@visulima/vis 1.0.0-alpha.2 → 1.0.0-alpha.4

package/dist/tui/components/update/PackageListPanel.d.ts

@@ -0,0 +1,18 @@
+import type { OutdatedEntry } from "../../../catalog.d.ts";
+import type { FilterType } from "./UpdateStore.d.ts";
+interface PackageListPanelProps {
+    checkedEntries: Set<string>;
+    entries: OutdatedEntry[];
+    filterActive: boolean;
+    filterText: string;
+    filterType: FilterType;
+    focused: boolean;
+    groupedByCatalog: Map<string, OutdatedEntry[]>;
+    isDryRun: boolean;
+    scrollOffset: number;
+    selectedIndex: number;
+    totalEntries: number;
+    viewportHeight: number;
+}
+declare const PackageListPanel: ({ checkedEntries, entries, filterActive, filterText, filterType, focused, groupedByCatalog, isDryRun, scrollOffset, selectedIndex, totalEntries, viewportHeight, }: PackageListPanelProps) => React.JSX.Element;
+export default PackageListPanel;

package/dist/tui/components/update/UpdateStore.d.ts

@@ -0,0 +1,62 @@
+import type { AiAnalysisResult, AiRecommendation } from "../../../ai-analysis.d.ts";
+import type { OutdatedEntry } from "../../../catalog.d.ts";
+export type FilterType = "all" | "major" | "minor" | "patch" | "security";
+export type UpdatePhase = "applying" | "browsing" | "done" | "error";
+export interface UpdateState {
+    /** AI analysis result (null if not requested). */
+    aiResult: AiAnalysisResult | null;
+    /** Whether all visible entries are checked. */
+    allChecked: boolean;
+    /** Progress during apply phase. */
+    applyProgress: {
+        current: number;
+        total: number;
+    } | null;
+    /** Set of checked package names for selective apply. */
+    checkedEntries: Set<string>;
+    /** All outdated entries. */
+    entries: OutdatedEntry[];
+    /** Error message if apply failed. */
+    error: string | null;
+    /** Whether the text filter input is active. */
+    filterActive: boolean;
+    /** Current filter text (empty = no filter). */
+    filterText: string;
+    /** Filter by update type. */
+    filterType: FilterType;
+    /** Which panel has keyboard focus. */
+    focusedPanel: "detail" | "list";
+    /** Entries grouped by catalog name. */
+    groupedByCatalog: Map<string, OutdatedEntry[]>;
+    /** Current lifecycle phase. */
+    phase: UpdatePhase;
+    /** Currently highlighted entry index in the filtered list. */
+    selectedIndex: number;
+}
+type Listener = () => void;
+export declare class UpdateStore {
+    #private;
+    constructor(entries: OutdatedEntry[], aiResult?: AiAnalysisResult | null);
+    getSnapshot: () => UpdateState;
+    subscribe: (listener: Listener) => () => void;
+    /** Get the currently filtered + visible entries. */
+    getFilteredEntries(): OutdatedEntry[];
+    /** Get AI recommendation for a specific package. */
+    getRecommendation(packageName: string): AiRecommendation | undefined;
+    /** Get the list of checked entries (for apply). */
+    getCheckedEntries(): OutdatedEntry[];
+    setSelectedIndex(index: number): void;
+    setFocusedPanel(panel: "detail" | "list"): void;
+    setFilterType(type: FilterType): void;
+    setFilter(text: string): void;
+    setFilterActive(active: boolean): void;
+    toggleCheck(packageName: string): void;
+    checkAll(): void;
+    uncheckAll(): void;
+    toggleAll(): void;
+    startApply(): void;
+    updateApplyProgress(current: number): void;
+    markDone(): void;
+    setError(error: string): void;
+}
+export {};

package/dist/tui/components/update/VisUpdateApp.d.ts

@@ -0,0 +1,11 @@
+import React from "react";
+import type { UpdateStore } from "./UpdateStore.d.ts";
+interface VisUpdateAppProps {
+    /** 0 = no auto-exit (default), >0 = countdown seconds */
+    autoExitSeconds?: number;
+    changelogUrls?: Map<string, string>;
+    isDryRun: boolean;
+    store: UpdateStore;
+}
+declare const VisUpdateApp: ({ autoExitSeconds, changelogUrls, isDryRun, store }: VisUpdateAppProps) => React.JSX.Element;
+export default VisUpdateApp;

