@openrewrite/rewrite 8.68.0-20251202-082117 → 8.68.0-20251202-154952

package/dist/javascript/package-json-parser.js

@@ -0,0 +1,773 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __await = (this && this.__await) || function (v) { return this instanceof __await ? (this.v = v, this) : new __await(v); }
+var __asyncGenerator = (this && this.__asyncGenerator) || function (thisArg, _arguments, generator) {
+    if (!Symbol.asyncIterator) throw new TypeError("Symbol.asyncIterator is not defined.");
+    var g = generator.apply(thisArg, _arguments || []), i, q = [];
+    return i = Object.create((typeof AsyncIterator === "function" ? AsyncIterator : Object).prototype), verb("next"), verb("throw"), verb("return", awaitReturn), i[Symbol.asyncIterator] = function () { return this; }, i;
+    function awaitReturn(f) { return function (v) { return Promise.resolve(v).then(f, reject); }; }
+    function verb(n, f) { if (g[n]) { i[n] = function (v) { return new Promise(function (a, b) { q.push([n, v, a, b]) > 1 || resume(n, v); }); }; if (f) i[n] = f(i[n]); } }
+    function resume(n, v) { try { step(g[n](v)); } catch (e) { settle(q[0][3], e); } }
+    function step(r) { r.value instanceof __await ? Promise.resolve(r.value.v).then(fulfill, reject) : settle(q[0][2], r); }
+    function fulfill(value) { resume("next", value); }
+    function reject(value) { resume("throw", value); }
+    function settle(f, v) { if (f(v), q.shift(), q.length) resume(q[0][0], q[0][1]); }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PackageJsonParser = void 0;
+/*
+ * Copyright 2025 the original author or authors.
+ * <p>
+ * Licensed under the Moderne Source Available License (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * <p>
+ * https://docs.moderne.io/licensing/moderne-source-available-license
+ * <p>
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const parser_1 = require("../parser");
+const json_1 = require("../json");
+const node_resolution_result_1 = require("./node-resolution-result");
+const fs = __importStar(require("fs"));
+const fsp = __importStar(require("fs/promises"));
+const path = __importStar(require("path"));
+const YAML = __importStar(require("yaml"));
+const child_process_1 = require("child_process");
+/**
+ * A parser for package.json files that wraps the JsonParser.
+ *
+ * Similar to how MavenParser wraps XmlParser in Java, this parser:
+ * - Parses package.json files as JSON documents
+ * - Attaches NodeResolutionResult markers with dependency information
+ * - Optionally reads corresponding lock files (package-lock.json, yarn.lock, etc.)
+ *   to provide resolved dependency versions
+ */
+class PackageJsonParser extends parser_1.Parser {
+    constructor(options = {}) {
+        var _a;
+        super(options);
+        this.jsonParser = new json_1.JsonParser(options);
+        this.skipDependencyResolution = (_a = options.skipDependencyResolution) !== null && _a !== void 0 ? _a : false;
+    }
+    /**
+     * Extracts package metadata from a package.json object into a lock file entry format.
+     * Copies version, dependency fields, engines, and license.
+     */
+    static extractPackageMetadata(pkgJson, fallbackVersion) {
+        const entry = {
+            version: pkgJson.version || fallbackVersion,
+        };
+        for (const field of PackageJsonParser.DEPENDENCY_FIELDS) {
+            if (pkgJson[field] && Object.keys(pkgJson[field]).length > 0) {
+                entry[field] = pkgJson[field];
+            }
+        }
+        if (pkgJson.engines) {
+            entry.engines = pkgJson.engines;
+        }
+        if (pkgJson.license) {
+            entry.license = pkgJson.license;
+        }
+        return entry;
+    }
+    /**
+     * Accepts package.json files.
