@code-pushup/js-packages-plugin 0.56.0 → 0.58.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@code-pushup/js-packages-plugin",
-  "version": "0.56.0",
+  "version": "0.58.0",
   "description": "Code PushUp plugin for JavaScript packages 🛡️",
   "license": "MIT",
   "homepage": "https://github.com/code-pushup/cli/tree/main/packages/plugin-js-packages#readme",
@@ -36,13 +36,15 @@
     "access": "public"
   },
   "type": "module",
-  "main": "./index.js",
-  "types": "./src/index.d.ts",
   "dependencies": {
-    "@code-pushup/models": "0.56.0",
-    "@code-pushup/utils": "0.56.0",
+    "@code-pushup/models": "0.58.0",
+    "@code-pushup/utils": "0.58.0",
     "build-md": "^0.4.1",
     "semver": "^7.6.0",
+    "yargs": "^17.7.2",
     "zod": "^3.22.4"
-  }
-}
+  },
+  "module": "./src/index.js",
+  "main": "./src/index.js",
+  "types": "./src/index.d.ts"
+}

package/src/bin.js

@@ -0,0 +1,6 @@
+import process from 'node:process';
+import { Parser } from 'yargs/helpers';
+import { executeRunner } from './lib/runner/index.js';
+const { runnerConfigPath, runnerOutputPath } = Parser(process.argv);
+await executeRunner({ runnerConfigPath, runnerOutputPath });
+//# sourceMappingURL=bin.js.map

package/src/bin.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"bin.js","sourceRoot":"","sources":["../../../../packages/plugin-js-packages/src/bin.ts"],"names":[],"mappings":"AAAA,OAAO,OAAO,MAAM,cAAc,CAAC;AACnC,OAAO,EAAE,MAAM,EAAE,MAAM,eAAe,CAAC;AACvC,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAEtD,MAAM,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;AAEpE,MAAM,aAAa,CAAC,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,CAAC,CAAC"}

package/src/index.d.ts

@@ -1,3 +1,3 @@
-import { jsPackagesPlugin } from './lib/js-packages-plugin';
+import { jsPackagesPlugin } from './lib/js-packages-plugin.js';
 export default jsPackagesPlugin;
-export type { JSPackagesPluginConfig } from './lib/config';
+export type { JSPackagesPluginConfig } from './lib/config.js';

package/src/index.js

@@ -0,0 +1,3 @@
+import { jsPackagesPlugin } from './lib/js-packages-plugin.js';
+export default jsPackagesPlugin;
+//# sourceMappingURL=index.js.map

package/src/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../packages/plugin-js-packages/src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAC;AAE/D,eAAe,gBAAgB,CAAC"}

package/src/lib/config.d.ts

@@ -23,7 +23,7 @@ export declare const jsPackagesPluginConfigSchema: z.ZodObject<{
     checks: z.ZodDefault<z.ZodArray<z.ZodEnum<["audit", "outdated"]>, "many">>;
     packageManager: z.ZodOptional<z.ZodEnum<["npm", "yarn-classic", "yarn-modern", "pnpm"]>>;
     dependencyGroups: z.ZodDefault<z.ZodArray<z.ZodEnum<["prod", "dev", "optional"]>, "many">>;
-    auditLevelMapping: z.ZodEffects<z.ZodDefault<z.ZodRecord<z.ZodEnum<["critical", "high", "moderate", "low", "info"]>, z.ZodEnum<["info", "warning", "error"]>>>, AuditSeverity, Partial<Record<"info" | "critical" | "high" | "moderate" | "low", "info" | "warning" | "error">> | undefined>;
+    auditLevelMapping: z.ZodEffects<z.ZodDefault<z.ZodRecord<z.ZodEnum<["critical", "high", "moderate", "low", "info"]>, z.ZodEnum<["info", "warning", "error"]>>>, AuditSeverity, Partial<Record<"critical" | "high" | "moderate" | "low" | "info", "info" | "warning" | "error">> | undefined>;
     packageJsonPaths: z.ZodDefault<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodObject<{
         autoSearch: z.ZodLiteral<true>;
     }, "strip", z.ZodTypeAny, {
@@ -38,12 +38,12 @@ export declare const jsPackagesPluginConfigSchema: z.ZodObject<{
     packageJsonPaths: string[] | {
         autoSearch: true;
     };
-    packageManager?: "npm" | "pnpm" | "yarn-classic" | "yarn-modern" | undefined;
+    packageManager?: "npm" | "yarn-classic" | "yarn-modern" | "pnpm" | undefined;
 }, {
     checks?: ("audit" | "outdated")[] | undefined;
-    packageManager?: "npm" | "pnpm" | "yarn-classic" | "yarn-modern" | undefined;
+    packageManager?: "npm" | "yarn-classic" | "yarn-modern" | "pnpm" | undefined;
     dependencyGroups?: ("prod" | "dev" | "optional")[] | undefined;
-    auditLevelMapping?: Partial<Record<"info" | "critical" | "high" | "moderate" | "low", "info" | "warning" | "error">> | undefined;
+    auditLevelMapping?: Partial<Record<"critical" | "high" | "moderate" | "low" | "info", "info" | "warning" | "error">> | undefined;
     packageJsonPaths?: string[] | {
         autoSearch: true;
     } | undefined;

