@santi020k/dep-beacon-core 1.0.0

package/dist/text.js

@@ -0,0 +1,40 @@
+export const createLineStarts = (text) => {
+    const starts = [0];
+    for (let index = 0; index < text.length; index += 1) {
+        if (text.charCodeAt(index) === 10) {
+            starts.push(index + 1);
+        }
+    }
+    return starts;
+};
+export const offsetToPosition = (lineStarts, offset) => {
+    let low = 0;
+    let high = lineStarts.length - 1;
+    while (low <= high) {
+        const middle = Math.floor((low + high) / 2);
+        const start = lineStarts[middle] ?? 0;
+        if (start > offset) {
+            high = middle - 1;
+        }
+        else {
+            low = middle + 1;
+        }
+    }
+    const line = Math.max(0, low - 1);
+    const lineStart = lineStarts[line] ?? 0;
+    return {
+        character: Math.max(0, offset - lineStart),
+        line,
+    };
+};
+export const createTextRange = (lineStarts, start, end) => ({
+    end,
+    endPosition: offsetToPosition(lineStarts, end),
+    start,
+    startPosition: offsetToPosition(lineStarts, start),
+});
+export const createFullRange = (text) => {
+    const lineStarts = createLineStarts(text);
+    return createTextRange(lineStarts, 0, text.length);
+};
+//# sourceMappingURL=text.js.map

package/dist/text.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"text.js","sourceRoot":"","sources":["../src/text.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,IAAY,EAAY,EAAE;IACzD,MAAM,MAAM,GAAG,CAAC,CAAC,CAAC,CAAA;IAElB,KAAK,IAAI,KAAK,GAAG,CAAC,EAAE,KAAK,GAAG,IAAI,CAAC,MAAM,EAAE,KAAK,IAAI,CAAC,EAAE,CAAC;QACpD,IAAI,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,KAAK,EAAE,EAAE,CAAC;YAClC,MAAM,CAAC,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC,CAAA;QACxB,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAA;AACf,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,UAA6B,EAAE,MAAc,EAAgB,EAAE;IAC9F,IAAI,GAAG,GAAG,CAAC,CAAA;IACX,IAAI,IAAI,GAAG,UAAU,CAAC,MAAM,GAAG,CAAC,CAAA;IAEhC,OAAO,GAAG,IAAI,IAAI,EAAE,CAAC;QACnB,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAA;QAC3C,MAAM,KAAK,GAAG,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;QAErC,IAAI,KAAK,GAAG,MAAM,EAAE,CAAC;YACnB,IAAI,GAAG,MAAM,GAAG,CAAC,CAAA;QACnB,CAAC;aAAM,CAAC;YACN,GAAG,GAAG,MAAM,GAAG,CAAC,CAAA;QAClB,CAAC;IACH,CAAC;IAED,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,GAAG,CAAC,CAAC,CAAA;IACjC,MAAM,SAAS,GAAG,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAEvC,OAAO;QACL,SAAS,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;QAC1C,IAAI;KACL,CAAA;AACH,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,eAAe,GAAG,CAC7B,UAA6B,EAC7B,KAAa,EACb,GAAW,EACA,EAAE,CAAC,CAAC;IACf,GAAG;IACH,WAAW,EAAE,gBAAgB,CAAC,UAAU,EAAE,GAAG,CAAC;IAC9C,KAAK;IACL,aAAa,EAAE,gBAAgB,CAAC,UAAU,EAAE,KAAK,CAAC;CACnD,CAAC,CAAA;AAEF,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,IAAY,EAAa,EAAE;IACzD,MAAM,UAAU,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAA;IAEzC,OAAO,eAAe,CAAC,UAAU,EAAE,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,CAAA;AACpD,CAAC,CAAA"}

package/dist/types.d.ts

@@ -0,0 +1,97 @@
+export type DependencySourceKind = 'package-json' | 'pnpm-workspace';
+export type DependencyManager = 'npm' | 'pnpm' | 'yarn';
+export type DependencySection = 'catalog' | 'catalogs' | 'dependencies' | 'devDependencies' | 'optionalDependencies' | 'overrides' | 'packageExtensions' | 'peerDependencies' | 'pnpm.overrides' | 'resolutions';
