@rainy-updates/cli 0.4.0

package/dist/output/format.js

@@ -0,0 +1,56 @@
+import { renderGitHubAnnotations } from "./github.js";
+export function renderResult(result, format) {
+    if (format === "json") {
+        return JSON.stringify(result, null, 2);
+    }
+    if (format === "minimal") {
+        if (result.updates.length === 0 && result.summary.warmedPackages > 0) {
+            return `Cache warmed for ${result.summary.warmedPackages} package(s).`;
+        }
+        if (result.updates.length === 0)
+            return "No updates found.";
+        return result.updates
+            .map((item) => `${item.packagePath} :: ${item.name}: ${item.fromRange} -> ${item.toRange}`)
+            .join("\n");
+    }
+    if (format === "github") {
+        return renderGitHubAnnotations(result);
+    }
+    const lines = [];
+    lines.push(`Project: ${result.projectPath}`);
+    lines.push(`Scanned packages: ${result.summary.scannedPackages}`);
+    lines.push(`Package manager: ${result.packageManager}`);
+    lines.push(`Target: ${result.target}`);
+    lines.push("");
+    if (result.updates.length === 0) {
+        if (result.summary.warmedPackages > 0) {
+            lines.push(`Cache warmed for ${result.summary.warmedPackages} package(s).`);
+        }
+        else {
+            lines.push("No updates found.");
+        }
+    }
+    else {
+        lines.push("Updates:");
+        for (const update of result.updates) {
+            lines.push(`- ${update.packagePath} :: ${update.name} [${update.kind}] ${update.fromRange} -> ${update.toRange} (${update.diffType})`);
+        }
+    }
+    if (result.errors.length > 0) {
+        lines.push("");
+        lines.push("Errors:");
+        for (const error of result.errors) {
+            lines.push(`- ${error}`);
+        }
+    }
+    if (result.warnings.length > 0) {
+        lines.push("");
+        lines.push("Warnings:");
+        for (const warning of result.warnings) {
+            lines.push(`- ${warning}`);
+        }
+    }
+    lines.push("");
+    lines.push(`Summary: ${result.summary.updatesFound} updates, ${result.summary.checkedDependencies}/${result.summary.totalDependencies} checked, ${result.summary.warmedPackages} warmed`);
+    return lines.join("\n");
+}

package/dist/output/github.d.ts

@@ -0,0 +1,3 @@
+import type { CheckResult } from "../types/index.js";
+export declare function writeGitHubOutput(filePath: string, result: CheckResult): Promise<void>;
+export declare function renderGitHubAnnotations(result: CheckResult): string;

package/dist/output/github.js

@@ -0,0 +1,30 @@
+import { promises as fs } from "node:fs";
+import path from "node:path";
+export async function writeGitHubOutput(filePath, result) {
+    const lines = [
+        `updates_found=${result.summary.updatesFound}`,
+        `errors_count=${result.errors.length}`,
+        `warnings_count=${result.warnings.length}`,
+        `checked_dependencies=${result.summary.checkedDependencies}`,
+        `scanned_packages=${result.summary.scannedPackages}`,
+        `warmed_packages=${result.summary.warmedPackages}`,
+    ];
+    await fs.mkdir(path.dirname(filePath), { recursive: true });
+    await fs.writeFile(filePath, lines.join("\n") + "\n", "utf8");
+}
+export function renderGitHubAnnotations(result) {
+    const lines = [];
+    for (const update of result.updates) {
+        lines.push(`::notice title=Dependency Update::${update.name} ${update.fromRange} -> ${update.toRange} (${update.packagePath})`);
+    }
+    for (const warning of result.warnings) {
+        lines.push(`::warning title=Rainy Updates::${warning}`);
+    }
+    for (const error of result.errors) {
+        lines.push(`::error title=Rainy Updates::${error}`);
+    }
+    if (lines.length === 0) {
+        lines.push("::notice title=Rainy Updates::No updates found");
+    }
+    return lines.join("\n");
+}

