@rainy-updates/cli 0.4.4 → 0.5.0-rc.2

package/dist/output/sarif.js

@@ -1,3 +1,6 @@
+import { readFileSync } from "node:fs";
+import path from "node:path";
+import { fileURLToPath } from "node:url";
 export function createSarifReport(result) {
     const dependencyRuleId = "rainy-updates/dependency-update";
     const runtimeRuleId = "rainy-updates/runtime-error";
@@ -38,7 +41,7 @@ export function createSarifReport(result) {
                 tool: {
                     driver: {
                         name: "@rainy-updates/cli",
-                        version: "0.1.0",
+                        version: getToolVersion(),
                         rules: [
                             {
                                 id: dependencyRuleId,
@@ -58,3 +61,20 @@ export function createSarifReport(result) {
         ],
     };
 }
+let TOOL_VERSION_CACHE = null;
+function getToolVersion() {
+    if (TOOL_VERSION_CACHE)
+        return TOOL_VERSION_CACHE;
+    try {
+        const currentFile = fileURLToPath(import.meta.url);
+        const packageJsonPath = path.resolve(path.dirname(currentFile), "../../package.json");
+        const content = readFileSync(packageJsonPath, "utf8");
+        const parsed = JSON.parse(content);
+        TOOL_VERSION_CACHE = parsed.version ?? "0.0.0";
+        return TOOL_VERSION_CACHE;
+    }
+    catch {
+        TOOL_VERSION_CACHE = "0.0.0";
+        return TOOL_VERSION_CACHE;
+    }
+}

package/dist/registry/npm.d.ts

@@ -3,12 +3,23 @@ export interface ResolveManyOptions {
     timeoutMs?: number;
 }
 export interface ResolveManyResult {
-    versions: Map<string, string | null>;
+    metadata: Map<string, {
+        latestVersion: string | null;
+        versions: string[];
+    }>;
     errors: Map<string, string>;
 }
 export declare class NpmRegistryClient {
     private readonly requesterPromise;
-    constructor();
+    constructor(cwd?: string);
+    resolvePackageMetadata(packageName: string, timeoutMs?: number): Promise<{
+        latestVersion: string | null;
+        versions: string[];
+    }>;
     resolveLatestVersion(packageName: string, timeoutMs?: number): Promise<string | null>;
-    resolveManyLatestVersions(packageNames: string[], options: ResolveManyOptions): Promise<ResolveManyResult>;
+    resolveManyPackageMetadata(packageNames: string[], options: ResolveManyOptions): Promise<ResolveManyResult>;
+    resolveManyLatestVersions(packageNames: string[], options: ResolveManyOptions): Promise<{
+        versions: Map<string, string | null>;
+        errors: Map<string, string>;
+    }>;
 }

