@visulima/package 5.0.0-alpha.2 → 5.0.0-alpha.20

package/CHANGELOG.md

@@ -1,3 +1,254 @@
+## @visulima/package [5.0.0-alpha.20](https://github.com/visulima/visulima/compare/@visulima/package@5.0.0-alpha.19...@visulima/package@5.0.0-alpha.20) (2026-05-11)
+
+### ⚠ BREAKING CHANGES
+
+* **vis:** vis sbom now emits CycloneDX 1.7. Downstream consumers
+pinned to a 1.6 validator must upgrade.
+
+Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
+
+### Features
+
+* **vis:** bump sbom to cyclonedx 1.7 ([904075f](https://github.com/visulima/visulima/commit/904075fd9353e40b593d5a13f53307c584e31da7))
+
+
+### Dependencies
+
+* **@visulima/fs:** upgraded to 5.0.0-alpha.21
+
+## @visulima/package [5.0.0-alpha.19](https://github.com/visulima/visulima/compare/@visulima/package@5.0.0-alpha.18...@visulima/package@5.0.0-alpha.19) (2026-05-11)
+
+
+### Dependencies
+
+* **@visulima/fs:** upgraded to 5.0.0-alpha.20
+
+## @visulima/package [5.0.0-alpha.18](https://github.com/visulima/visulima/compare/@visulima/package@5.0.0-alpha.17...@visulima/package@5.0.0-alpha.18) (2026-05-10)
+
+
+### Dependencies
+
+* **@visulima/fs:** upgraded to 5.0.0-alpha.19
+
+## @visulima/package [5.0.0-alpha.17](https://github.com/visulima/visulima/compare/@visulima/package@5.0.0-alpha.16...@visulima/package@5.0.0-alpha.17) (2026-05-10)
+
+### Code Refactoring
+
+* replace execa with tinyexec ([56ec776](https://github.com/visulima/visulima/commit/56ec776908fe0c068c54542f3885cb29f061fea7))
+
+
+### Dependencies
+
+* **@visulima/fs:** upgraded to 5.0.0-alpha.18
+
+## @visulima/package [5.0.0-alpha.16](https://github.com/visulima/visulima/compare/@visulima/package@5.0.0-alpha.15...@visulima/package@5.0.0-alpha.16) (2026-05-07)
+
+
+### Dependencies
+
+* **@visulima/fs:** upgraded to 5.0.0-alpha.17
+
+## @visulima/package [5.0.0-alpha.15](https://github.com/visulima/visulima/compare/@visulima/package@5.0.0-alpha.14...@visulima/package@5.0.0-alpha.15) (2026-05-07)
+
+
+### Dependencies
+
+* **@visulima/fs:** upgraded to 5.0.0-alpha.16
+
+## @visulima/package [5.0.0-alpha.14](https://github.com/visulima/visulima/compare/@visulima/package@5.0.0-alpha.13...@visulima/package@5.0.0-alpha.14) (2026-05-06)
+
+
+### Dependencies
+
+* **@visulima/fs:** upgraded to 5.0.0-alpha.15
+
+## @visulima/package [5.0.0-alpha.13](https://github.com/visulima/visulima/compare/@visulima/package@5.0.0-alpha.12...@visulima/package@5.0.0-alpha.13) (2026-05-06)
+
+### Miscellaneous Chores
+
+* **package:** apply prettier and eslint quote-style auto-fix ([0316bca](https://github.com/visulima/visulima/commit/0316bca0deca444ff12675bc760c7091ce243d31))
+* **package:** housekeeping cleanup ([113978b](https://github.com/visulima/visulima/commit/113978b0babcfc7879514aec076f6e2d5e7afab0))
+
+
+### Dependencies
+
+* **@visulima/fs:** upgraded to 5.0.0-alpha.14
+
+## @visulima/package [5.0.0-alpha.12](https://github.com/visulima/visulima/compare/@visulima/package@5.0.0-alpha.11...@visulima/package@5.0.0-alpha.12) (2026-05-04)
+
+### Miscellaneous Chores
+
+* **package:** upgrade packem to 2.0.0-alpha.76 ([b2ef62b](https://github.com/visulima/visulima/commit/b2ef62b72a84545cb025a250cbe7e3e36b34330d))
+* re-sort workspace package.json files via vis sort-package-json ([f625696](https://github.com/visulima/visulima/commit/f625696cfac974325774b3243e1a83c3d23acbd7))
+* simplify pnpm-workspace packages list ([7cab221](https://github.com/visulima/visulima/commit/7cab221163632d9b7aa044a6f88c49083103a869))
+
+
+### Dependencies
+
+* **@visulima/fs:** upgraded to 5.0.0-alpha.13
+
+## @visulima/package [5.0.0-alpha.11](https://github.com/visulima/visulima/compare/@visulima/package@5.0.0-alpha.10...@visulima/package@5.0.0-alpha.11) (2026-04-22)
+
+### Bug Fixes
+
+* Remove JSR configuration generation script and generated jsr.json files ([#616](https://github.com/visulima/visulima/issues/616)) ([533744b](https://github.com/visulima/visulima/commit/533744b103b74896941db5b727173e617a27a63b))
+
+
+### Dependencies
+
+* **@visulima/fs:** upgraded to 5.0.0-alpha.12
+* **@visulima/path:** upgraded to 3.0.0-alpha.10
+
+## @visulima/package [5.0.0-alpha.10](https://github.com/visulima/visulima/compare/@visulima/package@5.0.0-alpha.9...@visulima/package@5.0.0-alpha.10) (2026-04-21)
+
+### Miscellaneous Chores
+
+* jsr.json update and lock file ([73fce38](https://github.com/visulima/visulima/commit/73fce38c7cb4603f3fffb88609b1b18e2feb4937))
+
+
+### Dependencies
+
+* **@visulima/fs:** upgraded to 5.0.0-alpha.11
+
+## @visulima/package [5.0.0-alpha.9](https://github.com/visulima/visulima/compare/@visulima/package@5.0.0-alpha.8...@visulima/package@5.0.0-alpha.9) (2026-04-21)
+
+### Miscellaneous Chores
+
+* update the jsr.json ([864ab7e](https://github.com/visulima/visulima/commit/864ab7e71c4b5ae82f64792d1ae8debfea2c539b))
+
+
+### Dependencies
+
+* **@visulima/fs:** upgraded to 5.0.0-alpha.10
+
+## @visulima/package [5.0.0-alpha.8](https://github.com/visulima/visulima/compare/@visulima/package@5.0.0-alpha.7...@visulima/package@5.0.0-alpha.8) (2026-04-21)
+
+### Features
+
+* Add CycloneDX 1.6 SBOM generation with `vis sbom` command ([#611](https://github.com/visulima/visulima/issues/611)) ([1e95276](https://github.com/visulima/visulima/commit/1e9527630958722a0f0f7e79d18bb23b5a57e0df))
+* **package:** add lockfile utilities ([12f9076](https://github.com/visulima/visulima/commit/12f9076ba1570bec2f2d43b58fcd31701634434e))
+
+### Bug Fixes
+
+* **package:** hoist regexes, rewrite lockfile parser, resolve eslint issues ([585ed7f](https://github.com/visulima/visulima/commit/585ed7f16b3f42996bb030a8bae5f1f37a50c316))
+
+### Miscellaneous Chores
+
+* **api-platform:** apply pending lint and source updates ([3fb0043](https://github.com/visulima/visulima/commit/3fb0043a4cf35f752ca89a09a077100ae0142da8))
+* bump engines.node to ^22.14.0 || >=24.10.0 ([c3d0931](https://github.com/visulima/visulima/commit/c3d0931d1504e4f21ebf50ea680cfa7ce4ba15ce))
+* fixed jsr.json ([5d85e51](https://github.com/visulima/visulima/commit/5d85e5179de38e284ec433b14d77c71a1619c8d6))
+* **package:** apply formatter and lint fixes ([a0f4acf](https://github.com/visulima/visulima/commit/a0f4acfb15beb256edd3b62958b4e3db039757a9))
