npm - @humaan/patch-patrol - Versions diffs - 0.3.1 → 0.4.0 - Mend

@humaan/patch-patrol 0.3.1 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/dist/cli.js CHANGED Viewed

@@ -1,6 +1,6 @@
 import { intro, outro } from '@clack/prompts';
 import { loadRules } from './advisories.js';
-import { actionRepo } from './repo-actions.js';
+import { actionRepos } from './repo-actions.js';
 import { finish, printRules } from './output.js';
 import { runScan } from './scanner.js';
 import { getRuleOrThrow, parseArgs } from './options.js';
@@ -33,9 +33,7 @@ export async function runCli(argv = process.argv.slice(2)) {
             finish(options, 'No projects selected. Nothing changed.');
             return;
         }
-        for (const affectedRepo of selectedRepos) {
-            await actionRepo(affectedRepo, rule, options);
-        }
+        await actionRepos(selectedRepos, rule, options);
         if (options.interactive)
             outro('Selected projects processed.');
     }

package/dist/git.js CHANGED Viewed

@@ -6,6 +6,11 @@ export function ensureClean(repo) {
     if (status.stdout.trim())
         throw new Error(`${repo} has uncommitted changes; skipping to avoid overwriting local work.`);
 }
+export async function ensureCleanAsync(repo) {
+    const status = await runAsync('git', ['status', '--porcelain'], repo, { capture: true });
+    if (status.stdout.trim())
+        throw new Error(`${repo} has uncommitted changes; skipping to avoid overwriting local work.`);
+}
 export function checkoutFreshBranch(repo, rule, options, quiet = false) {
     const defaultBranch = getDefaultBranch(repo);
     run('git', ['checkout', defaultBranch], repo, { quiet });
@@ -13,7 +18,7 @@ export function checkoutFreshBranch(repo, rule, options, quiet = false) {
     run('git', ['checkout', '-B', getBranchName(rule, options)], repo, { quiet });
 }
 export async function checkoutFreshBranchAsync(repo, rule, options, quiet = false) {
-    const defaultBranch = getDefaultBranch(repo);
+    const defaultBranch = await getDefaultBranchAsync(repo);
     await runAsync('git', ['checkout', defaultBranch], repo, { quiet });
     await runAsync('git', ['pull', '--ff-only'], repo, { quiet });
     await runAsync('git', ['checkout', '-B', getBranchName(rule, options)], repo, { quiet });
@@ -23,6 +28,11 @@ export function getCheckoutState(repo) {
     const branch = run('git', ['branch', '--show-current'], repo, { capture: true }).stdout.trim();
     return { ref: branch || commit, commit, detached: !branch };
 }
+export async function getCheckoutStateAsync(repo) {
+    const commit = (await runAsync('git', ['rev-parse', 'HEAD'], repo, { capture: true })).stdout.trim();
+    const branch = (await runAsync('git', ['branch', '--show-current'], repo, { capture: true })).stdout.trim();
+    return { ref: branch || commit, commit, detached: !branch };
+}
 export function restoreCheckout(repo, state, quiet = false) {
     run('git', ['checkout', state.ref], repo, { quiet });
 }
@@ -34,7 +44,7 @@ export function commitChanges(repo, rule, quiet = false) {
     run('git', ['commit', '-m', rule.commitMessage], repo, { quiet });
 }
 export async function commitChangesAsync(repo, rule, quiet = false) {
