@datapos/datapos-development 0.3.102 → 0.3.113

package/README.md

@@ -1,9 +1,10 @@
 # Data Positioning Development Library
 
+[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=data-positioning_datapos-development&metric=alert_status)](https://sonarcloud.io/summary/new_code?id=data-positioning_datapos-development)
 [![npm version](https://img.shields.io/npm/v/@datapos/datapos-development.svg)](https://www.npmjs.com/package/@datapos/datapos-development)
 [![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](./LICENSE)
 
-A TypeScript library of utilities for managing the Data Positioning repositories.
+A library of utilities for managing the Data Positioning repositories.
 
 ## Requirements
 
@@ -33,57 +34,74 @@ registry=https://registry.npmjs.org/
 
 The `src/index.ts' file exposes the following utilities:
 
-| Name                      | Notes                                                                    |
-| ------------------------- | ------------------------------------------------------------------------ |
-| buildConfig               | Build the config.json file for the repository.                           |
-| buildConnectorConfig      | Build the connector config.json file for the repository.                 |
-| buildContextConfig        | Build the context config.json file for the repository.                   |
-| buildInformerConfig       | Build the informer config.json file for the repository.                  |
-| buildPresenterConfig      | Build the presenter config.json file for the repository.                 |
-| buildPublicDirectoryIndex | Build an index for the repositories public directory.                    |
-| bumpVersion               | Bump the repositories version number.                                    |
-| echoScriptNotImplemented  | Echo script not implemented message to console..                         |
-| sendDeploymentNotice      | Send a deployment notice for the repository.                             |
-| syncWithGitHub            | Synchronise the local repository with the main GitHub repository.        |
-| uploadDirectoryToR2       | Upload a directory to Cloudflare R2 storage.                             |
-| uploadModuleConfigToDO    | Upload a modules configuration to the Cloudflare `state` durable object. |
-| uploadModuleToR2          | Upload a module to Cloudflare R2 storage.                                |
+| Name                                      | Notes                                                                        |
+| ----------------------------------------- | ---------------------------------------------------------------------------- |
+| buildConfig                               | Build the config.json file for the repository.                               |
+| buildConnectorConfig                      | Build the connector config.json file for the repository.                     |
+| buildContextConfig                        | Build the context config.json file for the repository.                       |
+| buildPresenterConfig                      | Build the presenter config.json file for the repository.                     |
+| buildPublicDirectoryIndex                 | Build an index for the repositories public directory.                        |
+| bumpVersion                               | Bump the repositories version number.                                        |
+| echoScriptNotImplemented                  | Echo script not implemented message to console..                             |
+| insertLicensesIntoReadme                  | Insert the licenses for all production dependencies into the README.md file. |
+| insertOWASPDependencyCheckBadgeIntoReadme |                                                                              |
+| sendDeploymentNotice                      | Send a deployment notice for the repository.                                 |
+| syncWithGitHub                            | Synchronise the local repository with the main GitHub repository.            |
+| uploadDirectoryToR2                       | Upload a directory to Cloudflare R2 storage.                                 |
+| uploadModuleConfigToDO                    | Upload a modules configuration to the Cloudflare `state` durable object.     |
+| uploadModuleToR2                          | Upload a module to Cloudflare R2 storage.                                    |
+
+## Reports & Compliance
+
+### Dependency Check Report
+
+The OWASP Dependency Check Report identifies known vulnerabilities in project dependencies. It is generated automatically on each release using the npm package `owasp-dependency-check`.
+
+[View the OWASP Dependency Check Report](https://data-positioning.github.io/datapos-tool-micromark/dependency-check-reports/dependency-check-report.html)
+
+### Dependency Licenses
+
+The following table lists top-level production and peer dependencies only. All dependency licenses (including transitive dependencies) have been recursively verified to conform to Apache-2.0, CC0-1.0, MIT, or n/a. Developers cloning this repository should independently verify dev and optional dependencies; users of the uploaded library are covered by these checks.
+
+<!-- DEPENDENCY_LICENSES_START -->
+| Name                    | Type | Installed | Latest  | Latest Modified          |
+| :---------------------- | :--: | :-------: | :-----: | :----------------------- |
+| @datapos/datapos-shared | MIT  |  0.3.252  | 0.3.252 | 2025-11-25T16:48:28.532Z |
+<!-- DEPENDENCY_LICENSES_END -->
+
+### Bundle Analysis Report
+
+The Bundle Analysis Report provides a detailed breakdown of the bundle's composition and module sizes, helping to identify which modules contribute most to the final build. It is generated automatically on each release using the npm package `rollup-plugin-visualizer`.
+
+[View the Bundle Analysis Report](https://data-positioning.github.io/datapos-development/stats/index.html)
 
