@vercel/python-analysis 0.4.1 → 0.5.0

package/dist/index.js

@@ -1,4 +1,4 @@
-// src/semantic/load.ts
+// src/wasm/load.ts
 import { readFile } from "fs/promises";
 import { createRequire } from "module";
 import { dirname, join } from "path";
@@ -17,7 +17,7 @@ function getWasmDir() {
 }
 async function getCoreModule(path4) {
   const wasmPath = join(getWasmDir(), path4);
-  const wasmBytes = await readFile(wasmPath);
+  const wasmBytes = new Uint8Array(await readFile(wasmPath));
   return WebAssembly.compile(wasmBytes);
 }
 async function importWasmModule() {
@@ -47,6 +47,96 @@ async function containsAppOrHandler(source) {
   return mod.containsAppOrHandler(source);
 }
 
+// src/manifest/dist-metadata.ts
+import { readdir, readFile as readFile2 } from "fs/promises";
+import { join as join2 } from "path";
+async function readDistInfoFile(distInfoDir, filename) {
+  try {
+    return await readFile2(join2(distInfoDir, filename), "utf-8");
+  } catch {
+    return void 0;
+  }
+}
+async function scanDistributions(sitePackagesDir) {
+  const mod = await importWasmModule();
+  const index = /* @__PURE__ */ new Map();
+  let entries;
+  try {
+    entries = await readdir(sitePackagesDir);
+  } catch {
+    return index;
+  }
+  const distInfoDirs = entries.filter((e) => e.endsWith(".dist-info"));
+  for (const dirName of distInfoDirs) {
+    const distInfoPath = join2(sitePackagesDir, dirName);
+    const metadataContent = await readDistInfoFile(distInfoPath, "METADATA");
+    if (!metadataContent) {
+      console.debug(`Missing METADATA in ${dirName}`);
+      continue;
+    }
+    let metadata;
+    try {
+      metadata = mod.parseDistMetadata(
+        new TextEncoder().encode(metadataContent)
+      );
+    } catch (e) {
+      console.debug(`Failed to parse METADATA for ${dirName}: ${e}`);
+      continue;
+    }
+    const normalizedName = mod.normalizePackageName(metadata.name);
+    let files = [];
+    const recordContent = await readDistInfoFile(distInfoPath, "RECORD");
+    if (recordContent) {
+      try {
+        files = mod.parseRecord(recordContent);
+      } catch (e) {
+        console.warn(`Failed to parse RECORD for ${dirName}: ${e}`);
+      }
+    }
+    let origin;
+    const directUrlContent = await readDistInfoFile(
+      distInfoPath,
+      "direct_url.json"
+    );
+    if (directUrlContent) {
+      try {
+        origin = mod.parseDirectUrl(directUrlContent);
+      } catch (e) {
+        console.debug(`Failed to parse direct_url.json for ${dirName}: ${e}`);
+      }
+    }
+    const installerContent = await readDistInfoFile(distInfoPath, "INSTALLER");
+    const installer = installerContent?.trim() || void 0;
+    const dist = {
+      name: normalizedName,
+      version: metadata.version,
+      metadataVersion: metadata.metadataVersion,
+      summary: metadata.summary,
+      description: metadata.description,
+      descriptionContentType: metadata.descriptionContentType,
+      requiresDist: metadata.requiresDist,
+      requiresPython: metadata.requiresPython,
+      providesExtra: metadata.providesExtra,
+      author: metadata.author,
+      authorEmail: metadata.authorEmail,
+      maintainer: metadata.maintainer,
+      maintainerEmail: metadata.maintainerEmail,
+      license: metadata.license,
+      licenseExpression: metadata.licenseExpression,
+      classifiers: metadata.classifiers,
+      homePage: metadata.homePage,
+      projectUrls: metadata.projectUrls,
+      platforms: metadata.platforms,
+      dynamic: metadata.dynamic,
+      files,
+      origin,
+      installer
+    };
+    index.set(normalizedName, dist);
+  }
+  return index;
+}
+
 // src/manifest/package.ts
 import path3 from "path";
 import { match as minimatchMatch } from "minimatch";
@@ -58,7 +148,7 @@ import toml from "smol-toml";
 