-    await runAsync('git', ['add', ...getChangedFiles(repo)], repo, { quiet });
+    await runAsync('git', ['add', ...await getChangedFilesAsync(repo)], repo, { quiet });
     await runAsync('git', ['commit', '-m', rule.commitMessage], repo, { quiet });
 }
 export async function pushAndCreatePr(repo, rule, options, quiet = false) {
@@ -68,6 +78,13 @@ function getDefaultBranch(repo) {
     const current = run('git', ['branch', '--show-current'], repo, { capture: true });
     return current.stdout.trim() || 'main';
 }
+async function getDefaultBranchAsync(repo) {
+    const symbolic = await runAsync('git', ['symbolic-ref', 'refs/remotes/origin/HEAD', '--short'], repo, { capture: true, allowFailure: true });
+    if (symbolic?.stdout.trim())
+        return symbolic.stdout.trim().replace(/^origin\//, '');
+    const current = await runAsync('git', ['branch', '--show-current'], repo, { capture: true });
+    return current.stdout.trim() || 'main';
+}
 function getBranchName(rule, options) {
     return `${options.branchPrefix}/${rule.branchName}`;
 }
@@ -83,15 +100,24 @@ function getPrBody(rule) {
 function hasChanges(repo) {
     return Boolean(run('git', ['status', '--porcelain'], repo, { capture: true }).stdout.trim());
 }
+async function hasChangesAsync(repo) {
+    return Boolean((await runAsync('git', ['status', '--porcelain'], repo, { capture: true })).stdout.trim());
+}
 export function getChangedFiles(repo) {
     return run('git', ['status', '--porcelain'], repo, { capture: true }).stdout
         .split('\n')
         .filter(Boolean)
         .map((line) => line.slice(3));
 }
-export { hasChanges };
+export async function getChangedFilesAsync(repo) {
+    return (await runAsync('git', ['status', '--porcelain'], repo, { capture: true })).stdout
+        .split('\n')
+        .filter(Boolean)
+        .map((line) => line.slice(3));
+}
+export { hasChanges, hasChangesAsync };
 async function ensureGithubRemote(repo) {
-    const remotes = listRemotes(repo);
+    const remotes = await listRemotesAsync(repo);
     const github = remotes.find((remote) => remote.github);
     if (github)
         return github;
@@ -99,13 +125,16 @@ async function ensureGithubRemote(repo) {
     const suggestion = origin ? convertOriginToGithub(origin.url) : '';
     const url = await promptForGithubRemote(path.basename(repo), suggestion, parseRemote);
     const name = remotes.some((remote) => remote.name === 'github') ? 'github-pr' : 'github';
-    run('git', ['remote', 'add', name, url], repo, { quiet: true });
+    await runAsync('git', ['remote', 'add', name, url], repo, { quiet: true });
     return parseRemote(name, url);
 }
-function listRemotes(repo) {
-    const result = run('git', ['remote', '-v'], repo, { capture: true });
+async function listRemotesAsync(repo) {
+    const result = await runAsync('git', ['remote', '-v'], repo, { capture: true });
+    return parseRemotes(result.stdout);
+}
+function parseRemotes(stdout) {
     const remotes = new Map();
-    for (const line of result.stdout.trim().split('\n').filter(Boolean)) {
+    for (const line of stdout.trim().split('\n').filter(Boolean)) {
         const match = line.match(/^(\S+)\s+(\S+)\s+\(fetch\)$/);
         if (match)
             remotes.set(match[1], parseRemote(match[1], match[2]));

