@code-pushup/js-packages-plugin 0.55.0 → 0.57.0

package/src/lib/package-managers/package-managers.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"package-managers.js","sourceRoot":"","sources":["../../../../../../packages/plugin-js-packages/src/lib/package-managers/package-managers.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AACjD,OAAO,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AAEpD,OAAO,EAAE,oBAAoB,EAAE,MAAM,gCAAgC,CAAC;AACtE,OAAO,EAAE,oBAAoB,EAAE,MAAM,8BAA8B,CAAC;AAEpE,MAAM,CAAC,MAAM,eAAe,GAA6C;IACvE,GAAG,EAAE,iBAAiB;IACtB,cAAc,EAAE,oBAAoB;IACpC,aAAa,EAAE,oBAAoB;IACnC,IAAI,EAAE,kBAAkB;CACzB,CAAC"}

package/src/lib/package-managers/pnpm/audit-result.d.ts

@@ -1,3 +1,3 @@
-import type { AuditResult } from '../../runner/audit/types';
+import type { AuditResult } from '../../runner/audit/types.js';
 export declare function pnpmToAuditResult(output: string): AuditResult;
 export declare function pnpmToDirectDependency(path: string): string | true;

package/src/lib/package-managers/pnpm/audit-result.js

@@ -0,0 +1,34 @@
+import { getVulnerabilitiesTotal } from '../../runner/audit/utils.js';
+import { filterOutWarnings } from './utils.js';
+export function pnpmToAuditResult(output) {
+    const pnpmResult = JSON.parse(filterOutWarnings(output));
+    const vulnerabilities = Object.values(pnpmResult.advisories).map(({ module_name: name, id, title, url, severity, vulnerable_versions: versionRange, recommendation: fixInformation, findings, }) => {
+        const path = findings[0]?.paths[0];
+        return {
+            name,
+            id,
+            title,
+            url,
+            severity,
+            versionRange,
+            directDependency: path == null ? true : pnpmToDirectDependency(path),
+            fixInformation,
+        };
+    });
+    return {
+        vulnerabilities,
+        summary: {
+            ...pnpmResult.metadata.vulnerabilities,
+            total: getVulnerabilitiesTotal(pnpmResult.metadata.vulnerabilities),
+        },
+    };
+}
+export function pnpmToDirectDependency(path) {
+    // the format is ". > <direct dependency>@<version> > ... > <current dependency>@<version>"
+    const deps = path.split(' > ').slice(1);
+    if (deps.length <= 1) {
+        return true;
+    }
+    return deps[0]?.split('@')[0] ?? true;
+}
+//# sourceMappingURL=audit-result.js.map

package/src/lib/package-managers/pnpm/audit-result.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit-result.js","sourceRoot":"","sources":["../../../../../../../packages/plugin-js-packages/src/lib/package-managers/pnpm/audit-result.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,uBAAuB,EAAE,MAAM,6BAA6B,CAAC;AAEtE,OAAO,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAE/C,MAAM,UAAU,iBAAiB,CAAC,MAAc;IAC9C,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAC3B,iBAAiB,CAAC,MAAM,CAAC,CACH,CAAC;IAEzB,MAAM,eAAe,GAAG,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,GAAG,CAC9D,CAAC,EACC,WAAW,EAAE,IAAI,EACjB,EAAE,EACF,KAAK,EACL,GAAG,EACH,QAAQ,EACR,mBAAmB,EAAE,YAAY,EACjC,cAAc,EAAE,cAAc,EAC9B,QAAQ,GACT,EAAiB,EAAE;QAClB,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC;QAEnC,OAAO;YACL,IAAI;YACJ,EAAE;YACF,KAAK;YACL,GAAG;YACH,QAAQ;YACR,YAAY;YACZ,gBAAgB,EAAE,IAAI,IAAI,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,sBAAsB,CAAC,IAAI,CAAC;YACpE,cAAc;SACf,CAAC;IACJ,CAAC,CACF,CAAC;IAEF,OAAO;QACL,eAAe;QACf,OAAO,EAAE;YACP,GAAG,UAAU,CAAC,QAAQ,CAAC,eAAe;YACtC,KAAK,EAAE,uBAAuB,CAAC,UAAU,CAAC,QAAQ,CAAC,eAAe,CAAC;SACpE;KACF,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,sBAAsB,CAAC,IAAY;IACjD,2FAA2F;IAC3F,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAExC,IAAI,IAAI,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QACrB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,IAAI,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;AACxC,CAAC"}

package/src/lib/package-managers/pnpm/outdated-result.d.ts

@@ -1,2 +1,2 @@
-import type { OutdatedResult } from '../../runner/outdated/types';
+import type { OutdatedResult } from '../../runner/outdated/types.js';
 export declare function pnpmToOutdatedResult(output: string): OutdatedResult;

package/src/lib/package-managers/pnpm/outdated-result.js

@@ -0,0 +1,12 @@
+import { objectToEntries } from '@code-pushup/utils';
+import { filterOutWarnings } from './utils.js';
+export function pnpmToOutdatedResult(output) {
+    const pnpmOutdated = JSON.parse(filterOutWarnings(output));
+    return objectToEntries(pnpmOutdated).map(([name, { current, latest, dependencyType: type }]) => ({
+        name,
+        current,
+        latest,
+        type,
+    }));
+}
+//# sourceMappingURL=outdated-result.js.map

package/src/lib/package-managers/pnpm/outdated-result.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"outdated-result.js","sourceRoot":"","sources":["../../../../../../../packages/plugin-js-packages/src/lib/package-managers/pnpm/outdated-result.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAGrD,OAAO,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAE/C,MAAM,UAAU,oBAAoB,CAAC,MAAc;IACjD,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAC7B,iBAAiB,CAAC,MAAM,CAAC,CACA,CAAC;IAE5B,OAAO,eAAe,CAAC,YAAY,CAAC,CAAC,GAAG,CACtC,CAAC,CAAC,IAAI,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;QACtD,IAAI;QACJ,OAAO;QACP,MAAM;QACN,IAAI;KACL,CAAC,CACH,CAAC;AACJ,CAAC"}

