@rainy-updates/cli 0.5.1-rc.2 → 0.5.1

package/dist/registry/npm.js

@@ -8,13 +8,17 @@ const USER_AGENT = "@rainy-updates/cli";
 const DEFAULT_REGISTRY = "https://registry.npmjs.org/";
 export class NpmRegistryClient {
     requesterPromise;
-    constructor(cwd) {
+    defaultTimeoutMs;
+    defaultRetries;
+    constructor(cwd, options) {
         this.requesterPromise = createRequester(cwd);
+        this.defaultTimeoutMs = options?.timeoutMs ?? DEFAULT_TIMEOUT_MS;
+        this.defaultRetries = Math.max(1, options?.retries ?? 3);
     }
-    async resolvePackageMetadata(packageName, timeoutMs = DEFAULT_TIMEOUT_MS) {
+    async resolvePackageMetadata(packageName, timeoutMs = this.defaultTimeoutMs, retries = this.defaultRetries) {
         const requester = await this.requesterPromise;
         let lastError = null;
-        for (let attempt = 1; attempt <= 3; attempt += 1) {
+        for (let attempt = 1; attempt <= retries; attempt += 1) {
             try {
                 const response = await requester(packageName, timeoutMs);
                 if (response.status === 404) {
@@ -35,7 +39,7 @@ export class NpmRegistryClient {
             }
             catch (error) {
                 lastError = String(error);
-                if (attempt < 3) {
+                if (attempt < retries) {
                     const backoffMs = error instanceof RetryableRegistryError ? error.waitMs : computeBackoffMs(attempt);
                     await sleep(backoffMs);
                 }
@@ -43,18 +47,19 @@ export class NpmRegistryClient {
         }
         throw new Error(`Unable to resolve ${packageName}: ${lastError ?? "unknown error"}`);
     }
-    async resolveLatestVersion(packageName, timeoutMs = DEFAULT_TIMEOUT_MS) {
-        const metadata = await this.resolvePackageMetadata(packageName, timeoutMs);
+    async resolveLatestVersion(packageName, timeoutMs = this.defaultTimeoutMs) {
+        const metadata = await this.resolvePackageMetadata(packageName, timeoutMs, this.defaultRetries);
         return metadata.latestVersion;
     }
     async resolveManyPackageMetadata(packageNames, options) {
         const unique = Array.from(new Set(packageNames));
         const metadata = new Map();
         const errors = new Map();
-        const timeoutMs = options.timeoutMs ?? DEFAULT_TIMEOUT_MS;
+        const timeoutMs = options.timeoutMs ?? this.defaultTimeoutMs;
+        const retries = options.retries ?? this.defaultRetries;
         const results = await asyncPool(options.concurrency, unique.map((pkg) => async () => {
             try {
-                const packageMetadata = await this.resolvePackageMetadata(pkg, timeoutMs);
+                const packageMetadata = await this.resolvePackageMetadata(pkg, timeoutMs, retries);
                 return { pkg, packageMetadata, error: null };
             }
             catch (error) {
@@ -111,12 +116,17 @@ async function createRequester(cwd) {
         const timeout = setTimeout(() => controller.abort(), timeoutMs);
         const registry = resolveRegistryForPackage(packageName, registryConfig);
         const url = buildRegistryUrl(registry, packageName);
+        const authHeader = resolveAuthHeader(registry, registryConfig);
+        const headers = {
+            accept: "application/json",
+            "user-agent": USER_AGENT,
+        };
+        if (authHeader) {
+            headers.authorization = authHeader;
+        }
         try {
             const response = await fetch(url, {
-                headers: {
-                    accept: "application/json",
-                    "user-agent": USER_AGENT,
-                },
+                headers,
                 signal: controller.signal,
             });
             const data = (await response.json().catch(() => null));
@@ -140,13 +150,18 @@ async function tryCreateUndiciRequester(registryConfig) {
             const timeout = setTimeout(() => controller.abort(), timeoutMs);
             const registry = resolveRegistryForPackage(packageName, registryConfig);