package/dist/registry/npm.js

@@ -1,26 +1,33 @@
+import { promises as fs } from "node:fs";
+import os from "node:os";
+import path from "node:path";
+import process from "node:process";
 import { asyncPool } from "../utils/async-pool.js";
 const DEFAULT_TIMEOUT_MS = 8000;
 const USER_AGENT = "@rainy-updates/cli";
+const DEFAULT_REGISTRY = "https://registry.npmjs.org/";
 export class NpmRegistryClient {
     requesterPromise;
-    constructor() {
-        this.requesterPromise = createRequester();
+    constructor(cwd) {
+        this.requesterPromise = createRequester(cwd);
     }
-    async resolveLatestVersion(packageName, timeoutMs = DEFAULT_TIMEOUT_MS) {
+    async resolvePackageMetadata(packageName, timeoutMs = DEFAULT_TIMEOUT_MS) {
         const requester = await this.requesterPromise;
         let lastError = null;
         for (let attempt = 1; attempt <= 3; attempt += 1) {
             try {
                 const response = await requester(packageName, timeoutMs);
-                if (response.status === 404)
-                    return null;
+                if (response.status === 404) {
+                    return { latestVersion: null, versions: [] };
+                }
                 if (response.status === 429 || response.status >= 500) {
                     throw new Error(`Registry temporary error: ${response.status}`);
                 }
                 if (response.status < 200 || response.status >= 300) {
                     throw new Error(`Registry request failed: ${response.status}`);
                 }
-                return response.data?.["dist-tags"]?.latest ?? null;
+                const versions = Object.keys(response.data?.versions ?? {});
+                return { latestVersion: response.data?.["dist-tags"]?.latest ?? null, versions };
             }
             catch (error) {
                 lastError = String(error);
@@ -31,18 +38,22 @@ export class NpmRegistryClient {
         }
         throw new Error(`Unable to resolve ${packageName}: ${lastError ?? "unknown error"}`);
     }
-    async resolveManyLatestVersions(packageNames, options) {
+    async resolveLatestVersion(packageName, timeoutMs = DEFAULT_TIMEOUT_MS) {
+        const metadata = await this.resolvePackageMetadata(packageName, timeoutMs);
+        return metadata.latestVersion;
+    }
+    async resolveManyPackageMetadata(packageNames, options) {
         const unique = Array.from(new Set(packageNames));
-        const versions = new Map();
+        const metadata = new Map();
         const errors = new Map();
         const timeoutMs = options.timeoutMs ?? DEFAULT_TIMEOUT_MS;
         const results = await asyncPool(options.concurrency, unique.map((pkg) => async () => {
             try {
-                const latest = await this.resolveLatestVersion(pkg, timeoutMs);
-                return { pkg, latest, error: null };
+                const packageMetadata = await this.resolvePackageMetadata(pkg, timeoutMs);
+                return { pkg, packageMetadata, error: null };
             }
             catch (error) {
-                return { pkg, latest: null, error: String(error) };
+                return { pkg, packageMetadata: null, error: String(error) };
             }
         }));
         for (const result of results) {
@@ -52,25 +63,39 @@ export class NpmRegistryClient {
             if (result.error) {
                 errors.set(result.pkg, result.error);
             }
-            else {
-                versions.set(result.pkg, result.latest);
+            else if (result.packageMetadata) {
+                metadata.set(result.pkg, result.packageMetadata);
             }
         }
-        return { versions, errors };
+        return { metadata, errors };
+    }
+    async resolveManyLatestVersions(packageNames, options) {
+        const metadataResult = await this.resolveManyPackageMetadata(packageNames, options);
+        const versions = new Map();
+        for (const [name, value] of metadataResult.metadata) {
+            versions.set(name, value.latestVersion);
+        }
+        return {
+            versions,
+            errors: metadataResult.errors,
+        };
     }
 }
 function sleep(ms) {
     return new Promise((resolve) => setTimeout(resolve, ms));
 }
-async function createRequester() {
-    const undiciRequester = await tryCreateUndiciRequester();
+async function createRequester(cwd) {
+    const registryConfig = await loadRegistryConfig(cwd ?? process.cwd());
