@vibe-validate/utils 0.19.0-rc.6 → 0.19.0-rc.9

package/dist/dependency-lock-check.d.ts

@@ -0,0 +1,129 @@
+/**
+ * Dependency Lock File Check
+ *
+ * Verifies that lock files are in sync with package.json to prevent cache poisoning.
+ * Supports npm, pnpm, yarn, and bun package managers with auto-detection.
+ */
+/**
+ * Supported package managers
+ */
+export type PackageManager = 'npm' | 'pnpm' | 'yarn' | 'bun';
+/**
+ * Skip reasons for dependency check
+ */
+export type SkipReason = 'npm-link' | 'env-var' | 'no-lock-file';
+/**
+ * Result of dependency lock file check
+ */
+export interface DependencyCheckResult {
+    /** Whether the check passed (lock file in sync) */
+    passed: boolean;
+    /** Whether the check was skipped */
+    skipped: boolean;
+    /** Reason for skipping the check */
+    skipReason?: SkipReason;
+    /** List of linked packages (if npm link detected) */
+    linkedPackages?: string[];
+    /** Error message if check failed */
+    error?: string;
+    /** Package manager used for check */
+    packageManager?: PackageManager;
+    /** Command executed for verification */
+    command?: string;
+    /** Duration of check in milliseconds */
+    duration: number;
+}
+/**
+ * Detect package manager from git root directory
+ *
+ * Detection strategy:
+ * 1. Check config override first (if provided)
+ * 2. Read package.json for packageManager field
+ * 3. Check for lock files in priority order (bun → yarn → pnpm → npm)
+ *
+ * @param gitRoot - Git repository root path
+ * @param configPackageManager - Optional package manager from config
+ * @returns Detected package manager or null if none found
+ *
+ * @example
+ * const pm = detectPackageManager('/path/to/repo');
+ * console.log(pm); // 'pnpm' or 'npm' or null
+ *
+ * @example
+ * // With config override
+ * const pm = detectPackageManager('/path/to/repo', 'yarn');
+ * console.log(pm); // 'yarn'
+ */
+export declare function detectPackageManager(gitRoot: string, configPackageManager?: PackageManager): PackageManager | null;
+/**
+ * Detect linked packages (npm link) in node_modules
+ *
+ * Uses lstatSync to check for symlinks (cross-platform, works on Windows).
+ * Checks both top-level entries and scoped packages (@org/package).
+ *
+ * @param gitRoot - Git repository root path
+ * @returns Array of linked package names
+ *
+ * @example
+ * const linked = detectLinkedPackages('/path/to/repo');
+ * console.log(linked); // ['my-package', '@org/other-package']
+ */
+export declare function detectLinkedPackages(gitRoot: string): string[];
+/**
+ * Build install command for package manager
+ *
+ * If custom command provided, parses into array format.
+ * Otherwise, returns appropriate frozen lockfile command:
+ * - npm: npm ci
+ * - pnpm: pnpm install --frozen-lockfile
+ * - yarn: yarn install --immutable
+ * - bun: bun install --frozen-lockfile
+ *
+ * @param packageManager - Package manager to build command for
+ * @param customCommand - Optional custom command string
+ * @returns Command array [command, ...args]
+ *
+ * @example
+ * const cmd = buildInstallCommand('npm');
+ * console.log(cmd); // ['npm', 'ci']
+ *
+ * @example
+ * const cmd = buildInstallCommand('npm', 'npm ci --legacy-peer-deps');
+ * console.log(cmd); // ['npm', 'ci', '--legacy-peer-deps']
+ */
+export declare function buildInstallCommand(packageManager: PackageManager, customCommand?: string): string[];
+/**
+ * Run dependency lock file verification
+ *
+ * Checks that lock file is in sync with package.json by running
+ * the package manager's install command with frozen lockfile flag.