package/src/lib/package-managers/pnpm/pnpm.d.ts

@@ -1,2 +1,2 @@
-import type { PackageManager } from '../types';
+import type { PackageManager } from '../types.js';
 export declare const pnpmPackageManager: PackageManager;

package/src/lib/package-managers/pnpm/pnpm.js

@@ -0,0 +1,49 @@
+import { objectToKeys } from '@code-pushup/utils';
+import { filterAuditResult } from '../../runner/utils.js';
+import { COMMON_AUDIT_ARGS, COMMON_OUTDATED_ARGS } from '../constants.js';
+import { pnpmToAuditResult } from './audit-result.js';
+import { pnpmToOutdatedResult } from './outdated-result.js';
+const pnpmDependencyOptions = {
+    prod: ['--prod', '--no-optional'],
+    dev: ['--dev', '--no-optional'],
+    optional: [],
+};
+export const pnpmPackageManager = {
+    slug: 'pnpm',
+    name: 'pnpm',
+    command: 'pnpm',
+    icon: 'pnpm',
+    docs: {
+        homepage: 'https://pnpm.io/pnpm-cli',
+        audit: 'https://pnpm.io/cli/audit/',
+        outdated: 'https://pnpm.io/cli/outdated',
+    },
+    audit: {
+        getCommandArgs: groupDep => [
+            ...COMMON_AUDIT_ARGS,
+            ...pnpmDependencyOptions[groupDep],
+        ],
+        ignoreExitCode: true,
+        unifyResult: pnpmToAuditResult,
+        // optional dependencies don't have an exclusive option so they need duplicates filtered out
+        postProcessResult: (results) => {
+            const depGroups = objectToKeys(results);
+            const prodFilter = results.optional && results.prod
+                ? filterAuditResult(results.optional, 'id', results.prod)
+                : results.optional;
+            const devFilter = prodFilter && results.dev
+                ? filterAuditResult(prodFilter, 'id', results.dev)
+                : results.optional;
+            return {
+                ...(depGroups.includes('prod') && { prod: results.prod }),
+                ...(depGroups.includes('dev') && { dev: results.dev }),
+                ...(results.optional && { optional: devFilter }),
+            };
+        },
+    },
+    outdated: {
+        commandArgs: COMMON_OUTDATED_ARGS,
+        unifyResult: pnpmToOutdatedResult,
+    },
+};
+//# sourceMappingURL=pnpm.js.map

package/src/lib/package-managers/pnpm/pnpm.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"pnpm.js","sourceRoot":"","sources":["../../../../../../../packages/plugin-js-packages/src/lib/package-managers/pnpm/pnpm.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAElD,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,iBAAiB,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AAE1E,OAAO,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AACtD,OAAO,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAE5D,MAAM,qBAAqB,GAAsC;IAC/D,IAAI,EAAE,CAAC,QAAQ,EAAE,eAAe,CAAC;IACjC,GAAG,EAAE,CAAC,OAAO,EAAE,eAAe,CAAC;IAC/B,QAAQ,EAAE,EAAE;CACb,CAAC;AAEF,MAAM,CAAC,MAAM,kBAAkB,GAAmB;IAChD,IAAI,EAAE,MAAM;IACZ,IAAI,EAAE,MAAM;IACZ,OAAO,EAAE,MAAM;IACf,IAAI,EAAE,MAAM;IACZ,IAAI,EAAE;QACJ,QAAQ,EAAE,0BAA0B;QACpC,KAAK,EAAE,4BAA4B;QACnC,QAAQ,EAAE,8BAA8B;KACzC;IACD,KAAK,EAAE;QACL,cAAc,EAAE,QAAQ,CAAC,EAAE,CAAC;YAC1B,GAAG,iBAAiB;YACpB,GAAG,qBAAqB,CAAC,QAAQ,CAAC;SACnC;QACD,cAAc,EAAE,IAAI;QACpB,WAAW,EAAE,iBAAiB;QAC9B,4FAA4F;QAC5F,iBAAiB,EAAE,CAAC,OAAqB,EAAE,EAAE;YAC3C,MAAM,SAAS,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;YACxC,MAAM,UAAU,GACd,OAAO,CAAC,QAAQ,IAAI,OAAO,CAAC,IAAI;gBAC9B,CAAC,CAAC,iBAAiB,CAAC,OAAO,CAAC,QAAQ,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,CAAC;gBACzD,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC;YACvB,MAAM,SAAS,GACb,UAAU,IAAI,OAAO,CAAC,GAAG;gBACvB,CAAC,CAAC,iBAAiB,CAAC,UAAU,EAAE,IAAI,EAAE,OAAO,CAAC,GAAG,CAAC;gBAClD,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC;YAEvB,OAAO;gBACL,GAAG,CAAC,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,CAAC;gBACzD,GAAG,CAAC,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC;gBACtD,GAAG,CAAC,OAAO,CAAC,QAAQ,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;aACjD,CAAC;QACJ,CAAC;KACF;IACD,QAAQ,EAAE;QACR,WAAW,EAAE,oBAAoB;QACjC,WAAW,EAAE,oBAAoB;KAClC;CACF,CAAC"}

package/src/lib/package-managers/pnpm/types.d.ts

@@ -1,5 +1,5 @@
-import type { PackageAuditLevel } from '../../config';
-import type { DependencyGroupLong } from '../../runner/outdated/types';
+import type { PackageAuditLevel } from '../../config.js';
+import type { DependencyGroupLong } from '../../runner/outdated/types.js';
 export type PnpmAuditAdvisory = {
     module_name: string;
     id: number;

package/src/lib/package-managers/pnpm/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/src/lib/package-managers/pnpm/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../../../../../packages/plugin-js-packages/src/lib/package-managers/pnpm/types.ts"],"names":[],"mappings":""}

package/src/lib/package-managers/pnpm/utils.js

@@ -0,0 +1,5 @@
+export const filterOutWarnings = (output) => output
+    .split('\n')
+    .filter(line => !line.trim().startsWith('WARN'))
+    .join('\n');
+//# sourceMappingURL=utils.js.map

