@bobfrankston/npmglobalize 1.0.148 → 1.0.150

package/README.md

@@ -94,6 +94,28 @@ Errors abort (unless `--force`); warnings prompt to continue.
 
 Skip the prescan with `-no-prescan` / `-nps`.
 
+#### Workspace skip prescan
+
+In workspace mode, before processing begins, each package is also checked to decide whether it actually needs work. A package is **skipped** (no rebuild, no version bump, no publish) only if **all** of these are true:
+
+1. **Working tree clean** — `git status --porcelain .` reports no uncommitted changes for that package's directory.
+2. **Version already on npm** — the version in its `package.json` is published to the registry, and no non-bookkeeping commit (anything outside "Pre-release commit" / "Restore file: dependencies" / "Pre-version cleanup" / "Untrack node_modules") is newer than that version's publish timestamp.
+3. **Build is fresh** — every `.ts` source file (excluding `.d.ts`) has a sibling `.js` whose mtime is ≥ the `.ts` mtime. A missing `.js` or an older `.js` counts as stale.
+4. **No sibling workspace `file:` dep flagged for work** — if another workspace package depends on this one via `file:`, and that dep is being updated in this run, this one is also processed (propagates through the graph in topological order).
+
+If any condition fails, the package is processed. The prescan prints one line per package with `⟳` for "will process" (and the reason) or `✓` for "skip". Example:
+
+```
+⟳ mlproc     — uncommitted changes
+⟳ pzip       — stale build (index.ts newer than index.js)
+⟳ stage      — dep pzip is being updated
+✓ puller     — skip (clean, published, build fresh)
+```
+
+The summary row for a skipped package shows `– name v1.0.0 (skipped — already up to date)`.
+
+Use `--force` or `--force-publish` to bypass the skip prescan and process every package.
+
 **Force republish** all file: dependencies even if versions exist:
 ```bash
 npmglobalize --force-publish

package/ignorepatterns.json5

@@ -59,7 +59,7 @@
             "package-lock.json",
             "*.ts",
             "!*.d.ts",
-            "*.map",
+            // "*.map",  // keep source maps in published packages for debugging
             "tsconfig.json",
             ".vscode/",
             ".globalize.json5"

package/lib.d.ts

@@ -115,6 +115,7 @@ interface WorkspacePackageResult {
     success: boolean;
     version?: string;
     error?: string;
+    skipped?: boolean;
 }
 /** Aggregate result from workspace orchestration */
 export interface WorkspaceResult {
@@ -188,13 +189,15 @@ export declare function buildDependencyGraph(packages: Array<{
 /** Topological sort with cycle detection. Returns package names in dependency order. */
 export declare function topologicalSort(graph: Map<string, Set<string>>): string[];
 /** Transform file: dependencies to npm versions */
+export type UnpublishedDep = {
+    name: string;
+    version: string;
+    path: string;
+    reason: 'new' | 'update';
+};
 export declare function transformDeps(pkg: any, baseDir: string, verbose?: boolean, forcePublish?: boolean): {
     transformed: boolean;
-    unpublished: Array<{
-        name: string;
-        version: string;
-        path: string;
-    }>;
+    unpublished: UnpublishedDep[];
 };
 /** A problem discovered by the prescan. */
 export interface PrescanIssue {

package/lib.js

@@ -810,6 +810,49 @@ function hasUnpublishedTransitiveDeps(packageName, pkg, baseDir, verbose) {
     }
     return false;
 }
+/** Walk a dir and return true if any `.ts` source has mtime newer than its sibling `.js`
+ *  (or the `.js` is missing). Skips node_modules/prev/cruft/.git and declaration files. */
+function hasStaleBuild(rootDir) {
+    const SKIP = new Set(['node_modules', 'prev', 'cruft', '.git']);
+    function walk(dir) {
+        let entries;
+        try {
+            entries = fs.readdirSync(dir, { withFileTypes: true });
+        }
+        catch {
+            return { stale: false };
+        }
+        for (const e of entries) {
+            const full = path.join(dir, e.name);
+            if (e.isDirectory()) {
+                if (SKIP.has(e.name.toLowerCase()))
+                    continue;
+                const sub = walk(full);
+                if (sub.stale)
+                    return sub;
+            }
+            else if (e.isFile() && e.name.endsWith('.ts') && !e.name.endsWith('.d.ts')) {
+                const jsPath = full.slice(0, -3) + '.js';
+                try {
+                    const tsStat = fs.statSync(full);
+                    let jsStat;
+                    try {
+                        jsStat = fs.statSync(jsPath);
+                    }
+                    catch {
+                        return { stale: true, example: `${e.name} (no .js)` };
+                    }
+                    if (tsStat.mtimeMs > jsStat.mtimeMs) {
+                        return { stale: true, example: `${e.name} newer than ${path.basename(jsPath)}` };
+                    }
+                }
+                catch { /* unreadable — ignore */ }
+            }
+        }
+        return { stale: false };
+    }
+    return walk(rootDir);
+}
 /** Check if local package directory has changes newer than the npm-published version.
