@rainy-updates/cli 0.5.1 → 0.5.2-rc.2

package/dist/types/index.d.ts

@@ -64,6 +64,15 @@ export interface PackageDependency {
     range: string;
     kind: DependencyKind;
 }
+export interface ImpactScore {
+    rank: "critical" | "high" | "medium" | "low";
+    score: number;
+    factors: {
+        diffTypeWeight: number;
+        hasAdvisory: boolean;
+        affectedWorkspaceCount: number;
+    };
+}
 export interface PackageUpdate {
     packagePath: string;
     name: string;
@@ -75,6 +84,8 @@ export interface PackageUpdate {
     filtered: boolean;
     autofix: boolean;
     reason?: string;
+    impactScore?: ImpactScore;
+    homepage?: string;
 }
 export interface Summary {
     contractVersion: "2";
@@ -151,14 +162,20 @@ export interface VersionResolver {
     resolveLatestVersion(packageName: string): Promise<string | null>;
 }
 export type AuditSeverity = "critical" | "high" | "medium" | "low";
-export type AuditReportFormat = "table" | "json";
+export type AuditReportFormat = "table" | "json" | "summary";
+export type AuditSourceMode = "auto" | "osv" | "github" | "all";
+export type AuditSourceName = "osv" | "github";
+export type AuditSourceStatusLevel = "ok" | "partial" | "failed";
 export interface AuditOptions {
     cwd: string;
     workspace: boolean;
     severity?: AuditSeverity;
     fix: boolean;
     dryRun: boolean;
+    commit: boolean;
+    packageManager: "auto" | "npm" | "pnpm" | "bun" | "yarn";
     reportFormat: AuditReportFormat;
+    sourceMode: AuditSourceMode;
     jsonFile?: string;
     concurrency: number;
     registryTimeoutMs: number;
@@ -166,17 +183,44 @@ export interface AuditOptions {
 export interface CveAdvisory {
     cveId: string;
     packageName: string;
+    currentVersion: string | null;
     severity: AuditSeverity;
     vulnerableRange: string;
     patchedVersion: string | null;
     title: string;
     url: string;
+    sources: readonly AuditSourceName[];
+}
+export interface AuditPackageSummary {
+    packageName: string;
+    currentVersion: string | null;
+    severity: AuditSeverity;
+    advisoryCount: number;
+    patchedVersion: string | null;
+    sources: readonly AuditSourceName[];
+}
+export interface AuditSourceStatus {
+    source: AuditSourceName;
+    status: AuditSourceStatusLevel;
+    attemptedTargets: number;
+    successfulTargets: number;
+    failedTargets: number;
+    advisoriesFound: number;
+    message?: string;
 }
 export interface AuditResult {
     advisories: CveAdvisory[];
+    packages: AuditPackageSummary[];
     autoFixable: number;
     errors: string[];
     warnings: string[];
+    sourcesUsed: AuditSourceName[];
+    sourceHealth: AuditSourceStatus[];
+    resolution: {
+        lockfile: number;
+        manifest: number;
+        unresolved: number;
+    };
 }
 export interface BisectOptions {
     cwd: string;
@@ -224,3 +268,145 @@ export interface HealthResult {
     errors: string[];
     warnings: string[];
 }
+export interface PeerNode {
+    name: string;
+    resolvedVersion: string;
+    peerRequirements: Map<string, string>;
+}
+export interface PeerGraph {
+    nodes: Map<string, PeerNode>;
+    roots: string[];
+}
+export type PeerConflictSeverity = "error" | "warning";
+export interface PeerConflict {