 ## Repository Common Management Commands
 
 The table below lists the repository management commands available in this project.
 For detailed implementation, see the `scripts` section in the `package.json` file.
 
-| Name               | Key Code         | Notes                                                                                                                                           |
+| Name               | VS Key Code      | Notes                                                                                                                                           |
 | ------------------ | ---------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- |
 | audit              | alt+ctrl+shift+a | Audit the project's dependencies for known security vulnerabilities.                                                                            |
 | build              | alt+ctrl+shift+b | Build the package using Vite. Output to '/dist' directory.                                                                                      |
 | check              | alt+ctrl+shift+c | Identify outdated dependencies using npm `outdated` and `npm-check-updates` with option to install latest versions. Also runs `retire` scanner. |
 | document           | alt+ctrl+shift+d | Identify licenses of the project's production and peer dependencies. See [LICENSES.json](./LICENSES.json).                                      |
-| format             | alt+ctrl+shift+f | Use `prettier`to enforce formatting style rules.                                                                                                |
-| lint               | alt+ctrl+shift+l | Use `eslint`to check the code for potential errors and enforces coding style rules.                                                             |
+| format             | alt+ctrl+shift+f | Use `prettier` to enforce formatting style rules.                                                                                               |
+| lint               | alt+ctrl+shift+l | Use `eslint` to check the code for potential errors and enforces coding style rules.                                                            |
 | publish            | alt+ctrl+shift+p | Publish the package to `npm`.                                                                                                                   |
 | release            | alt+ctrl+shift+r | Bump version, build library, synchronise with `GitHub` and publish to `npm`.                                                                    |
 | sync:withGitHub    | alt+ctrl+shift+s | Synchronise local repository with the main GitHub repository.                                                                                   |
 | test               | alt+ctrl+shift+t | ❌ Not implemented.                                                                                                                             |
 | update:dataPosDeps | alt+ctrl+shift+u | Install the latest version of all Data Positioning dependencies.                                                                                |
 
-## Bundle Analysis
-
-View the [bundle report](https://data-positioning.github.io/datapos-development/stats/index.html) to analyze the bundle composition and module sizes (generated with rollup-plugin-visualizer).
-
 ## TODO
 
 1. Enhance `uploadDirectoryToR2`to batch upload files so more efficient and performant.
 1. Replace regex with TypeScript AST in `buildConnectorConfig`. Extracting method names from index.ts via regex is fragile — breaks with decorators, comments, or new syntax (e.g., class fields). AST parsing (via @babel/parser or typescript) would be safer.
 1. Implement zod to validate config schemas.
 
-## Compliance
-
-The following badge reflects FOSSA's assessment of this repository's open-source license compliance.
-
-[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fdata-positioning%2Fdatapos-development.svg?type=large&issueType=license)](https://app.fossa.com/projects/git%2Bgithub.com%2Fdata-positioning%2Fdatapos-development?ref=badge_large&issueType=license)
-
 ## License
 