  *  Detects uncommitted changes or commits made after the version was published. */
 function hasLocalChanges(packageName, version, targetPath, verbose) {
@@ -863,7 +906,6 @@ function hasLocalChanges(packageName, version, targetPath, verbose) {
         return false;
     }
 }
-/** Transform file: dependencies to npm versions */
 export function transformDeps(pkg, baseDir, verbose = false, forcePublish = false) {
     let transformed = false;
     const unpublished = [];
@@ -894,7 +936,7 @@ export function transformDeps(pkg, baseDir, verbose = false, forcePublish = fals
                     // Check if this version exists on npm (or if force publish)
                     const versionExists = forcePublish ? false : checkVersionExists(name, targetVersion);
                     if (!versionExists) {
-                        unpublished.push({ name, version: targetVersion, path: targetPath });
+                        unpublished.push({ name, version: targetVersion, path: targetPath, reason: forcePublish ? 'update' : 'new' });
                         if (forcePublish) {
                             console.log(colors.yellow(`  ⟳ ${name}@${targetVersion} will be republished (--force-publish)`));
                         }
@@ -908,15 +950,15 @@ export function transformDeps(pkg, baseDir, verbose = false, forcePublish = fals
                         }
                         // Check transitive file: deps — if any are unpublished, this dep needs republishing
                         if (hasUnpublishedTransitiveDeps(name, targetPkg, targetPath, verbose)) {
-                            unpublished.push({ name, version: targetVersion, path: targetPath });
+                            unpublished.push({ name, version: targetVersion, path: targetPath, reason: 'update' });
                             console.log(colors.yellow(`  ⟳ ${name}@${targetVersion} has unpublished transitive deps — will republish`));
                         }
                         else if (hasLocalChanges(name, targetVersion, targetPath, verbose)) {
-                            unpublished.push({ name, version: targetVersion, path: targetPath });
+                            unpublished.push({ name, version: targetVersion, path: targetPath, reason: 'update' });
                             console.log(colors.yellow(`  ⟳ ${name}@${targetVersion} has local changes not on npm — will republish`));
                         }
                         else if (checkIgnoreFiles(targetPath, { verbose }).securityChanges.length > 0) {
-                            unpublished.push({ name, version: targetVersion, path: targetPath });
+                            unpublished.push({ name, version: targetVersion, path: targetPath, reason: 'update' });
                             console.log(colors.yellow(`  ⟳ ${name}@${targetVersion} has missing ignore patterns — will republish`));
                         }
                     }
@@ -2349,6 +2391,13 @@ export async function initGit(cwd, visibility, dryRun) {
     if (staged.status !== 0) {
         runCommandOrThrow('git', ['commit', '-m', 'Initial commit'], { cwd });
     }
+    // Guarantee HEAD exists — `gh repo create --push` refuses an empty repo.
+    // Can happen if the working tree had nothing to stage (everything ignored, etc.).
+    const hasHead = spawnSafe('git', ['rev-parse', '--verify', 'HEAD'], { cwd, stdio: 'pipe' });
+    if (hasHead.status !== 0) {
+        console.log(colors.yellow('  No commits yet — creating an empty initial commit so --push can proceed.'));
+        runCommandOrThrow('git', ['commit', '--allow-empty', '-m', 'Initial commit'], { cwd });
+    }
     // Create GitHub repo (or link to existing one)
     const visFlag = visibility === 'private' ? '--private' : '--public';
     const createResult = runCommand('gh', ['repo', 'create', repoName, visFlag, '--source=.', '--push'], { cwd, silent: true });
@@ -3137,9 +3186,6 @@ export async function globalize(cwd, options = {}, configOptions = {}) {
         }
         // Don't set "private": true in package.json - that blocks all publishing
         console.log(`Package '${pkg.name}' will publish as PRIVATE (restricted access).`);
-        if (!currentAccess) {
-            console.log(colors.dim(`  First publish - requires paid npm account`));
-        }
     }
     else if (effectiveNpmVisibility === 'public') {
         // User explicitly wants public (or confirmed via prompt)
@@ -3337,21 +3383,59 @@ export async function globalize(cwd, options = {}, configOptions = {}) {
             }
             console.log('');
         }
-        // Check if target packages need to be published
+        // Publish/update dependencies.