             const url = buildRegistryUrl(registry, packageName);
+            const authHeader = resolveAuthHeader(registry, registryConfig);
+            const headers = {
+                accept: "application/json",
+                "user-agent": USER_AGENT,
+            };
+            if (authHeader) {
+                headers.authorization = authHeader;
+            }
             try {
                 const res = await undici.request(url, {
                     method: "GET",
-                    headers: {
-                        accept: "application/json",
-                        "user-agent": USER_AGENT,
-                    },
+                    headers,
                     signal: controller.signal,
                 });
                 const bodyText = await res.body.text();
@@ -198,6 +213,7 @@ async function loadRegistryConfig(cwd) {
     }
     const defaultRegistry = normalizeRegistryUrl(merged.get("registry") ?? DEFAULT_REGISTRY);
     const scopedRegistries = new Map();
+    const authByRegistry = new Map();
     for (const [key, value] of merged) {
         if (!key.startsWith("@") || !key.endsWith(":registry"))
             continue;
@@ -206,7 +222,32 @@ async function loadRegistryConfig(cwd) {
             scopedRegistries.set(scope, normalizeRegistryUrl(value));
         }
     }
-    return { defaultRegistry, scopedRegistries };
+    for (const [key, value] of merged) {
+        if (!key.startsWith("//"))
+            continue;
+        const [registryKey, authKey] = key.split(/:(.+)/).filter(Boolean);
+        if (!registryKey || !authKey)
+            continue;
+        const registry = normalizeRegistryUrl(`https:${registryKey}`);
+        const current = authByRegistry.get(registry) ?? { alwaysAuth: false };
+        const resolvedValue = substituteEnvValue(value);
+        if (authKey === "_authToken") {
+            current.token = resolvedValue;
+        }
+        else if (authKey === "_auth") {
+            current.basicAuth = resolvedValue;
+        }
+        else if (authKey === "always-auth") {
+            current.alwaysAuth = resolvedValue === "true";
+        }
+        authByRegistry.set(registry, current);
+    }
+    if (merged.get("always-auth") === "true") {
+        const current = authByRegistry.get(defaultRegistry) ?? { alwaysAuth: false };
+        current.alwaysAuth = true;
+        authByRegistry.set(defaultRegistry, current);
+    }
+    return { defaultRegistry, scopedRegistries, authByRegistry };
 }
 function parseNpmrc(content) {
     const values = new Map();
@@ -226,6 +267,9 @@ function parseNpmrc(content) {
     }
     return values;
 }
+function substituteEnvValue(value) {
+    return value.replace(/\$\{([^}]+)\}/g, (_match, name) => process.env[name] ?? "");
+}
 function normalizeRegistryUrl(value) {
     const normalized = value.endsWith("/") ? value : `${value}/`;
     return normalized;
@@ -251,6 +295,32 @@ function buildRegistryUrl(registry, packageName) {
     const base = normalizeRegistryUrl(registry);
     return new URL(encodeURIComponent(packageName), base).toString();
 }
+function resolveAuthHeader(registry, config) {
+    const registryUrl = normalizeRegistryUrl(registry);
+    const auth = findRegistryAuth(registryUrl, config.authByRegistry);
+    if (!auth)
+        return undefined;
+    if (!auth.alwaysAuth && !registryUrl.startsWith("https://"))
+        return undefined;
+    if (auth.token)
+        return `Bearer ${auth.token}`;
+    if (auth.basicAuth)
+        return `Basic ${auth.basicAuth}`;
+    return undefined;
+}
+function findRegistryAuth(registry, authByRegistry) {
+    let matched;
+    let longest = -1;
+    for (const [candidate, auth] of authByRegistry) {
+        if (!registry.startsWith(candidate))
+            continue;
+        if (candidate.length > longest) {
+            matched = auth;
+            longest = candidate.length;
+        }
+    }
+    return matched;
+}
 function parseRetryAfterHeader(value) {
     if (!value)
         return null;