package/src/lib/config.js

@@ -0,0 +1,59 @@
+import { z } from 'zod';
+import { issueSeveritySchema } from '@code-pushup/models';
+import { defaultAuditLevelMapping } from './constants.js';
+export const dependencyGroups = ['prod', 'dev', 'optional'];
+const dependencyGroupSchema = z.enum(dependencyGroups);
+const packageCommandSchema = z.enum(['audit', 'outdated']);
+const packageManagerIdSchema = z.enum([
+    'npm',
+    'yarn-classic',
+    'yarn-modern',
+    'pnpm',
+]);
+const packageJsonPathSchema = z
+    .union([
+    z.array(z.string()).min(1),
+    z.object({ autoSearch: z.literal(true) }),
+])
+    .describe('File paths to package.json. Looks only at root package.json by default')
+    .default(['package.json']);
+export const packageAuditLevels = [
+    'critical',
+    'high',
+    'moderate',
+    'low',
+    'info',
+];
+const packageAuditLevelSchema = z.enum(packageAuditLevels);
+export function fillAuditLevelMapping(mapping) {
+    return {
+        critical: mapping.critical ?? defaultAuditLevelMapping.critical,
+        high: mapping.high ?? defaultAuditLevelMapping.high,
+        moderate: mapping.moderate ?? defaultAuditLevelMapping.moderate,
+        low: mapping.low ?? defaultAuditLevelMapping.low,
+        info: mapping.info ?? defaultAuditLevelMapping.info,
+    };
+}
+export const jsPackagesPluginConfigSchema = z.object({
+    checks: z
+        .array(packageCommandSchema, {
+        description: 'Package manager commands to be run. Defaults to both audit and outdated.',
+    })
+        .min(1)
+        .default(['audit', 'outdated']),
+    packageManager: packageManagerIdSchema
+        .describe('Package manager to be used.')
+        .optional(),
+    dependencyGroups: z
+        .array(dependencyGroupSchema)
+        .min(1)
+        .default(['prod', 'dev']),
+    auditLevelMapping: z
+        .record(packageAuditLevelSchema, issueSeveritySchema, {
+        description: 'Mapping of audit levels to issue severity. Custom mapping or overrides may be entered manually, otherwise has a default preset.',
+    })
+        .default(defaultAuditLevelMapping)
+        .transform(fillAuditLevelMapping),
+    packageJsonPaths: packageJsonPathSchema,
+});
+//# sourceMappingURL=config.js.map

package/src/lib/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../../../../../packages/plugin-js-packages/src/lib/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAsB,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAC9E,OAAO,EAAE,wBAAwB,EAAE,MAAM,gBAAgB,CAAC;AAE1D,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,MAAM,EAAE,KAAK,EAAE,UAAU,CAAU,CAAC;AACrE,MAAM,qBAAqB,GAAG,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;AAGvD,MAAM,oBAAoB,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC,CAAC;AAG3D,MAAM,sBAAsB,GAAG,CAAC,CAAC,IAAI,CAAC;IACpC,KAAK;IACL,cAAc;IACd,aAAa;IACb,MAAM;CACP,CAAC,CAAC;AAGH,MAAM,qBAAqB,GAAG,CAAC;KAC5B,KAAK,CAAC;IACL,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IAC1B,CAAC,CAAC,MAAM,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;CAC1C,CAAC;KACD,QAAQ,CACP,wEAAwE,CACzE;KACA,OAAO,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC;AAI7B,MAAM,CAAC,MAAM,kBAAkB,GAAG;IAChC,UAAU;IACV,MAAM;IACN,UAAU;IACV,KAAK;IACL,MAAM;CACE,CAAC;AACX,MAAM,uBAAuB,GAAG,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;AAK3D,MAAM,UAAU,qBAAqB,CACnC,OAA+B;IAE/B,OAAO;QACL,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,wBAAwB,CAAC,QAAQ;QAC/D,IAAI,EAAE,OAAO,CAAC,IAAI,IAAI,wBAAwB,CAAC,IAAI;QACnD,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,wBAAwB,CAAC,QAAQ;QAC/D,GAAG,EAAE,OAAO,CAAC,GAAG,IAAI,wBAAwB,CAAC,GAAG;QAChD,IAAI,EAAE,OAAO,CAAC,IAAI,IAAI,wBAAwB,CAAC,IAAI;KACpD,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,MAAM,4BAA4B,GAAG,CAAC,CAAC,MAAM,CAAC;IACnD,MAAM,EAAE,CAAC;SACN,KAAK,CAAC,oBAAoB,EAAE;QAC3B,WAAW,EACT,0EAA0E;KAC7E,CAAC;SACD,GAAG,CAAC,CAAC,CAAC;SACN,OAAO,CAAC,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;IACjC,cAAc,EAAE,sBAAsB;SACnC,QAAQ,CAAC,6BAA6B,CAAC;SACvC,QAAQ,EAAE;IACb,gBAAgB,EAAE,CAAC;SAChB,KAAK,CAAC,qBAAqB,CAAC;SAC5B,GAAG,CAAC,CAAC,CAAC;SACN,OAAO,CAAC,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;IAC3B,iBAAiB,EAAE,CAAC;SACjB,MAAM,CAAC,uBAAuB,EAAE,mBAAmB,EAAE;QACpD,WAAW,EACT,iIAAiI;KACpI,CAAC;SACD,OAAO,CAAC,wBAAwB,CAAC;SACjC,SAAS,CAAC,qBAAqB,CAAC;IACnC,gBAAgB,EAAE,qBAAqB;CACxC,CAAC,CAAC"}

package/src/lib/constants.d.ts

@@ -1,6 +1,6 @@
 import type { IssueSeverity } from '@code-pushup/models';
-import type { DependencyGroup, PackageAuditLevel } from './config';
-import type { DependencyGroupLong } from './runner/outdated/types';
+import type { DependencyGroup, PackageAuditLevel } from './config.js';
+import type { DependencyGroupLong } from './runner/outdated/types.js';
 export declare const defaultAuditLevelMapping: Record<PackageAuditLevel, IssueSeverity>;
 export declare const dependencyGroupToLong: Record<DependencyGroup, DependencyGroupLong>;
 export declare const dependencyGroupWeights: Record<DependencyGroup, number>;

package/src/lib/constants.js

@@ -0,0 +1,25 @@
+export const defaultAuditLevelMapping = {
+    critical: 'error',
+    high: 'error',
+    moderate: 'warning',
+    low: 'warning',
+    info: 'info',
+};
+export const dependencyGroupToLong = {
+    prod: 'dependencies',
+    dev: 'devDependencies',
+    optional: 'optionalDependencies',
+};
+export const dependencyGroupWeights = {
+    /* eslint-disable @typescript-eslint/no-magic-numbers */
+    prod: 80,
+    dev: 15,
+    optional: 5,
+    /* eslint-enable @typescript-eslint/no-magic-numbers */
+};
+export const dependencyDocs = {
+    prod: 'https://classic.yarnpkg.com/docs/dependency-types#toc-dependencies',
+    dev: 'https://classic.yarnpkg.com/docs/dependency-types#toc-devdependencies',
+    optional: 'https://classic.yarnpkg.com/docs/dependency-types#toc-optionaldependencies',
+};
+//# sourceMappingURL=constants.js.map

