npm - @rainy-updates/cli - Versions diffs - 0.5.2-rc.1 → 0.5.2 - Mend

@rainy-updates/cli 0.5.2-rc.1 → 0.5.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (56) hide show

package/CHANGELOG.md +77 -0
package/README.md +34 -1
package/dist/bin/cli.js +128 -3
package/dist/cache/cache.d.ts +1 -0
package/dist/cache/cache.js +9 -2
package/dist/commands/audit/fetcher.d.ts +2 -6
package/dist/commands/audit/fetcher.js +2 -79
package/dist/commands/audit/mapper.d.ts +8 -1
package/dist/commands/audit/mapper.js +105 -9
package/dist/commands/audit/parser.js +36 -2
package/dist/commands/audit/runner.js +186 -15
package/dist/commands/audit/sources/github.d.ts +2 -0
package/dist/commands/audit/sources/github.js +125 -0
package/dist/commands/audit/sources/index.d.ts +6 -0
package/dist/commands/audit/sources/index.js +99 -0
package/dist/commands/audit/sources/osv.d.ts +2 -0
package/dist/commands/audit/sources/osv.js +131 -0
package/dist/commands/audit/sources/types.d.ts +21 -0
package/dist/commands/audit/sources/types.js +1 -0
package/dist/commands/audit/targets.d.ts +20 -0
package/dist/commands/audit/targets.js +314 -0
package/dist/commands/changelog/fetcher.d.ts +9 -0
package/dist/commands/changelog/fetcher.js +130 -0
package/dist/commands/doctor/parser.d.ts +2 -0
package/dist/commands/doctor/parser.js +92 -0
package/dist/commands/doctor/runner.d.ts +2 -0
package/dist/commands/doctor/runner.js +13 -0
package/dist/commands/resolve/runner.js +3 -0
package/dist/commands/review/parser.d.ts +2 -0
package/dist/commands/review/parser.js +174 -0
package/dist/commands/review/runner.d.ts +2 -0
package/dist/commands/review/runner.js +30 -0
package/dist/config/loader.d.ts +3 -0
package/dist/core/check.js +39 -5
package/dist/core/errors.d.ts +11 -0
package/dist/core/errors.js +6 -0
package/dist/core/options.d.ts +8 -1
package/dist/core/options.js +43 -0
package/dist/core/review-model.d.ts +5 -0
package/dist/core/review-model.js +382 -0
package/dist/core/summary.js +11 -2
package/dist/core/upgrade.d.ts +1 -0
package/dist/core/upgrade.js +27 -21
package/dist/core/warm-cache.js +28 -4
package/dist/index.d.ts +2 -1
package/dist/index.js +1 -0
package/dist/output/format.d.ts +4 -1
package/dist/output/format.js +29 -3
package/dist/output/github.js +5 -0
package/dist/output/sarif.js +11 -0
package/dist/registry/npm.d.ts +20 -0
package/dist/registry/npm.js +27 -4
package/dist/types/index.d.ts +91 -1
package/dist/ui/tui.d.ts +2 -0
package/dist/ui/tui.js +107 -0
package/package.json +12 -2