+ *
+ * Skip conditions:
+ * - VV_SKIP_DEPENDENCY_CHECK env var is set
+ * - npm link detected (linked packages present)
+ *
+ * @param gitRoot - Git repository root path
+ * @param config - Configuration object
+ * @param config.packageManager - Optional package manager override
+ * @param config.command - Optional custom verification command
+ * @param verbose - Enable verbose output
+ * @returns Dependency check result
+ *
+ * @example
+ * const result = await runDependencyCheck('/path/to/repo', {}, false);
+ * if (!result.passed) {
+ *   console.error(result.error);
+ * }
+ *
+ * @example
+ * // With custom command
+ * const result = await runDependencyCheck('/path/to/repo', {
+ *   packageManager: 'npm',
+ *   command: 'npm ci --legacy-peer-deps'
+ * }, true);
+ */
+export declare function runDependencyCheck(gitRoot: string, config: {
+    packageManager?: PackageManager;
+    command?: string;
+}, verbose: boolean): Promise<DependencyCheckResult>;
+//# sourceMappingURL=dependency-lock-check.d.ts.map

package/dist/dependency-lock-check.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"dependency-lock-check.d.ts","sourceRoot":"","sources":["../src/dependency-lock-check.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAOH;;GAEG;AACH,MAAM,MAAM,cAAc,GAAG,KAAK,GAAG,MAAM,GAAG,MAAM,GAAG,KAAK,CAAC;AAE7D;;GAEG;AACH,MAAM,MAAM,UAAU,GAAG,UAAU,GAAG,SAAS,GAAG,cAAc,CAAC;AAEjE;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,mDAAmD;IACnD,MAAM,EAAE,OAAO,CAAC;IAChB,oCAAoC;IACpC,OAAO,EAAE,OAAO,CAAC;IACjB,oCAAoC;IACpC,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB,qDAAqD;IACrD,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,oCAAoC;IACpC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,qCAAqC;IACrC,cAAc,CAAC,EAAE,cAAc,CAAC;IAChC,wCAAwC;IACxC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,wCAAwC;IACxC,QAAQ,EAAE,MAAM,CAAC;CAClB;AAiBD;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,wBAAgB,oBAAoB,CAClC,OAAO,EAAE,MAAM,EACf,oBAAoB,CAAC,EAAE,cAAc,GACpC,cAAc,GAAG,IAAI,CAgCvB;AAkCD;;;;;;;;;;;;GAYG;AACH,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,EAAE,CA+B9D;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,wBAAgB,mBAAmB,CACjC,cAAc,EAAE,cAAc,EAC9B,aAAa,CAAC,EAAE,MAAM,GACrB,MAAM,EAAE,CAiBV;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AACH,wBAAsB,kBAAkB,CACtC,OAAO,EAAE,MAAM,EACf,MAAM,EAAE;IACN,cAAc,CAAC,EAAE,cAAc,CAAC;IAChC,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB,EACD,OAAO,EAAE,OAAO,GACf,OAAO,CAAC,qBAAqB,CAAC,CA0FhC"}

package/dist/dependency-lock-check.js

@@ -0,0 +1,295 @@
+/**
+ * Dependency Lock File Check
+ *
+ * Verifies that lock files are in sync with package.json to prevent cache poisoning.
+ * Supports npm, pnpm, yarn, and bun package managers with auto-detection.
+ */
+import { existsSync, lstatSync, readdirSync, readFileSync } from 'node:fs';
+import { join } from 'node:path';
+import { safeExecResult } from './safe-exec.js';
+/**
+ * Lock file names for each package manager
+ */
+const LOCK_FILES = {
+    bun: 'bun.lockb',
+    yarn: 'yarn.lock',
+    pnpm: 'pnpm-lock.yaml',
+    npm: 'package-lock.json',
+};
+/**
+ * Priority order for lock file detection (most specific first)
+ */
+const DETECTION_PRIORITY = ['bun', 'yarn', 'pnpm', 'npm'];
+/**
+ * Detect package manager from git root directory
+ *
+ * Detection strategy:
+ * 1. Check config override first (if provided)
+ * 2. Read package.json for packageManager field
+ * 3. Check for lock files in priority order (bun → yarn → pnpm → npm)
+ *
+ * @param gitRoot - Git repository root path
+ * @param configPackageManager - Optional package manager from config
+ * @returns Detected package manager or null if none found
+ *
+ * @example
+ * const pm = detectPackageManager('/path/to/repo');
+ * console.log(pm); // 'pnpm' or 'npm' or null
+ *
+ * @example
+ * // With config override
+ * const pm = detectPackageManager('/path/to/repo', 'yarn');
+ * console.log(pm); // 'yarn'
+ */
+export function detectPackageManager(gitRoot, configPackageManager) {
+    // 1. Config override takes precedence
+    if (configPackageManager) {
+        return configPackageManager;
+    }
+    // 2. Check package.json packageManager field
+    const packageJsonPath = join(gitRoot, 'package.json');
+    if (existsSync(packageJsonPath)) {
+        try {
+            const packageJson = JSON.parse(readFileSync(packageJsonPath, 'utf8'));