package/src/lib/constants.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"constants.js","sourceRoot":"","sources":["../../../../../packages/plugin-js-packages/src/lib/constants.ts"],"names":[],"mappings":"AAIA,MAAM,CAAC,MAAM,wBAAwB,GAGjC;IACF,QAAQ,EAAE,OAAO;IACjB,IAAI,EAAE,OAAO;IACb,QAAQ,EAAE,SAAS;IACnB,GAAG,EAAE,SAAS;IACd,IAAI,EAAE,MAAM;CACb,CAAC;AAEF,MAAM,CAAC,MAAM,qBAAqB,GAG9B;IACF,IAAI,EAAE,cAAc;IACpB,GAAG,EAAE,iBAAiB;IACtB,QAAQ,EAAE,sBAAsB;CACjC,CAAC;AAEF,MAAM,CAAC,MAAM,sBAAsB,GAAoC;IACrE,wDAAwD;IACxD,IAAI,EAAE,EAAE;IACR,GAAG,EAAE,EAAE;IACP,QAAQ,EAAE,CAAC;IACX,uDAAuD;CACxD,CAAC;AAEF,MAAM,CAAC,MAAM,cAAc,GAAoC;IAC7D,IAAI,EAAE,oEAAoE;IAC1E,GAAG,EAAE,uEAAuE;IAC5E,QAAQ,EACN,4EAA4E;CAC/E,CAAC"}

package/src/lib/js-packages-plugin.d.ts

@@ -1,5 +1,5 @@
 import type { PluginConfig } from '@code-pushup/models';
-import { type JSPackagesPluginConfig } from './config';
+import { type JSPackagesPluginConfig } from './config.js';
 /**
  * Instantiates Code PushUp JS packages plugin for core config.
  *

package/src/lib/js-packages-plugin.js

@@ -0,0 +1,101 @@
+import { createRequire } from 'node:module';
+import path from 'node:path';
+import { fileURLToPath } from 'node:url';
+import { dependencyGroups, } from './config.js';
+import { dependencyDocs, dependencyGroupWeights } from './constants.js';
+import { packageManagers } from './package-managers/package-managers.js';
+import { createRunnerConfig } from './runner/index.js';
+import { normalizeConfig } from './utils.js';
+/**
+ * Instantiates Code PushUp JS packages plugin for core config.
+ *
+ * @example
+ * import jsPackagesPlugin from '@code-pushup/js-packages-plugin'
+ *
+ * export default {
+ *   // ... core config ...
+ *   plugins: [
+ *     // ... other plugins ...
+ *     await jsPackagesPlugin({ packageManager: 'npm' })
+ *   ]
+ * }
+ *
+ * @returns Plugin configuration.
+ */
+export async function jsPackagesPlugin(config) {
+    const { packageManager, checks, depGroups, ...jsPackagesPluginConfigRest } = await normalizeConfig(config);
+    const runnerScriptPath = path.join(fileURLToPath(path.dirname(import.meta.url)), '..', 'bin.js');
+    const packageJson = createRequire(import.meta.url)('../../package.json');
+    return {
+        slug: 'js-packages',
+        title: 'JS Packages',
+        icon: packageManager.icon,
+        description: 'This plugin runs audit to uncover vulnerabilities and lists outdated dependencies. It supports npm, yarn classic, yarn modern, and pnpm package managers.',
+        docsUrl: packageManager.docs.homepage,
+        packageName: packageJson.name,
+        version: packageJson.version,
+        audits: createAudits(packageManager.slug, checks, depGroups),
+        groups: createGroups(packageManager.slug, checks, depGroups),
+        runner: await createRunnerConfig(runnerScriptPath, {
+            ...jsPackagesPluginConfigRest,
+            checks,
+            packageManager: packageManager.slug,
+            dependencyGroups: depGroups,
+        }),
+    };
+}
+function createGroups(id, checks, depGroups) {
+    const pm = packageManagers[id];
+    const supportedAuditDepGroups = pm.audit.supportedDepGroups ?? dependencyGroups;
+    const compatibleAuditDepGroups = depGroups.filter(group => supportedAuditDepGroups.includes(group));
+    const groups = {
+        audit: {
+            slug: `${pm.slug}-audit`,
+            title: `${pm.name} audit`,
+            description: `Group containing ${pm.name} vulnerabilities.`,
+            docsUrl: pm.docs.audit,
+            refs: compatibleAuditDepGroups.map(depGroup => ({
+                slug: `${pm.slug}-audit-${depGroup}`,
+                weight: dependencyGroupWeights[depGroup],
+            })),
+        },
+        outdated: {
+            slug: `${pm.slug}-outdated`,
+            title: `${pm.name} outdated dependencies`,
+            description: `Group containing outdated ${pm.name} dependencies.`,
+            docsUrl: pm.docs.outdated,
+            refs: depGroups.map(depGroup => ({
+                slug: `${pm.slug}-outdated-${depGroup}`,
+                weight: dependencyGroupWeights[depGroup],
+            })),
+        },
+    };
+    return checks.map(check => groups[check]);
+}
+function createAudits(id, checks, depGroups) {
+    const { slug } = packageManagers[id];
+    return checks.flatMap(check => {
+        const supportedAuditDepGroups = packageManagers[id].audit.supportedDepGroups ?? dependencyGroups;
+        const compatibleDepGroups = check === 'audit'
+            ? depGroups.filter(group => supportedAuditDepGroups.includes(group))
+            : depGroups;
+        return compatibleDepGroups.map(depGroup => ({
+            slug: `${slug}-${check}-${depGroup}`,
+            title: getAuditTitle(slug, check, depGroup),
+            description: getAuditDescription(check, depGroup),
+            docsUrl: dependencyDocs[depGroup],
+        }));
+    });
+}
+function getAuditTitle(id, check, depGroup) {
+    const pm = packageManagers[id];
+    return check === 'audit'
+        ? `Vulnerabilities for ${pm.name} ${depGroup} dependencies.`
+        : `Outdated ${pm.name} ${depGroup} dependencies.`;
+}
+function getAuditDescription(check, depGroup) {
+    return check === 'audit'
+        ? `Runs security audit on ${depGroup} dependencies.`
+        : `Checks for outdated ${depGroup} dependencies`;
+}
+//# sourceMappingURL=js-packages-plugin.js.map

