npm - @rtorcato/js-tooling - Versions diffs - 2.14.0 → 2.15.0 - Mend

@rtorcato/js-tooling 2.14.0 → 2.15.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/cli/commands/doctor.js +18 -2
package/dist/cli/commands/fix-targets.js +1 -0
package/dist/cli/commands/fix.js +32 -2
package/dist/cli/generators/security.js +22 -0
package/dist/cli/index.js +6 -0
package/package.json +2 -2

package/dist/cli/commands/doctor.js CHANGED Viewed

@@ -529,11 +529,27 @@ async function checkDependabot(dir) {
             };
         }
     }
+    for (const candidate of [
+        'renovate.json',
+        'renovate.json5',
+        '.github/renovate.json',
+        '.github/renovate.json5',
+        '.renovaterc',
+        '.renovaterc.json',
+    ]) {
+        if (await fs.pathExists(path.join(dir, candidate))) {
+            return {
+                check: 'Dependabot',
+                status: 'ok',
+                detail: `${candidate} found (Renovate)`,
+            };
+        }
+    }
     return {
         check: 'Dependabot',
         status: 'optional-missing',
-        detail: 'no .github/dependabot.yml',
-        hint: 'Run `npx @rtorcato/js-tooling fix dependabot` to scaffold weekly dep updates',
+        detail: 'no Dependabot or Renovate config',
+        hint: 'Run `npx @rtorcato/js-tooling fix dependabot` (or `fix renovate`) to scaffold weekly dep updates',
     };
 }
 async function checkCodeQL(dir) {

package/dist/cli/commands/fix-targets.js CHANGED Viewed

@@ -110,6 +110,7 @@ export function lockfilePatchForTarget(target, lock) {
         case 'semantic-release':
             return c.semanticRelease ? null : { semanticRelease: true };
         case 'dependabot':
+        case 'renovate':
         case 'codeql':
             return c.securityAutomation ? null : { securityAutomation: true };
         case 'tsconfig':

package/dist/cli/commands/fix.js CHANGED Viewed

@@ -10,7 +10,7 @@ import { generateESLintConfig, generatePrettierConfig } from '../generators/lint
 import { ensureEnginesNode, generateCodeowners, generateEditorConfig, generateKnipConfig, generateNvmrc, generateSizeLimitConfig, } from '../generators/misc.js';
 import { generateConfigs } from '../generators/index.js';
 import { composeVerifyScriptFromPkg } from '../generators/package-json.js';
-import { generateCodeQLWorkflow, generateDependabotConfig } from '../generators/security.js';
+import { generateCodeQLWorkflow, generateDependabotConfig, generateRenovateConfig, } from '../generators/security.js';
 import { generateVitestConfig } from '../generators/testing.js';
 import { generateTreeshakeCheck, inferSubpathsFromExports } from '../generators/treeshake.js';
 import { copyPreset } from '../utils/copy-preset.js';
@@ -222,6 +222,17 @@ const FIXERS = [
             return { filesWritten: ['.github/dependabot.yml'] };
         },
     },
+    {
+        target: 'renovate',
+        description: 'Scaffold renovate.json (weekly schedule; alternative to Dependabot)',
+        appliesTo: ['Dependabot'],
+        outputs: ['renovate.json'],
+        riskLevel: 'safe-add',
+        async run({ targetDir }) {
+            await generateRenovateConfig(targetDir);
+            return { filesWritten: ['renovate.json'] };
+        },
+    },
     {
         target: 'codeql',
         description: 'Scaffold .github/workflows/codeql.yml (security scanning)',
@@ -393,6 +404,18 @@ const FIXERS = [
 export function getFixers() {
     return FIXERS;
 }
+async function ownOutputsPresent(targetDir, fixer) {
+    for (const out of fixer.outputs) {
+        // Outputs that reference a package.json field (e.g. "package.json (scripts.verify)")
+        // can't be cheaply file-checked here; treat as present so we don't accidentally
+        // re-run safe-merge fixers on every targeted invocation.
+        if (out.includes('('))
+            return true;
+        if (await fs.pathExists(path.join(targetDir, out)))
+            return true;
+    }
+    return false;
+}
 function findFixer(target) {
     const normalized = target.toLowerCase();
     return FIXERS.find((f) => f.target.toLowerCase() === normalized);
@@ -587,7 +610,14 @@ export async function fixCommand(target, options = {}) {
         // fixable when the user explicitly targets it — treat it as optional-missing
         // so the override + lockfile resync paths run.
         const lockfileDemoted = lock !== null && declinedInLock(lock, result.check);
-        const effectiveResult = result.status === 'ok' && lockfileDemoted ? { ...result, status: 'optional-missing' } : result;
+        // When multiple fixers share a check (e.g. dependabot + renovate both apply to
+        // "Dependabot" deps-update coverage), the check can be `ok` from a sibling tool
+        // while this fixer's own outputs are still absent. In that case, treat as missing
+        // so the targeted scaffold runs.
+        const fixerOutputsPresent = await ownOutputsPresent(targetDir, fixer);
+        const effectiveResult = result.status === 'ok' && (lockfileDemoted || !fixerOutputsPresent)
+            ? { ...result, status: 'optional-missing' }
+            : result;
         if (effectiveResult.status === 'ok') {
             actions.push(recordFor(fixer.target, result.check, 'ok', 'already-ok', []));
             if (json)

package/dist/cli/generators/security.js CHANGED Viewed

@@ -24,6 +24,28 @@ updates:
 `;
     await fs.writeFile(filepath, content);
 }
+export async function generateRenovateConfig(targetDir) {
+    const filepath = path.join(targetDir, 'renovate.json');
+    const content = `${JSON.stringify({
+        $schema: 'https://docs.renovatebot.com/renovate-schema.json',
+        extends: ['config:recommended', ':semanticCommits', ':semanticCommitTypeAll(chore)'],
+        schedule: ['before 4am on Monday'],
+        prConcurrentLimit: 10,
+        prHourlyLimit: 0,
+        rangeStrategy: 'bump',
+        packageRules: [
+            {
+                matchManagers: ['github-actions'],
+                commitMessagePrefix: 'chore(ci):',
+            },
+            {
+                matchManagers: ['npm'],
+                commitMessagePrefix: 'chore(deps):',
+            },
+        ],
+    }, null, 2)}\n`;
+    await fs.writeFile(filepath, content);
+}
 export async function generateCodeQLWorkflow(targetDir) {
     await fs.ensureDir(path.join(targetDir, '.github', 'workflows'));
     const filepath = path.join(targetDir, '.github', 'workflows', 'codeql.yml');

package/dist/cli/index.js CHANGED Viewed

@@ -184,6 +184,12 @@ const TOOL_CATALOG = [
         exports: [],
         fixTarget: 'dependabot',
     },
+    {
+        name: 'Renovate',
+        description: 'Weekly automated dependency updates (alternative to Dependabot)',
+        exports: [],
+        fixTarget: 'renovate',
+    },
     {
         name: 'CodeQL',
         description: 'GitHub security scanning workflow',

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
 	"name": "@rtorcato/js-tooling",
-	"version": "2.14.0",
+	"version": "2.15.0",
 	"description": "JavaScript and TypeScript tooling for Node.js, React, Next.js, and Vitest.",
 	"type": "module",
 	"keywords": [
@@ -240,7 +240,7 @@
 		"ts-jest": "^29.0.0",
 		"tsup": "^8.0.0",
 		"typescript": ">=5.0.0",
-		"typescript-eslint": "*",
+		"typescript-eslint": "^8.0.0",
 		"vitest": ">=3.0.0"
 	},
 	"peerDependenciesMeta": {