+This project is licensed under the MIT License, allowing free use, modification, and distribution.
+
 [MIT](./LICENSE) © 2026 Data Positioning Pty Ltd

package/dist/datapos-development.es.js

@@ -1,13 +1,13 @@
 import { exec as m } from "node:child_process";
-import { promises as e } from "node:fs";
-import { nanoid as w } from "nanoid";
-import { promisify as y } from "node:util";
-const h = ["createObject", "dropObject", "removeRecords", "upsertRecords"], b = ["findObject", "getRecord", "listNodes", "previewObject", "retrieveRecords"], g = y(m);
+import { promises as n } from "node:fs";
+import { nanoid as y } from "nanoid";
+import { promisify as w } from "node:util";
+const h = ["createObject", "dropObject", "removeRecords", "upsertRecords"], b = ["findObject", "getRecord", "listNodes", "previewObject", "retrieveRecords"], g = w(m);
 async function S() {
   try {
     console.info("🚀 Building configuration...");
-    const o = JSON.parse(await e.readFile("package.json", "utf8")), n = JSON.parse(await e.readFile("config.json", "utf8"));
-    o.name != null && (n.id = o.name.replace("@datapos/", "").replace("@data-positioning/", "")), o.version != null && (n.version = o.version), await e.writeFile("config.json", JSON.stringify(n, void 0, 4), "utf8"), console.info("✅ Configuration built.");
+    const o = JSON.parse(await n.readFile("package.json", "utf8")), e = JSON.parse(await n.readFile("config.json", "utf8"));
+    o.name != null && (e.id = o.name.replace("@datapos/", "").replace("@data-positioning/", "")), o.version != null && (e.version = o.version), await n.writeFile("config.json", JSON.stringify(e, void 0, 4), "utf8"), console.info("✅ Configuration built.");
   } catch (o) {
     console.error("❌ Error building configuration.", o);
   }
@@ -15,21 +15,21 @@ async function S() {
 async function O(o) {
   try {
     console.info(`🚀 Building public directory index for identifier '${o}'...`);
-    const n = {};
-    async function t(r, s) {
+    const e = {};
+    async function i(r, s) {
       console.info(`⚙️ Processing directory '${r}'...`);
       const d = [], a = r.substring(`public/${o}`.length);
-      n[a] = d;
+      e[a] = d;
       for (const c of s) {
         const l = `${r}/${c}`;
         try {
-          const f = await e.stat(l);
+          const f = await n.stat(l);
           if (f.isDirectory()) {
-            const p = await e.readdir(l), u = { childCount: p.length, name: `${c}`, typeId: "folder" };
-            d.push(u), await t(l, p);
+            const u = await n.readdir(l), p = { childCount: u.length, name: `${c}`, typeId: "folder" };
+            d.push(p), await i(l, u);
           } else {
-            const p = { id: w(), lastModifiedAt: f.mtimeMs, name: c, size: f.size, typeId: "object" };
-            d.push(p);
+            const u = { id: y(), lastModifiedAt: f.mtimeMs, name: c, size: f.size, typeId: "object" };
+            d.push(u);
           }
         } catch (f) {
           throw new Error(`Unable to get information for '${c}' in 'buildPublicDirectoryIndex'. ${String(f)}`);
@@ -40,24 +40,24 @@ async function O(o) {
         return f === 0 ? c.name.localeCompare(l.name) : f;
       });
     }
-    const i = await e.readdir(`public/${o}`);
-    await t(`public/${o}`, i), await e.writeFile(`./public/${o}Index.json`, JSON.stringify(n), "utf8"), console.info("✅ Public directory index built.");
-  } catch (n) {
-    console.error("❌ Error building public directory index.", n);
+    const t = await n.readdir(`public/${o}`);
+    await i(`public/${o}`, t), await n.writeFile(`./public/${o}Index.json`, JSON.stringify(e), "utf8"), console.info("✅ Public directory index built.");
+  } catch (e) {
+    console.error("❌ Error building public directory index.", e);
   }
 }
 async function J() {
   try {
     console.info("🚀 Building connector configuration...");
-    const o = JSON.parse(await e.readFile("package.json", "utf8")), n = JSON.parse(await e.readFile("config.json", "utf8")), t = await e.readFile("src/index.ts", "utf8");
-    let i = !1, r = !1;
-    const s = /^\s{4}(?:async\s+)?(private\s+)?(?:public\s+|protected\s+)?([A-Za-z_]\w*)\s*\(/gm, d = [...t.matchAll(s)].filter((c) => !c[1] && c[2] !== "constructor").map((c) => {