package/dist/output/pr-report.d.ts

@@ -0,0 +1,2 @@
+import type { CheckResult } from "../types/index.js";
+export declare function renderPrReport(result: CheckResult): string;

package/dist/output/pr-report.js

@@ -0,0 +1,38 @@
+export function renderPrReport(result) {
+    const lines = [];
+    lines.push("# Dependency Update Report");
+    lines.push("");
+    lines.push(`- Scanned packages: ${result.summary.scannedPackages}`);
+    lines.push(`- Checked dependencies: ${result.summary.checkedDependencies}`);
+    lines.push(`- Updates found: ${result.summary.updatesFound}`);
+    lines.push(`- Errors: ${result.errors.length}`);
+    lines.push(`- Warnings: ${result.warnings.length}`);
+    lines.push("");
+    if (result.updates.length > 0) {
+        lines.push("## Proposed Updates");
+        lines.push("");
+        lines.push("| Package | From | To | Type | Path |");
+        lines.push("|---|---|---|---|---|");
+        for (const update of result.updates) {
+            lines.push(`| ${update.name} | ${update.fromRange} | ${update.toRange} | ${update.diffType} | ${update.packagePath} |`);
+        }
+        lines.push("");
+    }
+    if (result.errors.length > 0) {
+        lines.push("## Errors");
+        lines.push("");
+        for (const error of result.errors) {
+            lines.push(`- ${error}`);
+        }
+        lines.push("");
+    }
+    if (result.warnings.length > 0) {
+        lines.push("## Warnings");
+        lines.push("");
+        for (const warning of result.warnings) {
+            lines.push(`- ${warning}`);
+        }
+        lines.push("");
+    }
+    return lines.join("\n");
+}

package/dist/output/sarif.d.ts

@@ -0,0 +1,2 @@
+import type { CheckResult } from "../types/index.js";
+export declare function createSarifReport(result: CheckResult): Record<string, unknown>;

package/dist/output/sarif.js

@@ -0,0 +1,60 @@
+export function createSarifReport(result) {
+    const dependencyRuleId = "rainy-updates/dependency-update";
+    const runtimeRuleId = "rainy-updates/runtime-error";
+    const updateResults = result.updates.map((update) => ({
+        ruleId: dependencyRuleId,
+        level: "warning",
+        message: {
+            text: `${update.name} can be updated from ${update.fromRange} to ${update.toRange}`,
+        },
+        locations: [
+            {
+                physicalLocation: {
+                    artifactLocation: {
+                        uri: `${update.packagePath}/package.json`,
+                    },
+                },
+            },
+        ],
+        properties: {
+            dependency: update.name,
+            kind: update.kind,
+            diffType: update.diffType,
+            resolvedVersion: update.toVersionResolved,
+        },
+    }));
+    const errorResults = result.errors.map((error) => ({
+        ruleId: runtimeRuleId,
+        level: "error",
+        message: {
+            text: error,
+        },
+    }));
+    return {
+        $schema: "https://json.schemastore.org/sarif-2.1.0.json",
+        version: "2.1.0",
+        runs: [
+            {
+                tool: {
+                    driver: {
+                        name: "@rainy-updates/cli",
+                        version: "0.1.0",
+                        rules: [
+                            {
+                                id: dependencyRuleId,
+                                shortDescription: { text: "Dependency update available" },
+                                fullDescription: { text: "A dependency has a newer version according to configured target." },
+                            },
+                            {
+                                id: runtimeRuleId,
+                                shortDescription: { text: "Dependency resolution error" },
+                                fullDescription: { text: "The resolver could not fetch or parse package metadata." },
+                            },
+                        ],
+                    },
+                },
+                results: [...updateResults, ...errorResults],
+            },
+        ],
+    };
+}

package/dist/parsers/package-json.d.ts

@@ -0,0 +1,5 @@
+import type { DependencyKind, PackageDependency, PackageManifest } from "../types/index.js";
+export declare function getPackageJsonPath(cwd: string): string;
+export declare function readManifest(cwd: string): Promise<PackageManifest>;
+export declare function writeManifest(cwd: string, manifest: PackageManifest): Promise<void>;
+export declare function collectDependencies(manifest: PackageManifest, includeKinds: DependencyKind[]): PackageDependency[];

