@visulima/vis 1.0.0-alpha.10 → 1.0.0-alpha.12

package/dist/packem_chunks/handler25.js

@@ -1,5 +1,3 @@
-var P=Object.defineProperty;var v=(e,n)=>P(e,"name",{value:n,configurable:!0});import{createRequire as R}from"node:module";import{green as S,red as W,yellow as A,dim as d}from"@visulima/colorize";import{join as N}from"@visulima/path";import{p as o}from"./bin.js";import{S as w,g as C,w as j,b as B,p as q,f as k,a as M,c as H,u as y,d as K,e as O,h as D}from"../packem_shared/toolchain-DQfTQY8E.js";const I=R(import.meta.url),$=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,b=v(e=>{if(typeof $<"u"&&$.versions&&$.versions.node){const[n,i]=$.versions.node.split(".").map(Number);if(n>22||n===22&&i>=3||n===20&&i>=16)return $.getBuiltinModule(e)}return I(e)},"__cjs_getBuiltinModule"),{spawnSync:U}=b("node:child_process"),{writeFileSync:F}=b("node:fs");var L=Object.defineProperty,f=v((e,n)=>L(e,"name",{value:n,configurable:!0}),"d");const x=["bun","deno","go","node","npm","pnpm","python","ruby","rust","yarn"],G=f(e=>x.includes(e),"isKnownTool"),p=f(e=>e?S("✓"):W("✗"),"icon"),T=A("⚠"),J=f(e=>{if(e.installed){const n=e.version?` v${e.version}`:"",i=e.configFiles.length>0?` (${e.configFiles.join(", ")})`:"";return`${p(!0)} ${e.name}${n}${i}`}return`${T} ${e.name} — referenced by ${e.configFiles.join(", ")} but not installed`},"renderManagerLine"),z=f(e=>{if(e.matches)return"";const{manager:n}=e;return n.name==="none"?d("→ (no manager)"):n.name==="self-activate"?"":n.installed?d(`→ ${n.name}`):d(`→ ${n.name} (missing)`)},"renderToolManager"),Q=f(e=>e.matches?p(!0):e.actual?T:p(!1),"toolIcon"),V=f(e=>{if(o.info(""),o.info(d("── Toolchain ───────────────────────")),e.detected.length===0)o.info(`  ${p(!1)} No version manager detected`),o.notice(`  Install one of: ${w.join(", ")}`);else for(const n of e.detected)o.info(`  ${J(n)}`);if(o.info(""),e.tools.length===0){o.info(`  ${d("No tool pins found — add engines.node, .nvmrc, or a manager config file.")}`);return}o.info(d("── Tools ───────────────────────────"));for(const n of e.tools){const i=`${n.expected.tool} ${n.expected.version}`,s=n.actual?`actual ${n.actual}`:"not installed",t=n.matches?"":d(` [${n.expected.source}]`),r=z(n),u=r===""?"":` ${r}`;o.info(`  ${Q(n)} ${i} — ${s}${t}${u}`),n.manager.note&&o.notice(`     ${n.manager.note}`)}},"printStatus"),X=f((e,n,i)=>{const s=C(e,n);if(i.json){process.stdout.write(`${JSON.stringify({detected:s.detected.map(r=>({binPath:r.binPath??null,configFiles:r.configFiles,installed:r.installed,name:r.name,version:r.version??null})),tools:s.tools.map(r=>({actual:r.actual??null,expected:r.expected.version,manager:r.manager.name,managerInstalled:r.manager.installed,matches:r.matches,note:r.manager.note??null,source:r.expected.source,tool:r.expected.tool}))},void 0,2)}
-`);return}V(s);const t=s.tools.filter(r=>!r.matches);t.length>0&&(o.info(""),o.notice("  Run `vis toolchain install` to install pinned versions.")),i.exitCode&&t.length>0&&(process.exitCode=1)},"executeStatus"),Y=f(e=>{const n=new Map;for(const i of e){const s=n.get(i.manager.name);s?s.push(i):n.set(i.manager.name,[i])}return n},"groupByManager"),_=f((e,n,i)=>U(e,n,{cwd:i,stdio:"inherit"}).status??1,"runInvocation"),Z=f((e,n,i)=>{const s=C(e,n),t=s.tools.filter(c=>!c.matches);if(t.length===0){o.success("Everything already matches — nothing to install.");return}const r=t.some(c=>c.manager.name!=="self-activate"&&c.manager.name!=="none");if(s.detected.length===0&&r){o.error(`No version manager detected. Install one of: ${w.join(", ")}.`),process.exitCode=1;return}const u=Y(t);let l=!1,g=0;for(const[c,m]of u){if(c==="self-activate"){for(const{expected:a}of m){if(a.source==="packageManager")o.info(`${d("$")} (${a.tool} will self-activate from packageManager on next invocation)`);else if(o.info(`${d("$")} Writing packageManager=${a.tool}@${a.version}`),i.dryRun)l=!0;else try{j(e,a),l=!0}catch(h){o.error(h.message),g=1}o.notice(`  ${a.tool} ${a.version} — no install needed`)}continue}if(c==="none"){for(const{expected:a}of m)o.warn(`Cannot install ${a.tool} ${a.version} — no manager can handle it.`);g=1;continue}if(!s.detected.find(a=>a.name===c)?.installed){o.error(`${c} is referenced but not on PATH — install it first, then rerun \`vis toolchain install\`.`),g=1;continue}const E=m.map(a=>B(c,a.expected)).filter(Boolean);for(const a of E){if(!a)continue;if(a.bin==="nvm"&&a.args.length===0){o.error("nvm is a shell function — run `nvm install` in your shell, then rerun `vis toolchain install`."),a.hint&&o.notice(`  ${a.hint}`),g=1;continue}if(o.info(`${d("$")} ${a.bin} ${a.args.join(" ")}`),a.hint&&o.notice(`  ${a.hint}`),i.dryRun){l=!0;continue}const h=_(a.bin,a.args,e);if(l=!0,h!==0){g=h;break}}}if(g!==0){process.exitCode=g;return}l&&o.success("Toolchain installed.")},"executeInstall"),ee=f((e,n,i,s)=>{if(!i)throw new Error("Usage: vis toolchain use <tool>@<version> (e.g. vis toolchain use node@22.13.0)");const t=q(i);if(!t)throw new Error(`Could not parse "${i}". Expected "<tool>@<version>" where <tool> is one of ${x.join(", ")}.`);const r=k(e),u=M(t,r,n);if(u.name==="none"){o.error(`No manager can pin ${t.tool}. Install one of: ${w.join(", ")}.`),process.exitCode=1;return}if(!u.installed){o.error(`The best manager for ${t.tool} (${u.name}) is not on PATH. ${u.note??""}`),process.exitCode=1;return}const l=H(u.name,t);if(!l){o.error(`${u.name} cannot pin ${t.tool}. Use a different manager, or set \`toolchain.tools.${t.tool}\` in vis.config.ts.`),process.exitCode=1;return}if(u.name==="self-activate"){if(o.info(`${d("→")} Writing packageManager field to package.json...`),s.dryRun){o.notice(`  Would set packageManager: "${t.tool}@${t.version}"`);return}try{const c=j(e,t);if(!c){o.error(`Refusing to pin non-package-manager tool ${t.tool} via the packageManager field.`),process.exitCode=1;return}if(o.success(`Set packageManager: "${c}" — ${t.tool} will activate this version on next invocation.`),s.engines!==!1){const m=y(e,t);m&&o.success(`Updated package.json engines.${t.tool} → ${m}.`)}}catch(c){o.error(c.message),process.exitCode=1}return}if(l.args.length===0&&u.name==="nvm"&&t.tool==="node"){const c=N(e,".nvmrc");if(o.info(`${d("→")} Writing ${c}...`),s.dryRun){o.notice(`  Would write ${t.version} to .nvmrc`);return}try{F(c,`${t.version}
-`)}catch(m){o.error(`Failed to write .nvmrc: ${m.message}`),process.exitCode=1;return}o.success(`Wrote ${t.version} to .nvmrc.`),o.notice("  nvm is a shell function — run `nvm use` to activate it in this shell.");return}if(l.args.length===0){o.error(`${u.name} cannot pin ${t.tool} from a subprocess. ${l.configChange?.hint??""}`),l.configChange&&o.notice(`  Edit ${l.configChange.file} by hand and rerun \`vis toolchain status\` to verify.`),process.exitCode=1;return}if(o.info(`${d("$")} ${l.bin} ${l.args.join(" ")}`),l.configChange&&o.notice(`  Will update ${l.configChange.file} — ${l.configChange.hint}`),s.dryRun)return;const g=_(l.bin,l.args,e);if(g!==0){process.exitCode=g;return}if(o.success(`Pinned ${t.tool} to ${t.version}.`),s.engines!==!1)try{const c=y(e,t);c&&o.success(`Updated package.json engines.${t.tool} → ${c}.`)}catch(c){o.warn(`Could not update engines.${t.tool}: ${c.message}`)}},"executeUse"),ne=f((e,n,i)=>{if(!i)throw new Error("Usage: vis toolchain which <tool> (e.g. vis toolchain which node)");const s=i.toLowerCase();if(!G(s))throw new Error(`Unknown tool "${i}". Known: ${x.join(", ")}.`);const t=k(e),r=M({source:"vis.config.ts",tool:s,version:"*"},t,n),u=r.installed&&r.name!=="self-activate"&&r.name!=="none"?t.find(g=>g.name===r.name):void 0,l=u?K(u,s):O(s);if(!l){o.error(`${i} not found in PATH${u?` or via ${u.name}`:""}.`),process.exitCode=1;return}process.stdout.write(`${l}
-`)},"executeWhich"),oe=f((e,n)=>{const i=D(e,n);process.stdout.write(`${i.name}
-`)},"executeDetect"),le=f(async({argument:e,options:n,visConfig:i,workspaceRoot:s})=>{if(!s)throw new Error("Could not determine workspace root. Run inside a monorepo.");const t=e[0]??"status",r=i?.toolchain;switch(t){case"detect":{oe(s,r);return}case"install":{Z(s,r,n);return}case"status":{X(s,r,n);return}case"use":{ee(s,r,e[1],n);return}case"which":{ne(s,r,e[1]);return}default:throw new Error(`Unknown toolchain action "${t}". Known: status, detect, install, use, which.`)}},"execute");export{le as default};
+var a=Object.defineProperty;var s=(n,e)=>a(n,"name",{value:e,configurable:!0});import{createRequire as f}from"node:module";import{q as v}from"./bin.js";const d=f(import.meta.url),t=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,l=s(n=>{if(typeof t<"u"&&t.versions&&t.versions.node){const[e,r]=t.versions.node.split(".").map(Number);if(e>22||e===22&&r>=3||e===20&&r>=16)return t.getBuiltinModule(n)}return d(n)},"__cjs_getBuiltinModule"),{execSync:p,spawnSync:m}=l("node:child_process");var g=Object.defineProperty,y=s((n,e)=>g(n,"name",{value:e,configurable:!0}),"r");const w=y(async({argument:n,logger:e,options:r})=>{const c=n?.[0];e.info("info: checking for updates...");const o=v.version;let i;try{const u=p("npm view @visulima/vis version",{encoding:"utf8"}).trim();i=c??u}catch{throw new Error("Failed to query npm registry. Check your network connection.")}if(o===i&&!r.force){e.info(`
+✓ Already up to date (${o})`);return}if(r.check){o===i?e.info(`✓ Already up to date (${o})`):e.info(`info: found @visulima/vis@${i} (current: ${o})`);return}if(e.info(`info: found @visulima/vis@${i} (current: ${o})`),e.info("info: installing..."),m("npm",["install","-g",`@visulima/vis@${i}`],{encoding:"utf8",stdio:"inherit"}).status!==0)throw new Error("Failed to update. Try running with sudo or fix npm permissions.");e.info(`
+✓ Updated @visulima/vis from ${o} → ${i}`)},"execute");export{w as default};

package/dist/packem_chunks/handler26.js

@@ -1 +1 @@
-var f=Object.defineProperty;var s=(e,o)=>f(e,"name",{value:o,configurable:!0});import{J as p,h as u}from"./bin.js";var d=Object.defineProperty,g=s((e,o)=>d(e,"name",{value:o,configurable:!0}),"c");const x=g(async({argument:e,logger:o,options:c,visConfig:n,workspaceRoot:t})=>{const i=e||[],a=t??process.cwd(),l=p(a,{configBackend:n?.install?.backend}),r=u(l,i,c.recursive||!1,a,o);r!==0&&(process.exitCode=r)},"execute");export{x as default};
+var p=Object.defineProperty;var t=(o,a)=>p(o,"name",{value:a,configurable:!0});import{m as f,C as d}from"./bin.js";import{o as g}from"../packem_shared/utils-DrNg0XTR.js";var v=Object.defineProperty,m=t((o,a)=>v(o,"name",{value:a,configurable:!0}),"n");const h=m(async({argument:o,logger:a,options:e,visConfig:l,workspaceRoot:i})=>{const s=o;if(!s||s.length===0)throw new Error("No packages specified. Usage: vis why <package...>");const n=i??process.cwd(),c=f(n,{configBackend:l?.install?.backend,configCorepack:l?.install?.corepack}),r=d(c,{depth:e.depth===void 0?void 0:Number(e.depth),dev:e.dev||!1,filter:g(e.filter),global:e.global||!1,json:e.json||!1,long:e.long||!1,noOptional:e.noOptional||!1,packages:s,parseable:e.parseable||!1,prod:e.prod||!1,recursive:e.recursive||!1},n,a);r!==0&&r!==1&&(process.exitCode=r)},"execute");export{h as default};