+    const o = JSON.parse(await n.readFile("package.json", "utf8")), e = JSON.parse(await n.readFile("config.json", "utf8")), i = await n.readFile("src/index.ts", "utf8");
+    let t = !1, r = !1;
+    const s = /^\s{4}(?:async\s+)?(private\s+)?(?:public\s+|protected\s+)?([A-Za-z_]\w*)\s*\(/gm, d = [...i.matchAll(s)].filter((c) => c[1] == null && c[2] !== "constructor").map((c) => {
       const l = c[2];
-      return i = i || h.includes(l), r = r || b.includes(l), l;
+      return t = t || h.includes(l), r = r || b.includes(l), l;
     });
     d.length > 0 ? console.info(`ℹ️  Implements ${d.length} operations.`) : console.warn("⚠️  Implements no operations.");
-    const a = r && i ? "bidirectional" : r ? "source" : i ? "destination" : "unknown";
-    a && console.info(`ℹ️  Supports ${a} usage.`), o.name != null && (n.id = o.name), n.operations = d, n.usageId = a, o.version != null && (n.version = o.version), await e.writeFile("config.json", JSON.stringify(n, void 0, 4), "utf8"), console.info("✅ Connector configuration built.");
+    const a = r && t ? "bidirectional" : r ? "source" : t ? "destination" : "unknown";
+    a && console.info(`ℹ️  Supports ${a} usage.`), o.name != null && (e.id = o.name), e.operations = d, e.usageId = a, o.version != null && (e.version = o.version), await n.writeFile("config.json", JSON.stringify(e, void 0, 4), "utf8"), console.info("✅ Connector configuration built.");
   } catch (o) {
     console.error("❌ Error building connector configuration.", o);
   }
@@ -65,8 +65,8 @@ async function J() {
 async function x() {
   try {
     console.info("🚀 Building context configuration...");
-    const o = JSON.parse(await e.readFile("package.json", "utf8")), n = JSON.parse(await e.readFile("config.json", "utf8")), t = await e.readFile("src/index.ts", "utf8"), i = /^\s{4}(?:async\s+)?(private\s+)?(?:public\s+|protected\s+)?([A-Za-z_]\w*)\s*\(/gm, r = [...t.matchAll(i)].filter((s) => !s[1] && s[2] !== "constructor").map((s) => s[2]);
-    o.name != null && (n.id = o.name), n.operations = r, o.version != null && (n.version = o.version), await e.writeFile("config.json", JSON.stringify(n, void 0, 4), "utf8"), console.info("✅ Context configuration built.");
+    const o = JSON.parse(await n.readFile("package.json", "utf8")), e = JSON.parse(await n.readFile("config.json", "utf8")), i = await n.readFile("src/index.ts", "utf8"), t = /^\s{4}(?:async\s+)?(private\s+)?(?:public\s+|protected\s+)?([A-Za-z_]\w*)\s*\(/gm, r = [...i.matchAll(t)].filter((s) => s[1] == null && s[2] !== "constructor").map((s) => s[2]);
+    o.name != null && (e.id = o.name), e.operations = r, o.version != null && (e.version = o.version), await n.writeFile("config.json", JSON.stringify(e, void 0, 4), "utf8"), console.info("✅ Context configuration built.");
   } catch (o) {
     console.error("❌ Error building context configuration.", o);
   }
@@ -74,50 +74,63 @@ async function x() {
 async function j() {
   try {
     console.info("🚀 Building presenter configuration...");
-    const o = JSON.parse(await e.readFile("package.json", "utf8")), n = JSON.parse(await e.readFile("config.json", "utf8")), t = await e.readFile("src/index.ts", "utf8"), i = /^\s{4}(?:async\s+)?(private\s+)?(?:public\s+|protected\s+)?([A-Za-z_]\w*)\s*\(/gm, r = [...t.matchAll(i)].filter((s) => !s[1] && s[2] !== "constructor").map((s) => s[2]);
-    o.name != null && (n.id = o.name), n.operations = r, o.version != null && (n.version = o.version), await e.writeFile("config.json", JSON.stringify(n, void 0, 4), "utf8"), console.info("✅ Presenter configuration built.");
+    const o = JSON.parse(await n.readFile("package.json", "utf8")), e = JSON.parse(await n.readFile("config.json", "utf8")), i = await n.readFile("src/index.ts", "utf8"), t = /^\s{4}(?:async\s+)?(private\s+)?(?:public\s+|protected\s+)?([A-Za-z_]\w*)\s*\(/gm, r = [...i.matchAll(t)].filter((s) => !s[1] && s[2] !== "constructor").map((s) => s[2]);
+    o.name != null && (e.id = o.name), e.operations = r, o.version != null && (e.version = o.version), await n.writeFile("config.json", JSON.stringify(e, void 0, 4), "utf8"), console.info("✅ Presenter configuration built.");
   } catch (o) {
     console.error("❌ Error building context configuration.", o);