+export type DependencyStatus = 'invalid' | 'missing' | 'outdated' | 'protocol' | 'up-to-date' | 'vulnerable';
+export type Severity = 'critical' | 'high' | 'low' | 'medium' | 'none' | 'unknown';
+export interface TextPosition {
+    character: number;
+    line: number;
+}
+export interface TextRange {
+    end: number;
+    endPosition: TextPosition;
+    start: number;
+    startPosition: TextPosition;
+}
+export interface DependencyEntry {
+    catalogName?: string;
+    id: string;
+    manager: DependencyManager;
+    nameRange: TextRange;
+    packageName: string;
+    path: string[];
+    section: DependencySection;
+    source: DependencySourceKind;
+    spec: string;
+    specRange: TextRange;
+}
+export interface CatalogSnapshot {
+    default: Map<string, string>;
+    named: Map<string, Map<string, string>>;
+}
+export interface ManifestParseResult {
+    catalogs: CatalogSnapshot;
+    dependencies: DependencyEntry[];
+    errors: ManifestParseError[];
+    source: DependencySourceKind;
+}
+export interface ManifestParseError {
+    message: string;
+    range?: TextRange;
+}
+export interface NpmPackageMetadata {
+    distTags: Record<string, string>;
+    name: string;
+    versions: string[];
+}
+export interface RegistryLookupError {
+    code: 'network-error' | 'not-found' | 'registry-error';
+    message: string;
+    status?: number;
+}
+export type RegistryLookupResult = {
+    metadata: NpmPackageMetadata;
+    ok: true;
+} | {
+    error: RegistryLookupError;
+    ok: false;
+};
+export interface DependencyUpdateTargets {
+    current?: string;
+    latest?: string;
+    nextMajor?: string;
+    nextMinor?: string;
+    nextPatch?: string;
+}
+export interface VulnerabilitySummary {
+    aliases: string[];
+    ids: string[];
+    severity: Severity;
+    source: 'osv';
+}
+export interface DependencyAnalysis {
+    dependency: DependencyEntry;
+    displaySpec: string;
+    exists: boolean;
+    isLatestSatisfied: boolean;
+    message: string;
+    packageUrl: string;
+    registry?: NpmPackageMetadata;
+    status: DependencyStatus;
+    targets: DependencyUpdateTargets;
+    vulnerability?: VulnerabilitySummary;
+}
+export interface AnalyzeDependencyOptions {
+    catalogSnapshot?: CatalogSnapshot;
+    includePrerelease?: boolean;
+    registryUrl?: string;
+}
+export interface AnalyzeManyOptions extends AnalyzeDependencyOptions {
+    vulnerabilities?: boolean;
+}
+export type FetchLike = (input: string, init?: RequestInit) => Promise<Response>;
+export interface OsvQuery {
+    name: string;
+    version: string;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,oBAAoB,GAAG,cAAc,GAAG,gBAAgB,CAAA;AAEpE,MAAM,MAAM,iBAAiB,GAAG,KAAK,GAAG,MAAM,GAAG,MAAM,CAAA;AAEvD,MAAM,MAAM,iBAAiB,GACzB,SAAS,GACT,UAAU,GACV,cAAc,GACd,iBAAiB,GACjB,sBAAsB,GACtB,WAAW,GACX,mBAAmB,GACnB,kBAAkB,GAClB,gBAAgB,GAChB,aAAa,CAAA;AAEjB,MAAM,MAAM,gBAAgB,GAAG,SAAS,GAAG,SAAS,GAAG,UAAU,GAAG,UAAU,GAAG,YAAY,GAAG,YAAY,CAAA;AAE5G,MAAM,MAAM,QAAQ,GAAG,UAAU,GAAG,MAAM,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,SAAS,CAAA;AAElF,MAAM,WAAW,YAAY;IAC3B,SAAS,EAAE,MAAM,CAAA;IACjB,IAAI,EAAE,MAAM,CAAA;CACb;AAED,MAAM,WAAW,SAAS;IACxB,GAAG,EAAE,MAAM,CAAA;IACX,WAAW,EAAE,YAAY,CAAA;IACzB,KAAK,EAAE,MAAM,CAAA;IACb,aAAa,EAAE,YAAY,CAAA;CAC5B;AAED,MAAM,WAAW,eAAe;IAC9B,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,EAAE,EAAE,MAAM,CAAA;IACV,OAAO,EAAE,iBAAiB,CAAA;IAC1B,SAAS,EAAE,SAAS,CAAA;IACpB,WAAW,EAAE,MAAM,CAAA;IACnB,IAAI,EAAE,MAAM,EAAE,CAAA;IACd,OAAO,EAAE,iBAAiB,CAAA;IAC1B,MAAM,EAAE,oBAAoB,CAAA;IAC5B,IAAI,EAAE,MAAM,CAAA;IACZ,SAAS,EAAE,SAAS,CAAA;CACrB;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAC5B,KAAK,EAAE,GAAG,CAAC,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAA;CACxC;AAED,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,eAAe,CAAA;IACzB,YAAY,EAAE,eAAe,EAAE,CAAA;IAC/B,MAAM,EAAE,kBAAkB,EAAE,CAAA;IAC5B,MAAM,EAAE,oBAAoB,CAAA;CAC7B;AAED,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,MAAM,CAAA;IACf,KAAK,CAAC,EAAE,SAAS,CAAA;CAClB;AAED,MAAM,WAAW,kBAAkB;IACjC,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAChC,IAAI,EAAE,MAAM,CAAA;IACZ,QAAQ,EAAE,MAAM,EAAE,CAAA;CACnB;AAED,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,eAAe,GAAG,WAAW,GAAG,gBAAgB,CAAA;IACtD,OAAO,EAAE,MAAM,CAAA;IACf,MAAM,CAAC,EAAE,MAAM,CAAA;CAChB;AAED,MAAM,MAAM,oBAAoB,GAC5B;IACA,QAAQ,EAAE,kBAAkB,CAAA;IAC5B,EAAE,EAAE,IAAI,CAAA;CACT,GACC;IACA,KAAK,EAAE,mBAAmB,CAAA;IAC1B,EAAE,EAAE,KAAK,CAAA;CACV,CAAA;AAEH,MAAM,WAAW,uBAAuB;IACtC,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,SAAS,CAAC,EAAE,MAAM,CAAA;CACnB;AAED,MAAM,WAAW,oBAAoB;IACnC,OAAO,EAAE,MAAM,EAAE,CAAA;IACjB,GAAG,EAAE,MAAM,EAAE,CAAA;IACb,QAAQ,EAAE,QAAQ,CAAA;IAClB,MAAM,EAAE,KAAK,CAAA;CACd;AAED,MAAM,WAAW,kBAAkB;IACjC,UAAU,EAAE,eAAe,CAAA;IAC3B,WAAW,EAAE,MAAM,CAAA;IACnB,MAAM,EAAE,OAAO,CAAA;IACf,iBAAiB,EAAE,OAAO,CAAA;IAC1B,OAAO,EAAE,MAAM,CAAA;IACf,UAAU,EAAE,MAAM,CAAA;IAClB,QAAQ,CAAC,EAAE,kBAAkB,CAAA;IAC7B,MAAM,EAAE,gBAAgB,CAAA;IACxB,OAAO,EAAE,uBAAuB,CAAA;IAChC,aAAa,CAAC,EAAE,oBAAoB,CAAA;CACrC;AAED,MAAM,WAAW,wBAAwB;IACvC,eAAe,CAAC,EAAE,eAAe,CAAA;IACjC,iBAAiB,CAAC,EAAE,OAAO,CAAA;IAC3B,WAAW,CAAC,EAAE,MAAM,CAAA;CACrB;AAED,MAAM,WAAW,kBAAmB,SAAQ,wBAAwB;IAClE,eAAe,CAAC,EAAE,OAAO,CAAA;CAC1B;AAED,MAAM,MAAM,SAAS,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,WAAW,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAA;AAEhF,MAAM,WAAW,QAAQ;IACvB,IAAI,EAAE,MAAM,CAAA;IACZ,OAAO,EAAE,MAAM,CAAA;CAChB"}

package/dist/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":""}

package/dist/versions.d.ts

@@ -0,0 +1,26 @@
+import type { CatalogSnapshot, DependencyEntry, DependencyStatus, DependencyUpdateTargets, NpmPackageMetadata, Severity, VulnerabilitySummary } from './types.js';
+export interface NormalizedDependencySpec {
+    displaySpec: string;
+    packageName: string;
+    protocol?: 'catalog' | 'unsupported';
+    spec: string;
+}
+export declare const normalizeDependencySpec: (dependency: DependencyEntry, catalogSnapshot?: CatalogSnapshot) => NormalizedDependencySpec;
+export declare const isHighRiskSeverity: (severity: Severity | undefined) => boolean;
+export declare const hasModerateRiskSeverity: (severity: Severity | undefined) => boolean;
+export declare const versionCandidates: (metadata: NpmPackageMetadata, includePrerelease: boolean) => string[];
+export declare const getLatestVersion: (metadata: NpmPackageMetadata, includePrerelease: boolean) => string | undefined;
+export declare const getVersionPrefix: (spec: string) => string;
+export declare const createTargetSpec: (currentSpec: string, targetVersion: string) => string;