+        // - reason='update': already on npm but stale (local changes, broken transitive, missing ignore) — auto-publish always
+        // - reason='new'   : version not on npm yet — auto-publish if --publish-deps, else prompt
         if (transformResult.unpublished.length > 0 && !noPublish) {
+            const updateDepsList = transformResult.unpublished.filter(d => d.reason === 'update');
+            const newDepsList = transformResult.unpublished.filter(d => d.reason === 'new');
             console.log('');
-            console.log(colors.yellow('Dependencies to publish:'));
-            for (const { name, version, path } of transformResult.unpublished) {
-                console.log(colors.yellow(`  ${name}@${version} (${path})`));
+            if (updateDepsList.length > 0) {
+                console.log(colors.yellow('Dependencies to update (already on npm, auto-republishing):'));
+                for (const { name, version, path } of updateDepsList) {
+                    console.log(colors.yellow(`  ${name}@${version} (${path})`));
+                }
+            }
+            if (newDepsList.length > 0) {
+                console.log(colors.yellow('New dependencies to publish:'));
+                for (const { name, version, path } of newDepsList) {
+                    console.log(colors.yellow(`  ${name}@${version} (${path})`));
+                }
             }
             console.log('');
             console.log('Dependency tree (✓ = on npm, ✗ = needs publishing):');
             printDepTree(cwd);
             console.log('');
-            if (publishDeps) {
+            // Decide which deps to publish now.
+            // Updates always run. New deps run if --publish-deps; otherwise prompt.
+            let depsToPublish = [...updateDepsList];
+            let proceedWithNew = newDepsList.length === 0 || publishDeps;
+            if (newDepsList.length > 0 && !publishDeps) {
+                console.log(colors.yellow('Options for NEW dependencies:'));
+                console.log(colors.yellow('  1. Publish them manually first'));
+                console.log(colors.yellow('  2. Use --publish-deps (-pd) to publish them automatically'));
+                console.log(colors.yellow('  3. Use -npd (--no-publish-deps) to skip dependency publishing'));
+                console.log(colors.dim('  (--force controls error-continuation only; it does not imply consent to publish new deps)'));
+                console.log('');
+                if (publishDepsYes) {
+                    proceedWithNew = true;
+                }
+                else {
+                    proceedWithNew = await confirm('Publish new dependencies now?', false);
+                    if (!proceedWithNew) {
+                        const newList = newDepsList.map(d => `${d.name}@${d.version}`).join(', ');
+                        recordBuildIssue(pkg.name || cwd, 'error', `Declined publishing new deps (${newList}). Rerun with -pd to auto-publish, or publish them manually first.`);
+                        return false;
+                    }
+                }
+            }
+            if (proceedWithNew) {
+                depsToPublish.push(...newDepsList);
+            }
+            if (depsToPublish.length > 0) {
                 const action = forcePublish ? 'Publishing/updating' : 'Publishing';
-                console.log(`${action} file: dependencies first (--publish-deps)...`);
-                for (const { name, version, path } of transformResult.unpublished) {
+                console.log(`${action} file: dependencies first...`);
+                for (const { name, version, path } of depsToPublish) {
                     console.log('');
                     console.log(colors.yellow(`━━━ Publishing ${name}@${version} ━━━`));
                     if (!dryRun) {
@@ -3393,20 +3477,6 @@ export async function globalize(cwd, options = {}, configOptions = {}) {
                 console.log('');
                 console.log(colors.green('✓ All dependencies published'));
             }
-            else {
-                console.log(colors.yellow('Options:'));
-                console.log(colors.yellow('  1. Publish them manually first'));
-                console.log(colors.yellow('  2. Use --publish-deps to publish them automatically'));
