@rio-cloud/rio-license-checker 1.1.7 → 1.2.0

package/README.md

@@ -1,58 +1,93 @@
-# rio-license-checker
+# [@rio-cloud/rio-license-checker](https://www.npmjs.com/package/@rio-cloud/rio-license-checker)
 
-Easy-to-use tool to run a license check according to the RIO guidelines.
+Helps checking third-party libraries' licenses according to RIO guidelines.
 
-It does the following:
+## Usage
 
-* download the latest version of the RIO license whitelist for the given project type from the central RIO license S3 bucket
-* run a 3rd party license checker tool to crawl the licenses of the project in the given directory (or `.`, if not specified)
-* compare the licenses found with the RIO whitelist
-  * if a license is found that is not in the whitelist: fail with nonzero exit code
-  * if all licenses are compliant: upload a license report to the central RIO license S3 bucket (only if the `--upload` flag is set)
+```shell
+# general usage information
+npx @rio-cloud/rio-license-checker help
 
-Nothing of that is really new - this is supposed to be a testable, maintainable drop-in replacement for the code snippets & scripts we currently copy-paste from one repo to another.
+# information on the default "run-check" command
+npx @rio-cloud/rio-license-checker help run-check
 
-Currently supports:
+# information on the "download-whitelist" command
+npx @rio-cloud/rio-license-checker help download-whitelist
 
-* npm frontend projects
-* npm backend projects
-* gradle projects
+# information on the "upload-report" command
+npx @rio-cloud/rio-license-checker help upload-report
+```
 
-## License Check Implementation
+The `run-check` command is the default command. The command name is optional:
 
-### npm
+```shell
+npx @rio-cloud/rio-license-checker run-check -a rio-example -s example-service -t npm-frontend
+# is the same as
+npx @rio-cloud/rio-license-checker -a rio-example -s example-service -t npm-frontend
+```
 
-* The underlying license checker tool is [license-checker-rseidelsohn](https://www.npmjs.com/package/license-checker-rseidelsohn).
-* The license checker generates a report and compares the licenses to the passed whitelist.
-* The application's own package is automatically excluded from the report, as it (usually) does not have a license.
-* For testability reasons, we cannot use the programmatic interface of the tool. Instead, we call it as a subprocess via `zx`.
-* You can exclude dependencies by creating a `oss-licenses-ignore-packages.txt` file in the project directory.
+## Automatic mode (a.k.a. `run-check`)
+
+1. Downloads the appropriate license whitelist that's curated by the RIO Security Guild from a central location.
+2. Orchestrates a 3rd-party license checking tool to inspect your project's dependencies.
+   * If any dependency is found with non-compliant license information, this tool will exit with a non-zero code.
+   * If all dependencies are okay: generate a report file containing the list of dependencies, their versions, and their
+     respective license information.
+3. Uploads the report to a central location (optional; this is only done when the `--upload` flag is set). 
 
-### gradle
+### `gradle`
 
 * The underlying license report tool is [hierynomus/license-gradle-plugin](https://github.com/hierynomus/license-gradle-plugin).
 * You need to *include & configure the plugin in your `build.gradle.kts`*.
 * The output of the plugin is compared with the whitelist programmatically (as we used to do in the `build.gradle.kts`).
 * For subprojects, you need a separate invocation of the license checker, where the directory points to the subproject.
-   * Currently, only subprojects directly below the root project are supported (limited by where the checker looks for the gradle wrapper).
-   * When doing so, take care to specify a different service name to prevent overwriting the license report of the root project.
-   * Please see below for an example.
+    * Currently, only subprojects directly below the root project are supported (limited by where the checker looks for
+      the gradle wrapper).
+    * When doing so, take care to specify a different service name to prevent overwriting the license report of the root
+      project.
+    * Please see below for examples.
 