package/dist/options.js CHANGED Viewed

@@ -10,7 +10,7 @@ export function parseArgs(args) {
         base: undefined,
         branchPrefix: DEFAULT_BRANCH_PREFIX,
         advisoryDir: DEFAULT_ADVISORY_DIR,
-        bumpLevels: new Set(BUMP_LEVELS),
+        bumpLevels: new Set(["minor", "patch"]),
         dryRun: false,
         yes: false,
         createPr: true,
@@ -117,7 +117,7 @@ Options:
   --base <branch>          Base branch for PRs. Defaults to GitHub default branch.
   --branch-prefix <name>   Branch namespace. Default: ${DEFAULT_BRANCH_PREFIX}
   --limit <number>         Stop after processing this many affected repos.
-  --bump <levels>          Only include bump levels: major, minor, patch. Comma-separated.
+  --bump <levels>          Only include bump levels: major, minor, patch. Comma-separated. Default: minor,patch.
   --major                  Only include major version bumps. Can combine with --minor/--patch.
   --minor                  Only include minor version bumps. Can combine with --major/--patch.
   --patch                  Only include patch version bumps. Can combine with --major/--minor.

package/dist/repo-actions.js CHANGED Viewed

@@ -1,18 +1,57 @@
 import fs from 'node:fs/promises';
 import path from 'node:path';
-import { spinner } from '@clack/prompts';
+import { log } from '@clack/prompts';
 import { getUpdates } from './advisories.js';
-import { checkoutFreshBranch, checkoutFreshBranchAsync, commitChanges, commitChangesAsync, ensureClean, getCheckoutState, hasChanges, pushAndCreatePr, pushAndCreatePrAsync, restoreCheckout, restoreCheckoutAsync } from './git.js';
-import { refreshLockfile, refreshLockfileAsync } from './package-manager.js';
+import { checkoutFreshBranchAsync, commitChangesAsync, ensureCleanAsync, getCheckoutStateAsync, hasChangesAsync, pushAndCreatePrAsync, restoreCheckoutAsync } from './git.js';
+import { refreshLockfileAsync } from './package-manager.js';
+import { paddedSpinner } from './spinner.js';
 import { cloneGithubRepo } from './targets.js';
-export async function actionRepo(affectedRepo, rule, options) {
+const actionConcurrency = 3;
+export async function actionRepos(affectedRepos, rule, options) {
+    if (affectedRepos.length === 1) {
+        await actionRepo(affectedRepos[0], rule, options);
+        return;
+    }
+    let completed = 0;
+    let succeeded = 0;
+    let nextIndex = 0;
+    const failures = [];
+    const processNext = async () => {
+        const index = nextIndex;
+        nextIndex += 1;
+        if (index >= affectedRepos.length)
+            return;
+        try {
+            const result = await actionRepo(affectedRepos[index], rule, options, null);
+            succeeded += 1;
+            printActionSuccess(result, options);
+        }
+        catch (error) {
+            const failure = error instanceof Error ? error : new Error(String(error));
+            failures.push(failure);
+            printActionFailure(path.basename(affectedRepos[index].repo), failure, options);
+        }
+        finally {
+            completed += 1;
+        }
+        await processNext();
+    };
+    await Promise.all(Array.from({ length: Math.min(actionConcurrency, affectedRepos.length) }, processNext));
+    if (failures.length > 0) {
+        printActionFailureSummary(`Processed ${completed}/${affectedRepos.length} repos; ${failures.length} failed.`, options);
+        throw failures[0];
+    }
+    printActionSuccess(`Processed ${completed}/${affectedRepos.length} repos; ${succeeded} succeeded.`, options);
+}
+export async function actionRepo(affectedRepo, rule, options, statusOverride) {
     const repoName = path.basename(affectedRepo.repo);
-    const status = createActionStatus(options, repoName);
+    const status = statusOverride === undefined ? createActionStatus(options, repoName) : statusOverride;
     try {
         const result = affectedRepo.github
             ? await actionGithubRepo(affectedRepo, rule, options, status, repoName)