+* **package:** apply pending changes ([919b214](https://github.com/visulima/visulima/commit/919b214f9659a5b4ff95ec8b35a70c10af3c4853))
+* **package:** apply pending lint and source updates ([2fd1c04](https://github.com/visulima/visulima/commit/2fd1c044d9528500943368c01f9b24fd2280058c))
+* **package:** enforce curly braces and apply lint fixes ([0df50ba](https://github.com/visulima/visulima/commit/0df50ba4f45bac67dabeb78ebfc3d555ba5aec56))
+
+
+### Dependencies
+
+* **@visulima/fs:** upgraded to 5.0.0-alpha.9
+
+## @visulima/package [5.0.0-alpha.7](https://github.com/visulima/visulima/compare/@visulima/package@5.0.0-alpha.6...@visulima/package@5.0.0-alpha.7) (2026-04-08)
+
+### Bug Fixes
+
+* **package:** properly fix eslint errors in code ([56b1547](https://github.com/visulima/visulima/commit/56b15474d6edd8f33fb46cca81fa34d600df2023))
+* **package:** remove remaining eslint suppressions with proper code fixes ([69efa7a](https://github.com/visulima/visulima/commit/69efa7a9c67977c491a1ec8eaded733478ed29a1))
+* **package:** resolve eslint errors ([1ec4728](https://github.com/visulima/visulima/commit/1ec47286cfcec55ea50c51d51f198b119dd22e71))
+* resolve failing tests across multiple packages ([2b4b6f0](https://github.com/visulima/visulima/commit/2b4b6f04169b60fdc4cf77b293015436a272c0fb))
+
+### Miscellaneous Chores
+
+* **package:** add tsconfig.eslint.json for type-aware linting ([0355fea](https://github.com/visulima/visulima/commit/0355fea301fb7a8571da25bebd108830bc23ed04))
+* **package:** apply prettier formatting ([ebb5bd1](https://github.com/visulima/visulima/commit/ebb5bd12c6b7d49811c68ea96bf62ce7e2a7d42d))
+* **package:** migrate .prettierrc.cjs to prettier.config.js ([2b84ef0](https://github.com/visulima/visulima/commit/2b84ef0db67467e1360b2f1e6f9b6e96bf3dbbb0))
+* **tooling:** remove empty dependency objects from package.json ([dc52a23](https://github.com/visulima/visulima/commit/dc52a23bc1e2d36f4ec71ca67506bf6861a02929))
+
+
+### Dependencies
+
+* **@visulima/fs:** upgraded to 5.0.0-alpha.7
+* **@visulima/path:** upgraded to 3.0.0-alpha.8
+
+## @visulima/package [5.0.0-alpha.6](https://github.com/visulima/visulima/compare/@visulima/package@5.0.0-alpha.5...@visulima/package@5.0.0-alpha.6) (2026-03-26)
+
+### Features
+
+* **web:** auto-generate packages page from workspace metadata ([623e520](https://github.com/visulima/visulima/commit/623e5207693a7fe720f5f2f179593a3654c880e3))
+
+### Miscellaneous Chores
+
+* update homepage URLs to visulima.com/packages/ format ([be42968](https://github.com/visulima/visulima/commit/be42968129df85fb074224435e33135ff44cab91))
+
+
+### Dependencies
+
+* **@visulima/fs:** upgraded to 5.0.0-alpha.6
+* **@visulima/path:** upgraded to 3.0.0-alpha.7
+
+## @visulima/package [5.0.0-alpha.5](https://github.com/visulima/visulima/compare/@visulima/package@5.0.0-alpha.4...@visulima/package@5.0.0-alpha.5) (2026-03-26)
+
+### Bug Fixes
+
+* **package:** use workspace:* for internal [@visulima](https://github.com/visulima) deps ([e409128](https://github.com/visulima/visulima/commit/e409128c02a6d801dd385ae845c1ab28ca5c09da))
+* **web:** improve build setup with incremental stats caching and prod install ([fe33e75](https://github.com/visulima/visulima/commit/fe33e75827586779b4b3a0c6d57b39f889ee6207))
+
+### Miscellaneous Chores
+
+* **package:** migrate deps to pnpm catalogs ([301fac4](https://github.com/visulima/visulima/commit/301fac41be88df7469155649467921a72ca740a6))
+* **package:** update dependencies ([fb1a43d](https://github.com/visulima/visulima/commit/fb1a43de0fd345806d76aec660d48c627d576083))
+* visulima website ([#591](https://github.com/visulima/visulima/issues/591)) ([59ab2e2](https://github.com/visulima/visulima/commit/59ab2e2befb03e51cd2088956f83d9b87de6d033))
+
+
+### Dependencies
+
+* **@visulima/fs:** upgraded to 5.0.0-alpha.5
+* **@visulima/path:** upgraded to 3.0.0-alpha.6
+
+## @visulima/package [5.0.0-alpha.4](https://github.com/visulima/visulima/compare/@visulima/package@5.0.0-alpha.3...@visulima/package@5.0.0-alpha.4) (2026-03-06)
+
+### Bug Fixes
+
+* **package:** update packem to 2.0.0-alpha.54 ([e5b3249](https://github.com/visulima/visulima/commit/e5b3249026a425b7a42443f66a08f8f68c3d62e4))
+* **package:** use intentionally malformed JSON in bad workspace fixture ([a6680e7](https://github.com/visulima/visulima/commit/a6680e7a97aeae643c26b69bc5eb6c64c28de278))
+
+### Documentation
+
+* **humanizer,html,iso-locale,package,tsconfig:** add comprehensive Fumadocs documentation ([19781ce](https://github.com/visulima/visulima/commit/19781ce5d27605971a9f2fdf0a99863effd98091))
+
+### Miscellaneous Chores
+
+* **package:** update dependencies ([d89cde6](https://github.com/visulima/visulima/commit/d89cde6792e9036d0690cfaf9b771e26b24faac8))
+* **package:** update dependencies ([4b62cf8](https://github.com/visulima/visulima/commit/4b62cf85e6ef4deac4ef01c8a7e15bcf49ecbe80))
+* **tooling:** update dependencies ([7f6f9d3](https://github.com/visulima/visulima/commit/7f6f9d3c41b170c53659ab34b79ceb23e4e9660a))
+* update lock file maintenance ([d83e716](https://github.com/visulima/visulima/commit/d83e71697b75d24704185b66bb521a934d2db02d))
+* year update ([47f4105](https://github.com/visulima/visulima/commit/47f410596ce7190cfea36a073db32e0cec50bbcd))
+
+### Tests
+
+* **package:** fix broken JSON test fixture ([46141d6](https://github.com/visulima/visulima/commit/46141d6472d8de20512109200a12e79c48ddc33c))
+
+
+### Dependencies
+
+* **@visulima/fs:** upgraded to 5.0.0-alpha.4
+* **@visulima/path:** upgraded to 3.0.0-alpha.5
+
+## @visulima/package [5.0.0-alpha.3](https://github.com/visulima/visulima/compare/@visulima/package@5.0.0-alpha.2...@visulima/package@5.0.0-alpha.3) (2025-12-27)
+
+### Bug Fixes
+
+* **package:** update package files ([586668e](https://github.com/visulima/visulima/commit/586668ee3a790163aca11ddc8f35b7bdfd740ac6))
+
+### Miscellaneous Chores
+
+* fixed project.json names and schema path ([964722f](https://github.com/visulima/visulima/commit/964722f691db205c7edb9aa6db29e849a647500b))
+
+
+### Dependencies
+
+* **@visulima/fs:** upgraded to 5.0.0-alpha.3
+* **@visulima/path:** upgraded to 3.0.0-alpha.4
+
 ## @visulima/package [5.0.0-alpha.2](https://github.com/visulima/visulima/compare/@visulima/package@5.0.0-alpha.1...@visulima/package@5.0.0-alpha.2) (2025-12-11)
 