+    const undiciRequester = await tryCreateUndiciRequester(registryConfig);
     if (undiciRequester)
         return undiciRequester;
     return async (packageName, timeoutMs) => {
         const controller = new AbortController();
         const timeout = setTimeout(() => controller.abort(), timeoutMs);
+        const registry = resolveRegistryForPackage(packageName, registryConfig);
+        const url = buildRegistryUrl(registry, packageName);
         try {
-            const response = await fetch(`https://registry.npmjs.org/${encodeURIComponent(packageName)}`, {
+            const response = await fetch(url, {
                 headers: {
                     accept: "application/json",
                     "user-agent": USER_AGENT,
@@ -85,21 +110,17 @@ async function createRequester() {
         }
     };
 }
-async function tryCreateUndiciRequester() {
+async function tryCreateUndiciRequester(registryConfig) {
     try {
         const dynamicImport = Function("specifier", "return import(specifier)");
         const undici = await dynamicImport("undici");
-        const pool = new undici.Pool("https://registry.npmjs.org", {
-            connections: 20,
-            pipelining: 10,
-            allowH2: true,
-        });
         return async (packageName, timeoutMs) => {
             const controller = new AbortController();
             const timeout = setTimeout(() => controller.abort(), timeoutMs);
+            const registry = resolveRegistryForPackage(packageName, registryConfig);
+            const url = buildRegistryUrl(registry, packageName);
             try {
-                const res = await pool.request({
-                    path: `/${encodeURIComponent(packageName)}`,
+                const res = await undici.request(url, {
                     method: "GET",
                     headers: {
                         accept: "application/json",
@@ -126,3 +147,74 @@ async function tryCreateUndiciRequester() {
         return null;
     }
 }
+async function loadRegistryConfig(cwd) {
+    const homeNpmrc = path.join(os.homedir(), ".npmrc");
+    const projectNpmrc = path.join(cwd, ".npmrc");
+    const merged = new Map();
+    for (const filePath of [homeNpmrc, projectNpmrc]) {
+        try {
+            const content = await fs.readFile(filePath, "utf8");
+            const parsed = parseNpmrc(content);
+            for (const [key, value] of parsed) {
+                merged.set(key, value);
+            }
+        }
+        catch {
+            // ignore missing/unreadable file
+        }
+    }
+    const defaultRegistry = normalizeRegistryUrl(merged.get("registry") ?? DEFAULT_REGISTRY);
+    const scopedRegistries = new Map();
+    for (const [key, value] of merged) {
+        if (!key.startsWith("@") || !key.endsWith(":registry"))
+            continue;
+        const scope = key.slice(0, key.indexOf(":registry"));
+        if (scope.length > 1) {
+            scopedRegistries.set(scope, normalizeRegistryUrl(value));
+        }
+    }
+    return { defaultRegistry, scopedRegistries };
+}
+function parseNpmrc(content) {
+    const values = new Map();
+    const lines = content.split(/\r?\n/);
+    for (const line of lines) {
+        const trimmed = line.trim();
+        if (trimmed.length === 0 || trimmed.startsWith("#") || trimmed.startsWith(";"))
+            continue;
+        const separator = trimmed.indexOf("=");
+        if (separator <= 0)
+            continue;
+        const key = trimmed.slice(0, separator).trim();
+        const value = trimmed.slice(separator + 1).trim();
+        if (key.length > 0 && value.length > 0) {
+            values.set(key, value);
+        }
+    }
+    return values;
+}
+function normalizeRegistryUrl(value) {
+    const normalized = value.endsWith("/") ? value : `${value}/`;
+    return normalized;
+}
+function resolveRegistryForPackage(packageName, config) {
+    const scope = extractScope(packageName);
+    if (scope) {
+        const scoped = config.scopedRegistries.get(scope);
+        if (scoped)
+            return scoped;
+    }
+    return config.defaultRegistry;
+}
+function extractScope(packageName) {
+    if (!packageName.startsWith("@"))
+        return null;
+    const firstSlash = packageName.indexOf("/");
+    if (firstSlash <= 1)
+        return null;
+    return packageName.slice(0, firstSlash);
+}
+function buildRegistryUrl(registry, packageName) {
+    const base = normalizeRegistryUrl(registry);
+    return new URL(encodeURIComponent(packageName), base).toString();
+}