             : await actionLocalRepo(affectedRepo, rule, options, status, repoName);
         status?.stop(result);
+        return result;
     }
     catch (error) {
         status?.stop(`Processing ${repoName} failed.`);
@@ -52,13 +91,10 @@ async function actionLocalRepo(affectedRepo, rule, options, status, repoName) {
             console.log(`  [${update.bumpLevel}] ${update.section}.${update.name}: ${update.from} -> ${update.to} (${update.reason})`);
         }
     }
-    ensureClean(repo);
-    const originalCheckout = getCheckoutState(repo);
+    await ensureCleanAsync(repo);
+    const originalCheckout = await getCheckoutStateAsync(repo);
     status?.message(`Preparing update branch for ${repoName}`);
-    if (options.interactive)
-        await checkoutFreshBranchAsync(repo, rule, options, true);
-    else
-        checkoutFreshBranch(repo, rule, options);
+    await checkoutFreshBranchAsync(repo, rule, options, options.interactive);
     const packageJsonText = await fs.readFile(packageJsonPath, 'utf8');
     const packageJson = JSON.parse(packageJsonText);
     const freshUpdates = getUpdates(packageJson, rule, options.bumpLevels);
@@ -71,39 +107,50 @@ async function actionLocalRepo(affectedRepo, rule, options, status, repoName) {
     await fs.writeFile(packageJsonPath, applyUpdates(packageJsonText, freshUpdates));
     if (!options.skipInstall) {
         status?.message(`Refreshing lockfile for ${repoName}`);
-        if (options.interactive)
-            await refreshLockfileAsync(repo, true);
-        else
-            refreshLockfile(repo);
+        await refreshLockfileAsync(repo, options.interactive);
     }
-    if (!hasChanges(repo)) {
+    const changed = await hasChangesAsync(repo);
+    if (!changed) {
         if (!options.interactive)
             console.log('  No changes after update; skipping.');
         return `Skipped ${repoName}: no changes after update.`;
     }
     status?.message(`Committing changes for ${repoName}`);
-    if (options.interactive)
-        await commitChangesAsync(repo, rule, true);
-    else
-        commitChanges(repo, rule);
+    await commitChangesAsync(repo, rule, options.interactive);
     if (!options.createPr) {
         if (!options.interactive)
             console.log('  Updated locally; PR creation disabled.');
         return `Updated ${repoName} locally; PR creation disabled.`;
     }
     status?.message(`Creating PR for ${repoName}`);
-    const prUrl = options.interactive ? await pushAndCreatePrAsync(repo, rule, options, true) : await pushAndCreatePr(repo, rule, options);
+    const prUrl = await pushAndCreatePrAsync(repo, rule, options, options.interactive);
     status?.message(`Restoring checkout for ${repoName}`);
+    await restoreCheckoutAsync(repo, originalCheckout, options.interactive);
+    return prUrl ? `Created PR for ${repoName}: ${prUrl}` : `Created PR for ${repoName}.`;
+}
+function printActionSuccess(message, options) {
     if (options.interactive)
-        await restoreCheckoutAsync(repo, originalCheckout, true);
+        log.success(message);
     else
-        restoreCheckout(repo, originalCheckout);
-    return prUrl ? `Created PR for ${repoName}: ${prUrl}` : `Created PR for ${repoName}.`;
+        console.log(`  ${message}`);
+}
+function printActionFailure(repoName, error, options) {
+    const message = `${repoName} failed: ${error.message}`;
+    if (options.interactive)
+        log.error(message);
+    else
+        console.error(`  ${message}`);
+}
+function printActionFailureSummary(message, options) {
+    if (options.interactive)
+        log.error(message);
+    else
+        console.error(`  ${message}`);
 }
 function createActionStatus(options, repoName) {
     if (!options.interactive)
         return null;
-    const statusSpinner = spinner();
+    const statusSpinner = paddedSpinner();
     statusSpinner.start(`Processing ${repoName}`);
     return statusSpinner;
 }