package/dist/types/index.d.ts

@@ -2,6 +2,7 @@ export type DependencyKind = "dependencies" | "devDependencies" | "optionalDepen
 export type TargetLevel = "patch" | "minor" | "major" | "latest";
 export type GroupBy = "none" | "name" | "scope" | "kind" | "risk";
 export type CiProfile = "minimal" | "strict" | "enterprise";
+export type LockfileMode = "preserve" | "update" | "error";
 export type OutputFormat = "table" | "json" | "minimal" | "github" | "metrics";
 export type FailOnLevel = "none" | "patch" | "minor" | "major" | "any";
 export type LogLevel = "error" | "warn" | "info" | "debug";
@@ -20,7 +21,10 @@ export interface RunOptions {
     githubOutputFile?: string;
     sarifFile?: string;
     concurrency: number;
+    registryTimeoutMs: number;
+    registryRetries: number;
     offline: boolean;
+    stream: boolean;
     policyFile?: string;
     prReportFile?: string;
     failOn?: FailOnLevel;
@@ -39,6 +43,7 @@ export interface RunOptions {
     prLimit?: number;
     onlyChanged: boolean;
     ciProfile: CiProfile;
+    lockfileMode: LockfileMode;
 }
 export interface CheckOptions extends RunOptions {
 }
@@ -68,6 +73,7 @@ export interface PackageUpdate {
     toVersionResolved: string;
     diffType: TargetLevel;
     filtered: boolean;
+    autofix: boolean;
     reason?: string;
 }
 export interface Summary {
@@ -84,6 +90,7 @@ export interface Summary {
         total: number;
         offlineCacheMiss: number;
         registryFailure: number;
+        registryAuthFailure: number;
         other: number;
     };
     warningCounts: {
@@ -106,6 +113,8 @@ export interface Summary {
     cooldownSkipped: number;
     ciProfile: CiProfile;
     prLimitHit: boolean;
+    streamedEvents: number;
+    policyOverridesApplied: number;
 }
 export interface CheckResult {
     projectPath: string;
@@ -141,3 +150,77 @@ export interface CachedVersion {
 export interface VersionResolver {
     resolveLatestVersion(packageName: string): Promise<string | null>;
 }
+export type AuditSeverity = "critical" | "high" | "medium" | "low";
+export type AuditReportFormat = "table" | "json";
+export interface AuditOptions {
+    cwd: string;
+    workspace: boolean;
+    severity?: AuditSeverity;
+    fix: boolean;
+    dryRun: boolean;
+    reportFormat: AuditReportFormat;
+    jsonFile?: string;
+    concurrency: number;
+    registryTimeoutMs: number;
+}
+export interface CveAdvisory {
+    cveId: string;
+    packageName: string;
+    severity: AuditSeverity;
+    vulnerableRange: string;
+    patchedVersion: string | null;
+    title: string;
+    url: string;
+}
+export interface AuditResult {
+    advisories: CveAdvisory[];
+    autoFixable: number;
+    errors: string[];
+    warnings: string[];
+}
+export interface BisectOptions {
+    cwd: string;
+    packageName: string;
+    versionRange?: string;
+    testCommand: string;
+    concurrency: number;
+    registryTimeoutMs: number;
+    cacheTtlSeconds: number;
+    dryRun: boolean;
+}
+export type BisectOutcome = "good" | "bad" | "skip";
+export interface BisectResult {
+    packageName: string;
+    breakingVersion: string | null;
+    lastGoodVersion: string | null;
+    totalVersionsTested: number;
+    iterations: number;
+}
+export type HealthFlag = "stale" | "deprecated" | "archived" | "unmaintained";
+export interface HealthOptions {
+    cwd: string;
+    workspace: boolean;
+    staleDays: number;
+    includeDeprecated: boolean;
+    includeAlternatives: boolean;
+    reportFormat: "table" | "json";
+    jsonFile?: string;
+    concurrency: number;
+    registryTimeoutMs: number;
+}
+export interface PackageHealthMetric {
+    name: string;
+    currentVersion: string;
+    lastPublished: string | null;
+    isDeprecated: boolean;
+    deprecatedMessage?: string;
+    isArchived: boolean;
+    daysSinceLastRelease: number | null;
+    flags: HealthFlag[];
+}
+export interface HealthResult {
+    metrics: PackageHealthMetric[];
+    totalFlagged: number;
+    errors: string[];
+    warnings: string[];
+}

