npm - @vercel/python-analysis - Versions diffs - 0.5.0-canary.20260211174907.cdd2da6 → 0.5.0 - Mend

@vercel/python-analysis 0.5.0-canary.20260211174907.cdd2da6 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

package/dist/index.cjs +253 -48
package/dist/index.d.ts +4 -0
package/dist/index.js +215 -16
package/dist/manifest/dist-metadata.d.ts +103 -0
package/dist/manifest/uv-lock-parser.d.ts +77 -0
package/dist/util/error.d.ts +7 -1
package/dist/wasm/interfaces/wasi-random-insecure-seed.d.ts +2 -0
package/dist/wasm/vercel_python_analysis.core.wasm +0 -0
package/dist/wasm/vercel_python_analysis.core2.wasm +0 -0
package/dist/wasm/vercel_python_analysis.core3.wasm +0 -0
package/dist/wasm/vercel_python_analysis.core4.wasm +0 -0
package/dist/wasm/vercel_python_analysis.d.ts +60 -0
package/dist/wasm/vercel_python_analysis.js +734 -20
package/package.json +1 -1
/package/dist/{semantic → wasm}/load.d.ts +0 -0

package/dist/index.js CHANGED Viewed

@@ -1,4 +1,4 @@
-// src/semantic/load.ts
+// src/wasm/load.ts
 import { readFile } from "fs/promises";
 import { createRequire } from "module";
 import { dirname, join } from "path";
@@ -17,7 +17,7 @@ function getWasmDir() {
 }
 async function getCoreModule(path4) {
   const wasmPath = join(getWasmDir(), path4);
-  const wasmBytes = await readFile(wasmPath);
+  const wasmBytes = new Uint8Array(await readFile(wasmPath));
   return WebAssembly.compile(wasmBytes);
 }
 async function importWasmModule() {
@@ -47,6 +47,96 @@ async function containsAppOrHandler(source) {
   return mod.containsAppOrHandler(source);
 }
+// src/manifest/dist-metadata.ts
+import { readdir, readFile as readFile2 } from "fs/promises";
+import { join as join2 } from "path";
+async function readDistInfoFile(distInfoDir, filename) {
+  try {
+    return await readFile2(join2(distInfoDir, filename), "utf-8");
+  } catch {
+    return void 0;
+  }
+}
+async function scanDistributions(sitePackagesDir) {
+  const mod = await importWasmModule();
+  const index = /* @__PURE__ */ new Map();
+  let entries;
+  try {
+    entries = await readdir(sitePackagesDir);
+  } catch {
+    return index;
+  }
+  const distInfoDirs = entries.filter((e) => e.endsWith(".dist-info"));
+  for (const dirName of distInfoDirs) {
+    const distInfoPath = join2(sitePackagesDir, dirName);
+    const metadataContent = await readDistInfoFile(distInfoPath, "METADATA");
+    if (!metadataContent) {
+      console.debug(`Missing METADATA in ${dirName}`);
+      continue;
+    }
+    let metadata;
+    try {
+      metadata = mod.parseDistMetadata(
+        new TextEncoder().encode(metadataContent)
+      );
+    } catch (e) {
+      console.debug(`Failed to parse METADATA for ${dirName}: ${e}`);
+      continue;
+    }
+    const normalizedName = mod.normalizePackageName(metadata.name);
+    let files = [];
+    const recordContent = await readDistInfoFile(distInfoPath, "RECORD");
+    if (recordContent) {
+      try {
+        files = mod.parseRecord(recordContent);
+      } catch (e) {
+        console.warn(`Failed to parse RECORD for ${dirName}: ${e}`);
+      }
+    }
+    let origin;
+    const directUrlContent = await readDistInfoFile(
+      distInfoPath,
+      "direct_url.json"
+    );
+    if (directUrlContent) {
+      try {
+        origin = mod.parseDirectUrl(directUrlContent);
+      } catch (e) {
+        console.debug(`Failed to parse direct_url.json for ${dirName}: ${e}`);
+      }
+    }
+    const installerContent = await readDistInfoFile(distInfoPath, "INSTALLER");
+    const installer = installerContent?.trim() || void 0;
+    const dist = {
+      name: normalizedName,
+      version: metadata.version,
+      metadataVersion: metadata.metadataVersion,
+      summary: metadata.summary,
+      description: metadata.description,
+      descriptionContentType: metadata.descriptionContentType,
+      requiresDist: metadata.requiresDist,
+      requiresPython: metadata.requiresPython,
+      providesExtra: metadata.providesExtra,
+      author: metadata.author,
+      authorEmail: metadata.authorEmail,
