npm - @datapos/datapos-development - Versions diffs - 0.3.331 → 0.3.345 - Mend

@datapos/datapos-development 0.3.331 → 0.3.345

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/README.md +60 -175
package/default.editorconfig +13 -0
package/dist/datapos-development.es.js +10 -10
package/dist/datapos-development.es.js.map +1 -1
package/dist/types/src/utilities/index.d.ts +2 -1
package/package.json +6 -5

package/README.md CHANGED Viewed

@@ -5,231 +5,116 @@
 [![npm version](https://img.shields.io/npm/v/@datapos/datapos-development.svg)](https://www.npmjs.com/package/@datapos/datapos-development)
 [![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](./LICENSE)
-A library of utilities used to manage Data Positioning repositories.
+<!-- SUMMARY_START -->
+A collection of utilities for managing Data Positioning projects.
+<!-- SUMMARY_END -->
 ## Installation
-Install as a development (dev) dependency:
+Install as a development dependency:
 ```bash
 npm install --save-dev @datapos/datapos-development
 ```
-Ensure your local `.env` file contains the following variables:
-```bash
-GITHUB_DOWNLOAD_LICENSE_API_TOKEN="<GITHUB_API_TOKEN>"
-NPM_TOKEN="<NPM_TOKEN>"
-OWASP_NVD_API_KEY="<NVD_API_KEY>"
-```
+> See the Data Positioning security documentation for additional initialization requirements.
 ## Utilities
-The `src/index.ts' file exposes the following utilities:
+The library implements the following utilities:
+| Name                      | Notes                                                                                                                                                                                                                                                                                                              |
+| ------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| auditDependencies         | Audit the project's dependencies for known security vulnerabilities. uses the owasp-dependency-check module to perform the checks. Updates the OWASP badge(s) at the top of this page. Also runs the 'npm outdated`command.                                                                                        |
+| buildDirectoryIndex       | Build an index for the specified directory path.                                                                                                                                                                                                                                                                   |
+| buildProject              | Builds the package using Vite. Output to '/dist' directory. Wrangler for api. Nuxt for app-nuxt. Builds bundle analysis reports.                                                                                                                                                                                   |
+| checkDependencies         | Identifies outdated dependencies using npm `outdated` and `npm-check-updates` with option to automatically install latest versions.                                                                                                                                                                                |
+| documentDependencies      | Identify licenses of the project's production and peer dependencies. Updates the table in the **Dependency Licenses** section of this page and summary files licenses.json and licenseTree.json in th licenses directory of this repository. Also downloads a copy of dependency license to `licenses/downloads'.. |
+| formatCode                | Uses `prettier` to enforce formatting style rules.                                                                                                                                                                                                                                                                 |
+| lintCode                  | Uses `eslint` to check the code for potential errors and enforces coding style rules.                                                                                                                                                                                                                              |
+| releaseProject            | Bump version, builds config, builds project, synchronise with `GitHub` and publish to `npm` or Cloudflare.                                                                                                                                                                                                         |
+| syncProjectWithGitHub     | Synchronise the local repository with the main GitHub repository.                                                                                                                                                                                                                                                  |
+| testProject               | ❌ Not implemented.                                                                                                                                                                                                                                                                                                |
+| updateDataPosDependencies | Install the latest version of the specified Data Positioning dependencies.                                                                                                                                                                                                                                         |
-| Name                      | Notes                                                             |
-| ------------------------- | ----------------------------------------------------------------- |
-| auditDependencies         |                                                                   |
-| buildDirectoryIndex       | Build an index for a given directory.                             |
-| buildProject              |                                                                   |
-| checkDependencies         |                                                                   |
-| documentDependencies      |                                                                   |
-| formatCode                |                                                                   |
-| lintCode                  |                                                                   |
-| releaseProject            |                                                                   |
-| syncProjectWithGitHub     | Synchronise the local repository with the main GitHub repository. |
-| testProject               |                                                                   |
-| updateDataPosDependencies |                                                                   |
+### Usage
-All of the above utilities are designed to be run from `package.json` scripts and assume that the repository follows the standard Data Positioning directory structure and includes a `config.json` file in the root directory.
+All utilities are designed to be run from `package.json` scripts and assume that the project follows the standard Data Positioning directory structure and that it includes a `config.json` file in the root directory.