package/dist/packem_chunks/handler27.js

@@ -1,3 +1 @@
-var a=Object.defineProperty;var s=(n,e)=>a(n,"name",{value:e,configurable:!0});import{createRequire as f}from"node:module";import{m as v}from"./bin.js";const d=f(import.meta.url),t=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,l=s(n=>{if(typeof t<"u"&&t.versions&&t.versions.node){const[e,r]=t.versions.node.split(".").map(Number);if(e>22||e===22&&r>=3||e===20&&r>=16)return t.getBuiltinModule(n)}return d(n)},"__cjs_getBuiltinModule"),{execSync:p,spawnSync:m}=l("node:child_process");var g=Object.defineProperty,y=s((n,e)=>g(n,"name",{value:e,configurable:!0}),"r");const w=y(async({argument:n,logger:e,options:r})=>{const c=n?.[0];e.info("info: checking for updates...");const o=v.version;let i;try{const u=p("npm view @visulima/vis version",{encoding:"utf8"}).trim();i=c??u}catch{throw new Error("Failed to query npm registry. Check your network connection.")}if(o===i&&!r.force){e.info(`
-✓ Already up to date (${o})`);return}if(r.check){o===i?e.info(`✓ Already up to date (${o})`):e.info(`info: found @visulima/vis@${i} (current: ${o})`);return}if(e.info(`info: found @visulima/vis@${i} (current: ${o})`),e.info("info: installing..."),m("npm",["install","-g",`@visulima/vis@${i}`],{encoding:"utf8",stdio:"inherit"}).status!==0)throw new Error("Failed to update. Try running with sudo or fix npm permissions.");e.info(`
-✓ Updated @visulima/vis from ${o} → ${i}`)},"execute");export{w as default};
+var q=Object.defineProperty;var $=(t,r)=>q(t,"name",{value:r,configurable:!0});import{createRequire as A}from"node:module";import{dim as M,red as N,yellow as z,green as T}from"@visulima/colorize";import{readJsonSync as B,writeJsonSync as I}from"@visulima/fs";import{findPackageManagerSync as J}from"@visulima/package";import{join as U}from"@visulima/path";import{B as V,r as b,t as G,p as g,N as j,R as Q,Q as W,w as Y,U as Z,k as H,g as K,z as X,h as ee,V as oe,F as te,m as se,G as ne}from"./bin.js";import{r as re}from"../packem_shared/typosquats-CcZl99B1.js";import{d as C,o as R}from"../packem_shared/utils-DrNg0XTR.js";const O=A(import.meta.url),v=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,L=$(t=>{if(typeof v<"u"&&v.versions&&v.versions.node){const[r,e]=v.versions.node.split(".").map(Number);if(r>22||r===22&&e>=3||r===20&&e>=16)return v.getBuiltinModule(t)}return O(t)},"__cjs_getBuiltinModule"),{createInterface:F}=L("node:readline");var ae=Object.defineProperty,h=$((t,r)=>ae(t,"name",{value:r,configurable:!0}),"c");const P=h(t=>t==="default"?"catalog:":`catalog:${t}`,"buildCatalogRef"),S=h(t=>t==="default"?"default catalog":`catalog "${t}"`,"labelForCatalog"),ie=h((t,r)=>{const e=[];for(const[o,n]of r)o.includes(":")||n.has(t)&&e.push(o);if(e.length===0)return;if(e.length===1){const[o]=e;return{source:S(o),spec:P(o)}}const a=e.find(o=>o==="default")??e[0],i=e.filter(o=>o!==a);return{candidates:[...e],conflict:!0,source:`${S(a)} (also in: ${i.map(o=>S(o)).join(", ")})`,spec:P(a)}},"resolveFromCatalogs"),ce=h((t,r)=>{const e=new Map;for(const[l,p]of r){if(!l.includes(":"))continue;const f=p.get(t);f!==void 0&&e.set(f,(e.get(f)??0)+1)}if(e.size===0)return;const a=[...e.entries()],i=a.reduce((l,[,p])=>l+p,0);if(a.length===1){const[[l]]=a;return{source:`siblings (${String(i)} pkg${i===1?"":"s"} on ${l})`,spec:l}}const o=[...a].sort((l,p)=>p[1]-l[1]),[n,s]=o[0],c=o.slice(1).map(([l,p])=>`${l} (×${String(p)})`);return{candidates:o.map(([l])=>l),conflict:!0,source:`siblings (most common: ${n} ×${String(s)}; conflicts: ${c.join(", ")})`,spec:n}},"resolveFromSiblings"),le=h((t,r)=>ie(t,r)||ce(t,r),"conformToCatalog");var pe=Object.defineProperty,d=$((t,r)=>pe(t,"name",{value:r,configurable:!0}),"m");const _=d(async(t,r=1e4)=>{const e=new Map,a=new AbortController,i=setTimeout(()=>{a.abort()},r);try{const o=t.map(async n=>{try{const s=await fetch(`https://registry.npmjs.org/${n}/latest`,{headers:{Accept:"application/json"},signal:a.signal});if(s.ok){const c=await s.json();c.version&&e.set(n,c.version)}}catch{}});await Promise.all(o)}finally{clearTimeout(i)}return e},"resolveLatestVersions"),fe=d((t,r,e)=>{const a=[];for(const i of t.values()){const{overall:o}=i.score,n=V(o),s=`${String(Math.round(o*100))}%`,c=i.alerts.length,l=b(i),p=G(l,i.version,e),f=n==="red"?N:n==="yellow"?z:T;if(p?g.info(`  ${f(s)} ${j(i)} ${M(`[accepted: ${p.reason}]`)}`):g.info(`  ${f(s)} ${j(i)}`),c>0){const u=i.alerts.filter(m=>m.severity==="critical"||m.severity==="high").length;u>0&&g.warn(`    ${String(u)} critical/high alert${u===1?"":"s"}`)}o<r&&!p&&a.push(i)}return a},"displaySecurityReports"),ge=d(async(t,r)=>{const e=F({input:process.stdin,output:process.stdout}),a=d(s=>new Promise(c=>{e.question(s,l=>{c(l.trim())})}),"ask"),i=String(Math.round(r*100));g.warn(""),g.warn(`${String(t.length)} package${t.length===1?"":"s"} scored below the minimum threshold (${i}%):`);for(const s of t){const c=b(s),l=`${String(Math.round(s.score.overall*100))}%`;g.warn(`  • ${c}@${s.version} — score: ${l} (${Q(s.score.overall)})`)}g.warn("");const o=await a("Continue adding these packages? [y/N] ");if(o.toLowerCase()!=="y"&&o.toLowerCase()!=="yes")return e.close(),!1;const n=await a("Remember this decision? (prints config snippet) [y/N] ");if(e.close(),n.toLowerCase()==="y"||n.toLowerCase()==="yes"){g.notice(""),g.notice("Add the following to security.socket.acceptedRisks in vis.config.ts:"),g.notice("");for(const s of t){const c=b(s),l=W(c,s.version,s.score.overall,"Reviewed and accepted");g.notice(l)}g.notice("")}return!0},"confirmLowScorePackages"),ue=d(async(t,r,e,a)=>{const i=t.map(f=>C(f)),o=new Map;for(const f of i)if(f.versionSpec){const u=Y.coerce(f.versionSpec);u&&o.set(f.name,u.version)}const n=i.filter(f=>!o.has(f.name)).map(f=>f.name),s=n.length>0?await _(n):new Map,c=[];for(const f of i){const u=o.get(f.name)??s.get(f.name);u&&c.push({name:f.name,version:u})}if(c.length===0)return!0;g.info(""),g.info("Socket.dev security check:");const l=await Z(c,r);if(l.size===0)return g.info("  Could not fetch security data. Proceeding."),!0;const p=fe(l,e,a);return p.length===0?(g.info(""),!0):process.stdin.isTTY?ge(p,e):(g.warn(`Aborting: ${String(p.length)} package${p.length===1?"":"s"} below minimum score. Use --no-socket-check to skip.`),!1)},"runSocketPreCheck"),de=["dependencies","devDependencies","peerDependencies","optionalDependencies"],me=d(t=>t.savePeer?"peerDependencies":t.saveOptional?"optionalDependencies":t.saveDev?"devDependencies":"dependencies","pickDepSection"),D=d((t,r)=>t.startsWith("catalog:")||!r?t:t.replace(/^[\^~]/,""),"applyExactPrefix"),ke=d(async(t,r)=>{const e=[];for(const o of t){const{name:n,versionSpec:s}=C(o);if(!n)continue;if(s!==void 0){e.push({explicit:s,name:n});continue}const c=le(n,r);if(c){c.conflict&&g.warn(`${n}: ambiguous constraint — picking ${c.spec} (${c.source}). Pass ${n}@<version> to override.`),e.push({entry:{name:n,source:c.source,spec:c.spec},kind:"resolved",name:n});continue}e.push({kind:"missing",name:n})}const a=e.filter(o=>"kind"in o&&o.kind==="missing").map(o=>o.name),i=a.length>0?await _(a):new Map;return e.map(o=>{if("explicit"in o)return{name:o.name,source:"explicit",spec:o.explicit};if(o.kind==="resolved")return o.entry;const n=i.get(o.name);if(n===void 0)throw new Error(`--to: cannot resolve a version for "${o.name}" (not in any catalog or sibling, and registry lookup failed). Pass ${o.name}@<version> explicitly.`);const s=`^${n}`;return g.info(`${o.name}: no existing constraint — using registry latest (${s}). Add to a catalog to share this version across workspace packages.`),{name:o.name,source:"registry latest",spec:s}})},"planConformedSpecs"),we=d((t,r,e,a)=>{for(const{name:i,spec:o}of r){const n=D(o,a);for(const c of de){if(c===e)continue;const l=t[c];l?.[i]!==void 0&&(delete l[i],Object.keys(l).length===0&&delete t[c])}let s=t[e];s===void 0&&(s={},t[e]=s),s[i]=n}},"applyPlannedSpecsToPackageJson"),ve=d(async({ignoreScripts:t,logger:r,options:e,packages:a,pm:i,target:o,visConfig:n,workspaceRoot:s})=>{const{workspace:c}=H(s,n??{}),l=c.projects[o];if(!l){const k=Object.keys(c.projects).sort();throw new Error(`--to: workspace package "${o}" not found. Available: ${k.length>0?k.slice(0,10).join(", "):"(none)"}${k.length>10?`, ... (${String(k.length-10)} more)`:""}.`)}const p=U(s,l.root,"package.json"),{packageManager:f}=J(s),u=K(s,f),m=me(e),w=e.exact??!1,y=await ke(a,u);if(y.length===0)return 0;const x=B(p);we(x,y,m,w),I(p,x,{indent:X(p,{useEditorconfig:n?.editorconfig??!0}),overwrite:!0});for(const k of y){const E=D(k.spec,w);g.info(`${T("+")} ${k.name}@${E} → ${o}/${m} (${M(k.source)})`)}return ee(i,{dev:!1,filter:[],force:!1,frozenLockfile:!1,ignoreScripts:t,lockfileOnly:!1,noOptional:!1,offline:!1,prod:!1,recursive:!1,silent:!1,workspaceRoot:!1},s,r)},"applyConformedAdd"),Pe=d(async({argument:t,logger:r,options:e,visConfig:a,workspaceRoot:i})=>{let o=t;if(!o||o.length===0)throw new Error("No packages specified. Usage: vis add <packages...>");if(!e.noTyposquatCheck){const p=o.map(u=>C(u)),f=await re(p.map(u=>u.name),a?.security?.typosquatAllowlist);if(!f.ok){process.exitCode=1;return}o=p.map((u,m)=>{const w=f.packages[m];return w!==u.name?u.versionSpec?`${w}@${u.versionSpec}`:w??"":o[m]??""})}if(!e.noSocketCheck){const p=oe(a?.security?.socket);if(p){const f=p.minimumScore??te;if(!await ue(o,p,f,a?.security?.socket?.acceptedRisks)){process.exitCode=1;return}}}const n=process.cwd(),s=se(i??n,{configBackend:a?.install?.backend,configCorepack:a?.install?.corepack}),c=!e.runScripts;if(e.to){if(e.global||e.workspaceRoot)throw new Error("--to is incompatible with --global / --workspace-root.");if(e.filter&&R(e.filter).length>0)throw new Error("--to and --filter are mutually exclusive — --to already targets one package.");if(!i)throw new Error("--to requires a monorepo workspace. Run from inside a pnpm/bun/yarn/npm workspace.");const p=await ve({ignoreScripts:c,logger:r,options:e,packages:o,pm:s,target:e.to,visConfig:a,workspaceRoot:i});p!==0&&(process.exitCode=p);return}const l=ne(s,{exact:e.exact||!1,filter:R(e.filter),global:e.global||!1,optional:e.saveOptional||!1,packages:o,peer:e.savePeer||!1,saveDev:e.saveDev||!1,workspace:e.workspace||!1,workspaceRoot:e.workspaceRoot||!1},n,r,{autoInstallPeers:e.autoInstallPeers||!1,ignoreScripts:c});l!==0&&(process.exitCode=l)},"execute");export{Pe as default};

package/dist/packem_chunks/handler28.js

@@ -1 +1,7 @@
-var p=Object.defineProperty;var t=(o,a)=>p(o,"name",{value:a,configurable:!0});import{J as f,i as d}from"./bin.js";import{o as g}from"../packem_shared/utils-DrNg0XTR.js";var v=Object.defineProperty,u=t((o,a)=>v(o,"name",{value:a,configurable:!0}),"c");const k=u(async({argument:o,logger:a,options:e,visConfig:n,workspaceRoot:i})=>{const s=o;if(!s||s.length===0)throw new Error("No packages specified. Usage: vis why <package...>");const l=i??process.cwd(),c=f(l,{configBackend:n?.install?.backend}),r=d(c,{depth:e.depth===void 0?void 0:Number(e.depth),dev:e.dev||!1,filter:g(e.filter),global:e.global||!1,json:e.json||!1,long:e.long||!1,noOptional:e.noOptional||!1,packages:s,parseable:e.parseable||!1,prod:e.prod||!1,recursive:e.recursive||!1},l,a);r!==0&&r!==1&&(process.exitCode=r)},"execute");export{k as default};
+var x=Object.defineProperty;var l=(e,o)=>x(e,"name",{value:o,configurable:!0});import{runProvider as S,detectAllProviders as w}from"@visulima/find-ai-runner";import{renderToString as E,Table as P}from"@visulima/tui";import D from"react";import{b as g,R as v}from"../packem_shared/ai-analysis-hm8d2W7z.js";import{bold as I,dim as d,cyan as N,green as O,yellow as T}from"@visulima/colorize";var j=Object.defineProperty,u=l((e,o)=>j(e,"name",{value:o,configurable:!0}),"s");const f={command:"ai",description:"AI-assisted commands: provider detection, cache management, and failure-fix proposals."},A=u(e=>{if(typeof e!="function")return String(e);const{name:o}=e;return o==="Boolean"?"boolean":o==="Number"?"number":o==="String"?"string":o??"unknown"},"typeName"),R=u(e=>{const o=[...e.commandPath??[],e.name].join(" "),a=(e.examples??[]).map(([t,s])=>({command:t??"",description:s??""})),i=(e.options??[]).map(t=>({defaultValue:t.defaultValue,description:t.description,name:t.name,type:A(t.type)}));return{argument:e.argument?{description:e.argument.description,name:e.argument.name}:void 0,description:e.description??"",examples:a,name:e.name,options:i,path:o}},"buildSubcommand"),y=u((e,o=f)=>({command:o.command,description:o.description,subcommands:e.map(a=>R(a))}),"buildDiscoveryPayload"),C=u((e,o=f)=>`${JSON.stringify(y(e,o),void 0,2)}
+`,"renderDiscoveryJson"),J=u((e,o=f)=>{const a=y(e,o),i=[I(`vis ${a.command} — ${a.description}`),"",d("Subcommands:")];for(const t of a.subcommands){const s=t.argument?` ${N(`<${t.argument.name}>`)}`:"";if(i.push(""),i.push(`  ${O(`vis ${t.path}`)}${s}`),t.description&&i.push(`    ${t.description}`),t.options.length>0){const n=t.options.map(c=>`--${c.name}${c.type==="boolean"?"":`=<${c.type}>`}`).join(", ");i.push(d(`    options: ${n}`))}if(t.examples.length>0){i.push(d("    examples:"));for(const n of t.examples){const c=n.description?d(` — ${n.description}`):"";i.push(`      ${T(n.command)}${c}`)}}}return i.push(""),i.push(d(`Run \`vis ${a.command} discover-help\` for the machine-readable JSON catalogue (designed for AI agents).`)),i.push(d(`Run \`vis ${a.command} <subcommand> --help\` for full usage of a specific subcommand.`)),`${i.join(`
+`)}
+`},"renderDiscoveryText");var F=Object.defineProperty,p=l((e,o)=>F(e,"name",{value:o,configurable:!0}),"r");const h=p(async()=>{const{default:e}=await import("./bin.js").then(o=>o.aO);return e.filter(o=>o.name!=="ai")},"loadDiscoverableSubcommands"),L=p(async()=>{const e=await h();process.stderr.write(J(e))},"aiRootExecute"),q=p(async()=>{const e=await h();process.stdout.write(C(e))},"aiDiscoverHelpExecute"),z=p(async({logger:e,visConfig:o})=>{const a=o?.ai,i=g(a);if(!i){e.error("No AI provider available to test."),process.exitCode=1;return}e.info(`Testing ${i.name}...`);try{const t=await S(i,"Reply with exactly: OK",{timeoutMs:3e4});e.info(`Provider ${i.name} responded: ${t.stdout.trim().slice(0,200)}`)}catch(t){const s=t instanceof Error?t.message:String(t);e.error(`Provider ${i.name} failed: ${s}`),process.exitCode=1}},"aiTestExecute"),G=p(({logger:e,options:o,visConfig:a})=>{const i=o.format??"table",t=a?.ai,s=w(),n=g(t);if(i==="json"){const r=s.map(m=>({available:m.available,method:m.detectionMethod,name:m.name,path:m.path,priority:v[m.name]??0,selected:m.name===n?.name,version:m.version}));process.stdout.write(`${JSON.stringify(r,void 0,2)}
+`);return}const c=s.map(r=>({method:r.detectionMethod??"-",path:r.path??"-",priority:String(v[r.name]??0),provider:r.name,selected:r.name===n?.name?">>>":"",status:r.available?"available":"not found",version:r.version??"-"})),b=process.stdout.columns||80,$=E(D.createElement(P,{data:c}),{columns:b});e.info($),n?e.info(`
+Selected provider: ${n.name} (priority ${String(v[n.name]??0)})`):e.info(`
+No AI provider available. Install one of the supported AI CLI tools.`)},"aiProvidersExecute"),Q=p(async e=>{const{aiFix:o}=await import("./fix.js");await o(e)},"aiFixExecute");export{q as aiDiscoverHelpExecute,Q as aiFixExecute,G as aiProvidersExecute,L as aiRootExecute,z as aiTestExecute};