+      maintainer: metadata.maintainer,
+      maintainerEmail: metadata.maintainerEmail,
+      license: metadata.license,
+      licenseExpression: metadata.licenseExpression,
+      classifiers: metadata.classifiers,
+      homePage: metadata.homePage,
+      projectUrls: metadata.projectUrls,
+      platforms: metadata.platforms,
+      dynamic: metadata.dynamic,
+      files,
+      origin,
+      installer
+    };
+    index.set(normalizedName, dist);
+  }
+  return index;
+}
 // src/manifest/package.ts
 import path3 from "path";
 import { match as minimatchMatch } from "minimatch";
@@ -58,7 +148,7 @@ import toml from "smol-toml";
 // src/util/fs.ts
 import path from "path";
-import { readFile as readFile2 } from "fs-extra";
+import { readFile as readFile3 } from "fs-extra";
 // src/util/error.ts
 import util from "util";
@@ -66,7 +156,14 @@ var isErrnoException = (error, code = void 0) => {
   return util.types.isNativeError(error) && "code" in error && (code === void 0 || error.code === code);
 };
 var PythonAnalysisError = class extends Error {
-  constructor({ message, code, path: path4, link, action }) {
+  constructor({
+    message,
+    code,
+    path: path4,
+    link,
+    action,
+    fileContent
+  }) {
     super(message);
     this.hideStackTrace = true;
     this.name = "PythonAnalysisError";
@@ -74,13 +171,14 @@ var PythonAnalysisError = class extends Error {
     this.path = path4;
     this.link = link;
     this.action = action;
+    this.fileContent = fileContent;
   }
 };
 // src/util/fs.ts
 async function readFileIfExists(file) {
   try {
-    return await readFile2(file);
+    return await readFile3(file);
   } catch (error) {
     if (!isErrnoException(error, "ENOENT")) {
       throw error;
@@ -135,7 +233,8 @@ function parseRawConfig(content, filename, filetype = void 0) {
       throw new PythonAnalysisError({
         message: `Could not parse config file "${filename}": ${error.message}`,
         code: "PYTHON_CONFIG_PARSE_ERROR",
-        path: filename
+        path: filename,
+        fileContent: content
       });
     }
     throw error;
@@ -153,7 +252,8 @@ function parseConfig(content, filename, schema, filetype = void 0) {
       message: `Invalid config in "${filename}":
 ${issues}`,
       code: "PYTHON_CONFIG_VALIDATION_ERROR",
-      path: filename
+      path: filename,
+      fileContent: content
     });
   }
   return result.data;
@@ -981,9 +1081,9 @@ function normalizePathRequirement(rawLine) {
   }
   return req;
 }
-function convertRequirementsToPyprojectToml(fileContent, readFile3) {
+function convertRequirementsToPyprojectToml(fileContent, readFile4) {
   const pyproject = {};
-  const parsed = parseRequirementsFile(fileContent, readFile3);
+  const parsed = parseRequirementsFile(fileContent, readFile4);
   const deps = [];
   const sources = {};
   for (const req of parsed.requirements) {
@@ -1042,11 +1142,11 @@ function buildIndexEntries(pipOptions) {
   }
   return indexes;
 }
-function parseRequirementsFile(fileContent, readFile3) {
+function parseRequirementsFile(fileContent, readFile4) {
   const visited = /* @__PURE__ */ new Set();
-  return parseRequirementsFileInternal(fileContent, readFile3, visited);
+  return parseRequirementsFileInternal(fileContent, readFile4, visited);
 }
-function parseRequirementsFileInternal(fileContent, readFile3, visited) {
+function parseRequirementsFileInternal(fileContent, readFile4, visited) {
   const { cleanedContent, options, pathRequirements, editableRequirements } = extractPipArguments(fileContent);
   const hashMap = buildHashMap(fileContent);
   const requirements = parsePipRequirementsFile(cleanedContent);
@@ -1094,18 +1194,18 @@ function parseRequirementsFileInternal(fileContent, readFile3, visited) {
       normalized.push(norm);
     }
   }
-  if (readFile3) {
+  if (readFile4) {
     for (const refPath of mergedOptions.requirementFiles) {
       const refPathKey = normalize(refPath);
       if (visited.has(refPathKey)) {
         continue;
       }
       visited.add(refPathKey);
-      const refContent = readFile3(refPath);