+    requester: string;
+    peer: string;
+    requiredRange: string;
+    resolvedVersion: string;
+    severity: PeerConflictSeverity;
+    suggestion: string;
+}
+export interface ResolveOptions {
+    cwd: string;
+    workspace: boolean;
+    afterUpdate: boolean;
+    safe: boolean;
+    jsonFile?: string;
+    concurrency: number;
+    registryTimeoutMs: number;
+    cacheTtlSeconds: number;
+}
+export interface ResolveResult {
+    conflicts: PeerConflict[];
+    errorConflicts: number;
+    warningConflicts: number;
+    errors: string[];
+    warnings: string[];
+}
+export type UnusedKind = "declared-not-imported" | "imported-not-declared";
+export interface UnusedDependency {
+    name: string;
+    kind: UnusedKind;
+    declaredIn?: string;
+    importedFrom?: string;
+}
+export interface UnusedOptions {
+    cwd: string;
+    workspace: boolean;
+    srcDirs: string[];
+    includeDevDependencies: boolean;
+    fix: boolean;
+    dryRun: boolean;
+    jsonFile?: string;
+    concurrency: number;
+}
+export interface UnusedResult {
+    unused: UnusedDependency[];
+    missing: UnusedDependency[];
+    totalUnused: number;
+    totalMissing: number;
+    errors: string[];
+    warnings: string[];
+}
+export interface PackageLicense {
+    name: string;
+    version: string;
+    license: string;
+    spdxExpression: string | null;
+    homepage?: string;
+    repository?: string;
+}
+export interface SbomDocument {
+    spdxVersion: "SPDX-2.3";
+    dataLicense: "CC0-1.0";
+    name: string;
+    documentNamespace: string;
+    packages: SbomPackage[];
+    relationships: SbomRelationship[];
+}
+export interface SbomPackage {
+    SPDXID: string;
+    name: string;
+    versionInfo: string;
+    downloadLocation: string;
+    licenseConcluded: string;
+    licenseDeclared: string;
+    copyrightText: string;
+}
+export interface SbomRelationship {
+    spdxElementId: string;
+    relationshipType: "DESCRIBES" | "DEPENDS_ON";
+    relatedSpdxElement: string;
+}
+export interface LicenseOptions {
+    cwd: string;
+    workspace: boolean;
+    allow?: string[];
+    deny?: string[];
+    sbomFile?: string;
+    jsonFile?: string;
+    diffMode: boolean;
+    concurrency: number;
+    registryTimeoutMs: number;
+    cacheTtlSeconds: number;
+}
+export interface LicenseResult {
+    packages: PackageLicense[];
+    violations: PackageLicense[];
+    totalViolations: number;
+    errors: string[];
+    warnings: string[];
+}
+export interface SnapshotEntry {
+    id: string;
+    label: string;
+    createdAt: number;
+    manifests: Record<string, string>;
+    lockfileHashes: Record<string, string>;
+}
+export type SnapshotAction = "save" | "list" | "restore" | "diff";
+export interface SnapshotOptions {
+    cwd: string;
+    workspace: boolean;
+    action: SnapshotAction;
+    label?: string;
+    snapshotId?: string;
+    storeFile?: string;
+}
+export interface SnapshotResult {
+    action: SnapshotAction;
+    snapshotId?: string;
+    label?: string;
+    entries?: Array<{
+        id: string;
+        label: string;
+        createdAt: string;
+    }>;
+    diff?: Array<{
+        name: string;
+        from: string;
+        to: string;
+    }>;
+    errors: string[];
+    warnings: string[];
+}

