@visulima/vis 1.0.0-alpha.11 → 1.0.0-alpha.13

package/dist/packem_chunks/handler31.js

@@ -1,530 +1 @@
-import { dim, yellow, cyan, magenta, red } from '@visulima/colorize';
-import { isAccessibleSync, readFileSync, writeFileSync } from '@visulima/fs';
-import { readYamlSync } from '@visulima/fs/yaml';
-import { join } from '@visulima/path';
-import { c as detectPm, p as pail, f as fetchSocketReports, t as findAcceptedRisk, D as DEFAULT_LOW_SCORE_THRESHOLD, a as buildSocketOptions, H as scoreLabel, J as getFullPackageName } from './bin.js';
-import { l as lockedPackages, f as findDuplicateDependencies, s as startScanProgress } from '../packem_shared/dependency-scan-A0KSklpG.js';
-import { a as fetchVulnerabilities } from '../packem_shared/catalog-BJTtyi-O.js';
-
-const toStringArray = (value) => {
-  if (!Array.isArray(value)) {
-    return [];
-  }
-  return value.filter((v) => typeof v === "string");
-};
-const matchesGlobList = (value, patterns) => {
-  for (const pattern of patterns) {
-    if (pattern === value) {
-      return true;
-    }
-    if (pattern.endsWith("*") && value.startsWith(pattern.slice(0, -1))) {
-      return true;
-    }
-  }
-  return false;
-};
-const readPnpmAuditExclusions = (workspaceRoot) => {
-  const filePath = join(workspaceRoot, "pnpm-workspace.yaml");
-  if (!isAccessibleSync(filePath)) {
-    return { excludedPackages: [], ignoredAdvisories: [] };
-  }
-  try {
-    const data = readYamlSync(filePath);
-    return {
-      excludedPackages: [],
-      ignoredAdvisories: [...toStringArray(data?.auditConfig?.ignoreCves), ...toStringArray(data?.auditConfig?.ignoreGhsas)]
-    };
-  } catch {
-    return { excludedPackages: [], ignoredAdvisories: [] };
-  }
-};
-const readYarnAuditExclusions = (workspaceRoot) => {
-  const filePath = join(workspaceRoot, ".yarnrc.yml");
-  if (!isAccessibleSync(filePath)) {
-    return { excludedPackages: [], ignoredAdvisories: [] };
-  }
-  try {
-    const data = readYamlSync(filePath);
-    return {
-      excludedPackages: toStringArray(data?.npmAuditExcludePackages),
-      ignoredAdvisories: toStringArray(data?.npmAuditIgnoreAdvisories)
-    };
-  } catch {
-    return { excludedPackages: [], ignoredAdvisories: [] };
-  }
-};
-const readNativeAuditExclusions = (workspaceRoot, pm) => {
-  switch (pm) {
-    case "pnpm": {
-      return readPnpmAuditExclusions(workspaceRoot);
-    }
-    case "yarn": {
-      return readYarnAuditExclusions(workspaceRoot);
-    }
-    default: {
-      return { excludedPackages: [], ignoredAdvisories: [] };
-    }
-  }
-};
-const isAdvisoryExcluded = (vulnId, exclusions, aliases) => {
-  if (matchesGlobList(vulnId, exclusions.ignoredAdvisories)) {
-    return true;
-  }
-  if (aliases) {
-    for (const alias of aliases) {
-      if (matchesGlobList(alias, exclusions.ignoredAdvisories)) {
-        return true;
-      }
-    }
-  }
-  return false;
-};
-const isPackageExcluded = (packageName, exclusions) => matchesGlobList(packageName, exclusions.excludedPackages);
-const syncAcceptedRisksToNativeConfig = (pm, workspaceRoot, advisoryIds) => {
-  if (advisoryIds.length === 0) {
-    return ["No advisory IDs to sync."];
-  }
-  const actions = [];
-  switch (pm) {
-    case "bun": {
-      actions.push(`bun has no audit config file. Use CLI flags: bun audit ${advisoryIds.map((id) => `--ignore ${id}`).join(" ")}`);