-```
+```shell
 npx @rio-cloud/rio-license-checker -a rio-example -s example-service -t gradle
 npx @rio-cloud/rio-license-checker -a rio-example -s example-service_sub-project -t gradle -d ./sub-project
 ```
 
-## Usage
+### `npm-frontend` and `npm-backend`
 
-Show usage
+* The underlying license checker tool is [license-checker-rseidelsohn](https://www.npmjs.com/package/license-checker-rseidelsohn).
+* The license checker generates a report and compares the licenses to the passed whitelist.
+* The application's own package is automatically excluded from the report, as it (usually) does not have a license.
+* For testability reasons, we cannot use the programmatic interface of the tool. Instead, we call it as a subprocess via
+  `zx`.
+* You can exclude dependencies by creating a `oss-licenses-ignore-packages.txt` file in the project directory.
+* Note that this will _statically_ inspect the dependencies as defined in your `package.json`. Especially for frontends,
+  this might not be accurate enough. Check out the "manual" type for `npm-frontend-bundled` below.
+
+## `download-whitelist`
+
+To just download the appropriate whitelist file as-is without any processing or running the check, you can use the
+`download-whitelist` command:
 
 ```shell
-npx @rio-cloud/rio-license-checker -h
+npx @rio-cloud/rio-license-checker download-whitelist -t npm-frontend-bundled
 ```
 
-Run the license check for a project. Requires AWS credentials (RIO developer role), e.g. via `AWS_PROFILE=...`.
+Note that this will only work when the current session has access to AWS.
+
+Also note that this only supports the "npm-frontend-bundled" type at the moment, which will save the whitelist as
+`frontend-license-whitelist.json` in the project directory.
+
+This command supports a `directory` and `verbose` option, as well. Check out the usage docs for more info.
+
+## `upload-report`
+
+If your license check is handled by another tool during the build, you can use the `upload-report` command to upload the
+report output from a given file.
 