 ### Bug Fixes

package/LICENSE.md

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2025 visulima
+Copyright (c) 2026 visulima
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

package/dist/error.d.ts

@@ -1 +1,15 @@
-export { default as PackageNotFoundError } from "./error/package-not-found-error.d.ts";
+/**
+* Error thrown when a package was not found.
+*/
+declare class PackageNotFoundError extends Error {
+  /**
+  * @param packageName The name of the package that was not found.
+  * @param packageManager The package manager used to install the package.
+  */
+  constructor(packageName: string[] | string, packageManager?: string);
+  get code(): string;
+  set code(_name: string);
+  override get name(): string;
+  override set name(_name: string);
+}
+export { PackageNotFoundError };

package/dist/error.js

@@ -1 +1 @@
-import{default as a}from"./packem_shared/PackageNotFoundError-BictYTIA.js";export{a as PackageNotFoundError};
+import{default as a}from"./packem_shared/PackageNotFoundError--qHnCLzN.js";export{a as PackageNotFoundError};

package/dist/index.d.ts

@@ -1,11 +1,13 @@
-export { default as PackageNotFoundError } from "./error/package-not-found-error.d.ts";
-export type { RootMonorepo, Strategy } from "./monorepo.d.ts";
-export { findMonorepoRoot, findMonorepoRootSync } from "./monorepo.d.ts";
-export { findPackageRoot, findPackageRootSync } from "./package.d.ts";
-export type { FindPackageJsonCache, NormalizedReadResult } from "./package-json.d.ts";
-export { ensurePackages, findPackageJson, findPackageJsonSync, getPackageJsonProperty, hasPackageJsonAnyDependency, hasPackageJsonProperty, parsePackageJson, parsePackageJsonSync, writePackageJson, writePackageJsonSync, } from "./package-json.d.ts";
-export type { PackageManager, PackageManagerResult } from "./package-manager.d.ts";
-export { findLockFile, findLockFileSync, findPackageManager, findPackageManagerSync, generateMissingPackagesInstallMessage, getPackageManagerVersion, identifyInitiatingPackageManager, } from "./package-manager.d.ts";
-export type { PnpmCatalog, PnpmCatalogs } from "./pnpm.d.ts";
-export { isPackageInWorkspace, readPnpmCatalogs, readPnpmCatalogsSync, resolveCatalogReference, resolveCatalogReferences, resolveDependenciesCatalogReferences, } from "./pnpm.d.ts";
-export type { EnsurePackagesOptions, NormalizedPackageJson, PackageJson } from "./types.d.ts";
+export { PackageNotFoundError } from "./error.js";
+export { type LockFileEntry, type LockFileIntegrity, type LockFileIntegrityAlgorithm, type LockFileParseResult, type LockFileType, decodeSriIntegrity, parseBunLockFile, parseLockFile, parseLockFileContent, parseLockFileSync, parseNpmLockFile, parsePnpmLockFile, parseYarnLockFile } from "./lockfile.js";
+export { type RootMonorepo, type Strategy, findMonorepoRoot, findMonorepoRootSync } from "./monorepo.js";
+export { findPackageRoot, findPackageRootSync } from "./package.js";
+export { type E as EnsurePackagesOptions, type F as FindPackageJsonCache, type N as NormalizedPackageJson, type a as NormalizedReadResult, type P as PackageJson, e as ensurePackages, f as findPackageJson, b as findPackageJsonSync, g as getPackageJsonProperty, h as hasPackageJsonAnyDependency, c as hasPackageJsonProperty, p as parsePackageJson, d as parsePackageJsonSync, w as writePackageJson, i as writePackageJsonSync } from "./packem_shared/package-json.d-R9WIRfmM.js";
+export { type PackageManager, type PackageManagerResult, findLockFile, findLockFileSync, findPackageManager, findPackageManagerSync, generateMissingPackagesInstallMessage, getPackageManagerVersion, identifyInitiatingPackageManager } from "./package-manager.js";
+export { type PnpmCatalog, type PnpmCatalogs, isPackageInWorkspace, readPnpmCatalogs, readPnpmCatalogsSync, resolveCatalogReference, resolveCatalogReferences, resolveDependenciesCatalogReferences } from "./pnpm.js";
+import '@visulima/fs';
+import 'type-fest';
+import '@antfu/install-pkg';
+import '@inquirer/core';
+import '@inquirer/type';
+import 'normalize-package-data';