package/dist/commands/review/parser.js ADDED Viewed

@@ -0,0 +1,174 @@
+import path from "node:path";
+import process from "node:process";
+import { ensureRiskLevel } from "../../core/options.js";
+export function parseReviewArgs(args) {
+    const options = {
+        cwd: process.cwd(),
+        target: "latest",
+        filter: undefined,
+        reject: undefined,
+        cacheTtlSeconds: 3600,
+        includeKinds: ["dependencies", "devDependencies", "optionalDependencies", "peerDependencies"],
+        ci: false,
+        format: "table",
+        workspace: false,
+        jsonFile: undefined,
+        githubOutputFile: undefined,
+        sarifFile: undefined,
+        concurrency: 16,
+        registryTimeoutMs: 8000,
+        registryRetries: 3,
+        offline: false,
+        stream: false,
+        policyFile: undefined,
+        prReportFile: undefined,
+        failOn: "none",
+        maxUpdates: undefined,
+        fixPr: false,
+        fixBranch: "chore/rainy-updates",
+        fixCommitMessage: undefined,
+        fixDryRun: false,
+        fixPrNoCheckout: false,
+        fixPrBatchSize: undefined,
+        noPrReport: false,
+        logLevel: "info",
+        groupBy: "risk",
+        groupMax: undefined,
+        cooldownDays: undefined,
+        prLimit: undefined,
+        onlyChanged: false,
+        ciProfile: "minimal",
+        lockfileMode: "preserve",
+        interactive: false,
+        showImpact: true,
+        showHomepage: true,
+        securityOnly: false,
+        risk: undefined,
+        diff: undefined,
+        applySelected: false,
+    };
+    for (let i = 0; i < args.length; i += 1) {
+        const current = args[i];
+        const next = args[i + 1];
+        if (current === "--cwd" && next) {
+            options.cwd = path.resolve(next);
+            i += 1;
+            continue;
+        }
+        if (current === "--cwd")
+            throw new Error("Missing value for --cwd");
+        if (current === "--workspace") {
+            options.workspace = true;
+            continue;
+        }
+        if (current === "--interactive") {
+            options.interactive = true;
+            continue;
+        }
+        if (current === "--security-only") {
+            options.securityOnly = true;
+            continue;
+        }
+        if (current === "--risk" && next) {
+            options.risk = ensureRiskLevel(next);
+            i += 1;
+            continue;
+        }
+        if (current === "--risk")
+            throw new Error("Missing value for --risk");
+        if (current === "--diff" && next) {
+            if (next === "patch" ||
+                next === "minor" ||
+                next === "major" ||
+                next === "latest") {
+                options.diff = next;
+                i += 1;
+                continue;
+            }
+            throw new Error("--diff must be patch, minor, major or latest");
+        }
+        if (current === "--diff")
+            throw new Error("Missing value for --diff");
+        if (current === "--apply-selected") {
+            options.applySelected = true;
+            continue;
+        }
+        if (current === "--json-file" && next) {
+            options.jsonFile = path.resolve(options.cwd, next);
+            i += 1;
+            continue;
+        }
+        if (current === "--json-file")
+            throw new Error("Missing value for --json-file");
+        if (current === "--policy-file" && next) {
+            options.policyFile = path.resolve(options.cwd, next);
+            i += 1;
+            continue;
+        }
+        if (current === "--policy-file")
+            throw new Error("Missing value for --policy-file");
+        if (current === "--concurrency" && next) {
+            const parsed = Number(next);
+            if (!Number.isInteger(parsed) || parsed <= 0) {
+                throw new Error("--concurrency must be a positive integer");
+            }
+            options.concurrency = parsed;
+            i += 1;
+            continue;
+        }
+        if (current === "--concurrency")
+            throw new Error("Missing value for --concurrency");
+        if (current === "--registry-timeout-ms" && next) {
+            const parsed = Number(next);
+            if (!Number.isInteger(parsed) || parsed <= 0) {
+                throw new Error("--registry-timeout-ms must be a positive integer");
+            }
+            options.registryTimeoutMs = parsed;
+            i += 1;
+            continue;
+        }
+        if (current === "--registry-timeout-ms") {
+            throw new Error("Missing value for --registry-timeout-ms");
+        }
+        if (current === "--registry-retries" && next) {
+            const parsed = Number(next);
+            if (!Number.isInteger(parsed) || parsed <= 0) {
+                throw new Error("--registry-retries must be a positive integer");
+            }
+            options.registryRetries = parsed;
+            i += 1;
+            continue;
+        }
+        if (current === "--registry-retries") {
+            throw new Error("Missing value for --registry-retries");
+        }
+        if (current === "--help" || current === "-h") {
+            process.stdout.write(REVIEW_HELP);
+            process.exit(0);
+        }
+        if (current.startsWith("-"))
+            throw new Error(`Unknown review option: ${current}`);
+        throw new Error(`Unexpected review argument: ${current}`);
+    }
+    return options;
+}
+const REVIEW_HELP = `
+rup review — Guided dependency review across updates, security, peer conflicts, and policy
+Usage:
+  rup review [options]
+Options:
+  --interactive           Launch the interactive review TUI
+  --security-only         Show only packages with advisories
+  --risk <level>          Minimum risk: critical, high, medium, low
+  --diff <level>          Filter by patch, minor, major, latest
+  --apply-selected        Apply all filtered updates after review
+  --workspace             Scan all workspace packages
+  --policy-file <path>    Load policy overrides
+  --json-file <path>      Write JSON review report to file
+  --registry-timeout-ms <n>
+  --registry-retries <n>
+  --concurrency <n>
+  --cwd <path>
+`.trimStart();