   }
 }
-async function C() {
+async function C(o = "./") {
   try {
     console.info("🚀 Bumping version...");
-    const o = JSON.parse(await e.readFile("package.json", "utf8"));
-    if (o.version != null) {
-      const n = o.version, t = o.version.split(".");
-      o.version = `${t[0]}.${t[1]}.${Number(t[2]) + 1}`, await e.writeFile("package.json", JSON.stringify(o, void 0, 4), "utf8"), console.info(`✅ Version bumped from ${n} to ${o.version}.`);
-    } else
-      o.version = "0.0.001", await e.writeFile("package.json", JSON.stringify(o, void 0, 4), "utf8"), console.warn(`⚠️ Version initialised to ${o.version}.`);
-  } catch (o) {
-    console.error("❌ Error bumping package version.", o);
+    const e = JSON.parse(await n.readFile(`${o}package.json`, "utf8"));
+    if (e.version == null)
+      e.version = "0.0.001", await n.writeFile(`${o}package.json`, JSON.stringify(e, void 0, 4), "utf8"), console.warn(`⚠️ Version initialised to ${e.version}.`);
+    else {
+      const i = e.version, t = e.version.split(".");
+      e.version = `${t[0]}.${t[1]}.${Number(t[2]) + 1}`, await n.writeFile(`${o}package.json`, JSON.stringify(e, void 0, 4), "utf8"), console.info(`✅ Version bumped from ${i} to ${e.version}.`);
+    }
+  } catch (e) {
+    console.error("❌ Error bumping package version.", e);
   }
 }
 function F(o) {
   console.error(`❌ ${o} script not implemented.`);
 }
 async function R() {
-  const o = "<!-- DEPENDENCY_LICENSES_START -->", n = "<!-- DEPENDENCY_LICENSES_END -->";
+  const o = "<!-- DEPENDENCY_LICENSES_START -->", e = "<!-- DEPENDENCY_LICENSES_END -->";
   try {
-    const t = (await e.readFile("./licenses.md", "utf8")).trim(), i = await e.readFile("./README.md", "utf8"), r = i.indexOf(o), s = i.indexOf(n);
+    const i = (await n.readFile("./licenses.md", "utf8")).trim(), t = await n.readFile("./README.md", "utf8"), r = t.indexOf(o), s = t.indexOf(e);
     (r === -1 || s === -1) && (console.error("Error: Markers not found in README.md"), process.exit(1));
-    const d = i.substring(0, r + o.length) + `
-` + t + `
-` + i.substring(s);
-    await e.writeFile("README.md", d, "utf8"), console.log("✓ README.md updated with license information");
-  } catch (t) {
-    console.error("Error updating README:", t), process.exit(1);
+    const d = t.substring(0, r + o.length) + `
+` + i + `
+` + t.substring(s);
+    await n.writeFile("README.md", d, "utf8"), console.log("✓ README.md updated with license information");
+  } catch (i) {
+    console.error("Error updating README:", i), process.exit(1);
   }
 }
 async function k() {
+  try {
+    const o = JSON.parse(await n.readFile("./dependency-check-report.json", "utf-8"));
+    let e = 0;
+    for (const t of o.dependencies)
+      e += t.vulnerabilities.length;
+    console.log("vulnerabilityCount", e);
+    const i = await n.readFile("./README.md", "utf8");
+  } catch (o) {
+    console.error("Error updating README:", o), process.exit(1);
+  }
+}
+async function D() {
   try {
     console.info("🚀 Sending deployment notice...");
-    const o = JSON.parse(await e.readFile("config.json", "utf8")), n = {
+    const o = JSON.parse(await n.readFile("config.json", "utf8")), e = {
       body: JSON.stringify(o),
       headers: { "Content-Type": "application/json" },
       method: "PUT"
-    }, t = await fetch(`https://api.datapos.app/states/${o.id}`, n);
-    if (!t.ok) throw new Error(await t.text());
+    }, i = await fetch(`https://api.datapos.app/states/${o.id}`, e);
+    if (!i.ok) throw new Error(await i.text());
     console.info("✅ Deployment notice sent.");
   } catch (o) {
     console.error("❌ Error sending deployment notice.", o);
@@ -126,43 +139,43 @@ async function k() {
 async function I() {
   try {
     console.info("🚀 Synchronising with GitHub....");
-    const o = JSON.parse(await e.readFile("package.json", "utf8"));
+    const o = JSON.parse(await n.readFile("package.json", "utf8"));
     await g("git add ."), await g(`git commit -m "v${o.version}"`), await g("git push origin main:main"), console.info(`✅ Synchronised version ${o.version} with GitHub.`);
   } catch (o) {
     console.error("❌ Error synchronising with GitHub.", o);
   }
 }
-async function D(o, n) {