+     */
+    accept(sourcePath) {
+        const fileName = path.basename(sourcePath);
+        return fileName === 'package.json';
+    }
+    parse(...inputs) {
+        return __asyncGenerator(this, arguments, function* parse_1() {
+            // Group inputs by directory to share NodeResolutionResult markers
+            const inputsByDir = new Map();
+            for (const input of inputs) {
+                const filePath = (0, parser_1.parserInputFile)(input);
+                const dir = path.dirname(filePath);
+                if (!inputsByDir.has(dir)) {
+                    inputsByDir.set(dir, []);
+                }
+                inputsByDir.get(dir).push(input);
+            }
+            // Process each directory's package.json files
+            for (const [dir, dirInputs] of inputsByDir) {
+                // Create a shared marker for this directory
+                let marker = null;
+                for (const input of dirInputs) {
+                    // Parse as JSON first
+                    const jsonGenerator = this.jsonParser.parse(input);
+                    const jsonResult = yield __await(jsonGenerator.next());
+                    if (jsonResult.done || !jsonResult.value) {
+                        continue;
+                    }
+                    const jsonDoc = jsonResult.value;
+                    // Create NodeResolutionResult marker if not already created for this directory
+                    if (!marker) {
+                        marker = yield __await(this.createMarker(input, dir));
+                    }
+                    // Attach the marker to the JSON document
+                    if (marker) {
+                        yield yield __await(Object.assign(Object.assign({}, jsonDoc), { markers: Object.assign(Object.assign({}, jsonDoc.markers), { markers: [...jsonDoc.markers.markers, marker] }) }));
+                    }
+                    else {
+                        yield yield __await(jsonDoc);
+                    }
+                }
+            }
+        });
+    }
+    /**
+     * Creates a NodeResolutionResult marker from the package.json content and optional lock file.
+     */
+    createMarker(input, dir) {
+        return __awaiter(this, void 0, void 0, function* () {
+            try {
+                const content = (0, parser_1.parserInputRead)(input);
+                const packageJson = JSON.parse(content);
+                // Determine the relative path for the marker
+                const filePath = (0, parser_1.parserInputFile)(input);
+                const relativePath = this.relativeTo
+                    ? path.relative(this.relativeTo, filePath)
+                    : filePath;
+                // Try to read lock file if dependency resolution is not skipped
+                // Use relativeTo directory if available (for tests), otherwise use the directory from input path
+                let lockContent = undefined;
+                let packageManager = undefined;
+                if (!this.skipDependencyResolution) {
+                    const lockDir = this.relativeTo || dir;
+                    const lockResult = yield this.tryReadLockFile(lockDir);
+                    lockContent = lockResult === null || lockResult === void 0 ? void 0 : lockResult.content;
+                    packageManager = lockResult === null || lockResult === void 0 ? void 0 : lockResult.packageManager;
+                }
+                // Read .npmrc configurations from all scopes
+                const projectDir = this.relativeTo || dir;
+                const npmrcConfigs = yield (0, node_resolution_result_1.readNpmrcConfigs)(projectDir);
+                return (0, node_resolution_result_1.createNodeResolutionResultMarker)(relativePath, packageJson, lockContent, undefined, packageManager, npmrcConfigs.length > 0 ? npmrcConfigs : undefined);
+            }
+            catch (error) {
+                console.warn(`Failed to create NodeResolutionResult marker: ${error}`);
+                return null;
+            }
+        });
+    }
+    /**
+     * Attempts to read and parse a lock file from the given directory.
+     * Supports npm (package-lock.json), bun (bun.lock), pnpm, and yarn.
+     *
+     * @returns Object with parsed lock file content and detected package manager, or undefined if no lock file found
+     */
+    tryReadLockFile(dir) {
+        return __awaiter(this, void 0, void 0, function* () {
+            var _a;
+            // Detect which lock file exists (first match wins based on priority)
+            for (const config of PackageJsonParser.LOCK_FILE_CONFIG) {
+                const lockPath = path.join(dir, config.filename);
+                if (!fs.existsSync(lockPath)) {
+                    continue;
+                }
+                try {
+                    const fileContent = yield fsp.readFile(lockPath, 'utf-8');
+                    const packageManager = typeof config.packageManager === 'function'
+                        ? config.packageManager(fileContent)
+                        : config.packageManager;
+                    // For package managers where lock file omits details, prefer node_modules
+                    if (config.preferNodeModules) {
+                        const parsed = yield this.walkNodeModules(dir);
+                        if (parsed) {
+                            return { content: parsed, packageManager };
+                        }
+                    }
+                    // Parse lock file based on package manager
+                    const content = yield this.parseLockFileContent(config.filename, fileContent, dir);
+                    if (content) {
+                        return { content, packageManager };
+                    }
+                }
+                catch (error) {
+                    (_a = console.debug) === null || _a === void 0 ? void 0 : _a.call(console, `Failed to parse ${config.filename}: ${error}`);
+                }
+            }
+            return undefined;
+        });
+    }
+    /**
+     * Parses lock file content based on the lock file type.