package/dist/index.js

@@ -1 +1 @@
-import{default as n}from"./packem_shared/PackageNotFoundError-BictYTIA.js";import{findMonorepoRoot as r,findMonorepoRootSync as c}from"./monorepo.js";import{findPackageRoot as s,findPackageRootSync as t}from"./package.js";import{ensurePackages as P,findPackageJson as k,findPackageJsonSync as f,getPackageJsonProperty as d,hasPackageJsonAnyDependency as p,hasPackageJsonProperty as l,parsePackageJson as y,parsePackageJsonSync as J,writePackageJson as m,writePackageJsonSync as M}from"./package-json.js";import{findLockFile as R,findLockFileSync as x,findPackageManager as C,findPackageManagerSync as u,generateMissingPackagesInstallMessage as v,getPackageManagerVersion as F,identifyInitiatingPackageManager as I}from"./package-manager.js";import{isPackageInWorkspace as w,readPnpmCatalogs as D,readPnpmCatalogsSync as L,resolveCatalogReference as A,resolveCatalogReferences as E,resolveDependenciesCatalogReferences as N}from"./pnpm.js";export{n as PackageNotFoundError,P as ensurePackages,R as findLockFile,x as findLockFileSync,r as findMonorepoRoot,c as findMonorepoRootSync,k as findPackageJson,f as findPackageJsonSync,C as findPackageManager,u as findPackageManagerSync,s as findPackageRoot,t as findPackageRootSync,v as generateMissingPackagesInstallMessage,d as getPackageJsonProperty,F as getPackageManagerVersion,p as hasPackageJsonAnyDependency,l as hasPackageJsonProperty,I as identifyInitiatingPackageManager,w as isPackageInWorkspace,y as parsePackageJson,J as parsePackageJsonSync,D as readPnpmCatalogs,L as readPnpmCatalogsSync,A as resolveCatalogReference,E as resolveCatalogReferences,N as resolveDependenciesCatalogReferences,m as writePackageJson,M as writePackageJsonSync};
+import{default as o}from"./packem_shared/PackageNotFoundError--qHnCLzN.js";import{decodeSriIntegrity as r,parseBunLockFile as c,parseLockFile as s,parseLockFileContent as g,parseLockFileSync as i,parseNpmLockFile as t,parsePnpmLockFile as k,parseYarnLockFile as p}from"./lockfile.js";import{findMonorepoRoot as f,findMonorepoRootSync as l}from"./monorepo.js";import{findPackageRoot as y,findPackageRootSync as m}from"./package.js";import{ensurePackages as S,findPackageJson as J,findPackageJsonSync as L,getPackageJsonProperty as M,hasPackageJsonAnyDependency as x,hasPackageJsonProperty as R,parsePackageJson as C,parsePackageJsonSync as u,writePackageJson as I,writePackageJsonSync as v}from"./package-json.js";import{findLockFile as w,findLockFileSync as D,findPackageManager as N,findPackageManagerSync as A,generateMissingPackagesInstallMessage as B,getPackageManagerVersion as E,identifyInitiatingPackageManager as V}from"./package-manager.js";import{isPackageInWorkspace as Y,readPnpmCatalogs as b,readPnpmCatalogsSync as j,resolveCatalogReference as q,resolveCatalogReferences as z,resolveDependenciesCatalogReferences as G}from"./pnpm.js";export{o as PackageNotFoundError,r as decodeSriIntegrity,S as ensurePackages,w as findLockFile,D as findLockFileSync,f as findMonorepoRoot,l as findMonorepoRootSync,J as findPackageJson,L as findPackageJsonSync,N as findPackageManager,A as findPackageManagerSync,y as findPackageRoot,m as findPackageRootSync,B as generateMissingPackagesInstallMessage,M as getPackageJsonProperty,E as getPackageManagerVersion,x as hasPackageJsonAnyDependency,R as hasPackageJsonProperty,V as identifyInitiatingPackageManager,Y as isPackageInWorkspace,c as parseBunLockFile,s as parseLockFile,g as parseLockFileContent,i as parseLockFileSync,t as parseNpmLockFile,C as parsePackageJson,u as parsePackageJsonSync,k as parsePnpmLockFile,p as parseYarnLockFile,b as readPnpmCatalogs,j as readPnpmCatalogsSync,q as resolveCatalogReference,z as resolveCatalogReferences,G as resolveDependenciesCatalogReferences,I as writePackageJson,v as writePackageJsonSync};