 ```json
 {
     ...
     "scripts": {
-        ...
-        "build": "node -e \"import('@datapos/datapos-development').then(m => m.buildProject())\""
-        ...
+        "audit": "node -e \"import('@datapos/datapos-development').then(m => m.auditDependencies())\"",
+        "build": "node -e \"import('@datapos/datapos-development').then(m => m.buildProject())\"",
+        "check": "node -e \"import('@datapos/datapos-development').then(m => m.checkDependencies())\"",
+        "document": "node -e \"import('@datapos/datapos-development').then(m => m.documentDependencies(['MIT']))\"",
+        "format": "node -e \"import('@datapos/datapos-development').then(m => m.formatCode())\"",
+        "lint": "node -e \"import('@datapos/datapos-development').then(m => m.lintCode())\"",
+        "release": "node -e \"import('@datapos/datapos-development').then(m => m.releaseProject())\"",
+        "sync": "node -e \"import('@datapos/datapos-development').then(m => m.syncProjectWithGitHub())\"",
+        "test": "node -e \"import('@datapos/datapos-development').then(m => m.testProject())\"",
+        "update": "node -e \"import('@datapos/datapos-development').then(m => m.updateDataPosDependencies(['development']))\""
     }
     ...
 }
 ```
-## Reports & Compliance
+## Bundle Analysis Reports
+The Bundle Analysis Report provides a detailed breakdown of the bundle’s composition and module sizes, helping identify which modules contribute most to the final build. It is generated automatically on each release using the `npm` package [rollup-plugin-visualizer](https://www.npmjs.com/package/rollup-plugin-visualizer).
+[View the Bundle Analysis Report](https://data-positioning.github.io/datapos-development/bundle-analysis-reports/rollup-visualiser/index.html) created by the **rollup visualiser** plugin.
-### Dependency Check Report
+[View the Bundle Analysis Report](https://data-positioning.github.io/datapos-development/bundle-analysis-reports/sonda/index.html) created by the **sonda** plugin.
+## Dependency Check Report
 The OWASP Dependency Check Report identifies known vulnerabilities in project dependencies. It is generated automatically on each release using the `npm` package [owasp-dependency-check](https://dependency-check.github.io/DependencyCheck/index.html).
 [View the OWASP Dependency Check Report](https://data-positioning.github.io/datapos-development/dependency-check-report.html)
-### Dependency Licenses
+## Dependency Licenses
-The following table lists the top-level production and peer dependencies. All of these dependencies—along with their transitive dependencies—have been recursively verified to use one of the following commercially friendly licenses: **Apache-2.0**, **BSD-2-Clause**, **CC0-1.0**, or **MIT**. Developers cloning this repository should independently verify all **development** and **optional** dependencies. This project is used solely to support development activities and is not used in production or distributed in any other form.
+The following table lists the top-level production and peer dependencies. All of these dependencies—along with their transitive dependencies—have been recursively verified to use one of the following commercially friendly licenses: **BSD-2-Clause**, **CC0-1.0**, or **MIT**. Developers cloning this repository should independently verify all **development** and **optional** dependencies. This project supports development activities only. It is not used in production or distributed in any other form.
 We use the `npm` packages [license-report](https://www.npmjs.com/package/license-report), [license-report-check](https://www.npmjs.com/package/license-report-check), [license-report-recursive](https://www.npmjs.com/package/license-report-recursive) and [license-downloader](https://www.npmjs.com/package/license-downloader) to identify all dependency licenses and include copies of them. We do not use any unlicensed dependencies in either production or development.