package/dist/scanner.js CHANGED Viewed

@@ -1,18 +1,21 @@
 import fs from 'node:fs/promises';
 import path from 'node:path';
-import { spinner } from '@clack/prompts';
 import { getUpdates } from './advisories.js';
 import { exists } from './files.js';
-import { run } from './shell.js';
+import { runAsync } from './shell.js';
+import { paddedSpinner } from './spinner.js';
+const scanConcurrency = 8;
 export async function runScan(repos, root, rule, options) {
     const targetDescription = options.source === 'github' ? `${repos.length} GitHub repos via the GitHub API` : `${repos.length} repos in ${root}`;
     if (!options.interactive) {
         console.log(`Scanning ${targetDescription} using rule: ${rule.title}`);
         return scanRepos(repos, rule, options);
     }
-    const scanSpinner = spinner();
+    const scanSpinner = paddedSpinner();
     scanSpinner.start(`Scanning ${targetDescription}`);
-    const affectedRepos = await scanRepos(repos, rule, options);
+    const affectedRepos = await scanRepos(repos, rule, options, (progress) => {
+        scanSpinner.message(formatScanProgress(progress));
+    });
     scanSpinner.stop(`Found ${affectedRepos.length} affected repo${affectedRepos.length === 1 ? '' : 's'}.`);
     return affectedRepos;
 }
@@ -33,17 +36,36 @@ export async function findRepos(root) {
 async function isNodeRepo(repoPath) {
     return await exists(path.join(repoPath, '.git')) && await exists(path.join(repoPath, 'package.json'));
 }
-async function scanRepos(repos, rule, options) {
-    const affectedRepos = [];
-    for (const repo of repos) {
+async function scanRepos(repos, rule, options, onProgress) {
+    const affectedRepos = Array.from({ length: repos.length }, () => null);
+    let scanned = 0;
+    let affected = 0;
+    let nextIndex = 0;
+    const scanNext = async () => {
+        const index = nextIndex;
+        nextIndex += 1;
+        if (index >= repos.length || hasReachedLimit(affected, options))
+            return;
+        const repo = repos[index];
         const affectedRepo = await scanRepo(repo, rule, options);
-        if (!affectedRepo)
-            continue;
-        affectedRepos.push(affectedRepo);
-        if (options.limit > 0 && affectedRepos.length >= options.limit)
-            break;
-    }
-    return affectedRepos;
+        scanned += 1;
+        if (affectedRepo && !hasReachedLimit(affected, options)) {
+            affectedRepos[index] = affectedRepo;
+            affected += 1;
+        }
+        onProgress?.({ scanned, total: repos.length, affected });
+        if (!hasReachedLimit(affected, options))
+            await scanNext();
+    };
+    await Promise.all(Array.from({ length: Math.min(scanConcurrency, repos.length) }, scanNext));
+    return affectedRepos.filter((repo) => Boolean(repo));
+}
+function formatScanProgress(progress) {
+    const affectedLabel = progress.affected === 1 ? 'affected repo' : 'affected repos';
+    return `Scanned ${progress.scanned}/${progress.total} repos, ${progress.affected} ${affectedLabel}.`;
+}
+function hasReachedLimit(affected, options) {
+    return options.limit > 0 && affected >= options.limit;
 }
 async function scanRepo(repo, rule, options) {
     if (repo.source === 'github')
@@ -56,16 +78,21 @@ async function scanLocalRepo(repo, rule, options) {
     const updates = getUpdates(packageJson, rule, options.bumpLevels);
     if (updates.length === 0)
         return null;
+    const githubRepo = await getGithubRepoFromLocalRemote(repo);
+    if (githubRepo && await hasOpenAdvisoryPr(githubRepo, rule, options))
+        return null;
     return { repo, packageJsonPath, updates };
 }
 async function scanGithubRepo(repo, rule, options) {
-    const packageJsonText = getGithubPackageJson(repo);
+    const packageJsonText = await getGithubPackageJson(repo);
     if (!packageJsonText)
         return null;
     const packageJson = JSON.parse(packageJsonText);
     const updates = getUpdates(packageJson, rule, options.bumpLevels);
     if (updates.length === 0)
         return null;
+    if (await hasOpenAdvisoryPr(repo.nameWithOwner, rule, options))
+        return null;
     return {
         repo: repo.nameWithOwner,
         packageJsonPath: 'package.json',
@@ -73,8 +100,8 @@ async function scanGithubRepo(repo, rule, options) {
         github: repo,
     };
 }
-function getGithubPackageJson(repo) {
-    const result = run('gh', [
+async function getGithubPackageJson(repo) {
+    const result = await runAsync('gh', [
         'api',
         `repos/${repo.nameWithOwner}/contents/package.json`,
         '--method',
@@ -86,3 +113,45 @@ function getGithubPackageJson(repo) {
     ], process.cwd(), { capture: true, allowFailure: true });
     return result?.stdout.trim() ? result.stdout : null;
 }
+async function hasOpenAdvisoryPr(repo, rule, options) {
+    const result = await runAsync('gh', [
+        'pr',
+        'list',
+        '--repo',
+        repo,
+        '--state',
+        'open',
+        '--head',
+        getAdvisoryBranchName(rule, options),
+        '--json',
+        'number',
+        '--limit',
+        '1',
+    ], process.cwd(), { capture: true, allowFailure: true });
+    if (!result?.stdout.trim())
+        return false;
+    return JSON.parse(result.stdout).length > 0;
+}
+async function getGithubRepoFromLocalRemote(repo) {
+    const result = await runAsync('git', ['remote', '-v'], repo, { capture: true, allowFailure: true });
+    if (!result?.stdout.trim())
+        return null;
+    for (const line of result.stdout.trim().split('\n')) {
+        const match = line.match(/^\S+\s+(?<url>\S+)\s+\(fetch\)$/);
+        const ownerRepo = match?.groups?.url ? parseGithubOwnerRepo(match.groups.url) : null;
+        if (ownerRepo)
+            return ownerRepo;
+    }
+    return null;
+}
+function parseGithubOwnerRepo(url) {
+    const normalized = url
+        .replace(/^git@github\.com:/, 'https://github.com/')
+        .replace(/^ssh:\/\/git@github\.com\//, 'https://github.com/')
+        .replace(/\.git$/, '');
+    const match = normalized.match(/github\.com[/:](?<owner>[^/]+)\/(?<repo>[^/]+)$/);
+    return match ? `${match.groups?.owner}/${match.groups?.repo}` : null;
+}
+function getAdvisoryBranchName(rule, options) {
+    return `${options.branchPrefix}/${rule.branchName}`;
+}