package/src/lib/js-packages-plugin.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"js-packages-plugin.js","sourceRoot":"","sources":["../../../../../packages/plugin-js-packages/src/lib/js-packages-plugin.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAEzC,OAAO,EAKL,gBAAgB,GACjB,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,cAAc,EAAE,sBAAsB,EAAE,MAAM,gBAAgB,CAAC;AACxE,OAAO,EAAE,eAAe,EAAE,MAAM,wCAAwC,CAAC;AACzE,OAAO,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AACvD,OAAO,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAE7C;;;;;;;;;;;;;;;GAeG;AAEH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,MAA+B;IAE/B,MAAM,EAAE,cAAc,EAAE,MAAM,EAAE,SAAS,EAAE,GAAG,0BAA0B,EAAE,GACxE,MAAM,eAAe,CAAC,MAAM,CAAC,CAAC;IAEhC,MAAM,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAChC,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAC5C,IAAI,EACJ,QAAQ,CACT,CAAC;IAEF,MAAM,WAAW,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAChD,oBAAoB,CACkB,CAAC;IAEzC,OAAO;QACL,IAAI,EAAE,aAAa;QACnB,KAAK,EAAE,aAAa;QACpB,IAAI,EAAE,cAAc,CAAC,IAAI;QACzB,WAAW,EACT,2JAA2J;QAC7J,OAAO,EAAE,cAAc,CAAC,IAAI,CAAC,QAAQ;QACrC,WAAW,EAAE,WAAW,CAAC,IAAI;QAC7B,OAAO,EAAE,WAAW,CAAC,OAAO;QAC5B,MAAM,EAAE,YAAY,CAAC,cAAc,CAAC,IAAI,EAAE,MAAM,EAAE,SAAS,CAAC;QAC5D,MAAM,EAAE,YAAY,CAAC,cAAc,CAAC,IAAI,EAAE,MAAM,EAAE,SAAS,CAAC;QAC5D,MAAM,EAAE,MAAM,kBAAkB,CAAC,gBAAgB,EAAE;YACjD,GAAG,0BAA0B;YAC7B,MAAM;YACN,cAAc,EAAE,cAAc,CAAC,IAAI;YACnC,gBAAgB,EAAE,SAAS;SAC5B,CAAC;KACH,CAAC;AACJ,CAAC;AAED,SAAS,YAAY,CACnB,EAAoB,EACpB,MAAwB,EACxB,SAA4B;IAE5B,MAAM,EAAE,GAAG,eAAe,CAAC,EAAE,CAAC,CAAC;IAC/B,MAAM,uBAAuB,GAC3B,EAAE,CAAC,KAAK,CAAC,kBAAkB,IAAI,gBAAgB,CAAC;IAClD,MAAM,wBAAwB,GAAG,SAAS,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CACxD,uBAAuB,CAAC,QAAQ,CAAC,KAAK,CAAC,CACxC,CAAC;IAEF,MAAM,MAAM,GAAkC;QAC5C,KAAK,EAAE;YACL,IAAI,EAAE,GAAG,EAAE,CAAC,IAAI,QAAQ;YACxB,KAAK,EAAE,GAAG,EAAE,CAAC,IAAI,QAAQ;YACzB,WAAW,EAAE,oBAAoB,EAAE,CAAC,IAAI,mBAAmB;YAC3D,OAAO,EAAE,EAAE,CAAC,IAAI,CAAC,KAAK;YACtB,IAAI,EAAE,wBAAwB,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;gBAC9C,IAAI,EAAE,GAAG,EAAE,CAAC,IAAI,UAAU,QAAQ,EAAE;gBACpC,MAAM,EAAE,sBAAsB,CAAC,QAAQ,CAAC;aACzC,CAAC,CAAC;SACJ;QACD,QAAQ,EAAE;YACR,IAAI,EAAE,GAAG,EAAE,CAAC,IAAI,WAAW;YAC3B,KAAK,EAAE,GAAG,EAAE,CAAC,IAAI,wBAAwB;YACzC,WAAW,EAAE,6BAA6B,EAAE,CAAC,IAAI,gBAAgB;YACjE,OAAO,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ;YACzB,IAAI,EAAE,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;gBAC/B,IAAI,EAAE,GAAG,EAAE,CAAC,IAAI,aAAa,QAAQ,EAAE;gBACvC,MAAM,EAAE,sBAAsB,CAAC,QAAQ,CAAC;aACzC,CAAC,CAAC;SACJ;KACF,CAAC;IAEF,OAAO,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;AAC5C,CAAC;AAED,SAAS,YAAY,CACnB,EAAoB,EACpB,MAAwB,EACxB,SAA4B;IAE5B,MAAM,EAAE,IAAI,EAAE,GAAG,eAAe,CAAC,EAAE,CAAC,CAAC;IACrC,OAAO,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE;QAC5B,MAAM,uBAAuB,GAC3B,eAAe,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,kBAAkB,IAAI,gBAAgB,CAAC;QAEnE,MAAM,mBAAmB,GACvB,KAAK,KAAK,OAAO;YACf,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,uBAAuB,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;YACpE,CAAC,CAAC,SAAS,CAAC;QAEhB,OAAO,mBAAmB,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;YAC1C,IAAI,EAAE,GAAG,IAAI,IAAI,KAAK,IAAI,QAAQ,EAAE;YACpC,KAAK,EAAE,aAAa,CAAC,IAAI,EAAE,KAAK,EAAE,QAAQ,CAAC;YAC3C,WAAW,EAAE,mBAAmB,CAAC,KAAK,EAAE,QAAQ,CAAC;YACjD,OAAO,EAAE,cAAc,CAAC,QAAQ,CAAC;SAClC,CAAC,CAAC,CAAC;IACN,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,aAAa,CACpB,EAAoB,EACpB,KAAqB,EACrB,QAAyB;IAEzB,MAAM,EAAE,GAAG,eAAe,CAAC,EAAE,CAAC,CAAC;IAC/B,OAAO,KAAK,KAAK,OAAO;QACtB,CAAC,CAAC,uBAAuB,EAAE,CAAC,IAAI,IAAI,QAAQ,gBAAgB;QAC5D,CAAC,CAAC,YAAY,EAAE,CAAC,IAAI,IAAI,QAAQ,gBAAgB,CAAC;AACtD,CAAC;AAED,SAAS,mBAAmB,CAAC,KAAqB,EAAE,QAAyB;IAC3E,OAAO,KAAK,KAAK,OAAO;QACtB,CAAC,CAAC,0BAA0B,QAAQ,gBAAgB;QACpD,CAAC,CAAC,uBAAuB,QAAQ,eAAe,CAAC;AACrD,CAAC"}