-                console.log(colors.yellow('  3. Use --force to continue anyway (NOT RECOMMENDED)'));
-                console.log(colors.yellow('  4. Use -npd (--no-publish-deps) to skip dependency publishing'));
-                console.log('');
-                if (!force && !publishDepsYes) {
-                    const shouldContinue = await confirm('Continue with unpublished dependencies?', false);
-                    if (!shouldContinue) {
-                        return false;
-                    }
-                }
-            }
         }
         if (!dryRun) {
             writePackageJson(cwd, pkg);
@@ -3878,7 +3948,7 @@ export async function globalize(cwd, options = {}, configOptions = {}) {
         }
         catch (error) {
             let autoFixed = false;
-            console.error(colors.red('ERROR: Version bump failed:'), error.message);
+            console.error(colors.red(`ERROR: Version bump failed in ${cwd} (${pkg.name || '<unnamed>'}):`), error.message);
             // Show additional error details if available
             if (error.stderr || error.stdout || error.code) {
                 if (error.stderr)
@@ -4035,8 +4105,39 @@ export async function globalize(cwd, options = {}, configOptions = {}) {
                     return false;
                 }
             }
+            else if (/paths are ignored by one of your \.gitignore files/i.test(combinedOutput)) {
+                // git add refused to stage files (usually package.json) because a
+                // .gitignore rule matches. Ask git which exact line is to blame.
+                const ignoredMatch = combinedOutput.match(/paths are ignored by one of your \.gitignore files:\s*\n([\s\S]*?)(?:hint:|$)/i);
+                const ignoredFiles = (ignoredMatch ? ignoredMatch[1] : '')
+                    .split('\n').map(s => s.trim()).filter(Boolean);
+                console.error(colors.red(`\n.gitignore in ${cwd} is blocking required file(s):`));
+                for (const f of ignoredFiles) {
+                    const chk = spawnSafe('git', ['-C', cwd, 'check-ignore', '-v', f], { encoding: 'utf-8', stdio: 'pipe' });
+                    if (chk.status === 0 && chk.stdout?.trim()) {
+                        // Output format: "<source>:<line>:<pattern>\t<file>"
+                        const m = chk.stdout.trim().match(/^(.+?):(\d+):(.+?)\t(.+)$/);
+                        if (m) {
+                            const [, src, line, pattern, file] = m;
+                            console.error(colors.red(`  ${file}  —  matched by ${src}:${line}  pattern: ${pattern}`));
+                            if (pattern.trim() === '*') {
+                                console.error(colors.yellow(`    → Line ${line} is a bare "*" which ignores EVERY file. Delete it.`));
+                            }
+                        }
+                        else {
+                            console.error(colors.red(`  ${f}`));
+                            console.error(colors.dim(`    ${chk.stdout.trim()}`));
+                        }
+                    }
+                    else {
+                        console.error(colors.red(`  ${f}`));
+                    }
+                }
+                console.error(colors.yellow(`\nEdit ${path.join(cwd, '.gitignore')} to remove/narrow the blocking pattern,`));
+                console.error(colors.yellow(`or exempt with an explicit negation, e.g.:  !package.json`));
+            }
             else if (error.message?.includes('unknown git error')) {
-                console.error(colors.yellow('Unknown git error — check git hooks, signing, or permissions'));
+                console.error(colors.yellow(`Unknown git error in ${cwd} — check git hooks, signing, or permissions`));
             }
             else if (combinedOutput.includes('gh013') || combinedOutput.includes('push protection') || combinedOutput.includes('push declined due to repository rule')) {
                 // GitHub push protection blocked a push (from postversion script)
@@ -4607,9 +4708,84 @@ export async function globalizeWorkspace(rootDir, options = {}, configOptions =
             }
         }
     }
+    // Prescan: decide which packages actually need processing so we don't waste
+    // time rebuilding+republishing ones with no relevant changes.