+export declare const computeUpdateTargets: (spec: string, metadata: NpmPackageMetadata, includePrerelease: boolean) => DependencyUpdateTargets;
+export declare const getDependencyStatus: (args: {
+    exists: boolean;
+    isLatestSatisfied: boolean;
+    statusBeforeVulnerability: DependencyStatus;
+    vulnerability?: VulnerabilitySummary;
+}) => DependencyStatus;
+export declare const specLooksPublished: (spec: string, metadata: NpmPackageMetadata) => boolean;
+export declare const specSatisfiesLatest: (spec: string, latest: string | undefined, includePrerelease: boolean) => boolean;
+export declare const parseValidVersion: (version: string) => string | undefined;
+export declare const getInvalidSpecMessage: (spec: string) => string;
+//# sourceMappingURL=versions.d.ts.map

package/dist/versions.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"versions.d.ts","sourceRoot":"","sources":["../src/versions.ts"],"names":[],"mappings":"AAiBA,OAAO,KAAK,EACV,eAAe,EACf,eAAe,EACf,gBAAgB,EAChB,uBAAuB,EACvB,kBAAkB,EAClB,QAAQ,EACR,oBAAoB,EACrB,MAAM,YAAY,CAAA;AAEnB,MAAM,WAAW,wBAAwB;IACvC,WAAW,EAAE,MAAM,CAAA;IACnB,WAAW,EAAE,MAAM,CAAA;IACnB,QAAQ,CAAC,EAAE,SAAS,GAAG,aAAa,CAAA;IACpC,IAAI,EAAE,MAAM,CAAA;CACb;AAID,eAAO,MAAM,uBAAuB,GAClC,YAAY,eAAe,EAC3B,kBAAkB,eAAe,KAChC,wBA4BF,CAAA;AAED,eAAO,MAAM,kBAAkB,GAAI,UAAU,QAAQ,GAAG,SAAS,KAAG,OACpB,CAAA;AAEhD,eAAO,MAAM,uBAAuB,GAAI,UAAU,QAAQ,GAAG,SAAS,KAAG,OAC5B,CAAA;AAE7C,eAAO,MAAM,iBAAiB,GAAI,UAAU,kBAAkB,EAAE,mBAAmB,OAAO,KAAG,MAAM,EAIjF,CAAA;AAclB,eAAO,MAAM,gBAAgB,GAAI,UAAU,kBAAkB,EAAE,mBAAmB,OAAO,KAAG,MAAM,GAAG,SAGtC,CAAA;AAoC/D,eAAO,MAAM,gBAAgB,GAAI,MAAM,MAAM,KAAG,MAM/C,CAAA;AAED,eAAO,MAAM,gBAAgB,GAAI,aAAa,MAAM,EAAE,eAAe,MAAM,KAAG,MAC1B,CAAA;AAEpD,eAAO,MAAM,oBAAoB,GAC/B,MAAM,MAAM,EACZ,UAAU,kBAAkB,EAC5B,mBAAmB,OAAO,KACzB,uBAeF,CAAA;AAED,eAAO,MAAM,mBAAmB,GAC9B,MAAM;IACJ,MAAM,EAAE,OAAO,CAAA;IACf,iBAAiB,EAAE,OAAO,CAAA;IAC1B,yBAAyB,EAAE,gBAAgB,CAAA;IAC3C,aAAa,CAAC,EAAE,oBAAoB,CAAA;CACrC,KACA,gBAUF,CAAA;AAED,eAAO,MAAM,kBAAkB,GAAI,MAAM,MAAM,EAAE,UAAU,kBAAkB,KAAG,OAM/E,CAAA;AAED,eAAO,MAAM,mBAAmB,GAC9B,MAAM,MAAM,EACZ,QAAQ,MAAM,GAAG,SAAS,EAC1B,mBAAmB,OAAO,KACzB,OAAgG,CAAA;AAEnG,eAAO,MAAM,iBAAiB,GAAI,SAAS,MAAM,KAAG,MAAM,GAAG,SAAoC,CAAA;AAEjG,eAAO,MAAM,qBAAqB,GAAI,MAAM,MAAM,KAAG,MAAoE,CAAA"}

package/dist/versions.js

@@ -0,0 +1,117 @@
+import { clean, compare, gt, major, maxSatisfying, minor, minVersion, parse, prerelease, satisfies, valid, validRange, } from 'semver';
+import { resolveCatalogSpec } from './catalogs.js';
+import { isUnsupportedProtocol, stripNpmAlias } from './package-name.js';
+const VERSION_PREFIX_PATTERN = /^(?<prefix>[\^~>=< ]*)\d/u;
+export const normalizeDependencySpec = (dependency, catalogSnapshot) => {
+    if (dependency.spec.startsWith('catalog:')) {
+        const catalogSpec = resolveCatalogSpec(catalogSnapshot, dependency.packageName, dependency.spec);
+        return {
+            displaySpec: catalogSpec ? `${dependency.spec} (${catalogSpec})` : dependency.spec,
+            packageName: dependency.packageName,
+            protocol: catalogSpec ? 'catalog' : 'unsupported',
+            spec: catalogSpec ?? dependency.spec,
+        };
+    }
+    if (isUnsupportedProtocol(dependency.spec)) {
+        return {
+            displaySpec: dependency.spec,
+            packageName: dependency.packageName,
+            protocol: 'unsupported',
+            spec: dependency.spec,
+        };