package/dist/lockfile.d.ts

@@ -0,0 +1,114 @@
+/** Lockfiles the parser recognises. Legacy binary `bun.lockb` is unsupported. */
+type LockFileType = "bun" | "npm" | "pnpm" | "yarn";
+/** SRI algorithms the parser can decode into hex. */
+type LockFileIntegrityAlgorithm = "sha256" | "sha384" | "sha512";
+/** Decoded integrity digest: algorithm + lowercase hex string. */
+interface LockFileIntegrity {
+  algorithm: LockFileIntegrityAlgorithm;
+  hex: string;
+}
+/** A single resolved package extracted from a lockfile. */
+interface LockFileEntry {
+  /**
+  * Declared runtime dependencies — `name → specifier[]` map. Values
+  * are arrays so pnpm v9+ peer-context variants (the same dep name
+  * resolved to different versions under different peer contexts)
+  * can all be preserved. npm, yarn v1, bun, and pnpm v6-v8 always
+  * produce single-element arrays; pnpm v9+ may produce multi-element
+  * arrays for peer-context-sensitive deps.
+  *
+  * Specifiers are whatever the lockfile recorded — a range
+  * (`^1.0.0`) for npm / yarn / bun, or an already-resolved exact
+  * version for pnpm. Callers resolve each specifier against
+  * {@link LockFileEntry.version} values elsewhere in the lockfile
+  * when they need a concrete edge.
+  */
+  dependencies?: Record<string, string[]>;
+  /** Decoded SRI digest, if the lockfile recorded one. */
+  integrity?: LockFileIntegrity;
+  /** Package name — `lodash` or `@scope/name`. */
+  name: string;
+  /** Declared optional dependencies, same shape as `dependencies`. */
+  optionalDependencies?: Record<string, string[]>;
+  /** Declared peer dependencies, same shape as `dependencies`. */
+  peerDependencies?: Record<string, string[]>;
+  /** Resolved exact version — e.g. `4.17.21`. */
+  version: string;
+}
+/** Result of locating + parsing a lockfile on disk. */
+interface LockFileParseResult {
+  entries: LockFileEntry[];
+  /** Absolute path of the lockfile that was parsed. */
+  path: string;
+  type: LockFileType;
+}
+/**
+* Decodes a Subresource Integrity string (`sha512-&lt;base64>`) into a
+* `{ algorithm, hex }` pair. Returns `undefined` if the string is
+* malformed, oversized, or uses an unsupported algorithm.
+* @param sri Full SRI string, e.g. `sha512-&lt;base64>`.
+* @returns Decoded algorithm + hex digest, or `undefined` when the
+* input can't be parsed.
+*/
+declare const decodeSriIntegrity: (sri: string) => LockFileIntegrity | undefined;
+/**
+* Parses `package-lock.json` (npm v2 / v3 format).
+* @param content Raw JSON text of the lockfile.
+* @returns One {@link LockFileEntry} per distinct `name@version`.
+*/
+declare const parseNpmLockFile: (content: string) => LockFileEntry[];
+/**
+* Parses `pnpm-lock.yaml`. Regex-based; works for lockfile v6 through
+* v9. v9 moves concrete resolved dependency versions out of `packages:`
+* and into `snapshots:`; this parser reads both sections and unions
+* their dep-maps onto the final entry.
+* @param content Raw YAML text of the lockfile.
+* @returns One {@link LockFileEntry} per distinct `name@version`.
+*/
+declare const parsePnpmLockFile: (content: string) => LockFileEntry[];
+/**
+* Parses `yarn.lock` for Yarn Classic (v1) and Berry (v2+). Berry's
+* XXH64 `checksum:` is not a cryptographic hash and is intentionally
+* dropped; only v1's SRI `integrity:` flows through to
+* {@link LockFileEntry.integrity}.
+* @param content Raw text of the lockfile.
+* @returns One {@link LockFileEntry} per distinct `name@version`.
+*/
+declare const parseYarnLockFile: (content: string) => LockFileEntry[];
+/**
+* Parses `bun.lock` (Bun v1.1+, JSON-ish with trailing commas). The
+* binary `bun.lockb` format is not supported.
+*
+* Attribution: format + tuple layout verified against lockparse
+* (https://github.com/43081j/lockparse, MIT).
+* @param content Raw text of the lockfile.
+* @returns One {@link LockFileEntry} per distinct `name@version`.
+*/
+declare const parseBunLockFile: (content: string) => LockFileEntry[];
+/**
+* Parses raw lockfile content of the given type. Returns an empty
+* array if the content is malformed or doesn't contain any package
+* entries.
+* @param content Raw text of the lockfile.
+* @param type Which parser to dispatch to.
+* @returns One {@link LockFileEntry} per distinct `name@version`.
+*/
+declare const parseLockFileContent: (content: string, type: LockFileType) => LockFileEntry[];
+/**
+* Walks up from `cwd`, locates the nearest supported lockfile, reads
+* it, and returns the parsed entries alongside the lockfile type and
+* absolute path.
+* @param cwd Directory to start the search from. Defaults to
+* `process.cwd()` (delegated to `findUp`).
+* @returns The parsed result, keyed by the discovered lockfile path.
+* @throws If no supported lockfile can be found above `cwd`.
+*/
+declare const parseLockFile: (cwd?: URL | string) => Promise<LockFileParseResult>;
+/**
+* Synchronous counterpart to {@link parseLockFile}.
+* @param cwd Directory to start the search from.
+* @returns The parsed result, keyed by the discovered lockfile path.
+* @throws If no supported lockfile can be found above `cwd`.
+*/
+declare const parseLockFileSync: (cwd?: URL | string) => LockFileParseResult;
+export { LockFileEntry, LockFileIntegrity, LockFileIntegrityAlgorithm, LockFileParseResult, LockFileType, decodeSriIntegrity, parseBunLockFile, parseLockFile, parseLockFileContent, parseLockFileSync, parseNpmLockFile, parsePnpmLockFile, parseYarnLockFile };