package/dist/packem_chunks/handler29.js

@@ -1,7 +1,23 @@
-var $=Object.defineProperty;var l=(e,o)=>$(e,"name",{value:o,configurable:!0});import{runProvider as x,detectAllProviders as P}from"@visulima/find-ai-runner";import{renderToString as S,Table as w}from"@visulima/tui";import E from"react";import{b as h,R as f}from"../packem_shared/ai-analysis-CGuy7dfE.js";import{bold as j,dim as p,cyan as I,green as T,yellow as A}from"@visulima/colorize";var D=Object.defineProperty,d=l((e,o)=>D(e,"name",{value:o,configurable:!0}),"i");const v={command:"ai",description:"AI-assisted commands: provider detection, cache management, and failure-fix proposals."},N=d(e=>{if(typeof e!="function")return String(e);const{name:o}=e;return o==="Boolean"?"boolean":o==="Number"?"number":o==="String"?"string":o??"unknown"},"typeName"),C=d(e=>{const o=[...e.commandPath??[],e.name].join(" "),a=(e.examples??[]).map(([n,s])=>({command:n??"",description:s??""})),t=(e.options??[]).map(n=>({defaultValue:n.defaultValue,description:n.description,name:n.name,type:N(n.type)}));return{argument:e.argument?{description:e.argument.description,name:e.argument.name}:void 0,description:e.description??"",examples:a,name:e.name,options:t,path:o}},"buildSubcommand"),g=d((e,o=v)=>({command:o.command,description:o.description,subcommands:e.map(a=>C(a))}),"buildDiscoveryPayload"),O=d((e,o=v)=>`${JSON.stringify(g(e,o),void 0,2)}
-`,"renderDiscoveryJson"),R=d((e,o=v)=>{const a=g(e,o),t=[];t.push(j(`vis ${a.command} — ${a.description}`)),t.push(""),t.push(p("Subcommands:"));for(const n of a.subcommands){const s=n.argument?` ${I(`<${n.argument.name}>`)}`:"";if(t.push(""),t.push(`  ${T(`vis ${n.path}`)}${s}`),n.description&&t.push(`    ${n.description}`),n.options.length>0){const i=n.options.map(m=>`--${m.name}${m.type==="boolean"?"":`=<${m.type}>`}`).join(", ");t.push(p(`    options: ${i}`))}if(n.examples.length>0){t.push(p("    examples:"));for(const i of n.examples){const m=i.description?p(` — ${i.description}`):"";t.push(`      ${A(i.command)}${m}`)}}}return t.push(""),t.push(p("Pass --format=json for machine-readable output (designed for AI agents).")),t.push(p(`Run \`vis ${a.command} <subcommand> --help\` for full usage of a specific subcommand.`)),`${t.join(`
+var re=Object.defineProperty;var V=(t,n)=>re(t,"name",{value:n,configurable:!0});import{dim as b,yellow as Y,cyan as Z,magenta as _,red as ee}from"@visulima/colorize";import{isAccessibleSync as G,readFileSync as B,writeFileSync as Q}from"@visulima/fs";import{readYamlSync as se}from"@visulima/fs/yaml";import{join as H}from"@visulima/path";import{r as oe,R as ae,A as ce,p as a,V as le,b as de,U as ue,t as ge,F as W}from"./bin.js";import{l as fe,f as pe,s as he}from"../packem_shared/dependency-scan-COr5n63B.js";var ve=Object.defineProperty,S=V((t,n)=>ve(t,"name",{value:n,configurable:!0}),"o");const L=S(t=>Array.isArray(t)?t.filter(n=>typeof n=="string"):[],"toStringArray"),K=S((t,n)=>{for(const r of n)if(r===t||r.endsWith("*")&&t.startsWith(r.slice(0,-1)))return!0;return!1},"matchesGlobList"),te=S(t=>{const n=H(t,"pnpm-workspace.yaml");if(!G(n))return{excludedPackages:[],ignoredAdvisories:[]};try{const r=se(n);return{excludedPackages:[],ignoredAdvisories:[...L(r?.auditConfig?.ignoreCves),...L(r?.auditConfig?.ignoreGhsas)]}}catch{return{excludedPackages:[],ignoredAdvisories:[]}}},"readPnpmAuditExclusions"),ne=S(t=>{const n=H(t,".yarnrc.yml");if(!G(n))return{excludedPackages:[],ignoredAdvisories:[]};try{const r=se(n);return{excludedPackages:L(r?.npmAuditExcludePackages),ignoredAdvisories:L(r?.npmAuditIgnoreAdvisories)}}catch{return{excludedPackages:[],ignoredAdvisories:[]}}},"readYarnAuditExclusions"),me=S((t,n)=>{switch(n){case"pnpm":return te(t);case"yarn":return ne(t);default:return{excludedPackages:[],ignoredAdvisories:[]}}},"readNativeAuditExclusions"),X=S((t,n,r)=>{if(K(t,n.ignoredAdvisories))return!0;if(r){for(const l of r)if(K(l,n.ignoredAdvisories))return!0}return!1},"isAdvisoryExcluded"),$e=S((t,n)=>K(t,n.excludedPackages),"isPackageExcluded"),ke=S((t,n,r)=>{if(r.length===0)return["No advisory IDs to sync."];const l=[];switch(t){case"bun":{l.push(`bun has no audit config file. Use CLI flags: bun audit ${r.map(f=>`--ignore ${f}`).join(" ")}`);break}case"npm":{l.push("npm has no native audit exclusion config. vis accepted risks are the only layer.");break}case"pnpm":{const f=H(n,"pnpm-workspace.yaml");if(!G(f)){l.push("pnpm-workspace.yaml not found. Cannot sync.");break}const h=te(n),k=new Set(h.ignoredAdvisories.filter(c=>c.startsWith("CVE-"))),m=new Set(h.ignoredAdvisories.filter(c=>c.startsWith("GHSA-"))),y=r.filter(c=>c.startsWith("CVE-")),$=r.filter(c=>c.startsWith("GHSA-")),p=[...new Set([...k,...y])],d=[...new Set([...m,...$])],v=y.filter(c=>!k.has(c)).length,w=$.filter(c=>!m.has(c)).length;if(v===0&&w===0){l.push("All advisory IDs already present in pnpm-workspace.yaml.");break}let g=B(f);if(p.length>0){const c=`  ignoreCves:
+${p.map(x=>`    - ${x}`).join(`
 `)}
-`},"renderDiscoveryText");var J=Object.defineProperty,u=l((e,o)=>J(e,"name",{value:o,configurable:!0}),"m");const L=u(async({options:e})=>{const{default:o}=await import("./bin.js").then(t=>t.ac),a=o.filter(t=>t.name!=="ai");if((e.format??"text")==="json"){process.stdout.write(O(a));return}process.stderr.write(R(a))},"aiRootExecute"),q=u(async({logger:e,visConfig:o})=>{const a=o?.ai,t=h(a);if(!t){e.error("No AI provider available to test."),process.exitCode=1;return}e.info(`Testing ${t.name}...`);try{const n=await x(t,"Reply with exactly: OK",{timeoutMs:3e4});e.info(`Provider ${t.name} responded: ${n.stdout.trim().slice(0,200)}`)}catch(n){const s=n instanceof Error?n.message:String(n);e.error(`Provider ${t.name} failed: ${s}`),process.exitCode=1}},"aiTestExecute"),z=u(({logger:e,options:o,visConfig:a})=>{const t=o.format??"table",n=a?.ai,s=P(),i=h(n);if(t==="json"){const r=s.map(c=>({available:c.available,method:c.detectionMethod,name:c.name,path:c.path,priority:f[c.name]??0,selected:c.name===i?.name,version:c.version}));process.stdout.write(`${JSON.stringify(r,void 0,2)}
-`);return}const m=s.map(r=>({method:r.detectionMethod??"-",path:r.path??"-",priority:String(f[r.name]??0),provider:r.name,selected:r.name===i?.name?">>>":"",status:r.available?"available":"not found",version:r.version??"-"})),y=process.stdout.columns||80,b=S(E.createElement(w,{data:m}),{columns:y});e.info(b),i?e.info(`
-Selected provider: ${i.name} (priority ${String(f[i.name]??0)})`):e.info(`
-No AI provider available. Install one of the supported AI CLI tools.`)},"aiProvidersExecute"),G=u(async e=>{const{aiFix:o}=await import("./fix.js");await o(e)},"aiFixExecute");export{G as aiFixExecute,z as aiProvidersExecute,L as aiRootExecute,q as aiTestExecute};
+`;/auditConfig:/.test(g)?g=/ignoreCves:/.test(g)?g.replace(/ignoreCves:\s*\n(?:\s+-\s+(?:\S.*|[\t\v\f \u00A0\u1680\u2000-\u200A\u202F\u205F\u3000\uFEFF])\n)*/,c):g.replace(/auditConfig:\s*\n/,`auditConfig:
+${c}`):g=`${g.trimEnd()}
+
+auditConfig:
+${c}`,v>0&&l.push(`Added ${String(v)} new CVE${v===1?"":"s"} to pnpm-workspace.yaml (${String(p.length)} total)`)}if(d.length>0){const c=`  ignoreGhsas:
+${d.map(x=>`    - ${x}`).join(`
+`)}
+`;/auditConfig:/.test(g)&&(g=/ignoreGhsas:/.test(g)?g.replace(/ignoreGhsas:\s*\n(?:\s+-\s+(?:\S.*|[\t\v\f \u00A0\u1680\u2000-\u200A\u202F\u205F\u3000\uFEFF])\n)*/,c):g.replace(/(auditConfig:[\s\S]*?)(\n\S|\n?$)/m,`$1${c}$2`)),w>0&&l.push(`Added ${String(w)} new GHSA${w===1?"":"s"} to pnpm-workspace.yaml (${String(d.length)} total)`)}Q(f,g);break}case"yarn":{const f=H(n,".yarnrc.yml");if(!G(f)){l.push(".yarnrc.yml not found. Cannot sync.");break}const h=ne(n),k=new Set(h.ignoredAdvisories),m=[...new Set([...k,...r])],y=r.filter(d=>!k.has(d)).length;if(y===0){l.push("All advisory IDs already present in .yarnrc.yml.");break}let $=B(f);const p=`npmAuditIgnoreAdvisories:
+${m.map(d=>`  - "${d}"`).join(`
+`)}
+`;$=/npmAuditIgnoreAdvisories:/.test($)?$.replace(/npmAuditIgnoreAdvisories:\s*\n(?:\s+-\s+(?:\S.*|[\t\v\f \u00A0\u1680\u2000-\u200A\u202F\u205F\u3000\uFEFF])\n)*/,p):`${$.trimEnd()}
+
+${p}`,Q(f,$),l.push(`Synced ${String(y)} advisor${y===1?"y":"ies"} to .yarnrc.yml (${String(m.length)} total)`);break}default:l.push(`Unknown package manager: ${t}`)}return l},"syncAcceptedRisksToNativeConfig");var ye=Object.defineProperty,R=V((t,n)=>ye(t,"name",{value:n,configurable:!0}),"m");const U={CRITICAL:0,HIGH:1,LOW:3,MODERATE:2,UNKNOWN:4},Ae={critical:ee,high:_,low:Z,medium:Y},j=R((t,n)=>{const r=U[n.toUpperCase()]??U.MODERATE??2;return(U[t.toUpperCase()]??4)<=r},"severityPassesFilter"),Se={CRITICAL:ee,HIGH:_,LOW:Z,MODERATE:Y,UNKNOWN:b},we=R((t,n,r,l)=>{const f=Se[r.severity]??b,h=l?` ${b("[acknowledged]")}`:"",k=r.fixedVersions??[],m=k.length>0?` (fix: ${k.join(", ")})`:"";return`  ${f(r.severity)} ${r.id} — ${t}@${n}${h}
+    ${r.summary}${m}`},"formatVulnLine"),Ce=R((t,n)=>{const r=oe(t),l=`${String(Math.round(t.score.overall*100))}%`,f=n?` ${b("[acknowledged]")}`:"",h=t.alerts.length>0?`, ${String(t.alerts.length)} alert${t.alerts.length===1?"":"s"}`:"";return`  ${l} ${r}@${t.version} (${ae(t.score.overall)}${h})${f}`},"formatSocketLine"),Re=R(async(t,n,r,l)=>{const f=n.severity??"low",h=n.format==="json"||!!n.json,k=!!n.fix,m=!!n.showAccepted,y=r?.security?.socket,$=y?.acceptedRisks,p=ce(t),d=me(t,p.name);(d.ignoredAdvisories.length>0||d.excludedPackages.length>0)&&a.info(`Loaded ${String(d.ignoredAdvisories.length)} ignored advisor${d.ignoredAdvisories.length===1?"y":"ies"} and ${String(d.excludedPackages.length)} excluded package${d.excludedPackages.length===1?"":"s"} from ${p.name} config.`);const v=fe(t,p.name);if(v.length===0){a.info(`No ${p.name} lockfile entries found. Run ${p.name} install first.`);return}h||a.info(`Scanning ${String(v.length)} installed packages…`);const w=v.map(e=>({name:e.name,version:e.version})),g=le(y),c=pe(t,p.name),x=[{id:"vulnerabilities",label:"Known vulnerabilities (OSV)"},...g?[{id:"socket",label:"Socket.dev supply-chain reports"}]:[]],C=he(x,{live:!h}),ie=Date.now(),E=R(e=>{const s=Date.now()-e;return s>=1e3?`${(s/1e3).toFixed(1)}s`:`${String(Math.round(s))}ms`},"fmtElapsed");let q,J;try{const e=Date.now(),s=Date.now();C.start("vulnerabilities"),g&&C.start("socket"),[q,J]=await Promise.all([de(w).then(i=>{let o=0;for(const u of i.values())o+=u.length;return C.finish("vulnerabilities",o>0?"warn":"ok",o>0?`${String(o)} found · ${E(e)}`:`none found · ${E(e)}`),i}).catch(i=>{const o=i instanceof Error?i.message:String(i);return C.finish("vulnerabilities","error",o),new Map}),g?ue(w,g).then(i=>{let o=0,u=0;for(const D of i.values())o+=D.alerts.length,D.score.overall<W&&(u+=1);const O=o+u;return C.finish("socket",O>0?"warn":"ok",O>0?`${String(o)} alert${o===1?"":"s"}, ${String(u)} low-score · ${E(s)}`:`clean · ${E(s)}`),i}).catch(i=>{const o=i instanceof Error?i.message:String(i);return C.finish("socket","error",o),new Map}):Promise.resolve(new Map)])}finally{C.stop()}h||a.info(b(`Scan completed in ${E(ie)}`));const M=[];for(const e of v){if($e(e.name,d))continue;const s=q.get(e.name)??[],i=J.get(`${e.name}@${e.version}`),o=ge(e.name,e.version,$),u=s.length>0,O=i?i.score.overall<W:!1,D=i?i.alerts.length>0:!1;(u||O||D)&&M.push({acceptedRisk:o,name:e.name,socketReport:i,version:e.version,vulnerabilities:s})}const A=M.filter(e=>{const s=e.vulnerabilities.some(u=>j(u.severity,f)),i=e.socketReport?.alerts.some(u=>j(u.severity==="medium"?"MODERATE":u.severity.toUpperCase(),f)),o=e.socketReport&&e.socketReport.score.overall<W;return s||i||o});if(h){const e={duplicates:c.map(s=>({name:s.name,versionCount:s.versions.length,versions:s.versions})),packages:v.length,results:A.map(s=>({acceptedRisk:s.acceptedRisk??null,name:s.name,socketAlerts:s.socketReport?.alerts??[],socketScore:s.socketReport?.score.overall??null,version:s.version,vulnerabilities:s.vulnerabilities})),summary:{accepted:A.filter(s=>s.acceptedRisk).length,duplicatePackages:c.length,issues:A.filter(s=>!s.acceptedRisk).length,total:A.length}};process.stdout.write(`${JSON.stringify(e,void 0,2)}
+`),n.exitCode&&e.summary.issues>0&&(process.exitCode=1);return}if(A.length===0){a.success(`No security issues found across ${String(v.length)} packages.`);return}const I={CRITICAL:[],HIGH:[],LOW:[],MODERATE:[]};for(const e of A)for(const s of e.vulnerabilities)if(j(s.severity,f)){const i=s.severity==="UNKNOWN"?"LOW":s.severity;I[i]?.push({entry:e,vuln:s})}let F=0,T=0;for(const e of["CRITICAL","HIGH","MODERATE","LOW"]){const s=I[e];if(!(!s||s.length===0)){a.info(`
+── ${e} (${String(s.length)}) ──`);for(const{entry:i,vuln:o}of s){const u=!!i.acceptedRisk||X(o.id,d,o.aliases);u&&(T++,!m)||(F++,a.info(we(i.name,i.version,o,u)),k&&(o.fixedVersions??[]).length>0&&a.notice(`    Fix: update to ${o.fixedVersions.at(-1)}`))}}}const P=A.filter(e=>e.socketReport&&(e.socketReport.score.overall<W||e.socketReport.alerts.length>0));if(P.length>0){a.info(`
+── Socket.dev Supply Chain (${String(P.length)}) ──`);for(const e of P){if(!e.socketReport)continue;const s=!!e.acceptedRisk;if(!(s&&!m)){a.info(Ce(e.socketReport,s));for(const i of e.socketReport.alerts){const o=Ae[i.severity]??b;a.info(`    ${o(`[${i.severity.toUpperCase()}]`)} ${i.type} — ${i.category}`)}}}}if(c.length>0){a.info(`
+── Duplicate Dependencies (${String(c.length)}) ──`);for(const e of c){const s=e.versions.join(", ");a.info(`  ${e.name} — ${String(e.versions.length)} versions: ${Y(s)}`)}}const N=R(e=>!!e.acceptedRisk||e.vulnerabilities.length>0&&e.vulnerabilities.every(s=>X(s.id,d,s.aliases)),"isEntryExcluded"),z=A.filter(e=>!N(e)).length;if(a.info(""),a.info("─ Audit Summary"),a.info(`  ${String(v.length)} packages scanned`),d.ignoredAdvisories.length>0&&a.info(`  ${String(d.ignoredAdvisories.length)} ${p.name} audit exclusion${d.ignoredAdvisories.length===1?"":"s"} applied`),F>0){const e=I.CRITICAL?.filter(i=>!N(i.entry)).length??0,s=I.HIGH?.filter(i=>!N(i.entry)).length??0;a.error(`  ${String(F)} vulnerabilit${F===1?"y":"ies"} found`),e>0&&a.error(`    ${String(e)} critical`),s>0&&a.warn(`    ${String(s)} high`)}else a.success("  No vulnerabilities found");if(P.length>0){const e=P.filter(s=>!N(s)).length;a.warn(`  ${String(e)} package${e===1?"":"s"} with Socket.dev supply chain issues`)}if(c.length>0&&(a.warn(`  ${String(c.length)} package${c.length===1?"":"s"} with duplicate versions`),a.notice("  Run 'vis dedupe' or your package manager's dedupe command to reduce duplicates.")),T>0&&(a.info(`  ${String(T)} acknowledged (accepted risks)`),m||a.notice("  Use --show-accepted to see acknowledged issues.")),z===0&&a.success(`
+  All issues are acknowledged. No action required.`),n.sync&&$){const e=new Set;for(const i of M)if(i.acceptedRisk){for(const o of i.vulnerabilities)if((o.id.startsWith("CVE-")||o.id.startsWith("GHSA-"))&&e.add(o.id),o.aliases)for(const u of o.aliases)(u.startsWith("CVE-")||u.startsWith("GHSA-"))&&e.add(u)}const s=[...e];if(s.length>0){a.info("");const i=ke(p.name,t,s);for(const o of i)a.success(`  ${o}`)}else a.info(`
+No advisory IDs to sync to native PM config.`)}n.exitCode&&z>0&&(process.exitCode=1)},"executeAudit"),Oe=R(async({logger:t,options:n,visConfig:r,workspaceRoot:l})=>{if(!l)throw new Error("Could not determine workspace root. Run this command inside a monorepo.");await Re(l,n,r,t)},"execute");export{Oe as default};

