@openrewrite/rewrite 8.69.0-20251211-160325 → 8.69.0-20251212-112414

package/src/cli/cli-utils.ts

@@ -19,8 +19,17 @@ import * as path from 'path';
 import {spawn, spawnSync} from 'child_process';
 import {Recipe, RecipeRegistry} from '../recipe';
 import {SourceFile} from '../tree';
-import {JavaScriptParser, PackageJsonParser} from '../javascript';
+import {
+    isYarnBerryLockFile,
+    JavaScriptParser,
+    JSON_LOCK_FILE_NAMES,
+    PackageJsonParser,
+    TEXT_LOCK_FILE_NAMES,
+    YAML_LOCK_FILE_NAMES
+} from '../javascript';
 import {JsonParser} from '../json';
+import {PlainTextParser} from '../text';
+import {YamlParser} from '../yaml';
 
 // ANSI color codes
 const colors = {
@@ -440,11 +449,17 @@ export async function walkDirectory(
     }
 }
 
+/**
+ * All lock file names (typed as string[] for easier comparison)
+ */
+const ALL_LOCK_FILE_NAMES: readonly string[] = [...JSON_LOCK_FILE_NAMES, ...YAML_LOCK_FILE_NAMES, ...TEXT_LOCK_FILE_NAMES];
+
 /**
  * Check if a file is accepted for parsing based on its extension
  */
 export function isAcceptedFile(filePath: string): boolean {
     const ext = path.extname(filePath).toLowerCase();
+    const basename = path.basename(filePath);
 
     // JavaScript/TypeScript files
     if (['.js', '.jsx', '.ts', '.tsx', '.mjs', '.mts', '.cjs', '.cts'].includes(ext)) {
@@ -456,6 +471,16 @@ export function isAcceptedFile(filePath: string): boolean {
         return true;
     }
 
+    // YAML files
+    if (['.yaml', '.yml'].includes(ext)) {
+        return true;
+    }
+
+    // Lock files (some have non-standard extensions like yarn.lock)
+    if (ALL_LOCK_FILE_NAMES.includes(basename)) {
+        return true;
+    }
+
     return false;
 }
 
@@ -466,6 +491,56 @@ export interface ParseFilesOptions {
     onProgress?: ProgressCallback;
 }
 
+/**
+ * Internal context for file parsing progress tracking.
+ */
+interface ParseContext {
+    current: number;
+    total: number;
+    verbose: boolean;
+    onProgress?: ProgressCallback;
+}
+
+/**
+ * Helper to parse files with a given parser, handling verbose logging and progress.
+ */
+async function* parseWithParser(
+    files: string[],
+    parser: { parse(...files: string[]): AsyncGenerator<SourceFile> },
+    fileType: string,
+    ctx: ParseContext
+): AsyncGenerator<SourceFile, ParseContext> {
+    if (files.length === 0) {
+        return ctx;
+    }
+
+    if (ctx.verbose) {
+        console.log(`Parsing ${files.length} ${fileType} files...`);
+    }
+
+    for await (const sf of parser.parse(...files)) {
+        ctx.current++;
+        ctx.onProgress?.(ctx.current, ctx.total, sf.sourcePath);
+        yield sf;
+    }
+
+    return ctx;
+}
+
+/**
+ * Classifies a yarn.lock file as YAML (Berry) or text (Classic) based on its content.
+ * Returns 'yaml' for Yarn Berry (v2+) and 'text' for Yarn Classic (v1).
+ */
+async function classifyYarnLockFile(filePath: string): Promise<'yaml' | 'text'> {
+    try {
+        const content = await fsp.readFile(filePath, 'utf-8');
+        return isYarnBerryLockFile(content) ? 'yaml' : 'text';
+    } catch {
+        // Default to text format if we can't read the file
+        return 'text';
+    }
+}
+
 /**
  * Parse source files using appropriate parsers (streaming version).
  * Yields source files as they are parsed, allowing immediate processing.
@@ -483,6 +558,13 @@ export async function* parseFilesStreaming(
     const jsFiles: string[] = [];
     const packageJsonFiles: string[] = [];
     const jsonFiles: string[] = [];
+    const jsonLockFiles: string[] = [];
+    const yamlLockFiles: string[] = [];
+    const yamlFiles: string[] = [];
+    const textLockFiles: string[] = [];
+
+    // Collect yarn.lock files for content-based classification
+    const yarnLockFiles: string[] = [];
 