 // src/util/fs.ts
 import path from "path";
-import { readFile as readFile2 } from "fs-extra";
+import { readFile as readFile3 } from "fs-extra";
 
 // src/util/error.ts
 import util from "util";
@@ -88,7 +178,7 @@ var PythonAnalysisError = class extends Error {
 // src/util/fs.ts
 async function readFileIfExists(file) {
   try {
-    return await readFile2(file);
+    return await readFile3(file);
   } catch (error) {
     if (!isErrnoException(error, "ENOENT")) {
       throw error;
@@ -991,9 +1081,9 @@ function normalizePathRequirement(rawLine) {
   }
   return req;
 }
-function convertRequirementsToPyprojectToml(fileContent, readFile3) {
+function convertRequirementsToPyprojectToml(fileContent, readFile4) {
   const pyproject = {};
-  const parsed = parseRequirementsFile(fileContent, readFile3);
+  const parsed = parseRequirementsFile(fileContent, readFile4);
   const deps = [];
   const sources = {};
   for (const req of parsed.requirements) {
@@ -1052,11 +1142,11 @@ function buildIndexEntries(pipOptions) {
   }
   return indexes;
 }
-function parseRequirementsFile(fileContent, readFile3) {
+function parseRequirementsFile(fileContent, readFile4) {
   const visited = /* @__PURE__ */ new Set();
-  return parseRequirementsFileInternal(fileContent, readFile3, visited);
+  return parseRequirementsFileInternal(fileContent, readFile4, visited);
 }
-function parseRequirementsFileInternal(fileContent, readFile3, visited) {
+function parseRequirementsFileInternal(fileContent, readFile4, visited) {
   const { cleanedContent, options, pathRequirements, editableRequirements } = extractPipArguments(fileContent);
   const hashMap = buildHashMap(fileContent);
   const requirements = parsePipRequirementsFile(cleanedContent);
@@ -1104,18 +1194,18 @@ function parseRequirementsFileInternal(fileContent, readFile3, visited) {
       normalized.push(norm);
     }
   }
-  if (readFile3) {
+  if (readFile4) {
     for (const refPath of mergedOptions.requirementFiles) {
       const refPathKey = normalize(refPath);
       if (visited.has(refPathKey)) {
         continue;
       }
       visited.add(refPathKey);
-      const refContent = readFile3(refPath);
+      const refContent = readFile4(refPath);
       if (refContent != null) {
         const refParsed = parseRequirementsFileInternal(
           refContent,
-          readFile3,
+          readFile4,
           visited
         );
         const existingNames = new Set(
@@ -2052,6 +2142,95 @@ function createMinimalManifest(options = {}) {
   };
 }
 