package/dist/tui/dynamic-life-cycle.d.ts

@@ -0,0 +1,21 @@
+import type { LifeCycleInterface, Task } from "@visulima/task-runner";
+import { TaskStore } from "./components/TaskStore.d.ts";
+interface DynamicOutputOptions {
+    args: {
+        parallel?: boolean | number;
+        targets: string[];
+    };
+    /** Auto-exit config: false = stay open, true = 3s countdown, number = custom seconds */
+    autoExit?: boolean | number;
+    projectNames: string[];
+    /** Registry of writable stdin entries keyed by task ID, for interactive input. */
+    stdinRegistry?: Map<string, import("./types").StdinEntry>;
+    tasks: Task[];
+}
+interface DynamicOutputResult {
+    lifeCycle: LifeCycleInterface;
+    renderIsDone: Promise<void>;
+    store: TaskStore;
+}
+export declare const createDynamicOutputRenderer: (options: DynamicOutputOptions) => DynamicOutputResult;
+export {};

package/dist/tui/formatting-utils.d.ts

@@ -0,0 +1,17 @@
+import type { Task } from "@visulima/task-runner";
+/**
+ * Formats a CLI flag for display output.
+ * @param leftPad Padding string
+ * @param flag The flag name
+ * @param value The flag value
+ */
+export declare const formatFlags: (leftPad: string, flag: string, value: unknown) => string;
+/**
+ * Generates a human-readable description of the targets and projects being executed.
+ *
+ * Examples:
+ * - "target build for project my-app"
+ * - "targets build, test for 5 projects"
+ * - "target build for 3 projects and 2 tasks they depend on"
+ */
+export declare const formatTargetsAndProjects: (projectNames: string[], targets: string[], tasks: Task[]) => string;

package/dist/tui/pretty-time.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Formats a process.hrtime() tuple into a compact string like "1s 234ms".
+ */
+export declare const formatHrtime: (hrtime: [number, number]) => string;
+/**
+ * Formats milliseconds into a compact string like "1s 300ms", "340ms", "1m 5s".
+ */
+export declare const formatMs: (ms: number) => string;

package/dist/tui/static-life-cycle.d.ts

@@ -0,0 +1,22 @@
+import type { LifeCycleInterface, Task, TaskResult, TaskStatus } from "@visulima/task-runner";
+interface StaticOutputOptions {
+    args: {
+        targets: string[];
+    };
+    projectNames: string[];
+    tasks: Task[];
+}
+/**
+ * A lifecycle handler for CI environments that produces static, append-only output.
+ * No cursor manipulation — just linear log lines.
+ */
+export declare class StaticOutputLifeCycle implements LifeCycleInterface {
+    #private;
+    constructor(options: StaticOutputOptions);
+    startCommand(): void;
+    startTasks(tasks: Task[]): void;
+    endTasks(taskResults: TaskResult[]): void;
+    printTaskTerminalOutput(task: Task, status: TaskStatus, terminalOutput: string): void;
+    endCommand(): void;
+}
+export {};

package/dist/tui/status-utils.d.ts

@@ -0,0 +1,20 @@
+import type { TaskStatus } from "@visulima/task-runner";
+export declare const isCacheStatus: (status: string) => boolean;
+export interface StatusInfo {
+    color: string;
+    icon: string;
+}
+export declare const getStatusInfo: (status: TaskStatus) => StatusInfo;
+/**
+ * Returns the colored status icon as an ANSI string (for raw stdout writes).
+ */
+export declare const getStatusIcon: (status: TaskStatus) => string;
+/**
+ * Returns a colored prefix string for a status (for raw stdout writes).
+ */
+export declare const getStatusPrefix: (status: TaskStatus) => string;
+/**
+ * Logs task terminal output with formatting.
+ * Uses GitHub Actions grouping when available.
+ */
+export declare const logCommandOutputCI: (taskId: string, status: TaskStatus, output: string) => void;

package/dist/tui/symbols.d.ts

@@ -0,0 +1,7 @@
+/**
+ * Unicode symbols for TUI output with ASCII fallbacks.
+ */
+export declare const TICK: string;
+export declare const CROSS: string;
+export declare const ELLIPSIS: string;
+export declare const DASH: string;

