@vinean/dependency-analyzer 0.1.0

package/README.md

@@ -0,0 +1,42 @@
+# 🛡️ @vinean/dependency-analyzer
+
+A high-performance CLI for analyzing the **Replaceability** of your project's dependencies. Supports both **NPM** and **Go Modules**.
+
+## 🚀 Usage
+
+Run it directly via `npx`:
+
+```bash
+npx @vinean/dependency-analyzer
+```
+
+Or install it globally:
+
+```bash
+npm install -g @vinean/dependency-analyzer
+@vinean/dependency-analyzer --project ./my-cool-project
+```
+
+## ⚙️ Options
+
+- `--project <path>`: Path to the project root (default: current directory).
+- `--open=false`: Disable auto-opening the generated HTML report.
+- `--json`: Print the raw analysis summary (JSON) to stdout.
+
+## 📊 What is Replaceability?
+
+`@vinean/dependency-analyzer` deep-dives into your project's `node_modules` or Go proxy source code to calculate a **Replaceability Score (0-100)** based on:
+
+1. **Native Presence**: Detects C++/CGO/Unsafe code.
+2. **Code Volume**: Measures physical size and SLOC.
+3. **API Surface**: Evaluates the breadth and complexity of the public interface.
+4. **Entanglement**: Tracks dependency chains and OS-level integrations.
+5. **Logic Complexity**: Proxies cognitive load and concurrency features.
+
+## 📑 Output
+
+Generates a `dep-report.html` interactive dashboard in your project directory, allowing you to explore the metrics, check maintenance status, and export results.
+
+---
+
+[View full documentation on GitHub](https://github.com/hakanolgun/dependency-analyzer)

package/bin/dependency-analyzer.js

@@ -0,0 +1,87 @@
+#!/usr/bin/env node
+import { existsSync } from "node:fs";
+import { mkdir, chmod } from "node:fs/promises";
+import path from "node:path";
+import { spawn, spawnSync } from "node:child_process";
+import { fileURLToPath } from "node:url";
+
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
+const packageRoot = path.resolve(__dirname, "..");
+
+const platformMap = {
+  win32: "windows",
+  darwin: "darwin",
+  linux: "linux",
+};
+
+const archMap = {
+  x64: "amd64",
+  arm64: "arm64",
+};
+
+const platform = platformMap[process.platform] ?? process.platform;
+const arch = archMap[process.arch] ?? process.arch;
+const ext = process.platform === "win32" ? ".exe" : "";
+const binaryName = `dependency-analyzer-${platform}-${arch}${ext}`;
+const binaryPath = path.join(packageRoot, "dist", binaryName);
+
+async function ensureBinaryExecutable(targetPath) {
+  if (platform !== "win32") {
+    await chmod(targetPath, 0o755);
+  }
+}
+
+function runBinary(targetPath) {
+  const child = spawn(targetPath, process.argv.slice(2), {
+    stdio: "inherit",
+  });
+  child.on("exit", (code) => process.exit(code ?? 1));
+}
+
+function tryBuildFromSource() {
+  // Fallback for local development or source installs.
+  const repoRoot = path.resolve(packageRoot, "..", "..");
+  const goModuleDir = path.join(repoRoot, "cli-go");
+  const sourceMain = path.join(goModuleDir, "cmd", "dependency-analyzer", "main.go");
+  if (!existsSync(sourceMain)) {
+    return null;
+  }
+
+  const outDir = path.join(packageRoot, "dist");
+  const outFile = binaryPath;
+  return mkdir(outDir, { recursive: true })
+    .then(() => {
+      const result = spawnSync("go", ["build", "-o", outFile, "./cmd/dependency-analyzer"], {
+        cwd: goModuleDir,
+        stdio: "inherit",
+      });
+      if (result.status !== 0) {
+        return null;
+      }
+      return outFile;
+    })
+    .catch(() => null);
+}
+
+const start = async () => {
+  if (existsSync(binaryPath)) {
+    await ensureBinaryExecutable(binaryPath);
+    runBinary(binaryPath);
+    return;
+  }
+
+  const builtPath = await tryBuildFromSource();
+  if (builtPath && existsSync(builtPath)) {
+    await ensureBinaryExecutable(builtPath);
+    runBinary(builtPath);
+    return;
+  }
+
+  console.error(
+    "dependency-analyzer: no bundled binary found and fallback Go build failed. Reinstall package or install Go toolchain.",
+  );
+  process.exit(1);
+};
+
+start();

package/package.json

@@ -0,0 +1,43 @@
+{
+  "name": "@vinean/dependency-analyzer",
+  "version": "0.1.0",
+  "description": "Dependency Analyzer for npm and go packages with replaceability analysis",
+  "type": "module",
+  "bin": {
+    "dependency-analyzer": "bin/dependency-analyzer.js"
+  },
+  "files": [
+    "bin",
+    "dist",
+    "README.md"
+  ],
+  "scripts": {
+    "build:binaries": "node ./scripts/build-binaries.mjs",
+    "prepublishOnly": "npm run build:binaries"
+  },
+  "author": "Hakan Olgun <hakan@vinean.com>",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/hakanolgun/dependency-analyzer.git",
+    "directory": "packages/dependency-analyzer"
+  },
+  "bugs": {
+    "url": "https://github.com/hakanolgun/dependency-analyzer/issues"
+  },
+  "homepage": "https://github.com/hakanolgun/dependency-analyzer/tree/main/packages/dependency-analyzer#readme",
+  "keywords": [
+    "dependency",
+    "analyzer",
+    "scanner",
+    "replaceability",
+    "npm",
+    "go",
+    "security",
+    "cli",
+    "scan"
+  ],
+  "engines": {
+    "node": ">=18"
+  },
+  "license": "MIT"
+}