+// src/manifest/uv-lock-parser.ts
+import toml3 from "smol-toml";
+function parseUvLock(content, path4) {
+  let parsed;
+  try {
+    parsed = toml3.parse(content);
+  } catch (error) {
+    throw new PythonAnalysisError({
+      message: `Could not parse uv.lock: ${error instanceof Error ? error.message : String(error)}`,
+      code: "PYTHON_UV_LOCK_PARSE_ERROR",
+      path: path4,
+      fileContent: content
+    });
+  }
+  const packages = (parsed.package ?? []).filter((pkg) => pkg.name && pkg.version).map((pkg) => ({
+    name: pkg.name,
+    version: pkg.version,
+    source: pkg.source
+  }));
+  return { version: parsed.version, packages };
+}
+var PUBLIC_PYPI_PATTERNS = [
+  "https://pypi.org",
+  "https://files.pythonhosted.org",
+  "pypi.org"
+];
+function isPublicPyPIRegistry(registryUrl) {
+  if (!registryUrl)
+    return true;
+  const normalized = registryUrl.toLowerCase();
+  return PUBLIC_PYPI_PATTERNS.some((pattern) => normalized.includes(pattern));
+}
+function isPrivatePackageSource(source) {
+  if (!source)
+    return false;
+  if (source.git)
+    return true;
+  if (source.path)
+    return true;
+  if (source.editable)
+    return true;
+  if (source.url)
+    return true;
+  if (source.virtual)
+    return true;
+  if (source.registry && !isPublicPyPIRegistry(source.registry)) {
+    return true;
+  }
+  return false;
+}
+function normalizePackageName(name) {
+  return name.toLowerCase().replace(/[-_.]+/g, "-");
+}
+function classifyPackages(options) {
+  const { lockFile, excludePackages = [] } = options;
+  const privatePackages = [];
+  const publicPackages = [];
+  const packageVersions = {};
+  const excludeSet = new Set(excludePackages.map(normalizePackageName));
+  for (const pkg of lockFile.packages) {
+    if (excludeSet.has(normalizePackageName(pkg.name))) {
+      continue;
+    }
+    packageVersions[pkg.name] = pkg.version;
+    if (isPrivatePackageSource(pkg.source)) {
+      privatePackages.push(pkg.name);
+    } else {
+      publicPackages.push(pkg.name);
+    }
+  }
+  return { privatePackages, publicPackages, packageVersions };
+}
+function generateRuntimeRequirements(classification) {
+  const lines = [
+    "# Auto-generated requirements for runtime installation",
+    "# Private packages are bundled separately and not listed here.",
+    ""
+  ];
+  for (const pkgName of classification.publicPackages) {
+    const version = classification.packageVersions[pkgName];
+    if (version) {
+      lines.push(`${pkgName}==${version}`);
+    } else {
+      lines.push(pkgName);
+    }
+  }
+  return lines.join("\n");
+}
+
 // src/manifest/python-selector.ts
 function selectPython(constraints, available) {
   const warnings = [];
@@ -2234,9 +2413,15 @@ export {
   UvConfigSchema,
   UvConfigWorkspaceSchema,
   UvIndexEntrySchema,
+  classifyPackages,
   containsAppOrHandler,
   createMinimalManifest,
   discoverPythonPackage,
+  generateRuntimeRequirements,
+  isPrivatePackageSource,
+  normalizePackageName,
+  parseUvLock,
+  scanDistributions,
   selectPython,
   stringifyManifest
 };