 <!-- DEPENDENCY_LICENSES_START -->
-|Name|Type|Installed|Latest|Latest Release|Deps|Document|
-|:-|:-|:-:|:-:|:-|-:|:-|
-|@datapos/datapos-shared|MIT|0.3.298 ⚠️|0.3.300|this month: 2025-12-10|3|[LICENSE](https://raw.githubusercontent.com/data-positioning/datapos-shared/main/LICENSE)|
-|acorn|MIT|8.15.0|8.15.0|6 months ago: 2025-06-09|0|⚠️ No license file|
-|acorn-typescript|MIT|1.4.13|1.4.13|23 months ago: 2024-01-03❗|1|[LICENSE](https://raw.githubusercontent.com/TyrealHu/acorn-typescript/master/LICENSE)|
-|acorn-walk|MIT|8.3.4|8.3.4|15 months ago: 2024-09-09❗|1|⚠️ No license file|
-|dotenv|BSD-2-Clause|17.2.3|17.2.3|2 months ago: 2025-09-29|0|[LICENSE](https://raw.githubusercontent.com/motdotla/dotenv/master/LICENSE)|
-|zod|MIT|4.1.13|4.1.13|this month: 2025-12-07|0|[LICENSE](https://raw.githubusercontent.com/colinhacks/zod/main/LICENSE)|
+| Name                    | Type         | Installed  | Latest  | Latest Release              | Deps | Document                                                                                  |
+| :---------------------- | :----------- | :--------: | :-----: | :-------------------------- | ---: | :---------------------------------------------------------------------------------------- |
+| @datapos/datapos-shared | MIT          | 0.3.298 ⚠️ | 0.3.300 | this month: 2025-12-10      |    3 | [LICENSE](https://raw.githubusercontent.com/data-positioning/datapos-shared/main/LICENSE) |
+| acorn                   | MIT          |   8.15.0   | 8.15.0  | 6 months ago: 2025-06-09    |    0 | ⚠️ No license file                                                                        |
+| acorn-typescript        | MIT          |   1.4.13   | 1.4.13  | 23 months ago: 2024-01-03❗ |    1 | [LICENSE](https://raw.githubusercontent.com/TyrealHu/acorn-typescript/master/LICENSE)     |
+| acorn-walk              | MIT          |   8.3.4    |  8.3.4  | 15 months ago: 2024-09-09❗ |    1 | ⚠️ No license file                                                                        |
+| dotenv                  | BSD-2-Clause |   17.2.3   | 17.2.3  | 2 months ago: 2025-09-29    |    0 | [LICENSE](https://raw.githubusercontent.com/motdotla/dotenv/master/LICENSE)               |
+| zod                     | MIT          |   4.1.13   | 4.1.13  | this month: 2025-12-07      |    0 | [LICENSE](https://raw.githubusercontent.com/colinhacks/zod/main/LICENSE)                  |
 <!-- DEPENDENCY_LICENSES_END -->
+Insert link to other document for detailed explanation. Only show messages if issues arise.
 1. **Installed** column:
-    A ⚠️ symbol is used to highlight any installed version that does not match the latest available version.
+    The ⚠️ symbol indicates that the installed version does not match the latest available version.”.
 1. **Latest Release** column:
-    A ⚠️ symbol is used to highlight any dependency that has gone **more than 6 months** without an update but **no more than 12 months**.
+    The ⚠️ symbol indicates that the dependency has gone **more than 6 months** without an update but **no more than 12 months**.
-    A **❗** symbol indicates a dependency that has gone **more than 12 months** without an update.
+    The ❗ symbol indicates a dependency that has gone **more than 12 months** without an update.
     If a dependency has no, or only a small number of, transitive dependencies, then it may not require frequent updates. The **Deps** column shows the number of transitive dependencies. Full details for these dependencies can be found in [licenses/licenseTree.json](licenses/licenseTree.json).
 1. **Document** column:
-    The message “⚠️ No license file” is used to highlight any dependency that does not include a license file.
-### Bundle Analysis Report
-The Bundle Analysis Report provides a detailed breakdown of the bundle's composition and module sizes, helping to identify which modules contribute most to the final build. It is generated automatically on each release using the `npm` package [rollup-plugin-visualizer](https://www.npmjs.com/package/rollup-plugin-visualizer).
-[View the Bundle Analysis Report](https://data-positioning.github.io/datapos-development/stats.html)
-## Repository Management Commands
-Implements the common Data Positioning repository management command detailed in
-The table below lists the repository management commands available in this project.
-For detailed implementation, see the `scripts` section in the `package.json` file.