package/dist/parsers/package-json.js

@@ -0,0 +1,35 @@
+import { promises as fs } from "node:fs";
+import path from "node:path";
+const DEPENDENCY_KINDS = [
+    "dependencies",
+    "devDependencies",
+    "optionalDependencies",
+    "peerDependencies",
+];
+export function getPackageJsonPath(cwd) {
+    return path.join(cwd, "package.json");
+}
+export async function readManifest(cwd) {
+    const filePath = getPackageJsonPath(cwd);
+    const content = await fs.readFile(filePath, "utf8");
+    return JSON.parse(content);
+}
+export async function writeManifest(cwd, manifest) {
+    const filePath = getPackageJsonPath(cwd);
+    const content = JSON.stringify(manifest, null, 2) + "\n";
+    await fs.writeFile(filePath, content, "utf8");
+}
+export function collectDependencies(manifest, includeKinds) {
+    const deps = [];
+    for (const kind of DEPENDENCY_KINDS) {
+        if (!includeKinds.includes(kind))
+            continue;
+        const section = manifest[kind];
+        if (!section || typeof section !== "object")
+            continue;
+        for (const [name, range] of Object.entries(section)) {
+            deps.push({ name, range, kind });
+        }
+    }
+    return deps;
+}

package/dist/pm/detect.d.ts

@@ -0,0 +1 @@
+export declare function detectPackageManager(cwd: string): Promise<"npm" | "pnpm" | "unknown">;

package/dist/pm/detect.js

@@ -0,0 +1,20 @@
+import { access } from "node:fs/promises";
+import path from "node:path";
+export async function detectPackageManager(cwd) {
+    const pnpmLock = path.join(cwd, "pnpm-lock.yaml");
+    const npmLock = path.join(cwd, "package-lock.json");
+    try {
+        await access(pnpmLock);
+        return "pnpm";
+    }
+    catch {
+        // noop
+    }
+    try {
+        await access(npmLock);
+        return "npm";
+    }
+    catch {
+        return "unknown";
+    }
+}

package/dist/pm/install.d.ts

@@ -0,0 +1 @@
+export declare function installDependencies(cwd: string, packageManager: "auto" | "npm" | "pnpm", detected: "npm" | "pnpm" | "unknown"): Promise<void>;

package/dist/pm/install.js

@@ -0,0 +1,21 @@
+import { spawn } from "node:child_process";
+export async function installDependencies(cwd, packageManager, detected) {
+    const selected = packageManager === "auto" ? (detected === "unknown" ? "npm" : detected) : packageManager;
+    const command = selected;
+    const args = ["install"];
+    await new Promise((resolve, reject) => {
+        const child = spawn(command, args, {
+            cwd,
+            stdio: "inherit",
+            shell: process.platform === "win32",
+        });
+        child.on("exit", (code) => {
+            if (code === 0) {
+                resolve();
+                return;
+            }
+            reject(new Error(`${command} ${args.join(" ")} failed with exit code ${code ?? "unknown"}`));
+        });
+        child.on("error", reject);
+    });
+}

package/dist/registry/npm.d.ts

@@ -0,0 +1,14 @@
+export interface ResolveManyOptions {
+    concurrency: number;
+    timeoutMs?: number;
+}
+export interface ResolveManyResult {
+    versions: Map<string, string | null>;
+    errors: Map<string, string>;
+}
+export declare class NpmRegistryClient {
+    private readonly requesterPromise;
+    constructor();
+    resolveLatestVersion(packageName: string, timeoutMs?: number): Promise<string | null>;
+    resolveManyLatestVersions(packageNames: string[], options: ResolveManyOptions): Promise<ResolveManyResult>;
+}