package/dist/utils/lockfile.d.ts

@@ -0,0 +1,5 @@
+import type { LockfileMode } from "../types/index.js";
+export type LockfileSnapshot = Map<string, string | null>;
+export declare function captureLockfileSnapshot(cwd: string): Promise<LockfileSnapshot>;
+export declare function changedLockfiles(cwd: string, before: LockfileSnapshot): Promise<string[]>;
+export declare function validateLockfileMode(mode: LockfileMode, install: boolean): void;

package/dist/utils/lockfile.js

@@ -0,0 +1,44 @@
+import { promises as fs } from "node:fs";
+import path from "node:path";
+import { createHash } from "node:crypto";
+const LOCKFILE_NAMES = ["package-lock.json", "npm-shrinkwrap.json", "pnpm-lock.yaml", "yarn.lock", "bun.lock"];
+export async function captureLockfileSnapshot(cwd) {
+    const snapshot = new Map();
+    for (const name of LOCKFILE_NAMES) {
+        const filePath = path.join(cwd, name);
+        try {
+            const content = await fs.readFile(filePath);
+            snapshot.set(filePath, hashBuffer(content));
+        }
+        catch {
+            snapshot.set(filePath, null);
+        }
+    }
+    return snapshot;
+}
+export async function changedLockfiles(cwd, before) {
+    const changed = [];
+    for (const name of LOCKFILE_NAMES) {
+        const filePath = path.join(cwd, name);
+        let current = null;
+        try {
+            const content = await fs.readFile(filePath);
+            current = hashBuffer(content);
+        }
+        catch {
+            current = null;
+        }
+        if ((before.get(filePath) ?? null) !== current) {
+            changed.push(filePath);
+        }
+    }
+    return changed.sort((a, b) => a.localeCompare(b));
+}
+export function validateLockfileMode(mode, install) {
+    if (mode === "update" && !install) {
+        throw new Error("--lockfile-mode update requires --install to update lockfiles deterministically.");
+    }
+}
+function hashBuffer(value) {
+    return createHash("sha256").update(value).digest("hex");
+}

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@rainy-updates/cli",
-  "version": "0.5.1-rc.2",
-  "description": "Agentic CLI to check and upgrade npm/pnpm dependencies for CI workflows",
+  "version": "0.5.1",
+  "description": "The fastest DevOps-first dependency CLI. Checks, audits, upgrades, bisects, and automates npm/pnpm dependencies in CI.",
   "type": "module",
   "private": false,
   "license": "MIT",
@@ -18,12 +18,21 @@
     "updates",
     "cli",
     "ci",
+    "devops",
     "npm",
     "pnpm",
-    "monorepo"
+    "monorepo",
+    "audit",
+    "security",
+    "bisect",
+    "ncu",
+    "taze",
+    "renovate"
   ],
   "bin": {
-    "rainy-updates": "./dist/bin/cli.js"
+    "rainy-updates": "./dist/bin/cli.js",
+    "rainy-up": "./dist/bin/cli.js",
+    "rup": "./dist/bin/cli.js"
   },
   "types": "./dist/index.d.ts",
   "exports": {