     for (const filePath of filePaths) {
         const basename = path.basename(filePath);
@@ -492,49 +574,44 @@ export async function* parseFilesStreaming(
             packageJsonFiles.push(filePath);
         } else if (['.js', '.jsx', '.ts', '.tsx', '.mjs', '.mts', '.cjs', '.cts'].includes(ext)) {
             jsFiles.push(filePath);
+        } else if ((JSON_LOCK_FILE_NAMES as readonly string[]).includes(basename)) {
+            jsonLockFiles.push(filePath);
+        } else if ((YAML_LOCK_FILE_NAMES as readonly string[]).includes(basename)) {
+            yamlLockFiles.push(filePath);
+        } else if (basename === 'yarn.lock') {
+            // yarn.lock needs content-based classification
+            yarnLockFiles.push(filePath);
+        } else if ((TEXT_LOCK_FILE_NAMES as readonly string[]).includes(basename)) {
+            // Other text lock files (if any besides yarn.lock)
+            textLockFiles.push(filePath);
         } else if (ext === '.json') {
             jsonFiles.push(filePath);
+        } else if (['.yaml', '.yml'].includes(ext)) {
+            yamlFiles.push(filePath);
         }
     }
 
-    // Parse JavaScript/TypeScript files
-    if (jsFiles.length > 0) {
-        if (verbose) {
-            console.log(`Parsing ${jsFiles.length} JavaScript/TypeScript files...`);
-        }
-        const jsParser = new JavaScriptParser({relativeTo: projectRoot});
-        for await (const sf of jsParser.parse(...jsFiles)) {
-            current++;
-            onProgress?.(current, total, sf.sourcePath);
-            yield sf;
+    // Classify yarn.lock files by content (Yarn Berry uses YAML, Classic uses text)
+    for (const yarnLockPath of yarnLockFiles) {
+        const format = await classifyYarnLockFile(yarnLockPath);
+        if (format === 'yaml') {
+            yamlLockFiles.push(yarnLockPath);
+        } else {
+            textLockFiles.push(yarnLockPath);
         }
     }
 
-    // Parse package.json files
-    if (packageJsonFiles.length > 0) {
-        if (verbose) {
-            console.log(`Parsing ${packageJsonFiles.length} package.json files...`);
-        }
-        const pkgParser = new PackageJsonParser({relativeTo: projectRoot});
-        for await (const sf of pkgParser.parse(...packageJsonFiles)) {
-            current++;
-            onProgress?.(current, total, sf.sourcePath);
-            yield sf;
-        }
-    }
+    // Create parse context for tracking progress
+    const ctx: ParseContext = { current, total, verbose, onProgress };
 
-    // Parse other JSON files
-    if (jsonFiles.length > 0) {
-        if (verbose) {
-            console.log(`Parsing ${jsonFiles.length} JSON files...`);
-        }
-        const jsonParser = new JsonParser({relativeTo: projectRoot});
-        for await (const sf of jsonParser.parse(...jsonFiles)) {
-            current++;
-            onProgress?.(current, total, sf.sourcePath);
-            yield sf;
-        }
-    }
+    // Parse files by type using helper
+    yield* parseWithParser(jsFiles, new JavaScriptParser({relativeTo: projectRoot}), 'JavaScript/TypeScript', ctx);
+    yield* parseWithParser(packageJsonFiles, new PackageJsonParser({relativeTo: projectRoot}), 'package.json', ctx);
+    yield* parseWithParser(jsonLockFiles, new JsonParser({relativeTo: projectRoot}), 'JSON lock', ctx);
+    yield* parseWithParser(yamlLockFiles, new YamlParser({relativeTo: projectRoot}), 'YAML lock', ctx);
+    yield* parseWithParser(textLockFiles, new PlainTextParser({relativeTo: projectRoot}), 'text lock', ctx);
+    yield* parseWithParser(yamlFiles, new YamlParser({relativeTo: projectRoot}), 'YAML', ctx);
+    yield* parseWithParser(jsonFiles, new JsonParser({relativeTo: projectRoot}), 'JSON', ctx);
 }
 