package/dist/ui/tui.d.ts

@@ -0,0 +1,6 @@
+import type { PackageUpdate } from "../types/index.js";
+export declare function VersionDiff({ from, to }: {
+    from: string;
+    to: string;
+}): import("react/jsx-runtime").JSX.Element;
+export declare function runTui(updates: PackageUpdate[]): Promise<PackageUpdate[]>;

package/dist/ui/tui.js

@@ -0,0 +1,50 @@
+import { jsx as _jsx, jsxs as _jsxs } from "react/jsx-runtime";
+import { useState } from "react";
+import { render, Text, Box, useInput } from "ink";
+// Basic version diff string parser to split major.minor.patch
+export function VersionDiff({ from, to }) {
+    if (from === to)
+        return _jsx(Text, { color: "gray", children: to });
+    // Very simplistic semver coloring: highlight the changed part
+    // E.g., from 1.2.3 to 1.3.0 -> 1 is dim, 3.0 is bright green
+    return (_jsxs(Box, { children: [_jsxs(Text, { color: "gray", children: [from, " \u2192 "] }), _jsx(Text, { color: "green", children: to })] }));
+}
+function TuiApp({ updates, onComplete }) {
+    const [cursorIndex, setCursorIndex] = useState(0);
+    const [selectedIndices, setSelectedIndices] = useState(new Set(updates.map((_, i) => i)));
+    useInput((input, key) => {
+        if (key.upArrow) {
+            setCursorIndex((prev) => Math.max(0, prev - 1));
+        }
+        if (key.downArrow) {
+            setCursorIndex((prev) => Math.min(updates.length - 1, prev + 1));
+        }
+        if (input === " ") {
+            setSelectedIndices((prev) => {
+                const next = new Set(prev);
+                if (next.has(cursorIndex))
+                    next.delete(cursorIndex);
+                else
+                    next.add(cursorIndex);
+                return next;
+            });
+        }
+        if (key.return) {
+            const selected = updates.filter((_, i) => selectedIndices.has(i));
+            onComplete(selected);
+        }
+    });
+    return (_jsxs(Box, { flexDirection: "column", padding: 1, children: [_jsx(Text, { bold: true, color: "cyan", children: "Choose updates to install (Space to toggle, Enter to confirm, Up/Down to navigate)" }), _jsx(Box, { flexDirection: "column", marginTop: 1, children: updates.map((update, index) => {
+                    const isSelected = selectedIndices.has(index);
+                    const isFocused = cursorIndex === index;
+                    return (_jsxs(Box, { flexDirection: "row", children: [_jsxs(Text, { color: isFocused ? "cyan" : "gray", children: [isFocused ? "❯ " : "  ", isSelected ? "◉ " : "◯ "] }), _jsx(Box, { width: 30, children: _jsx(Text, { bold: isFocused, children: update.name }) }), _jsx(Box, { width: 15, children: _jsx(Text, { color: "gray", children: update.diffType }) }), _jsx(VersionDiff, { from: update.fromRange, to: update.toVersionResolved })] }, update.name));
+                }) }), _jsx(Box, { marginTop: 1, children: _jsxs(Text, { color: "gray", children: [selectedIndices.size, " of ", updates.length, " selected"] }) })] }));
+}
+export async function runTui(updates) {
+    return new Promise((resolve) => {
+        const { unmount } = render(_jsx(TuiApp, { updates: updates, onComplete: (selected) => {
+                unmount();
+                resolve(selected);
+            } }));
+    });
+}

package/dist/utils/semver.d.ts

@@ -12,3 +12,21 @@ export declare function pickTargetVersion(currentRange: string, latestVersion: s
 export declare function pickTargetVersionFromAvailable(currentRange: string, availableVersions: string[], latestVersion: string, target: TargetLevel): string | null;
 export declare function applyRangeStyle(previousRange: string, version: string): string;
 export declare function clampTarget(requested: TargetLevel, maxAllowed?: TargetLevel): TargetLevel;
+/**
+ * Checks whether a concrete version satisfies a semver range expression.
+ *
+ * Handles the common npm range operators used in peerDependencies:
+ *   exact:  "1.2.3"       → version must equal
+ *   ^:      "^1.2.3"      → major must match, version must be >=
+ *   ~:      "~1.2.3"      → major+minor must match, version must be >=
+ *   >=:     ">=1.2.3"     → version must be >=
+ *   <=:     "<=1.2.3"     → version must be <=
+ *   >:      ">1.2.3"      → version must be >
+ *   <:      "<1.2.3"      → version must be <
+ *   *:      "*" | ""      → always true
+ *   ranges: ">=1 <3"      → all space-separated clauses AND-ed together
+ *
+ * Does NOT handle || unions or hyphen ranges — those are rare in peerDependencies
+ * and degrade gracefully (returns true to avoid false-positive conflicts).
+ */
+export declare function satisfies(version: string, range: string): boolean;