package/dist/types/index.d.ts

@@ -1,6 +1,7 @@
 export type DependencyKind = "dependencies" | "devDependencies" | "optionalDependencies" | "peerDependencies";
 export type TargetLevel = "patch" | "minor" | "major" | "latest";
 export type OutputFormat = "table" | "json" | "minimal" | "github";
+export type FailOnLevel = "none" | "patch" | "minor" | "major" | "any";
 export interface RunOptions {
     cwd: string;
     target: TargetLevel;
@@ -18,6 +19,13 @@ export interface RunOptions {
     offline: boolean;
     policyFile?: string;
     prReportFile?: string;
+    failOn?: FailOnLevel;
+    maxUpdates?: number;
+    fixPr?: boolean;
+    fixBranch?: string;
+    fixCommitMessage?: string;
+    fixDryRun?: boolean;
+    noPrReport?: boolean;
 }
 export interface CheckOptions extends RunOptions {
 }
@@ -26,6 +34,13 @@ export interface UpgradeOptions extends RunOptions {
     packageManager: "auto" | "npm" | "pnpm";
     sync: boolean;
 }
+export interface BaselineOptions {
+    cwd: string;
+    workspace: boolean;
+    includeKinds: DependencyKind[];
+    filePath: string;
+    ci: boolean;
+}
 export interface PackageDependency {
     name: string;
     range: string;
@@ -50,6 +65,9 @@ export interface Summary {
     upgraded: number;
     skipped: number;
     warmedPackages: number;
+    fixPrApplied?: boolean;
+    fixBranchName?: string;
+    fixCommitSha?: string;
 }
 export interface CheckResult {
     projectPath: string;
@@ -78,6 +96,7 @@ export interface CachedVersion {
     packageName: string;
     target: TargetLevel;
     latestVersion: string;
+    availableVersions: string[];
     fetchedAt: number;
     ttlSeconds: number;
 }

package/dist/utils/semver.d.ts

@@ -9,5 +9,6 @@ export declare function parseVersion(raw: string): ParsedVersion | null;
 export declare function compareVersions(a: ParsedVersion, b: ParsedVersion): number;
 export declare function classifyDiff(currentRange: string, nextVersion: string): TargetLevel;
 export declare function pickTargetVersion(currentRange: string, latestVersion: string, target: TargetLevel): string | null;
+export declare function pickTargetVersionFromAvailable(currentRange: string, availableVersions: string[], latestVersion: string, target: TargetLevel): string | null;
 export declare function applyRangeStyle(previousRange: string, version: string): string;
 export declare function clampTarget(requested: TargetLevel, maxAllowed?: TargetLevel): TargetLevel;

package/dist/utils/semver.js

@@ -64,6 +64,30 @@ export function pickTargetVersion(currentRange, latestVersion, target) {
     }
     return latestVersion;
 }
+export function pickTargetVersionFromAvailable(currentRange, availableVersions, latestVersion, target) {
+    const current = parseVersion(currentRange);
+    if (!current || target === "latest")
+        return latestVersion;
+    const parsed = availableVersions
+        .map((version) => ({ raw: version, parsed: parseVersion(version) }))
+        .filter((item) => item.parsed !== null)
+        .filter((item) => compareVersions(item.parsed, current) > 0)
+        .sort((a, b) => compareVersions(a.parsed, b.parsed));
+    if (parsed.length === 0)
+        return null;
+    if (target === "major") {
+        return parsed[parsed.length - 1]?.raw ?? null;
+    }
+    if (target === "minor") {
+        const sameMajor = parsed.filter((item) => item.parsed.major === current.major);
+        return sameMajor.length > 0 ? sameMajor[sameMajor.length - 1].raw : null;
+    }
+    if (target === "patch") {
+        const sameLine = parsed.filter((item) => item.parsed.major === current.major && item.parsed.minor === current.minor);
+        return sameLine.length > 0 ? sameLine[sameLine.length - 1].raw : null;
+    }
+    return latestVersion;
+}
 export function applyRangeStyle(previousRange, version) {
     const prefix = normalizeRangePrefix(previousRange);
     return `${prefix}${version}`;