 ```shell
-npx @rio-cloud/rio-license-checker -a rio-example -s example-service -t npm-frontend --verbose
+npx @rio-cloud/rio-license-checker upload-report -a rio-example -s example-service -t npm-frontend-bundled -r ./build/libraries.json
 ```
+
+Note that this only supports the "npm-frontend-bundled" type at the moment.
+
+This command supports a `verbose` option, as well. Check out the usage docs for more info.

package/dist/index.mjs

@@ -1,35 +1,14 @@
 #!/usr/bin/env node
 import { createRequire } from "node:module";
-import * as fs$1 from "node:fs";
-import * as path$1 from "node:path";
-import { Command, Option } from "commander";
+import { Command, CommanderError, Option } from "commander";
+import fs from "node:fs";
+import path from "node:path";
 import logger from "loglevel";
 import { GetObjectCommand, PutObjectCommand, S3Client } from "@aws-sdk/client-s3";
 import { GetParameterCommand, SSMClient } from "@aws-sdk/client-ssm";
-import { $, fs, path } from "zx";
+import { $, fs as fs$1, path as path$1 } from "zx";
 
-//#region src/types.ts
-var LicenseCheckError = class extends Error {
-	constructor(message) {
-		super(message);
-		this.name = "LicenseCheckError";
-	}
-};
-var CliArgsError = class extends Error {
-	constructor(message) {
-		super(message);
-		this.name = "CliArgsError";
-	}
-};
-let LicenseCheckType = /* @__PURE__ */ function(LicenseCheckType$1) {
-	LicenseCheckType$1["NPM_BACKEND"] = "npm-backend";
-	LicenseCheckType$1["NPM_FRONTEND"] = "npm-frontend";
-	LicenseCheckType$1["GRADLE"] = "gradle";
-	return LicenseCheckType$1;
-}({});
-
-//#endregion
-//#region src/license-bucket.ts
+//#region src/s3/license-bucket.ts
 let ossLicensesBucketName;
 const OSS_LICENSES_BUCKET_NAME_SSM_PARAMETER = "/config/oss-licenses/bucket-name";
 const getOssLicensesBucketName = async () => {
@@ -43,27 +22,29 @@ const getOssLicensesBucketName = async () => {
 	}
 	return ossLicensesBucketName;
 };
-const getWhitelistKey = (checkType) => {
-	switch (checkType) {
-		case LicenseCheckType.NPM_FRONTEND: return "whitelist-npm-frontend.txt";
-		case LicenseCheckType.NPM_BACKEND: return "whitelist-npm-backend.txt";
-		case LicenseCheckType.GRADLE: return "whitelist-gradle.txt";
-		default: throw new Error(`Unknown whitelist type: ${checkType}`);
-	}
+const s3Keys = {
+	"npm-frontend": "whitelist-npm-frontend.txt",
+	"npm-backend": "whitelist-npm-backend.txt",
+	gradle: "whitelist-gradle.txt",
+	"npm-frontend-bundled": "whitelist-npm-frontend-bundled.json"
 };
-const downloadWhitelist = async (checkType) => {
+const downloadWhitelistFile = async (checkType) => {
 	const getWhitelistObject = new GetObjectCommand({
 		Bucket: await getOssLicensesBucketName(),
-		Key: getWhitelistKey(checkType)
+		Key: s3Keys[checkType]
 	});
 	const whitelistResponse = await new S3Client().send(getWhitelistObject);
 	if (!whitelistResponse.Body) throw new Error("No whitelist found");
-	return (await whitelistResponse.Body.transformToString()).split("\n").map((line) => stripQuotes(line)).filter((line) => line.trim().length > 0);
+	return whitelistResponse.Body.transformToString();
+};
+const downloadAutomaticWhitelist = async (checkType) => {
+	return (await downloadWhitelistFile(checkType)).split("\n").map(stripQuotes).filter(removeEmptyLines);
 };
 const stripQuotes = (line) => {
 	if (line.startsWith("\"") && line.endsWith("\"")) return line.slice(1, -1);
 	return line;
 };
+const removeEmptyLines = (line) => line.trim().length > 0;
 const uploadLicenseReport = async (accountName, serviceName, type, report) => {
 	const s3Client = new S3Client();
 	const putObjectCommand = new PutObjectCommand({
@@ -75,7 +56,45 @@ const uploadLicenseReport = async (accountName, serviceName, type, report) => {
 };
 
 //#endregion
-//#region src/license-checker-gradle.ts
+//#region src/cli/downloadWhitelistFileCommand.ts
+const downloadWhitelistFileCommand = new Command("download-whitelist").description("Download the license whitelist (experimental)").addOption(new Option("-t, --type <type>", "Type of the license check. (only supports \"npm-frontend-bundled\" for now)").makeOptionMandatory(true).choices(["npm-frontend-bundled"])).option("-d, --directory <directory>", "Directory to save the downloaded whitelist file to", process.cwd()).option("-v, --verbose", "Enable debug logging", false).action(async ({ type, directory, verbose }) => {
+	logger.setLevel(verbose ? "debug" : "info");
+	const licenseWhitelistFileContent = await downloadWhitelistFile(type);
+	const prettyJson = JSON.stringify(JSON.parse(licenseWhitelistFileContent), null, 2);