-      break;
-    }
-    case "npm": {
-      actions.push("npm has no native audit exclusion config. vis accepted risks are the only layer.");
-      break;
-    }
-    case "pnpm": {
-      const filePath = join(workspaceRoot, "pnpm-workspace.yaml");
-      if (!isAccessibleSync(filePath)) {
-        actions.push("pnpm-workspace.yaml not found. Cannot sync.");
-        break;
-      }
-      const existing = readPnpmAuditExclusions(workspaceRoot);
-      const existingCves = new Set(existing.ignoredAdvisories.filter((id) => id.startsWith("CVE-")));
-      const existingGhsas = new Set(existing.ignoredAdvisories.filter((id) => id.startsWith("GHSA-")));
-      const newCves = advisoryIds.filter((id) => id.startsWith("CVE-"));
-      const newGhsas = advisoryIds.filter((id) => id.startsWith("GHSA-"));
-      const mergedCves = [.../* @__PURE__ */ new Set([...existingCves, ...newCves])];
-      const mergedGhsas = [.../* @__PURE__ */ new Set([...existingGhsas, ...newGhsas])];
-      const addedCves = newCves.filter((id) => !existingCves.has(id)).length;
-      const addedGhsas = newGhsas.filter((id) => !existingGhsas.has(id)).length;
-      if (addedCves === 0 && addedGhsas === 0) {
-        actions.push("All advisory IDs already present in pnpm-workspace.yaml.");
-        break;
-      }
-      let content = readFileSync(filePath);
-      if (mergedCves.length > 0) {
-        const cveBlock = `  ignoreCves:
-${mergedCves.map((id) => `    - ${id}`).join("\n")}
-`;
-        if (/auditConfig:/.test(content)) {
-          content = /ignoreCves:/.test(content) ? content.replace(/ignoreCves:\s*\n(?:\s+-\s+(?:\S.*|[\t\v\f \u00A0\u1680\u2000-\u200A\u202F\u205F\u3000\uFEFF])\n)*/, cveBlock) : content.replace(/auditConfig:\s*\n/, `auditConfig:
-${cveBlock}`);
-        } else {
-          content = `${content.trimEnd()}
-
-auditConfig:
-${cveBlock}`;
-        }
-        if (addedCves > 0) {
-          actions.push(`Added ${String(addedCves)} new CVE${addedCves === 1 ? "" : "s"} to pnpm-workspace.yaml (${String(mergedCves.length)} total)`);
-        }
-      }
-      if (mergedGhsas.length > 0) {
-        const ghsaBlock = `  ignoreGhsas:
-${mergedGhsas.map((id) => `    - ${id}`).join("\n")}
-`;
-        if (/auditConfig:/.test(content)) {
-          content = /ignoreGhsas:/.test(content) ? content.replace(/ignoreGhsas:\s*\n(?:\s+-\s+(?:\S.*|[\t\v\f \u00A0\u1680\u2000-\u200A\u202F\u205F\u3000\uFEFF])\n)*/, ghsaBlock) : content.replace(/(auditConfig:[\s\S]*?)(\n\S|\n?$)/m, `$1${ghsaBlock}$2`);
-        }
-        if (addedGhsas > 0) {
-          actions.push(
-            `Added ${String(addedGhsas)} new GHSA${addedGhsas === 1 ? "" : "s"} to pnpm-workspace.yaml (${String(mergedGhsas.length)} total)`
-          );
-        }
-      }
-      writeFileSync(filePath, content);
-      break;
-    }
-    case "yarn": {
-      const filePath = join(workspaceRoot, ".yarnrc.yml");
-      if (!isAccessibleSync(filePath)) {
-        actions.push(".yarnrc.yml not found. Cannot sync.");
-        break;
-      }
-      const existingYarn = readYarnAuditExclusions(workspaceRoot);
-      const existingSet = new Set(existingYarn.ignoredAdvisories);
-      const merged = [.../* @__PURE__ */ new Set([...existingSet, ...advisoryIds])];