+     */
+    parseLockFileContent(filename, content, dir) {
+        return __awaiter(this, void 0, void 0, function* () {
+            switch (filename) {
+                case 'package-lock.json':
+                    return JSON.parse(content);
+                case 'bun.lock':
+                    return this.convertBunLockToNpmFormat(this.parseJsonc(content));
+                case 'pnpm-lock.yaml':
+                    // Fall back to pnpm CLI when node_modules unavailable
+                    return this.getPnpmDependencies(dir);
+                case 'yarn.lock':
+                    return this.parseYarnLock(content);
+                default:
+                    return undefined;
+            }
+        });
+    }
+    /**
+     * Parses JSONC (JSON with Comments and trailing commas) content.
+     *
+     * Note: This is a simple regex-based approach that works for bun.lock files but doesn't
+     * handle edge cases like comment-like sequences inside strings (e.g., "// not a comment").
+     * For lock files this is acceptable since they don't contain such patterns. If broader
+     * JSONC support is needed, consider using a proper parser like `jsonc-parser`.
+     */
+    parseJsonc(content) {
+        // Remove single-line comments (// ...)
+        let stripped = content.replace(/\/\/.*$/gm, '');
+        // Remove multi-line comments (/* ... */)
+        stripped = stripped.replace(/\/\*[\s\S]*?\*\//g, '');
+        // Remove trailing commas before ] or }
+        stripped = stripped.replace(/,(\s*[}\]])/g, '$1');
+        return JSON.parse(stripped);
+    }
+    /**
+     * Walks the node_modules directory to build an npm-format packages structure.
+     * This provides 100% accurate resolution for all package managers since it reads
+     * the actual installed packages rather than trying to interpret lock file formats.
+     *
+     * @param dir The project directory containing node_modules
+     * @returns npm package-lock.json format with packages map, or undefined if node_modules doesn't exist
+     */
+    walkNodeModules(dir) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const nodeModulesPath = path.join(dir, 'node_modules');
+            if (!fs.existsSync(nodeModulesPath)) {
+                return undefined;
+            }
+            const packages = {
+                "": {} // Root package placeholder
+            };
+            // Check if this is a pnpm project (has .pnpm directory)
+            const pnpmPath = path.join(nodeModulesPath, '.pnpm');
+            if (fs.existsSync(pnpmPath)) {
+                yield this.walkPnpmNodeModules(pnpmPath, packages);
+            }
+            else {
+                yield this.walkNodeModulesRecursive(nodeModulesPath, 'node_modules', packages);
+            }
+            return Object.keys(packages).length > 1 ? {
+                lockfileVersion: 3,
+                packages
+            } : undefined;
+        });
+    }
+    /**
+     * Walks pnpm's .pnpm directory structure to build packages map.
+     * pnpm stores packages in .pnpm/<name>@<version>/node_modules/<name>/
+     */
+    walkPnpmNodeModules(pnpmPath, packages) {
+        return __awaiter(this, void 0, void 0, function* () {
+            let entries;
+            try {
+                entries = yield fsp.readdir(pnpmPath, { withFileTypes: true });
+            }
+            catch (_a) {
+                return;
+            }
+            // Process entries in parallel for better performance
+            yield Promise.all(entries.map((entry) => __awaiter(this, void 0, void 0, function* () {
+                // Skip non-directories and special files
+                if (!entry.isDirectory() || entry.name === 'node_modules') {
+                    return;
+                }
+                // Parse name@version from directory name
+                // Handle scoped packages: @scope+name@version
+                const atIndex = entry.name.lastIndexOf('@');
+                if (atIndex <= 0)
+                    return;
+                let name = entry.name.substring(0, atIndex);
+                const version = entry.name.substring(atIndex + 1);
+                // pnpm encodes @ as + in scoped packages: @scope+name -> @scope/name
+                if (name.startsWith('@') && name.includes('+')) {
+                    name = name.replace('+', '/');
+                }
+                // The actual package is at .pnpm/<name>@<version>/node_modules/<name>/
+                const pkgDir = path.join(pnpmPath, entry.name, 'node_modules', name.replace('/', path.sep));
+                const packageJsonPath = path.join(pkgDir, 'package.json');
+                let pkgJson;
+                try {
+                    const content = yield fsp.readFile(packageJsonPath, 'utf-8');
+                    pkgJson = JSON.parse(content);
+                }
+                catch (_a) {
+                    return;
+                }
+                // Use name@version as the key for pnpm (flat structure with version)
+                const pkgKey = `node_modules/${name}@${version}`;
+                packages[pkgKey] = PackageJsonParser.extractPackageMetadata(pkgJson, version);
+            })));
+        });
+    }
+    /**
+     * Recursively walks a node_modules directory, reading package.json files
+     * and building the packages map.