+      const refContent = readFile4(refPath);
       if (refContent != null) {
         const refParsed = parseRequirementsFileInternal(
           refContent,
-          readFile3,
+          readFile4,
           visited
         );
         const existingNames = new Set(
@@ -1973,12 +2073,16 @@ async function maybeLoadRequirementsTxt(root, subdir, fileName) {
   } catch (error) {
     if (error instanceof PythonAnalysisError) {
       error.path = requirementsTxtRelPath;
+      if (!error.fileContent) {
+        error.fileContent = requirementsContent;
+      }
       throw error;
     }
     throw new PythonAnalysisError({
       message: `could not parse ${fileName}: ${error instanceof Error ? error.message : String(error)}`,
       code: "PYTHON_REQUIREMENTS_PARSE_ERROR",
-      path: requirementsTxtRelPath
+      path: requirementsTxtRelPath,
+      fileContent: requirementsContent
     });
   }
 }
@@ -2038,6 +2142,95 @@ function createMinimalManifest(options = {}) {
   };
 }
+// src/manifest/uv-lock-parser.ts
+import toml3 from "smol-toml";
+function parseUvLock(content, path4) {
+  let parsed;
+  try {
+    parsed = toml3.parse(content);
+  } catch (error) {
+    throw new PythonAnalysisError({
+      message: `Could not parse uv.lock: ${error instanceof Error ? error.message : String(error)}`,
+      code: "PYTHON_UV_LOCK_PARSE_ERROR",
+      path: path4,
+      fileContent: content
+    });
+  }
+  const packages = (parsed.package ?? []).filter((pkg) => pkg.name && pkg.version).map((pkg) => ({
+    name: pkg.name,
+    version: pkg.version,
+    source: pkg.source
+  }));
+  return { version: parsed.version, packages };
+}
+var PUBLIC_PYPI_PATTERNS = [
+  "https://pypi.org",
+  "https://files.pythonhosted.org",
+  "pypi.org"
+];
+function isPublicPyPIRegistry(registryUrl) {
+  if (!registryUrl)
+    return true;
+  const normalized = registryUrl.toLowerCase();
+  return PUBLIC_PYPI_PATTERNS.some((pattern) => normalized.includes(pattern));
+}
+function isPrivatePackageSource(source) {
+  if (!source)
+    return false;
+  if (source.git)
+    return true;
+  if (source.path)
+    return true;
+  if (source.editable)
+    return true;
+  if (source.url)
+    return true;
+  if (source.virtual)
+    return true;
+  if (source.registry && !isPublicPyPIRegistry(source.registry)) {
+    return true;
+  }
+  return false;
+}
+function normalizePackageName(name) {
+  return name.toLowerCase().replace(/[-_.]+/g, "-");
+}
+function classifyPackages(options) {
+  const { lockFile, excludePackages = [] } = options;
+  const privatePackages = [];
+  const publicPackages = [];
+  const packageVersions = {};
+  const excludeSet = new Set(excludePackages.map(normalizePackageName));
+  for (const pkg of lockFile.packages) {
+    if (excludeSet.has(normalizePackageName(pkg.name))) {
+      continue;
+    }
+    packageVersions[pkg.name] = pkg.version;
+    if (isPrivatePackageSource(pkg.source)) {
+      privatePackages.push(pkg.name);
+    } else {
+      publicPackages.push(pkg.name);
+    }
+  }
+  return { privatePackages, publicPackages, packageVersions };
+}
+function generateRuntimeRequirements(classification) {
+  const lines = [
+    "# Auto-generated requirements for runtime installation",
+    "# Private packages are bundled separately and not listed here.",
+    ""
+  ];
+  for (const pkgName of classification.publicPackages) {
+    const version = classification.packageVersions[pkgName];
+    if (version) {
+      lines.push(`${pkgName}==${version}`);
+    } else {
+      lines.push(pkgName);
+    }
+  }
+  return lines.join("\n");
+}
 // src/manifest/python-selector.ts
 function selectPython(constraints, available) {
   const warnings = [];
@@ -2220,9 +2413,15 @@ export {
   UvConfigSchema,
   UvConfigWorkspaceSchema,
   UvIndexEntrySchema,
+  classifyPackages,
   containsAppOrHandler,
   createMinimalManifest,
   discoverPythonPackage,
+  generateRuntimeRequirements,
+  isPrivatePackageSource,
+  normalizePackageName,
+  parseUvLock,
+  scanDistributions,
   selectPython,
   stringifyManifest
 };

