@lpm-registry/cli 0.2.0

package/lib/commands/audit.js

@@ -0,0 +1,283 @@
+/**
+ * Audit Command
+ *
+ * Scan project dependencies for known security vulnerabilities.
+ *
+ * Usage:
+ *   lpm audit [options]
+ *   lpm audit fix
+ *
+ * Options:
+ *   --json    Output in JSON format
+ *   --level   Minimum severity to report (low, moderate, high, critical)
+ *
+ * @module cli/lib/commands/audit
+ */
+
+import { existsSync, readFileSync } from "node:fs"
+import { join } from "node:path"
+import chalk from "chalk"
+import ora from "ora"
+import { post } from "../api.js"
+
+/**
+ * Severity levels in order of priority.
+ */
+const SEVERITY_ORDER = ["critical", "high", "moderate", "low", "info"]
+
+/**
+ * Severity colors.
+ */
+const SEVERITY_COLORS = {
+	critical: chalk.bgRed.white,
+	high: chalk.red,
+	moderate: chalk.yellow,
+	low: chalk.blue,
+	info: chalk.dim,
+}
+
+/**
+ * Read and parse package.json from current directory.
+ * @returns {{ dependencies: Record<string, string>, devDependencies: Record<string, string> } | null}
+ */
+function readPackageJson() {
+	const packageJsonPath = join(process.cwd(), "package.json")
+
+	if (!existsSync(packageJsonPath)) {
+		return null
+	}
+
+	try {
+		const content = readFileSync(packageJsonPath, "utf8")
+		return JSON.parse(content)
+	} catch {
+		return null
+	}
+}
+
+/**
+ * Read and parse package-lock.json for exact versions.
+ * @returns {Record<string, { version: string, resolved?: string }> | null}
+ */
+function readPackageLock() {
+	const lockPath = join(process.cwd(), "package-lock.json")
+
+	if (!existsSync(lockPath)) {
+		return null
+	}
+
+	try {
+		const content = readFileSync(lockPath, "utf8")
+		const lock = JSON.parse(content)
+		return lock.packages || lock.dependencies || null
+	} catch {
+		return null
+	}
+}
+
+/**
+ * Format vulnerability count by severity.
+ * @param {Object} counts
+ * @returns {string}
+ */
+function formatVulnCounts(counts) {
+	const parts = []
+
+	for (const severity of SEVERITY_ORDER) {
+		const count = counts[severity] || 0
+		if (count > 0) {
+			const color = SEVERITY_COLORS[severity] || chalk.dim
+			parts.push(color(`${count} ${severity}`))
+		}
+	}
+
+	return parts.join(", ") || chalk.green("0 vulnerabilities")
+}
+
+/**
+ * Execute the audit command.
+ *
+ * @param {string} [action] - Optional action ('fix')
+ * @param {Object} options - Command options
+ * @param {boolean} [options.json] - Output as JSON
+ * @param {string} [options.level] - Minimum severity level
+ */
+export async function audit(action, options = {}) {
+	const spinner = ora("Reading dependencies...").start()
+
+	// Read package.json
+	const packageJson = readPackageJson()
+
+	if (!packageJson) {
+		spinner.fail(chalk.red("No package.json found in current directory."))
+		process.exit(1)
+	}
+
+	const dependencies = {
+		...(packageJson.dependencies || {}),
+		...(packageJson.devDependencies || {}),
+	}
+
+	const depCount = Object.keys(dependencies).length
+
+	if (depCount === 0) {
+		spinner.succeed(chalk.green("No dependencies to audit."))
+		return
+	}
+
+	// Try to get exact versions from lock file
+	const lockData = readPackageLock()
+
+	// Build dependency list for API
+	const depList = Object.entries(dependencies).map(([name, version]) => {
+		// Try to get exact version from lock
+		let exactVersion = version
+		if (lockData) {
+			const lockEntry = lockData[name] || lockData[`node_modules/${name}`]
+			if (lockEntry?.version) {
+				exactVersion = lockEntry.version
+			}
+		}
+		return { name, version: exactVersion }
+	})
+
+	spinner.text = `Auditing ${depCount} dependencies...`
+
+	try {
+		const response = await post(
+			"/audit",
+			{ dependencies: depList },
+			{
+				onRetry: (attempt, max) => {
+					spinner.text = `Auditing (retry ${attempt}/${max})...`
+				},
+			},
+		)
+
+		if (!response.ok) {
+			const data = await response.json().catch(() => ({}))
+			throw new Error(data.error || "Audit request failed.")