+     *
+     * @param nodeModulesPath Absolute path to the node_modules directory
+     * @param relativePath Relative path from project root (e.g., "node_modules" or "node_modules/foo/node_modules")
+     * @param packages The packages map to populate
+     */
+    walkNodeModulesRecursive(nodeModulesPath, relativePath, packages) {
+        return __awaiter(this, void 0, void 0, function* () {
+            let entries;
+            try {
+                entries = yield fsp.readdir(nodeModulesPath, { withFileTypes: true });
+            }
+            catch (_a) {
+                return; // Directory not readable
+            }
+            // Process entries in parallel for better performance
+            yield Promise.all(entries.map((entry) => __awaiter(this, void 0, void 0, function* () {
+                // Skip hidden files
+                if (entry.name.startsWith('.')) {
+                    return;
+                }
+                // Accept directories and symlinks (pnpm uses symlinks)
+                const isDirectoryOrSymlink = entry.isDirectory() || entry.isSymbolicLink();
+                if (!isDirectoryOrSymlink) {
+                    return;
+                }
+                // Handle scoped packages (@scope/name)
+                if (entry.name.startsWith('@')) {
+                    const scopePath = path.join(nodeModulesPath, entry.name);
+                    let scopeEntries;
+                    try {
+                        scopeEntries = yield fsp.readdir(scopePath, { withFileTypes: true });
+                    }
+                    catch (_a) {
+                        return;
+                    }
+                    yield Promise.all(scopeEntries.map((scopeEntry) => __awaiter(this, void 0, void 0, function* () {
+                        // Accept directories and symlinks for scoped packages too
+                        if (!scopeEntry.isDirectory() && !scopeEntry.isSymbolicLink())
+                            return;
+                        const scopedName = `${entry.name}/${scopeEntry.name}`;
+                        const pkgPath = path.join(scopePath, scopeEntry.name);
+                        yield this.processPackage(pkgPath, `${relativePath}/${scopedName}`, packages);
+                    })));
+                }
+                else {
+                    const pkgPath = path.join(nodeModulesPath, entry.name);
+                    yield this.processPackage(pkgPath, `${relativePath}/${entry.name}`, packages);
+                }
+            })));
+        });
+    }
+    /**
+     * Processes a single package directory, reading its package.json and
+     * recursively processing nested node_modules.
+     */
+    processPackage(pkgPath, relativePath, packages) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const packageJsonPath = path.join(pkgPath, 'package.json');
+            // Read and parse the package's package.json
+            let pkgJson;
+            try {
+                const content = yield fsp.readFile(packageJsonPath, 'utf-8');
+                pkgJson = JSON.parse(content);
+            }
+            catch (_a) {
+                return; // Not a valid package
+            }
+            packages[relativePath] = PackageJsonParser.extractPackageMetadata(pkgJson);
+            // Recursively process nested node_modules
+            const nestedNodeModules = path.join(pkgPath, 'node_modules');
+            try {
+                yield fsp.access(nestedNodeModules);
+                yield this.walkNodeModulesRecursive(nestedNodeModules, `${relativePath}/node_modules`, packages);
+            }
+            catch (_b) {
+                // No nested node_modules, that's fine
+            }
+        });
+    }
+    /**
+     * Converts bun.lock format to npm package-lock.json format for unified processing.