package/dist/registry/npm.js

@@ -0,0 +1,128 @@
+import { asyncPool } from "../utils/async-pool.js";
+const DEFAULT_TIMEOUT_MS = 8000;
+const USER_AGENT = "@rainy-updates/cli";
+export class NpmRegistryClient {
+    requesterPromise;
+    constructor() {
+        this.requesterPromise = createRequester();
+    }
+    async resolveLatestVersion(packageName, timeoutMs = DEFAULT_TIMEOUT_MS) {
+        const requester = await this.requesterPromise;
+        let lastError = null;
+        for (let attempt = 1; attempt <= 3; attempt += 1) {
+            try {
+                const response = await requester(packageName, timeoutMs);
+                if (response.status === 404)
+                    return null;
+                if (response.status === 429 || response.status >= 500) {
+                    throw new Error(`Registry temporary error: ${response.status}`);
+                }
+                if (response.status < 200 || response.status >= 300) {
+                    throw new Error(`Registry request failed: ${response.status}`);
+                }
+                return response.data?.["dist-tags"]?.latest ?? null;
+            }
+            catch (error) {
+                lastError = String(error);
+                if (attempt < 3) {
+                    await sleep(120 * attempt);
+                }
+            }
+        }
+        throw new Error(`Unable to resolve ${packageName}: ${lastError ?? "unknown error"}`);
+    }
+    async resolveManyLatestVersions(packageNames, options) {
+        const unique = Array.from(new Set(packageNames));
+        const versions = new Map();
+        const errors = new Map();
+        const timeoutMs = options.timeoutMs ?? DEFAULT_TIMEOUT_MS;
+        const results = await asyncPool(options.concurrency, unique.map((pkg) => async () => {
+            try {
+                const latest = await this.resolveLatestVersion(pkg, timeoutMs);
+                return { pkg, latest, error: null };
+            }
+            catch (error) {
+                return { pkg, latest: null, error: String(error) };
+            }
+        }));
+        for (const result of results) {
+            if (result instanceof Error) {
+                continue;
+            }
+            if (result.error) {
+                errors.set(result.pkg, result.error);
+            }
+            else {
+                versions.set(result.pkg, result.latest);
+            }
+        }
+        return { versions, errors };
+    }
+}
+function sleep(ms) {
+    return new Promise((resolve) => setTimeout(resolve, ms));
+}
+async function createRequester() {
+    const undiciRequester = await tryCreateUndiciRequester();
+    if (undiciRequester)
+        return undiciRequester;
+    return async (packageName, timeoutMs) => {
+        const controller = new AbortController();
+        const timeout = setTimeout(() => controller.abort(), timeoutMs);
+        try {
+            const response = await fetch(`https://registry.npmjs.org/${encodeURIComponent(packageName)}`, {
+                headers: {
+                    accept: "application/json",
+                    "user-agent": USER_AGENT,
+                },
+                signal: controller.signal,
+            });
+            const data = (await response.json().catch(() => null));
+            return { status: response.status, data };
+        }
+        finally {
+            clearTimeout(timeout);
+        }
+    };
+}
+async function tryCreateUndiciRequester() {
+    try {
+        const dynamicImport = Function("specifier", "return import(specifier)");
+        const undici = await dynamicImport("undici");
+        const pool = new undici.Pool("https://registry.npmjs.org", {
+            connections: 20,
+            pipelining: 10,
+            allowH2: true,
+        });
+        return async (packageName, timeoutMs) => {
+            const controller = new AbortController();
+            const timeout = setTimeout(() => controller.abort(), timeoutMs);
+            try {
+                const res = await pool.request({
+                    path: `/${encodeURIComponent(packageName)}`,
+                    method: "GET",
+                    headers: {
+                        accept: "application/json",
+                        "user-agent": USER_AGENT,
+                    },
+                    signal: controller.signal,
+                });
+                const bodyText = await res.body.text();
+                let data = null;
+                try {
+                    data = JSON.parse(bodyText);
+                }
+                catch {
+                    data = null;
+                }
+                return { status: res.statusCode, data };
+            }
+            finally {
+                clearTimeout(timeout);
+            }
+        };
+    }
+    catch {
+        return null;
+    }
+}