package/dist/packem_chunks/handler3.js

@@ -1,2 +1,4 @@
-var y=Object.defineProperty;var l=(t,r)=>y(t,"name",{value:r,configurable:!0});import{getAffectedProjects as v}from"@visulima/task-runner";import{r as E,s as F}from"./bin.js";import{f as b}from"../packem_shared/selectors-CfH9ZY08.js";var S=Object.defineProperty,$=l((t,r)=>S(t,"name",{value:r,configurable:!0}),"m");const A=$(async({argument:t,logger:r,options:e,runtime:h,visConfig:g,workspaceRoot:f})=>{const d=t[0];if(!d)throw new Error("Missing target. Usage: vis affected <target>");if(!f)throw new Error("Could not determine workspace root. Run this command inside a monorepo.");const s=f,{packageJsons:m,workspace:i}=E(s,g),w=F(s,i,m),u=new Set(["deep","direct","none"]),c=e.downstream??"deep",p=e.upstream??"none";if(!u.has(c))throw new Error(`Invalid --downstream value: "${c}". Must be "none", "direct", or "deep".`);if(!u.has(p))throw new Error(`Invalid --upstream value: "${p}". Must be "none", "direct", or "deep".`);const j={base:e.base,downstream:c,head:e.head,projectGraph:w,projects:i.projects,upstream:p,workspaceRoot:s},o=await v(j);if(o.changedFiles.length===0){r.info("No files changed. Nothing to run.");return}if(o.affectedProjects.length===0){r.info("No projects affected by the changes.");return}let{affectedProjects:n}=o;if(e.query&&(n=b(n,i,e.query),n.length===0)){r.info(`Query "${String(e.query)}" matched no affected projects.`);return}r.info(`Affected projects: ${n.join(", ")}`),o.changedFiles.length>0&&(process.env.VIS_AFFECTED_FILES=o.changedFiles.join(`
-`));const a=[d,`--projects=${n.join(",")}`];e.parallel!==void 0&&a.push(`--parallel=${String(e.parallel)}`),e.cache||a.push("--no-cache"),e.dryRun&&a.push("--dry-run"),e.partition&&a.push(`--partition=${String(e.partition)}`);try{await h.runCommand("run",{argv:a})}finally{delete process.env.VIS_AFFECTED_FILES}},"execute");export{A as default};
+var x=Object.defineProperty;var h=(n,t)=>x(n,"name",{value:t,configurable:!0});import{findPackageManagerSync as N}from"@visulima/package";import{H as P,e as U,Z as j}from"../packem_shared/ai-analysis-hm8d2W7z.js";import{g as M,a as O,E as b,i as T,L as z,b as S,V,U as q}from"./bin.js";var A=Object.defineProperty,F=h((n,t)=>A(n,"name",{value:t,configurable:!0}),"x");const H=/^[\^~>=<]+/,B=F(async({argument:n,logger:t,options:f,visConfig:u,workspaceRoot:g})=>{if(!g)throw new Error("Could not determine workspace root. Run this command inside a monorepo.");const p=n,e=p[0];if(!e)throw new Error("Package name is required. Usage: vis analyze <package> [version]");const m=p[1],{packageManager:E}=N(g);let o,w="default";const C=M(g,E);for(const[a,i]of C){const s=i.get(e);if(s){o=s,w=a;break}}if(!o)throw new Error(`Package "${e}" not found in any catalog or package.json. Make sure it exists in your workspace dependencies.`);let r;if(m)r=m;else{t.info(`Fetching latest version for ${e}...
+`);const a=await O(e);if(!a.latest)throw new Error(`Could not determine latest version for "${e}".`);r=a.latest}const d=b(o),k=b(r);if(!d||!k)throw new Error(`Could not parse versions: current="${o}", target="${r}".`);const y=T(d,k);if(y==="none"){t.info(`${e} is already at ${r}. Nothing to analyze.`);return}const R=z(o),l={catalogName:w,currentRange:o,newRange:`${R}${r}`,packageName:e,targetVersion:r,updateType:y},v=P(f.aiType??"impact");if(v==="security"||f.security){t.info(`Checking for known vulnerabilities...
+`);const a=o.replace(H,""),i=(await S([{name:e,version:a}])).get(e);i&&i.length>0&&(l.vulnerabilities=i);const s=V(u?.security?.socket);if(s){const c=(await q([{name:e,version:a}],s)).get(`${e}@${a}`);c&&(l.socketReport={alerts:c.alerts,license:c.license,score:c.score})}}const $=await U([l],t,u?.ai,v);(f.format??"table")==="json"?process.stdout.write(`${JSON.stringify($,void 0,2)}
+`):t.info(j($))},"execute");export{B as default};

