@savvy-web/pnpm-plugin-silk 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/README.md +3 -5
  2. package/index.cjs +13 -4
  3. package/index.d.ts +6 -0
  4. package/package.json +1 -1
  5. package/pnpmfile.cjs +37 -9
  6. package/tsdoc-metadata.json +1 -1
package/README.md CHANGED
@@ -2,7 +2,7 @@
2
2
 
3
3
  [![npm version](https://img.shields.io/npm/v/@savvy-web/pnpm-plugin-silk)](https://www.npmjs.com/package/@savvy-web/pnpm-plugin-silk)
4
4
  [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
5
- [![Node.js](https://img.shields.io/badge/node-%3E%3D22-brightgreen)](https://nodejs.org/)
5
+ [![Node.js](https://img.shields.io/badge/node-%3E%3D24-brightgreen)](https://nodejs.org/)
6
6
  [![pnpm](https://img.shields.io/badge/pnpm-%3E%3D10-orange)](https://pnpm.io/)
7
7
 
8
8
  Centralized dependency version management for the Silk ecosystem via pnpm
@@ -59,13 +59,11 @@ The `silk` catalog provides current/latest versions for your direct
59
59
  dependencies, while `silkPeers` provides permissive ranges that allow consumers
60
60
  to use older compatible versions.
61
61
 
62
- ## Documentation
63
-
64
- For catalog contents, local overrides, TypeScript API, and advanced
65
- configuration, see [docs/](./docs/).
62
+ ## More Information
66
63
 
67
64
  - [Contributing](./CONTRIBUTING.md) - Development setup and guidelines
68
65
  - [Security Policy](./SECURITY.md) - Vulnerability reporting
66
+ - [Design Documentation](./.claude/design/pnpm-plugin-silk/catalog-management.md) - Architecture and implementation details
69
67
 
70
68
  ## License
71
69
 
package/index.cjs CHANGED
@@ -28,11 +28,19 @@ __webpack_require__.d(__webpack_exports__, {
28
28
  const silkCatalogs = {
29
29
  silk: {
30
30
  "@changesets/cli": "^2.29.8",
31
+ "@commitlint/cli": "^20.4.1",
32
+ "@commitlint/config-conventional": "^20.4.1",
31
33
  "@microsoft/api-extractor": "^7.56.0",
32
34
  "@rslib/core": "^0.19.4",
33
35
  "@types/node": "^25.2.0",
34
36
  "@typescript/native-preview": "^7.0.0-dev.20260203.1",
35
37
  "@vitest/coverage-v8": "^4.0.18",
38
+ commitizen: "^4.3.1",
39
+ husky: "^9.1.7",
40
+ "lint-staged": "^16.2.7",
41
+ "markdownlint-cli2": "^0.20.0",
42
+ "markdownlint-cli2-formatter-codequality": "^0.0.7",
43
+ tsx: "^4.21.0",
36
44
  turbo: "^2.8.3",
37
45
  typescript: "^5.9.3",
38
46
  vitest: "^4.0.18"
@@ -42,15 +50,16 @@ const silkCatalogs = {
42
50
  "@commitlint/cli": "^20.4.1",
43
51
  "@commitlint/config-conventional": "^20.4.1",
44
52
  "@microsoft/api-extractor": "^7.55.2",
45
- "@rslib/core": "^0.19.3",
46
53
  "@types/node": "^25.0.10",
47
54
  "@typescript/native-preview": "^7.0.0-dev.20260124.1",
48
55
  commitizen: "^4.3.1",
49
56
  husky: "^9.1.7",
50
- "lint-staged": "^16.2.7",
51
- "markdownlint-cli2": "^0.20.0",
52
- "markdownlint-cli2-formatter-codequality": "^0.0.7",
53
57
  typescript: "^5.9.3"
58
+ },
59
+ silkOverrides: {
60
+ "@isaacs/brace-expansion": ">=5.0.1",
61
+ lodash: ">=4.17.23",
62
+ tmp: ">=0.2.4"
54
63
  }
55
64
  };
56
65
  exports.silkCatalogs = __webpack_exports__.silkCatalogs;
package/index.d.ts CHANGED
@@ -72,6 +72,11 @@ export declare interface SilkCatalogs {
72
72
  * Use with `catalog:silkPeers` in package.json.
73
73
  */
74
74
  readonly silkPeers: Catalog;
75
+ /**
76
+ * Security overrides for known CVEs.
77
+ * Synced to pnpm `overrides` configuration.
78
+ */
79
+ readonly silkOverrides: Catalog;
75
80
  }
76
81
 