package/dist/commands/review/runner.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ import type { ReviewOptions, ReviewResult } from "../../types/index.js";
2	+ export declare function runReview(options: ReviewOptions): Promise<ReviewResult>;

package/dist/commands/review/runner.js ADDED Viewed

@@ -0,0 +1,30 @@
+import process from "node:process";
+import { runTui } from "../../ui/tui.js";
+import { buildReviewResult, renderReviewResult } from "../../core/review-model.js";
+import { applySelectedUpdates } from "../../core/upgrade.js";
+import { stableStringify } from "../../utils/stable-json.js";
+import { writeFileAtomic } from "../../utils/io.js";
+export async function runReview(options) {
+    const review = await buildReviewResult(options);
+    let selectedUpdates = review.updates;
+    if (options.interactive && review.updates.length > 0) {
+        selectedUpdates = await runTui(review.updates);
+    }
+    if (options.applySelected && selectedUpdates.length > 0) {
+        await applySelectedUpdates({
+            ...options,
+            install: false,
+            packageManager: "auto",
+            sync: false,
+        }, selectedUpdates);
+    }
+    process.stdout.write(renderReviewResult({
+        ...review,
+        updates: selectedUpdates,
+        items: review.items.filter((item) => selectedUpdates.some((selected) => selected.name === item.update.name && selected.packagePath === item.update.packagePath)),
+    }) + "\n");
+    if (options.jsonFile) {
+        await writeFileAtomic(options.jsonFile, stableStringify(review, 2) + "\n");
+    }
+    return review;
+}

package/dist/config/loader.d.ts CHANGED Viewed

@@ -35,6 +35,9 @@ export interface FileConfig {
     onlyChanged?: boolean;
     ciProfile?: CiProfile;
     lockfileMode?: LockfileMode;
+    interactive?: boolean;
+    showImpact?: boolean;
+    showHomepage?: boolean;
     install?: boolean;
     packageManager?: "auto" | "npm" | "pnpm";
     sync?: boolean;