-      const added = advisoryIds.filter((id) => !existingSet.has(id)).length;
-      if (added === 0) {
-        actions.push("All advisory IDs already present in .yarnrc.yml.");
-        break;
-      }
-      let content = readFileSync(filePath);
-      const advisoryBlock = `npmAuditIgnoreAdvisories:
-${merged.map((id) => `  - "${id}"`).join("\n")}
-`;
-      content = /npmAuditIgnoreAdvisories:/.test(content) ? content.replace(
-        /npmAuditIgnoreAdvisories:\s*\n(?:\s+-\s+(?:\S.*|[\t\v\f \u00A0\u1680\u2000-\u200A\u202F\u205F\u3000\uFEFF])\n)*/,
-        advisoryBlock
-      ) : `${content.trimEnd()}
-
-${advisoryBlock}`;
-      writeFileSync(filePath, content);
-      actions.push(`Synced ${String(added)} advisor${added === 1 ? "y" : "ies"} to .yarnrc.yml (${String(merged.length)} total)`);
-      break;
-    }
-    default: {
-      actions.push(`Unknown package manager: ${pm}`);
-    }
-  }
-  return actions;
-};
-
-const SEVERITY_ORDER = {
-  CRITICAL: 0,
-  HIGH: 1,
-  LOW: 3,
-  MODERATE: 2,
-  UNKNOWN: 4
-};
-const SOCKET_ALERT_COLORS = {
-  critical: red,
-  high: magenta,
-  low: cyan,
-  medium: yellow
-};
-const severityPassesFilter = (severity, filter) => {
-  const filterLevel = SEVERITY_ORDER[filter.toUpperCase()] ?? SEVERITY_ORDER.MODERATE ?? 2;
-  const vulnLevel = SEVERITY_ORDER[severity.toUpperCase()] ?? 4;
-  return vulnLevel <= filterLevel;
-};
-const SEVERITY_COLOR_FN = {
-  CRITICAL: red,
-  HIGH: magenta,
-  LOW: cyan,
-  MODERATE: yellow,
-  UNKNOWN: dim
-};
-const formatVulnLine = (name, version, vuln, isAccepted) => {
-  const colorFunction = SEVERITY_COLOR_FN[vuln.severity] ?? dim;
-  const badge = isAccepted ? ` ${dim("[acknowledged]")}` : "";
-  const fixedVersions = vuln.fixedVersions ?? [];
-  const fixed = fixedVersions.length > 0 ? ` (fix: ${fixedVersions.join(", ")})` : "";
-  return `  ${colorFunction(vuln.severity)} ${vuln.id} — ${name}@${version}${badge}
-    ${vuln.summary}${fixed}`;
-};
-const formatSocketLine = (report, isAccepted) => {
-  const name = getFullPackageName(report);
-  const pct = `${String(Math.round(report.score.overall * 100))}%`;
-  const badge = isAccepted ? ` ${dim("[acknowledged]")}` : "";
-  const alerts = report.alerts.length > 0 ? `, ${String(report.alerts.length)} alert${report.alerts.length === 1 ? "" : "s"}` : "";
-  return `  ${pct} ${name}@${report.version} (${scoreLabel(report.score.overall)}${alerts})${badge}`;
-};
-const executeAudit = async (workspaceRoot, options, visConfig, _logger) => {
-  const severityFilter = options.severity ?? "low";
-  const isJson = options.format === "json" || Boolean(options.json);
-  const showFixes = Boolean(options.fix);
-  const showAccepted = Boolean(options.showAccepted);
-  const socketConfig = visConfig?.security?.socket;
-  const acceptedRisks = socketConfig?.acceptedRisks;
-  const pm = detectPm(workspaceRoot);
-  const nativeExclusions = readNativeAuditExclusions(workspaceRoot, pm.name);
-  if (nativeExclusions.ignoredAdvisories.length > 0 || nativeExclusions.excludedPackages.length > 0) {
-    pail.info(
-      `Loaded ${String(nativeExclusions.ignoredAdvisories.length)} ignored advisor${nativeExclusions.ignoredAdvisories.length === 1 ? "y" : "ies"} and ${String(nativeExclusions.excludedPackages.length)} excluded package${nativeExclusions.excludedPackages.length === 1 ? "" : "s"} from ${pm.name} config.`