package/dist/tui/types.d.ts

@@ -0,0 +1,11 @@
+/**
+ * Represents a writable stdin entry for interactive PTY input.
+ */
+export interface StdinEntry {
+    /** Kill the child process/PTY. */
+    kill?: (signal?: string) => void;
+    /** Resize the child's PTY (only available for PTY-backed processes). */
+    resize?: (cols: number, rows: number) => void;
+    /** Write data to the child's stdin or PTY. */
+    write: (data: string) => void;
+}

package/dist/typosquats.d.ts

@@ -0,0 +1,70 @@
+/**
+ * Typosquat detection for package names.
+ *
+ * Uses a curated blocklist of known typosquats (data/typosquats.json) and
+ * runtime heuristics (character substitution, transposition, omission) to
+ * warn users before they install a potentially malicious package.
+ */
+export type Blocklist = Record<string, string[]>;
+export interface TyposquatMatch {
+    /** The package name that was checked. */
+    input: string;
+    /** The legitimate package this appears to be a typosquat of. */
+    legitimate: string;
+    /** How the match was detected: "blocklist" (exact match in JSON) or "heuristic" (generated variant). */
+    method: "blocklist" | "heuristic";
+}
+export interface TyposquatCheckResult {
+    /** Whether the operation should proceed. */
+    ok: boolean;
+    /**
+     * The (possibly corrected) package names to use.
+     * When the user chooses "use suggested name", the typosquat names are
+     * replaced with their legitimate counterparts.
+     */
+    packages: string[];
+}
+/**
+ * Generates typosquat variants of a package name using common attack patterns:
+ * - Character omission (dropping one character)
+ * - Adjacent character transposition (swapping neighbors)
+ * - Character duplication (repeating one character)
+ * - Homoglyph / keyboard substitution
+ * - Separator manipulation (dash/dot/underscore swaps)
+ * - Common suffixes (-js, -node)
+ *
+ * Separators (`-`, `.`, `_`) are preserved during omission and duplication passes.
+ * Transposition is skipped when either character is a separator.
+ * Names shorter than 3 characters return an empty set.
+ * @param name The package name to generate variants for.
+ * @returns A set of unique variant strings (never includes the original name).
+ */
+export declare const generateVariants: (name: string) => Set<string>;
+/**
+ * Check a single package name against the typosquat blocklist.
+ * Returns a match if the name is a known typosquat, or `undefined` if safe.
+ */
+export declare const checkTyposquat: (packageName: string) => TyposquatMatch | undefined;
+/** Check multiple package names. Returns only the matches (empty if all safe). */
+export declare const checkTyposquats: (packageNames: string[], allowlist?: string[]) => TyposquatMatch[];
+/**
+ * Display typosquat warnings and prompt the user.
+ *
+ * Choices:
+ * - **S** (suggested): replace the typosquat names with the correct packages and continue
+ * - **y** (yes): continue with the original (potentially dangerous) names
+ * - **N** (no, default): abort the operation
+ *
+ * Non-interactive mode always aborts.
+ */
+export declare const runTyposquatCheck: (packageNames: string[], allowlist?: string[]) => Promise<TyposquatCheckResult>;
+/**
+ * Scan package.json dependencies for potential typosquats.
+ *
+ * Unlike `runTyposquatCheck` (used by `add`), this cannot replace names because
+ * they live in package.json. It warns the user and asks whether to proceed.
+ *
+ * In non-interactive mode, always aborts.
+ * @returns `true` to proceed, `false` to abort.
+ */
+export declare const scanDepsForTyposquats: (cwd: string, allowlist?: string[]) => Promise<boolean>;

package/dist/upgrade-check.d.ts

@@ -0,0 +1,30 @@
+/**
+ * Background upgrade check - non-intrusive update notification.
+ *
+ * Per vite-plus upgrade-check RFC:
+ * - Spawns async registry check while command runs (no latency impact)
+ * - Shows single-line notice at most once per 24 hours
+ * - Cached at ~/.vis/.upgrade-check.json
+ * - Skipped in CI, test, quiet, non-TTY, and excluded commands
+ * - 500ms timeout prevents network from delaying exit
+ */
+/** Commands that should NOT trigger upgrade checks. */
+declare const EXCLUDED_COMMANDS: Set<string>;
+/**
+ * Compares two semver version strings.
+ * Returns true if `latest` is newer than `current`.
+ */
+declare const isNewerVersion: (current: string, latest: string) => boolean;
+/**
+ * Determines if the upgrade check should run for this invocation.
+ */
+declare const shouldCheck: (command: string) => boolean;
+/**
+ * Runs the background upgrade check. Non-blocking.
+ *
+ * 1. Check if we need to query the registry (24h cooldown)
+ * 2. If yes, fetch latest version asynchronously
+ * 3. Return a promise that resolves with the check function to call after command
+ */
+declare const startUpgradeCheck: (currentVersion: string, command: string) => (() => void) | undefined;
+export { EXCLUDED_COMMANDS, isNewerVersion, shouldCheck, startUpgradeCheck };