package/dist/packem_chunks/handler30.js

@@ -1,23 +1,3 @@
-var re=Object.defineProperty;var V=(t,n)=>re(t,"name",{value:n,configurable:!0});import{dim as b,yellow as Y,cyan as Z,magenta as _,red as ee}from"@visulima/colorize";import{isAccessibleSync as G,readFileSync as B,writeFileSync as Q}from"@visulima/fs";import{readYamlSync as se}from"@visulima/fs/yaml";import{join as H}from"@visulima/path";import{S as oe,R as ae,c as ce,p as a,V as le,U as de,q as ue,b as W}from"./bin.js";import{l as ge,f as fe,s as pe}from"../packem_shared/dependency-scan-Du0tBu64.js";import{m as he}from"../packem_shared/catalog-BVPerCwG.js";var me=Object.defineProperty,S=V((t,n)=>me(t,"name",{value:n,configurable:!0}),"o");const L=S(t=>Array.isArray(t)?t.filter(n=>typeof n=="string"):[],"toStringArray"),K=S((t,n)=>{for(const r of n)if(r===t||r.endsWith("*")&&t.startsWith(r.slice(0,-1)))return!0;return!1},"matchesGlobList"),te=S(t=>{const n=H(t,"pnpm-workspace.yaml");if(!G(n))return{excludedPackages:[],ignoredAdvisories:[]};try{const r=se(n);return{excludedPackages:[],ignoredAdvisories:[...L(r?.auditConfig?.ignoreCves),...L(r?.auditConfig?.ignoreGhsas)]}}catch{return{excludedPackages:[],ignoredAdvisories:[]}}},"readPnpmAuditExclusions"),ne=S(t=>{const n=H(t,".yarnrc.yml");if(!G(n))return{excludedPackages:[],ignoredAdvisories:[]};try{const r=se(n);return{excludedPackages:L(r?.npmAuditExcludePackages),ignoredAdvisories:L(r?.npmAuditIgnoreAdvisories)}}catch{return{excludedPackages:[],ignoredAdvisories:[]}}},"readYarnAuditExclusions"),ve=S((t,n)=>{switch(n){case"pnpm":return te(t);case"yarn":return ne(t);default:return{excludedPackages:[],ignoredAdvisories:[]}}},"readNativeAuditExclusions"),X=S((t,n,r)=>{if(K(t,n.ignoredAdvisories))return!0;if(r){for(const l of r)if(K(l,n.ignoredAdvisories))return!0}return!1},"isAdvisoryExcluded"),$e=S((t,n)=>K(t,n.excludedPackages),"isPackageExcluded"),ke=S((t,n,r)=>{if(r.length===0)return["No advisory IDs to sync."];const l=[];switch(t){case"bun":{l.push(`bun has no audit config file. Use CLI flags: bun audit ${r.map(f=>`--ignore ${f}`).join(" ")}`);break}case"npm":{l.push("npm has no native audit exclusion config. vis accepted risks are the only layer.");break}case"pnpm":{const f=H(n,"pnpm-workspace.yaml");if(!G(f)){l.push("pnpm-workspace.yaml not found. Cannot sync.");break}const h=te(n),k=new Set(h.ignoredAdvisories.filter(c=>c.startsWith("CVE-"))),v=new Set(h.ignoredAdvisories.filter(c=>c.startsWith("GHSA-"))),y=r.filter(c=>c.startsWith("CVE-")),$=r.filter(c=>c.startsWith("GHSA-")),p=[...new Set([...k,...y])],d=[...new Set([...v,...$])],m=y.filter(c=>!k.has(c)).length,w=$.filter(c=>!v.has(c)).length;if(m===0&&w===0){l.push("All advisory IDs already present in pnpm-workspace.yaml.");break}let g=B(f);if(p.length>0){const c=`  ignoreCves:
-${p.map(x=>`    - ${x}`).join(`
-`)}
-`;/auditConfig:/.test(g)?g=/ignoreCves:/.test(g)?g.replace(/ignoreCves:\s*\n(?:\s+-\s+(?:\S.*|[\t\v\f \u00A0\u1680\u2000-\u200A\u202F\u205F\u3000\uFEFF])\n)*/,c):g.replace(/auditConfig:\s*\n/,`auditConfig:
-${c}`):g=`${g.trimEnd()}
-
-auditConfig:
-${c}`,m>0&&l.push(`Added ${String(m)} new CVE${m===1?"":"s"} to pnpm-workspace.yaml (${String(p.length)} total)`)}if(d.length>0){const c=`  ignoreGhsas:
-${d.map(x=>`    - ${x}`).join(`
-`)}
-`;/auditConfig:/.test(g)&&(g=/ignoreGhsas:/.test(g)?g.replace(/ignoreGhsas:\s*\n(?:\s+-\s+(?:\S.*|[\t\v\f \u00A0\u1680\u2000-\u200A\u202F\u205F\u3000\uFEFF])\n)*/,c):g.replace(/(auditConfig:[\s\S]*?)(\n\S|\n?$)/m,`$1${c}$2`)),w>0&&l.push(`Added ${String(w)} new GHSA${w===1?"":"s"} to pnpm-workspace.yaml (${String(d.length)} total)`)}Q(f,g);break}case"yarn":{const f=H(n,".yarnrc.yml");if(!G(f)){l.push(".yarnrc.yml not found. Cannot sync.");break}const h=ne(n),k=new Set(h.ignoredAdvisories),v=[...new Set([...k,...r])],y=r.filter(d=>!k.has(d)).length;if(y===0){l.push("All advisory IDs already present in .yarnrc.yml.");break}let $=B(f);const p=`npmAuditIgnoreAdvisories:
-${v.map(d=>`  - "${d}"`).join(`
-`)}
-`;$=/npmAuditIgnoreAdvisories:/.test($)?$.replace(/npmAuditIgnoreAdvisories:\s*\n(?:\s+-\s+(?:\S.*|[\t\v\f \u00A0\u1680\u2000-\u200A\u202F\u205F\u3000\uFEFF])\n)*/,p):`${$.trimEnd()}
-
-${p}`,Q(f,$),l.push(`Synced ${String(y)} advisor${y===1?"y":"ies"} to .yarnrc.yml (${String(v.length)} total)`);break}default:l.push(`Unknown package manager: ${t}`)}return l},"syncAcceptedRisksToNativeConfig");var ye=Object.defineProperty,R=V((t,n)=>ye(t,"name",{value:n,configurable:!0}),"m");const U={CRITICAL:0,HIGH:1,LOW:3,MODERATE:2,UNKNOWN:4},Ae={critical:ee,high:_,low:Z,medium:Y},j=R((t,n)=>{const r=U[n.toUpperCase()]??U.MODERATE??2;return(U[t.toUpperCase()]??4)<=r},"severityPassesFilter"),Se={CRITICAL:ee,HIGH:_,LOW:Z,MODERATE:Y,UNKNOWN:b},we=R((t,n,r,l)=>{const f=Se[r.severity]??b,h=l?` ${b("[acknowledged]")}`:"",k=r.fixedVersions??[],v=k.length>0?` (fix: ${k.join(", ")})`:"";return`  ${f(r.severity)} ${r.id} — ${t}@${n}${h}
-    ${r.summary}${v}`},"formatVulnLine"),Ce=R((t,n)=>{const r=oe(t),l=`${String(Math.round(t.score.overall*100))}%`,f=n?` ${b("[acknowledged]")}`:"",h=t.alerts.length>0?`, ${String(t.alerts.length)} alert${t.alerts.length===1?"":"s"}`:"";return`  ${l} ${r}@${t.version} (${ae(t.score.overall)}${h})${f}`},"formatSocketLine"),Re=R(async(t,n,r,l)=>{const f=n.severity??"low",h=n.format==="json"||!!n.json,k=!!n.fix,v=!!n.showAccepted,y=r?.security?.socket,$=y?.acceptedRisks,p=ce(t),d=ve(t,p.name);(d.ignoredAdvisories.length>0||d.excludedPackages.length>0)&&a.info(`Loaded ${String(d.ignoredAdvisories.length)} ignored advisor${d.ignoredAdvisories.length===1?"y":"ies"} and ${String(d.excludedPackages.length)} excluded package${d.excludedPackages.length===1?"":"s"} from ${p.name} config.`);const m=ge(t,p.name);if(m.length===0){a.info(`No ${p.name} lockfile entries found. Run ${p.name} install first.`);return}h||a.info(`Scanning ${String(m.length)} installed packages…`);const w=m.map(e=>({name:e.name,version:e.version})),g=le(y),c=fe(t,p.name),x=[{id:"vulnerabilities",label:"Known vulnerabilities (OSV)"},...g?[{id:"socket",label:"Socket.dev supply-chain reports"}]:[]],C=pe(x,{live:!h}),ie=Date.now(),E=R(e=>{const s=Date.now()-e;return s>=1e3?`${(s/1e3).toFixed(1)}s`:`${String(Math.round(s))}ms`},"fmtElapsed");let q,J;try{const e=Date.now(),s=Date.now();C.start("vulnerabilities"),g&&C.start("socket"),[q,J]=await Promise.all([he(w).then(i=>{let o=0;for(const u of i.values())o+=u.length;return C.finish("vulnerabilities",o>0?"warn":"ok",o>0?`${String(o)} found · ${E(e)}`:`none found · ${E(e)}`),i}).catch(i=>{const o=i instanceof Error?i.message:String(i);return C.finish("vulnerabilities","error",o),new Map}),g?de(w,g).then(i=>{let o=0,u=0;for(const D of i.values())o+=D.alerts.length,D.score.overall<W&&(u+=1);const O=o+u;return C.finish("socket",O>0?"warn":"ok",O>0?`${String(o)} alert${o===1?"":"s"}, ${String(u)} low-score · ${E(s)}`:`clean · ${E(s)}`),i}).catch(i=>{const o=i instanceof Error?i.message:String(i);return C.finish("socket","error",o),new Map}):Promise.resolve(new Map)])}finally{C.stop()}h||a.info(b(`Scan completed in ${E(ie)}`));const M=[];for(const e of m){if($e(e.name,d))continue;const s=q.get(e.name)??[],i=J.get(`${e.name}@${e.version}`),o=ue(e.name,e.version,$),u=s.length>0,O=i?i.score.overall<W:!1,D=i?i.alerts.length>0:!1;(u||O||D)&&M.push({acceptedRisk:o,name:e.name,socketReport:i,version:e.version,vulnerabilities:s})}const A=M.filter(e=>{const s=e.vulnerabilities.some(u=>j(u.severity,f)),i=e.socketReport?.alerts.some(u=>j(u.severity==="medium"?"MODERATE":u.severity.toUpperCase(),f)),o=e.socketReport&&e.socketReport.score.overall<W;return s||i||o});if(h){const e={duplicates:c.map(s=>({name:s.name,versionCount:s.versions.length,versions:s.versions})),packages:m.length,results:A.map(s=>({acceptedRisk:s.acceptedRisk??null,name:s.name,socketAlerts:s.socketReport?.alerts??[],socketScore:s.socketReport?.score.overall??null,version:s.version,vulnerabilities:s.vulnerabilities})),summary:{accepted:A.filter(s=>s.acceptedRisk).length,duplicatePackages:c.length,issues:A.filter(s=>!s.acceptedRisk).length,total:A.length}};process.stdout.write(`${JSON.stringify(e,void 0,2)}
-`),n.exitCode&&e.summary.issues>0&&(process.exitCode=1);return}if(A.length===0){a.success(`No security issues found across ${String(m.length)} packages.`);return}const I={CRITICAL:[],HIGH:[],LOW:[],MODERATE:[]};for(const e of A)for(const s of e.vulnerabilities)if(j(s.severity,f)){const i=s.severity==="UNKNOWN"?"LOW":s.severity;I[i]?.push({entry:e,vuln:s})}let F=0,T=0;for(const e of["CRITICAL","HIGH","MODERATE","LOW"]){const s=I[e];if(!(!s||s.length===0)){a.info(`
-── ${e} (${String(s.length)}) ──`);for(const{entry:i,vuln:o}of s){const u=!!i.acceptedRisk||X(o.id,d,o.aliases);u&&(T++,!v)||(F++,a.info(we(i.name,i.version,o,u)),k&&(o.fixedVersions??[]).length>0&&a.notice(`    Fix: update to ${o.fixedVersions.at(-1)}`))}}}const P=A.filter(e=>e.socketReport&&(e.socketReport.score.overall<W||e.socketReport.alerts.length>0));if(P.length>0){a.info(`
-── Socket.dev Supply Chain (${String(P.length)}) ──`);for(const e of P){if(!e.socketReport)continue;const s=!!e.acceptedRisk;if(!(s&&!v)){a.info(Ce(e.socketReport,s));for(const i of e.socketReport.alerts){const o=Ae[i.severity]??b;a.info(`    ${o(`[${i.severity.toUpperCase()}]`)} ${i.type} — ${i.category}`)}}}}if(c.length>0){a.info(`
-── Duplicate Dependencies (${String(c.length)}) ──`);for(const e of c){const s=e.versions.join(", ");a.info(`  ${e.name} — ${String(e.versions.length)} versions: ${Y(s)}`)}}const N=R(e=>!!e.acceptedRisk||e.vulnerabilities.length>0&&e.vulnerabilities.every(s=>X(s.id,d,s.aliases)),"isEntryExcluded"),z=A.filter(e=>!N(e)).length;if(a.info(""),a.info("─ Audit Summary"),a.info(`  ${String(m.length)} packages scanned`),d.ignoredAdvisories.length>0&&a.info(`  ${String(d.ignoredAdvisories.length)} ${p.name} audit exclusion${d.ignoredAdvisories.length===1?"":"s"} applied`),F>0){const e=I.CRITICAL?.filter(i=>!N(i.entry)).length??0,s=I.HIGH?.filter(i=>!N(i.entry)).length??0;a.error(`  ${String(F)} vulnerabilit${F===1?"y":"ies"} found`),e>0&&a.error(`    ${String(e)} critical`),s>0&&a.warn(`    ${String(s)} high`)}else a.success("  No vulnerabilities found");if(P.length>0){const e=P.filter(s=>!N(s)).length;a.warn(`  ${String(e)} package${e===1?"":"s"} with Socket.dev supply chain issues`)}if(c.length>0&&(a.warn(`  ${String(c.length)} package${c.length===1?"":"s"} with duplicate versions`),a.notice("  Run 'vis dedupe' or your package manager's dedupe command to reduce duplicates.")),T>0&&(a.info(`  ${String(T)} acknowledged (accepted risks)`),v||a.notice("  Use --show-accepted to see acknowledged issues.")),z===0&&a.success(`
-  All issues are acknowledged. No action required.`),n.sync&&$){const e=new Set;for(const i of M)if(i.acceptedRisk){for(const o of i.vulnerabilities)if((o.id.startsWith("CVE-")||o.id.startsWith("GHSA-"))&&e.add(o.id),o.aliases)for(const u of o.aliases)(u.startsWith("CVE-")||u.startsWith("GHSA-"))&&e.add(u)}const s=[...e];if(s.length>0){a.info("");const i=ke(p.name,t,s);for(const o of i)a.success(`  ${o}`)}else a.info(`
-No advisory IDs to sync to native PM config.`)}n.exitCode&&z>0&&(process.exitCode=1)},"executeAudit"),De=R(async({logger:t,options:n,visConfig:r,workspaceRoot:l})=>{if(!l)throw new Error("Could not determine workspace root. Run this command inside a monorepo.");await Re(l,n,r,t)},"execute");export{De as default};
+var I=Object.defineProperty;var y=(e,t)=>I(e,"name",{value:t,configurable:!0});import{createRequire as D}from"node:module";import{getAffectedProjects as G}from"@visulima/task-runner";import{k as q,y as L}from"./bin.js";const T=D(import.meta.url),h=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,A=y(e=>{if(typeof h<"u"&&h.versions&&h.versions.node){const[t,r]=h.versions.node.split(".").map(Number);if(t>22||t===22&&r>=3||t===20&&r>=16)return h.getBuiltinModule(e)}return T(e)},"__cjs_getBuiltinModule"),{execFile:N}=A("node:child_process"),{promisify:U}=A("node:util");var V=Object.defineProperty,i=y((e,t)=>V(e,"name",{value:t,configurable:!0}),"t");const M=U(N),J=["[skip ci]","[ci skip]","[no ci]","[vis skip]","[nx skip]"],z=["[vis deploy]","[nx deploy]"],W=["vis","nx"],Z=["CACHED_COMMIT_REF","VERCEL_GIT_PREVIOUS_SHA","GITHUB_BASE_REF","CI_COMMIT_BEFORE_SHA"],K=/^[\w./~^@{}][\w.\-/~^@{}]*$/,Q=i((e=process.env)=>{for(const t of Z){const r=e[t];if(r&&r.trim().length>0)return r.trim()}},"resolveCiBaseSha"),R=i(e=>{if(!K.test(e))throw new Error(`Invalid git ref: "${e}". Refs must start with an alphanumeric character or one of _ . / ~ ^ @ { } and may only contain letters, digits, dots, dashes, underscores, slashes, tildes, carets, @, and braces.`)},"validateGitRef"),X=i(async(e,t)=>{try{return await M("git",["rev-parse","--verify",`${t}^{commit}`],{cwd:e}),!0}catch{return!1}},"isRefReachable"),Y=i(async e=>{try{const{stdout:t}=await M("git",["log","-1","--pretty=%B"],{cwd:e});return t}catch{return""}},"readLastCommitMessage"),B=i((e,t,r)=>W.some(a=>e.includes(`[${a} ${t} ${r}]`)),"matchesPerProjectToken"),ee=i((e,t)=>J.some(r=>e.includes(r))||B(e,"skip",t),"commitHasSkipMessage"),te=i((e,t)=>z.some(r=>e.includes(r))||B(e,"deploy",t),"commitHasForceDeployMessage"),l=i((e,t,r,a)=>({action:"build",message:r,project:e,reason:t,...a}),"decideBuild"),v=i((e,t,r,a)=>({action:"skip",message:r,project:e,reason:t,...a}),"decideSkip"),re=i(e=>`${e.action==="skip"?"🛑":"✅"} ${e.message}`,"formatDecisionLine"),oe=i((e,t)=>e.action==="skip"||t?0:1,"exitCodeFor");var se=Object.defineProperty,_=y((e,t)=>se(e,"name",{value:t,configurable:!0}),"u");const S=new Set(["deep","direct","none"]),de=_(async({argument:e,logger:t,options:r,visConfig:a,workspaceRoot:p})=>{const o=e[0]??"",E=!!r.json,C=!!r.verbose,O=!!(r["exit-zero-on-build"]??r.exitZeroOnBuild),u=_(s=>{C&&!E&&t.info(`❱ ${s}`)},"debug"),n=_(s=>{E?process.stdout.write(`${JSON.stringify(s)}
+`):t.info(re(s)),process.exit(oe(s,O))},"emit");if(!o)return n(l("","missing-project-argument","Missing project argument. Usage: vis ignore <project>"));if(!p)return n(l(o,"workspace-error","Could not determine workspace root — building defensively"));const g=await Y(p),w=g.trim().split(`
+`)[0]??"";if(u(`commit: ${w}`),g&&te(g,o))return n(l(o,"commit-force-deploy",`Force-deploy keyword in commit: "${w}"`));if(g&&ee(g,o))return n(v(o,"commit-skip",`Skip keyword in commit: "${w}"`));let $,P;try{({packageJsons:P,workspace:$}=q(p,a))}catch(s){const d=s instanceof Error?s.message:String(s);return n(l(o,"workspace-error",`Workspace discovery failed (${d}) — building defensively`))}if(!Object.hasOwn($.projects,o))return n(l(o,"project-unknown",`Project "${o}" not found in workspace — building defensively`));try{const s=r.base?.trim(),d=Q();let c=s||d||"HEAD~1";const m=r.head?.trim()||"HEAD";R(c),R(m),u(`resolved base ref: ${c} (source: ${s?"flag":d?"ci-env":"default"})`);const x=X(p,c),F=L(p,$,P);await x||(u(`base ref ${c} not reachable — falling back to HEAD~1`),c="HEAD~1"),u(`comparing ${c}...${m}`);const j=r.downstream??"deep",b=r.upstream??"none";if(!S.has(j))throw new Error(`Invalid --downstream value: "${j}". Must be "none", "direct", or "deep".`);if(!S.has(b))throw new Error(`Invalid --upstream value: "${b}". Must be "none", "direct", or "deep".`);const H={base:c,downstream:j,head:m,projectGraph:F,projects:$.projects,upstream:b,workspaceRoot:p},f=await G(H);u(`changed files: ${f.changedFiles.length}`),u(`affected projects: ${f.affectedProjects.join(", ")||"(none)"}`);const k={base:c,head:m};return f.changedFiles.length===0?n(v(o,"no-changes",`No files changed between ${c}...${m}`,{...k,affectedProjects:[]})):f.affectedProjects.includes(o)?n(l(o,"project-affected",`Build ${o}: affected by ${f.changedFiles.length} changed file(s)`,{...k,affectedProjects:f.affectedProjects})):n(v(o,"project-not-affected",`Skip ${o}: not affected by changes between ${c}...${m}`,{...k,affectedProjects:f.affectedProjects}))}catch(s){const d=s instanceof Error?s.message:String(s);return t.error(`Affected detection failed: ${d}`),n(l(o,"workspace-error",`Affected detection failed (${d}) — building defensively`))}},"execute");export{de as default};