package/src/lib/package-managers/pnpm/utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../../../../../../packages/plugin-js-packages/src/lib/package-managers/pnpm/utils.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,MAAc,EAAU,EAAE,CAC1D,MAAM;KACH,KAAK,CAAC,IAAI,CAAC;KACX,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;KAC/C,IAAI,CAAC,IAAI,CAAC,CAAC"}

package/src/lib/package-managers/types.d.ts

@@ -1,7 +1,7 @@
 import type { MaterialIcon } from '@code-pushup/models';
-import type { DependencyGroup, PackageManagerId } from '../config';
-import type { AuditResult } from '../runner/audit/types';
-import type { OutdatedResult } from '../runner/outdated/types';
+import type { DependencyGroup, PackageManagerId } from '../config.js';
+import type { AuditResult } from '../runner/audit/types.js';
+import type { OutdatedResult } from '../runner/outdated/types.js';
 export type AuditResults = Partial<Record<DependencyGroup, AuditResult>>;
 export type PackageManager = {
     slug: PackageManagerId;

package/src/lib/package-managers/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/src/lib/package-managers/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../../../../packages/plugin-js-packages/src/lib/package-managers/types.ts"],"names":[],"mappings":""}

package/src/lib/package-managers/yarn-classic/audit-result.d.ts

@@ -1,2 +1,2 @@
-import type { AuditResult } from '../../runner/audit/types';
+import type { AuditResult } from '../../runner/audit/types.js';
 export declare function yarnv1ToAuditResult(output: string): AuditResult;

package/src/lib/package-managers/yarn-classic/audit-result.js

@@ -0,0 +1,36 @@
+import { fromJsonLines } from '@code-pushup/utils';
+import { filterAuditResult } from '../../runner/utils.js';
+export function yarnv1ToAuditResult(output) {
+    const yarnv1Result = fromJsonLines(output);
+    const [yarnv1Advisory, yarnv1Summary] = validateYarnv1Result(yarnv1Result);
+    const vulnerabilities = yarnv1Advisory.map(({ data: { resolution, advisory } }) => {
+        const { id, path } = resolution;
+        const directDependency = path.slice(0, path.indexOf('>'));
+        const { module_name: name, title, url, severity, vulnerable_versions: versionRange, recommendation: fixInformation, } = advisory;
+        return {
+            name,
+            title,
+            id,
+            url,
+            severity,
+            versionRange,
+            directDependency: name === directDependency ? true : directDependency,
+            fixInformation,
+        };
+    });
+    const summary = {
+        ...yarnv1Summary.data.vulnerabilities,
+        total: Object.values(yarnv1Summary.data.vulnerabilities).reduce((acc, amount) => acc + amount, 0),
+    };
+    // duplicates are filtered out based on their ID
+    return filterAuditResult({ vulnerabilities, summary }, 'id');
+}
+function validateYarnv1Result(result) {
+    const summary = result.at(-1);
+    if (summary?.type !== 'auditSummary') {
+        throw new Error('Invalid Yarn v1 audit result - no summary found.');
+    }
+    const vulnerabilities = result.filter((item) => item.type === 'auditAdvisory');
+    return [vulnerabilities, summary];
+}
+//# sourceMappingURL=audit-result.js.map

package/src/lib/package-managers/yarn-classic/audit-result.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit-result.js","sourceRoot":"","sources":["../../../../../../../packages/plugin-js-packages/src/lib/package-managers/yarn-classic/audit-result.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAEnD,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAO1D,MAAM,UAAU,mBAAmB,CAAC,MAAc;IAChD,MAAM,YAAY,GAAG,aAAa,CAAwB,MAAM,CAAC,CAAC;IAClE,MAAM,CAAC,cAAc,EAAE,aAAa,CAAC,GAAG,oBAAoB,CAAC,YAAY,CAAC,CAAC;IAE3E,MAAM,eAAe,GAAG,cAAc,CAAC,GAAG,CACxC,CAAC,EAAE,IAAI,EAAE,EAAE,UAAU,EAAE,QAAQ,EAAE,EAAE,EAAiB,EAAE;QACpD,MAAM,EAAE,EAAE,EAAE,IAAI,EAAE,GAAG,UAAU,CAAC;QAChC,MAAM,gBAAgB,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC;QAE1D,MAAM,EACJ,WAAW,EAAE,IAAI,EACjB,KAAK,EACL,GAAG,EACH,QAAQ,EACR,mBAAmB,EAAE,YAAY,EACjC,cAAc,EAAE,cAAc,GAC/B,GAAG,QAAQ,CAAC;QAEb,OAAO;YACL,IAAI;YACJ,KAAK;YACL,EAAE;YACF,GAAG;YACH,QAAQ;YACR,YAAY;YACZ,gBAAgB,EAAE,IAAI,KAAK,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,gBAAgB;YACrE,cAAc;SACf,CAAC;IACJ,CAAC,CACF,CAAC;IAEF,MAAM,OAAO,GAAG;QACd,GAAG,aAAa,CAAC,IAAI,CAAC,eAAe;QACrC,KAAK,EAAE,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,CAC7D,CAAC,GAAG,EAAE,MAAM,EAAE,EAAE,CAAC,GAAG,GAAG,MAAM,EAC7B,CAAC,CACF;KACF,CAAC;IAEF,gDAAgD;IAChD,OAAO,iBAAiB,CAAC,EAAE,eAAe,EAAE,OAAO,EAAE,EAAE,IAAI,CAAC,CAAC;AAC/D,CAAC;AAED,SAAS,oBAAoB,CAC3B,MAA6B;IAE7B,MAAM,OAAO,GAAG,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;IAC9B,IAAI,OAAO,EAAE,IAAI,KAAK,cAAc,EAAE,CAAC;QACrC,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;IACtE,CAAC;IAED,MAAM,eAAe,GAAG,MAAM,CAAC,MAAM,CACnC,CAAC,IAAI,EAA+B,EAAE,CAAC,IAAI,CAAC,IAAI,KAAK,eAAe,CACrE,CAAC;IAEF,OAAO,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC;AACpC,CAAC"}