+		}
+
+		const data = await response.json()
+		const vulnerabilities = data.vulnerabilities || []
+
+		spinner.stop()
+
+		// Filter by severity level if specified
+		let filteredVulns = vulnerabilities
+		if (options.level) {
+			const levelIndex = SEVERITY_ORDER.indexOf(options.level)
+			if (levelIndex !== -1) {
+				filteredVulns = vulnerabilities.filter(v => {
+					const vIndex = SEVERITY_ORDER.indexOf(v.severity)
+					return vIndex !== -1 && vIndex <= levelIndex
+				})
+			}
+		}
+
+		// JSON output
+		if (options.json) {
+			console.log(
+				JSON.stringify(
+					{
+						scanned: depCount,
+						vulnerabilities: filteredVulns,
+						counts: data.counts || {},
+					},
+					null,
+					2,
+				),
+			)
+			return
+		}
+
+		// No vulnerabilities
+		if (filteredVulns.length === 0) {
+			console.log(
+				chalk.green(
+					`\n✓ No vulnerabilities found in ${depCount} dependencies.\n`,
+				),
+			)
+			return
+		}
+
+		// Display vulnerabilities
+		console.log(
+			chalk.bold(
+				`\nFound ${formatVulnCounts(data.counts || {})} in ${depCount} dependencies.\n`,
+			),
+		)
+
+		// Group by package
+		const byPackage = {}
+		for (const vuln of filteredVulns) {
+			const key = vuln.package
+			if (!byPackage[key]) {
+				byPackage[key] = []
+			}
+			byPackage[key].push(vuln)
+		}
+
+		// Display each package
+		for (const [pkg, vulns] of Object.entries(byPackage)) {
+			console.log(chalk.cyan.bold(pkg))
+
+			for (const vuln of vulns) {
+				const severityColor = SEVERITY_COLORS[vuln.severity] || chalk.dim
+				const severity = severityColor(vuln.severity.padEnd(10))
+				const title = vuln.title || vuln.id || "Unknown vulnerability"
+
+				console.log(`  ${severity} ${title}`)
+
+				if (vuln.vulnerable_versions) {
+					console.log(chalk.dim(`    Vulnerable: ${vuln.vulnerable_versions}`))
+				}
+
+				if (vuln.patched_versions) {
+					console.log(
+						chalk.green(`    Fix: Upgrade to ${vuln.patched_versions}`),
+					)
+				}
+
+				if (vuln.url) {
+					console.log(chalk.dim(`    More info: ${vuln.url}`))
+				}
+			}
+
+			console.log("")
+		}
+
+		// Fix suggestion
+		if (action !== "fix") {
+			console.log(chalk.dim("Run `lpm audit fix` to attempt automatic fixes."))
+			console.log("")
+		}
+
+		// Handle fix action
+		if (action === "fix") {
+			console.log(chalk.yellow("Automatic fix is not yet implemented."))
+			console.log(
+				chalk.dim(
+					"Please update vulnerable packages manually based on the recommendations above.",
+				),
+			)
+			console.log("")
+		}
+
+		// Exit with error code if vulnerabilities found
+		if (
+			filteredVulns.some(
+				v => v.severity === "critical" || v.severity === "high",
+			)
+		) {
+			process.exit(1)
+		}
+	} catch (error) {
+		spinner.fail(chalk.red("Audit failed."))
+		console.error(chalk.red(`  ${error.message}`))
+		process.exit(1)
+	}
+}
+
+export default audit

package/lib/commands/cache.js

@@ -0,0 +1,209 @@
+/**
+ * Cache Command
+ *
+ * Manage the local package cache.
+ *
+ * Usage:
+ *   lpm cache clean   Clear all cached packages
+ *   lpm cache list    Show cached packages with sizes
+ *   lpm cache path    Show cache directory location
+ *
+ * @module cli/lib/commands/cache
+ */
+
+import { existsSync, readdirSync, rmSync, statSync } from "node:fs"
+import { homedir } from "node:os"
+import { join } from "node:path"
+import chalk from "chalk"
+import ora from "ora"
+import { CACHE_DIR_NAME } from "../constants.js"
+
+/** Full path to cache directory */
+const CACHE_DIR = join(homedir(), CACHE_DIR_NAME)
+
+/**
+ * Format bytes to human-readable size.