 /**

package/src/javascript/package-json-parser.ts

@@ -336,20 +336,10 @@ export class PackageJsonParser extends Parser {
 
     /**
      * Parses JSONC (JSON with Comments and trailing commas) content.
-     *
-     * Note: This is a simple regex-based approach that works for bun.lock files but doesn't
-     * handle edge cases like comment-like sequences inside strings (e.g., "// not a comment").
-     * For lock files this is acceptable since they don't contain such patterns. If broader
-     * JSONC support is needed, consider using a proper parser like `jsonc-parser`.
      */
     private parseJsonc(content: string): Record<string, any> {
-        // Remove single-line comments (// ...)
-        let stripped = content.replace(/\/\/.*$/gm, '');
-        // Remove multi-line comments (/* ... */)
-        stripped = stripped.replace(/\/\*[\s\S]*?\*\//g, '');
-        // Remove trailing commas before ] or }
-        stripped = stripped.replace(/,(\s*[}\]])/g, '$1');
-        return JSON.parse(stripped);
+        const {parse} = require('jsonc-parser');
+        return parse(content);
     }
 
     /**

package/src/javascript/package-manager.ts

@@ -23,12 +23,18 @@ import {
     readNpmrcConfigs
 } from "./node-resolution-result";
 import {replaceMarkerByKind} from "../markers";
-import {Json} from "../json";
+import {Json, JsonParser, JsonVisitor} from "../json";
+import {isDocuments, Yaml, YamlParser, YamlVisitor} from "../yaml";
+import {PlainTextParser} from "../text";
+import {SourceFile} from "../tree";
+import {TreeVisitor} from "../visitor";
+import {ExecutionContext} from "../execution";
 import * as fs from "fs";
 import * as fsp from "fs/promises";
 import * as path from "path";
 import * as os from "os";
 import {spawnSync} from "child_process";
+import * as YAML from "yaml";
 
 /**
  * Configuration for each package manager.
@@ -114,6 +120,34 @@ const LOCK_FILE_DETECTION: ReadonlyArray<LockFileDetectionConfig> = [
     },
 ];
 
+/**
+ * Lock file names that should be parsed as JSON/JSONC format.
+ */
+export const JSON_LOCK_FILE_NAMES = ['bun.lock', 'package-lock.json'] as const;
+
+/**
+ * Lock file names that should be parsed as YAML format.
+ */
+export const YAML_LOCK_FILE_NAMES = ['pnpm-lock.yaml'] as const;
+
+/**
+ * Lock file names that should be parsed as plain text (custom formats like yarn.lock v1).
+ * Note: yarn.lock for Yarn Berry (v2+) is actually YAML format and should be parsed as such.
+ * Use `getLockFileFormat` with content to determine the correct format for yarn.lock.
+ */
+export const TEXT_LOCK_FILE_NAMES = ['yarn.lock'] as const;
+
+/**
+ * Detects if a yarn.lock file is Yarn Berry (v2+) format based on content.
+ * Yarn Berry lock files contain a `__metadata:` key which is not present in Classic.
+ *
+ * @param content The yarn.lock file content
+ * @returns true if this is a Yarn Berry lock file (YAML format), false for Classic
+ */
+export function isYarnBerryLockFile(content: string): boolean {
+    return content.includes('__metadata:');
+}
+
 /**
  * Result of running a package manager command.
  */
@@ -339,6 +373,75 @@ export function getUpdatedLockFileContent<T>(
     return undefined;
 }
 