+            if (packageJson.packageManager) {
+                // Format: "pnpm@8.6.0" or "npm@9.0.0"
+                const match = packageJson.packageManager.match(/^(npm|pnpm|yarn|bun)@/);
+                if (match) {
+                    return match[1];
+                }
+            }
+        }
+        catch {
+            // Ignore parse errors, fall through to lock file detection
+        }
+    }
+    // 3. Check for lock files in priority order
+    for (const pm of DETECTION_PRIORITY) {
+        const lockFile = join(gitRoot, LOCK_FILES[pm]);
+        if (existsSync(lockFile)) {
+            return pm;
+        }
+    }
+    return null;
+}
+/**
+ * Check if path is a symlink (safe, ignores errors)
+ */
+function isSymlink(path) {
+    try {
+        return lstatSync(path).isSymbolicLink();
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Find linked packages in scoped directory (@org/*)
+ */
+function findScopedLinkedPackages(scopePath, scopeName) {
+    const linked = [];
+    try {
+        const scopedEntries = readdirSync(scopePath, { withFileTypes: true });
+        for (const scopedEntry of scopedEntries) {
+            const scopedPath = join(scopePath, scopedEntry.name);
+            if (isSymlink(scopedPath)) {
+                linked.push(`${scopeName}/${scopedEntry.name}`);
+            }
+        }
+    }
+    catch {
+        // Ignore readdir errors for scoped directory
+    }
+    return linked;
+}
+/**
+ * Detect linked packages (npm link) in node_modules
+ *
+ * Uses lstatSync to check for symlinks (cross-platform, works on Windows).
+ * Checks both top-level entries and scoped packages (@org/package).
+ *
+ * @param gitRoot - Git repository root path
+ * @returns Array of linked package names
+ *
+ * @example
+ * const linked = detectLinkedPackages('/path/to/repo');
+ * console.log(linked); // ['my-package', '@org/other-package']
+ */
+export function detectLinkedPackages(gitRoot) {
+    const nodeModulesPath = join(gitRoot, 'node_modules');
+    if (!existsSync(nodeModulesPath)) {
+        return [];
+    }
+    const linkedPackages = [];
+    try {
+        const entries = readdirSync(nodeModulesPath, { withFileTypes: true });
+        for (const entry of entries) {
+            const entryPath = join(nodeModulesPath, entry.name);
+            // Check if top-level entry is a symlink
+            if (isSymlink(entryPath)) {
+                linkedPackages.push(entry.name);
+                continue;
+            }
+            // Check scoped packages (@org/package)
+            if (entry.name.startsWith('@') && entry.isDirectory()) {
+                const scopedLinked = findScopedLinkedPackages(entryPath, entry.name);
+                linkedPackages.push(...scopedLinked);
+            }
+        }
+    }
+    catch {
+        // Ignore readdir errors for node_modules
+    }
+    return linkedPackages;
+}
+/**
+ * Build install command for package manager
+ *
+ * If custom command provided, parses into array format.
+ * Otherwise, returns appropriate frozen lockfile command:
+ * - npm: npm ci
+ * - pnpm: pnpm install --frozen-lockfile
+ * - yarn: yarn install --immutable
+ * - bun: bun install --frozen-lockfile
+ *
+ * @param packageManager - Package manager to build command for
+ * @param customCommand - Optional custom command string
+ * @returns Command array [command, ...args]
+ *
+ * @example
+ * const cmd = buildInstallCommand('npm');
+ * console.log(cmd); // ['npm', 'ci']
+ *
+ * @example
+ * const cmd = buildInstallCommand('npm', 'npm ci --legacy-peer-deps');
+ * console.log(cmd); // ['npm', 'ci', '--legacy-peer-deps']
+ */
+export function buildInstallCommand(packageManager, customCommand) {
+    // Parse custom command if provided
+    if (customCommand) {
+        return customCommand.trim().split(/\s+/);
+    }
+    // Return frozen lockfile command for package manager
+    switch (packageManager) {
+        case 'npm':
+            return ['npm', 'ci'];
+        case 'pnpm':
+            return ['pnpm', 'install', '--frozen-lockfile'];
+        case 'yarn':
+            return ['yarn', 'install', '--immutable'];
+        case 'bun':
+            return ['bun', 'install', '--frozen-lockfile'];
+    }
+}
+/**
+ * Run dependency lock file verification
+ *
+ * Checks that lock file is in sync with package.json by running
+ * the package manager's install command with frozen lockfile flag.