package/dist/manifest/dist-metadata.d.ts

@@ -0,0 +1,103 @@
+/**
+ * Installed distribution metadata scanning.
+ *
+ * Scans a site-packages directory for .dist-info subdirectories and parses
+ * their metadata using WASM-based parsers.
+ *
+ * Nomenclature strives to follow that of Python's importlib.metadata module:
+ * https://docs.python.org/3/library/importlib.metadata.html
+ */
+/** A file record from a RECORD file (analogous to importlib.metadata.PackagePath). */
+export interface PackagePath {
+    path: string;
+    hash?: string;
+    size?: bigint;
+}
+/** PEP 610 direct URL origin info (analogous to importlib.metadata.Distribution.origin). */
+export type DirectUrlInfo = {
+    tag: 'local-directory';
+    val: {
+        url: string;
+        editable: boolean;
+    };
+} | {
+    tag: 'archive';
+    val: {
+        url: string;
+        hash?: string;
+    };
+} | {
+    tag: 'vcs';
+    val: {
+        url: string;
+        vcs: string;
+        commitId?: string;
+        requestedRevision?: string;
+    };
+};
+/**
+ * An installed distribution parsed from a .dist-info directory.
+ * Analogous to importlib.metadata.Distribution.
+ */
+export interface Distribution {
+    /** Normalized package name (PEP 503). */
+    name: string;
+    /** Package version string. */
+    version: string;
+    /** Metadata version (e.g. "2.1", "2.3"). */
+    metadataVersion: string;
+    /** One-line summary. */
+    summary?: string;
+    /** Full description. */
+    description?: string;
+    /** Description content type (e.g. "text/markdown"). */
+    descriptionContentType?: string;
+    /** PEP 508 dependency specifiers (analogous to importlib.metadata.requires()). */
+    requiresDist: string[];
+    /** Python version requirement (e.g. ">=3.8"). */
+    requiresPython?: string;
+    /** Extra names provided by this distribution. */
+    providesExtra: string[];
+    /** Author name. */
+    author?: string;
+    /** Author email. */
+    authorEmail?: string;
+    /** Maintainer name. */
+    maintainer?: string;
+    /** Maintainer email. */
+    maintainerEmail?: string;
+    /** License text. */
+    license?: string;
+    /** SPDX license expression. */
+    licenseExpression?: string;
+    /** Trove classifiers. */
+    classifiers: string[];
+    /** Home page URL. */
+    homePage?: string;
+    /** Project URLs as [label, url] pairs. */
+    projectUrls: [string, string][];
+    /** Supported platforms. */
+    platforms: string[];
+    /** Dynamic metadata fields. */
+    dynamic: string[];
+    /** Installed files from RECORD (analogous to importlib.metadata.files()). */
+    files: PackagePath[];
+    /** PEP 610 origin info (analogous to importlib.metadata.Distribution.origin). */
+    origin?: DirectUrlInfo;
+    /** Installer tool name (from INSTALLER file). */
+    installer?: string;
+}
+/** Map of normalized package name to distribution info. */
+export type DistributionIndex = Map<string, Distribution>;
+/**
+ * Scan a site-packages directory for installed distributions.
+ *
+ * Reads .dist-info directories and parses their METADATA, RECORD,
+ * direct_url.json, and INSTALLER files.
+ *
+ * Analogous to importlib.metadata.distributions() but returns an indexed map.
+ *
+ * @param sitePackagesDir - Absolute path to a site-packages directory
+ * @returns Map of normalized package name to distribution info
+ */
+export declare function scanDistributions(sitePackagesDir: string): Promise<DistributionIndex>;

package/dist/manifest/uv-lock-parser.d.ts

@@ -0,0 +1,77 @@
+/**
+ * A source of a package in a uv.lock file
+ */
+export interface UvLockPackageSource {
+    registry?: string;
+    url?: string;
+    git?: string;
+    path?: string;
+    editable?: string;
+    virtual?: string;
+}
+/**
+ * A package entry from a parsed uv.lock file.
+ */
+export interface UvLockPackage {
+    name: string;
+    version: string;
+    source?: UvLockPackageSource;
+}
+/**
+ * Parsed uv.lock file structure.
+ */
+export interface UvLockFile {
+    version?: number;
+    packages: UvLockPackage[];
+}
+/**
+ * Parse the contents of a uv.lock file.
+ *
+ * @param content - The raw content of the uv.lock file
+ * @param path - Optional path to the file for error reporting
+ */
+export declare function parseUvLock(content: string, path?: string): UvLockFile;
+/**
+ * Check if a package source indicates it's a private package.
+ *
+ * Private packages are those from:
+ * - Git repositories
+ * - Local file paths
+ * - Editable installs
+ * - Direct URLs
+ * - Non-PyPI registry URLs (private PyPI mirrors, custom indexes)
+ */
+export declare function isPrivatePackageSource(source: UvLockPackageSource | undefined): boolean;
+/**
+ * Result of classifying packages from a uv.lock file.
+ */
+export interface PackageClassification {
+    privatePackages: string[];
+    publicPackages: string[];
+    packageVersions: Record<string, string>;
+}
+/**
+ * Normalize a Python package name according to PEP 503.
+ */
+export declare function normalizePackageName(name: string): string;
+/**
+ * Options for classifying packages.
+ */
+export interface ClassifyPackagesOptions {
+    lockFile: UvLockFile;
+    excludePackages?: string[];
+}
+/**
+ * Classify packages from a uv.lock file into private and public categories.
+ *
+ * This is used for determining which packages can be installed from PyPI
+ * at runtime vs. which must be bundled with the deployment.
+ */
+export declare function classifyPackages(options: ClassifyPackagesOptions): PackageClassification;
+/**
+ * Generate requirements.txt content for runtime installation.
+ *
+ * Only includes public packages that will be installed at runtime from PyPI.
+ * Private packages should be bundled separately.
+ */
+export declare function generateRuntimeRequirements(classification: PackageClassification): string;