package/dist/workspace/discover.js

@@ -5,14 +5,21 @@ export async function discoverPackageDirs(cwd, workspaceMode) {
         return [cwd];
     }
     const roots = new Set([cwd]);
-    const packagePatterns = await readPackageJsonWorkspacePatterns(cwd);
-    const pnpmPatterns = await readPnpmWorkspacePatterns(cwd);
-    for (const pattern of [...packagePatterns, ...pnpmPatterns]) {
-        const dirs = await expandSingleLevelPattern(cwd, pattern);
+    const patterns = [...(await readPackageJsonWorkspacePatterns(cwd)), ...(await readPnpmWorkspacePatterns(cwd))];
+    const include = patterns.filter((item) => !item.startsWith("!"));
+    const exclude = patterns.filter((item) => item.startsWith("!")).map((item) => item.slice(1));
+    for (const pattern of include) {
+        const dirs = await expandWorkspacePattern(cwd, pattern);
         for (const dir of dirs) {
             roots.add(dir);
         }
     }
+    for (const pattern of exclude) {
+        const dirs = await expandWorkspacePattern(cwd, pattern);
+        for (const dir of dirs) {
+            roots.delete(dir);
+        }
+    }
     const existing = [];
     for (const dir of roots) {
         const packageJsonPath = path.join(dir, "package.json");
@@ -21,7 +28,7 @@ export async function discoverPackageDirs(cwd, workspaceMode) {
             existing.push(dir);
         }
         catch {
-            // ignore
+            // ignore missing package.json
         }
     }
     return existing.sort();
@@ -53,7 +60,7 @@ async function readPnpmWorkspacePatterns(cwd) {
             const trimmed = line.trim();
             if (!trimmed.startsWith("-"))
                 continue;
-            const value = trimmed.replace(/^-\s*/, "").replace(/^['\"]|['\"]$/g, "");
+            const value = trimmed.replace(/^-\s*/, "").replace(/^['"]|['"]$/g, "");
             if (value.length > 0) {
                 patterns.push(value);
             }
@@ -64,23 +71,48 @@ async function readPnpmWorkspacePatterns(cwd) {
         return [];
     }
 }
-async function expandSingleLevelPattern(cwd, pattern) {
-    if (!pattern.includes("*")) {
-        return [path.resolve(cwd, pattern)];
-    }
-    const normalized = pattern.replace(/\\/g, "/");
-    const starIndex = normalized.indexOf("*");
-    const basePart = normalized.slice(0, starIndex).replace(/\/$/, "");
-    const suffix = normalized.slice(starIndex + 1);
-    if (suffix.length > 0 && suffix !== "/") {
+async function expandWorkspacePattern(cwd, pattern) {
+    const normalized = pattern.replace(/\\/g, "/").replace(/^\.\//, "").replace(/\/+$/, "");
+    if (normalized.length === 0)
         return [];
+    if (!normalized.includes("*")) {
+        return [path.resolve(cwd, normalized)];
+    }
+    const segments = normalized.split("/").filter(Boolean);
+    const results = new Set();
+    await collectMatches(path.resolve(cwd), segments, 0, results);
+    return Array.from(results);
+}
+async function collectMatches(baseDir, segments, index, out) {
+    if (index >= segments.length) {
+        out.add(baseDir);
+        return;
     }
-    const baseDir = path.resolve(cwd, basePart);
+    const segment = segments[index];
+    if (segment === "**") {
+        await collectMatches(baseDir, segments, index + 1, out);
+        const children = await readChildDirs(baseDir);
+        for (const child of children) {
+            await collectMatches(child, segments, index, out);
+        }
+        return;
+    }
+    if (segment === "*") {
+        const children = await readChildDirs(baseDir);
+        for (const child of children) {
+            await collectMatches(child, segments, index + 1, out);
+        }
+        return;
+    }
+    await collectMatches(path.join(baseDir, segment), segments, index + 1, out);
+}
+async function readChildDirs(dir) {
     try {
-        const entries = await fs.readdir(baseDir, { withFileTypes: true });
+        const entries = await fs.readdir(dir, { withFileTypes: true });
         return entries
             .filter((entry) => entry.isDirectory())
-            .map((entry) => path.join(baseDir, entry.name));
+            .filter((entry) => entry.name !== "node_modules" && !entry.name.startsWith("."))
+            .map((entry) => path.join(dir, entry.name));
     }
     catch {
         return [];

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rainy-updates/cli",
-  "version": "0.4.4",
+  "version": "0.5.0-rc.2",
   "description": "Agentic CLI to check and upgrade npm/pnpm dependencies for CI workflows",
   "type": "module",
   "private": false,