+ * @param {number} bytes
+ * @returns {string}
+ */
+function formatSize(bytes) {
+	if (bytes === 0) return "0 B"
+
+	const units = ["B", "KB", "MB", "GB"]
+	const k = 1024
+	const i = Math.floor(Math.log(bytes) / Math.log(k))
+
+	return `${(bytes / k ** i).toFixed(2)} ${units[i]}`
+}
+
+/**
+ * Get the size of a directory recursively.
+ * @param {string} dirPath
+ * @returns {number} - Total size in bytes
+ */
+function getDirectorySize(dirPath) {
+	if (!existsSync(dirPath)) return 0
+
+	let totalSize = 0
+
+	const entries = readdirSync(dirPath, { withFileTypes: true })
+
+	for (const entry of entries) {
+		const fullPath = join(dirPath, entry.name)
+
+		if (entry.isDirectory()) {
+			totalSize += getDirectorySize(fullPath)
+		} else if (entry.isFile()) {
+			totalSize += statSync(fullPath).size
+		}
+	}
+
+	return totalSize
+}
+
+/**
+ * List cached packages with their sizes.
+ * @param {string} dirPath
+ * @param {string} [prefix='']
+ * @returns {{ name: string, size: number }[]}
+ */
+function listCacheEntries(dirPath, prefix = "") {
+	if (!existsSync(dirPath)) return []
+
+	const entries = []
+	const items = readdirSync(dirPath, { withFileTypes: true })
+
+	for (const item of items) {
+		const fullPath = join(dirPath, item.name)
+		const name = prefix ? `${prefix}/${item.name}` : item.name
+
+		if (item.isDirectory()) {
+			// Check if this is a package directory (has .tgz files)
+			const contents = readdirSync(fullPath)
+			const hasTarballs = contents.some(f => f.endsWith(".tgz"))
+
+			if (hasTarballs) {
+				entries.push({
+					name,
+					size: getDirectorySize(fullPath),
+					versions: contents.filter(f => f.endsWith(".tgz")).length,
+				})
+			} else {
+				// Recurse into scope directories
+				entries.push(...listCacheEntries(fullPath, name))
+			}
+		}
+	}
+
+	return entries
+}
+
+/**
+ * Clear all cached packages.
+ */
+export async function clearCache() {
+	const spinner = ora("Clearing cache...").start()
+
+	try {
+		if (!existsSync(CACHE_DIR)) {
+			spinner.info("Cache is already empty.")
+			return
+		}
+
+		const sizeBefore = getDirectorySize(CACHE_DIR)
+
+		rmSync(CACHE_DIR, { recursive: true, force: true })
+
+		spinner.succeed(
+			chalk.green(`Cleared ${formatSize(sizeBefore)} from cache.`),
+		)
+	} catch (error) {
+		spinner.fail(chalk.red("Failed to clear cache."))
+		console.error(chalk.red(`  ${error.message}`))
+		process.exit(1)
+	}
+}
+
+/**
+ * List cached packages.
+ */
+function listCachedPackages() {
+	console.log(chalk.bold("\nCached Packages:\n"))
+
+	if (!existsSync(CACHE_DIR)) {
+		console.log(chalk.dim("  No packages cached."))
+		console.log("")
+		return
+	}
+
+	const entries = listCacheEntries(CACHE_DIR)
+
+	if (entries.length === 0) {
+		console.log(chalk.dim("  No packages cached."))
+		console.log("")
+		return
+	}
+
+	// Sort by size descending
+	entries.sort((a, b) => b.size - a.size)
+
+	const totalSize = entries.reduce((sum, e) => sum + e.size, 0)
+
+	// Display each package
+	const maxNameLength = Math.max(...entries.map(e => e.name.length))
+
+	for (const entry of entries) {
+		const paddedName = entry.name.padEnd(maxNameLength)
+		const size = formatSize(entry.size).padStart(10)
+		const versions = chalk.dim(
+			`(${entry.versions} version${entry.versions > 1 ? "s" : ""})`,
+		)
+		console.log(`  ${chalk.cyan(paddedName)}  ${size}  ${versions}`)
+	}
+
+	console.log("")
+	console.log(
+		chalk.bold(
+			`  Total: ${formatSize(totalSize)} in ${entries.length} package${entries.length > 1 ? "s" : ""}`,
+		),
+	)
+	console.log("")
+}
+
+/**
+ * Show cache directory path.