-| Name               | VS Key Code      | Notes                                                                                                                                           |
-| ------------------ | ---------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- |
-| audit              | alt+ctrl+shift+a | Audit the project's dependencies for known security vulnerabilities.                                                                            |
-| build              | alt+ctrl+shift+b | Build the package using Vite. Output to '/dist' directory.                                                                                      |
-| check              | alt+ctrl+shift+c | Identify outdated dependencies using npm `outdated` and `npm-check-updates` with option to install latest versions. Also runs `retire` scanner. |
-| document           | alt+ctrl+shift+d | Identify licenses of the project's production and peer dependencies. See [licenses.json](./licenses.json).                                      |
-| format             | alt+ctrl+shift+f | Use `prettier` to enforce formatting style rules.                                                                                               |
-| lint               | alt+ctrl+shift+l | Use `eslint` to check the code for potential errors and enforces coding style rules.                                                            |
-| release            | alt+ctrl+shift+r | Bump version, build library, synchronise with `GitHub` and publish to `npm`.                                                                    |
-| sync:withGitHub    | alt+ctrl+shift+s | Synchronise local repository with the main GitHub repository.                                                                                   |
-| test               | alt+ctrl+shift+t | ❌ Not implemented.                                                                                                                             |
-| update:dataPosDeps | alt+ctrl+shift+u | Install the latest version of all Data Positioning dependencies.                                                                                |
-## TODO
-1. Enhance `uploadDirectoryToR2`to batch upload files so more efficient and performant.
-2. Review if it is better to replace all `execCommand`calls with `spawnCommand` calls?
+    The “⚠️ No license file” message indicates a dependency that does not include a license file.
 ## License
-This project is licensed under the MIT License, allowing free use, modification, and distribution.
+This project is licensed under the MIT License, permitting free use, modification, and distribution.
 [MIT](./LICENSE) © 2026 Data Positioning Pty Ltd
-## Review License Reporting
-Here’s a step-by-step license compliance checklist for Node.js projects that combines automated tooling like license-report with manual verification. This is designed to make sure your MIT project remains compliant when using third-party dependencies.
-Node.js License Compliance Checklist
-Step 1: Generate initial license report
-Run your tool, e.g., license-report:
-npx license-report --json > licenses.json
-Save the output for review.
-This gives a first-pass list of all dependencies and their declared licenses.
-Step 2: Identify potential issues
-For each dependency in the report, check for:
-Flag What it means Action
-No license declared No license field in package.json Check for LICENSE file in repo. If none, contact author or replace dependency.
-Custom/proprietary license License not recognized Manually review the license text and confirm compatibility.
-Copyleft license (GPL, LGPL) May require release of modifications If LGPL, ensure linking rules are followed. GPL may restrict distribution.
-License mismatch License field differs from LICENSE file Trust LICENSE file; update your report accordingly.
-Step 3: Verify actual license text
-Check the dependency’s repository for a LICENSE file.
-Confirm that the license text matches the package.json declaration.
-For multi-license projects, note which license applies to the code you are using.
-Step 4: Document all licenses
-Create a ThirdPartyLicenses.md or LICENSES/ folder in your project.
-For each dependency, include:
-Dependency name and version
-License type (from LICENSE file)
-URL to repository or package
-Any copyleft obligations (e.g., “LGPL: modifications must remain LGPL”)
-Example (ThirdPartyLicenses.md):
-# Third-Party Dependencies
-## LibraryA 1.2.3
-- License: Apache-2.0
-- Repository: https://github.com/user/libraryA
-- License text: LICENSES/LibraryA.txt
-## LibraryB 4.5.6
-- License: BSD-2-Clause
-- Repository: https://github.com/user/libraryB
-- License text: LICENSES/LibraryB.txt
-## LibraryC 0.1.2
-- License: LGPL-3.0-only
-- Repository: https://github.com/user/libraryC
-- License text: LICENSES/LibraryC.txt
-- Note: If you modify this library, modifications must remain LGPL-3.0-only
-Step 5: Include license texts
-Copy the full license text into your project for each dependency.
-Put each in LICENSES/LibraryName.txt or combine into ThirdPartyLicenses.md.
-Make it easily accessible to end users.
-Step 6: Audit before release
-Review all dependencies: no missing licenses.
-Confirm compliance with copyleft licenses.
-Ensure your own MIT license only covers your code.
-Update ThirdPartyLicenses.md whenever dependencies are added/updated.
-Step 7: Automate for future
-Use CI scripts to regenerate license report on npm install or release.
-Fail the build if any dependency has “no license” or an incompatible license.