+     *
+     * bun.lock format (v1):
+     * - Keys are package names or paths like "is-even/is-odd" for nested deps
+     * - Values are arrays: [name@version, url, metadata, integrity]
+     * - metadata can have: { dependencies: {...}, devDependencies: {...}, ... }
+     */
+    convertBunLockToNpmFormat(bunLock) {
+        if (!bunLock.packages) {
+            return undefined;
+        }
+        const packages = {
+            "": {} // Root package placeholder
+        };
+        for (const [key, value] of Object.entries(bunLock.packages)) {
+            // bun.lock array format: [name@version, url, metadata, integrity]
+            const [nameAtVersion, , metadata] = value;
+            if (typeof nameAtVersion !== 'string')
+                continue;
+            // Parse name@version from first element
+            const atIndex = nameAtVersion.lastIndexOf('@');
+            if (atIndex <= 0)
+                continue;
+            const name = nameAtVersion.substring(0, atIndex);
+            const version = nameAtVersion.substring(atIndex + 1);
+            const pkgEntry = {
+                version,
+                dependencies: (metadata === null || metadata === void 0 ? void 0 : metadata.dependencies) && Object.keys(metadata.dependencies).length > 0
+                    ? metadata.dependencies : undefined,
+                devDependencies: (metadata === null || metadata === void 0 ? void 0 : metadata.devDependencies) && Object.keys(metadata.devDependencies).length > 0
+                    ? metadata.devDependencies : undefined,
+                peerDependencies: (metadata === null || metadata === void 0 ? void 0 : metadata.peerDependencies) && Object.keys(metadata.peerDependencies).length > 0
+                    ? metadata.peerDependencies : undefined,
+                optionalDependencies: (metadata === null || metadata === void 0 ? void 0 : metadata.optionalDependencies) && Object.keys(metadata.optionalDependencies).length > 0
+                    ? metadata.optionalDependencies : undefined,
+            };
+            // Convert bun's path format to npm's node_modules format
+            // bun uses "parent/child" for nested deps, npm uses "node_modules/parent/node_modules/child"
+            let pkgPath;
+            if (key.includes('/')) {
+                // Nested dependency - convert "is-even/is-odd" to "node_modules/is-even/node_modules/is-odd"
+                const parts = key.split('/');
+                pkgPath = parts.map(p => `node_modules/${p}`).join('/');
+            }
+            else {
+                pkgPath = `node_modules/${name}`;
+            }
+            packages[pkgPath] = pkgEntry;
+        }
+        return {
+            lockfileVersion: 3,
+            packages
+        };
+    }
+    /**
+     * Gets dependency information from pnpm using its CLI.
+     * Uses `pnpm list --json --depth=Infinity` to get the full dependency tree.
+     */
+    getPnpmDependencies(dir) {
+        // Use spawnSync with array args to avoid shell injection risks
+        const result = (0, child_process_1.spawnSync)('pnpm', ['list', '--json', '--depth=Infinity'], {
+            cwd: dir,
+            encoding: 'utf-8',
+            stdio: ['pipe', 'pipe', 'pipe'],
+            timeout: 30000
+        });
+        if (result.error || result.status !== 0) {
+            return undefined;
+        }
+        const pnpmList = JSON.parse(result.stdout);
+        return this.convertPnpmListToNpmFormat(pnpmList);
+    }
+    /**
+     * Converts pnpm list --json output to npm package-lock.json format.
+     */
+    convertPnpmListToNpmFormat(pnpmList) {
+        const packages = {
+            "": {} // Root package placeholder
+        };
+        // pnpm list returns an array of projects (for workspaces) or a single object
+        const projects = Array.isArray(pnpmList) ? pnpmList : [pnpmList];
+        for (const project of projects) {
+            this.extractPnpmDependencies(project.dependencies, packages);
+            this.extractPnpmDependencies(project.devDependencies, packages);
+            this.extractPnpmDependencies(project.optionalDependencies, packages);
+        }
+        return Object.keys(packages).length > 1 ? {
+            lockfileVersion: 3,
+            packages
+        } : undefined;
+    }
+    /**
+     * Recursively extracts dependencies from pnpm list output.
+     * Uses name@version as key to handle multiple versions of the same package.
+     */
+    extractPnpmDependencies(deps, packages) {
+        if (!deps)
+            return;
+        for (const [name, info] of Object.entries(deps)) {
+            const version = info.version;
+            if (!version)
+                continue;
+            const pkgKey = `node_modules/${name}@${version}`;
+            if (!packages[pkgKey]) {
+                const pkgEntry = { version };
+                // Extract nested dependency version constraints
+                if (info.dependencies) {
+                    const nestedDeps = {};
+                    for (const [depName, depInfo] of Object.entries(info.dependencies)) {
+                        nestedDeps[depName] = depInfo.version || '*';
+                    }
+                    if (Object.keys(nestedDeps).length > 0) {
+                        pkgEntry.dependencies = nestedDeps;
+                    }
+                }
+                packages[pkgKey] = pkgEntry;
+            }
+            // Recursively process nested dependencies
+            if (info.dependencies) {
+                this.extractPnpmDependencies(info.dependencies, packages);
+            }
+        }
+    }
+    /**
+     * Parses yarn.lock file and returns npm-format content.