package/src/lib/package-managers/yarn-classic/constants.d.ts

@@ -1,4 +1,4 @@
-import type { OutdatedDependency } from '../../runner/outdated/types';
-import type { Yarnv1FieldName } from './types';
+import type { OutdatedDependency } from '../../runner/outdated/types.js';
+import type { Yarnv1FieldName } from './types.js';
 export declare const outdatedtoFieldMapper: Record<keyof OutdatedDependency, Yarnv1FieldName>;
 export declare const REQUIRED_OUTDATED_FIELDS: Yarnv1FieldName[];

package/src/lib/package-managers/yarn-classic/constants.js

@@ -0,0 +1,14 @@
+export const outdatedtoFieldMapper = {
+    name: 'Package',
+    current: 'Current',
+    latest: 'Latest',
+    type: 'Package Type',
+    url: 'URL',
+};
+export const REQUIRED_OUTDATED_FIELDS = [
+    'Package',
+    'Current',
+    'Latest',
+    'Package Type',
+];
+//# sourceMappingURL=constants.js.map

package/src/lib/package-managers/yarn-classic/constants.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"constants.js","sourceRoot":"","sources":["../../../../../../../packages/plugin-js-packages/src/lib/package-managers/yarn-classic/constants.ts"],"names":[],"mappings":"AAGA,MAAM,CAAC,MAAM,qBAAqB,GAG9B;IACF,IAAI,EAAE,SAAS;IACf,OAAO,EAAE,SAAS;IAClB,MAAM,EAAE,QAAQ;IAChB,IAAI,EAAE,cAAc;IACpB,GAAG,EAAE,KAAK;CACX,CAAC;AAEF,MAAM,CAAC,MAAM,wBAAwB,GAAsB;IACzD,SAAS;IACT,SAAS;IACT,QAAQ;IACR,cAAc;CACf,CAAC"}

package/src/lib/package-managers/yarn-classic/outdated-result.d.ts

@@ -1,4 +1,4 @@
-import type { OutdatedDependency, OutdatedResult } from '../../runner/outdated/types';
+import type { OutdatedDependency, OutdatedResult } from '../../runner/outdated/types.js';
 export declare function yarnv1ToOutdatedResult(output: string): OutdatedResult;
 export declare function validateOutdatedFields(head: string[]): boolean;
 export declare function getOutdatedFieldIndexes(all: string[]): Record<keyof OutdatedDependency, number>;

package/src/lib/package-managers/yarn-classic/outdated-result.js

@@ -0,0 +1,39 @@
+import { fromJsonLines, objectFromEntries, objectToEntries, objectToKeys, } from '@code-pushup/utils';
+import { REQUIRED_OUTDATED_FIELDS, outdatedtoFieldMapper, } from './constants.js';
+import { yarnv1FieldNames, } from './types.js';
+export function yarnv1ToOutdatedResult(output) {
+    const yarnv1Outdated = fromJsonLines(output);
+    const fields = yarnv1Outdated[1].data.head;
+    const dependencies = yarnv1Outdated[1].data.body;
+    // no outdated dependencies
+    if (dependencies.length === 0) {
+        return [];
+    }
+    // map dynamic fields
+    validateOutdatedFields(fields);
+    const indexMapping = getOutdatedFieldIndexes(fields);
+    return dependencies.map(dep => objectFromEntries(objectToKeys(indexMapping)
+        .map(field => [field, dep[indexMapping[field]]])
+        .filter((entry) => entry[1] != null)));
+}
+export function validateOutdatedFields(head) {
+    const relevantFields = head.filter(isYarnv1FieldName);
+    if (hasAllRequiredFields(relevantFields)) {
+        return true;
+    }
+    throw new Error(`Yarn v1 outdated: Template [${head.join(', ')}] does not contain all required fields [${yarnv1FieldNames.join(', ')}]`);
+}
+function isYarnv1FieldName(value) {
+    const names = yarnv1FieldNames;
+    return names.includes(value);
+}
+function hasAllRequiredFields(head) {
+    return REQUIRED_OUTDATED_FIELDS.every(field => head.includes(field));
+}
+export function getOutdatedFieldIndexes(all) {
+    return objectFromEntries(objectToEntries(outdatedtoFieldMapper).map(([outdatedField, yarnField]) => [
+        outdatedField,
+        all.indexOf(yarnField),
+    ]));
+}
+//# sourceMappingURL=outdated-result.js.map

package/src/lib/package-managers/yarn-classic/outdated-result.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"outdated-result.js","sourceRoot":"","sources":["../../../../../../../packages/plugin-js-packages/src/lib/package-managers/yarn-classic/outdated-result.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,aAAa,EACb,iBAAiB,EACjB,eAAe,EACf,YAAY,GACb,MAAM,oBAAoB,CAAC;AAK5B,OAAO,EACL,wBAAwB,EACxB,qBAAqB,GACtB,MAAM,gBAAgB,CAAC;AACxB,OAAO,EAGL,gBAAgB,GACjB,MAAM,YAAY,CAAC;AAEpB,MAAM,UAAU,sBAAsB,CAAC,MAAc;IACnD,MAAM,cAAc,GAAG,aAAa,CAA2B,MAAM,CAAC,CAAC;IACvE,MAAM,MAAM,GAAG,cAAc,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;IAC3C,MAAM,YAAY,GAAG,cAAc,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;IAEjD,2BAA2B;IAC3B,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC9B,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,qBAAqB;IACrB,sBAAsB,CAAC,MAAM,CAAC,CAAC;IAC/B,MAAM,YAAY,GAAG,uBAAuB,CAAC,MAAM,CAAC,CAAC;IAErD,OAAO,YAAY,CAAC,GAAG,CACrB,GAAG,CAAC,EAAE,CACJ,iBAAiB,CACf,YAAY,CAAC,YAAY,CAAC;SACvB,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,KAAK,EAAE,GAAG,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAU,CAAC;SACxD,MAAM,CACL,CAAC,KAAK,EAA+C,EAAE,CACrD,KAAK,CAAC,CAAC,CAAC,IAAI,IAAI,CACnB,CACkB,CAC1B,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,sBAAsB,CAAC,IAAc;IACnD,MAAM,cAAc,GAAG,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;IACtD,IAAI,oBAAoB,CAAC,cAAc,CAAC,EAAE,CAAC;QACzC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,IAAI,KAAK,CACb,+BAA+B,IAAI,CAAC,IAAI,CACtC,IAAI,CACL,2CAA2C,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAC3E,CAAC;AACJ,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAa;IACtC,MAAM,KAAK,GAAsB,gBAAgB,CAAC;IAClD,OAAO,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AAC/B,CAAC;AAED,SAAS,oBAAoB,CAAC,IAAuB;IACnD,OAAO,wBAAwB,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC;AACvE,CAAC;AAED,MAAM,UAAU,uBAAuB,CAAC,GAAa;IACnD,OAAO,iBAAiB,CACtB,eAAe,CAAC,qBAAqB,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,aAAa,EAAE,SAAS,CAAC,EAAE,EAAE,CAAC;QACzE,aAAa;QACb,GAAG,CAAC,OAAO,CAAC,SAAS,CAAC;KACvB,CAAC,CACH,CAAC;AACJ,CAAC"}