package/src/lib/package-managers/constants.js

@@ -0,0 +1,3 @@
+export const COMMON_AUDIT_ARGS = ['audit', '--json'];
+export const COMMON_OUTDATED_ARGS = ['outdated', '--json'];
+//# sourceMappingURL=constants.js.map

package/src/lib/package-managers/constants.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"constants.js","sourceRoot":"","sources":["../../../../../../packages/plugin-js-packages/src/lib/package-managers/constants.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;AACrD,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC"}

package/src/lib/package-managers/derive-package-manager.d.ts

@@ -1,3 +1,3 @@
-import type { PackageManagerId } from '../config';
-export declare function derivePackageManagerInPackageJson(currentDir?: string): Promise<false | "npm" | "pnpm" | "yarn-classic" | "yarn-modern">;
+import type { PackageManagerId } from '../config.js';
+export declare function derivePackageManagerInPackageJson(currentDir?: string): Promise<false | "npm" | "yarn-classic" | "yarn-modern" | "pnpm">;
 export declare function derivePackageManager(currentDir?: string): Promise<PackageManagerId>;

package/src/lib/package-managers/derive-package-manager.js

@@ -0,0 +1,43 @@
+import { readFile } from 'node:fs/promises';
+import path from 'node:path';
+import { fileExists } from '@code-pushup/utils';
+import { deriveYarnVersion } from './derive-yarn.js';
+export async function derivePackageManagerInPackageJson(currentDir = process.cwd()) {
+    if (await fileExists(path.join(currentDir, 'package.json'))) {
+        const content = JSON.parse((await readFile(path.join('package.json'))).toString());
+        const { packageManager: packageManagerData = '' } = content;
+        const [manager = '', version = ''] = packageManagerData.split('@');
+        if (manager === 'npm') {
+            return manager;
+        }
+        if (manager === 'pnpm') {
+            return manager;
+        }
+        if (manager === 'yarn') {
+            const majorVersion = Number(version.split('.')[0]);
+            return majorVersion > 1 ? 'yarn-modern' : 'yarn-classic';
+        }
+    }
+    return false;
+}
+export async function derivePackageManager(currentDir = process.cwd()) {
+    const pkgManagerFromPackageJson = await derivePackageManagerInPackageJson(currentDir);
+    if (pkgManagerFromPackageJson) {
+        return pkgManagerFromPackageJson;
+    }
+    // Check for lock files
+    if (await fileExists(path.join(currentDir, 'package-lock.json'))) {
+        return 'npm';
+    }
+    else if (await fileExists(path.join(currentDir, 'pnpm-lock.yaml'))) {
+        return 'pnpm';
+    }
+    else if (await fileExists(path.join(currentDir, 'yarn.lock'))) {
+        const yarnVersion = await deriveYarnVersion();
+        if (yarnVersion) {
+            return yarnVersion;
+        }
+    }
+    throw new Error('Could not detect package manager. Please provide it in the js-packages plugin config.');
+}
+//# sourceMappingURL=derive-package-manager.js.map

package/src/lib/package-managers/derive-package-manager.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"derive-package-manager.js","sourceRoot":"","sources":["../../../../../../packages/plugin-js-packages/src/lib/package-managers/derive-package-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAEhD,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAErD,MAAM,CAAC,KAAK,UAAU,iCAAiC,CACrD,UAAU,GAAG,OAAO,CAAC,GAAG,EAAE;IAE1B,IAAI,MAAM,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC,EAAE,CAAC;QAC5D,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CACxB,CAAC,MAAM,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,CACxB,CAAC;QACjC,MAAM,EAAE,cAAc,EAAE,kBAAkB,GAAG,EAAE,EAAE,GAAG,OAAO,CAAC;QAE5D,MAAM,CAAC,OAAO,GAAG,EAAE,EAAE,OAAO,GAAG,EAAE,CAAC,GAAG,kBAAkB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAEnE,IAAI,OAAO,KAAK,KAAK,EAAE,CAAC;YACtB,OAAO,OAAO,CAAC;QACjB,CAAC;QACD,IAAI,OAAO,KAAK,MAAM,EAAE,CAAC;YACvB,OAAO,OAAO,CAAC;QACjB,CAAC;QACD,IAAI,OAAO,KAAK,MAAM,EAAE,CAAC;YACvB,MAAM,YAAY,GAAG,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YACnD,OAAO,YAAY,GAAG,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,cAAc,CAAC;QAC3D,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,UAAU,GAAG,OAAO,CAAC,GAAG,EAAE;IAE1B,MAAM,yBAAyB,GAC7B,MAAM,iCAAiC,CAAC,UAAU,CAAC,CAAC;IACtD,IAAI,yBAAyB,EAAE,CAAC;QAC9B,OAAO,yBAAyB,CAAC;IACnC,CAAC;IAED,uBAAuB;IACvB,IAAI,MAAM,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,mBAAmB,CAAC,CAAC,EAAE,CAAC;QACjE,OAAO,KAAK,CAAC;IACf,CAAC;SAAM,IAAI,MAAM,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,gBAAgB,CAAC,CAAC,EAAE,CAAC;QACrE,OAAO,MAAM,CAAC;IAChB,CAAC;SAAM,IAAI,MAAM,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC,EAAE,CAAC;QAChE,MAAM,WAAW,GAAG,MAAM,iBAAiB,EAAE,CAAC;QAC9C,IAAI,WAAW,EAAE,CAAC;YAChB,OAAO,WAAW,CAAC;QACrB,CAAC;IACH,CAAC;IAED,MAAM,IAAI,KAAK,CACb,uFAAuF,CACxF,CAAC;AACJ,CAAC"}

package/src/lib/package-managers/derive-yarn.js

@@ -0,0 +1,16 @@
+import { executeProcess } from '@code-pushup/utils';
+export async function deriveYarnVersion() {
+    const { stdout } = await executeProcess({
+        command: 'yarn',
+        args: ['-v'],
+    });
+    const yarnVersion = Number.parseInt(stdout.toString().trim().at(0) ?? '', 10);
+    if (yarnVersion >= 2) {
+        return 'yarn-modern';
+    }
+    else if (yarnVersion === 1) {
+        return 'yarn-classic';
+    }
+    return false;
+}
+//# sourceMappingURL=derive-yarn.js.map