+ *
+ * Skip conditions:
+ * - VV_SKIP_DEPENDENCY_CHECK env var is set
+ * - npm link detected (linked packages present)
+ *
+ * @param gitRoot - Git repository root path
+ * @param config - Configuration object
+ * @param config.packageManager - Optional package manager override
+ * @param config.command - Optional custom verification command
+ * @param verbose - Enable verbose output
+ * @returns Dependency check result
+ *
+ * @example
+ * const result = await runDependencyCheck('/path/to/repo', {}, false);
+ * if (!result.passed) {
+ *   console.error(result.error);
+ * }
+ *
+ * @example
+ * // With custom command
+ * const result = await runDependencyCheck('/path/to/repo', {
+ *   packageManager: 'npm',
+ *   command: 'npm ci --legacy-peer-deps'
+ * }, true);
+ */
+export async function runDependencyCheck(gitRoot, config, verbose) {
+    const startTime = Date.now();
+    // Check for skip env var
+    if (process.env.VV_SKIP_DEPENDENCY_CHECK) {
+        return {
+            passed: true,
+            skipped: true,
+            skipReason: 'env-var',
+            duration: Date.now() - startTime,
+        };
+    }
+    // Detect linked packages
+    const linkedPackages = detectLinkedPackages(gitRoot);
+    if (linkedPackages.length > 0) {
+        if (verbose) {
+            console.warn(`⚠️  npm link detected (${linkedPackages.length} packages), skipping lock file check`);
+            console.warn(`   Linked: ${linkedPackages.join(', ')}`);
+        }
+        return {
+            passed: true,
+            skipped: true,
+            skipReason: 'npm-link',
+            linkedPackages,
+            duration: Date.now() - startTime,
+        };
+    }
+    // Detect package manager
+    const packageManager = detectPackageManager(gitRoot, config.packageManager);
+    if (!packageManager) {
+        return {
+            passed: false,
+            skipped: false,
+            error: 'No package manager detected (no lock file found)',
+            duration: Date.now() - startTime,
+        };
+    }
+    // Verify lock file exists
+    const lockFile = join(gitRoot, LOCK_FILES[packageManager]);
+    if (!existsSync(lockFile)) {
+        return {
+            passed: false,
+            skipped: false,
+            error: `No lock file found for detected package manager (${packageManager})`,
+            packageManager,
+            duration: Date.now() - startTime,
+        };
+    }
+    // Build and execute install command
+    const commandArray = buildInstallCommand(packageManager, config.command);
+    const commandString = commandArray.join(' ');
+    if (verbose) {
+        console.log(`🔍 Verifying lock file with: ${commandString}`);
+    }
+    const result = safeExecResult(commandArray[0], commandArray.slice(1), {
+        cwd: gitRoot,
+        encoding: 'utf8',
+    });
+    const duration = Date.now() - startTime;
+    if (result.status === 0) {
+        if (verbose) {
+            console.log('✅ Lock file verification passed');
+        }
+        return {
+            passed: true,
+            skipped: false,
+            packageManager,
+            command: commandString,
+            duration,
+        };
+    }
+    // Command failed - lock file out of sync
+    const stderr = typeof result.stderr === 'string' ? result.stderr : result.stderr.toString();
+    return {
+        passed: false,