package/src/lib/package-managers/yarn-classic/types.d.ts

@@ -1,4 +1,4 @@
-import type { PackageAuditLevel } from '../../config';
+import type { PackageAuditLevel } from '../../config.js';
 export type Yarnv1AuditAdvisory = {
     type: 'auditAdvisory';
     data: {

package/src/lib/package-managers/yarn-classic/types.js

@@ -0,0 +1,8 @@
+export const yarnv1FieldNames = [
+    'Package',
+    'Current',
+    'Latest',
+    'Package Type',
+    'URL',
+];
+//# sourceMappingURL=types.js.map

package/src/lib/package-managers/yarn-classic/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../../../../../packages/plugin-js-packages/src/lib/package-managers/yarn-classic/types.ts"],"names":[],"mappings":"AAkCA,MAAM,CAAC,MAAM,gBAAgB,GAAG;IAC9B,SAAS;IACT,SAAS;IACT,QAAQ;IACR,cAAc;IACd,KAAK;CACG,CAAC"}

package/src/lib/package-managers/yarn-classic/yarn-classic.d.ts

@@ -1,2 +1,2 @@
-import type { PackageManager } from '../types';
+import type { PackageManager } from '../types.js';
 export declare const yarnv1PackageManager: PackageManager;

package/src/lib/package-managers/yarn-classic/yarn-classic.js

@@ -0,0 +1,29 @@
+import { dependencyGroupToLong } from '../../constants.js';
+import { COMMON_AUDIT_ARGS, COMMON_OUTDATED_ARGS } from '../constants.js';
+import { yarnv1ToAuditResult } from './audit-result.js';
+import { yarnv1ToOutdatedResult } from './outdated-result.js';
+export const yarnv1PackageManager = {
+    slug: 'yarn-classic',
+    name: 'Yarn v1',
+    command: 'yarn',
+    icon: 'yarn',
+    docs: {
+        homepage: 'https://classic.yarnpkg.com/docs/',
+        audit: 'https://classic.yarnpkg.com/docs/cli/audit',
+        outdated: 'https://classic.yarnpkg.com/docs/cli/outdated/',
+    },
+    audit: {
+        getCommandArgs: groupDep => [
+            ...COMMON_AUDIT_ARGS,
+            '--groups',
+            dependencyGroupToLong[groupDep],
+        ],
+        ignoreExitCode: true,
+        unifyResult: yarnv1ToAuditResult,
+    },
+    outdated: {
+        commandArgs: COMMON_OUTDATED_ARGS,
+        unifyResult: yarnv1ToOutdatedResult,
+    },
+};
+//# sourceMappingURL=yarn-classic.js.map

package/src/lib/package-managers/yarn-classic/yarn-classic.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"yarn-classic.js","sourceRoot":"","sources":["../../../../../../../packages/plugin-js-packages/src/lib/package-managers/yarn-classic/yarn-classic.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,qBAAqB,EAAE,MAAM,oBAAoB,CAAC;AAC3D,OAAO,EAAE,iBAAiB,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AAE1E,OAAO,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AACxD,OAAO,EAAE,sBAAsB,EAAE,MAAM,sBAAsB,CAAC;AAE9D,MAAM,CAAC,MAAM,oBAAoB,GAAmB;IAClD,IAAI,EAAE,cAAc;IACpB,IAAI,EAAE,SAAS;IACf,OAAO,EAAE,MAAM;IACf,IAAI,EAAE,MAAM;IACZ,IAAI,EAAE;QACJ,QAAQ,EAAE,mCAAmC;QAC7C,KAAK,EAAE,4CAA4C;QACnD,QAAQ,EAAE,gDAAgD;KAC3D;IACD,KAAK,EAAE;QACL,cAAc,EAAE,QAAQ,CAAC,EAAE,CAAC;YAC1B,GAAG,iBAAiB;YACpB,UAAU;YACV,qBAAqB,CAAC,QAAQ,CAAC;SAChC;QACD,cAAc,EAAE,IAAI;QACpB,WAAW,EAAE,mBAAmB;KACjC;IACD,QAAQ,EAAE;QACR,WAAW,EAAE,oBAAoB;QACjC,WAAW,EAAE,sBAAsB;KACpC;CACF,CAAC"}

package/src/lib/package-managers/yarn-modern/audit-result.d.ts

@@ -1,2 +1,2 @@
-import type { AuditResult } from '../../runner/audit/types';
+import type { AuditResult } from '../../runner/audit/types.js';
 export declare function yarnv2ToAuditResult(output: string): AuditResult;