-    );
-  }
-  const installed = lockedPackages(workspaceRoot, pm.name);
-  if (installed.length === 0) {
-    pail.info(`No ${pm.name} lockfile entries found. Run ${pm.name} install first.`);
-    return;
-  }
-  if (!isJson) {
-    pail.info(`Scanning ${String(installed.length)} installed packages…`);
-  }
-  const packagesToScan = installed.map((p) => {
-    return { name: p.name, version: p.version };
-  });
-  const socketOptions = buildSocketOptions(socketConfig);
-  const duplicates = findDuplicateDependencies(workspaceRoot, pm.name);
-  const progressTasks = [
-    { id: "vulnerabilities", label: "Known vulnerabilities (OSV)" },
-    ...socketOptions ? [{ id: "socket", label: "Socket.dev supply-chain reports" }] : []
-  ];
-  const progress = startScanProgress(progressTasks, { live: !isJson });
-  const startedAt = Date.now();
-  const fmtElapsed = (start) => {
-    const ms = Date.now() - start;
-    return ms >= 1e3 ? `${(ms / 1e3).toFixed(1)}s` : `${String(Math.round(ms))}ms`;
-  };
-  let vulnMap;
-  let socketReports;
-  try {
-    const vulnStart = Date.now();
-    const socketStart = Date.now();
-    progress.start("vulnerabilities");
-    if (socketOptions) {
-      progress.start("socket");
-    }
-    [vulnMap, socketReports] = await Promise.all([
-      fetchVulnerabilities(packagesToScan).then((map) => {
-        let count = 0;
-        for (const list of map.values()) {
-          count += list.length;
-        }
-        progress.finish(
-          "vulnerabilities",
-          count > 0 ? "warn" : "ok",
-          count > 0 ? `${String(count)} found · ${fmtElapsed(vulnStart)}` : `none found · ${fmtElapsed(vulnStart)}`
-        );
-        return map;
-      }).catch((error) => {
-        const message = error instanceof Error ? error.message : String(error);
-        progress.finish("vulnerabilities", "error", message);
-        return /* @__PURE__ */ new Map();
-      }),
-      socketOptions ? fetchSocketReports(packagesToScan, socketOptions).then((reports) => {
-        let alerts = 0;
-        let low = 0;
-        for (const report of reports.values()) {
-          alerts += report.alerts.length;
-          if (report.score.overall < DEFAULT_LOW_SCORE_THRESHOLD) {
-            low += 1;
-          }
-        }
-        const total = alerts + low;
-        progress.finish(
-          "socket",
-          total > 0 ? "warn" : "ok",
-          total > 0 ? `${String(alerts)} alert${alerts === 1 ? "" : "s"}, ${String(low)} low-score · ${fmtElapsed(socketStart)}` : `clean · ${fmtElapsed(socketStart)}`
-        );
-        return reports;
-      }).catch((error) => {
-        const message = error instanceof Error ? error.message : String(error);
-        progress.finish("socket", "error", message);
-        return /* @__PURE__ */ new Map();
-      }) : Promise.resolve(/* @__PURE__ */ new Map())
-    ]);
-  } finally {
-    progress.stop();
-  }
-  if (!isJson) {
-    pail.info(dim(`Scan completed in ${fmtElapsed(startedAt)}`));
-  }
-  const entries = [];
-  for (const pkg of installed) {
-    if (isPackageExcluded(pkg.name, nativeExclusions)) {
-      continue;
-    }
-    const vulns = vulnMap.get(pkg.name) ?? [];
-    const report = socketReports.get(`${pkg.name}@${pkg.version}`);