package/dist/packem_chunks/handler31.js

@@ -1,3 +1 @@
-var I=Object.defineProperty;var w=(e,t)=>I(e,"name",{value:t,configurable:!0});import{createRequire as D}from"node:module";import{getAffectedProjects as G}from"@visulima/task-runner";import{r as q,s as L}from"./bin.js";const T=D(import.meta.url),h=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,A=w(e=>{if(typeof h<"u"&&h.versions&&h.versions.node){const[t,r]=h.versions.node.split(".").map(Number);if(t>22||t===22&&r>=3||t===20&&r>=16)return h.getBuiltinModule(e)}return T(e)},"__cjs_getBuiltinModule"),{execFile:N}=A("node:child_process"),{promisify:U}=A("node:util");var V=Object.defineProperty,i=w((e,t)=>V(e,"name",{value:t,configurable:!0}),"t");const M=U(N),J=["[skip ci]","[ci skip]","[no ci]","[vis skip]","[nx skip]"],z=["[vis deploy]","[nx deploy]"],W=["vis","nx"],Z=["CACHED_COMMIT_REF","VERCEL_GIT_PREVIOUS_SHA","GITHUB_BASE_REF","CI_COMMIT_BEFORE_SHA"],K=/^[\w./~^@{}][\w.\-/~^@{}]*$/,Q=i((e=process.env)=>{for(const t of Z){const r=e[t];if(r&&r.trim().length>0)return r.trim()}},"resolveCiBaseSha"),R=i(e=>{if(!K.test(e))throw new Error(`Invalid git ref: "${e}". Refs must start with an alphanumeric character or one of _ . / ~ ^ @ { } and may only contain letters, digits, dots, dashes, underscores, slashes, tildes, carets, @, and braces.`)},"validateGitRef"),X=i(async(e,t)=>{try{return await M("git",["rev-parse","--verify",`${t}^{commit}`],{cwd:e}),!0}catch{return!1}},"isRefReachable"),Y=i(async e=>{try{const{stdout:t}=await M("git",["log","-1","--pretty=%B"],{cwd:e});return t}catch{return""}},"readLastCommitMessage"),B=i((e,t,r)=>W.some(a=>e.includes(`[${a} ${t} ${r}]`)),"matchesPerProjectToken"),ee=i((e,t)=>J.some(r=>e.includes(r))||B(e,"skip",t),"commitHasSkipMessage"),te=i((e,t)=>z.some(r=>e.includes(r))||B(e,"deploy",t),"commitHasForceDeployMessage"),l=i((e,t,r,a)=>({action:"build",message:r,project:e,reason:t,...a}),"decideBuild"),k=i((e,t,r,a)=>({action:"skip",message:r,project:e,reason:t,...a}),"decideSkip"),re=i(e=>`${e.action==="skip"?"🛑":"✅"} ${e.message}`,"formatDecisionLine"),oe=i((e,t)=>e.action==="skip"||t?0:1,"exitCodeFor");var se=Object.defineProperty,_=w((e,t)=>se(e,"name",{value:t,configurable:!0}),"u");const S=new Set(["deep","direct","none"]),de=_(async({argument:e,logger:t,options:r,visConfig:a,workspaceRoot:p})=>{const o=e[0]??"",E=!!r.json,C=!!r.verbose,O=!!(r["exit-zero-on-build"]??r.exitZeroOnBuild),u=_(s=>{C&&!E&&t.info(`❱ ${s}`)},"debug"),n=_(s=>{E?process.stdout.write(`${JSON.stringify(s)}
-`):t.info(re(s)),process.exit(oe(s,O))},"emit");if(!o)return n(l("","missing-project-argument","Missing project argument. Usage: vis ignore <project>"));if(!p)return n(l(o,"workspace-error","Could not determine workspace root — building defensively"));const g=await Y(p),y=g.trim().split(`
-`)[0]??"";if(u(`commit: ${y}`),g&&te(g,o))return n(l(o,"commit-force-deploy",`Force-deploy keyword in commit: "${y}"`));if(g&&ee(g,o))return n(k(o,"commit-skip",`Skip keyword in commit: "${y}"`));let $,P;try{({packageJsons:P,workspace:$}=q(p,a))}catch(s){const d=s instanceof Error?s.message:String(s);return n(l(o,"workspace-error",`Workspace discovery failed (${d}) — building defensively`))}if(!Object.hasOwn($.projects,o))return n(l(o,"project-unknown",`Project "${o}" not found in workspace — building defensively`));try{const s=r.base?.trim(),d=Q();let c=s||d||"HEAD~1";const m=r.head?.trim()||"HEAD";R(c),R(m),u(`resolved base ref: ${c} (source: ${s?"flag":d?"ci-env":"default"})`);const x=X(p,c),F=L(p,$,P);await x||(u(`base ref ${c} not reachable — falling back to HEAD~1`),c="HEAD~1"),u(`comparing ${c}...${m}`);const j=r.downstream??"deep",b=r.upstream??"none";if(!S.has(j))throw new Error(`Invalid --downstream value: "${j}". Must be "none", "direct", or "deep".`);if(!S.has(b))throw new Error(`Invalid --upstream value: "${b}". Must be "none", "direct", or "deep".`);const H={base:c,downstream:j,head:m,projectGraph:F,projects:$.projects,upstream:b,workspaceRoot:p},f=await G(H);u(`changed files: ${f.changedFiles.length}`),u(`affected projects: ${f.affectedProjects.join(", ")||"(none)"}`);const v={base:c,head:m};return f.changedFiles.length===0?n(k(o,"no-changes",`No files changed between ${c}...${m}`,{...v,affectedProjects:[]})):f.affectedProjects.includes(o)?n(l(o,"project-affected",`Build ${o}: affected by ${f.changedFiles.length} changed file(s)`,{...v,affectedProjects:f.affectedProjects})):n(k(o,"project-not-affected",`Skip ${o}: not affected by changes between ${c}...${m}`,{...v,affectedProjects:f.affectedProjects}))}catch(s){const d=s instanceof Error?s.message:String(s);return t.error(`Affected detection failed: ${d}`),n(l(o,"workspace-error",`Affected detection failed (${d}) — building defensively`))}},"execute");export{de as default};
+var C=Object.defineProperty;var T=(e,t)=>C(e,"name",{value:t,configurable:!0});import{relative as S}from"@visulima/path";import{K as q,k as b}from"./bin.js";import{f as $}from"../packem_shared/selectors-BylODRiM.js";import{o as L}from"../packem_shared/index-DH-5hsrC.js";var M=Object.defineProperty,I=T((e,t)=>M(e,"name",{value:t,configurable:!0}),"p");const D=I((e,t)=>{for(const f of t)if(L(f,e))return!0;return!1},"matchesAny"),B=I((e,t={})=>{const{depTypes:f,excludePatterns:l,externalOnly:y,includePatterns:d,internalOnly:j}=t;if(j&&y)return[];const u=f&&f.length>0?new Set(f):void 0,N=d&&d.length>0?d:void 0,O=l&&l.length>0?l:void 0,w=[];for(const m of e)j&&!m.isInternal||y&&m.isInternal||u&&!u.has(m.depType)||N&&(!m.packageName||!D(m.packageName,N))||O&&m.packageName&&D(m.packageName,O)||w.push(m);return w},"filterDepInstances");var F=Object.defineProperty,v=T((e,t)=>F(e,"name",{value:t,configurable:!0}),"y");const R=new Set(["json","ndjson","table"]),V=v(e=>{if(e===void 0)return"table";const t=e.toLowerCase();if(!R.has(t))throw new Error(`--format must be one of: table, json, ndjson (got "${e}")`);return t},"resolveFormat"),x=v((e,t)=>({depName:e.depName,depType:e.depType,isInternal:e.isInternal,packageDir:e.packageDir,packageJsonPath:S(t,e.packageJsonPath),packageName:e.packageName,specifier:e.specifier}),"toDepRecord"),P=new Set(["dependencies","devDependencies","optionalDependencies","overrides","peerDependencies","pnpm.overrides","resolutions"]),A=v(e=>{if(!e||e.length===0)return;const t=[],f=[];for(const l of e)for(const y of l.split(",")){const d=y.trim();d&&(P.has(d)?t.push(d):f.push(d))}if(f.length>0)throw new Error(`Unknown --dep-type value(s): ${f.join(", ")}. Valid: ${[...P].join(", ")}`);return t.length>0?t:void 0},"parseDepTypes"),G=v(async({logger:e,options:t,visConfig:f,workspaceRoot:l})=>{if(!l)throw new Error("Could not determine workspace root.");const y=V(t.format);if(t.deps===!0){if(t.internalOnly&&t.externalOnly)throw new Error("--internal-only and --external-only are mutually exclusive");const c=A(t.depType),i=q(l);let n=B(i,{depTypes:c,excludePatterns:t.exclude,externalOnly:t.externalOnly,includePatterns:t.include,internalOnly:t.internalOnly});if(t.query){const{workspace:r}=b(l,f),p=new Set($(Object.keys(r.projects),r,t.query));n=n.filter(k=>k.packageName!==void 0&&p.has(k.packageName))}const g=[...n].sort((r,p)=>{const k=`${r.packageName??r.packageDir} ${r.depType} ${r.depName}`,J=`${p.packageName??p.packageDir} ${p.depType} ${p.depName}`;return k.localeCompare(J)});if(y==="ndjson"){for(const r of g)e.info(JSON.stringify(x(r,l)));return}if(y==="json"){const r=g.map(p=>x(p,l));e.info(JSON.stringify(r,null,t.pretty===!0?2:void 0));return}if(g.length===0){e.info("No matching dep-instances.");return}const a=["Package","Block","Dep","Specifier","Internal","Path"],o=g.map(r=>[r.packageName??r.packageDir,r.depType,r.depName,r.specifier,r.isInternal?"yes":"no",S(l,r.packageJsonPath)]),s=a.map((r,p)=>Math.max(r.length,...o.map(k=>(k[p]??"").length))),h=v((r,p)=>r.padEnd(p),"pad");e.info(a.map((r,p)=>h(r,s[p])).join("  ")),e.info(s.map(r=>"─".repeat(r)).join("──"));for(const r of o)e.info(r.map((p,k)=>h(p,s[k])).join("  "));e.info(""),e.info(`${String(g.length)} dep-instance(s)`);return}if(y==="ndjson")throw new Error("--format=ndjson is only supported with --deps");const{projectOptions:d,workspace:j}=b(l,f);let u=Object.keys(j.projects).sort();if(t.query&&(u=$(u,j,t.query)),u.length===0){e.info("No projects found.");return}const N=t.inferred===!0,O=t.targets===!0||N;if(y==="json"){const c=u.map(i=>{const n=j.projects[i],g=d.get(i)??{},a=Object.entries(n.targets??{}).map(([o])=>{const s=g[o],h=s?.inferred===!0;return{aliases:s?.aliases??[],command:s?.command,description:s?.description,...h?{inferred:!0}:{},name:o,type:s?.type}}).filter(o=>!N||o.inferred===!0);return{language:n.language,layer:n.layer,name:i,root:n.root,stack:n.stack,tags:n.tags??[],targets:a,type:n.projectType??"library"}});e.info(JSON.stringify(c,null,2));return}const w=v((c,i)=>{const n=c.map((a,o)=>{let s=0;for(const h of i)s=Math.max(s,(h[o]??"").length);return Math.max(a.length,s)}),g=v((a,o)=>a.padEnd(o),"pad");e.info(c.map((a,o)=>g(a,n[o])).join("  ")),e.info(n.map(a=>"─".repeat(a)).join("──"));for(const a of i)e.info(a.map((o,s)=>g(o,n[s])).join("  "))},"renderTable");if(O){const c=[];for(const i of u){const n=j.projects[i],g=d.get(i)??{};for(const a of Object.keys(n.targets??{}).sort()){const o=g[a],s=o?.inferred===!0;if(N&&!s)continue;const h=n.targets?.[a],r=h?.cache===!1?"no":h?.cache===!0?"yes":"default";c.push([i,a,o?.type??"—",r,s?"yes":"no",o?.description??"—"])}}if(c.length===0){e.info(N?"No inferred targets found.":"No targets found.");return}w(["Project","Target","Type","Cache","Inferred","Description"],c),e.info(""),e.info(`${String(c.length)} target(s) across ${String(u.length)} project(s)`);return}const m=["Project","Type","Layer","Tags","Targets"],E=u.map(c=>{const i=j.projects[c],n=Object.keys(i.targets??{});return[c,i.projectType??"library",i.layer??"—",(i.tags??[]).join(", ")||"—",n.length>4?`${n.slice(0,4).join(", ")}… (${String(n.length)})`:n.join(", ")||"—"]});w(m,E),e.info(""),e.info(`${String(u.length)} project(s)`)},"execute");export{G as default};

package/dist/packem_chunks/handler32.js

@@ -1,2 +1,2 @@
-var m=Object.defineProperty;var d=(r,o)=>m(r,"name",{value:o,configurable:!0});import{createRequire as g}from"node:module";import{writeFileSync as $}from"@visulima/fs";import{join as w}from"@visulima/path";import{r as v}from"./bin.js";const j=g(import.meta.url),a=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,y=d(r=>{if(typeof a<"u"&&a.versions&&a.versions.node){const[o,e]=a.versions.node.split(".").map(Number);if(o>22||o===22&&e>=3||o===20&&e>=16)return a.getBuiltinModule(r)}return j(r)},"__cjs_getBuiltinModule"),{readFileSync:b}=y("node:fs");var k=Object.defineProperty,f=d((r,o)=>k(r,"name",{value:o,configurable:!0}),"i");const C=f((r,o)=>{const e=o.replace(/^\.?\//,"");return e===""||e==="."?`/${r}/`:r===""||r==="."?`/${e}`:`/${r}/${e}`},"toWorkspacePath"),_=f((r,o)=>{const e=[];for(const[n,t]of Object.entries(o?.globalPaths??{}))e.push({owners:t,path:n});for(const[n,t]of Object.entries(r.projects)){const s=t.owners??[];for(const c of s)e.push({channel:c.channel,owners:c.owners,path:C(t.root??n,c.path),projectId:n})}return(o?.orderBy??"file-source")==="project-id"?e.sort((n,t)=>(n.projectId??"").localeCompare(t.projectId??"")||n.path.localeCompare(t.path)):e.sort((n,t)=>n.path.localeCompare(t.path)),e},"buildCodeownersLines"),E=["# CODEOWNERS — generated by `vis sync codeowners`. Do not edit by hand.","# Update each project's project.json `owners` field and re-run the command.",""],O=f((r,o="github")=>{const e=[...E];for(const n of r){const t=n.owners.join(" "),s=n.channel?`    # notify: ${n.channel}`:"";e.push(`${n.path} ${t}${s}`)}return e.push(""),e.join(`
-`)},"renderCodeowners");var N=Object.defineProperty,R=d((r,o)=>N(r,"name",{value:o,configurable:!0}),"p");const x=R(async({argument:r,logger:o,options:e,visConfig:n,workspaceRoot:t})=>{const s=r[0];if(!s)throw new Error("Missing sync kind. Usage: vis sync <kind> (known kinds: codeowners)");if(!t)throw new Error("Could not determine workspace root. Run inside a monorepo.");if(s!=="codeowners")throw new Error(`Unknown sync kind: "${s}". Known kinds: codeowners.`);const{workspace:c}=v(t,n),p=_(c,n?.codeowners);if(p.length===0){o.info("No `owners` entries found in any project. Nothing to sync.");return}const l=O(p,n?.codeowners?.provider??"github"),i=e.out?w(t,e.out):w(t,"CODEOWNERS");if(e.check){let u="";try{u=b(i,"utf8")}catch(h){if(h.code==="ENOENT")u="";else throw h}if(u.trim()!==l.trim()){o.error(`${i} is out of date. Run \`vis sync codeowners\` to update it.`),process.exitCode=1;return}o.info(`${i} is up to date.`);return}$(i,l),o.info(`Wrote ${p.length} entries to ${i}`)},"execute");export{x as default};
+var d=Object.defineProperty;var p=(o,r)=>d(o,"name",{value:r,configurable:!0});import{createRequire as l}from"node:module";import{X as R,Y as E,Z as w,_ as s,$ as k,a0 as v,a1 as x,a2 as C,a3 as b,a4 as M,a5 as h,a6 as _,a7 as I,a8 as S}from"./bin.js";import{v as N}from"../packem_shared/verify-Baj5mFJ7.js";const m=l(import.meta.url),u=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,y=p(o=>{if(typeof u<"u"&&u.versions&&u.versions.node){const[r,t]=u.versions.node.split(".").map(Number);if(r>22||r===22&&t>=3||r===20&&t>=16)return u.getBuiltinModule(o)}return m(o)},"__cjs_getBuiltinModule"),{stdin:f,stdout:T}=u,{createInterface:j}=y("node:readline/promises");var $=Object.defineProperty,q=p((o,r)=>$(o,"name",{value:r,configurable:!0}),"n");const B=q(async o=>{if(!f.isTTY)return!0;const r=j({input:f,output:T});try{const t=(await r.question(`${o} [Y/n] `)).trim().toLowerCase();return t===""||t==="y"||t==="yes"}finally{r.close()}},"confirm");var D=Object.defineProperty,n=p((o,r)=>D(o,"name",{value:r,configurable:!0}),"r");const a=n(o=>{const r=o.workspaceRoot??process.cwd(),t=o.visConfig??{};return{config:t,dryRun:!!o.options.dryRun,logger:o.logger,packageManager:E(r),report:R(),root:r,useEditorconfig:typeof t.editorconfig=="boolean"?t.editorconfig:!0}},"buildContext"),g=n(async(o,r,t)=>{if(r.yes||r.dryRun)return!0;const i=await B(`This will edit files, scripts, and hooks for "${o}". Backups (.bak) will be created. Continue?`);return i||t.info("Aborted."),i},"maybeConfirm"),c=n(o=>{o.dryRun&&o.logger.info(`Running in dry-run mode — no changes will be made.
+`)},"announceDryRun"),K=n(async({logger:o,options:r,visConfig:t,workspaceRoot:i})=>{if(!await g("deps",r,o))return;const e=a({logger:o,options:r,visConfig:t,workspaceRoot:i});c(e),o.info("── Migrating dependencies and scripts ──"),w(e.root,e.packageManager,e.config,{dryRun:e.dryRun},o,e.report),o.info(""),s(e.report,o)},"migrateDepsExecuteImpl"),L=n(async({logger:o,options:r,visConfig:t,workspaceRoot:i})=>{if(!await g("lint-staged",r,o))return;const e=a({logger:o,options:r,visConfig:t,workspaceRoot:i});c(e),o.info("── Migrating lint-staged ──"),k(e.root,{dryRun:e.dryRun,useEditorconfig:e.useEditorconfig},o,e.report),o.info(""),s(e.report,o)},"migrateLintStagedExecuteImpl"),P=n(async({logger:o,options:r,visConfig:t,workspaceRoot:i})=>{if(!await g("nano-staged",r,o))return;const e=a({logger:o,options:r,visConfig:t,workspaceRoot:i});c(e),o.info("── Migrating nano-staged ──"),v(e.root,{dryRun:e.dryRun,useEditorconfig:e.useEditorconfig},o,e.report),o.info(""),s(e.report,o)},"migrateNanoStagedExecuteImpl"),G=n(async({logger:o,options:r,visConfig:t,workspaceRoot:i})=>{if(!await g("turborepo",r,o))return;const e=a({logger:o,options:r,visConfig:t,workspaceRoot:i});c(e),o.info("── Migrating turborepo ──"),x(e.root,{dryRun:e.dryRun,useEditorconfig:e.useEditorconfig},o,e.report),o.info(""),s(e.report,o)},"migrateTurborepoExecuteImpl"),O=n(async({logger:o,options:r,visConfig:t,workspaceRoot:i})=>{if(!await g("nx",r,o))return;const e=a({logger:o,options:r,visConfig:t,workspaceRoot:i});c(e),o.info("── Migrating nx ──"),C(e.root,{dryRun:e.dryRun,useEditorconfig:e.useEditorconfig},o,e.report),o.info(""),s(e.report,o)},"migrateNxExecuteImpl"),Y=n(async({logger:o,options:r,visConfig:t,workspaceRoot:i})=>{if(!await g("moon",r,o))return;const e=a({logger:o,options:r,visConfig:t,workspaceRoot:i});c(e),o.info("── Migrating moon ──"),b(e.root,{copyTemplates:!!r.copyTemplates,dryRun:e.dryRun,useEditorconfig:e.useEditorconfig},o,e.report),o.info(""),s(e.report,o)},"migrateMoonExecuteImpl"),Q=n(async({logger:o,options:r,visConfig:t,workspaceRoot:i})=>{if(!await g("gitleaks",r,o))return;const e=a({logger:o,options:r,visConfig:t,workspaceRoot:i});c(e),o.info("── Migrating gitleaks ──"),M(e.root,{dryRun:e.dryRun,useEditorconfig:e.useEditorconfig},o,e.report),o.info(""),s(e.report,o)},"migrateGitleaksExecuteImpl"),V=n(async({logger:o,options:r,visConfig:t,workspaceRoot:i})=>{if(!await g("kingfisher",r,o))return;const e=a({logger:o,options:r,visConfig:t,workspaceRoot:i});c(e),o.info("── Migrating Kingfisher ──"),h(e.root,{dryRun:e.dryRun,useEditorconfig:e.useEditorconfig},o,e.report),o.info(""),s(e.report,o)},"migrateKingfisherExecuteImpl"),A=n(async({logger:o,options:r,visConfig:t,workspaceRoot:i})=>{if(!await g("secretlint",r,o))return;const e=a({logger:o,options:r,visConfig:t,workspaceRoot:i});c(e),o.info("── Migrating secretlint ──"),_(e.root,{dryRun:e.dryRun,useEditorconfig:e.useEditorconfig},o,e.report),o.info(""),s(e.report,o)},"migrateSecretlintExecuteImpl"),W=n(async({logger:o,options:r,visConfig:t,workspaceRoot:i})=>{if(!await g("syncpack",r,o))return;const e=a({logger:o,options:r,visConfig:t,workspaceRoot:i});c(e),o.info("── Migrating syncpack ──"),I(e.root,{dryRun:e.dryRun,useEditorconfig:e.useEditorconfig},o,e.report),o.info(""),s(e.report,o)},"migrateSyncpackExecuteImpl"),X=n(async({logger:o,options:r,visConfig:t,workspaceRoot:i})=>{if(!await g("sherif",r,o))return;const e=a({logger:o,options:r,visConfig:t,workspaceRoot:i});c(e),o.info("── Migrating sherif ──"),S(e.root,{dryRun:e.dryRun,useEditorconfig:e.useEditorconfig},o,e.report),o.info(""),s(e.report,o)},"migrateSherifExecuteImpl"),Z=n(({logger:o,workspaceRoot:r})=>{const t=r??process.cwd();N(t,o).length>0&&(process.exitCode=1)},"migrateVerifyExecuteImpl"),U=K,oo=L,eo=P,ro=G,to=O,io=Y,no=Q,so=V,ao=A,go=W,co=X,uo=Z;export{U as migrateDepsExecute,no as migrateGitleaksExecute,so as migrateKingfisherExecute,oo as migrateLintStagedExecute,io as migrateMoonExecute,eo as migrateNanoStagedExecute,to as migrateNxExecute,ao as migrateSecretlintExecute,co as migrateSherifExecute,go as migrateSyncpackExecute,ro as migrateTurborepoExecute,uo as migrateVerifyExecute};