-Optional tools:
-license-checker (Node.js)
-npm-license-crawler
-fossology (more comprehensive scanning)

package/default.editorconfig ADDED Viewed

@@ -0,0 +1,13 @@
+# Data Positioning default EditorConfig
+root = true
+[*]
+charset = utf-8
+end_of_line = lf
+indent_style = space
+indent_size = 4
+insert_final_newline = true
+trim_trailing_whitespace = true
+[*.md]
+trim_trailing_whitespace = false

package/dist/datapos-development.es.js CHANGED Viewed

@@ -1,10 +1,10 @@
 import { promises as ge } from "node:fs";
 import { nanoid as Ds } from "nanoid";
 import Ms from "node:path";
-import { promisify as Vs } from "node:util";
-import { exec as zs, spawn as js } from "node:child_process";
-import { CONNECTOR_SOURCE_OPERATIONS as Fs, CONNECTOR_DESTINATION_OPERATIONS as $s } from "@datapos/datapos-shared";
-import { fileURLToPath as Bs, URL as Zs } from "node:url";
+import { fileURLToPath as Vs, URL as zs } from "node:url";
+import { promisify as js } from "node:util";
+import { exec as Fs, spawn as $s } from "node:child_process";
+import { CONNECTOR_SOURCE_OPERATIONS as Bs, CONNECTOR_DESTINATION_OPERATIONS as Zs } from "@datapos/datapos-shared";
 function k(e, t, i) {
   function r(d, y) {
     if (d._zod || Object.defineProperty(d, "_zod", {
@@ -7650,7 +7650,7 @@ function Fh(e) {
     return Rs;
   };
 }
-const $h = Vs(zs);
+const $h = js(Fs);
 async function Bh(e) {
   let t;
   try {
@@ -7726,7 +7726,7 @@ async function Uh(e) {
 }
 async function Ie(e, t, i = [], r = !1) {
   return re(`${e} - spawn(${t} ${i.join(" ")})`), new Promise((n, u) => {
-    js(t, i, { stdio: "inherit" }).on("close", (d) => {
+    $s(t, i, { stdio: "inherit" }).on("close", (d) => {
       d === 0 || r ? n() : u(new Error(`${t} exited with code ${d}`));
     });
   });
@@ -7908,7 +7908,7 @@ async function Ns(e, t, i = "./") {
 function Jh(e) {
   let t = !1, i = !1;
   for (const r of e)
-    Fs.includes(r) && (t = !0), $s.includes(r) && (i = !0);
+    Bs.includes(r) && (t = !0), Zs.includes(r) && (i = !0);
   return t && i ? "bidirectional" : t ? "source" : i ? "destination" : "unknown";
 }
 const Yh = {
@@ -7932,7 +7932,7 @@ async function vl() {
       "--nodePackageSkipDevDependencies",
       "--nvdApiKey",
       process.env.OWASP_NVD_API_KEY ?? ""
-    ]), await el("2️⃣"), await Ie("3️⃣  Check using 'npm outdated'", "npm", ["audit"]), Fe("Dependencies audited.");
+    ]), await el("2️⃣"), await Ie("3️⃣  Check using 'npm audit'", "npm", ["audit"]), Fe("Dependencies audited.");
   } catch (e) {
     console.error("❌ Error auditing dependencies.", e), process.exit(1);
   }
@@ -7978,7 +7978,7 @@ const Sr = "<!-- DEPENDENCY_LICENSES_START -->", il = "<!-- DEPENDENCY_LICENSES_
 async function gl(e = [], t = !0) {
   try {
     Re("Document Dependencies"), await Li();
-    const i = e.flatMap((n) => ["--allowed", `'${n}'`]), r = Bs(new Zs(import.meta.resolve("@datapos/datapos-development/license-report-config")));
+    const i = e.flatMap((n) => ["--allowed", `'${n}'`]), r = Vs(new zs(import.meta.resolve("@datapos/datapos-development/license-report-config")));
     await Te(
       "1️⃣  Generate 'licenses.json' file",
       "license-report",
@@ -8028,7 +8028,7 @@ async function rl(e, t) {
       return S.values();
     })()
   ];
-  let o = `|Name|Type|Installed|Latest|Latest Release|Deps|Document|
+  let o = `|Name|Type|Installed|Latest|Latest Released|Deps|Document|
 |:-|:-|:-:|:-:|:-|-:|:-|
 `;
   for (const S of y) {