package/src/lib/package-managers/yarn-modern/audit-result.js

@@ -0,0 +1,25 @@
+import { getVulnerabilitiesTotal } from '../../runner/audit/utils.js';
+export function yarnv2ToAuditResult(output) {
+    const yarnv2Audit = JSON.parse(output);
+    const vulnerabilities = Object.values(yarnv2Audit.advisories).map(({ module_name: name, severity, title, url, vulnerable_versions: versionRange, recommendation: fixInformation, findings, }) => {
+        // TODO missing example of an indirect dependency to verify this
+        const directDep = findings[0]?.paths[0];
+        return {
+            name,
+            severity,
+            title,
+            url,
+            versionRange,
+            fixInformation,
+            directDependency: directDep != null && directDep !== name ? directDep : true,
+        };
+    });
+    return {
+        vulnerabilities,
+        summary: {
+            ...yarnv2Audit.metadata.vulnerabilities,
+            total: getVulnerabilitiesTotal(yarnv2Audit.metadata.vulnerabilities),
+        },
+    };
+}
+//# sourceMappingURL=audit-result.js.map

package/src/lib/package-managers/yarn-modern/audit-result.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit-result.js","sourceRoot":"","sources":["../../../../../../../packages/plugin-js-packages/src/lib/package-managers/yarn-modern/audit-result.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,uBAAuB,EAAE,MAAM,6BAA6B,CAAC;AAGtE,MAAM,UAAU,mBAAmB,CAAC,MAAc;IAChD,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAA0B,CAAC;IAEhE,MAAM,eAAe,GAAG,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC,GAAG,CAC/D,CAAC,EACC,WAAW,EAAE,IAAI,EACjB,QAAQ,EACR,KAAK,EACL,GAAG,EACH,mBAAmB,EAAE,YAAY,EACjC,cAAc,EAAE,cAAc,EAC9B,QAAQ,GACT,EAAiB,EAAE;QAClB,gEAAgE;QAChE,MAAM,SAAS,GAAG,QAAQ,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC;QACxC,OAAO;YACL,IAAI;YACJ,QAAQ;YACR,KAAK;YACL,GAAG;YACH,YAAY;YACZ,cAAc;YACd,gBAAgB,EACd,SAAS,IAAI,IAAI,IAAI,SAAS,KAAK,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI;SAC7D,CAAC;IACJ,CAAC,CACF,CAAC;IAEF,OAAO;QACL,eAAe;QACf,OAAO,EAAE;YACP,GAAG,WAAW,CAAC,QAAQ,CAAC,eAAe;YACvC,KAAK,EAAE,uBAAuB,CAAC,WAAW,CAAC,QAAQ,CAAC,eAAe,CAAC;SACrE;KACF,CAAC;AACJ,CAAC"}

package/src/lib/package-managers/yarn-modern/outdated-result.d.ts

@@ -1,2 +1,2 @@
-import type { OutdatedResult } from '../../runner/outdated/types';
+import type { OutdatedResult } from '../../runner/outdated/types.js';
 export declare function yarnv2ToOutdatedResult(output: string): OutdatedResult;

package/src/lib/package-managers/yarn-modern/outdated-result.js

@@ -0,0 +1,10 @@
+export function yarnv2ToOutdatedResult(output) {
+    const npmOutdated = JSON.parse(output);
+    return npmOutdated.map(({ name, current, latest, type }) => ({
+        name,
+        current,
+        latest,
+        type,
+    }));
+}
+//# sourceMappingURL=outdated-result.js.map

package/src/lib/package-managers/yarn-modern/outdated-result.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"outdated-result.js","sourceRoot":"","sources":["../../../../../../../packages/plugin-js-packages/src/lib/package-managers/yarn-modern/outdated-result.ts"],"names":[],"mappings":"AAGA,MAAM,UAAU,sBAAsB,CAAC,MAAc;IACnD,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAA6B,CAAC;IAEnE,OAAO,WAAW,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;QAC3D,IAAI;QACJ,OAAO;QACP,MAAM;QACN,IAAI;KACL,CAAC,CAAC,CAAC;AACN,CAAC"}

package/src/lib/package-managers/yarn-modern/types.d.ts

@@ -1,5 +1,5 @@
-import type { PackageAuditLevel } from '../../config';
-import type { DependencyGroupLong } from '../../runner/outdated/types';
+import type { PackageAuditLevel } from '../../config.js';
+import type { DependencyGroupLong } from '../../runner/outdated/types.js';
 export type Yarnv2AuditAdvisory = {
     module_name: string;
     severity: PackageAuditLevel;

package/src/lib/package-managers/yarn-modern/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/src/lib/package-managers/yarn-modern/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../../../../../packages/plugin-js-packages/src/lib/package-managers/yarn-modern/types.ts"],"names":[],"mappings":""}

package/src/lib/package-managers/yarn-modern/yarn-modern.d.ts

@@ -1,2 +1,2 @@
-import type { PackageManager } from '../types';
+import type { PackageManager } from '../types.js';
 export declare const yarnv2PackageManager: PackageManager;

package/src/lib/package-managers/yarn-modern/yarn-modern.js

@@ -0,0 +1,36 @@
+import { COMMON_AUDIT_ARGS, COMMON_OUTDATED_ARGS } from '../constants.js';
+import { yarnv2ToAuditResult } from './audit-result.js';
+import { yarnv2ToOutdatedResult } from './outdated-result.js';
+// see https://github.com/yarnpkg/berry/blob/master/packages/plugin-npm-cli/sources/npmAuditTypes.ts#L5
+const yarnv2EnvironmentOptions = {
+    prod: 'production',
+    dev: 'development',
+    optional: '',
+};
+export const yarnv2PackageManager = {
+    slug: 'yarn-modern',
+    name: 'yarn-modern',
+    command: 'yarn',
+    icon: 'yarn',
+    docs: {
+        homepage: 'https://yarnpkg.com/getting-started',
+        audit: 'https://yarnpkg.com/cli/npm/audit',
+        outdated: 'https://github.com/mskelton/yarn-plugin-outdated',
+    },
+    audit: {
+        getCommandArgs: groupDep => [
+            'npm',
+            ...COMMON_AUDIT_ARGS,
+            '--environment',
+            yarnv2EnvironmentOptions[groupDep],
+        ],
+        supportedDepGroups: ['prod', 'dev'], // Yarn v2 does not support audit for optional dependencies
+        unifyResult: yarnv2ToAuditResult,
+        ignoreExitCode: true,
+    },
+    outdated: {
+        commandArgs: COMMON_OUTDATED_ARGS,
+        unifyResult: yarnv2ToOutdatedResult,
+    },
+};
+//# sourceMappingURL=yarn-modern.js.map