+async function A(o, e) {
   try {
     console.info("🚀 Uploading directory to R2....");
-    async function t(r, s, d) {
+    async function i(r, s, d) {
       for (const a of d) {
         const c = `${r}/${a}`, l = `${s}/${a}`;
-        if ((await e.stat(c)).isDirectory()) {
-          const p = await e.readdir(c);
-          await t(c, l, p);
+        if ((await n.stat(c)).isDirectory()) {
+          const u = await n.readdir(c);
+          await i(c, l, u);
         } else {
           console.info(`⚙️ Uploading '${r}/${a}'...`);
-          const p = `wrangler r2 object put "datapos-sample-data-eu/${s}/${a}" --file="${r}/${a}" --jurisdiction=eu --remote`, u = await g(p);
-          if (u.stderr) throw new Error(u.stderr);
+          const u = `wrangler r2 object put "datapos-sample-data-eu/${s}/${a}" --file="${r}/${a}" --jurisdiction=eu --remote`, p = await g(u);
+          if (p.stderr) throw new Error(p.stderr);
         }
       }
     }
-    const i = await e.readdir(`${o}/${n}/`);
-    await t(`${o}/${n}`, n, i), console.info("✅ Directory uploaded to R2.");
-  } catch (t) {
-    console.error("❌ Error uploading directory to R2.", t);
+    const t = await n.readdir(`${o}/${e}/`);
+    await i(`${o}/${e}`, e, t), console.info("✅ Directory uploaded to R2.");
+  } catch (i) {
+    console.error("❌ Error uploading directory to R2.", i);
   }
 }
-async function A() {
+async function M() {
   try {
     console.info("🚀 Uploading module configuration....");
-    const o = JSON.parse(await e.readFile("config.json", "utf8")), n = o.id, t = {
+    const o = JSON.parse(await n.readFile("config.json", "utf8")), e = o.id, i = {
       body: JSON.stringify(o),
       headers: { "Content-Type": "application/json" },
       method: "PUT"
-    }, i = await fetch(`https://api.datapos.app/states/${n}`, t);
-    if (!i.ok) throw new Error(await i.text());
+    }, t = await fetch(`https://api.datapos.app/states/${e}`, i);
+    if (!t.ok) throw new Error(await t.text());
     console.info("✅ Module configuration uploaded.");
   } catch (o) {
     console.error("❌ Error uploading module configuration.", o);
@@ -171,22 +184,22 @@ async function A() {
 async function P(o) {
   try {
     console.info("🚀 Uploading module to R2...");
-    const t = `v${JSON.parse(await e.readFile("package.json", "utf8")).version}`;
-    async function i(r, s = "") {
-      const d = await e.readdir(r, { withFileTypes: !0 });
+    const i = `v${JSON.parse(await n.readFile("package.json", "utf8")).version}`;
+    async function t(r, s = "") {
+      const d = await n.readdir(r, { withFileTypes: !0 });
       for (const a of d) {
         const c = `${r}/${a.name}`, l = s ? `${s}/${a.name}` : a.name;
         if (!a.isDirectory()) {
-          const f = `${o}_${t}/${l}`.replace(/\\/g, "/"), p = a.name.endsWith(".js") ? "application/javascript" : a.name.endsWith(".css") ? "text/css" : "application/octet-stream";
+          const f = `${o}_${i}/${l}`.replace(/\\/g, "/"), u = a.name.endsWith(".js") ? "application/javascript" : a.name.endsWith(".css") ? "text/css" : "application/octet-stream";
           console.info(`⚙️ Uploading '${l}' → '${f}'...`);
-          const { stderr: u } = await g(`wrangler r2 object put "${f}" --file="${c}" --content-type ${p} --jurisdiction=eu --remote`);
-          if (u) throw new Error(u);
+          const { stderr: p } = await g(`wrangler r2 object put "${f}" --file="${c}" --content-type ${u} --jurisdiction=eu --remote`);
+          if (p) throw new Error(p);
         }
       }
     }
-    await i("dist"), console.info("✅ Module uploaded to R2.");
-  } catch (n) {
-    console.error("❌ Error uploading module to R2.", n);
+    await t("dist"), console.info("✅ Module uploaded to R2.");
+  } catch (e) {
+    console.error("❌ Error uploading module to R2.", e);
   }
 }
 export {
@@ -198,9 +211,10 @@ export {
   C as bumpVersion,
   F as echoScriptNotImplemented,
   R as insertLicensesIntoReadme,
-  k as sendDeploymentNotice,
+  k as insertOWASPDependencyCheckBadgeIntoReadme,
+  D as sendDeploymentNotice,
   I as syncWithGitHub,
-  D as uploadDirectoryToR2,
-  A as uploadModuleConfigToDO,
+  A as uploadDirectoryToR2,
+  M as uploadModuleConfigToDO,
   P as uploadModuleToR2
 };

