@codluv/versionguard 0.7.0 → 0.8.0

package/dist/chunks/{index-DWiw8Nps.js → index-Cipg9sxE.js}

@@ -1592,6 +1592,89 @@ function checkHardcodedVersions(expectedVersion, config, ignorePatterns, cwd = p
   }
   return mismatches;
 }
+const BINARY_EXTENSIONS = /* @__PURE__ */ new Set([
+  ".png",
+  ".jpg",
+  ".jpeg",
+  ".gif",
+  ".ico",
+  ".svg",
+  ".woff",
+  ".woff2",
+  ".ttf",
+  ".eot",
+  ".otf",
+  ".zip",
+  ".tar",
+  ".gz",
+  ".bz2",
+  ".7z",
+  ".pdf",
+  ".exe",
+  ".dll",
+  ".so",
+  ".dylib",
+  ".wasm",
+  ".mp3",
+  ".mp4",
+  ".webm",
+  ".webp",
+  ".avif"
+]);
+function scanRepoForVersions(expectedVersion, scanConfig, ignorePatterns, cwd = process.cwd()) {
+  const files = [
+    ...new Set(
+      globSync("**/*", {
+        cwd,
+        absolute: true,
+        dot: true,
+        ignore: [
+          ...ignorePatterns,
+          // Always skip changelogs (handled by changelog validation) and lockfiles
+          "CHANGELOG.md",
+          "*.lock",
+          "package-lock.json",
+          "yarn.lock",
+          "pnpm-lock.yaml",
+          // Skip VG's own config
+          ".versionguard.yml",
+          ".versionguard.yaml"
+        ]
+      })
+    )
+  ].sort();
+  const allowedFiles = new Set(
+    scanConfig.allowlist.flatMap((entry) => resolveFiles([entry.file], cwd, []))
+  );
+  const mismatches = [];
+  for (const filePath of files) {
+    if (BINARY_EXTENSIONS.has(path.extname(filePath).toLowerCase())) continue;
+    if (allowedFiles.has(filePath)) continue;
+    let content;
+    try {
+      content = fs.readFileSync(filePath, "utf-8");
+    } catch {
+      continue;
+    }
+    if (content.slice(0, 8192).includes("\0")) continue;
+    for (const patternStr of scanConfig.patterns) {
+      const regex = new RegExp(patternStr, "gm");
+      let match = regex.exec(content);
+      while (match) {
+        const found = match[1] ?? match[0] ?? "";
+        if (found && found !== expectedVersion && found !== "Unreleased") {
+          mismatches.push({
+            file: path.relative(cwd, filePath),
+            line: getLineNumber(content, match.index),
+            found
+          });
+        }
+        match = regex.exec(content);
+      }
+    }
+  }
+  return mismatches;
+}
 const DEFAULT_SEMVER_CONFIG = {
   allowVPrefix: false,
   allowBuildMetadata: true,
@@ -1811,6 +1894,18 @@ const DEFAULT_CONFIG = {
     enforceStructure: false,
     sections: ["Added", "Changed", "Deprecated", "Removed", "Fixed", "Security"]
   },
+  scan: {
+    enabled: false,
+    patterns: [
+      // version = "1.2.3" or version: "1.2.3" in code/config
+      `(?:version\\s*[:=]\\s*["'])([\\d]+\\.[\\d]+\\.[\\d]+(?:-[\\w.]+)?)["']`,
+      // Docker FROM image:1.2.3
+      "(?:FROM\\s+\\S+:)(\\d+\\.\\d+\\.\\d+(?:-[\\w.]+)?)",
+      // GitHub Actions uses: action@v1.2.3
+      "(?:uses:\\s+\\S+@v?)(\\d+\\.\\d+\\.\\d+(?:-[\\w.]+)?)"
+    ],
+    allowlist: []
+  },
   git: {
     hooks: {
       "pre-commit": true,
@@ -2829,6 +2924,14 @@ function validate(config, cwd = process.cwd()) {
       );
     }
   }
+  if (config.scan?.enabled) {
+    const scanFindings = scanRepoForVersions(version, config.scan, config.ignore, cwd);
+    for (const finding of scanFindings) {
+      errors.push(
+        `Stale version in ${finding.file}:${finding.line} - found "${finding.found}" but expected "${version}"`
+      );
+    }
+  }
   let changelogValid = true;
   if (config.changelog.enabled) {
     const changelogPath = path.join(cwd, config.changelog.file);
@@ -2924,7 +3027,7 @@ function isWorktreeClean(cwd) {
   }
 }
 export {
-  validateVersion as $,
+  validateTagForPush as $,
   checkHardcodedVersions as A,
   checkHookIntegrity as B,
   checkHooksPathOverride as C,
@@ -2943,16 +3046,17 @@ export {
   initConfig as P,
   resolveVersionSource as Q,
   RegexVersionSource as R,
-  semver as S,
+  scanRepoForVersions as S,
   TomlVersionSource as T,
-  suggestTagMessage as U,
+  semver as U,
   VersionFileSource as V,
-  sync as W,
-  syncVersion as X,
+  suggestTagMessage as W,
+  sync as X,
   YamlVersionSource as Y,
-  validateChangelog as Z,
-  validateTagForPush as _,
+  syncVersion as Z,
+  validateChangelog as _,
   installHooks as a,
+  validateVersion as a0,
   getPackageVersion as b,
   createCkmEngine as c,
   getVersionFeedback as d,
@@ -2979,4 +3083,4 @@ export {
   canBump as y,
   checkEnforceHooksPolicy as z
 };
-//# sourceMappingURL=index-DWiw8Nps.js.map
+//# sourceMappingURL=index-Cipg9sxE.js.map