+	logger.debug(`Licenses whitelist:\n----------------\n${prettyJson}\n----------------`);
+	const whitelistFilePath = await saveWhitelistFile(directory, type, licenseWhitelistFileContent);
+	logger.info(`Successfully downloaded whitelist file into ${whitelistFilePath}`);
+});
+const whitelistFilenames = { "npm-frontend-bundled": "frontend-license-whitelist.json" };
+const saveWhitelistFile = async (directory, checkType, content) => {
+	const filename = whitelistFilenames[checkType];
+	const filePath = path.join(directory, filename);
+	await fs.promises.writeFile(filePath, content, "utf8");
+	return filePath;
+};
+
+//#endregion
+//#region src/types.ts
+var LicenseCheckError = class extends Error {
+	constructor(message) {
+		super(message);
+		this.name = "LicenseCheckError";
+	}
+};
+var CliArgsError = class extends Error {
+	constructor(message) {
+		super(message);
+		this.name = "CliArgsError";
+	}
+};
+const automaticWhitelists = [
+	"npm-backend",
+	"npm-frontend",
+	"gradle"
+];
+
+//#endregion
+//#region src/integrations/license-checker-gradle.ts
 const normalizeLicenseReport = (report) => {
 	const sortedLicences = report.licences.map((license) => ({
 		...license,
@@ -110,8 +129,8 @@ const callGradleLicenseChecker = async ({ directory, licenseWhitelist }) => {
 		quiet: true
 	})`./${gradleWrapper} downloadLicenses`;
 	if (result.exitCode !== 0) throw new LicenseCheckError(`NOTE: This script requires the license-gradle-plugin to be configured, so that the script ./gradlew downloadLicenses works.\nSee https://github.com/hierynomus/license-gradle-plugin for details.\n${result.stderr.trimEnd()}`);
-	const licensesByLicenseNameFile = path.join(directory, "build", "reports", "license", "license-dependency.json");
-	const licensesByLicenseName = normalizeLicenseReport(JSON.parse(await fs.readFile(licensesByLicenseNameFile, "utf8")));
+	const licensesByLicenseNameFile = path$1.join(directory, "build", "reports", "license", "license-dependency.json");
+	const licensesByLicenseName = normalizeLicenseReport(JSON.parse(await fs$1.readFile(licensesByLicenseNameFile, "utf8")));
 	if (licensesByLicenseName.licences.length === 0) throw new LicenseCheckError("List of licenses is empty. It is highly unlikely your project has no dependencies. Check the configuration of the license-gradle-plugin.");
 	const allowedLicenses = new Set(licenseWhitelist);
 	const notAllowedLicenses = /* @__PURE__ */ new Set();
@@ -123,14 +142,14 @@ const callGradleLicenseChecker = async ({ directory, licenseWhitelist }) => {
 	return JSON.stringify(licensesByLicenseName, null, 2);
 };
 const discoverGradleWrapper = async (directory) => {
-	const gradleWrapperFile = path.join(directory, "gradlew");
-	if (fs.existsSync(gradleWrapperFile)) return "gradlew";
-	if (fs.existsSync(path.join(directory, "..", "gradlew"))) return "../gradlew";
+	const gradleWrapperFile = path$1.join(directory, "gradlew");
+	if (fs$1.existsSync(gradleWrapperFile)) return "gradlew";
+	if (fs$1.existsSync(path$1.join(directory, "..", "gradlew"))) return "../gradlew";
 	throw new LicenseCheckError(`Could not find gradle wrapper in ${directory} or the parent directory. Please ensure that the gradle wrapper is present.`);
 };
 
 //#endregion
-//#region src/license-checker-npm.ts
+//#region src/integrations/license-checker-npm.ts
 const resolveLicenseCheckerPath = () => {
 	return createRequire(import.meta.url).resolve("license-checker-rseidelsohn/bin/license-checker-rseidelsohn");
 };
@@ -157,60 +176,93 @@ const callNpmLicenseChecker = async ({ directory, licenseWhitelist, excludePacka
 };
 
 //#endregion
-//#region src/cli.ts
-const cli = async (args) => {
-	const program = new Command();
-	program.name("check-licenses").option("-a, --account-name <account>", "Account / context name").option("-s, --service-name <service>", "Service name").addOption(new Option("-t, --type <type>", "Type of the license check").makeOptionMandatory(true).choices(Object.values(LicenseCheckType))).addOption(new Option("-d, --directory <directory>", "Directory to check licenses for (defaults to current directory)").default(process.cwd())).addOption(new Option("-u, --upload", "Upload license report to S3").default(false)).addOption(new Option("-v, --verbose", "Enable debug logging").default(false)).parse(args);
-	logger.setLevel(program.opts().verbose ? "debug" : "info");
-	const contextName = program.opts().accountName;
-	const serviceName = program.opts().serviceName;
-	const checkType = parseType(program.opts().type);
-	const upload = program.opts().upload;
-	if (!contextName) {
-		if (upload) throw new CliArgsError("Account name must not be empty when --upload is specified");