package/src/lib/package-managers/yarn-modern/yarn-modern.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"yarn-modern.js","sourceRoot":"","sources":["../../../../../../../packages/plugin-js-packages/src/lib/package-managers/yarn-modern/yarn-modern.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,iBAAiB,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AAE1E,OAAO,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AACxD,OAAO,EAAE,sBAAsB,EAAE,MAAM,sBAAsB,CAAC;AAE9D,uGAAuG;AACvG,MAAM,wBAAwB,GAAoC;IAChE,IAAI,EAAE,YAAY;IAClB,GAAG,EAAE,aAAa;IAClB,QAAQ,EAAE,EAAE;CACb,CAAC;AAEF,MAAM,CAAC,MAAM,oBAAoB,GAAmB;IAClD,IAAI,EAAE,aAAa;IACnB,IAAI,EAAE,aAAa;IACnB,OAAO,EAAE,MAAM;IACf,IAAI,EAAE,MAAM;IACZ,IAAI,EAAE;QACJ,QAAQ,EAAE,qCAAqC;QAC/C,KAAK,EAAE,mCAAmC;QAC1C,QAAQ,EAAE,kDAAkD;KAC7D;IACD,KAAK,EAAE;QACL,cAAc,EAAE,QAAQ,CAAC,EAAE,CAAC;YAC1B,KAAK;YACL,GAAG,iBAAiB;YACpB,eAAe;YACf,wBAAwB,CAAC,QAAQ,CAAC;SACnC;QACD,kBAAkB,EAAE,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,2DAA2D;QAChG,WAAW,EAAE,mBAAmB;QAChC,cAAc,EAAE,IAAI;KACrB;IACD,QAAQ,EAAE;QACR,WAAW,EAAE,oBAAoB;QACjC,WAAW,EAAE,sBAAsB;KACpC;CACF,CAAC"}

package/src/lib/runner/audit/constants.d.ts

@@ -1,2 +1,2 @@
-import type { PackageAuditLevel } from '../../config';
+import type { PackageAuditLevel } from '../../config.js';
 export declare const auditScoreModifiers: Record<PackageAuditLevel, number>;

package/src/lib/runner/audit/constants.js

@@ -0,0 +1,10 @@
+export const auditScoreModifiers = {
+    /* eslint-disable @typescript-eslint/no-magic-numbers */
+    critical: 1,
+    high: 0.1,
+    moderate: 0.05,
+    low: 0.02,
+    info: 0.01,
+    /* eslint-enable @typescript-eslint/no-magic-numbers */
+};
+//# sourceMappingURL=constants.js.map

package/src/lib/runner/audit/constants.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"constants.js","sourceRoot":"","sources":["../../../../../../../packages/plugin-js-packages/src/lib/runner/audit/constants.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,mBAAmB,GAAsC;IACpE,wDAAwD;IACxD,QAAQ,EAAE,CAAC;IACX,IAAI,EAAE,GAAG;IACT,QAAQ,EAAE,IAAI;IACd,GAAG,EAAE,IAAI;IACT,IAAI,EAAE,IAAI;IACV,uDAAuD;CACxD,CAAC"}

package/src/lib/runner/audit/transform.d.ts

@@ -1,6 +1,6 @@
 import type { AuditOutput, Issue } from '@code-pushup/models';
-import { type AuditSeverity, type DependencyGroup, type PackageManagerId } from '../../config';
-import type { AuditResult, AuditSummary, Vulnerability } from './types';
+import { type AuditSeverity, type DependencyGroup, type PackageManagerId } from '../../config.js';
+import type { AuditResult, AuditSummary, Vulnerability } from './types.js';
 export declare function auditResultToAuditOutput(result: AuditResult, id: PackageManagerId, depGroup: DependencyGroup, auditLevelMapping: AuditSeverity): AuditOutput;
 export declare function calculateAuditScore(stats: AuditSummary): number;
 export declare function summaryToDisplayValue(summary: AuditSummary): string;

package/src/lib/runner/audit/transform.js

@@ -0,0 +1,63 @@
+import { md } from 'build-md';
+import { objectToEntries } from '@code-pushup/utils';
+import { packageAuditLevels, } from '../../config.js';
+import { auditScoreModifiers } from './constants.js';
+export function auditResultToAuditOutput(result, id, depGroup, auditLevelMapping) {
+    const issues = vulnerabilitiesToIssues(result.vulnerabilities, auditLevelMapping);
+    return {
+        slug: `${id}-audit-${depGroup}`,
+        score: calculateAuditScore(result.summary),
+        value: result.summary.total,
+        displayValue: summaryToDisplayValue(result.summary),
+        details: { issues },
+    };
+}
+export function calculateAuditScore(stats) {
+    if (stats.total === 0) {
+        return 1;
+    }
+    return objectToEntries(stats).reduce((score, [level, vulnerabilities]) => {
+        if (level === 'total') {
+            return score;
+        }
+        const reducedScore = score - auditScoreModifiers[level] * vulnerabilities;
+        return Math.max(reducedScore, 0);
+    }, 1);
+}
+export function summaryToDisplayValue(summary) {
+    if (summary.total === 0) {
+        return '0 vulnerabilities';
+    }
+    const vulnerabilityStats = packageAuditLevels
+        .map(level => (summary[level] > 0 ? `${summary[level]} ${level}` : ''))
+        .filter(text => text !== '')
+        .join(', ');
+    return `${summary.total} ${summary.total === 1 ? 'vulnerability' : 'vulnerabilities'} (${vulnerabilityStats})`;
+}
+export function vulnerabilitiesToIssues(vulnerabilities, auditLevelMapping) {
+    if (vulnerabilities.length === 0) {
+        return [];
+    }
+    return vulnerabilities.map((detail) => {
+        const versionRange = detail.versionRange === '*'
+            ? md `${md.bold('all')} versions`
+            : md `versions ${md.bold(detail.versionRange)}`;
+        const directDependency = typeof detail.directDependency === 'string' &&
+            detail.directDependency !== ''
+            ? md.code(detail.directDependency)
+            : '';
+        const depHierarchy = directDependency
+            ? md `${directDependency}'s dependency ${md.code(detail.name)}`
+            : md `${md.code(detail.name)} dependency`;
+        const vulnerabilitySummary = md `has a ${md.bold(detail.severity)} vulnerability in ${versionRange}.`;
+        const fixInfo = detail.fixInformation ? ` ${detail.fixInformation}` : '';
+        const additionalInfo = detail.title != null && detail.url != null
+            ? md ` More information: ${md.link(detail.url, detail.title)}`
+            : '';
+        return {
+            message: md `${depHierarchy} ${vulnerabilitySummary}${fixInfo}${additionalInfo}`.toString(),
+            severity: auditLevelMapping[detail.severity],
+        };
+    });
+}
+//# sourceMappingURL=transform.js.map