-    const accepted = findAcceptedRisk(pkg.name, pkg.version, acceptedRisks);
-    const hasVulns = vulns.length > 0;
-    const hasLowScore = report ? report.score.overall < DEFAULT_LOW_SCORE_THRESHOLD : false;
-    const hasAlerts = report ? report.alerts.length > 0 : false;
-    if (hasVulns || hasLowScore || hasAlerts) {
-      entries.push({
-        acceptedRisk: accepted,
-        name: pkg.name,
-        socketReport: report,
-        version: pkg.version,
-        vulnerabilities: vulns
-      });
-    }
-  }
-  const filtered = entries.filter((entry) => {
-    const vulnPasses = entry.vulnerabilities.some((v) => severityPassesFilter(v.severity, severityFilter));
-    const socketPasses = entry.socketReport?.alerts.some(
-      (a) => severityPassesFilter(a.severity === "medium" ? "MODERATE" : a.severity.toUpperCase(), severityFilter)
-    );
-    const lowScorePasses = entry.socketReport && entry.socketReport.score.overall < DEFAULT_LOW_SCORE_THRESHOLD;
-    return vulnPasses || socketPasses || lowScorePasses;
-  });
-  if (isJson) {
-    const jsonResult = {
-      duplicates: duplicates.map((d) => {
-        return {
-          name: d.name,
-          versionCount: d.versions.length,
-          versions: d.versions
-        };
-      }),
-      packages: installed.length,
-      results: filtered.map((e) => {
-        return {
-          acceptedRisk: e.acceptedRisk ?? null,
-          name: e.name,
-          socketAlerts: e.socketReport?.alerts ?? [],
-          socketScore: e.socketReport?.score.overall ?? null,
-          version: e.version,
-          vulnerabilities: e.vulnerabilities
-        };
-      }),
-      summary: {
-        accepted: filtered.filter((e) => e.acceptedRisk).length,
-        duplicatePackages: duplicates.length,
-        issues: filtered.filter((e) => !e.acceptedRisk).length,
-        total: filtered.length
-      }
-    };
-    process.stdout.write(`${JSON.stringify(jsonResult, void 0, 2)}
-`);
-    if (options.exitCode && jsonResult.summary.issues > 0) {
-      process.exitCode = 1;
-    }
-    return;
-  }
-  if (filtered.length === 0) {
-    pail.success(`No security issues found across ${String(installed.length)} packages.`);
-    return;
-  }
-  const vulnsBySeverity = {
-    CRITICAL: [],
-    HIGH: [],
-    LOW: [],
-    MODERATE: []
-  };
-  for (const entry of filtered) {
-    for (const vuln of entry.vulnerabilities) {
-      if (severityPassesFilter(vuln.severity, severityFilter)) {
-        const key = vuln.severity === "UNKNOWN" ? "LOW" : vuln.severity;
-        vulnsBySeverity[key]?.push({ entry, vuln });
-      }
-    }
-  }
-  let totalVulns = 0;
-  let acknowledgedVulns = 0;
-  for (const severity of ["CRITICAL", "HIGH", "MODERATE", "LOW"]) {
-    const items = vulnsBySeverity[severity];
-    if (!items || items.length === 0) {
-      continue;
-    }
-    pail.info(`
-── ${severity} (${String(items.length)}) ──`);
-    for (const { entry, vuln } of items) {
-      const isExcluded = Boolean(entry.acceptedRisk) || isAdvisoryExcluded(vuln.id, nativeExclusions, vuln.aliases);
-      if (isExcluded) {
-        acknowledgedVulns++;
-        if (!showAccepted) {
-          continue;
-        }
-      }
-      totalVulns++;
-      pail.info(formatVulnLine(entry.name, entry.version, vuln, isExcluded));