-	} else if (!contextName.match(/^[a-zA-Z0-9-_]+$/)) throw new CliArgsError("Account name must only contain alphanumeric characters, hyphens and underscores");
-	if (!serviceName) {
-		if (upload) throw new CliArgsError("Service name must not be empty when --upload is specified");
-	} else if (!serviceName.match(/^[a-zA-Z0-9-_]+$/)) throw new CliArgsError("Service name must only contain alphanumeric characters, hyphens and underscores");
-	const licenseWhitelist = await downloadWhitelist(checkType);
+//#region src/cli/validations.ts
+const validateAccountName = (accountName) => {
+	if (!accountName.match(/^[a-zA-Z0-9-_]+$/)) throw new CliArgsError("Account name must only contain alphanumeric characters, hyphens and underscores");
+};
+const validateServiceName = (serviceName) => {
+	if (!serviceName.match(/^[a-zA-Z0-9-_]+$/)) throw new CliArgsError("Service name must only contain alphanumeric characters, hyphens and underscores");
+};
+
+//#endregion
+//#region src/cli/runCheckCommand.ts
+const runCheckCommand = new Command("run-check").summary("(default) Run an automated license check and optionally upload the report to S3").description("This is the default command to be used for backend and \"traditional\" frontend projects.\n\nWill download the whitelist, then perform the check and upload the report in one single step.").addOption(new Option("-t, --type <type>", "Type of the license check").makeOptionMandatory(true).choices(automaticWhitelists)).option("-a, --account-name <account>", "Account / context name").option("-s, --service-name <service>", "Service name").option("-d, --directory <directory>", "Directory of the project to check licenses for", process.cwd()).option("-u, --upload", "Upload license report to S3", false).option("-v, --verbose", "Enable debug logging", false).action(async (options) => {
+	logger.setLevel(options.verbose ? "debug" : "info");
+	const contextName = options.accountName;
+	const serviceName = options.serviceName;
+	const checkType = options.type;
+	const upload = options.upload;
+	if (upload) {
+		if (!contextName) throw new CliArgsError("Account name must not be empty when --upload is specified");
+		validateAccountName(contextName);
+		if (!serviceName) throw new CliArgsError("Service name must not be empty when --upload is specified");
+		validateServiceName(serviceName);
+	}
+	const licenseWhitelist = await downloadAutomaticWhitelist(checkType);
 	logger.debug(`Licenses whitelist:\n----------------\n${licenseWhitelist.join("\n")}\n----------------`);
 	let result;
-	if ([LicenseCheckType.NPM_BACKEND, LicenseCheckType.NPM_FRONTEND].includes(checkType)) {
-		if (!fs$1.existsSync(path$1.join(program.opts().directory, "node_modules"))) throw new Error("No node_modules directory found. Please run \"npm ci\" before using the license checker.");
-		const excludeForApplicationPackage = getExcludeForApplicationPackage(program.opts().directory);
-		const ignorePackages = readIgnorePackages(program.opts().directory);
-		result = await callNpmLicenseChecker({
-			directory: program.opts().directory,
-			licenseWhitelist,
-			excludePackages: [excludeForApplicationPackage, ...ignorePackages]
-		});
-	} else if (checkType === LicenseCheckType.GRADLE) result = await callGradleLicenseChecker({
-		directory: program.opts().directory,
-		licenseWhitelist
-	});
-	else throw new Error(`Unknown license check type: ${program.opts().type}`);
+	switch (checkType) {
+		case "npm-backend":
+		case "npm-frontend": {
+			if (!fs.existsSync(path.join(options.directory, "node_modules"))) throw new Error("No node_modules directory found. Please run \"npm ci\" before using the license checker.");
+			const excludeForApplicationPackage = getExcludeForApplicationPackage(options.directory);
+			const ignorePackages = readIgnorePackages(options.directory);
+			result = await callNpmLicenseChecker({
+				directory: options.directory,
+				licenseWhitelist,
+				excludePackages: [excludeForApplicationPackage, ...ignorePackages]
+			});
+			break;
+		}
+		case "gradle":
+			result = await callGradleLicenseChecker({
+				directory: options.directory,
+				licenseWhitelist
+			});
+			break;
+		default: throw new Error(`Unknown license check type: ${options.type}`);
+	}
 	logger.debug(`License report:\n${result.trimEnd()}`);
 	if (upload) {
 		await uploadLicenseReport(contextName, serviceName, checkType, result);
 		logger.info(`Uploaded license report for ${contextName}/${serviceName}_${checkType}`);
 	}
-};
-const parseType = (value) => {