package/dist/types/src/index.d.ts

@@ -6,12 +6,13 @@ declare function buildPublicDirectoryIndex(id: string): Promise<void>;
 declare function buildConnectorConfig(): Promise<void>;
 declare function buildContextConfig(): Promise<void>;
 declare function buildPresenterConfig(): Promise<void>;
-declare function bumpVersion(): Promise<void>;
+declare function bumpVersion(path?: string): Promise<void>;
 declare function echoScriptNotImplemented(name: string): void;
 declare function insertLicensesIntoReadme(): Promise<void>;
+declare function insertOWASPDependencyCheckBadgeIntoReadme(): Promise<void>;
 declare function sendDeploymentNotice(): Promise<void>;
 declare function syncWithGitHub(): Promise<void>;
 declare function uploadDirectoryToR2(sourceDirectory: string, uploadDirectory: string): Promise<void>;
 declare function uploadModuleConfigToDO(): Promise<void>;
 declare function uploadModuleToR2(uploadDirPath: string): Promise<void>;
-export { buildConfig, buildConnectorConfig, buildContextConfig, buildPresenterConfig, buildPublicDirectoryIndex, bumpVersion, echoScriptNotImplemented, insertLicensesIntoReadme, sendDeploymentNotice, syncWithGitHub, uploadDirectoryToR2, uploadModuleConfigToDO, uploadModuleToR2 };
+export { buildConfig, buildConnectorConfig, buildContextConfig, buildPresenterConfig, buildPublicDirectoryIndex, bumpVersion, echoScriptNotImplemented, insertLicensesIntoReadme, insertOWASPDependencyCheckBadgeIntoReadme, sendDeploymentNotice, syncWithGitHub, uploadDirectoryToR2, uploadModuleConfigToDO, uploadModuleToR2 };

package/dist/types/tests/index.test.d.ts

@@ -0,0 +1,4 @@
+/**
+ * Tests.
+ */
+export {};