package/dist/types/index.d.ts

@@ -0,0 +1,86 @@
+export type DependencyKind = "dependencies" | "devDependencies" | "optionalDependencies" | "peerDependencies";
+export type TargetLevel = "patch" | "minor" | "major" | "latest";
+export type OutputFormat = "table" | "json" | "minimal" | "github";
+export interface RunOptions {
+    cwd: string;
+    target: TargetLevel;
+    filter?: string;
+    reject?: string;
+    cacheTtlSeconds: number;
+    includeKinds: DependencyKind[];
+    ci: boolean;
+    format: OutputFormat;
+    workspace: boolean;
+    jsonFile?: string;
+    githubOutputFile?: string;
+    sarifFile?: string;
+    concurrency: number;
+    offline: boolean;
+    policyFile?: string;
+    prReportFile?: string;
+}
+export interface CheckOptions extends RunOptions {
+}
+export interface UpgradeOptions extends RunOptions {
+    install: boolean;
+    packageManager: "auto" | "npm" | "pnpm";
+    sync: boolean;
+}
+export interface PackageDependency {
+    name: string;
+    range: string;
+    kind: DependencyKind;
+}
+export interface PackageUpdate {
+    packagePath: string;
+    name: string;
+    kind: DependencyKind;
+    fromRange: string;
+    toRange: string;
+    toVersionResolved: string;
+    diffType: TargetLevel;
+    filtered: boolean;
+    reason?: string;
+}
+export interface Summary {
+    scannedPackages: number;
+    totalDependencies: number;
+    checkedDependencies: number;
+    updatesFound: number;
+    upgraded: number;
+    skipped: number;
+    warmedPackages: number;
+}
+export interface CheckResult {
+    projectPath: string;
+    packagePaths: string[];
+    packageManager: "npm" | "pnpm" | "unknown";
+    target: TargetLevel;
+    timestamp: string;
+    summary: Summary;
+    updates: PackageUpdate[];
+    errors: string[];
+    warnings: string[];
+}
+export interface UpgradeResult extends CheckResult {
+    changed: boolean;
+}
+export interface PackageManifest {
+    name?: string;
+    version?: string;
+    dependencies?: Record<string, string>;
+    devDependencies?: Record<string, string>;
+    optionalDependencies?: Record<string, string>;
+    peerDependencies?: Record<string, string>;
+    [key: string]: unknown;
+}
+export interface CachedVersion {
+    packageName: string;
+    target: TargetLevel;
+    latestVersion: string;
+    fetchedAt: number;
+    ttlSeconds: number;
+}
+export interface VersionResolver {
+    resolveLatestVersion(packageName: string): Promise<string | null>;
+}

package/dist/types/index.js

@@ -0,0 +1 @@
+export {};

package/dist/utils/async-pool.d.ts

@@ -0,0 +1 @@
+export declare function asyncPool<T>(concurrency: number, tasks: Array<() => Promise<T>>): Promise<Array<T | Error>>;

package/dist/utils/async-pool.js

@@ -0,0 +1,21 @@
+export async function asyncPool(concurrency, tasks) {
+    const limit = Math.max(1, concurrency);
+    const results = new Array(tasks.length);
+    let nextIndex = 0;
+    const workers = Array.from({ length: Math.min(limit, tasks.length) }, async () => {
+        while (true) {
+            const current = nextIndex;
+            nextIndex += 1;
+            if (current >= tasks.length)
+                return;
+            try {
+                results[current] = await tasks[current]();
+            }
+            catch (error) {
+                results[current] = error instanceof Error ? error : new Error(String(error));
+            }
+        }
+    });
+    await Promise.all(workers);
+    return results;
+}

package/dist/utils/pattern.d.ts

@@ -0,0 +1 @@
+export declare function matchesPattern(value: string, pattern?: string): boolean;

package/dist/utils/pattern.js

@@ -0,0 +1,11 @@
+export function matchesPattern(value, pattern) {
+    if (!pattern || pattern.trim() === "") {
+        return true;
+    }
+    const escaped = pattern
+        .split("*")
+        .map((part) => part.replace(/[.*+?^${}()|[\\]\\]/g, "\\$&"))
+        .join(".*");
+    const regex = new RegExp(`^${escaped}$`);
+    return regex.test(value);
+}