package/src/lib/package-managers/derive-yarn.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"derive-yarn.js","sourceRoot":"","sources":["../../../../../../packages/plugin-js-packages/src/lib/package-managers/derive-yarn.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAEpD,MAAM,CAAC,KAAK,UAAU,iBAAiB;IACrC,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,cAAc,CAAC;QACtC,OAAO,EAAE,MAAM;QACf,IAAI,EAAE,CAAC,IAAI,CAAC;KACb,CAAC,CAAC;IAEH,MAAM,WAAW,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;IAC9E,IAAI,WAAW,IAAI,CAAC,EAAE,CAAC;QACrB,OAAO,aAAa,CAAC;IACvB,CAAC;SAAM,IAAI,WAAW,KAAK,CAAC,EAAE,CAAC;QAC7B,OAAO,cAAc,CAAC;IACxB,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC"}

package/src/lib/package-managers/npm/audit-result.d.ts

@@ -1,5 +1,5 @@
-import type { AuditResult } from '../../runner/audit/types';
-import type { NpmAdvisory, NpmFixInformation, NpmVulnerabilities } from './types';
+import type { AuditResult } from '../../runner/audit/types.js';
+import type { NpmAdvisory, NpmFixInformation, NpmVulnerabilities } from './types.js';
 export declare function npmToAuditResult(output: string): AuditResult;
 export declare function npmToFixInformation(fixAvailable: boolean | NpmFixInformation): string;
 export declare function npmToAdvisory(name: string, vulnerabilities: NpmVulnerabilities, prevNodes?: Set<string>): NpmAdvisory | null;

package/src/lib/package-managers/npm/audit-result.js

@@ -0,0 +1,65 @@
+import { objectToEntries } from '@code-pushup/utils';
+export function npmToAuditResult(output) {
+    const npmAudit = JSON.parse(output);
+    const vulnerabilities = objectToEntries(npmAudit.vulnerabilities).map(([name, detail]) => {
+        const advisory = npmToAdvisory(name, npmAudit.vulnerabilities);
+        return {
+            name: name.toString(),
+            severity: detail.severity,
+            versionRange: detail.range,
+            directDependency: detail.isDirect ? true : (detail.effects[0] ?? ''),
+            fixInformation: npmToFixInformation(detail.fixAvailable),
+            ...(advisory != null && {
+                title: advisory.title,
+                url: advisory.url,
+            }),
+        };
+    });
+    return {
+        vulnerabilities,
+        summary: npmAudit.metadata.vulnerabilities,
+    };
+}
+export function npmToFixInformation(fixAvailable) {
+    if (typeof fixAvailable === 'boolean') {
+        return fixAvailable ? 'Fix is available.' : '';
+    }
+    return `Fix available: Update \`${fixAvailable.name}\` to version **${fixAvailable.version}**${fixAvailable.isSemVerMajor ? ' (breaking change).' : '.'}`;
+}
+export function npmToAdvisory(name, vulnerabilities, prevNodes = new Set()) {
+    const advisory = vulnerabilities[name]?.via;
+    if (Array.isArray(advisory) &&
+        advisory.length > 0 &&
+        typeof advisory[0] === 'object') {
+        return { title: advisory[0].title, url: advisory[0].url };
+    }
+    // Cross-references another vulnerability
+    if (Array.isArray(advisory) &&
+        advisory.length > 0 &&
+        advisory.every((value) => typeof value === 'string')) {
+        /* eslint-disable functional/no-let, functional/immutable-data, functional/no-loop-statements, prefer-const */
+        let advisoryInfo = null;
+        let newReferences = [];
+        let advisoryInfoFound = false;
+        /* eslint-enable functional/no-let, prefer-const */
+        for (const via of advisory) {
+            if (!prevNodes.has(via)) {
+                newReferences.push(via);
+            }
+        }
+        while (newReferences.length > 0 && !advisoryInfoFound) {
+            // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+            const ref = newReferences.pop();
+            prevNodes.add(ref);
+            const result = npmToAdvisory(ref, vulnerabilities, prevNodes);
+            if (result != null) {
+                advisoryInfo = { title: result.title, url: result.url };
+                advisoryInfoFound = true;
+            }
+        }
+        /* eslint-enable functional/immutable-data, functional/no-loop-statements */
+        return advisoryInfo;
+    }
+    return null;
+}
+//# sourceMappingURL=audit-result.js.map