+/**
+ * Determines the appropriate parser for a lock file based on its filename and optionally content.
+ *
+ * For yarn.lock files, the format depends on the Yarn version:
+ * - Yarn Classic (v1): Custom plain text format
+ * - Yarn Berry (v2+): YAML format
+ *
+ * If content is provided for yarn.lock, it will be used to detect the format.
+ * Otherwise, defaults to 'text' (Yarn Classic).
+ *
+ * @param lockFileName The lock file name (e.g., "pnpm-lock.yaml", "package-lock.json", "yarn.lock")
+ * @param content Optional file content (used for yarn.lock format detection)
+ * @returns 'yaml' for YAML lock files, 'json' for JSON lock files, 'text' for plain text
+ */
+export function getLockFileFormat(lockFileName: string, content?: string): 'yaml' | 'json' | 'text' {
+    if ((YAML_LOCK_FILE_NAMES as readonly string[]).includes(lockFileName)) {
+        return 'yaml';
+    }
+    if (lockFileName === 'yarn.lock') {
+        // Yarn Berry (v2+) uses YAML format, Classic uses custom text format
+        if (content && isYarnBerryLockFile(content)) {
+            return 'yaml';
+        }
+        return 'text';
+    }
+    if ((TEXT_LOCK_FILE_NAMES as readonly string[]).includes(lockFileName)) {
+        return 'text';
+    }
+    // package-lock.json, bun.lock
+    return 'json';
+}
+
+/**
+ * Re-parses updated lock file content using the appropriate parser.
+ * This is used by dependency recipes to create the updated lock file SourceFile.
+ *
+ * For yarn.lock files, the content is used to detect whether it's Yarn Berry (YAML)
+ * or Yarn Classic (plain text) format.
+ *
+ * @param content The updated lock file content
+ * @param sourcePath The source path of the lock file
+ * @param lockFileName The lock file name (e.g., "pnpm-lock.yaml", "yarn.lock")
+ * @returns The parsed SourceFile (Json.Document, Yaml.Documents, or PlainText)
+ */
+export async function parseLockFileContent(
+    content: string,
+    sourcePath: string,
+    lockFileName: string
+): Promise<SourceFile> {
+    // Pass content to getLockFileFormat for yarn.lock detection
+    const format = getLockFileFormat(lockFileName, content);
+
+    switch (format) {
+        case 'yaml': {
+            const parser = new YamlParser({});
+            return await parser.parseOne({text: content, sourcePath}) as Yaml.Documents;
+        }
+        case 'text': {
+            const parser = new PlainTextParser({});
+            return await parser.parseOne({text: content, sourcePath});
+        }
+        case 'json':
+        default: {
+            const parser = new JsonParser({});
+            return await parser.parseOne({text: content, sourcePath}) as Json.Document;
+        }
+    }
+}
+
 /**
  * Base interface for project update info used by dependency recipes.
  * Recipes extend this with additional fields specific to their needs.
@@ -438,7 +541,19 @@ export async function updateNodeResolutionMarker<T extends BaseProjectUpdateInfo
 
     if (updatedLockFile) {
         try {
-            lockContent = JSON.parse(updatedLockFile);
+            // Parse lock file based on format
+            if (updateInfo.packageManager === PackageManager.Pnpm) {
+                // pnpm-lock.yaml is YAML format
+                lockContent = YAML.parse(updatedLockFile);
+            } else if (updateInfo.packageManager === PackageManager.YarnClassic ||
+                       updateInfo.packageManager === PackageManager.YarnBerry) {
+                // yarn.lock has a custom format - skip parsing here
+                // The marker will still be updated with package.json info
+                lockContent = undefined;
+            } else {
+                // npm (package-lock.json) and bun (bun.lock) use JSON
+                lockContent = JSON.parse(updatedLockFile);
+            }
         } catch {
             // Continue without lock file content
         }
@@ -533,9 +648,21 @@ export async function runInstallInTempDir(
         });
 
         if (!result.success) {
+            // Combine error message with stderr for more useful diagnostics
+            const errorParts: string[] = [];
+            if (result.error) {
+                errorParts.push(result.error);
+            }
+            if (result.stderr) {
+                // Trim and limit stderr to avoid excessively long error messages
+                const stderr = result.stderr.trim();
+                if (stderr) {
+                    errorParts.push(stderr.length > 2000 ? stderr.slice(0, 2000) + '...' : stderr);
+                }
+            }
             return {
                 success: false,
-                error: result.error || result.stderr || 'Unknown error'
+                error: errorParts.length > 0 ? errorParts.join('\n\n') : 'Unknown error'
             };
         }
 
@@ -560,3 +687,52 @@ export async function runInstallInTempDir(
         }
     }
 }
+
+/**
+ * Creates a lock file visitor that handles updating YAML lock files (pnpm-lock.yaml).
+ * This is a reusable component for dependency recipes.
+ *
+ * @param acc The recipe accumulator containing updated lock file content
+ * @returns A YamlVisitor that updates YAML lock files
+ */
+export function createYamlLockFileVisitor<T>(
+    acc: DependencyRecipeAccumulator<T>
+): YamlVisitor<ExecutionContext> {
+    return new class extends YamlVisitor<ExecutionContext> {
+        protected async visitDocuments(docs: Yaml.Documents, _ctx: ExecutionContext): Promise<Yaml | undefined> {
+            const sourcePath = docs.sourcePath;
+            const updatedLockContent = getUpdatedLockFileContent(sourcePath, acc);
+            if (updatedLockContent) {
+                const lockFileName = path.basename(sourcePath);
+                return await parseLockFileContent(updatedLockContent, sourcePath, lockFileName) as Yaml.Documents;
+            }
+            return docs;
+        }
+    };
+}
+
+/**
+ * Creates a composite visitor that delegates to the appropriate editor based on tree type.
+ * This handles both JSON (package-lock.json, bun.lock) and YAML (pnpm-lock.yaml) lock files.
+ *
+ * @param jsonEditor The JSON visitor for handling JSON files
+ * @param acc The recipe accumulator for YAML lock file handling
+ * @returns A TreeVisitor that handles both JSON and YAML files
+ */
+export function createLockFileEditor<T>(
+    jsonEditor: JsonVisitor<ExecutionContext>,
+    acc: DependencyRecipeAccumulator<T>
+): TreeVisitor<any, ExecutionContext> {
+    const yamlEditor = createYamlLockFileVisitor(acc);
+
+    return new class extends TreeVisitor<any, ExecutionContext> {
+        async visit(tree: any, ctx: ExecutionContext): Promise<any> {
+            if (isDocuments(tree)) {
+                return yamlEditor.visit(tree, ctx);
+            } else if (tree && tree.kind === Json.Kind.Document) {
+                return jsonEditor.visit(tree, ctx);
+            }
+            return tree;
+        }
+    };
+}