package/dist/lockfile.js

@@ -0,0 +1 @@
+var A=Object.defineProperty;var F=(n,e)=>A(n,"name",{value:e,configurable:!0});import{createRequire as M}from"node:module";import{findUp as N,findUpSync as R}from"@visulima/fs";const P=M(import.meta.url),k=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,S=F(n=>{if(typeof k<"u"&&k.versions&&k.versions.node){const[e,t]=k.versions.node.split(".").map(Number);if(e>22||e===22&&t>=3||e===20&&t>=16)return k.getBuiltinModule(n)}return P(n)},"__cjs_getBuiltinModule"),{readFileSync:B}=S("node:fs"),{readFile:C}=S("node:fs/promises");var T=Object.defineProperty,l=F((n,e)=>T(n,"name",{value:e,configurable:!0}),"g");const U={sha256:"sha256",sha384:"sha384",sha512:"sha512"},I=1024,q=/^[A-Z0-9+/]+={0,2}$/i,Y=/.*node_modules\/((?:@[^/]+\/)?[^/]+)$/,h=/^['"]/,y=/['"]$/,z=/^[a-z][a-zA-Z0-9]*:\s*$/m,J=/resolution:\s*\{[^}]*integrity:\s*([^,}\s]+)/,Z=/^["']?((?:@[^/@"']+\/)?[^@"'\n]+)@[^"'\n]+["']?:?[\t\v\f\r \u00A0\u1680\u2000-\u200A\u2028\u2029\u202F\u205F\u3000\uFEFF]*\n((?:[\t ][^\n]*\n?)+)/gm,K=/^\s+version:?\s+"?([^"\n]+)"?/m,G=/^\s+integrity[\s:]+"?([^"\s]+)"?/m,x=l(n=>{if(n.length>I)return;const e=n.indexOf("-");if(e<=0)return;const t=U[n.slice(0,e).toLowerCase()];if(!t)return;const s=n.slice(e+1);if(q.test(s))try{const c=Buffer.from(s,"base64");return c.length===0?void 0:{algorithm:t,hex:c.toString("hex")}}catch{return}},"decodeSriIntegrity"),w=l((n,e,t)=>{const s=`${t.name}@${t.version}`;e.has(s)||(e.add(s),n.push(t))},"pushUniqueEntry"),m=l((n,e,t)=>{t&&Object.keys(t).length>0&&(n[e]={...t})},"copyDepMap"),g=l(n=>{if(!n)return;const e={};for(const[t,s]of Object.entries(n))e[t]=[s];return Object.keys(e).length>0?e:void 0},"liftDepMap"),H=l(n=>{const e=[],t=new Set;let s;try{s=JSON.parse(n)}catch{return e}if(!s.packages)return e;for(const[c,o]of Object.entries(s.packages)){if(!c||!o.version)continue;const p=Y.exec(c);if(!p?.[1])continue;const i=o.name??p[1];if(i.startsWith("."))continue;const r={name:i,version:o.version};if(o.integrity){const a=x(o.integrity);a&&(r.integrity=a)}m(r,"dependencies",g(o.dependencies)),m(r,"peerDependencies",g(o.peerDependencies)),m(r,"optionalDependencies",g(o.optionalDependencies)),w(e,t,r)}return e},"parseNpmLockFile"),L=l(n=>{let e=n.trim();e.startsWith("/")&&(e=e.slice(1)),e=e.replace(h,"").replace(y,"");const t=e.indexOf("(");t>0&&(e=e.slice(0,t));const s=e.lastIndexOf("@");if(s<=0)return;const c=e.slice(0,s),o=e.slice(s+1);if(!(!c||!o||o.startsWith("link:")||o.startsWith("workspace:")||o.startsWith("file:")))return{name:c,version:o}},"splitPnpmPackageKey"),$=l((n,e)=>{const t=new RegExp(String.raw`^${e}:\s*$`,"m").exec(n);if(!t)return;const s=t.index+t[0].length,c=z.exec(n.slice(s));return n.slice(s,c?s+c.index:n.length)},"sliceTopLevelSection"),Q=l(n=>{const e=new Map,t=$(n,"snapshots");if(!t)return e;const s=/^ {2}(['"]?[^\s:][^:\n]*?['"]?):\s*\n((?: {4}[^\n]*\n?)+)/gm;let c;for(;(c=s.exec(t)??void 0)!==void 0;){const o=L(c[1]);if(!o)continue;const p=`${o.name}@${o.version}`,i=c[2],r=e.get(p)??{};for(const a of["dependencies","peerDependencies","optionalDependencies"]){const d=v(i,a);if(!d)continue;const u=r[a]??{};for(const[f,E]of Object.entries(d)){const D=u[f]??[];for(const j of E)D.includes(j)||D.push(j);u[f]=D}r[a]=u}e.set(p,r)}return e},"parsePnpmSnapshotEdges"),V=l(n=>{const e=[],t=new Set,s=$(n,"packages");if(!s)return e;const c=Q(n),o=/^ {2}(['"]?[^\s:][^:\n]*?['"]?):\s*\n((?: {4}[^\n]*\n?)+)/gm;let p;for(;(p=o.exec(s)??void 0)!==void 0;){const i=L(p[1]);if(!i)continue;const r=p[2],a=J.exec(r),d={name:i.name,version:i.version};if(a?.[1]){const f=x(a[1]);f&&(d.integrity=f)}const u=c.get(`${i.name}@${i.version}`);m(d,"dependencies",u?.dependencies??v(r,"dependencies")),m(d,"peerDependencies",u?.peerDependencies??v(r,"peerDependencies")),m(d,"optionalDependencies",u?.optionalDependencies??v(r,"optionalDependencies")),w(e,t,d)}return e},"parsePnpmLockFile"),v=l((n,e)=>{const t=new RegExp(String.raw`^ {4}${e}:\s*\n((?: {6,}[^\n]*\n?)+)`,"m").exec(n);if(!t?.[1])return;const s={},c=/^ {6}([^\s:]+):\s*([^\n]+)/gm;let o;for(;(o=c.exec(t[1])??void 0)!==void 0;){const p=o[1].replace(h,"").replace(y,"");let i=o[2].trim();i=i.replace(h,"").replace(y,"");const r=i.indexOf("(");if(r>0&&(i=i.slice(0,r).trim()),!p||!i)continue;const a=s[p]??[];a.includes(i)||a.push(i),s[p]=a}return Object.keys(s).length>0?s:void 0},"extractPnpmDependencyMap"),X=l(n=>{const e=[],t=new Set,s=Z;s.lastIndex=0;let c;for(;(c=s.exec(n)??void 0)!==void 0;){const o=c[1].replace(h,"").replace(y,"");if(!o)continue;const p=c[2],i=K.exec(p);if(!i?.[1])continue;const r={name:o,version:i[1].trim()},a=G.exec(p);if(a?.[1]){const d=x(a[1]);d&&(r.integrity=d)}m(r,"dependencies",b(p,"dependencies")),m(r,"peerDependencies",b(p,"peerDependencies")),m(r,"optionalDependencies",b(p,"optionalDependencies")),w(e,t,r)}return e},"parseYarnLockFile"),b=l((n,e)=>{const t=new RegExp(String.raw`^ {2}${e}:\s*\n((?: {4,}[^\n]*\n?)+)`,"m").exec(n);if(!t?.[1])return;const s={},c=/^ {4}(['"]?[^\s:'"]+['"]?)\s*(?::\s*)?['"]([^'"\n]+)['"]/gm;let o;for(;(o=c.exec(t[1])??void 0)!==void 0;){const p=o[1].replace(h,"").replace(y,""),i=o[2];if(p&&i){const r=s[p]??[];r.includes(i)||r.push(i),s[p]=r}}return Object.keys(s).length>0?s:void 0},"extractYarnDependencyMap"),ee=/,(?=\s*[}\]])/g,ne=l(n=>{const e=[],t=new Set;let s;try{s=JSON.parse(n.replaceAll(ee,""))}catch{return e}if(!s.packages)return e;for(const c of Object.values(s.packages)){const o=c[0];if(typeof o!="string")continue;const p=o.indexOf("@",1);if(p<=0)continue;const i=o.slice(0,p),r=o.slice(p+1);if(!i||!r||r.startsWith("workspace:")||r.startsWith("link:")||r.startsWith("file:"))continue;const a={name:i,version:r},d=c[3];if(typeof d=="string"&&d.length>0){const f=x(d);f&&(a.integrity=f)}const u=c[2];if(u&&typeof u=="object"&&!Array.isArray(u)){const f=u;m(a,"dependencies",g(f.dependencies)),m(a,"peerDependencies",g(f.peerDependencies)),m(a,"optionalDependencies",g(f.optionalDependencies))}w(e,t,a)}return e},"parseBunLockFile"),O=l(n=>{if(n.endsWith("pnpm-lock.yaml"))return"pnpm";if(n.endsWith("package-lock.json"))return"npm";if(n.endsWith("yarn.lock"))return"yarn";if(n.endsWith("bun.lock"))return"bun"},"inferLockFileType"),_=l((n,e)=>{switch(e){case"bun":return ne(n);case"npm":return H(n);case"pnpm":return V(n);case"yarn":return X(n);default:return[]}},"parseLockFileContent"),W=["pnpm-lock.yaml","package-lock.json","yarn.lock","bun.lock"],re=l(async n=>{const e=await N(W,{type:"file",...n&&{cwd:n}});if(!e)throw new Error("Could not find a supported lock file (pnpm-lock.yaml, package-lock.json, yarn.lock, bun.lock)");const t=O(e);if(!t)throw new Error(`Unsupported lock file: ${e}`);const s=await C(e,"utf8");return{entries:_(s,t),path:e,type:t}},"parseLockFile"),ce=l(n=>{const e=R(W,{type:"file",...n&&{cwd:n}});if(!e)throw new Error("Could not find a supported lock file (pnpm-lock.yaml, package-lock.json, yarn.lock, bun.lock)");const t=O(e);if(!t)throw new Error(`Unsupported lock file: ${e}`);return{entries:_(B(e,"utf8"),t),path:e,type:t}},"parseLockFileSync");export{x as decodeSriIntegrity,ne as parseBunLockFile,re as parseLockFile,_ as parseLockFileContent,ce as parseLockFileSync,H as parseNpmLockFile,V as parsePnpmLockFile,X as parseYarnLockFile};