package/dist/manifest/dist-metadata.d.ts ADDED Viewed

@@ -0,0 +1,103 @@
+/**
+ * Installed distribution metadata scanning.
+ *
+ * Scans a site-packages directory for .dist-info subdirectories and parses
+ * their metadata using WASM-based parsers.
+ *
+ * Nomenclature strives to follow that of Python's importlib.metadata module:
+ * https://docs.python.org/3/library/importlib.metadata.html
+ */
+/** A file record from a RECORD file (analogous to importlib.metadata.PackagePath). */
+export interface PackagePath {
+    path: string;
+    hash?: string;
+    size?: bigint;
+}
+/** PEP 610 direct URL origin info (analogous to importlib.metadata.Distribution.origin). */
+export type DirectUrlInfo = {
+    tag: 'local-directory';
+    val: {
+        url: string;
+        editable: boolean;
+    };
+} | {
+    tag: 'archive';
+    val: {
+        url: string;
+        hash?: string;
+    };
+} | {
+    tag: 'vcs';
+    val: {
+        url: string;
+        vcs: string;
+        commitId?: string;
+        requestedRevision?: string;
+    };
+};
+/**
+ * An installed distribution parsed from a .dist-info directory.
+ * Analogous to importlib.metadata.Distribution.
+ */
+export interface Distribution {
+    /** Normalized package name (PEP 503). */
+    name: string;
+    /** Package version string. */
+    version: string;
+    /** Metadata version (e.g. "2.1", "2.3"). */
+    metadataVersion: string;
+    /** One-line summary. */
+    summary?: string;
+    /** Full description. */
+    description?: string;
+    /** Description content type (e.g. "text/markdown"). */
+    descriptionContentType?: string;
+    /** PEP 508 dependency specifiers (analogous to importlib.metadata.requires()). */
+    requiresDist: string[];
+    /** Python version requirement (e.g. ">=3.8"). */
+    requiresPython?: string;
+    /** Extra names provided by this distribution. */
+    providesExtra: string[];
+    /** Author name. */
+    author?: string;
+    /** Author email. */
+    authorEmail?: string;
+    /** Maintainer name. */
+    maintainer?: string;
+    /** Maintainer email. */
+    maintainerEmail?: string;
+    /** License text. */
+    license?: string;
+    /** SPDX license expression. */
+    licenseExpression?: string;
+    /** Trove classifiers. */
+    classifiers: string[];
+    /** Home page URL. */
+    homePage?: string;
+    /** Project URLs as [label, url] pairs. */
+    projectUrls: [string, string][];
+    /** Supported platforms. */
+    platforms: string[];
+    /** Dynamic metadata fields. */
+    dynamic: string[];
+    /** Installed files from RECORD (analogous to importlib.metadata.files()). */
+    files: PackagePath[];
+    /** PEP 610 origin info (analogous to importlib.metadata.Distribution.origin). */
+    origin?: DirectUrlInfo;
+    /** Installer tool name (from INSTALLER file). */
+    installer?: string;
+}
+/** Map of normalized package name to distribution info. */
+export type DistributionIndex = Map<string, Distribution>;
+/**
+ * Scan a site-packages directory for installed distributions.
+ *
+ * Reads .dist-info directories and parses their METADATA, RECORD,
+ * direct_url.json, and INSTALLER files.
+ *
+ * Analogous to importlib.metadata.distributions() but returns an indexed map.
+ *
+ * @param sitePackagesDir - Absolute path to a site-packages directory
+ * @returns Map of normalized package name to distribution info
+ */
+export declare function scanDistributions(sitePackagesDir: string): Promise<DistributionIndex>;