package/package.json

@@ -1,7 +1,7 @@
 {
     "name": "@datapos/datapos-development",
-    "version": "0.3.102",
-    "description": "A TypeScript library of utilities for managing the Data Positioning repositories.",
+    "version": "0.3.113",
+    "description": "A library of utilities for managing the Data Positioning repositories.",
     "license": "MIT",
     "author": "Jonathan Terrell <terrell.jm@gmail.com>",
     "private": false,
@@ -37,8 +37,10 @@
         "jiti": "^2.6.1",
         "license-report": "^6.8.1",
         "license-report-check": "^0.1.2",
+        "license-report-recursive": "^6.8.2",
         "nanoid": "^5.1.6",
         "npm-check-updates": "^19.1.2",
+        "owasp-dependency-check": "^1.0.0",
         "prettier": "^3.6.2",
         "retire": "^5.3.0",
         "rollup-plugin-visualizer": "^6.0.5",
@@ -47,23 +49,29 @@
         "typescript": "^5.9.3",
         "vite": "^7.2.4",
         "vite-plugin-dts": "^4.5.4",
+        "vitest": "^4.0.14",
         "zod": "^4.1.13"
     },
     "scripts": {
         "audit": "npm audit",
         "build": "vite build",
         "check": "npm outdated; npm-check-updates -i && retire",
-        "document": "npm run _document:licenceReport && npm run _document:licenceCheck",
+        "document": "npm run _document:licenceReportJSON && npm run _document:licenceReportMarkdown && npm run _document:licenceReportCheck && npm run _document:insertLicensesIntoReadme && npm run _document:licenceTree && npm run _document:licenceTreeCheck",
         "format": "prettier --write src/",
         "lint": "eslint .",
         "publish:toNPM": "npm publish --access public",
         "release": "npm run _bump:version && npm run build && npm run _sync:withGitHub && npm run publish:toNPM",
         "sync": "npm run _bump:version && npm run _sync:withGitHub",
-        "test": "node -e \"import('./dist/datapos-development.es.js').then(m => m.echoScriptNotImplemented('Test'))\"",
+        "test": "vitest",
         "update:dataPosDeps": "npm run _update:sharedDep",
         "_bump:version": "node -e \"import('./dist/datapos-development.es.js').then(m => m.bumpVersion())\"",
-        "_document:licenceReport": "license-report --only=prod,peer > LICENSES.json",
-        "_document:licenceCheck": "license-report-check --source ./LICENSES.json --allowed 'MIT' --allowed 'n/a' --allowed 'Apache-2.0' --output=table",
+        "_check:owasp": "set -a && source .env && set +a && owasp-dependency-check --project \"@datapos/datapos-tool-micromark\" --enableRetired --nvdApiKey \"$NVD_API_KEY\"",
+        "_document:licenceReportJSON": "license-report --only=prod,peer --department.value=n/a --licensePeriod=n/a --material=n/a --relatedTo.value=n/a > licenses.json",
+        "_document:licenceReportMarkdown": "license-report --config license-report-config.json --only=prod,peer --output=markdown > licenses.md",
+        "_document:licenceReportCheck": "license-report-check --source ./licenses.json --allowed 'MIT' --allowed 'n/a' --allowed 'Apache-2.0' --allowed 'CC0-1.0' --output=table",
+        "_document:licenceTree": "license-report-recursive --only=prod,peer --department.value=n/a --licensePeriod=n/a --material=n/a --relatedTo.value=n/a --recurse --output=tree > licenseTree.json",
+        "_document:licenceTreeCheck": "license-report-check --source ./licenseTree.json --allowed 'MIT' --allowed 'n/a' --allowed 'Apache-2.0' --allowed 'CC0-1.0' --output=table",
+        "_document:insertLicensesIntoReadme": "node -e \"import('./dist/datapos-development.es.js').then(m => m.insertLicensesIntoReadme())\"",
         "_sync:withGitHub": "node -e \"import('./dist/datapos-development.es.js').then(m => m.syncWithGitHub())\"",
         "_update:sharedDep": "npm install @datapos/datapos-shared@latest"
     },