package/dist/monorepo.d.ts

@@ -1,25 +1,26 @@
-export type Strategy = "lerna" | "npm" | "pnpm" | "turbo" | "yarn";
-export interface RootMonorepo<T extends Strategy = Strategy> {
-    path: string;
-    strategy: T;
+type Strategy = "lerna" | "npm" | "pnpm" | "turbo" | "yarn";
+interface RootMonorepo<T extends Strategy = Strategy> {
+  path: string;
+  strategy: T;
 }
 /**
- * An asynchronous function to find the root directory path and strategy for a monorepo based on
- * the given current working directory (cwd).
- * @param cwd The current working directory. The type of `cwd` is part of an `Options` type, specifically `Options["cwd"]`.
- * Default is undefined.
- * @returns A `Promise` that resolves to the root directory path and strategy for the monorepo.
- * The type of the returned promise is `Promise&lt;RootMonorepo>`.
- * @throws An `Error` if no monorepo root can be found using lerna, yarn, pnpm, or npm as indicators.
- */
-export declare const findMonorepoRoot: (cwd?: URL | string) => Promise<RootMonorepo>;
+* An asynchronous function to find the root directory path and strategy for a monorepo based on
+* the given current working directory (cwd).
+* @param cwd The current working directory. The type of `cwd` is part of an `Options` type, specifically `Options["cwd"]`.
+* Default is undefined.
+* @returns A `Promise` that resolves to the root directory path and strategy for the monorepo.
+* The type of the returned promise is `Promise&lt;RootMonorepo>`.
+* @throws An `Error` if no monorepo root can be found using lerna, yarn, pnpm, or npm as indicators.
+*/
+declare const findMonorepoRoot: (cwd?: URL | string) => Promise<RootMonorepo>;
 /**
- * An function to find the root directory path and strategy for a monorepo based on
- * the given current working directory (cwd).
- * @param cwd The current working directory. The type of `cwd` is part of an `Options` type, specifically `Options["cwd"]`.
- * Default is undefined.
- * @returns A `Promise` that resolves to the root directory path and strategy for the monorepo.
- * The type of the returned promise is `Promise&lt;RootMonorepo>`.
- * @throws An `Error` if no monorepo root can be found using lerna, yarn, pnpm, or npm as indicators.
- */
-export declare const findMonorepoRootSync: (cwd?: URL | string) => RootMonorepo;
+* An function to find the root directory path and strategy for a monorepo based on
+* the given current working directory (cwd).
+* @param cwd The current working directory. The type of `cwd` is part of an `Options` type, specifically `Options["cwd"]`.
+* Default is undefined.
+* @returns A `Promise` that resolves to the root directory path and strategy for the monorepo.
+* The type of the returned promise is `Promise&lt;RootMonorepo>`.
+* @throws An `Error` if no monorepo root can be found using lerna, yarn, pnpm, or npm as indicators.
+*/
+declare const findMonorepoRootSync: (cwd?: URL | string) => RootMonorepo;
+export { RootMonorepo, Strategy, findMonorepoRoot, findMonorepoRootSync };