package/dist/utils.d.ts

@@ -0,0 +1,22 @@
+/**
+ * Shared utility for option parsing across command handlers.
+ */
+/**
+ * Converts a CLI option value (which may be undefined, a single string,
+ * or an array of strings) into a normalized string array.
+ */
+declare const toStringArray: (value: unknown) => string[];
+/**
+ * Safely extracts an error message from an unknown caught value.
+ * Handles Error instances, strings, and other types.
+ */
+declare const errorMessage: (error: unknown) => string;
+/**
+ * Extracts the package name and optional version specifier from a CLI argument
+ * like "react", "react@19", "@scope/pkg@^2".
+ */
+declare const parsePackageArgument: (argument: string) => {
+    name: string;
+    versionSpec: string | undefined;
+};
+export { errorMessage, parsePackageArgument, toStringArray };

package/dist/workspace.d.ts

@@ -1,12 +1,15 @@
-import type { ProjectGraph, TargetConfiguration, WorkspaceConfiguration } from "@visulima/task-runner";
+import type { ConstraintsConfig, ProjectGraph, TargetConfiguration, WorkspaceConfiguration } from "@visulima/task-runner";
+import type { Configuration as StagedConfig } from "lint-staged";
 interface PackageJson {
+    bin?: Record<string, string> | string;
     dependencies?: Record<string, string>;
     devDependencies?: Record<string, string>;
     name?: string;
     peerDependencies?: Record<string, string>;
     scripts?: Record<string, string>;
     workspaces?: string[] | {
-        packages: string[];
+        catalog?: Record<string, string>;
+        packages?: string[];
     };
 }
 interface VisConfig {
@@ -19,18 +22,267 @@ interface VisConfig {
         /** Use a specific provider instead of auto-detecting (e.g., `"claude"`, `"gemini"`). */
         provider?: string;
     };
+    /**
+     * Project dependency constraints.
+     * Enforced after building the project graph, before running tasks.
+     */
+    constraints?: ConstraintsConfig;
+    /**
+     * Configuration for the `vis create` scaffolding command.
+     * Controls template downloads (via giget), default options, and
+     * post-creation behavior.
+     */
+    create?: {
+        /**
+         * Authorization token for downloading private repository templates.
+         * Passed as Bearer token to the git host API.
+         * Can also be set via GIGET_AUTH, GITHUB_TOKEN, or GH_TOKEN environment variables.
+         */
+        auth?: string;
+        /**
+         * Default editor to configure after scaffolding.
+         * When set, `vis create` automatically generates editor config files.
+         * @example "vscode"
+         */
+        defaultEditor?: "vscode";
+        /**
+         * Default package manager for new standalone projects.
+         * When set, skips the PM selection prompt in interactive mode.
+         */
+        defaultPm?: "bun" | "npm" | "pnpm" | "yarn";
+        /**
+         * Default giget provider for `owner/repo` shorthand inputs.
+         * @default "github"
+         */
+        defaultProvider?: "bitbucket" | "github" | "gitlab" | "sourcehut";
+        /**
+         * Initialize a git repository after scaffolding standalone projects.
+         * @default false
+         */
+        gitInit?: boolean;
+        /**
+         * Install dependencies automatically after scaffolding.
+         * @default true
+         */
+        install?: boolean;
+        /**
+         * Prefer locally cached templates over re-downloading.
+         * Useful for offline development or slow connections.
+         * @default false
+         */
+        preferOffline?: boolean;
+        /**
+         * Custom template registry URL.
+         * When set, giget checks this registry for template metadata
+         * before falling back to direct provider resolution.
+         * Set to `false` to disable registry lookup entirely.
+         * @see https://github.com/unjs/giget#custom-registry
+         */
+        registry?: false | string;
+        /**
+         * Named template aliases for quick access.
+         * Maps short names to full giget source strings.
+         * @example
+         * ```
+         * templates: {
+         *   "react": "github:vitejs/vite/packages/create-vite/template-react-ts",
+         *   "lib": "github:my-org/lib-template",
+         *   "internal": "gitlab:company/templates/node-service",
+         * }
+         * ```
+         */
+        templates?: Record<string, string>;
+    };
     /** Package override mappings applied during migration (e.g., `{ "lodash": "lodash-es" }`) */