+ */
+function showCachePath() {
+	console.log(CACHE_DIR)
+}
+
+/**
+ * Execute the cache command.
+ *
+ * @param {string} action - The action to perform (clean, list, path)
+ */
+export async function cache(action) {
+	switch (action) {
+		case "clean":
+		case "clear":
+			await clearCache()
+			break
+
+		case "list":
+		case "ls":
+			listCachedPackages()
+			break
+
+		case "path":
+		case "dir":
+			showCachePath()
+			break
+
+		default:
+			console.error(chalk.red(`Unknown action: ${action}`))
+			console.log(chalk.dim("Available actions: clean, list, path"))
+			process.exit(1)
+	}
+}
+
+export default cache

package/lib/commands/check-name.js

@@ -0,0 +1,112 @@
+import chalk from "chalk"
+import ora from "ora"
+import { get } from "../api.js"
+
+/**
+ * Validate the package name format.
+ * Must be owner.package-name (no @lpm.dev/ prefix needed, but accepted).
+ * @param {string} input
+ * @returns {{ owner: string, name: string } | null}
+ */
+function parseName(input) {
+	let cleaned = input
+	if (cleaned.startsWith("@lpm.dev/")) {
+		cleaned = cleaned.replace("@lpm.dev/", "")
+	}
+	const dotIndex = cleaned.indexOf(".")
+	if (dotIndex === -1 || dotIndex === 0 || dotIndex === cleaned.length - 1) {
+		return null
+	}
+	return {
+		owner: cleaned.substring(0, dotIndex),
+		name: cleaned.substring(dotIndex + 1),
+	}
+}
+
+/**
+ * Check if a package name is available on the LPM registry.
+ *
+ * @param {string} nameInput - Package name (e.g., "owner.package-name" or "@lpm.dev/owner.package-name")
+ * @param {Object} [options]
+ * @param {boolean} [options.json] - Output as JSON
+ */
+export async function checkName(nameInput, options = {}) {
+	if (!nameInput || nameInput.trim() === "") {
+		if (options.json) {
+			console.log(JSON.stringify({ error: "Package name required." }))
+		} else {
+			console.error(chalk.red("Error: Package name required."))
+			console.log(chalk.dim("Usage: lpm check-name owner.package-name"))
+		}
+		process.exit(1)
+	}
+
+	const parsed = parseName(nameInput.trim())
+	if (!parsed) {
+		if (options.json) {
+			console.log(
+				JSON.stringify({
+					error: "Invalid package name format. Use: owner.package-name",
+				}),
+			)
+		} else {
+			console.error(chalk.red("Error: Invalid package name format."))
+			console.log(chalk.dim("Expected: owner.package-name"))
+			console.log(chalk.dim("Example: lpm check-name tolgaergin.my-utils"))
+		}
+		process.exit(1)
+	}
+
+	const fullName = `@lpm.dev/${parsed.owner}.${parsed.name}`
+	const spinner = options.json
+		? null
+		: ora(`Checking availability of ${fullName}...`).start()
+
+	try {
+		const queryName = `${parsed.owner}.${parsed.name}`
+		const response = await get(
+			`/check-name?name=${encodeURIComponent(queryName)}`,
+			{
+				onRetry: spinner
+					? (attempt, max) => {
+							spinner.text = `Checking (retry ${attempt}/${max})...`
+						}
+					: undefined,
+			},
+		)
+
+		const data = await response.json().catch(() => ({}))
+
+		if (!response.ok) {
+			throw new Error(data.error || `Unexpected response: ${response.status}`)
+		}
+
+		if (options.json) {
+			console.log(JSON.stringify(data, null, 2))
+			return
+		}
+
+		if (data.available) {
+			spinner.succeed(chalk.green(`${fullName} is available!`))
+			if (!data.ownerExists) {
+				console.log(
+					chalk.yellow(
+						`  Note: Owner "${parsed.owner}" doesn't exist yet. You'll need to create this account first.`,
+					),
+				)
+			}
+		} else {
+			spinner.fail(chalk.red(`${fullName} is already taken.`))
+		}
+	} catch (error) {
+		if (spinner) spinner.fail(chalk.red("Failed to check name availability."))
+		if (options.json) {
+			console.log(JSON.stringify({ error: error.message }))
+		} else {
+			console.error(chalk.red(`  ${error.message}`))
+		}
+		process.exit(1)
+	}
+}
+
+export default checkName