package/src/javascript/recipes/add-dependency.ts

@@ -17,7 +17,7 @@
 import {Option, ScanningRecipe} from "../../recipe";
 import {ExecutionContext} from "../../execution";
 import {TreeVisitor} from "../../visitor";
-import {detectIndent, getMemberKeyName, isObject, Json, JsonParser, JsonVisitor, rightPadded, space} from "../../json";
+import {detectIndent, getMemberKeyName, isObject, Json, JsonVisitor, rightPadded, space} from "../../json";
 import {
     allDependencyScopes,
     DependencyScope,
@@ -28,8 +28,10 @@ import {emptyMarkers, markupWarn} from "../../markers";
 import {TreePrinters} from "../../print";
 import {
     createDependencyRecipeAccumulator,
+    createLockFileEditor,
     DependencyRecipeAccumulator,
-    getUpdatedLockFileContent,
+    getAllLockFileNames,
+    parseLockFileContent,
     runInstallIfNeeded,
     runInstallInTempDir,
     storeInstallResult,
@@ -154,7 +156,8 @@ export class AddDependency extends ScanningRecipe<Accumulator> {
     async editorWithData(acc: Accumulator): Promise<TreeVisitor<any, ExecutionContext>> {
         const recipe = this;
 
-        return new class extends JsonVisitor<ExecutionContext> {
+        // Create JSON visitor that handles both package.json and JSON lock files
+        const jsonEditor = new class extends JsonVisitor<ExecutionContext> {
             protected async visitDocument(doc: Json.Document, ctx: ExecutionContext): Promise<Json | undefined> {
                 const sourcePath = doc.sourcePath;
 
@@ -189,18 +192,21 @@ export class AddDependency extends ScanningRecipe<Accumulator> {
                     return updateNodeResolutionMarker(modifiedDoc, updateInfo, acc);
                 }
 
-                // Handle lock files for all package managers
-                const updatedLockContent = getUpdatedLockFileContent(sourcePath, acc);
-                if (updatedLockContent) {
-                    return await new JsonParser({}).parseOne({
-                        text: updatedLockContent,
-                        sourcePath: doc.sourcePath
-                    }) as Json.Document;
+                // Handle JSON lock files (package-lock.json, bun.lock)
+                const lockFileName = path.basename(sourcePath);
+                if (getAllLockFileNames().includes(lockFileName)) {
+                    const updatedLockContent = acc.updatedLockFiles.get(sourcePath);
+                    if (updatedLockContent) {
+                        return await parseLockFileContent(updatedLockContent, sourcePath, lockFileName) as Json.Document;
+                    }
                 }
 
                 return doc;
             }
         };
+
+        // Return composite visitor that handles both JSON and YAML lock files
+        return createLockFileEditor(jsonEditor, acc);
     }
 
     /**

package/src/javascript/recipes/upgrade-dependency-version.ts

@@ -17,7 +17,7 @@
 import {Option, ScanningRecipe} from "../../recipe";
 import {ExecutionContext} from "../../execution";
 import {TreeVisitor} from "../../visitor";
-import {getMemberKeyName, isLiteral, Json, JsonParser, JsonVisitor} from "../../json";
+import {getMemberKeyName, isLiteral, Json, JsonVisitor} from "../../json";
 import {
     allDependencyScopes,
     DependencyScope,
@@ -30,8 +30,10 @@ import {markupWarn, replaceMarkerByKind} from "../../markers";
 import {TreePrinters} from "../../print";
 import {
     createDependencyRecipeAccumulator,
+    createLockFileEditor,
     DependencyRecipeAccumulator,
-    getUpdatedLockFileContent,
+    getAllLockFileNames,
+    parseLockFileContent,
     runInstallIfNeeded,
     runInstallInTempDir,
     storeInstallResult,
@@ -210,7 +212,8 @@ export class UpgradeDependencyVersion extends ScanningRecipe<Accumulator> {
     async editorWithData(acc: Accumulator): Promise<TreeVisitor<any, ExecutionContext>> {
         const recipe = this;
 