package/dist/manifest/uv-lock-parser.d.ts ADDED Viewed

@@ -0,0 +1,77 @@
+/**
+ * A source of a package in a uv.lock file
+ */
+export interface UvLockPackageSource {
+    registry?: string;
+    url?: string;
+    git?: string;
+    path?: string;
+    editable?: string;
+    virtual?: string;
+}
+/**
+ * A package entry from a parsed uv.lock file.
+ */
+export interface UvLockPackage {
+    name: string;
+    version: string;
+    source?: UvLockPackageSource;
+}
+/**
+ * Parsed uv.lock file structure.
+ */
+export interface UvLockFile {
+    version?: number;
+    packages: UvLockPackage[];
+}
+/**
+ * Parse the contents of a uv.lock file.
+ *
+ * @param content - The raw content of the uv.lock file
+ * @param path - Optional path to the file for error reporting
+ */
+export declare function parseUvLock(content: string, path?: string): UvLockFile;
+/**
+ * Check if a package source indicates it's a private package.
+ *
+ * Private packages are those from:
+ * - Git repositories
+ * - Local file paths
+ * - Editable installs
+ * - Direct URLs
+ * - Non-PyPI registry URLs (private PyPI mirrors, custom indexes)
+ */
+export declare function isPrivatePackageSource(source: UvLockPackageSource | undefined): boolean;
+/**
+ * Result of classifying packages from a uv.lock file.
+ */
+export interface PackageClassification {
+    privatePackages: string[];
+    publicPackages: string[];
+    packageVersions: Record<string, string>;
+}
+/**
+ * Normalize a Python package name according to PEP 503.
+ */
+export declare function normalizePackageName(name: string): string;
+/**
+ * Options for classifying packages.
+ */
+export interface ClassifyPackagesOptions {
+    lockFile: UvLockFile;
+    excludePackages?: string[];
+}
+/**
+ * Classify packages from a uv.lock file into private and public categories.
+ *
+ * This is used for determining which packages can be installed from PyPI
+ * at runtime vs. which must be bundled with the deployment.
+ */
+export declare function classifyPackages(options: ClassifyPackagesOptions): PackageClassification;
+/**
+ * Generate requirements.txt content for runtime installation.
+ *
+ * Only includes public packages that will be installed at runtime from PyPI.
+ * Private packages should be bundled separately.
+ */
+export declare function generateRuntimeRequirements(classification: PackageClassification): string;

package/dist/util/error.d.ts CHANGED Viewed

@@ -22,6 +22,11 @@ interface PythonAnalysisErrorProps {
      * Optional "action" to display before the `link`, such as "Learn More".
      */
     action?: string;
+    /**
+     * The raw content of the file that failed to parse, if available.
+     * Useful for diagnostic logging by callers.
+     */
+    fileContent?: string;
 }
 /**
  * This error should be thrown from Python analysis functions
@@ -34,6 +39,7 @@ export declare class PythonAnalysisError extends Error {
     path?: string;
     link?: string;
     action?: string;
-    constructor({ message, code, path, link, action }: PythonAnalysisErrorProps);
+    fileContent?: string;
+    constructor({ message, code, path, link, action, fileContent, }: PythonAnalysisErrorProps);
 }
 export {};