package/dist/monorepo.js

@@ -1 +1 @@
-var l=Object.defineProperty;var p=(r,e)=>l(r,"name",{value:e,configurable:!0});import{createRequire as y}from"node:module";import{findUp as j,readJson as w,findUpSync as b,readJsonSync as k}from"@visulima/fs";import{NotFoundError as u}from"@visulima/fs/error";import{dirname as d,join as a}from"@visulima/path";import{findPackageManager as _,findPackageManagerSync as M}from"./package-manager.js";const g=y(import.meta.url),i=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,h=p(r=>{if(typeof i<"u"&&i.versions&&i.versions.node){const[e,t]=i.versions.node.split(".").map(Number);if(e>22||e===22&&t>=3||e===20&&t>=16)return i.getBuiltinModule(r)}return g(r)},"__cjs_getBuiltinModule"),{existsSync:c,readFileSync:f}=h("node:fs");var S=Object.defineProperty,m=p((r,e)=>S(r,"name",{value:e,configurable:!0}),"i");const E=m(async r=>{const e=await j(["lerna.json","turbo.json"],{type:"file",...r&&{cwd:r}});if(e?.endsWith("lerna.json")){const o=await w(e);if(o.useWorkspaces||o.packages)return{path:d(e),strategy:"lerna"}}const t=e?.endsWith("turbo.json");try{const{packageManager:o,path:n}=await _(r);if(["npm","yarn"].includes(o)){const s=a(n,"package.json");if(c(s)&&f(a(n,"package.json"),"utf8").includes("workspaces"))return{path:n,strategy:t?"turbo":o}}else if(o==="pnpm"){const s=a(n,"pnpm-workspace.yaml");if(c(s))return{path:n,strategy:t?"turbo":"pnpm"}}}catch(o){if(!(o instanceof u))throw o}throw new Error(`No monorepo root could be found upwards from the directory ${r} using lerna, yarn, pnpm, or npm as indicators.`)},"findMonorepoRoot"),T=m(r=>{const e=b(["lerna.json","turbo.json"],{type:"file",...r&&{cwd:r}});if(e?.endsWith("lerna.json")){const o=k(e);if(o.useWorkspaces||o.packages)return{path:d(e),strategy:"lerna"}}const t=e?.endsWith("turbo.json");try{const{packageManager:o,path:n}=M(r);if(["npm","yarn"].includes(o)){const s=a(n,"package.json");if(c(s)&&f(a(n,"package.json"),"utf8").includes("workspaces"))return{path:n,strategy:t?"turbo":o}}else if(o==="pnpm"){const s=a(n,"pnpm-workspace.yaml");if(c(s))return{path:n,strategy:t?"turbo":"pnpm"}}}catch(o){if(!(o instanceof u))throw o}throw new Error(`No monorepo root could be found upwards from the directory ${r} using lerna, yarn, pnpm, or npm as indicators.`)},"findMonorepoRootSync");export{E as findMonorepoRoot,T as findMonorepoRootSync};
+var l=Object.defineProperty;var p=(e,n)=>l(e,"name",{value:n,configurable:!0});import{createRequire as y}from"node:module";import{findUp as j,readJson as b,findUpSync as w,readJsonSync as k}from"@visulima/fs";import{NotFoundError as u}from"@visulima/fs/error";import{dirname as d,join as s}from"@visulima/path";import{findPackageManager as _,findPackageManagerSync as M}from"./package-manager.js";const g=y(import.meta.url),i=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,h=p(e=>{if(typeof i<"u"&&i.versions&&i.versions.node){const[n,t]=i.versions.node.split(".").map(Number);if(n>22||n===22&&t>=3||n===20&&t>=16)return i.getBuiltinModule(e)}return g(e)},"__cjs_getBuiltinModule"),{existsSync:c,readFileSync:f}=h("node:fs");var S=Object.defineProperty,m=p((e,n)=>S(e,"name",{value:n,configurable:!0}),"i");const E=m(async e=>{const n=await j(["lerna.json","turbo.json"],{type:"file",...e&&{cwd:e}});if(n?.endsWith("lerna.json")){const o=await b(n);if(o&&typeof o=="object"&&!Array.isArray(o)){const r=o;if(r.useWorkspaces||r.packages)return{path:d(n),strategy:"lerna"}}}const t=n?.endsWith("turbo.json");try{const{packageManager:o,path:r}=await _(e);if(["npm","yarn"].includes(o)){const a=s(r,"package.json");if(c(a)&&f(s(r,"package.json"),"utf8").includes("workspaces"))return{path:r,strategy:t?"turbo":o}}else if(o==="pnpm"){const a=s(r,"pnpm-workspace.yaml");if(c(a))return{path:r,strategy:t?"turbo":"pnpm"}}}catch(o){if(!(o instanceof u))throw o}throw new Error(`No monorepo root could be found upwards from the directory ${e} using lerna, yarn, pnpm, or npm as indicators.`)},"findMonorepoRoot"),T=m(e=>{const n=w(["lerna.json","turbo.json"],{type:"file",...e&&{cwd:e}});if(n?.endsWith("lerna.json")){const o=k(n);if(o.useWorkspaces||o.packages)return{path:d(n),strategy:"lerna"}}const t=n?.endsWith("turbo.json");try{const{packageManager:o,path:r}=M(e);if(["npm","yarn"].includes(o)){const a=s(r,"package.json");if(c(a)&&f(s(r,"package.json"),"utf8").includes("workspaces"))return{path:r,strategy:t?"turbo":o}}else if(o==="pnpm"){const a=s(r,"pnpm-workspace.yaml");if(c(a))return{path:r,strategy:t?"turbo":"pnpm"}}}catch(o){if(!(o instanceof u))throw o}throw new Error(`No monorepo root could be found upwards from the directory ${e} using lerna, yarn, pnpm, or npm as indicators.`)},"findMonorepoRootSync");export{E as findMonorepoRoot,T as findMonorepoRootSync};