-        return new class extends JsonVisitor<ExecutionContext> {
+        // Create JSON visitor that handles both package.json and JSON lock files
+        const jsonEditor = new class extends JsonVisitor<ExecutionContext> {
             protected async visitDocument(doc: Json.Document, ctx: ExecutionContext): Promise<Json | undefined> {
                 const sourcePath = doc.sourcePath;
 
@@ -252,18 +255,21 @@ export class UpgradeDependencyVersion extends ScanningRecipe<Accumulator> {
                     return updateNodeResolutionMarker(modifiedDoc, updateInfo, acc);
                 }
 
-                // Handle lock files for all package managers
-                const updatedLockContent = getUpdatedLockFileContent(sourcePath, acc);
-                if (updatedLockContent) {
-                    return await new JsonParser({}).parseOne({
-                        text: updatedLockContent,
-                        sourcePath: doc.sourcePath
-                    }) as Json.Document;
+                // Handle JSON lock files (package-lock.json, bun.lock)
+                const lockFileName = path.basename(sourcePath);
+                if (getAllLockFileNames().includes(lockFileName)) {
+                    const updatedLockContent = acc.updatedLockFiles.get(sourcePath);
+                    if (updatedLockContent) {
+                        return await parseLockFileContent(updatedLockContent, sourcePath, lockFileName) as Json.Document;
+                    }
                 }
 
                 return doc;
             }
         };
+
+        // Return composite visitor that handles both JSON and YAML lock files
+        return createLockFileEditor(jsonEditor, acc);
     }
 
     /**

package/src/javascript/recipes/upgrade-transitive-dependency-version.ts

@@ -30,8 +30,10 @@ import {markupWarn} from "../../markers";
 import {TreePrinters} from "../../print";
 import {
     createDependencyRecipeAccumulator,
+    createLockFileEditor,
     DependencyRecipeAccumulator,
-    getUpdatedLockFileContent,
+    getAllLockFileNames,
+    parseLockFileContent,
     runInstallIfNeeded,
     runInstallInTempDir,
     storeInstallResult,
@@ -187,7 +189,8 @@ export class UpgradeTransitiveDependencyVersion extends ScanningRecipe<Accumulat
     async editorWithData(acc: Accumulator): Promise<TreeVisitor<any, ExecutionContext>> {
         const recipe = this;
 
-        return new class extends JsonVisitor<ExecutionContext> {
+        // Create JSON visitor that handles both package.json and JSON lock files
+        const jsonEditor = new class extends JsonVisitor<ExecutionContext> {
             protected async visitDocument(doc: Json.Document, ctx: ExecutionContext): Promise<Json | undefined> {
                 const sourcePath = doc.sourcePath;
 
@@ -217,13 +220,13 @@ export class UpgradeTransitiveDependencyVersion extends ScanningRecipe<Accumulat
                     return updateNodeResolutionMarker(modifiedDoc, updateInfo, acc);
                 }
 
-                // Handle lock files for all package managers
-                const updatedLockContent = getUpdatedLockFileContent(sourcePath, acc);
-                if (updatedLockContent) {
-                    return await new JsonParser({}).parseOne({
-                        text: updatedLockContent,
-                        sourcePath: doc.sourcePath
-                    }) as Json.Document;
+                // Handle JSON lock files (package-lock.json, bun.lock)
+                const lockFileName = path.basename(sourcePath);
+                if (getAllLockFileNames().includes(lockFileName)) {
+                    const updatedLockContent = acc.updatedLockFiles.get(sourcePath);
+                    if (updatedLockContent) {
+                        return await parseLockFileContent(updatedLockContent, sourcePath, lockFileName) as Json.Document;
+                    }
                 }
 
                 return doc;
@@ -271,6 +274,9 @@ export class UpgradeTransitiveDependencyVersion extends ScanningRecipe<Accumulat
                 };
             }
         };
+
+        // Return composite visitor that handles both JSON and YAML lock files
+        return createLockFileEditor(jsonEditor, acc);
     }
 
     /**