+    // A package is SKIPPED only if ALL of:
+    //   - working tree clean (no uncommitted changes)
+    //   - current version is on npm AND no commits newer than its publish time
+    //   - build not stale (every .ts source has a .js no older than it)
+    //   - no sibling workspace file: dep was itself flagged for processing
+    const flaggedForWork = new Set();
+    const skipReasons = new Map();
+    if (!options.force && !options.forcePublish) {
+        console.log(colors.green('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━'));
+        console.log(`  Prescan: checking ${filteredOrder.length} package(s)...`);
+        console.log(colors.green('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━'));
+        const wsDeps = new Map(); // pkg → workspace-sibling file: deps
+        for (const pkgInfo of packages) {
+            const sibs = new Set();
+            const deps = { ...pkgInfo.pkg.dependencies, ...pkgInfo.pkg.devDependencies };
+            for (const [dn, dv] of Object.entries(deps)) {
+                if (typeof dv === 'string' && dv.startsWith('file:') && wsNameSet.has(dn)) {
+                    sibs.add(dn);
+                }
+            }
+            wsDeps.set(pkgInfo.name, sibs);
+        }
+        for (const pkgName of filteredOrder) {
+            const pkgInfo = packages.find(p => p.name === pkgName);
+            if (!pkgInfo)
+                continue;
+            let reason;
+            const status = spawnSafe('git', ['-C', pkgInfo.dir, 'status', '--porcelain', '.'], { encoding: 'utf-8', stdio: 'pipe', shell: true });
+            if (status.status === 0 && status.stdout.trim()) {
+                reason = 'uncommitted changes';
+            }
+            else {
+                const version = pkgInfo.pkg.version;
+                if (!checkVersionExists(pkgInfo.name, version)) {
+                    reason = `v${version} not on npm`;
+                }
+                else if (hasLocalChanges(pkgInfo.name, version, pkgInfo.dir, false)) {
+                    reason = 'commits since last publish';
+                }
+                else {
+                    const stale = hasStaleBuild(pkgInfo.dir);
+                    if (stale.stale) {
+                        reason = `stale build (${stale.example})`;
+                    }
+                    else {
+                        const flaggedSib = [...(wsDeps.get(pkgName) || [])].find(s => flaggedForWork.has(s));
+                        if (flaggedSib)
+                            reason = `dep ${flaggedSib} is being updated`;
+                    }
+                }
+            }
+            if (reason) {
+                flaggedForWork.add(pkgName);
+                console.log(`  ${colors.yellow('⟳')} ${pkgName}  — ${reason}`);
+            }
+            else {
+                skipReasons.set(pkgName, 'clean, published, build fresh');
+                console.log(`  ${colors.green('✓')} ${pkgName}  — skip (clean, published, build fresh)`);
+            }
+        }
+        console.log('');
+        if (flaggedForWork.size === 0) {
+            console.log(colors.green('Nothing to do — all packages up to date.'));
+            console.log('');
+            return { success: true, packages: [], publishOrder };
+        }
+        console.log(colors.dim(`Prescan: ${flaggedForWork.size} to process, ${skipReasons.size} skip. (Use --force to process all.)`));
+        console.log('');
+    }
     // Process each package in dependency order
     const results = [];
     for (const pkgName of filteredOrder) {
+        if (skipReasons.has(pkgName)) {
+            results.push({ name: pkgName, dir: packages.find(p => p.name === pkgName).dir, success: true, version: packages.find(p => p.name === pkgName).pkg.version, skipped: true });
+            continue;
+        }
         const pkgInfo = packages.find(p => p.name === pkgName);
         if (!pkgInfo)
             continue;
@@ -4662,10 +4838,11 @@ export async function globalizeWorkspace(rootDir, options = {}, configOptions =
     console.log(allSuccess ? colors.green('✓ Workspace Summary') : colors.red('✗ Workspace Summary'));
     console.log(colors.green('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━'));
     for (const r of results) {
-        const status = r.success ? colors.green('✓') : colors.red('✗');
+        const status = r.skipped ? colors.dim('–') : (r.success ? colors.green('✓') : colors.red('✗'));
         const ver = r.version ? ` v${r.version}` : '';
         const err = r.error ? colors.red(` (${r.error})`) : '';
-        console.log(`  ${status} ${r.name}${ver}${err}`);
+        const tag = r.skipped ? colors.dim(' (skipped — already up to date)') : '';
+        console.log(`  ${status} ${r.name}${ver}${err}${tag}`);
     }
     console.log(colors.green('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━'));
     console.log('');

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bobfrankston/npmglobalize",
-  "version": "1.0.148",
+  "version": "1.0.150",
   "description": "Transform file: dependencies to npm versions for publishing",
   "main": "index.js",
   "type": "module",