package/dist/wasm/interfaces/wasi-random-insecure-seed.d.ts

@@ -0,0 +1,2 @@
+/** @module Interface wasi:random/insecure-seed@0.2.6 **/
+export function insecureSeed(): [bigint, bigint];

package/dist/wasm/vercel_python_analysis.d.ts

@@ -1,18 +1,78 @@
 // world root:component/root
+export interface RecordEntry {
+  path: string,
+  hash?: string,
+  size?: bigint,
+}
+export interface DistMetadata {
+  metadataVersion: string,
+  name: string,
+  version: string,
+  summary?: string,
+  description?: string,
+  descriptionContentType?: string,
+  requiresDist: Array<string>,
+  requiresPython?: string,
+  providesExtra: Array<string>,
+  author?: string,
+  authorEmail?: string,
+  maintainer?: string,
+  maintainerEmail?: string,
+  license?: string,
+  licenseExpression?: string,
+  classifiers: Array<string>,
+  homePage?: string,
+  projectUrls: Array<[string, string]>,
+  platforms: Array<string>,
+  dynamic: Array<string>,
+}
+export interface DirUrlInfo {
+  url: string,
+  editable: boolean,
+}
+export interface ArchiveUrlInfo {
+  url: string,
+  hash?: string,
+}
+export interface VcsUrlInfo {
+  url: string,
+  vcs: string,
+  commitId?: string,
+  requestedRevision?: string,
+}
+export type DirectUrlInfo = DirectUrlInfoLocalDirectory | DirectUrlInfoArchive | DirectUrlInfoVcs;
+export interface DirectUrlInfoLocalDirectory {
+  tag: 'local-directory',
+  val: DirUrlInfo,
+}
+export interface DirectUrlInfoArchive {
+  tag: 'archive',
+  val: ArchiveUrlInfo,
+}
+export interface DirectUrlInfoVcs {
+  tag: 'vcs',
+  val: VcsUrlInfo,
+}
 import type * as WasiCliEnvironment from './interfaces/wasi-cli-environment.js'; // wasi:cli/environment@0.2.6
 import type * as WasiCliExit from './interfaces/wasi-cli-exit.js'; // wasi:cli/exit@0.2.6
 import type * as WasiCliStderr from './interfaces/wasi-cli-stderr.js'; // wasi:cli/stderr@0.2.6
 import type * as WasiIoError from './interfaces/wasi-io-error.js'; // wasi:io/error@0.2.6
 import type * as WasiIoStreams from './interfaces/wasi-io-streams.js'; // wasi:io/streams@0.2.6
+import type * as WasiRandomInsecureSeed from './interfaces/wasi-random-insecure-seed.js'; // wasi:random/insecure-seed@0.2.6
 export interface ImportObject {
   'wasi:cli/environment@0.2.6': typeof WasiCliEnvironment,
   'wasi:cli/exit@0.2.6': typeof WasiCliExit,
   'wasi:cli/stderr@0.2.6': typeof WasiCliStderr,
   'wasi:io/error@0.2.6': typeof WasiIoError,
   'wasi:io/streams@0.2.6': typeof WasiIoStreams,
+  'wasi:random/insecure-seed@0.2.6': typeof WasiRandomInsecureSeed,
 }
 export interface Root {
   containsAppOrHandler(source: string): boolean,
+  parseDistMetadata(content: Uint8Array): DistMetadata,
+  parseRecord(content: string): Array<RecordEntry>,
+  parseDirectUrl(content: string): DirectUrlInfo,
+  normalizePackageName(name: string): string,
 }
 
 /**