package/dist/utils/semver.js

@@ -45,13 +45,16 @@ export function pickTargetVersion(currentRange, latestVersion, target) {
     if (!current || target === "latest")
         return latestVersion;
     if (target === "patch") {
-        if (current.major === latest.major && current.minor === latest.minor && latest.patch > current.patch) {
+        if (current.major === latest.major &&
+            current.minor === latest.minor &&
+            latest.patch > current.patch) {
             return latestVersion;
         }
         return null;
     }
     if (target === "minor") {
-        if (current.major === latest.major && compareVersions(latest, current) > 0) {
+        if (current.major === latest.major &&
+            compareVersions(latest, current) > 0) {
             return latestVersion;
         }
         return null;
@@ -83,7 +86,8 @@ export function pickTargetVersionFromAvailable(currentRange, availableVersions,
         return sameMajor.length > 0 ? sameMajor[sameMajor.length - 1].raw : null;
     }
     if (target === "patch") {
-        const sameLine = parsed.filter((item) => item.parsed.major === current.major && item.parsed.minor === current.minor);
+        const sameLine = parsed.filter((item) => item.parsed.major === current.major &&
+            item.parsed.minor === current.minor);
         return sameLine.length > 0 ? sameLine[sameLine.length - 1].raw : null;
     }
     return latestVersion;
@@ -102,3 +106,84 @@ export function clampTarget(requested, maxAllowed) {
         return requested;
     return TARGET_ORDER[Math.min(requestedIndex, allowedIndex)];
 }
+/**
+ * Checks whether a concrete version satisfies a semver range expression.
+ *
+ * Handles the common npm range operators used in peerDependencies:
+ *   exact:  "1.2.3"       → version must equal
+ *   ^:      "^1.2.3"      → major must match, version must be >=
+ *   ~:      "~1.2.3"      → major+minor must match, version must be >=
+ *   >=:     ">=1.2.3"     → version must be >=
+ *   <=:     "<=1.2.3"     → version must be <=
+ *   >:      ">1.2.3"      → version must be >
+ *   <:      "<1.2.3"      → version must be <
+ *   *:      "*" | ""      → always true
+ *   ranges: ">=1 <3"      → all space-separated clauses AND-ed together
+ *
+ * Does NOT handle || unions or hyphen ranges — those are rare in peerDependencies
+ * and degrade gracefully (returns true to avoid false-positive conflicts).
+ */
+export function satisfies(version, range) {
+    const trimmedRange = range.trim();
+    if (!trimmedRange || trimmedRange === "*")
+        return true;
+    const parsed = parseVersion(version);
+    if (!parsed)
+        return true; // non-semver versions (e.g. "latest", "workspace:*") pass through
+    // Handle OR unions — split on " || " and return true if any clause matches
+    if (trimmedRange.includes("||")) {
+        return trimmedRange
+            .split("||")
+            .some((clause) => satisfies(version, clause.trim()));
+    }
+    // Handle AND ranges — split on whitespace and require all clauses to match
+    const clauses = trimmedRange.split(/\s+/).filter(Boolean);
+    if (clauses.length > 1) {
+        return clauses.every((clause) => satisfies(version, clause));
+    }
+    const clause = clauses[0] ?? "";
+    const op = parseRangeOperator(clause);
+    if (!op)
+        return true;
+    const cmp = compareVersions(parsed, op.version);
+    switch (op.operator) {
+        case "^": {
+            // same major, version >= bound
+            return parsed.major === op.version.major && cmp >= 0;
+        }
+        case "~": {
+            // same major+minor, version >= bound
+            return (parsed.major === op.version.major &&
+                parsed.minor === op.version.minor &&
+                cmp >= 0);
+        }
+        case ">=":
+            return cmp >= 0;
+        case "<=":
+            return cmp <= 0;
+        case ">":
+            return cmp > 0;
+        case "<":
+            return cmp < 0;
+        case "=":
+            return cmp === 0;
+        default:
+            return true;
+    }
+}
+function parseRangeOperator(clause) {
+    const ops = [">=", "<=", "^", "~", ">", "<", "="];
+    for (const op of ops) {
+        if (clause.startsWith(op)) {
+            const versionStr = clause.slice(op.length);
+            const parsed = parseVersion(versionStr);
+            if (parsed)
+                return { operator: op, version: parsed };
+        }
+    }
+    // Bare version string — treat as exact
+    const parsed = parseVersion(clause);
+    if (parsed)
+        return { operator: "=", version: parsed };
+    return null;
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rainy-updates/cli",
-  "version": "0.5.1",
+  "version": "0.5.2-rc.2",
   "description": "The fastest DevOps-first dependency CLI. Checks, audits, upgrades, bisects, and automates npm/pnpm dependencies in CI.",
   "type": "module",
   "private": false,
@@ -69,9 +69,16 @@
   },
   "devDependencies": {
     "@types/bun": "latest",
+    "@types/react": "^19.2.14",
+    "ink-testing-library": "^4.0.0",
     "typescript": "^5.9.3"
   },
   "optionalDependencies": {
     "undici": "^7.22.0"
+  },
+  "dependencies": {
+    "ink": "^6.8.0",
+    "react": "^19.2.4",
+    "zod": "^4.3.6"
   }
 }