+        skipped: false,
+        error: `Lock file verification failed: ${stderr.trim()}`,
+        packageManager,
+        command: commandString,
+        duration,
+    };
+}
+//# sourceMappingURL=dependency-lock-check.js.map

package/dist/dependency-lock-check.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"dependency-lock-check.js","sourceRoot":"","sources":["../src/dependency-lock-check.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAC3E,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAEjC,OAAO,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAkChD;;GAEG;AACH,MAAM,UAAU,GAAmC;IACjD,GAAG,EAAE,WAAW;IAChB,IAAI,EAAE,WAAW;IACjB,IAAI,EAAE,gBAAgB;IACtB,GAAG,EAAE,mBAAmB;CACzB,CAAC;AAEF;;GAEG;AACH,MAAM,kBAAkB,GAAqB,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;AAE5E;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,UAAU,oBAAoB,CAClC,OAAe,EACf,oBAAqC;IAErC,sCAAsC;IACtC,IAAI,oBAAoB,EAAE,CAAC;QACzB,OAAO,oBAAoB,CAAC;IAC9B,CAAC;IAED,6CAA6C;IAC7C,MAAM,eAAe,GAAG,IAAI,CAAC,OAAO,EAAE,cAAc,CAAC,CAAC;IACtD,IAAI,UAAU,CAAC,eAAe,CAAC,EAAE,CAAC;QAChC,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC,CAAC;YACtE,IAAI,WAAW,CAAC,cAAc,EAAE,CAAC;gBAC/B,sCAAsC;gBACtC,MAAM,KAAK,GAAG,WAAW,CAAC,cAAc,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC;gBACxE,IAAI,KAAK,EAAE,CAAC;oBACV,OAAO,KAAK,CAAC,CAAC,CAAmB,CAAC;gBACpC,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,2DAA2D;QAC7D,CAAC;IACH,CAAC;IAED,4CAA4C;IAC5C,KAAK,MAAM,EAAE,IAAI,kBAAkB,EAAE,CAAC;QACpC,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,EAAE,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC;QAC/C,IAAI,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YACzB,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,SAAS,SAAS,CAAC,IAAY;IAC7B,IAAI,CAAC;QACH,OAAO,SAAS,CAAC,IAAI,CAAC,CAAC,cAAc,EAAE,CAAC;IAC1C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,wBAAwB,CAAC,SAAiB,EAAE,SAAiB;IACpE,MAAM,MAAM,GAAa,EAAE,CAAC;IAE5B,IAAI,CAAC;QACH,MAAM,aAAa,GAAG,WAAW,CAAC,SAAS,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;QACtE,KAAK,MAAM,WAAW,IAAI,aAAa,EAAE,CAAC;YACxC,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,EAAE,WAAW,CAAC,IAAI,CAAC,CAAC;YACrD,IAAI,SAAS,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC1B,MAAM,CAAC,IAAI,CAAC,GAAG,SAAS,IAAI,WAAW,CAAC,IAAI,EAAE,CAAC,CAAC;YAClD,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,6CAA6C;IAC/C,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,oBAAoB,CAAC,OAAe;IAClD,MAAM,eAAe,GAAG,IAAI,CAAC,OAAO,EAAE,cAAc,CAAC,CAAC;IACtD,IAAI,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE,CAAC;QACjC,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,MAAM,cAAc,GAAa,EAAE,CAAC;IAEpC,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,WAAW,CAAC,eAAe,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;QAEtE,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,MAAM,SAAS,GAAG,IAAI,CAAC,eAAe,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;YAEpD,wCAAwC;YACxC,IAAI,SAAS,CAAC,SAAS,CAAC,EAAE,CAAC;gBACzB,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBAChC,SAAS;YACX,CAAC;YAED,uCAAuC;YACvC,IAAI,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;gBACtD,MAAM,YAAY,GAAG,wBAAwB,CAAC,SAAS,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;gBACrE,cAAc,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,CAAC;YACvC,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,yCAAyC;IAC3C,CAAC;IAED,OAAO,cAAc,CAAC;AACxB,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,MAAM,UAAU,mBAAmB,CACjC,cAA8B,EAC9B,aAAsB;IAEtB,mCAAmC;IACnC,IAAI,aAAa,EAAE,CAAC;QAClB,OAAO,aAAa,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAC3C,CAAC;IAED,qDAAqD;IACrD,QAAQ,cAAc,EAAE,CAAC;QACvB,KAAK,KAAK;YACR,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;QACvB,KAAK,MAAM;YACT,OAAO,CAAC,MAAM,EAAE,SAAS,EAAE,mBAAmB,CAAC,CAAC;QAClD,KAAK,MAAM;YACT,OAAO,CAAC,MAAM,EAAE,SAAS,EAAE,aAAa,CAAC,CAAC;QAC5C,KAAK,KAAK;YACR,OAAO,CAAC,KAAK,EAAE,SAAS,EAAE,mBAAmB,CAAC,CAAC;IACnD,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,OAAe,EACf,MAGC,EACD,OAAgB;IAEhB,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAE7B,yBAAyB;IACzB,IAAI,OAAO,CAAC,GAAG,CAAC,wBAAwB,EAAE,CAAC;QACzC,OAAO;YACL,MAAM,EAAE,IAAI;YACZ,OAAO,EAAE,IAAI;YACb,UAAU,EAAE,SAAS;YACrB,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;SACjC,CAAC;IACJ,CAAC;IAED,yBAAyB;IACzB,MAAM,cAAc,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAC;IACrD,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,IAAI,OAAO,EAAE,CAAC;YACZ,OAAO,CAAC,IAAI,CAAC,0BAA0B,cAAc,CAAC,MAAM,sCAAsC,CAAC,CAAC;YACpG,OAAO,CAAC,IAAI,CAAC,cAAc,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC1D,CAAC;QACD,OAAO;YACL,MAAM,EAAE,IAAI;YACZ,OAAO,EAAE,IAAI;YACb,UAAU,EAAE,UAAU;YACtB,cAAc;YACd,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;SACjC,CAAC;IACJ,CAAC;IAED,yBAAyB;IACzB,MAAM,cAAc,GAAG,oBAAoB,CAAC,OAAO,EAAE,MAAM,CAAC,cAAc,CAAC,CAAC;IAC5E,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,OAAO;YACL,MAAM,EAAE,KAAK;YACb,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,kDAAkD;YACzD,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;SACjC,CAAC;IACJ,CAAC;IAED,0BAA0B;IAC1B,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,EAAE,UAAU,CAAC,cAAc,CAAC,CAAC,CAAC;IAC3D,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC1B,OAAO;YACL,MAAM,EAAE,KAAK;YACb,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,oDAAoD,cAAc,GAAG;YAC5E,cAAc;YACd,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;SACjC,CAAC;IACJ,CAAC;IAED,oCAAoC;IACpC,MAAM,YAAY,GAAG,mBAAmB,CAAC,cAAc,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;IACzE,MAAM,aAAa,GAAG,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAE7C,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO,CAAC,GAAG,CAAC,gCAAgC,aAAa,EAAE,CAAC,CAAC;IAC/D,CAAC;IAED,MAAM,MAAM,GAAG,cAAc,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE;QACpE,GAAG,EAAE,OAAO;QACZ,QAAQ,EAAE,MAAM;KACjB,CAAC,CAAC;IAEH,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;IAExC,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,IAAI,OAAO,EAAE,CAAC;YACZ,OAAO,CAAC,GAAG,CAAC,iCAAiC,CAAC,CAAC;QACjD,CAAC;QACD,OAAO;YACL,MAAM,EAAE,IAAI;YACZ,OAAO,EAAE,KAAK;YACd,cAAc;YACd,OAAO,EAAE,aAAa;YACtB,QAAQ;SACT,CAAC;IACJ,CAAC;IAED,yCAAyC;IACzC,MAAM,MAAM,GAAG,OAAO,MAAM,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;IAC5F,OAAO;QACL,MAAM,EAAE,KAAK;QACb,OAAO,EAAE,KAAK;QACd,KAAK,EAAE,kCAAkC,MAAM,CAAC,IAAI,EAAE,EAAE;QACxD,cAAc;QACd,OAAO,EAAE,aAAa;QACtB,QAAQ;KACT,CAAC;AACJ,CAAC"}

package/dist/index.d.ts

@@ -10,4 +10,5 @@ export { safeExecSync, safeExecFromString, safeExecResult, isToolAvailable, getT
 export { normalizedTmpdir, mkdirSyncReal, normalizePath, toForwardSlash } from './path-helpers.js';
 export { isProcessRunning } from './process-check.js';