package/dist/core/check.js CHANGED Viewed

@@ -9,6 +9,8 @@ import { detectPackageManager } from "../pm/detect.js";
 import { discoverPackageDirs } from "../workspace/discover.js";
 import { loadPolicy, resolvePolicyRule } from "../config/policy.js";
 import { createSummary, finalizeSummary } from "./summary.js";
+import { applyImpactScores } from "./impact.js";
+import { formatClassifiedMessage } from "./errors.js";
 export async function check(options) {
     const startedAt = Date.now();
     let discoveryMs = 0;
@@ -28,7 +30,13 @@ export async function check(options) {
     const errors = [];
     const warnings = [];
     if (cache.degraded) {
-        warnings.push("SQLite cache backend unavailable in Bun runtime. Falling back to file cache backend.");
+        warnings.push(formatClassifiedMessage({
+            code: "CACHE_BACKEND_FALLBACK",
+            whatFailed: cache.fallbackReason ?? "Preferred SQLite cache backend is unavailable.",
+            intact: "Dependency analysis continues with the file cache backend.",
+            validity: "partial",
+            next: "Run `rup warm-cache` after restoring SQLite support if you want the preferred backend again.",
+        }));
     }
     let totalDependencies = 0;
     const tasks = [];
@@ -85,6 +93,7 @@ export async function check(options) {
                 latestVersion: cached.latestVersion,
                 availableVersions: cached.availableVersions,
                 publishedAtByVersion: {},
+                hasInstallScript: false,
             });
         }
         else {
@@ -102,11 +111,18 @@ export async function check(options) {
                         latestVersion: stale.latestVersion,
                         availableVersions: stale.availableVersions,
                         publishedAtByVersion: {},
+                        hasInstallScript: false,
                     });
                     warnings.push(`Using stale cache for ${packageName} because --offline is enabled.`);
                 }
                 else {
-                    errors.push(`Offline cache miss for ${packageName}. Run once without --offline to warm cache.`);
+                    errors.push(formatClassifiedMessage({
+                        code: "REGISTRY_ERROR",
+                        whatFailed: `Offline cache miss for ${packageName}.`,
+                        intact: "Local manifests and previously cached packages remain unchanged.",
+                        validity: "invalid",
+                        next: `Run \`rup warm-cache --cwd ${options.cwd}\` or retry without --offline.`,
+                    }));
                 }
             }
             cacheMs += Date.now() - cacheFallbackStartedAt;
@@ -125,6 +141,9 @@ export async function check(options) {
                     latestVersion: metadata.latestVersion,
                     availableVersions: metadata.versions,
                     publishedAtByVersion: metadata.publishedAtByVersion,
+                    homepage: metadata.homepage,
+                    repository: metadata.repository,
+                    hasInstallScript: metadata.hasInstallScript,
                 });
                 if (metadata.latestVersion) {
                     await cache.set(packageName, options.target, metadata.latestVersion, metadata.versions, options.cacheTtlSeconds);
@@ -139,12 +158,24 @@ export async function check(options) {
                         latestVersion: stale.latestVersion,
                         availableVersions: stale.availableVersions,
                         publishedAtByVersion: {},
+                        hasInstallScript: false,
                     });
                     warnings.push(`Using stale cache for ${packageName} due to registry error: ${error}`);
                 }
                 else {
-                    errors.push(`Unable to resolve ${packageName}: ${error}`);
-                    emitStream(`[error] Unable to resolve ${packageName}: ${error}`);
+                    const classified = formatClassifiedMessage({
+                        code: error.includes("401") || error.includes("403")
+                            ? "AUTH_ERROR"
+                            : "REGISTRY_ERROR",
+                        whatFailed: `Unable to resolve ${packageName}: ${error}.`,
+                        intact: "Other package results and local files remain intact.",
+                        validity: "partial",
+                        next: error.includes("401") || error.includes("403")
+                            ? "Check .npmrc scoped registry credentials and retry."
+                            : "Retry `rup check` or warm the cache before offline runs.",
+                    });
+                    errors.push(classified);
+                    emitStream(`[error] ${classified}`);
                 }
             }
             cacheMs += Date.now() - cacheStaleStartedAt;
@@ -182,10 +213,12 @@ export async function check(options) {
             filtered: false,
             autofix: rule?.autofix !== false,
             reason: rule?.maxTarget ? `policy maxTarget=${rule.maxTarget}` : undefined,
+            homepage: metadata.homepage,
         });
         emitStream(`[update] ${task.dependency.name} ${task.dependency.range} -> ${nextRange} (${classifyDiff(task.dependency.range, picked)})`);
     }
-    const grouped = groupUpdates(updates, options.groupBy);
+    const scoredUpdates = applyImpactScores(updates);
+    const grouped = groupUpdates(scoredUpdates, options.groupBy);
     const groupedUpdates = grouped.length;
     const groupedSorted = sortUpdates(grouped.flatMap((group) => group.items));
     const groupedCapped = typeof options.groupMax === "number" ? groupedSorted.slice(0, options.groupMax) : groupedSorted;
@@ -219,6 +252,7 @@ export async function check(options) {
         policyOverridesApplied,
     }));
     summary.streamedEvents = streamedEvents;
+    summary.riskPackages = limitedUpdates.filter((item) => item.impactScore?.rank === "critical" || item.impactScore?.rank === "high").length;
     return {
         projectPath: options.cwd,
         packagePaths: packageDirs,

package/dist/core/errors.d.ts ADDED Viewed

@@ -0,0 +1,11 @@
+export type ErrorCode = "REGISTRY_ERROR" | "AUTH_ERROR" | "ADVISORY_SOURCE_DEGRADED" | "ADVISORY_SOURCE_DOWN" | "CACHE_BACKEND_FALLBACK";
+export type ErrorValidity = "partial" | "invalid" | "intact";
+export interface ClassifiedMessageInput {
+    code: ErrorCode;
+    whatFailed: string;
+    intact: string;
+    validity: ErrorValidity;
+    next: string;
+}
+export declare function formatClassifiedMessage(input: ClassifiedMessageInput): string;
+export declare function hasErrorCode(value: string, code: ErrorCode): boolean;

package/dist/core/errors.js ADDED Viewed

@@ -0,0 +1,6 @@
+export function formatClassifiedMessage(input) {
+    return `[${input.code}] ${input.whatFailed} Intact: ${input.intact} Result: ${input.validity}. Next: ${input.next}`;
+}
+export function hasErrorCode(value, code) {
+    return value.startsWith(`[${code}]`);
+}