77
82
  /**
@@ -79,6 +84,7 @@ export declare interface SilkCatalogs {
79
84
  *
80
85
  * - `silk`: Current/latest versions for direct dependencies
81
86
  * - `silkPeers`: Permissive ranges for peerDependencies
87
+ * - `silkOverrides`: Security overrides for known CVEs
82
88
  */
83
89
  export declare const silkCatalogs: SilkCatalogs;
84
90
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@savvy-web/pnpm-plugin-silk",
3
- "version": "0.1.0",
3
+ "version": "0.2.0",
4
4
  "private": false,
5
5
  "description": "pnpm config dependency for centralized catalog management across the Silk ecosystem.",
6
6
  "keywords": [
package/pnpmfile.cjs CHANGED
@@ -3,11 +3,19 @@ var __webpack_exports__ = {};
3
3
  const silkCatalogs = {
4
4
  silk: {
5
5
  "@changesets/cli": "^2.29.8",
6
+ "@commitlint/cli": "^20.4.1",
7
+ "@commitlint/config-conventional": "^20.4.1",
6
8
  "@microsoft/api-extractor": "^7.56.0",
7
9
  "@rslib/core": "^0.19.4",
8
10
  "@types/node": "^25.2.0",
9
11
  "@typescript/native-preview": "^7.0.0-dev.20260203.1",
10
12
  "@vitest/coverage-v8": "^4.0.18",
13
+ commitizen: "^4.3.1",
14
+ husky: "^9.1.7",
15
+ "lint-staged": "^16.2.7",
16
+ "markdownlint-cli2": "^0.20.0",
17
+ "markdownlint-cli2-formatter-codequality": "^0.0.7",
18
+ tsx: "^4.21.0",
11
19
  turbo: "^2.8.3",
12
20
  typescript: "^5.9.3",
13
21
  vitest: "^4.0.18"
@@ -17,15 +25,16 @@ const silkCatalogs = {
17
25
  "@commitlint/cli": "^20.4.1",
18
26
  "@commitlint/config-conventional": "^20.4.1",
19
27
  "@microsoft/api-extractor": "^7.55.2",
20
- "@rslib/core": "^0.19.3",
21
28
  "@types/node": "^25.0.10",
22
29
  "@typescript/native-preview": "^7.0.0-dev.20260124.1",
23
30
  commitizen: "^4.3.1",
24
31
  husky: "^9.1.7",
25
- "lint-staged": "^16.2.7",
26
- "markdownlint-cli2": "^0.20.0",
27
- "markdownlint-cli2-formatter-codequality": "^0.0.7",
28
32
  typescript: "^5.9.3"
33
+ },
34
+ silkOverrides: {
35
+ "@isaacs/brace-expansion": ">=5.0.1",
36
+ lodash: ">=4.17.23",
37
+ tmp: ">=0.2.4"
29
38
  }
30
39
  };
31
40
  const WARNING_BOX_WIDTH = 75;
@@ -72,20 +81,39 @@ function mergeSingleCatalog(catalogName, silkCatalog, localCatalog, overrides) {
72
81
  }
73
82
  return merged;
74
83
  }
84
+ function mergeOverrides(silkOverrides, localOverrides, overrideWarnings) {
85
+ const merged = {
86
+ ...silkOverrides
87
+ };
88
+ if (!localOverrides) return merged;
89
+ for (const [pkg, localVersion] of Object.entries(localOverrides)){
90
+ const silkVersion = silkOverrides[pkg];
91
+ if (void 0 !== silkVersion && silkVersion !== localVersion) overrideWarnings.push({
92
+ catalog: "overrides",
93
+ package: pkg,
94
+ silkVersion,
95
+ localVersion
96
+ });
97
+ merged[pkg] = localVersion;
98
+ }
99
+ return merged;
100
+ }
75
101
  function updateConfig(config) {
76
102
  try {
77
- const overrides = [];
103
+ const warnings = [];
78
104
  const existingCatalogs = config.catalogs ?? {};
79
- const mergedSilk = mergeSingleCatalog("silk", silkCatalogs.silk, existingCatalogs.silk, overrides);
80
- const mergedSilkPeers = mergeSingleCatalog("silkPeers", silkCatalogs.silkPeers, existingCatalogs.silkPeers, overrides);
81
- warnOverrides(overrides);
105
+ const mergedSilk = mergeSingleCatalog("silk", silkCatalogs.silk, existingCatalogs.silk, warnings);
106
+ const mergedSilkPeers = mergeSingleCatalog("silkPeers", silkCatalogs.silkPeers, existingCatalogs.silkPeers, warnings);
107
+ const mergedOverrides = mergeOverrides(silkCatalogs.silkOverrides, config.overrides, warnings);
108
+ warnOverrides(warnings);
82
109
  return {
83
110
  ...config,
84
111
  catalogs: {
85
112
  ...existingCatalogs,
86
113
  silk: mergedSilk,
87
114
  silkPeers: mergedSilkPeers
88
- }
115
+ },
116
+ overrides: mergedOverrides
89
117
  };
90
118
  } catch (error) {
91
119
  console.warn("[pnpm-plugin-silk] Error merging catalogs, using local config only:", error instanceof Error ? error.message : String(error));
package/tsdoc-metadata.json CHANGED
@@ -5,7 +5,7 @@
5
5
  "toolPackages": [
6
6
  {
7
7
  "packageName": "@microsoft/api-extractor",
8
- "packageVersion": "7.56.0"
8
+ "packageVersion": "7.56.1"
9
9
  }
10
10
  ]
11
11
  }