-	for (const type of Object.values(LicenseCheckType)) if (type === value) return type;
-	throw new Error(`Unknown whitelist type: ${value}`);
-};
+});
 const getExcludeForApplicationPackage = (directory) => {
-	const packageJson = JSON.parse(fs$1.readFileSync(path$1.join(directory, "package.json"), "utf8"));
+	const packageJson = JSON.parse(fs.readFileSync(path.join(directory, "package.json"), "utf8"));
 	const serviceVersion = packageJson.version;
 	return `${packageJson.name}@${serviceVersion}`;
 };
 const readIgnorePackages = (directory) => {
-	const ignorePackagesFile = path$1.join(directory, "oss-licenses-ignore-packages.txt");
+	const ignorePackagesFile = path.join(directory, "oss-licenses-ignore-packages.txt");
 	let ignorePackages = [];
-	if (fs$1.existsSync(ignorePackagesFile)) ignorePackages = fs$1.readFileSync(ignorePackagesFile, "utf8").split("\n").filter((line) => line.trim() !== "");
+	if (fs.existsSync(ignorePackagesFile)) ignorePackages = fs.readFileSync(ignorePackagesFile, "utf8").split("\n").filter((line) => line.trim() !== "");
 	return ignorePackages;
 };
 
+//#endregion
+//#region src/cli/uploadReportCommand.ts
+const uploadReportCommand = new Command("upload-report").description("Upload a license report (placeholder)").addOption(new Option("-t, --type <type>", "Type of the license check. (only supports \"npm-frontend-bundled\" for now)").makeOptionMandatory(true).choices(["npm-frontend-bundled"])).addOption(new Option("-a, --account-name <account>", "Account / context name").makeOptionMandatory(true)).addOption(new Option("-s, --service-name <service>", "Service name").makeOptionMandatory(true)).addOption(new Option("-r, --report-file <file>", "Path to the license report file").makeOptionMandatory(true)).option("-v, --verbose", "Enable debug logging", false).action(async ({ type, accountName, serviceName, reportFile, verbose }) => {
+	logger.setLevel(verbose ? "debug" : "info");
+	validateAccountName(accountName);
+	validateServiceName(serviceName);
+	const reportFileContent = await fs.promises.readFile(reportFile, "utf8");
+	logger.debug(`Report file:\n${reportFileContent}\n`);
+	await uploadLicenseReport(accountName, serviceName, type, reportFileContent);
+	logger.info(`Uploaded license report for ${accountName}/${serviceName}_${type}`);
+});
+
+//#endregion
+//#region src/cli.ts
+const wrapCommand = (command) => command.exitOverride((error) => {
+	throw error;
+});
+const cli = (args) => {
+	const program = new Command();
+	program.name("npx @rio-cloud/rio-license-checker").addCommand(wrapCommand(runCheckCommand), { isDefault: true }).addCommand(wrapCommand(downloadWhitelistFileCommand)).addCommand(wrapCommand(uploadReportCommand)).addHelpText("after", `\n"run-check" is the default command if you don't specify one.\nRun "npx @rio-cloud/rio-license-checker help run-check" for details.`);
+	return program.parseAsync(args);
+};
+
 //#endregion
 //#region src/index.ts
 try {
@@ -222,8 +274,9 @@ try {
 	} else if (error instanceof CliArgsError) {
 		console.error(error.message);
 		process.exit(3);
-	} else {
-		console.error(error);
+	} else if (error instanceof CommanderError) process.exit(error.exitCode);
+	else {
+		console.error("unknown error", error);
 		process.exit(1);
 	}
 }

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@rio-cloud/rio-license-checker",
-	"version": "1.1.7",
+	"version": "1.2.0",
 	"type": "module",
 	"license": "Apache-2.0",
 	"repository": {
@@ -14,8 +14,9 @@
 	},
 	"scripts": {
 		"build": "tsdown",
+		"dev": "tsdown --watch ./src",
 		"pretest": "tsc",
-		"test": "vitest run --test-timeout=60000",
+		"test": "vitest run",
 		"vulnerability-check": "npm audit --registry https://registry.npmjs.org --parseable --audit-level=moderate --omit=dev",
 		"bump": "commit-and-tag-version -a --no-verify",
 		"release": "npm run test && npm run bump",
@@ -30,15 +31,15 @@
 		"dist"
 	],
 	"dependencies": {
-		"@aws-sdk/client-s3": "3.932.0",
-		"@aws-sdk/client-ssm": "3.932.0",
+		"@aws-sdk/client-s3": "3.937.0",
+		"@aws-sdk/client-ssm": "3.936.0",
 		"commander": "14.0.2",
 		"license-checker-rseidelsohn": "4.4.2",
 		"loglevel": "1.9.2",
 		"zx": "8.8.5"
 	},
 	"devDependencies": {
-		"@biomejs/biome": "2.2.6",
+		"@biomejs/biome": "2.3.7",
 		"@rio-cloud/biome-config-claid": "1.0.0",
 		"@tsconfig/node22": "22.0.5",
 		"@types/jest": "30.0.0",
@@ -48,9 +49,9 @@
 		"aws-sdk-client-mock-jest": "4.1.0",
 		"chalk": "5.6.2",
 		"commit-and-tag-version": "12.6.0",
-		"tsdown": "0.16.5",
+		"tsdown": "0.16.6",
 		"typescript": "5.9.3",
-		"vitest": "3.2.4"
+		"vitest": "4.0.14"
 	},
 	"overrides": {
 		"form-data": ">=4.0.4",