package/dist/wasm/interfaces/wasi-random-insecure-seed.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ / @module Interface wasi:random/insecure-seed@0.2.6 /
2	+ export function insecureSeed(): [bigint, bigint];

package/dist/wasm/vercel_python_analysis.core.wasm CHANGED Viewed

Binary file

package/dist/wasm/vercel_python_analysis.core2.wasm CHANGED Viewed

Binary file

package/dist/wasm/vercel_python_analysis.core3.wasm CHANGED Viewed

Binary file

package/dist/wasm/vercel_python_analysis.core4.wasm ADDED Viewed

Binary file

package/dist/wasm/vercel_python_analysis.d.ts CHANGED Viewed

@@ -1,18 +1,78 @@
 // world root:component/root
+export interface RecordEntry {
+  path: string,
+  hash?: string,
+  size?: bigint,
+}
+export interface DistMetadata {
+  metadataVersion: string,
+  name: string,
+  version: string,
+  summary?: string,
+  description?: string,
+  descriptionContentType?: string,
+  requiresDist: Array<string>,
+  requiresPython?: string,
+  providesExtra: Array<string>,
+  author?: string,
+  authorEmail?: string,
+  maintainer?: string,
+  maintainerEmail?: string,
+  license?: string,
+  licenseExpression?: string,
+  classifiers: Array<string>,
+  homePage?: string,
+  projectUrls: Array<[string, string]>,
+  platforms: Array<string>,
+  dynamic: Array<string>,
+}
+export interface DirUrlInfo {
+  url: string,
+  editable: boolean,
+}
+export interface ArchiveUrlInfo {
+  url: string,
+  hash?: string,
+}
+export interface VcsUrlInfo {
+  url: string,
+  vcs: string,
+  commitId?: string,
+  requestedRevision?: string,
+}
+export type DirectUrlInfo = DirectUrlInfoLocalDirectory | DirectUrlInfoArchive | DirectUrlInfoVcs;
+export interface DirectUrlInfoLocalDirectory {
+  tag: 'local-directory',
+  val: DirUrlInfo,
+}
+export interface DirectUrlInfoArchive {
+  tag: 'archive',
+  val: ArchiveUrlInfo,
+}
+export interface DirectUrlInfoVcs {
+  tag: 'vcs',
+  val: VcsUrlInfo,
+}
 import type * as WasiCliEnvironment from './interfaces/wasi-cli-environment.js'; // wasi:cli/environment@0.2.6
 import type * as WasiCliExit from './interfaces/wasi-cli-exit.js'; // wasi:cli/exit@0.2.6
 import type * as WasiCliStderr from './interfaces/wasi-cli-stderr.js'; // wasi:cli/stderr@0.2.6
 import type * as WasiIoError from './interfaces/wasi-io-error.js'; // wasi:io/error@0.2.6
 import type * as WasiIoStreams from './interfaces/wasi-io-streams.js'; // wasi:io/streams@0.2.6
+import type * as WasiRandomInsecureSeed from './interfaces/wasi-random-insecure-seed.js'; // wasi:random/insecure-seed@0.2.6
 export interface ImportObject {
   'wasi:cli/environment@0.2.6': typeof WasiCliEnvironment,
   'wasi:cli/exit@0.2.6': typeof WasiCliExit,
   'wasi:cli/stderr@0.2.6': typeof WasiCliStderr,
   'wasi:io/error@0.2.6': typeof WasiIoError,
   'wasi:io/streams@0.2.6': typeof WasiIoStreams,
+  'wasi:random/insecure-seed@0.2.6': typeof WasiRandomInsecureSeed,
 }
 export interface Root {
   containsAppOrHandler(source: string): boolean,
+  parseDistMetadata(content: Uint8Array): DistMetadata,
+  parseRecord(content: string): Array<RecordEntry>,
+  parseDirectUrl(content: string): DirectUrlInfo,
+  normalizePackageName(name: string): string,
 }
 /**