 export { getPackageVersion, getLatestVersion, packageExists, publishPackage, addDistTag, unpublishPackage, deprecatePackage, installPackage, executePnpmCommand, type PackageManagerOptions } from './package-manager.js';
+export { detectPackageManager, detectLinkedPackages, buildInstallCommand, runDependencyCheck, type PackageManager, type DependencyCheckResult } from './dependency-lock-check.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,cAAc,EACd,eAAe,EACf,cAAc,EACd,cAAc,EACd,qBAAqB,EACrB,KAAK,eAAe,EACpB,KAAK,cAAc,EACpB,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EACL,gBAAgB,EAChB,aAAa,EACb,aAAa,EACb,cAAc,EACf,MAAM,mBAAmB,CAAC;AAG3B,OAAO,EACL,gBAAgB,EACjB,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EACL,iBAAiB,EACjB,gBAAgB,EAChB,aAAa,EACb,cAAc,EACd,UAAU,EACV,gBAAgB,EAChB,gBAAgB,EAChB,cAAc,EACd,kBAAkB,EAClB,KAAK,qBAAqB,EAC3B,MAAM,sBAAsB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,cAAc,EACd,eAAe,EACf,cAAc,EACd,cAAc,EACd,qBAAqB,EACrB,KAAK,eAAe,EACpB,KAAK,cAAc,EACpB,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EACL,gBAAgB,EAChB,aAAa,EACb,aAAa,EACb,cAAc,EACf,MAAM,mBAAmB,CAAC;AAG3B,OAAO,EACL,gBAAgB,EACjB,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EACL,iBAAiB,EACjB,gBAAgB,EAChB,aAAa,EACb,cAAc,EACd,UAAU,EACV,gBAAgB,EAChB,gBAAgB,EAChB,cAAc,EACd,kBAAkB,EAClB,KAAK,qBAAqB,EAC3B,MAAM,sBAAsB,CAAC;AAG9B,OAAO,EACL,oBAAoB,EACpB,oBAAoB,EACpB,mBAAmB,EACnB,kBAAkB,EAClB,KAAK,cAAc,EACnB,KAAK,qBAAqB,EAC3B,MAAM,4BAA4B,CAAC"}

package/dist/index.js

@@ -14,4 +14,6 @@ export { normalizedTmpdir, mkdirSyncReal, normalizePath, toForwardSlash } from '
 export { isProcessRunning } from './process-check.js';
 // Package management (npm/pnpm commands)
 export { getPackageVersion, getLatestVersion, packageExists, publishPackage, addDistTag, unpublishPackage, deprecatePackage, installPackage, executePnpmCommand } from './package-manager.js';
+// Dependency lock file verification
+export { detectPackageManager, detectLinkedPackages, buildInstallCommand, runDependencyCheck } from './dependency-lock-check.js';
 //# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,6CAA6C;AAC7C,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,cAAc,EACd,eAAe,EACf,cAAc,EACd,cAAc,EACd,qBAAqB,EAGtB,MAAM,gBAAgB,CAAC;AAExB,gEAAgE;AAChE,OAAO,EACL,gBAAgB,EAChB,aAAa,EACb,aAAa,EACb,cAAc,EACf,MAAM,mBAAmB,CAAC;AAE3B,oCAAoC;AACpC,OAAO,EACL,gBAAgB,EACjB,MAAM,oBAAoB,CAAC;AAE5B,yCAAyC;AACzC,OAAO,EACL,iBAAiB,EACjB,gBAAgB,EAChB,aAAa,EACb,cAAc,EACd,UAAU,EACV,gBAAgB,EAChB,gBAAgB,EAChB,cAAc,EACd,kBAAkB,EAEnB,MAAM,sBAAsB,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,6CAA6C;AAC7C,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,cAAc,EACd,eAAe,EACf,cAAc,EACd,cAAc,EACd,qBAAqB,EAGtB,MAAM,gBAAgB,CAAC;AAExB,gEAAgE;AAChE,OAAO,EACL,gBAAgB,EAChB,aAAa,EACb,aAAa,EACb,cAAc,EACf,MAAM,mBAAmB,CAAC;AAE3B,oCAAoC;AACpC,OAAO,EACL,gBAAgB,EACjB,MAAM,oBAAoB,CAAC;AAE5B,yCAAyC;AACzC,OAAO,EACL,iBAAiB,EACjB,gBAAgB,EAChB,aAAa,EACb,cAAc,EACd,UAAU,EACV,gBAAgB,EAChB,gBAAgB,EAChB,cAAc,EACd,kBAAkB,EAEnB,MAAM,sBAAsB,CAAC;AAE9B,oCAAoC;AACpC,OAAO,EACL,oBAAoB,EACpB,oBAAoB,EACpB,mBAAmB,EACnB,kBAAkB,EAGnB,MAAM,4BAA4B,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@vibe-validate/utils",
-  "version": "0.19.0-rc.6",
+  "version": "0.19.0-rc.9",
   "description": "Common utilities for vibe-validate packages (command execution, path normalization)",
   "type": "module",
   "main": "./dist/index.js",