package/src/lib/package-managers/npm/audit-result.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit-result.js","sourceRoot":"","sources":["../../../../../../../packages/plugin-js-packages/src/lib/package-managers/npm/audit-result.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AASrD,MAAM,UAAU,gBAAgB,CAAC,MAAc;IAC7C,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAuB,CAAC;IAE1D,MAAM,eAAe,GAAG,eAAe,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,GAAG,CACnE,CAAC,CAAC,IAAI,EAAE,MAAM,CAAC,EAAiB,EAAE;QAChC,MAAM,QAAQ,GAAG,aAAa,CAAC,IAAI,EAAE,QAAQ,CAAC,eAAe,CAAC,CAAC;QAC/D,OAAO;YACL,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE;YACrB,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,YAAY,EAAE,MAAM,CAAC,KAAK;YAC1B,gBAAgB,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YACpE,cAAc,EAAE,mBAAmB,CAAC,MAAM,CAAC,YAAY,CAAC;YACxD,GAAG,CAAC,QAAQ,IAAI,IAAI,IAAI;gBACtB,KAAK,EAAE,QAAQ,CAAC,KAAK;gBACrB,GAAG,EAAE,QAAQ,CAAC,GAAG;aAClB,CAAC;SACH,CAAC;IACJ,CAAC,CACF,CAAC;IAEF,OAAO;QACL,eAAe;QACf,OAAO,EAAE,QAAQ,CAAC,QAAQ,CAAC,eAAe;KAC3C,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,mBAAmB,CACjC,YAAyC;IAEzC,IAAI,OAAO,YAAY,KAAK,SAAS,EAAE,CAAC;QACtC,OAAO,YAAY,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC,EAAE,CAAC;IACjD,CAAC;IAED,OAAO,2BAA2B,YAAY,CAAC,IAAI,mBACjD,YAAY,CAAC,OACf,KAAK,YAAY,CAAC,aAAa,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC;AAClE,CAAC;AAED,MAAM,UAAU,aAAa,CAC3B,IAAY,EACZ,eAAmC,EACnC,YAAY,IAAI,GAAG,EAAU;IAE7B,MAAM,QAAQ,GAAG,eAAe,CAAC,IAAI,CAAC,EAAE,GAAG,CAAC;IAE5C,IACE,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC;QACvB,QAAQ,CAAC,MAAM,GAAG,CAAC;QACnB,OAAO,QAAQ,CAAC,CAAC,CAAC,KAAK,QAAQ,EAC/B,CAAC;QACD,OAAO,EAAE,KAAK,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,KAAK,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC;IAC5D,CAAC;IAED,yCAAyC;IACzC,IACE,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC;QACvB,QAAQ,CAAC,MAAM,GAAG,CAAC;QACnB,QAAQ,CAAC,KAAK,CAAC,CAAC,KAAK,EAAmB,EAAE,CAAC,OAAO,KAAK,KAAK,QAAQ,CAAC,EACrE,CAAC;QACD,8GAA8G;QAC9G,IAAI,YAAY,GAAuB,IAAI,CAAC;QAC5C,IAAI,aAAa,GAAa,EAAE,CAAC;QACjC,IAAI,iBAAiB,GAAG,KAAK,CAAC;QAC9B,mDAAmD;QAEnD,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;YAC3B,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;gBACxB,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAC1B,CAAC;QACH,CAAC;QAED,OAAO,aAAa,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,iBAAiB,EAAE,CAAC;YACtD,oEAAoE;YACpE,MAAM,GAAG,GAAG,aAAa,CAAC,GAAG,EAAG,CAAC;YACjC,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YACnB,MAAM,MAAM,GAAG,aAAa,CAAC,GAAG,EAAE,eAAe,EAAE,SAAS,CAAC,CAAC;YAE9D,IAAI,MAAM,IAAI,IAAI,EAAE,CAAC;gBACnB,YAAY,GAAG,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,CAAC;gBACxD,iBAAiB,GAAG,IAAI,CAAC;YAC3B,CAAC;QACH,CAAC;QACD,4EAA4E;QAE5E,OAAO,YAAY,CAAC;IACtB,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC"}

package/src/lib/package-managers/npm/npm.d.ts

@@ -1,2 +1,2 @@
-import type { PackageManager } from '../types';
+import type { PackageManager } from '../types.js';
 export declare const npmPackageManager: PackageManager;

package/src/lib/package-managers/npm/npm.js

@@ -0,0 +1,49 @@
+import { objectToKeys } from '@code-pushup/utils';
+import { filterAuditResult } from '../../runner/utils.js';
+import { COMMON_AUDIT_ARGS, COMMON_OUTDATED_ARGS } from '../constants.js';
+import { npmToAuditResult } from './audit-result.js';
+import { npmToOutdatedResult } from './outdated-result.js';
+const npmDependencyOptions = {
+    prod: ['--omit=dev', '--omit=optional'],
+    dev: ['--include=dev', '--omit=optional'],
+    optional: ['--include=optional', '--omit=dev'],
+};
+export const npmPackageManager = {
+    slug: 'npm',
+    name: 'NPM',
+    command: 'npm',
+    icon: 'npm',
+    docs: {
+        homepage: 'https://docs.npmjs.com/',
+        audit: 'https://docs.npmjs.com/cli/commands/npm-audit',
+        outdated: 'https://docs.npmjs.com/cli/commands/npm-outdated',
+    },
+    audit: {
+        getCommandArgs: groupDep => [
+            ...COMMON_AUDIT_ARGS,
+            ...npmDependencyOptions[groupDep],
+            '--audit-level=none',
+        ],
+        unifyResult: npmToAuditResult,
+        // prod dependencies need to be filtered out manually since v10
+        postProcessResult: (results) => {
+            const depGroups = objectToKeys(results);
+            const devFilter = results.dev && results.prod
+                ? filterAuditResult(results.dev, 'name', results.prod)
+                : results.dev;
+            const optionalFilter = results.optional && results.prod
+                ? filterAuditResult(results.optional, 'name', results.prod)
+                : results.optional;
+            return {
+                ...(depGroups.includes('prod') && { prod: results.prod }),
+                ...(depGroups.includes('dev') && { dev: devFilter }),
+                ...(depGroups.includes('optional') && { optional: optionalFilter }),
+            };
+        },
+    },
+    outdated: {
+        commandArgs: [...COMMON_OUTDATED_ARGS, '--long'],
+        unifyResult: npmToOutdatedResult,
+    },
+};
+//# sourceMappingURL=npm.js.map

package/src/lib/package-managers/npm/npm.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"npm.js","sourceRoot":"","sources":["../../../../../../../packages/plugin-js-packages/src/lib/package-managers/npm/npm.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAElD,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,iBAAiB,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AAE1E,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AACrD,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAE3D,MAAM,oBAAoB,GAAsC;IAC9D,IAAI,EAAE,CAAC,YAAY,EAAE,iBAAiB,CAAC;IACvC,GAAG,EAAE,CAAC,eAAe,EAAE,iBAAiB,CAAC;IACzC,QAAQ,EAAE,CAAC,oBAAoB,EAAE,YAAY,CAAC;CAC/C,CAAC;AAEF,MAAM,CAAC,MAAM,iBAAiB,GAAmB;IAC/C,IAAI,EAAE,KAAK;IACX,IAAI,EAAE,KAAK;IACX,OAAO,EAAE,KAAK;IACd,IAAI,EAAE,KAAK;IACX,IAAI,EAAE;QACJ,QAAQ,EAAE,yBAAyB;QACnC,KAAK,EAAE,+CAA+C;QACtD,QAAQ,EAAE,kDAAkD;KAC7D;IACD,KAAK,EAAE;QACL,cAAc,EAAE,QAAQ,CAAC,EAAE,CAAC;YAC1B,GAAG,iBAAiB;YACpB,GAAG,oBAAoB,CAAC,QAAQ,CAAC;YACjC,oBAAoB;SACrB;QACD,WAAW,EAAE,gBAAgB;QAC7B,+DAA+D;QAC/D,iBAAiB,EAAE,CAAC,OAAqB,EAAE,EAAE;YAC3C,MAAM,SAAS,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;YACxC,MAAM,SAAS,GACb,OAAO,CAAC,GAAG,IAAI,OAAO,CAAC,IAAI;gBACzB,CAAC,CAAC,iBAAiB,CAAC,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,CAAC,IAAI,CAAC;gBACtD,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC;YAClB,MAAM,cAAc,GAClB,OAAO,CAAC,QAAQ,IAAI,OAAO,CAAC,IAAI;gBAC9B,CAAC,CAAC,iBAAiB,CAAC,OAAO,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,IAAI,CAAC;gBAC3D,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC;YAEvB,OAAO;gBACL,GAAG,CAAC,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,CAAC;gBACzD,GAAG,CAAC,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE,SAAS,EAAE,CAAC;gBACpD,GAAG,CAAC,SAAS,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,EAAE,QAAQ,EAAE,cAAc,EAAE,CAAC;aACpE,CAAC;QACJ,CAAC;KACF;IACD,QAAQ,EAAE;QACR,WAAW,EAAE,CAAC,GAAG,oBAAoB,EAAE,QAAQ,CAAC;QAChD,WAAW,EAAE,mBAAmB;KACjC;CACF,CAAC"}

