGit(cwd, visibility, dryRun) {
                 // Remote might already exist with wrong URL
                 runCommand('git', ['remote', 'set-url', 'origin', remoteUrl], { cwd, silent: true });
             }
-            // Push existing commits
-            runCommand('git', ['push', '-u', 'origin', 'master'], { cwd, silent: true });
-            console.log(colors.green(`  ✓ Linked to existing repo: ${remoteUrl}`));
+            // Push existing commits (retry up to 2 times for propagation delay)
+            let pushed = false;
+            for (let attempt = 0; attempt < 2 && !pushed; attempt++) {
+                if (attempt > 0) {
+                    console.log(colors.yellow('  Retrying push...'));
+                    spawnSafe(process.platform === 'win32' ? 'timeout' : 'sleep', process.platform === 'win32' ? ['\t', '3', '\nobreak'] : ['3'], { stdio: 'pipe' }); // brief delay for GitHub propagation
+                }
+                const pushRes = runCommand('git', ['push', '-u', 'origin', 'master'], { cwd, silent: true });
+                pushed = pushRes.success;
+            }
+            if (pushed) {
+                console.log(colors.green(`  ✓ Linked to repo: ${remoteUrl}`));
+            }
+            else {
+                console.log(colors.yellow(`  ✓ Repo created but push failed — push manually: git push -u origin master`));
+            }
         }
         else {
             console.error(colors.red(`Failed to create GitHub repo: ${errText}`));
@@ -3637,12 +3678,7 @@ export async function globalize(cwd, options = {}, configOptions = {}) {
                 }
             }
             else if (error.message?.includes('unknown git error')) {
-                console.error(colors.yellow('\nPossible causes:'));
-                console.error('  • Git hooks (pre-commit, commit-msg) might be failing');
-                console.error('  • GPG signing might be required but not configured');
-                console.error('  • Git config issues (user.name, user.email)');
-                console.error('  • Disk space or permissions issues');
-                console.error(colors.yellow('\nTry running with --verbose or check git status manually'));
+                console.error(colors.yellow('Unknown git error — check git hooks, signing, or permissions'));
             }
             else if (combinedOutput.includes('gh013') || combinedOutput.includes('push protection') || combinedOutput.includes('push declined due to repository rule')) {
                 // GitHub push protection blocked a push (from postversion script)
@@ -3690,29 +3726,7 @@ export async function globalize(cwd, options = {}, configOptions = {}) {
         // Check npm authentication right before publishing
         const authStatus = checkNpmAuth();
         if (!authStatus.authenticated) {
-            console.error(colors.red('ERROR: npm authentication required'));
-            console.error('');
-            if (authStatus.error === 'token expired') {
-                console.error('Your npm access token has expired or been revoked.');
-                console.error('');
-                console.error('To fix this, run:');
-                console.error(colors.yellow('  npm logout'));
-                console.error(colors.yellow('  npm login'));
-            }
-            else if (authStatus.error === 'not logged in') {
-                console.error('You are not logged in to npm.');
-                console.error('');
-                console.error('To fix this, run:');
-                console.error(colors.yellow('  npm login'));
-            }
-            else {
-                console.error(`Authentication error: ${authStatus.error}`);
-                console.error('');
-                console.error('Try running:');
-                console.error(colors.yellow('  npm whoami'));
-            }
-            console.error('');
-            console.error('After logging in, try running this command again.');
+            console.error(colors.red(`Not authenticated to npm (${authStatus.error}) — run: npm login`));
             return false;
         }
         if (verbose) {
@@ -3734,9 +3748,40 @@ export async function globalize(cwd, options = {}, configOptions = {}) {
             return false;
         }
         const tarballPath = path.join(cwd, tarballName);
-        if (verbose) {
-            console.log(`Created tarball: ${tarballName}`);
+        // Check tarball size — warn if suspiciously large
+        try {
+            const tarballSize = fs.statSync(tarballPath).size;
+            const sizeMB = tarballSize / (1024 * 1024);
+            if (sizeMB > 50) {
+                console.error(colors.red(`\n⚠ Tarball is ${sizeMB.toFixed(0)}MB — something large is being included!`));
+                // Show biggest files in the tarball
+                const listResult = runCommand('npm', ['pack', '--dry-run'], { cwd, silent: true });
+                if (listResult.success) {
+                    const lines = listResult.output.trim().split('\n')
+                        .filter(l => l.includes('B '))