     overrides?: Record<string, string>;
-    /** Staged file patterns and commands (replaces lint-staged) */
-    staged?: Record<string, string | string[]>;
+    /**
+     * Supply chain security settings.
+     * These settings are inspired by pnpm's security features and are applied
+     * universally across all package managers (pnpm, npm, yarn, bun).
+     *
+     * For pnpm users: these map directly to pnpm-workspace.yaml settings.
+     * For npm/yarn/bun users: vis enforces these at the vis layer since
+     * those package managers lack native support.
+     */
+    security?: {
+        /**
+         * Map of package names/patterns to allow (true) or deny (false) build scripts.
+         * Packages not listed are denied by default.
+         * Equivalent to pnpm's `allowBuilds` setting.
+         * @example
+         * ```
+         * allowBuilds: {
+         *   "esbuild": true,
+         *   "core-js": false,
+         *   "@prisma/client": true,
+         * }
+         * ```
+         */
+        allowBuilds?: Record<string, boolean>;
+        /**
+         * When true, prevents transitive dependencies from using exotic sources
+         * (git repositories, direct tarball URLs). Only direct dependencies may
+         * use such sources. Equivalent to pnpm's `blockExoticSubdeps`.
+         * @default false
+         */
+        blockExoticSubdeps?: boolean;
+        /**
+         * Minimum number of minutes that must pass after a version is published
+         * before vis will allow installation. Reduces risk of installing
+         * compromised packages that are typically discovered within hours.
+         * Equivalent to pnpm's `minimumReleaseAge`.
+         * @default 0
+         * @example 1440 // 24 hours
+         */
+        minimumReleaseAge?: number;
+        /**
+         * Package names/patterns excluded from minimumReleaseAge check.
+         * Equivalent to pnpm's `minimumReleaseAgeExclude`.
+         * @example ["webpack", "react", "@myorg/*"]
+         */
+        minimumReleaseAgeExclude?: string[];
+        /**
+         * Socket.dev security intelligence configuration.
+         * When enabled, vis fetches package security scores, alerts, and report
+         * data from the Socket.dev API during install, update, and check commands.
+         * @see https://socket.dev
+         */
+        socket?: {
+            /**
+             * Packages whose low Socket.dev scores or alerts have been reviewed
+             * and explicitly accepted. These packages skip the confirmation
+             * prompt during `vis add` and show as "acknowledged" in `vis audit`.
+             *
+             * Key format: package name (`"lodash"`), name@version
+             * (`"lodash@4.17.21"`), or glob (`"@myorg/*"`).
+             * Unversioned keys match all versions of that package.
+             * @example
+             * ```
+             * acceptedRisks: {
+             *   "some-risky-pkg": {
+             *     reason: "Internal fork, low score expected",
+             *     acceptedAt: "2026-03-15T10:00:00Z",
+             *     acceptedScore: 0.25,
+             *   },
+             * }
+             * ```
+             */
+            acceptedRisks?: Record<string, {
+                /** ISO 8601 timestamp when the risk was accepted. */
+                acceptedAt: string;
+                /** The overall Socket.dev score at the time of acceptance. */
+                acceptedScore: number;
+                /** User-provided reason for accepting the risk. */
+                reason: string;
+            }>;
+            /**
+             * Custom Socket.dev API token. Falls back to the public API token.
+             * Set via VIS_SOCKET_TOKEN environment variable or here.
+             */
+            apiToken?: string;
+            /**
+             * Cache TTL in milliseconds for Socket.dev reports.
+             * @default 3_600_000 (1 hour)
+             */
+            cacheTtlMs?: number;
+            /**
+             * Enable Socket.dev security scanning on install/update/check commands.
+             * @default false
+             */
+            enabled?: boolean;
+            /**
+             * Minimum overall Socket.dev score (0–1) for a package to be
+             * accepted without a confirmation prompt during `vis add`.
+             * Packages scoring below this threshold trigger an interactive
+             * prompt asking the user to confirm. Set to 0 to disable.
+             * @default 0.4
+             */