package/dist/core/options.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import type { BaselineOptions, CheckOptions, UpgradeOptions, AuditOptions, BisectOptions, HealthOptions, UnusedOptions, ResolveOptions, LicenseOptions, SnapshotOptions } from "../types/index.js";
+import type { BaselineOptions, CheckOptions, UpgradeOptions, AuditOptions, BisectOptions, HealthOptions, UnusedOptions, ResolveOptions, LicenseOptions, SnapshotOptions, ReviewOptions, DoctorOptions, RiskLevel } from "../types/index.js";
 import type { InitCiMode, InitCiSchedule } from "./init-ci.js";
 export type ParsedCliArgs = {
     command: "check";
@@ -46,5 +46,12 @@ export type ParsedCliArgs = {
 } | {
     command: "snapshot";
     options: SnapshotOptions;
+} | {
+    command: "review";
+    options: ReviewOptions;
+} | {
+    command: "doctor";
+    options: DoctorOptions;
 };
 export declare function parseCliArgs(argv: string[]): Promise<ParsedCliArgs>;
+export declare function ensureRiskLevel(value: string): RiskLevel;

package/dist/core/options.js CHANGED Viewed

@@ -21,6 +21,8 @@ const KNOWN_COMMANDS = [
     "resolve",
     "licenses",
     "snapshot",
+    "review",
+    "doctor",
 ];
 export async function parseCliArgs(argv) {
     const firstArg = argv[0];
@@ -62,6 +64,14 @@ export async function parseCliArgs(argv) {
         const { parseSnapshotArgs } = await import("../commands/snapshot/parser.js");
         return { command, options: parseSnapshotArgs(args) };
     }
+    if (command === "review") {
+        const { parseReviewArgs } = await import("../commands/review/parser.js");
+        return { command, options: parseReviewArgs(args) };
+    }
+    if (command === "doctor") {
+        const { parseDoctorArgs } = await import("../commands/doctor/parser.js");
+        return { command, options: parseDoctorArgs(args) };
+    }
     const base = {
         cwd: process.cwd(),
         target: "latest",
@@ -99,6 +109,9 @@ export async function parseCliArgs(argv) {
         onlyChanged: false,
         ciProfile: "minimal",
         lockfileMode: "preserve",
+        interactive: false,
+        showImpact: false,
+        showHomepage: false,
     };
     let force = false;
     let initCiMode = "enterprise";
@@ -429,6 +442,18 @@ export async function parseCliArgs(argv) {
             base.onlyChanged = true;
             continue;
         }
+        if (current === "--interactive") {
+            base.interactive = true;
+            continue;
+        }
+        if (current === "--show-impact") {
+            base.showImpact = true;
+            continue;
+        }
+        if (current === "--show-homepage") {
+            base.showHomepage = true;
+            continue;
+        }
         if (current === "--lockfile-mode" && next) {
             base.lockfileMode = ensureLockfileMode(next);
             index += 1;
@@ -639,6 +664,15 @@ function applyConfig(base, config) {
     if (typeof config.lockfileMode === "string") {
         base.lockfileMode = ensureLockfileMode(config.lockfileMode);
     }
+    if (typeof config.interactive === "boolean") {
+        base.interactive = config.interactive;
+    }
+    if (typeof config.showImpact === "boolean") {
+        base.showImpact = config.showImpact;
+    }
+    if (typeof config.showHomepage === "boolean") {
+        base.showHomepage = config.showHomepage;
+    }
 }
 function parsePackageManager(args) {
     const index = args.indexOf("--pm");
@@ -743,3 +777,12 @@ function ensureLockfileMode(value) {
     }
     throw new Error("--lockfile-mode must be preserve, update or error");
 }
+export function ensureRiskLevel(value) {
+    if (value === "critical" ||
+        value === "high" ||
+        value === "medium" ||
+        value === "low") {
+        return value;
+    }
+    throw new Error("--risk must be critical, high, medium or low");
+}

package/dist/core/review-model.d.ts ADDED Viewed

@@ -0,0 +1,5 @@
+import type { CheckOptions, DoctorOptions, DoctorResult, ReviewOptions, ReviewResult } from "../types/index.js";
+export declare function buildReviewResult(options: ReviewOptions | DoctorOptions | CheckOptions): Promise<ReviewResult>;
+export declare function createDoctorResult(review: ReviewResult): DoctorResult;
+export declare function renderReviewResult(review: ReviewResult): string;
+export declare function renderDoctorResult(result: DoctorResult, verdictOnly?: boolean): string;