-      if (showFixes && (vuln.fixedVersions ?? []).length > 0) {
-        pail.notice(`    Fix: update to ${vuln.fixedVersions.at(-1)}`);
-      }
-    }
-  }
-  const socketIssues = filtered.filter(
-    (e) => e.socketReport && (e.socketReport.score.overall < DEFAULT_LOW_SCORE_THRESHOLD || e.socketReport.alerts.length > 0)
-  );
-  if (socketIssues.length > 0) {
-    pail.info(`
-── Socket.dev Supply Chain (${String(socketIssues.length)}) ──`);
-    for (const entry of socketIssues) {
-      if (!entry.socketReport) {
-        continue;
-      }
-      const isExcluded = Boolean(entry.acceptedRisk);
-      if (isExcluded && !showAccepted) {
-        continue;
-      }
-      pail.info(formatSocketLine(entry.socketReport, isExcluded));
-      for (const alert of entry.socketReport.alerts) {
-        const alertColorFunction = SOCKET_ALERT_COLORS[alert.severity] ?? dim;
-        pail.info(`    ${alertColorFunction(`[${alert.severity.toUpperCase()}]`)} ${alert.type} — ${alert.category}`);
-      }
-    }
-  }
-  if (duplicates.length > 0) {
-    pail.info(`
-── Duplicate Dependencies (${String(duplicates.length)}) ──`);
-    for (const dup of duplicates) {
-      const versionList = dup.versions.join(", ");
-      pail.info(`  ${dup.name} — ${String(dup.versions.length)} versions: ${yellow(versionList)}`);
-    }
-  }
-  const isEntryExcluded = (e) => Boolean(e.acceptedRisk) || e.vulnerabilities.length > 0 && e.vulnerabilities.every((v) => isAdvisoryExcluded(v.id, nativeExclusions, v.aliases));
-  const unacknowledgedCount = filtered.filter((e) => !isEntryExcluded(e)).length;
-  pail.info("");
-  pail.info(`─ Audit Summary`);
-  pail.info(`  ${String(installed.length)} packages scanned`);
-  if (nativeExclusions.ignoredAdvisories.length > 0) {
-    pail.info(
-      `  ${String(nativeExclusions.ignoredAdvisories.length)} ${pm.name} audit exclusion${nativeExclusions.ignoredAdvisories.length === 1 ? "" : "s"} applied`
-    );
-  }
-  if (totalVulns > 0) {
-    const critCount = vulnsBySeverity.CRITICAL?.filter((i) => !isEntryExcluded(i.entry)).length ?? 0;
-    const highCount = vulnsBySeverity.HIGH?.filter((i) => !isEntryExcluded(i.entry)).length ?? 0;
-    pail.error(`  ${String(totalVulns)} vulnerabilit${totalVulns === 1 ? "y" : "ies"} found`);
-    if (critCount > 0) {
-      pail.error(`    ${String(critCount)} critical`);
-    }
-    if (highCount > 0) {
-      pail.warn(`    ${String(highCount)} high`);
-    }
-  } else {
-    pail.success("  No vulnerabilities found");
-  }
-  if (socketIssues.length > 0) {
-    const unacknowledgedSocket = socketIssues.filter((e) => !isEntryExcluded(e)).length;
-    pail.warn(`  ${String(unacknowledgedSocket)} package${unacknowledgedSocket === 1 ? "" : "s"} with Socket.dev supply chain issues`);
-  }
-  if (duplicates.length > 0) {
-    pail.warn(`  ${String(duplicates.length)} package${duplicates.length === 1 ? "" : "s"} with duplicate versions`);
-    pail.notice("  Run 'vis dedupe' or your package manager's dedupe command to reduce duplicates.");
-  }
-  if (acknowledgedVulns > 0) {
-    pail.info(`  ${String(acknowledgedVulns)} acknowledged (accepted risks)`);
-    if (!showAccepted) {
-      pail.notice("  Use --show-accepted to see acknowledged issues.");
-    }
-  }
-  if (unacknowledgedCount === 0) {