+                        .map(l => { const m = l.match(/([\d.]+[kMG]?B)\s+(.*)/); return m ? { size: m[1], file: m[2] } : null; })
+                        .filter(Boolean)
+                        .filter((e) => e.size.includes('M') || e.size.includes('G'))
+                        .slice(0, 10);
+                    if (lines.length > 0) {
+                        console.error(colors.yellow('  Large files in tarball:'));
+                        for (const e of lines)
+                            console.error(colors.yellow(`    ${e.size}\t${e.file}`));
+                    }
+                }
+                console.error(colors.yellow('  Check .npmignore — you may need to exclude large files or directories.'));
+                // Clean up and abort
+                try {
+                    fs.unlinkSync(tarballPath);
+                }
+                catch { /* */ }
+                return false;
+            }
+            if (verbose) {
+                console.log(`  Tarball: ${tarballName} (${sizeMB.toFixed(1)}MB)`);
+            }
         }
+        catch { /* proceed if stat fails */ }
         // Publish the tarball
         const npmArgs = ['publish', tarballName];
         // Determine access level (use effectiveNpmVisibility which accounts for current npm status)
@@ -3785,78 +3830,22 @@ export async function globalize(cwd, options = {}, configOptions = {}) {
         }
         if (!publishResult.success) {
             console.error(colors.red('\nERROR: npm publish failed\n'));
-            // Show the actual error output
-            if (publishResult.stderr && publishResult.stderr.trim()) {
-                console.error('npm error output:');
-                console.error(publishResult.stderr.trim());
-                console.error('');
-            }
-            else if (publishResult.output && publishResult.output.trim()) {
-                console.error('npm output:');
-                console.error(publishResult.output.trim());
-                console.error('');
-            }
-            // Check for E409 conflict (publishing too fast)
+            // Check for specific error types
             const output = (publishResult.output + '\n' + publishResult.stderr).toLowerCase();
-            if (output.includes('e409') || output.includes('409 conflict')) {
-                console.error(colors.yellow('⚠ Publishing too quickly'));
-                console.error('');
-                console.error('npm is still processing the previous version after multiple retries.');
-                console.error(colors.green('Solution: Wait a few more minutes and try again'));
-                console.error('');
-            }
-            else if (output.includes('403') || output.includes('forbidden') || output.includes('cannot publish over')) {
-                // Check if it's the "version already published" case
-                if (output.includes('cannot publish over') || output.includes('previously published')) {
-                    // Extract the version number from the error if possible
-                    const versionMatch = output.match(/versions?[:\s]+(\d+\.\d+\.\d+)/);
-                    const failedVersion = versionMatch ? versionMatch[1] : null;
-                    // Check if this is the version we just bumped to
-                    const currentPkgVersion = readPackageJson(cwd).version;
-                    const isCurrentVersion = failedVersion === currentPkgVersion;
-                    console.error(colors.yellow('⚠ Version already published to npm'));
-                    console.error('');
-                    if (isCurrentVersion) {
-                        console.error(colors.green('✓ Good news: This version was already published (possibly just now)'));
-                        console.error('');
-                        console.error('The git commit and tag were created, but npm says this version exists.');
-                        console.error('This is actually SUCCESS - your package is published!');
-                        console.error('');
-                        console.error('Verify with: ' + colors.yellow(`npm view ${pkg.name}@${currentPkgVersion}`));
-                        console.error('');
-                        console.error(colors.yellow('Note: You may have a postversion script that auto-publishes.'));
-                        console.error(colors.yellow('npmglobalize will now skip that hook to prevent this issue.'));
-                        console.error('');
-                        // Treat as success and continue
-                        console.log(colors.green('✓ Treating as successful publish'));
-                        // Don't return false - let it continue to push git tags
-                    }
-                    else {
-                        console.error('Version ' + colors.yellow(failedVersion || 'unknown') + ' is already on npm.');
-                        console.error('This shouldn\'t happen - the version was bumped but publish failed.');
-                        console.error('');
-                        console.error(colors.yellow('To recover:'));