package/dist/packem_chunks/handler33.js

@@ -1,24 +1,25 @@
-var ue=Object.defineProperty;var M=(e,t)=>ue(e,"name",{value:t,configurable:!0});import{createRequire as de}from"node:module";import{yellow as D,red as fe}from"@visulima/colorize";import{isAccessibleSync as G,readJsonSync as he}from"@visulima/fs";import{readYamlSync as $e}from"@visulima/fs/yaml";import{findPackageManagerSync as ke,getPackageManagerVersion as ve}from"@visulima/package";import{join as H}from"@visulima/path";import{render as K,renderToString as W,Text as b}from"@visulima/tui";import{k as we,V as ye,B as be,d as Se,J as Re}from"./bin.js";import $ from"react";import{z as Ce,e as Ae,Z as Q}from"../packem_shared/ai-analysis-CGuy7dfE.js";import{r as Ee,s as Te}from"../packem_shared/typosquats-DOR8izpX.js";import{U as xe,B as je,f as X}from"../packem_shared/VisUpdateApp-D-L4_-Iu.js";import{N as A,C as Ue,O as Ne,T as _e,v as re,V as Be,L as ae,o as Oe,a as qe,w as Me,c as Pe,E as Fe,S as Ve,s as ze}from"../packem_shared/catalog-BVPerCwG.js";import{d as Ye}from"../packem_shared/utils-DrNg0XTR.js";const ge=de(import.meta.url),_=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,me=M(e=>{if(typeof _<"u"&&_.versions&&_.versions.node){const[t,n]=_.versions.node.split(".").map(Number);if(t>22||t===22&&n>=3||t===20&&n>=16)return _.getBuiltinModule(e)}return ge(e)},"__cjs_getBuiltinModule"),{execSync:oe}=me("node:child_process");var Le=Object.defineProperty,E=M((e,t)=>Le(e,"name",{value:t,configurable:!0}),"s");const We=E(e=>{const t=[];for(const n of e.filters)t.push("--filter",n);return e.workspaceRoot&&t.push("--filter","."),t.push("update"),e.latest&&t.push("--latest"),e.recursive&&t.push("--recursive"),e.interactive&&t.push("--interactive"),e.dev&&t.push("--dev"),e.prod&&t.push("--prod"),e.noOptional&&t.push("--no-optional"),e.noSave&&t.push("--no-save"),t.push(...e.packages),{args:t,bin:"pnpm"}},"resolvePnpm"),De=E(e=>{const t=[];return e.filters.length>0&&t.push("workspace",e.filters[0]),t.push("upgrade"),e.latest&&t.push("--latest"),t.push(...e.packages),{args:t,bin:"yarn"}},"resolveYarnV1"),Ie=E(e=>{const t=[];if(e.filters.length>0||e.recursive){t.push("workspaces","foreach","--all");for(const n of e.filters)t.push("--include",n)}return t.push("up"),e.interactive&&t.push("--interactive"),t.push(...e.packages),{args:t,bin:"yarn"}},"resolveYarnBerry"),Je=E((e,t)=>{const n=["update"];e.latest&&t.push("npm does not support --latest flag. Packages will be updated within their semver range."),e.interactive&&t.push("npm does not support --interactive mode.");for(const o of e.filters)n.push("--workspace",o);return e.recursive&&n.push("--workspaces"),e.workspaceRoot&&n.push("--include-workspace-root"),e.dev&&n.push("--dev"),e.prod&&n.push("--production"),e.noOptional&&n.push("--no-optional"),e.noSave&&n.push("--no-save"),n.push(...e.packages),{args:n,bin:"npm"}},"resolveNpm"),Ze=E(e=>{const t=["update"];e.latest&&t.push("--latest");for(const n of e.filters)t.push("--filter",n);return t.push(...e.packages),{args:t,bin:"bun"}},"resolveBun"),Ge=E((e,t,n)=>{const o=[];if(n.global&&e!=="aube")return{command:{args:["update","--global",...n.packages],bin:"npm"},warnings:o};let l;switch(e){case"aube":{const r=we(n);l={args:r.args,bin:r.bin},o.push(...r.warnings);break}case"bun":{l=Ze(n);break}case"npm":{l=Je(n,o);break}case"pnpm":{l=We(n);break}case"yarn":{l=t.startsWith("1.")?De(n):Ie(n);break}default:{const r=e;throw new Error(`Unsupported package manager: ${String(r)}`)}}return{command:l,warnings:o}},"resolveUpdateCommand");var He=Object.defineProperty,S=M((e,t)=>He(e,"name",{value:t,configurable:!0}),"w");const Ke=S((e,t)=>{try{if(t==="pnpm"){const n=H(e,"pnpm-workspace.yaml");if(G(n)){const o=$e(n);if(typeof o?.minimumReleaseAge=="number")return o.minimumReleaseAge}}else if(t==="bun"){const n=H(e,"package.json");if(G(n)){const o=he(n);if(typeof o.minimumReleaseAge=="number")return o.minimumReleaseAge}}}catch{}},"readPmNativeMinimumReleaseAge"),Qe=S((e,t,n)=>{const o=e.latest?"latest":e.target??t.target??"latest";if(!["latest","minor","patch"].includes(o))throw new Error(`Invalid target "${o}". Use: latest, minor, or patch.`);return{exclude:[...A(e.exclude),...A(t.exclude)],ignore:A(t.ignore),include:[...A(e.include),...A(t.include),...n],includeLocked:e.includeLocked||t.includeLocked||!1,includePrerelease:e.prerelease||t.prerelease||!1,minimumReleaseAge:t.minimumReleaseAge,minimumReleaseAgeExclude:t.minimumReleaseAgeExclude,packageMode:t.packageMode,security:e.security||e.ai||t.security||!1,target:o}},"buildCatalogCheckOptions"),ee=S((e,t)=>{if(e.length!==0){t.info(`
-${D("⚠")} ${String(e.length)} package${e.length===1?"":"s"} skipped by target constraint (use --target latest to include):`);for(const n of e)t.info(`    ${n.packageName}  ${n.currentRange} → ${n.newRange}  (${n.updateType})`)}},"logFilteredByTarget"),te=S((e,t,n,o)=>{n==="json"?process.stdout.write(`${Ue({checkedCount:0,failed:t,filteredByTarget:[],ignored:[],outdated:e})}
-`):n==="minimal"?process.stdout.write(`${Ne(e)}
-`):(_e(e,o),o.info(re(e)))},"writeFormattedOutput"),ne=S(async(e,t,n,o,l)=>{const r=Be(e,n,t),s=t==="pnpm"?"pnpm-workspace.yaml":"package.json";if(l.info(`
-Updated ${s}`),r&&l.info(`Backup saved to ${r}`),o.changelog){l.info(`
-Fetching changelogs...`);const u=await ae(n);for(const c of u){const f=c.releaseUrl??c.repoUrl??c.npmUrl;l.info(`  ${c.packageName}: ${f}`)}}if(o.install??!0){const u={bun:"bun install",npm:"npm install",pnpm:"pnpm install",yarn:"yarn install"}[t]??`${t} install`;l.info(`Running ${u}...
-`);try{oe(u,{cwd:e,env:process.env,stdio:"inherit"})}catch{l.warn(`${u} failed. You may need to run it manually.`)}}},"applyCatalogAndInstall"),Xe=S(async(e,t,n,o,l,r)=>{const s=n.update??{},u=[["global","--global is not supported in catalog mode"],["recursive","--recursive is not needed in catalog mode (catalogs are workspace-level)"],["filter","--filter is not supported in catalog mode (use --include/--exclude instead)"],["no-save","--no-save is not supported in catalog mode"],["workspace-root","--workspace-root is not needed in catalog mode"],["no-optional","--no-optional is not supported in catalog mode"]];for(const[a,h]of u)o[a]&&r.warn(`${D("⚠")} ${h}, ignoring.`);const c=Ke(e,t),f=s.minimumReleaseAge??c;if(s.minimumReleaseAge!==void 0&&c!==void 0&&s.minimumReleaseAge!==c){const a=t==="pnpm"?"pnpm-workspace.yaml":"package.json";r.warn(`${D("⚠")} minimumReleaseAge mismatch: vis config = ${String(s.minimumReleaseAge)} min, ${a} = ${String(c)} min. Consider keeping them in sync.`)}const w=Oe(e),p=qe(e,t,{depFields:s.depFields,dev:o.dev,prod:o.prod});if(p.size===0){r.info("No catalogs found.");return}const B={...s,minimumReleaseAge:f},T=Qe(o,B,l);let P=0;for(const a of p.values())P+=a.size;const O=!!process.stdout.isTTY&&!Se;let C;const se=O?(a,h)=>{C?C.rerender($.createElement(X,{current:a,total:h})):C=K($.createElement(X,{current:a,total:h}),{interactive:!0,patchConsole:!1})}:(a,h)=>{r.info(`Checking ${String(a)}/${String(h)} dependencies...`)};O||r.info(`Checking ${String(P)} catalog dependencies...
-`);const ie=ye(n.security?.socket),{checkedCount:k,failed:v,filteredByTarget:g,ignored:x,outdated:d}=await Me(p,T,w,se,e,ie,n.security?.socket?.acceptedRisks);C&&(C.clear(),C.unmount());const I=k-d.length-v.length;if(v.length>0&&r.warn(`Failed to fetch: ${v.join(", ")}`),x.length>0&&r.info(`Skipped ${String(x.length)} ignored package${x.length===1?"":"s"}: ${x.join(", ")}`),!O&&k>d.length){const a=[...p.values()].reduce((N,V)=>N+V.size,0),h=a>k?` (${String(a)} catalog entries, ${String(a-k)} duplicates)`:"";r.info(`Checked ${String(k)} unique packages${h}: ${String(d.length)} outdated, ${String(I)} up-to-date${v.length>0?`, ${String(v.length)} failed`:""}${g.length>0?`, ${String(g.length)} skipped by target`:""}`)}if(d.length===0){g.length>0?r.info(`All catalog dependencies are up to date within the current target.
-${String(g.length)} package${g.length===1?" has":"s have"} newer versions available with --target latest:
-${g.map(a=>`  ${a.packageName}  ${a.currentRange} → ${a.newRange}  (${a.updateType})`).join(`
-`)}`):r.info("All catalog dependencies are up to date.");return}const j=o.format??s.format??"table";let y;if(o.ai){const a=Ce(o.aiType??"impact");y=await Ae(d,r,n.ai,a)}const F=!!o.dryRun;if(O&&j==="table"){const a=new xe(d,y??null);let h;if(o.changelog){r.info("Fetching changelogs...");const i=await ae(d);h=new Map;for(const m of i){const R=m.releaseUrl??m.repoUrl??m.npmUrl;R&&h.set(m.packageName,R)}}const N=n.tui?.autoExit??!1,V=N===!0?3:typeof N=="number"?N:0,J=await K($.createElement(je,{autoExitSeconds:V,changelogUrls:h,checkedCount:k,filteredOutEntries:g,isDryRun:F,store:a,totalCatalogEntries:P}),{alternateScreen:!0,exitOnCtrlC:!1,interactive:!0,patchConsole:!0}).waitUntilExit(),z=process.stdout.columns||80;process.stdout.write(`
-`);for(const i of d){const m=i.vulnerabilities?.length||i.socketReport&&i.socketReport.alerts.length>0,R=!!i.acceptedRisk,L=m?R?"✓":"⚠":"✓",ce=R?"gray":i.updateType==="major"?"red":i.updateType==="minor"?"yellow":"green",q=i.socketReport?.score.overall,pe=q===void 0?"":` [${String(Math.round(q*100))}%]`,Z=q===void 0?void 0:be(q);process.stdout.write(`${W($.createElement(b,null,"   ",$.createElement(b,{color:ce},L),`  ${i.packageName}  ${i.currentRange} → ${i.newRange}`,$.createElement(b,{dimColor:!0},`  ${i.updateType}`),Z?$.createElement(b,{color:Z},pe):null),{columns:z})}
+var ge=Object.defineProperty;var _=(e,t)=>ge(e,"name",{value:t,configurable:!0});import{createRequire as me}from"node:module";import{yellow as V,red as ve}from"@visulima/colorize";import{isAccessibleSync as H}from"@visulima/fs";import{readTomlSync as ke}from"@visulima/fs/toml";import{readYamlSync as $e}from"@visulima/fs/yaml";import{findPackageManagerSync as we,getPackageManagerVersion as ye}from"@visulima/package";import{join as Z}from"@visulima/path";import{render as K,renderToString as I,Text as R}from"@visulima/tui";import{a9 as be,M as T,aa as Re,v as Se,j as Ce,c as ae,ab as Ae,ac as re,u as xe,g as Ee,V as Te,S as je,B as Ue,ad as Ne,s as qe,ae as Be,af as Me,ag as Oe,m as _e}from"./bin.js";import k from"react";import{H as Pe,e as Fe,Z as Q}from"../packem_shared/ai-analysis-hm8d2W7z.js";import{r as Le,s as We}from"../packem_shared/typosquats-CcZl99B1.js";import{U as ze,B as De,T as X}from"../packem_shared/vis-update-app-D1jl0UZZ.js";import{d as Ie}from"../packem_shared/utils-DrNg0XTR.js";const fe=me(import.meta.url),B=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,he=_(e=>{if(typeof B<"u"&&B.versions&&B.versions.node){const[t,n]=B.versions.node.split(".").map(Number);if(t>22||t===22&&n>=3||t===20&&n>=16)return B.getBuiltinModule(e)}return fe(e)},"__cjs_getBuiltinModule"),{execFileSync:oe}=he("node:child_process");var Ve=Object.defineProperty,x=_((e,t)=>Ve(e,"name",{value:t,configurable:!0}),"s");const Ye=x(e=>{const t=[];for(const n of e.filters)t.push("--filter",n);return e.workspaceRoot&&t.push("--filter","."),t.push("update"),e.latest&&t.push("--latest"),e.recursive&&t.push("--recursive"),e.interactive&&t.push("--interactive"),e.dev&&t.push("--dev"),e.prod&&t.push("--prod"),e.noOptional&&t.push("--no-optional"),e.noSave&&t.push("--no-save"),t.push(...e.packages),{args:t,bin:"pnpm"}},"resolvePnpm"),Ge=x(e=>{const t=[];return e.filters.length>0&&t.push("workspace",e.filters[0]),t.push("upgrade"),e.latest&&t.push("--latest"),t.push(...e.packages),{args:t,bin:"yarn"}},"resolveYarnV1"),Je=x(e=>{const t=[];if(e.filters.length>0||e.recursive){t.push("workspaces","foreach","--all");for(const n of e.filters)t.push("--include",n)}return t.push("up"),e.interactive&&t.push("--interactive"),t.push(...e.packages),{args:t,bin:"yarn"}},"resolveYarnBerry"),He=x((e,t)=>{const n=["update"];e.latest&&t.push("npm does not support --latest flag. Packages will be updated within their semver range."),e.interactive&&t.push("npm does not support --interactive mode.");for(const o of e.filters)n.push("--workspace",o);return e.recursive&&n.push("--workspaces"),e.workspaceRoot&&n.push("--include-workspace-root"),e.dev&&n.push("--dev"),e.prod&&n.push("--production"),e.noOptional&&n.push("--no-optional"),e.noSave&&n.push("--no-save"),n.push(...e.packages),{args:n,bin:"npm"}},"resolveNpm"),Ze=x(e=>{const t=["update"];e.latest&&t.push("--latest");for(const n of e.filters)t.push("--filter",n);return t.push(...e.packages),{args:t,bin:"bun"}},"resolveBun"),Ke=x((e,t)=>{const n=["outdated","--update"];return e.latest&&n.push("--latest"),e.interactive&&n.push("--interactive"),e.filters.length>0&&t.push("deno outdated has no --filter flag; ignoring."),(e.dev||e.prod)&&t.push("deno outdated has no --dev / --prod flags; dev/prod is governed by deno.json."),e.noOptional&&t.push("deno outdated has no --no-optional flag; ignoring."),e.noSave&&t.push("deno outdated has no --no-save flag; ignoring."),n.push(...e.packages),{args:n,bin:"deno"}},"resolveDeno"),Qe=x((e,t,n)=>{const o=[];if(n.global&&e!=="aube"&&e!=="deno")return{command:{args:["update","--global",...n.packages],bin:"npm"},warnings:o};let i;switch(e){case"aube":{const a=be(n);i={args:a.args,bin:a.bin},o.push(...a.warnings);break}case"bun":{i=Ze(n);break}case"deno":{i=Ke(n,o);break}case"npm":{i=He(n,o);break}case"pnpm":{i=Ye(n);break}case"yarn":{i=t.startsWith("1.")?Ge(n):Je(n);break}default:{const a=e;throw new Error(`Unsupported package manager: ${String(a)}`)}}return{command:i,warnings:o}},"resolveUpdateCommand");var Xe=Object.defineProperty,S=_((e,t)=>Xe(e,"name",{value:t,configurable:!0}),"C");const et=S((e,t)=>{try{if(t==="pnpm"){const n=Z(e,"pnpm-workspace.yaml");if(H(n)){const o=$e(n);return{excludes:Array.isArray(o?.minimumReleaseAgeExclude)?o.minimumReleaseAgeExclude:void 0,minutes:typeof o?.minimumReleaseAge=="number"?o.minimumReleaseAge:void 0}}}else if(t==="bun"){const n=Z(e,"bunfig.toml");if(H(n)){const o=ke(n);return{excludes:Array.isArray(o?.install?.minimumReleaseAgeExcludes)?o.install.minimumReleaseAgeExcludes:void 0,minutes:typeof o?.install?.minimumReleaseAge=="number"?o.install.minimumReleaseAge:void 0}}}}catch{}return{}},"readPmNativeMinimumReleaseAge"),tt=S((e,t,n)=>{const o=e.latest?"latest":e.target??t.target??"latest";if(!["latest","minor","patch"].includes(o))throw new Error(`Invalid target "${o}". Use: latest, minor, or patch.`);const i=e.maxConcurrentRequests,a=typeof i=="number"&&i>0?i:t.maxConcurrentRequests,r=typeof e.releaseChannel=="string"?e.releaseChannel.toLowerCase():void 0;if(r!==void 0&&!["any","same","stable"].includes(r))throw new Error(`Invalid --release-channel "${String(e.releaseChannel)}". Use: any, same, or stable.`);const p=r??t.releaseChannel;return{exclude:[...T(e.exclude),...T(t.exclude)],ignore:T(t.ignore),include:[...T(e.include),...T(t.include),...n],includeLocked:e.includeLocked||t.includeLocked||!1,includePrerelease:e.prerelease||t.prerelease||!1,maxConcurrentRequests:a,minimumReleaseAge:t.minimumReleaseAge,minimumReleaseAgeExclude:t.minimumReleaseAgeExclude,packageMode:t.packageMode,releaseChannel:p,security:e.security||e.ai||t.security||!1,target:o}},"buildCatalogCheckOptions"),ee=S((e,t)=>{if(e.length!==0){t.info(`