-    pail.success("\n  All issues are acknowledged. No action required.");
-  }
-  if (options.sync && acceptedRisks) {
-    const idSet = /* @__PURE__ */ new Set();
-    for (const entry of entries) {
-      if (entry.acceptedRisk) {
-        for (const vuln of entry.vulnerabilities) {
-          if (vuln.id.startsWith("CVE-") || vuln.id.startsWith("GHSA-")) {
-            idSet.add(vuln.id);
-          }
-          if (vuln.aliases) {
-            for (const alias of vuln.aliases) {
-              if (alias.startsWith("CVE-") || alias.startsWith("GHSA-")) {
-                idSet.add(alias);
-              }
-            }
-          }
-        }
-      }
-    }
-    const advisoryIds = [...idSet];
-    if (advisoryIds.length > 0) {
-      pail.info("");
-      const actions = syncAcceptedRisksToNativeConfig(pm.name, workspaceRoot, advisoryIds);
-      for (const action of actions) {
-        pail.success(`  ${action}`);
-      }
-    } else {
-      pail.info("\nNo advisory IDs to sync to native PM config.");
-    }
-  }
-  if (options.exitCode && unacknowledgedCount > 0) {
-    process.exitCode = 1;
-  }
-};
-const execute = async ({ logger, options, visConfig, workspaceRoot: wsRoot }) => {
-  if (!wsRoot) {
-    throw new Error("Could not determine workspace root. Run this command inside a monorepo.");
-  }
-  await executeAudit(wsRoot, options, visConfig);
-};
-
-export { execute as default };
+var C=Object.defineProperty;var T=(e,t)=>C(e,"name",{value:t,configurable:!0});import{relative as S}from"@visulima/path";import{K as q,k as b}from"./bin.js";import{f as $}from"../packem_shared/selectors-BylODRiM.js";import{o as L}from"../packem_shared/index-DH-5hsrC.js";var M=Object.defineProperty,I=T((e,t)=>M(e,"name",{value:t,configurable:!0}),"p");const D=I((e,t)=>{for(const f of t)if(L(f,e))return!0;return!1},"matchesAny"),B=I((e,t={})=>{const{depTypes:f,excludePatterns:l,externalOnly:y,includePatterns:d,internalOnly:j}=t;if(j&&y)return[];const u=f&&f.length>0?new Set(f):void 0,N=d&&d.length>0?d:void 0,O=l&&l.length>0?l:void 0,w=[];for(const m of e)j&&!m.isInternal||y&&m.isInternal||u&&!u.has(m.depType)||N&&(!m.packageName||!D(m.packageName,N))||O&&m.packageName&&D(m.packageName,O)||w.push(m);return w},"filterDepInstances");var F=Object.defineProperty,v=T((e,t)=>F(e,"name",{value:t,configurable:!0}),"y");const R=new Set(["json","ndjson","table"]),V=v(e=>{if(e===void 0)return"table";const t=e.toLowerCase();if(!R.has(t))throw new Error(`--format must be one of: table, json, ndjson (got "${e}")`);return t},"resolveFormat"),x=v((e,t)=>({depName:e.depName,depType:e.depType,isInternal:e.isInternal,packageDir:e.packageDir,packageJsonPath:S(t,e.packageJsonPath),packageName:e.packageName,specifier:e.specifier}),"toDepRecord"),P=new Set(["dependencies","devDependencies","optionalDependencies","overrides","peerDependencies","pnpm.overrides","resolutions"]),A=v(e=>{if(!e||e.length===0)return;const t=[],f=[];for(const l of e)for(const y of l.split(",")){const d=y.trim();d&&(P.has(d)?t.push(d):f.push(d))}if(f.length>0)throw new Error(`Unknown --dep-type value(s): ${f.join(", ")}. Valid: ${[...P].join(", ")}`);return t.length>0?t:void 0},"parseDepTypes"),G=v(async({logger:e,options:t,visConfig:f,workspaceRoot:l})=>{if(!l)throw new Error("Could not determine workspace root.");const y=V(t.format);if(t.deps===!0){if(t.internalOnly&&t.externalOnly)throw new Error("--internal-only and --external-only are mutually exclusive");const c=A(t.depType),i=q(l);let n=B(i,{depTypes:c,excludePatterns:t.exclude,externalOnly:t.externalOnly,includePatterns:t.include,internalOnly:t.internalOnly});if(t.query){const{workspace:r}=b(l,f),p=new Set($(Object.keys(r.projects),r,t.query));n=n.filter(k=>k.packageName!