+     * Detects whether it's Yarn Classic (v1) or Yarn Berry (v2+) format.
+     */
+    parseYarnLock(content) {
+        // Yarn Berry (v2+) has __metadata section at the start
+        if (content.includes('__metadata:')) {
+            return this.parseYarnBerryLock(content);
+        }
+        // Yarn Classic (v1) starts with "# yarn lockfile v1"
+        if (content.includes('# yarn lockfile v1')) {
+            return this.parseYarnClassicLock(content);
+        }
+        return undefined;
+    }
+    /**
+     * Parses Yarn Berry (v2+) yarn.lock file directly.
+     * Format is standard YAML with package entries like:
+     * "is-odd@npm:^3.0.1":
+     *   version: 3.0.1
+     *   resolution: "is-odd@npm:3.0.1"
+     *   dependencies:
+     *     is-number: "npm:^6.0.0"
+     */
+    parseYarnBerryLock(content) {
+        const lock = YAML.parse(content);
+        if (!lock)
+            return undefined;
+        const packages = {
+            "": {} // Root package placeholder
+        };
+        for (const [key, entry] of Object.entries(lock)) {
+            // Skip metadata and workspace entries
+            if (key === '__metadata' || key.includes('@workspace:'))
+                continue;
+            if (!entry || typeof entry !== 'object')
+                continue;
+            const version = entry.version;
+            if (!version)
+                continue;
+            // Extract package name from resolution like "is-odd@npm:3.0.1"
+            let name;
+            if (entry.resolution) {
+                const npmIndex = entry.resolution.indexOf('@npm:');
+                if (npmIndex > 0) {
+                    name = entry.resolution.substring(0, npmIndex);
+                }
+                else {
+                    continue;
+                }
+            }
+            else {
+                // Fallback: parse from key like "is-odd@npm:^3.0.1"
+                const npmIndex = key.indexOf('@npm:');
+                if (npmIndex > 0) {
+                    name = key.substring(0, npmIndex);
+                }
+                else {
+                    continue;
+                }
+            }
+            const pkgKey = `node_modules/${name}@${version}`;
+            // Skip if already processed (multiple version constraints can resolve to same version)
+            if (packages[pkgKey])
+                continue;
+            const pkgEntry = { version };
+            // Parse dependencies
+            if (entry.dependencies && typeof entry.dependencies === 'object') {
+                const deps = {};
+                for (const [depName, depConstraint] of Object.entries(entry.dependencies)) {
+                    // Constraint is like "npm:^6.0.0" - strip the "npm:" prefix
+                    deps[depName] = depConstraint.startsWith('npm:')
+                        ? depConstraint.substring(4)
+                        : depConstraint;
+                }
+                if (Object.keys(deps).length > 0) {
+                    pkgEntry.dependencies = deps;
+                }
+            }
+            packages[pkgKey] = pkgEntry;
+        }
+        return Object.keys(packages).length > 1 ? {
+            lockfileVersion: 3,
+            packages
+        } : undefined;
+    }
+    /**
+     * Parses Yarn Classic (v1) yarn.lock file directly.
+     * Format is a custom format (not standard YAML):
+     *
+     * is-odd@^3.0.1:
+     *   version "3.0.1"
+     *   resolved "https://..."
+     *   integrity sha512-...