package/dist/utils/semver.d.ts

@@ -0,0 +1,13 @@
+import type { TargetLevel } from "../types/index.js";
+export interface ParsedVersion {
+    major: number;
+    minor: number;
+    patch: number;
+}
+export declare function normalizeRangePrefix(range: string): string;
+export declare function parseVersion(raw: string): ParsedVersion | null;
+export declare function compareVersions(a: ParsedVersion, b: ParsedVersion): number;
+export declare function classifyDiff(currentRange: string, nextVersion: string): TargetLevel;
+export declare function pickTargetVersion(currentRange: string, latestVersion: string, target: TargetLevel): string | null;
+export declare function applyRangeStyle(previousRange: string, version: string): string;
+export declare function clampTarget(requested: TargetLevel, maxAllowed?: TargetLevel): TargetLevel;

package/dist/utils/semver.js

@@ -0,0 +1,80 @@
+export function normalizeRangePrefix(range) {
+    const trimmed = range.trim();
+    if (!trimmed)
+        return "";
+    const prefixes = ["^", "~", ">=", "<=", ">", "<", "="];
+    const prefix = prefixes.find((item) => trimmed.startsWith(item));
+    return prefix ?? "";
+}
+export function parseVersion(raw) {
+    const clean = raw.trim().replace(/^[~^]/, "").split("-")[0];
+    const match = clean.match(/^(\d+)\.(\d+)\.(\d+)$/);
+    if (!match)
+        return null;
+    return {
+        major: Number(match[1]),
+        minor: Number(match[2]),
+        patch: Number(match[3]),
+    };
+}
+export function compareVersions(a, b) {
+    if (a.major !== b.major)
+        return a.major - b.major;
+    if (a.minor !== b.minor)
+        return a.minor - b.minor;
+    return a.patch - b.patch;
+}
+export function classifyDiff(currentRange, nextVersion) {
+    const current = parseVersion(currentRange);
+    const next = parseVersion(nextVersion);
+    if (!current || !next)
+        return "latest";
+    if (next.major > current.major)
+        return "major";
+    if (next.minor > current.minor)
+        return "minor";
+    if (next.patch > current.patch)
+        return "patch";
+    return "latest";
+}
+export function pickTargetVersion(currentRange, latestVersion, target) {
+    const current = parseVersion(currentRange);
+    const latest = parseVersion(latestVersion);
+    if (!latest)
+        return null;
+    if (!current || target === "latest")
+        return latestVersion;
+    if (target === "patch") {
+        if (current.major === latest.major && current.minor === latest.minor && latest.patch > current.patch) {
+            return latestVersion;
+        }
+        return null;
+    }
+    if (target === "minor") {
+        if (current.major === latest.major && compareVersions(latest, current) > 0) {
+            return latestVersion;
+        }
+        return null;
+    }
+    if (target === "major") {
+        if (compareVersions(latest, current) > 0) {
+            return latestVersion;
+        }
+        return null;
+    }
+    return latestVersion;
+}
+export function applyRangeStyle(previousRange, version) {
+    const prefix = normalizeRangePrefix(previousRange);
+    return `${prefix}${version}`;
+}
+const TARGET_ORDER = ["patch", "minor", "major", "latest"];
+export function clampTarget(requested, maxAllowed) {
+    if (!maxAllowed)
+        return requested;
+    const requestedIndex = TARGET_ORDER.indexOf(requested);
+    const allowedIndex = TARGET_ORDER.indexOf(maxAllowed);
+    if (requestedIndex === -1 || allowedIndex === -1)
+        return requested;
+    return TARGET_ORDER[Math.min(requestedIndex, allowedIndex)];
+}

package/dist/workspace/discover.d.ts

@@ -0,0 +1 @@
+export declare function discoverPackageDirs(cwd: string, workspaceMode: boolean): Promise<string[]>;