==void 0&&p.has(k.packageName))}const g=[...n].sort((r,p)=>{const k=`${r.packageName??r.packageDir} ${r.depType} ${r.depName}`,J=`${p.packageName??p.packageDir} ${p.depType} ${p.depName}`;return k.localeCompare(J)});if(y==="ndjson"){for(const r of g)e.info(JSON.stringify(x(r,l)));return}if(y==="json"){const r=g.map(p=>x(p,l));e.info(JSON.stringify(r,null,t.pretty===!0?2:void 0));return}if(g.length===0){e.info("No matching dep-instances.");return}const a=["Package","Block","Dep","Specifier","Internal","Path"],o=g.map(r=>[r.packageName??r.packageDir,r.depType,r.depName,r.specifier,r.isInternal?"yes":"no",S(l,r.packageJsonPath)]),s=a.map((r,p)=>Math.max(r.length,...o.map(k=>(k[p]??"").length))),h=v((r,p)=>r.padEnd(p),"pad");e.info(a.map((r,p)=>h(r,s[p])).join("  ")),e.info(s.map(r=>"─".repeat(r)).join("──"));for(const r of o)e.info(r.map((p,k)=>h(p,s[k])).join("  "));e.info(""),e.info(`${String(g.length)} dep-instance(s)`);return}if(y==="ndjson")throw new Error("--format=ndjson is only supported with --deps");const{projectOptions:d,workspace:j}=b(l,f);let u=Object.keys(j.projects).sort();if(t.query&&(u=$(u,j,t.query)),u.length===0){e.info("No projects found.");return}const N=t.inferred===!0,O=t.targets===!0||N;if(y==="json"){const c=u.map(i=>{const n=j.projects[i],g=d.get(i)??{},a=Object.entries(n.targets??{}).map(([o])=>{const s=g[o],h=s?.inferred===!0;return{aliases:s?.aliases??[],command:s?.command,description:s?.description,...h?{inferred:!0}:{},name:o,type:s?.type}}).filter(o=>!N||o.inferred===!0);return{language:n.language,layer:n.layer,name:i,root:n.root,stack:n.stack,tags:n.tags??[],targets:a,type:n.projectType??"library"}});e.info(JSON.stringify(c,null,2));return}const w=v((c,i)=>{const n=c.map((a,o)=>{let s=0;for(const h of i)s=Math.max(s,(h[o]??"").length);return Math.max(a.length,s)}),g=v((a,o)=>a.padEnd(o),"pad");e.info(c.map((a,o)=>g(a,n[o])).join("  ")),e.info(n.map(a=>"─".repeat(a)).join("──"));for(const a of i)e.info(a.map((o,s)=>g(o,n[s])).join("  "))},"renderTable");if(O){const c=[];for(const i of u){const n=j.projects[i],g=d.get(i)??{};for(const a of Object.keys(n.targets??{}).sort()){const o=g[a],s=o?.inferred===!0;if(N&&!s)continue;const h=n.targets?.[a],r=h?.cache===!1?"no":h?.cache===!0?"yes":"default";c.push([i,a,o?.type??"—",r,s?"yes":"no",o?.description??"—"])}}if(c.length===0){e.info(N?"No inferred targets found.":"No targets found.");return}w(["Project","Target","Type","Cache","Inferred","Description"],c),e.info(""),e.info(`${String(c.length)} target(s) across ${String(u.length)} project(s)`);return}const m=["Project","Type","Layer","Tags","Targets"],E=u.map(c=>{const i=j.projects[c],n=Object.keys(i.targets??{});return[c,i.projectType??"library",i.layer??"—",(i.tags??[]).join(", ")||"—",n.length>4?`${n.slice(0,4).join(", ")}… (${String(n.length)})`:n.join(", ")||"—"]});w(m,E),e.info(""),e.info(`${String(u.length)} project(s)`)},"execute");export{G as default};