+     *   dependencies:
+     *     is-number "^6.0.0"
+     */
+    parseYarnClassicLock(content) {
+        const packages = {
+            "": {} // Root package placeholder
+        };
+        // Split into package blocks - each block starts with an unindented line ending with ":"
+        // and may span multiple version constraints (e.g., "pkg@^1.0.0, pkg@^1.2.0:")
+        const lines = content.split('\n');
+        let currentNames = [];
+        let currentVersion = null;
+        let currentDeps = {};
+        let inDependencies = false;
+        for (const line of lines) {
+            // Skip comments and empty lines
+            if (line.startsWith('#') || line.trim() === '') {
+                continue;
+            }
+            // New package block (unindented line ending with ":")
+            if (!line.startsWith(' ') && line.endsWith(':')) {
+                // Save previous package if exists
+                if (currentNames.length > 0 && currentVersion) {
+                    const pkgKey = `node_modules/${currentNames[0]}@${currentVersion}`;
+                    if (!packages[pkgKey]) {
+                        const pkgEntry = { version: currentVersion };
+                        if (Object.keys(currentDeps).length > 0) {
+                            pkgEntry.dependencies = currentDeps;
+                        }
+                        packages[pkgKey] = pkgEntry;
+                    }
+                }
+                // Parse new package names from line like 'is-odd@^3.0.1, is-odd@^3.0.0:'
+                // or '"@babel/core@^7.0.0":'
+                const namesStr = line.slice(0, -1); // Remove trailing ":"
+                currentNames = [];
+                // Split by ", " but handle quoted strings
+                const parts = namesStr.split(/,\s*(?=(?:[^"]*"[^"]*")*[^"]*$)/);
+                for (const part of parts) {
+                    // Remove surrounding quotes if present
+                    let cleaned = part.trim();
+                    if (cleaned.startsWith('"') && cleaned.endsWith('"')) {
+                        cleaned = cleaned.slice(1, -1);
+                    }
+                    // Extract package name (everything before last @)
+                    const atIndex = cleaned.lastIndexOf('@');
+                    if (atIndex > 0) {
+                        currentNames.push(cleaned.substring(0, atIndex));
+                    }
+                }
+                currentVersion = null;
+                currentDeps = {};
+                inDependencies = false;
+                continue;
+            }
+            // Version line: '  version "3.0.1"'
+            const versionMatch = line.match(/^\s+version\s+"([^"]+)"/);
+            if (versionMatch) {
+                currentVersion = versionMatch[1];
+                continue;
+            }
+            // Dependencies section start
+            if (line.match(/^\s+dependencies:\s*$/)) {
+                inDependencies = true;
+                continue;
+            }
+            // Other section (resolved, integrity, etc.) - ends dependencies section
+            if (line.match(/^\s+\w+:/) && !line.match(/^\s{4}/)) {
+                inDependencies = false;
+                continue;
+            }
+            // Dependency entry: '    is-number "^6.0.0"'
+            if (inDependencies) {
+                const depMatch = line.match(/^\s{4}(.+?)\s+"([^"]+)"/);
+                if (depMatch) {
+                    currentDeps[depMatch[1]] = depMatch[2];
+                }
+            }
+        }
+        // Save last package
+        if (currentNames.length > 0 && currentVersion) {
+            const pkgKey = `node_modules/${currentNames[0]}@${currentVersion}`;
+            if (!packages[pkgKey]) {
+                const pkgEntry = { version: currentVersion };
+                if (Object.keys(currentDeps).length > 0) {
+                    pkgEntry.dependencies = currentDeps;
+                }
+                packages[pkgKey] = pkgEntry;
+            }
+        }
+        return Object.keys(packages).length > 1 ? {
+            lockfileVersion: 3,
+            packages
+        } : undefined;
+    }
+}
+exports.PackageJsonParser = PackageJsonParser;
+/** Fields to copy from package.json that contain dependency maps */
+PackageJsonParser.DEPENDENCY_FIELDS = [
+    'dependencies',
+    'devDependencies',
+    'peerDependencies',
+    'optionalDependencies'
+];
+/**
+ * Lock file detection configuration.
+ * Priority order determines which package manager is detected when multiple lock files exist.
+ */
+PackageJsonParser.LOCK_FILE_CONFIG = [
+    { filename: 'package-lock.json', packageManager: node_resolution_result_1.PackageManager.Npm },
+    { filename: 'bun.lock', packageManager: node_resolution_result_1.PackageManager.Bun },
+    { filename: 'pnpm-lock.yaml', packageManager: node_resolution_result_1.PackageManager.Pnpm, preferNodeModules: true },
+    // yarn.lock omits transitive dependency details (engines/license), so prefer node_modules
+    { filename: 'yarn.lock', packageManager: (content) => content.includes('__metadata:') ? node_resolution_result_1.PackageManager.YarnBerry : node_resolution_result_1.PackageManager.YarnClassic,
+        preferNodeModules: true
+    },
+];
+// Register with the Parsers registry for RPC support
+parser_1.Parsers.registerParser("packageJson", PackageJsonParser);
+//# sourceMappingURL=package-json-parser.js.map