+    }
+    const alias = stripNpmAlias(dependency.packageName, dependency.spec);
+    return {
+        displaySpec: dependency.spec,
+        packageName: alias.packageName,
+        spec: alias.spec,
+    };
+};
+export const isHighRiskSeverity = (severity) => severity === 'critical' || severity === 'high';
+export const hasModerateRiskSeverity = (severity) => severity === 'medium' || severity === 'low';
+export const versionCandidates = (metadata, includePrerelease) => metadata.versions
+    .filter((version) => valid(version))
+    .filter((version) => includePrerelease || prerelease(version) === null)
+    .sort(compare);
+const maxVersion = (versions) => versions.at(-1);
+const distTagVersion = (metadata, tag, includePrerelease) => {
+    const version = metadata.distTags[tag];
+    if (!version || !valid(version))
+        return undefined;
+    if (!includePrerelease && prerelease(version) !== null)
+        return undefined;
+    return version;
+};
+export const getLatestVersion = (metadata, includePrerelease) => distTagVersion(metadata, includePrerelease ? 'next' : 'latest', includePrerelease)
+    ?? distTagVersion(metadata, 'latest', includePrerelease)
+    ?? maxVersion(versionCandidates(metadata, includePrerelease));
+const firstHigherMinor = (versions, baseVersion) => {
+    const baseMajor = major(baseVersion);
+    const baseMinor = minor(baseVersion);
+    const higher = versions.filter((version) => major(version) === baseMajor && minor(version) > baseMinor && gt(version, baseVersion));
+    const nextMinor = higher.map((version) => minor(version)).sort((left, right) => left - right).at(0);
+    if (typeof nextMinor !== 'number')
+        return undefined;
+    return maxVersion(higher.filter((version) => minor(version) === nextMinor));
+};
+const firstHigherMajor = (versions, baseVersion) => {
+    const baseMajor = major(baseVersion);
+    const higher = versions.filter((version) => major(version) > baseMajor && gt(version, baseVersion));
+    const nextMajor = higher.map((version) => major(version)).sort((left, right) => left - right).at(0);
+    if (typeof nextMajor !== 'number')
+        return undefined;
+    return maxVersion(higher.filter((version) => major(version) === nextMajor));
+};
+const highestPatch = (versions, baseVersion) => maxVersion(versions.filter((version) => major(version) === major(baseVersion) && minor(version) === minor(baseVersion) && gt(version, baseVersion)));
+const isConcreteSpec = (spec) => /^[\^~]?\d/u.test(spec.trim());
+const safeMinVersion = (spec) => {
+    try {
+        return minVersion(spec)?.version;
+    }
+    catch {
+        return undefined;
+    }
+};
+export const getVersionPrefix = (spec) => {
+    const prefix = VERSION_PREFIX_PATTERN.exec(spec.trim())?.groups?.prefix?.trim();
+    if (prefix === '^' || prefix === '~')
+        return prefix;
+    return '';
+};
+export const createTargetSpec = (currentSpec, targetVersion) => `${getVersionPrefix(currentSpec)}${targetVersion}`;
+export const computeUpdateTargets = (spec, metadata, includePrerelease) => {
+    const range = validRange(spec);
+    const candidates = versionCandidates(metadata, includePrerelease);
+    const floor = valid(spec) ?? safeMinVersion(spec);
+    const current = range ? maxSatisfying(candidates, range, { includePrerelease }) ?? floor : floor;
+    if (!current)