+${V("⚠")} ${String(e.length)} package${e.length===1?"":"s"} skipped by target constraint (use --target latest to include):`);for(const n of e)t.info(`    ${n.packageName}  ${n.currentRange} → ${n.newRange}  (${n.updateType})`)}},"logFilteredByTarget"),te=S((e,t,n,o)=>{n==="json"?process.stdout.write(`${Re({checkedCount:0,failed:t,filteredByTarget:[],ignored:[],outdated:e})}
+`):n==="minimal"?process.stdout.write(`${Se(e)}
+`):(Ce(e,o),o.info(ae(e)))},"writeFormattedOutput"),ne=S(async(e,t,n,o,i,a,r)=>{const p=Ae(e,n,t,!0,{useEditorconfig:r}),h=t==="pnpm"?"pnpm-workspace.yaml":"package.json";if(i.info(`
+Updated ${h}`),p&&i.info(`Backup saved to ${p}`),o.changelog){i.info(`
+Fetching changelogs...`);const c=await re(n,void 0,a);for(const u of c){const g=u.releaseUrl??u.repoUrl??u.npmUrl;i.info(`  ${u.packageName}: ${g}`)}}if(o.install??!0){const c=t,u=["install"];i.info(`Running ${c} ${u.join(" ")}...
+`);try{oe(c,u,{cwd:e,env:process.env,stdio:"inherit"})}catch{i.warn(`${c} ${u.join(" ")} failed. You may need to run it manually.`)}}},"applyCatalogAndInstall"),nt=S(async(e,t,n,o,i,a)=>{const r=n.update??{},p=[["global","--global is not supported in catalog mode"],["recursive","--recursive is not needed in catalog mode (catalogs are workspace-level)"],["filter","--filter is not supported in catalog mode (use --include/--exclude instead)"],["no-save","--no-save is not supported in catalog mode"],["workspace-root","--workspace-root is not needed in catalog mode"],["no-optional","--no-optional is not supported in catalog mode"]];for(const[s,v]of p)o[s]&&a.warn(`${V("⚠")} ${v}, ignoring.`);const{excludes:h,minutes:c}=et(e,t),u=r.minimumReleaseAge??c,g=r.minimumReleaseAgeExclude??h;if(r.minimumReleaseAge!==void 0&&c!==void 0&&r.minimumReleaseAge!==c){const s=t==="pnpm"?"pnpm-workspace.yaml":"bunfig.toml";a.warn(`${V("⚠")} minimumReleaseAge mismatch: vis config = ${String(r.minimumReleaseAge)} min, ${s} = ${String(c)} min. Consider keeping them in sync.`)}const C=xe(e),w=Ee(e,t,{depFields:r.depFields,dev:o.dev,prod:o.prod});if(w.size===0){a.info("No catalogs found.");return}const se={...r,minimumReleaseAge:u,minimumReleaseAgeExclude:g},ie=tt(o,se,i);let P=0;for(const s of w.values())P+=s.size;const M=!!process.stdout.isTTY&&!qe;let E;const le=M?(s,v)=>{E?E.rerender(k.createElement(X,{current:s,total:v})):(process.stdout.write(`
+`),E=K(k.createElement(X,{current:s,total:v}),{interactive:!0,patchConsole:!1}))}:(s,v)=>{a.info(`Checking ${String(s)}/${String(v)} dependencies...`)};M||a.info(`Checking ${String(P)} catalog dependencies...
+`);const ce=Te(n.security?.socket),{checkedCount:$,failed:y,filteredByTarget:m,ignored:j,outdated:d}=await je(w,ie,C,le,e,ce,n.security?.socket?.acceptedRisks);E&&(E.clear(),E.unmount());const Y=$-d.length-y.length;if(y.length>0&&a.warn(`Failed to fetch: ${y.join(", ")}`),j.length>0&&a.info(`Skipped ${String(j.length)} ignored package${j.length===1?"":"s"}: ${j.join(", ")}`),!M&&$>d.length){const s=[...w.values()].reduce((q,L)=>q+L.size,0),v=s>$?` (${String(s)} catalog entries, ${String(s-$)} duplicates)`:"";a.info(`Checked ${String($)} unique packages${v}: ${String(d.length)} outdated, ${String(Y)} up-to-date${y.length>0?`, ${String(y.length)} failed`:""}${m.length>0?`, ${String(m.length)} skipped by target`:""}`)}if(d.length===0){m.length>0?a.info(`All catalog dependencies are up to date within the current target.
+${String(m.length)} package${m.length===1?" has":"s have"} newer versions available with --target latest:
+${m.map(s=>`  ${s.packageName}  ${s.currentRange} → ${s.newRange}  (${s.updateType})`).join(`
+`)}`):a.info("All catalog dependencies are up to date.");return}const U=o.format??r.format??"table";let b;if(o.ai){const s=Pe(o.aiType??"impact");b=await Fe(d,a,n.ai,s)}const F=!!o.dryRun;if(M&&U==="table"){const s=new ze(d,b??null);let v;if(o.changelog){a.info("Fetching changelogs...");const l=await re(d,void 0,C);v=new Map;for(const f of l){const A=f.releaseUrl??f.repoUrl??f.npmUrl;A&&v.set(f.packageName,A)}}const q=n.tui?.autoExit??!1,L=q===!0?3:typeof q=="number"?q:0,G=await K(k.createElement(De,{autoExitSeconds:L,changelogUrls:v,checkedCount:$,filteredOutEntries:m,isDryRun:F,store:s,totalCatalogEntries:P}),{alternateScreen:!0,exitOnCtrlC:!1,interactive:!0,patchConsole:!0}).waitUntilExit(),W=process.stdout.columns||80;process.stdout.write(`
+`);for(const l of d){const f=l.vulnerabilities?.length||l.socketReport&&l.socketReport.alerts.length>0,A=!!l.acceptedRisk,D=f?A?"✓":"⚠":"✓",pe=A?"gray":l.updateType==="major"?"red":l.updateType==="minor"?"yellow":"green",O=l.socketReport?.score.overall,de=O===void 0?"":` [${String(Math.round(O*100))}%]`,J=O===void 0?void 0:Ue(O);process.stdout.write(`${I(k.createElement(R,null,"   ",k.createElement(R,{color:pe},D),`  ${l.packageName}  ${l.currentRange} → ${l.newRange}`,k.createElement(R,{dimColor:!0},`  ${l.updateType}`),J?k.createElement(R,{color:J},de):null),{columns:W})}
 `)}if(process.stdout.write(`
-`),r.info(re(d)),k>d.length){const i=[...p.values()].reduce((R,L)=>R+L.size,0),m=i>k?` (${String(i)} catalog entries, ${String(i-k)} duplicates)`:"";r.info(`  Checked ${String(k)} unique packages${m}: ${String(I)} up-to-date${v.length>0?`, ${String(v.length)} failed`:""}`)}if(g.length>0){process.stdout.write(`
-`);const i=`${String(g.length)} package${g.length===1?"":"s"} skipped by target constraint (use --target latest to include):`;process.stdout.write(`${W($.createElement(b,{color:"yellow"},`  ${i}`),{columns:z})}
-`);for(const m of g)process.stdout.write(`${W($.createElement(b,null,"     ",$.createElement(b,{dimColor:!0},m.packageName),`  ${m.currentRange} → ${m.newRange}`,$.createElement(b,{dimColor:!0},`  ${m.updateType}`)),{columns:z})}
-`)}const Y=Array.isArray(J)?J:[];if(Y.length>0&&!F){r.info(`
-Applying ${String(Y.length)} updates...
-`);const i={...o,install:o.install??s.install};await ne(e,t,Y,i,r)}return}if(F){if(j==="json"){const a={failed:v,filteredByTarget:g,ignored:x,outdated:d};y&&(a.aiAnalysis=y),process.stdout.write(`${JSON.stringify(a,void 0,2)}
-`)}else r.info(`Would update ${String(d.length)} dependencies:
-`),te(d,v,j,r),y&&(r.info(""),r.info(Q(y))),ee(g,r);return}y&&j!=="json"&&(r.info(Q(y)),r.info(""));let U=d;if(o.interactive&&(U=await Pe(d),U.length===0)){r.info("No updates selected.");return}r.info(`Updating ${String(U.length)} catalog dependencies...
-`),te(U,[],j,r),ee(g,r);const le={...o,install:o.install??s.install};await ne(e,t,U,le,r)},"executeCatalogUpdate"),et=S((e,t,n,o,l,r)=>{const s={dev:o.dev,filters:A(o.filter),global:o.global,interactive:o.interactive,latest:o.latest||o.target==="latest",noOptional:o.noOptional,noSave:o.noSave,packages:l,prod:o.prod,recursive:o.recursive,workspaceRoot:o.workspaceRoot},{command:u,warnings:c}=Ge(t,n,s);for(const w of c)r.warn(w);const f=`${u.bin} ${u.args.join(" ")}`.trim();if(o.dryRun){r.info(`Would run: ${f}`);return}r.info(`Running: ${f}`);try{oe(f,{cwd:e,env:process.env,stdio:"inherit"})}catch(w){const p=w.status??1;r.error(`
-${fe("✖")} Update failed (exit code ${String(p)})`),r.error(`  Command: ${f}`),r.error(`  Directory: ${e}
-`),process.exitCode=p}},"executePmWrapper"),ht=S(async({argument:e,logger:t,options:n,visConfig:o,workspaceRoot:l})=>{if(!l)throw new Error("Could not determine workspace root. Run this command inside a monorepo.");let r=e;const s=l,{packageManager:u}=ke(s);if(!n.noTyposquatCheck){if(r.length>0){const c=r.map(p=>Ye(p)),f=o?.security?.typosquatAllowlist,w=await Ee(c.map(p=>p.name),f);if(!w.ok){process.exitCode=1;return}r=c.map((p,B)=>{const T=w.packages[B];return T!==p.name?p.versionSpec?`${T}@${p.versionSpec}`:T??"":r[B]??""})}else if(!await Te(s,o?.security?.typosquatAllowlist)){process.exitCode=1;return}}if(n.rollback){if(!Fe(s,u)){t.info("No backup found. Run 'vis update' first to create a backup.");return}if(Ve(s,u))t.info("Restored from backup.");else throw new Error("Failed to restore from backup.");return}if(!n.noCatalog&&ze(s,u))await Xe(s,u,o??{},n,r,t);else{const c=Re(s,{configBackend:o?.install?.backend}),f=c.name==="aube"?"":ve(c.name);et(s,c.name,f,n,r,t)}},"execute");export{ht as default};
+`),a.info(ae(d)),$>d.length){const l=[...w.values()].reduce((A,D)=>A+D.size,0),f=l>$?` (${String(l)} catalog entries, ${String(l-$)} duplicates)`:"";a.info(`  Checked ${String($)} unique packages${f}: ${String(Y)} up-to-date${y.length>0?`, ${String(y.length)} failed`:""}`)}if(m.length>0){process.stdout.write(`
+`);const l=`${String(m.length)} package${m.length===1?"":"s"} skipped by target constraint (use --target latest to include):`;process.stdout.write(`${I(k.createElement(R,{color:"yellow"},`  ${l}`),{columns:W})}
+`);for(const f of m)process.stdout.write(`${I(k.createElement(R,null,"     ",k.createElement(R,{dimColor:!0},f.packageName),`  ${f.currentRange} → ${f.newRange}`,k.createElement(R,{dimColor:!0},`  ${f.updateType}`)),{columns:W})}
+`)}const z=Array.isArray(G)?G:[];if(z.length>0&&!F){a.info(`
+Applying ${String(z.length)} updates...
+`);const l={...o,install:o.install??r.install};await ne(e,t,z,l,a,C,n.editorconfig??!0)}return}if(F){if(U==="json"){const s={failed:y,filteredByTarget:m,ignored:j,outdated:d};b&&(s.aiAnalysis=b),process.stdout.write(`${JSON.stringify(s,void 0,2)}
+`)}else a.info(`Would update ${String(d.length)} dependencies:
+`),te(d,y,U,a),b&&(a.info(""),a.info(Q(b))),ee(m,a);return}b&&U!=="json"&&(a.info(Q(b)),a.info(""));let N=d;if(o.interactive&&(N=await Ne(d),N.length===0)){a.info("No updates selected.");return}a.info(`Updating ${String(N.length)} catalog dependencies...
+`),te(N,[],U,a),ee(m,a);const ue={...o,install:o.install??r.install};await ne(e,t,N,ue,a,C)},"executeCatalogUpdate"),ot=S((e,t,n,o,i,a)=>{const r={dev:o.dev,filters:T(o.filter),global:o.global,interactive:o.interactive,latest:o.latest||o.target==="latest",noOptional:o.noOptional,noSave:o.noSave,packages:i,prod:o.prod,recursive:o.recursive,workspaceRoot:o.workspaceRoot},{command:p,warnings:h}=Qe(t,n,r);for(const u of h)a.warn(u);const c=`${p.bin} ${p.args.join(" ")}`.trim();if(o.dryRun){a.info(`Would run: ${c}`);return}a.info(`Running: ${c}`);try{oe(p.bin,p.args,{cwd:e,env:process.env,stdio:"inherit"})}catch(u){const g=u.status??1;a.error(`
+${ve("✖")} Update failed (exit code ${String(g)})`),a.error(`  Command: ${c}`),a.error(`  Directory: ${e}
+`),process.exitCode=g}},"executePmWrapper"),$t=S(async({argument:e,logger:t,options:n,visConfig:o,workspaceRoot:i})=>{if(!i)throw new Error("Could not determine workspace root. Run this command inside a monorepo.");let a=e;const r=i,{packageManager:p}=we(r);if(!n.noTyposquatCheck){if(a.length>0){const h=a.map(g=>Ie(g)),c=o?.security?.typosquatAllowlist,u=await Le(h.map(g=>g.name),c);if(!u.ok){process.exitCode=1;return}a=h.map((g,C)=>{const w=u.packages[C];return w!==g.name?g.versionSpec?`${w}@${g.versionSpec}`:w??"":a[C]??""})}else if(!await We(r,o?.security?.typosquatAllowlist)){process.exitCode=1;return}}if(n.rollback){if(!Be(r,p)){t.info("No backup found. Run 'vis update' first to create a backup.");return}if(Me(r,p))t.info("Restored from backup.");else throw new Error("Failed to restore from backup.");return}if(!n.noCatalog&&Oe(r,p))await nt(r,p,o??{},n,a,t);else{const h=_e(r,{configBackend:o?.install?.backend,configCorepack:o?.install?.corepack}),c=h.name==="aube"?"":ye(h.name);ot(r,h.name,c,n,a,t)}},"execute");export{$t as default,et as readPmNativeMinimumReleaseAge};