package/dist/spinner.js ADDED Viewed

@@ -0,0 +1,12 @@
+import { spinner } from '@clack/prompts';
+const bottomPaddingLines = 2;
+export function paddedSpinner() {
+    reserveBottomPadding();
+    return spinner();
+}
+function reserveBottomPadding() {
+    if (!process.stdout.isTTY)
+        return;
+    process.stdout.write('\n'.repeat(bottomPaddingLines));
+    process.stdout.write(`\x1b[${bottomPaddingLines}A`);
+}

package/dist/targets.js CHANGED Viewed

@@ -2,9 +2,9 @@ import fs from 'node:fs/promises';
 import fsSync from 'node:fs';
 import os from 'node:os';
 import path from 'node:path';
-import { spinner } from '@clack/prompts';
 import { run, runAsync } from './shell.js';
 import { findRepos } from './scanner.js';
+import { paddedSpinner } from './spinner.js';
 const cleanupPaths = new Set();
 let cleanupHooksRegistered = false;
 export async function resolveTargets(options) {
@@ -37,21 +37,21 @@ export async function cloneGithubRepo(repo, quiet = false) {
     }
 }
 async function resolveGithubTargets(target, options) {
-    const targetSpinner = options.interactive ? spinner() : null;
+    const targetSpinner = options.interactive ? paddedSpinner() : null;
     targetSpinner?.start(`Loading GitHub repos from ${target}`);
-    const repos = getGithubRepos(target);
+    const repos = await getGithubRepos(target);
     targetSpinner?.stop(`Loaded ${repos.length} GitHub repo${repos.length === 1 ? '' : 's'}.`);
     return { root: normalizeGithubTarget(target), repos: repos.map(toGithubRepoTarget) };
 }
-function getGithubRepos(target) {
+async function getGithubRepos(target) {
     const normalizedTarget = normalizeGithubTarget(target);
     if (isGithubRepoTarget(normalizedTarget))
-        return [getGithubRepo(normalizedTarget)];
-    const result = run('gh', ['repo', 'list', normalizedTarget, '--json', 'nameWithOwner,sshUrl,defaultBranchRef', '--limit', '1000'], process.cwd(), { capture: true });
+        return [await getGithubRepo(normalizedTarget)];
+    const result = await runAsync('gh', ['repo', 'list', normalizedTarget, '--json', 'nameWithOwner,sshUrl,defaultBranchRef', '--limit', '1000'], process.cwd(), { capture: true });
     return JSON.parse(result.stdout);
 }
-function getGithubRepo(target) {
-    const result = run('gh', ['repo', 'view', target, '--json', 'nameWithOwner,sshUrl,defaultBranchRef'], process.cwd(), { capture: true });
+async function getGithubRepo(target) {
+    const result = await runAsync('gh', ['repo', 'view', target, '--json', 'nameWithOwner,sshUrl,defaultBranchRef'], process.cwd(), { capture: true });
     return JSON.parse(result.stdout);
 }
 function toGithubRepoTarget(repo) {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@humaan/patch-patrol",
-  "version": "0.3.1",
+  "version": "0.4.0",
   "description": "Scan local repositories for advisory-driven package bumps, update them, and open pull requests.",
   "type": "module",
   "bin": {