+        return {};
+    return {
+        current,
+        latest: getLatestVersion(metadata, includePrerelease),
+        nextMajor: firstHigherMajor(candidates, current),
+        nextMinor: firstHigherMinor(candidates, current),
+        nextPatch: highestPatch(candidates, current),
+    };
+};
+export const getDependencyStatus = (args) => {
+    if (args.vulnerability && isHighRiskSeverity(args.vulnerability.severity))
+        return 'vulnerable';
+    if (args.statusBeforeVulnerability === 'invalid' || args.statusBeforeVulnerability === 'missing')
+        return args.statusBeforeVulnerability;
+    if (args.vulnerability && hasModerateRiskSeverity(args.vulnerability.severity))
+        return 'vulnerable';
+    if (!args.exists)
+        return 'missing';
+    return args.isLatestSatisfied ? 'up-to-date' : 'outdated';
+};
+export const specLooksPublished = (spec, metadata) => {
+    const floor = clean(spec) ?? minVersion(spec)?.version;
+    if (!floor || !isConcreteSpec(spec))
+        return true;
+    return metadata.versions.includes(floor);
+};
+export const specSatisfiesLatest = (spec, latest, includePrerelease) => Boolean(latest && validRange(spec) && satisfies(latest, spec, { includePrerelease }));
+export const parseValidVersion = (version) => parse(version)?.version;
+export const getInvalidSpecMessage = (spec) => `The version range "${spec}" is not a valid semver range.`;
+//# sourceMappingURL=versions.js.map

package/dist/versions.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"versions.js","sourceRoot":"","sources":["../src/versions.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,KAAK,EACL,OAAO,EACP,EAAE,EACF,KAAK,EACL,aAAa,EACb,KAAK,EACL,UAAU,EACV,KAAK,EACL,UAAU,EACV,SAAS,EACT,KAAK,EACL,UAAU,GACX,MAAM,QAAQ,CAAA;AAEf,OAAO,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAA;AAClD,OAAO,EAAE,qBAAqB,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAA;AAkBxE,MAAM,sBAAsB,GAAG,2BAA2B,CAAA;AAE1D,MAAM,CAAC,MAAM,uBAAuB,GAAG,CACrC,UAA2B,EAC3B,eAAiC,EACP,EAAE;IAC5B,IAAI,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC3C,MAAM,WAAW,GAAG,kBAAkB,CAAC,eAAe,EAAE,UAAU,CAAC,WAAW,EAAE,UAAU,CAAC,IAAI,CAAC,CAAA;QAEhG,OAAO;YACL,WAAW,EAAE,WAAW,CAAC,CAAC,CAAC,GAAG,UAAU,CAAC,IAAI,KAAK,WAAW,GAAG,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI;YAClF,WAAW,EAAE,UAAU,CAAC,WAAW;YACnC,QAAQ,EAAE,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,aAAa;YACjD,IAAI,EAAE,WAAW,IAAI,UAAU,CAAC,IAAI;SACrC,CAAA;IACH,CAAC;IAED,IAAI,qBAAqB,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QAC3C,OAAO;YACL,WAAW,EAAE,UAAU,CAAC,IAAI;YAC5B,WAAW,EAAE,UAAU,CAAC,WAAW;YACnC,QAAQ,EAAE,aAAa;YACvB,IAAI,EAAE,UAAU,CAAC,IAAI;SACtB,CAAA;IACH,CAAC;IAED,MAAM,KAAK,GAAG,aAAa,CAAC,UAAU,CAAC,WAAW,EAAE,UAAU,CAAC,IAAI,CAAC,CAAA;IAEpE,OAAO;QACL,WAAW,EAAE,UAAU,CAAC,IAAI;QAC5B,WAAW,EAAE,KAAK,CAAC,WAAW;QAC9B,IAAI,EAAE,KAAK,CAAC,IAAI;KACjB,CAAA;AACH,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,QAA8B,EAAW,EAAE,CAC5E,QAAQ,KAAK,UAAU,IAAI,QAAQ,KAAK,MAAM,CAAA;AAEhD,MAAM,CAAC,MAAM,uBAAuB,GAAG,CAAC,QAA8B,EAAW,EAAE,CACjF,QAAQ,KAAK,QAAQ,IAAI,QAAQ,KAAK,KAAK,CAAA;AAE7C,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,QAA4B,EAAE,iBAA0B,EAAY,EAAE,CACtG,QAAQ,CAAC,QAAQ;KACd,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;KACnC,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,iBAAiB,IAAI,UAAU,CAAC,OAAO,CAAC,KAAK,IAAI,CAAC;KACtE,IAAI,CAAC,OAAO,CAAC,CAAA;AAElB,MAAM,UAAU,GAAG,CAAC,QAA2B,EAAsB,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAA;AAEvF,MAAM,cAAc,GAAG,CAAC,QAA4B,EAAE,GAAW,EAAE,iBAA0B,EAAsB,EAAE;IACnH,MAAM,OAAO,GAAG,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAA;IAEtC,IAAI,CAAC,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC;QAAE,OAAO,SAAS,CAAA;IAEjD,IAAI,CAAC,iBAAiB,IAAI,UAAU,CAAC,OAAO,CAAC,KAAK,IAAI;QAAE,OAAO,SAAS,CAAA;IAExE,OAAO,OAAO,CAAA;AAChB,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,QAA4B,EAAE,iBAA0B,EAAsB,EAAE,CAC/G,cAAc,CAAC,QAAQ,EAAE,iBAAiB,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,EAAE,iBAAiB,CAAC;OAC/E,cAAc,CAAC,QAAQ,EAAE,QAAQ,EAAE,iBAAiB,CAAC;OACrD,UAAU,CAAC,iBAAiB,CAAC,QAAQ,EAAE,iBAAiB,CAAC,CAAC,CAAA;AAE/D,MAAM,gBAAgB,GAAG,CAAC,QAA2B,EAAE,WAAmB,EAAsB,EAAE;IAChG,MAAM,SAAS,GAAG,KAAK,CAAC,WAAW,CAAC,CAAA;IACpC,MAAM,SAAS,GAAG,KAAK,CAAC,WAAW,CAAC,CAAA;IACpC,MAAM,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,SAAS,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,SAAS,IAAI,EAAE,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC,CAAA;IACnI,MAAM,SAAS,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC,IAAI,GAAG,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;IAEnG,IAAI,OAAO,SAAS,KAAK,QAAQ;QAAE,OAAO,SAAS,CAAA;IAEnD,OAAO,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,SAAS,CAAC,CAAC,CAAA;AAC7E,CAAC,CAAA;AAED,MAAM,gBAAgB,GAAG,CAAC,QAA2B,EAAE,WAAmB,EAAsB,EAAE;IAChG,MAAM,SAAS,GAAG,KAAK,CAAC,WAAW,CAAC,CAAA;IACpC,MAAM,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,SAAS,IAAI,EAAE,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC,CAAA;IACnG,MAAM,SAAS,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC,IAAI,GAAG,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;IAEnG,IAAI,OAAO,SAAS,KAAK,QAAQ;QAAE,OAAO,SAAS,CAAA;IAEnD,OAAO,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,SAAS,CAAC,CAAC,CAAA;AAC7E,CAAC,CAAA;AAED,MAAM,YAAY,GAAG,CAAC,QAA2B,EAAE,WAAmB,EAAsB,EAAE,CAC5F,UAAU,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,KAAK,CAAC,WAAW,CAAC,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,KAAK,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC,CAAC,CAAA;AAEtJ,MAAM,cAAc,GAAG,CAAC,IAAY,EAAW,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAA;AAEhF,MAAM,cAAc,GAAG,CAAC,IAAY,EAAsB,EAAE;IAC1D,IAAI,CAAC;QACH,OAAO,UAAU,CAAC,IAAI,CAAC,EAAE,OAAO,CAAA;IAClC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAA;IAClB,CAAC;AACH,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,IAAY,EAAU,EAAE;IACvD,MAAM,MAAM,GAAG,sBAAsB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,CAAA;IAE/E,IAAI,MAAM,KAAK,GAAG,IAAI,MAAM,KAAK,GAAG;QAAE,OAAO,MAAM,CAAA;IAEnD,OAAO,EAAE,CAAA;AACX,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,WAAmB,EAAE,aAAqB,EAAU,EAAE,CACrF,GAAG,gBAAgB,CAAC,WAAW,CAAC,GAAG,aAAa,EAAE,CAAA;AAEpD,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAClC,IAAY,EACZ,QAA4B,EAC5B,iBAA0B,EACD,EAAE;IAC3B,MAAM,KAAK,GAAG,UAAU,CAAC,IAAI,CAAC,CAAA;IAC9B,MAAM,UAAU,GAAG,iBAAiB,CAAC,QAAQ,EAAE,iBAAiB,CAAC,CAAA;IACjE,MAAM,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,cAAc,CAAC,IAAI,CAAC,CAAA;IACjD,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,aAAa,CAAC,UAAU,EAAE,KAAK,EAAE,EAAE,iBAAiB,EAAE,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,CAAA;IAEhG,IAAI,CAAC,OAAO;QAAE,OAAO,EAAE,CAAA;IAEvB,OAAO;QACL,OAAO;QACP,MAAM,EAAE,gBAAgB,CAAC,QAAQ,EAAE,iBAAiB,CAAC;QACrD,SAAS,EAAE,gBAAgB,CAAC,UAAU,EAAE,OAAO,CAAC;QAChD,SAAS,EAAE,gBAAgB,CAAC,UAAU,EAAE,OAAO,CAAC;QAChD,SAAS,EAAE,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC;KAC7C,CAAA;AACH,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,mBAAmB,GAAG,CACjC,IAKC,EACiB,EAAE;IACpB,IAAI,IAAI,CAAC,aAAa,IAAI,kBAAkB,CAAC,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC;QAAE,OAAO,YAAY,CAAA;IAE9F,IAAI,IAAI,CAAC,yBAAyB,KAAK,SAAS,IAAI,IAAI,CAAC,yBAAyB,KAAK,SAAS;QAAE,OAAO,IAAI,CAAC,yBAAyB,CAAA;IAEvI,IAAI,IAAI,CAAC,aAAa,IAAI,uBAAuB,CAAC,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC;QAAE,OAAO,YAAY,CAAA;IAEnG,IAAI,CAAC,IAAI,CAAC,MAAM;QAAE,OAAO,SAAS,CAAA;IAElC,OAAO,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,UAAU,CAAA;AAC3D,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,IAAY,EAAE,QAA4B,EAAW,EAAE;IACxF,MAAM,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,EAAE,OAAO,CAAA;IAEtD,IAAI,CAAC,KAAK,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAA;IAEhD,OAAO,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;AAC1C,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,mBAAmB,GAAG,CACjC,IAAY,EACZ,MAA0B,EAC1B,iBAA0B,EACjB,EAAE,CAAC,OAAO,CAAC,MAAM,IAAI,UAAU,CAAC,IAAI,CAAC,IAAI,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,EAAE,iBAAiB,EAAE,CAAC,CAAC,CAAA;AAEnG,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,OAAe,EAAsB,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,OAAO,CAAA;AAEjG,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,IAAY,EAAU,EAAE,CAAC,sBAAsB,IAAI,gCAAgC,CAAA"}

package/package.json

@@ -0,0 +1,69 @@
+{
+  "name": "@santi020k/dep-beacon-core",
+  "version": "1.0.0",
+  "description": "Dependency manifest parsing, npm version intelligence, and OSV advisory checks for Dep Beacon.",
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "default": "./dist/index.js"
+    }
+  },
+  "files": [
+    "dist",
+    "README.md",
+    "CHANGELOG.md",
+    "LICENSE"
+  ],
+  "dependencies": {
+    "jsonc-parser": "^3.3.1",
+    "semver": "^7.8.5",
+    "yaml": "^2.9.0"
+  },
+  "devDependencies": {
+    "@types/node": "^26.0.0",
+    "@types/semver": "^7.7.1",
+    "@vitest/coverage-v8": "^4.1.9",
+    "typescript": "^6.0.3",
+    "vitest": "^4.1.9"
+  },
+  "engines": {
+    "node": "^20.19.0 || >=22.13.0"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/santi020k/dep-beacon.git",
+    "directory": "packages/dep-beacon-core"
+  },
+  "homepage": "https://beacon.santi020k.com",
+  "bugs": {
+    "url": "https://github.com/santi020k/dep-beacon/issues"
+  },
+  "keywords": [
+    "dependencies",
+    "npm",
+    "pnpm",
+    "semver",
+    "vscode",
+    "osv",
+    "security"
+  ],
+  "author": {
+    "name": "Santiago Molina",
+    "url": "https://santi020k.com"
+  },
+  "license": "MIT",
+  "scripts": {
+    "build": "tsc -p tsconfig.build.json",
+    "dev": "tsc -p tsconfig.build.json --watch --preserveWatchOutput",
+    "typecheck": "tsc -p tsconfig.json --noEmit",
+    "test": "vitest run --config vitest.config.ts",
+    "test:coverage": "vitest run --config vitest.config.ts --coverage",
+    "test:watch": "vitest --config vitest.config.ts",
+    "lint": "eslint . --no-warn-ignored",
+    "lint:fix": "eslint . --fix --no-warn-ignored",
+    "clean": "rm -rf dist coverage"
+  }
+}