+            minimumScore?: number;
+            /**
+             * Request timeout in milliseconds for the Socket.dev API.
+             * @default 15_000 (15 seconds)
+             */
+            timeoutMs?: number;
+        };
+        /**
+         * When true, installation will fail (exit non-zero) if any dependencies
+         * have unreviewed build scripts. Equivalent to pnpm's `strictDepBuilds`.
+         * @default false
+         */
+        strictDepBuilds?: boolean;
+        /**
+         * Trust level checking for package publishing.
+         * - "off": No trust checking (default)
+         * - "no-downgrade": Fail if a package's trust level has decreased
+         *   compared to previous releases (e.g., was published by trusted
+         *   publisher, now only has provenance).
+         * Equivalent to pnpm's `trustPolicy`.
+         * @default "off"
+         */
+        trustPolicy?: "no-downgrade" | "off";
+        /**
+         * Package selectors excluded from trust policy checks.
+         * Equivalent to pnpm's `trustPolicyExclude`.
+         * @example ["chokidar@4.0.3", "@babel/core@7.28.5"]
+         */
+        trustPolicyExclude?: string[];
+        /**
+         * Ignore the trust policy check for packages published more than
+         * the specified number of minutes ago. Useful for older packages
+         * that pre-date provenance support.
+         * Equivalent to pnpm's `trustPolicyIgnoreAfter` (10.27+).
+         * @example 43200 // 30 days
+         */
+        trustPolicyIgnoreAfter?: number;
+        /**
+         * Package names to skip during typosquat detection.
+         * Use this for internal packages or known-safe names that happen to
+         * look similar to popular packages.
+         * @example ["my-internal-axois", "@myorg/recat"]
+         */
+        typosquatAllowlist?: string[];
+    };
+    /** sort-package-json command defaults */
+    sortPackageJson?: {
+        /** Alphabetize script commands (default: false) */
+        sortScripts?: boolean;
+    };
+    /**
+     * Staged file patterns and commands (replaces lint-staged).
+     *
+     * Accepts all lint-staged config forms:
+     * - `string` or `string[]` commands
+     * - Sync/async functions returning `string | string[]`
+     * - `{ title, task }` objects for named side-effect tasks
+     * - Mixed arrays of strings and functions
+     * - A top-level generate-task function
+     */
+    staged?: StagedConfig;
     /** Target default configurations */
     targetDefaults?: Record<string, Partial<TargetConfiguration>>;
     /** Task runner options */
     taskRunnerOptions?: Record<string, unknown>;
+    /** Terminal UI configuration */
+    tui?: {
+        /**
+         * Auto-exit the TUI after tasks complete.
+         * - `false`: Stay open until the user presses `q` (default)
+         * - `true`: Show quit dialog with 3-second countdown after completion
+         * - `number`: Show quit dialog with custom countdown in seconds
+         */
+        autoExit?: boolean | number;
+    };
     /** Update command defaults */
     update?: {
         exclude?: string[];
         format?: "json" | "minimal" | "table";
+        /**
+         * Package names or glob patterns to permanently ignore during updates.
+         * Ignored packages are skipped and listed in the output so you know
+         * they were not checked.
+         * @example ["eslint", "@types/*"]
+         */
+        ignore?: string[];
         include?: string[];
         install?: boolean;
         prerelease?: boolean;
@@ -43,6 +295,10 @@ interface VisConfig {
  * Supports simple patterns like "packages/*" and "packages/**".
  */
 declare const resolveWorkspacePatterns: (workspaceRoot: string, patterns: string[]) => string[];
+/**
+ * Reads workspace patterns from pnpm-workspace.yaml (simple parser).
+ */
+declare const readPnpmWorkspacePatterns: (workspaceRoot: string) => string[] | undefined;
 /**
  * Discovers all projects in the workspace and builds a WorkspaceConfiguration.
  */
@@ -55,4 +311,5 @@ declare const discoverWorkspace: (workspaceRoot: string, config?: VisConfig) =>
  */
 declare const buildProjectGraph: (workspaceRoot: string, workspace: WorkspaceConfiguration) => ProjectGraph;
 export type { PackageJson, VisConfig };
-export { buildProjectGraph, discoverWorkspace, resolveWorkspacePatterns };
+export { buildProjectGraph, discoverWorkspace, readPnpmWorkspacePatterns, resolveWorkspacePatterns };
+export { type Configuration as StagedConfig } from "lint-staged";