package/src/lib/runner/audit/transform.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"transform.js","sourceRoot":"","sources":["../../../../../../../packages/plugin-js-packages/src/lib/runner/audit/transform.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,EAAE,EAAE,MAAM,UAAU,CAAC;AAE9B,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,EAIL,kBAAkB,GACnB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AAGrD,MAAM,UAAU,wBAAwB,CACtC,MAAmB,EACnB,EAAoB,EACpB,QAAyB,EACzB,iBAAgC;IAEhC,MAAM,MAAM,GAAG,uBAAuB,CACpC,MAAM,CAAC,eAAe,EACtB,iBAAiB,CAClB,CAAC;IAEF,OAAO;QACL,IAAI,EAAE,GAAG,EAAE,UAAU,QAAQ,EAAE;QAC/B,KAAK,EAAE,mBAAmB,CAAC,MAAM,CAAC,OAAO,CAAC;QAC1C,KAAK,EAAE,MAAM,CAAC,OAAO,CAAC,KAAK;QAC3B,YAAY,EAAE,qBAAqB,CAAC,MAAM,CAAC,OAAO,CAAC;QACnD,OAAO,EAAE,EAAE,MAAM,EAAE;KACpB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,KAAmB;IACrD,IAAI,KAAK,CAAC,KAAK,KAAK,CAAC,EAAE,CAAC;QACtB,OAAO,CAAC,CAAC;IACX,CAAC;IAED,OAAO,eAAe,CAAC,KAAK,CAAC,CAAC,MAAM,CAClC,CAAC,KAAK,EAAE,CAAC,KAAK,EAAE,eAAe,CAAC,EAAE,EAAE;QAClC,IAAI,KAAK,KAAK,OAAO,EAAE,CAAC;YACtB,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,YAAY,GAAG,KAAK,GAAG,mBAAmB,CAAC,KAAK,CAAC,GAAG,eAAe,CAAC;QAC1E,OAAO,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC;IACnC,CAAC,EACD,CAAC,CACF,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,OAAqB;IACzD,IAAI,OAAO,CAAC,KAAK,KAAK,CAAC,EAAE,CAAC;QACxB,OAAO,mBAAmB,CAAC;IAC7B,CAAC;IAED,MAAM,kBAAkB,GAAG,kBAAkB;SAC1C,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;SACtE,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,KAAK,EAAE,CAAC;SAC3B,IAAI,CAAC,IAAI,CAAC,CAAC;IACd,OAAO,GAAG,OAAO,CAAC,KAAK,IACrB,OAAO,CAAC,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,iBAC1C,KAAK,kBAAkB,GAAG,CAAC;AAC7B,CAAC;AAED,MAAM,UAAU,uBAAuB,CACrC,eAAgC,EAChC,iBAAgC;IAEhC,IAAI,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjC,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,OAAO,eAAe,CAAC,GAAG,CAAC,CAAC,MAAM,EAAS,EAAE;QAC3C,MAAM,YAAY,GAChB,MAAM,CAAC,YAAY,KAAK,GAAG;YACzB,CAAC,CAAC,EAAE,CAAA,GAAG,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW;YAChC,CAAC,CAAC,EAAE,CAAA,YAAY,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,EAAE,CAAC;QACnD,MAAM,gBAAgB,GACpB,OAAO,MAAM,CAAC,gBAAgB,KAAK,QAAQ;YAC3C,MAAM,CAAC,gBAAgB,KAAK,EAAE;YAC5B,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC;YAClC,CAAC,CAAC,EAAE,CAAC;QACT,MAAM,YAAY,GAAG,gBAAgB;YACnC,CAAC,CAAC,EAAE,CAAA,GAAG,gBAAgB,iBAAiB,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE;YAC9D,CAAC,CAAC,EAAE,CAAA,GAAG,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC;QAE3C,MAAM,oBAAoB,GAAG,EAAE,CAAA,SAAS,EAAE,CAAC,IAAI,CAC7C,MAAM,CAAC,QAAQ,CAChB,qBAAqB,YAAY,GAAG,CAAC;QACtC,MAAM,OAAO,GAAG,MAAM,CAAC,cAAc,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACzE,MAAM,cAAc,GAClB,MAAM,CAAC,KAAK,IAAI,IAAI,IAAI,MAAM,CAAC,GAAG,IAAI,IAAI;YACxC,CAAC,CAAC,EAAE,CAAA,sBAAsB,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,KAAK,CAAC,EAAE;YAC7D,CAAC,CAAC,EAAE,CAAC;QAET,OAAO;YACL,OAAO,EACL,EAAE,CAAA,GAAG,YAAY,IAAI,oBAAoB,GAAG,OAAO,GAAG,cAAc,EAAE,CAAC,QAAQ,EAAE;YACnF,QAAQ,EAAE,iBAAiB,CAAC,MAAM,CAAC,QAAQ,CAAC;SAC7C,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC"}

package/src/lib/runner/audit/types.d.ts

@@ -1,4 +1,4 @@
-import type { PackageAuditLevel } from '../../config';
+import type { PackageAuditLevel } from '../../config.js';
 export type Vulnerability = {
     name: string;
     id?: number;

package/src/lib/runner/audit/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/src/lib/runner/audit/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../../../../../packages/plugin-js-packages/src/lib/runner/audit/types.ts"],"names":[],"mappings":""}