package/src/lib/package-managers/npm/outdated-result.d.ts

@@ -1,2 +1,2 @@
-import type { OutdatedResult } from '../../runner/outdated/types';
+import type { OutdatedResult } from '../../runner/outdated/types.js';
 export declare function npmToOutdatedResult(output: string): OutdatedResult;

package/src/lib/package-managers/npm/outdated-result.js

@@ -0,0 +1,16 @@
+import { objectToEntries } from '@code-pushup/utils';
+export function npmToOutdatedResult(output) {
+    const npmOutdated = JSON.parse(output);
+    // current might be missing in some cases
+    // https://stackoverflow.com/questions/42267101/npm-outdated-command-shows-missing-in-current-version
+    return objectToEntries(npmOutdated)
+        .filter((entry) => entry[1].current != null)
+        .map(([name, overview]) => ({
+        name,
+        current: overview.current,
+        latest: overview.latest,
+        type: overview.type,
+        ...(overview.homepage != null && { url: overview.homepage }),
+    }));
+}
+//# sourceMappingURL=outdated-result.js.map

package/src/lib/package-managers/npm/outdated-result.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"outdated-result.js","sourceRoot":"","sources":["../../../../../../../packages/plugin-js-packages/src/lib/package-managers/npm/outdated-result.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAIrD,MAAM,UAAU,mBAAmB,CAAC,MAAc;IAChD,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAA0B,CAAC;IAChE,yCAAyC;IACzC,qGAAqG;IACrG,OAAO,eAAe,CAAC,WAAW,CAAC;SAChC,MAAM,CACL,CAAC,KAAK,EAA4C,EAAE,CAClD,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,IAAI,IAAI,CAC3B;SACA,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,QAAQ,CAAC,EAAE,EAAE,CAAC,CAAC;QAC1B,IAAI;QACJ,OAAO,EAAE,QAAQ,CAAC,OAAO;QACzB,MAAM,EAAE,QAAQ,CAAC,MAAM;QACvB,IAAI,EAAE,QAAQ,CAAC,IAAI;QACnB,GAAG,CAAC,QAAQ,CAAC,QAAQ,IAAI,IAAI,IAAI,EAAE,GAAG,EAAE,QAAQ,CAAC,QAAQ,EAAE,CAAC;KAC7D,CAAC,CAAC,CAAC;AACR,CAAC"}

package/src/lib/package-managers/npm/types.d.ts

@@ -1,6 +1,6 @@
-import type { PackageAuditLevel } from '../../config';
-import type { AuditSummary } from '../../runner/audit/types';
-import type { DependencyGroupLong } from '../../runner/outdated/types';
+import type { PackageAuditLevel } from '../../config.js';
+import type { AuditSummary } from '../../runner/audit/types.js';
+import type { DependencyGroupLong } from '../../runner/outdated/types.js';
 export type NpmAdvisory = {
     title: string;
     url: string;

package/src/lib/package-managers/npm/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/src/lib/package-managers/npm/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../../../../../packages/plugin-js-packages/src/lib/package-managers/npm/types.ts"],"names":[],"mappings":""}

package/src/lib/package-managers/package-managers.d.ts

@@ -1,3 +1,3 @@
-import type { PackageManagerId } from '../config';
-import type { PackageManager } from './types';
+import type { PackageManagerId } from '../config.js';
+import type { PackageManager } from './types.js';
 export declare const packageManagers: Record<PackageManagerId, PackageManager>;

package/src/lib/package-managers/package-managers.js

@@ -0,0 +1,11 @@
+import { npmPackageManager } from './npm/npm.js';
+import { pnpmPackageManager } from './pnpm/pnpm.js';
+import { yarnv1PackageManager } from './yarn-classic/yarn-classic.js';
+import { yarnv2PackageManager } from './yarn-modern/yarn-modern.js';
+export const packageManagers = {
+    npm: npmPackageManager,
+    'yarn-classic': yarnv1PackageManager,
+    'yarn-modern': yarnv2PackageManager,
+    pnpm: pnpmPackageManager,
+};
+//# sourceMappingURL=package-managers.js.map

package/src/lib/package-managers/package-managers.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"package-managers.js","sourceRoot":"","sources":["../../../../../../packages/plugin-js-packages/src/lib/package-managers/package-managers.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AACjD,OAAO,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AAEpD,OAAO,EAAE,oBAAoB,EAAE,MAAM,gCAAgC,CAAC;AACtE,OAAO,EAAE,oBAAoB,EAAE,MAAM,8BAA8B,CAAC;AAEpE,MAAM,CAAC,MAAM,eAAe,GAA6C;IACvE,GAAG,EAAE,iBAAiB;IACtB,cAAc,EAAE,oBAAoB;IACpC,aAAa,EAAE,oBAAoB;IACnC,IAAI,EAAE,kBAAkB;CACzB,CAAC"}

package/src/lib/package-managers/pnpm/audit-result.d.ts

@@ -1,3 +1,3 @@
-import type { AuditResult } from '../../runner/audit/types';
+import type { AuditResult } from '../../runner/audit/types.js';
 export declare function pnpmToAuditResult(output: string): AuditResult;
 export declare function pnpmToDirectDependency(path: string): string | true;