-                        console.error('  Just run npmglobalize again (it will bump to next version)');
-                        console.error('');
-                        if (transformResult.transformed) {
-                            console.log('Restoring file: dependencies...');
-                            const failPkg = readPackageJson(cwd);
-                            restoreDeps(failPkg, verbose);
-                            writePackageJson(cwd, failPkg);
-                            runCommand('git', ['add', 'package.json'], { cwd, silent: true });
-                            gitCommit('Restore file: dependencies', cwd);
-                        }
-                        return false;
-                    }
+            if (output.includes('err_string_too_long') || output.includes('string longer than')) {
+                console.error(colors.red('Tarball too large — check .npmignore. Run: npm pack --dry-run'));
+            }
+            else if (output.includes('e409') || output.includes('409 conflict')) {
+                console.error(colors.yellow('npm still processing previous version — wait and retry'));
+            }
+            else if (output.includes('cannot publish over') || output.includes('previously published')) {
+                const currentPkgVersion = readPackageJson(cwd).version;
+                if (output.includes(currentPkgVersion)) {
+                    console.log(colors.green('✓ Already published — continuing'));
                 }
                 else {
-                    console.error(colors.yellow('Common causes:'));
-                    console.error('  1. Package name already taken by another user');
-                    console.error('  2. No publish access to this package');
-                    console.error('  3. Scope (@username) requires authentication');
-                    console.error('');
+                    console.error(colors.yellow('Version conflict — run npmglobalize again'));
                     if (transformResult.transformed) {
-                        console.log('Restoring file: dependencies...');
                         const failPkg = readPackageJson(cwd);
                         restoreDeps(failPkg, verbose);
                         writePackageJson(cwd, failPkg);
@@ -3866,18 +3855,22 @@ export async function globalize(cwd, options = {}, configOptions = {}) {
                     return false;
                 }
             }
+            else if (output.includes('403') || output.includes('forbidden')) {
+                console.error(colors.yellow('Publish forbidden — check npm login and package access'));
+                if (transformResult.transformed) {
+                    const failPkg = readPackageJson(cwd);
+                    restoreDeps(failPkg, verbose);
+                    writePackageJson(cwd, failPkg);
+                    runCommand('git', ['add', 'package.json'], { cwd, silent: true });
+                    gitCommit('Restore file: dependencies', cwd);
+                }
+                return false;
+            }
             else if (output.includes('402') || output.includes('payment required')) {
-                console.error(colors.yellow('Private packages require a paid npm account'));
-                console.error('  • Use --npm public to publish as public');
-                console.error('  • Or upgrade your npm account for private packages');
-                console.error('');
+                console.error(colors.yellow('Private packages need paid npm account — use --npm public'));
             }
             else {
-                console.error(colors.yellow('Common causes:'));
-                console.error('  1. Not logged in - run: npm login');
-                console.error('  2. Version already published');
-                console.error('  3. Authentication token expired');
-                console.error('');
+                console.error(colors.yellow('Publish failed — run npm login or check npm whoami'));
             }
             if (transformResult.transformed) {
                 console.log('Restoring file: dependencies...');

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bobfrankston/npmglobalize",
-  "version": "1.0.136",
+  "version": "1.0.138",
   "description": "Transform file: dependencies to npm versions for publishing",
   "main": "index.js",
   "type": "module",
@@ -31,8 +31,9 @@
     "url": "https://github.com/BobFrankston/npmglobalize.git"
   },
   "dependencies": {
-    "@bobfrankston/freezepak": "^0.1.5",
-    "@bobfrankston/importgen": "^0.1.31",
+    "@bobfrankston/freezepak": "^0.1.6",
+    "@bobfrankston/importgen": "^0.1.32",
+    "@bobfrankston/themecolors": "^0.1.0",
     "@bobfrankston/userconfig": "^1.0.5",
     "@npmcli/package-json": "^7.0.4",
     "json5": "^2.2.3",
@@ -47,6 +48,7 @@
   ".dependencies": {
     "@bobfrankston/freezepak": "file:../freezepak",
     "@bobfrankston/importgen": "file:../importgen",
+    "@bobfrankston/themecolors": "file:../themecolors",
     "@bobfrankston/userconfig": "file:../userconfig",
     "@npmcli/package-json": "^7.0.4",
     "json5": "^2.2.3",