@visulima/vis 1.0.0-alpha.20 → 1.0.0-alpha.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (112) hide show
  1. package/CHANGELOG.md +63 -0
  2. package/LICENSE.md +206 -141
  3. package/README.md +21 -4
  4. package/dist/config/index.d.ts +199 -6
  5. package/dist/packem_chunks/bin.js +318 -318
  6. package/dist/packem_chunks/bloom-status.js +2 -0
  7. package/dist/packem_chunks/bloom-sync.js +2 -0
  8. package/dist/packem_chunks/cache-attestation.js +1 -0
  9. package/dist/packem_chunks/config.js +15 -15
  10. package/dist/packem_chunks/fix.js +1 -1
  11. package/dist/packem_chunks/handler.js +1 -1
  12. package/dist/packem_chunks/handler10.js +2 -1
  13. package/dist/packem_chunks/handler11.js +1 -5
  14. package/dist/packem_chunks/handler12.js +5 -1
  15. package/dist/packem_chunks/handler13.js +1 -27
  16. package/dist/packem_chunks/handler14.js +28 -5
  17. package/dist/packem_chunks/handler15.js +5 -1
  18. package/dist/packem_chunks/handler16.js +1 -1
  19. package/dist/packem_chunks/handler17.js +1 -1
  20. package/dist/packem_chunks/handler18.js +1 -1
  21. package/dist/packem_chunks/handler19.js +1 -1
  22. package/dist/packem_chunks/handler2.js +4 -2
  23. package/dist/packem_chunks/handler20.js +1 -5
  24. package/dist/packem_chunks/handler21.js +5 -2
  25. package/dist/packem_chunks/handler22.js +2 -2
  26. package/dist/packem_chunks/handler23.js +2 -18
  27. package/dist/packem_chunks/handler24.js +18 -1
  28. package/dist/packem_chunks/handler25.js +1 -1
  29. package/dist/packem_chunks/handler26.js +1 -5
  30. package/dist/packem_chunks/handler27.js +5 -1
  31. package/dist/packem_chunks/handler28.js +1 -3
  32. package/dist/packem_chunks/handler29.js +3 -1
  33. package/dist/packem_chunks/handler3.js +4 -4
  34. package/dist/packem_chunks/handler30.js +1 -7
  35. package/dist/packem_chunks/handler31.js +6 -32
  36. package/dist/packem_chunks/handler32.js +33 -3
  37. package/dist/packem_chunks/handler33.js +3 -1
  38. package/dist/packem_chunks/handler34.js +1 -26
  39. package/dist/packem_chunks/handler35.js +26 -3
  40. package/dist/packem_chunks/handler36.js +5 -7
  41. package/dist/packem_chunks/handler37.js +6 -6
  42. package/dist/packem_chunks/handler38.js +1 -1
  43. package/dist/packem_chunks/handler39.js +61 -6
  44. package/dist/packem_chunks/handler4.js +6 -8
  45. package/dist/packem_chunks/handler40.js +6 -24
  46. package/dist/packem_chunks/handler41.js +215 -10
  47. package/dist/packem_chunks/handler42.js +24 -153
  48. package/dist/packem_chunks/handler43.js +153 -25
  49. package/dist/packem_chunks/handler44.js +10 -24
  50. package/dist/packem_chunks/handler45.js +25 -213
  51. package/dist/packem_chunks/handler46.js +24 -3
  52. package/dist/packem_chunks/handler47.js +3 -27
  53. package/dist/packem_chunks/handler48.js +21 -161
  54. package/dist/packem_chunks/handler49.js +173 -33
  55. package/dist/packem_chunks/handler5.js +8 -1
  56. package/dist/packem_chunks/handler50.js +34 -0
  57. package/dist/packem_chunks/handler6.js +1 -1
  58. package/dist/packem_chunks/handler7.js +1 -1
  59. package/dist/packem_chunks/handler8.js +1 -1
  60. package/dist/packem_chunks/handler9.js +1 -2
  61. package/dist/packem_chunks/heal-accept.js +1 -1
  62. package/dist/packem_chunks/heal.js +1 -1
  63. package/dist/packem_chunks/help-command.js +16 -16
  64. package/dist/packem_chunks/index.js +2 -2
  65. package/dist/packem_chunks/keys-refresh.js +1 -1
  66. package/dist/packem_chunks/list.js +1 -1
  67. package/dist/packem_chunks/loader.js +4 -1
  68. package/dist/packem_chunks/loader2.js +1 -0
  69. package/dist/packem_chunks/prune.js +1 -1
  70. package/dist/packem_chunks/run.js +1 -1
  71. package/dist/packem_chunks/status.js +1 -1
  72. package/dist/packem_chunks/sync.js +1 -1
  73. package/dist/packem_chunks/sync2.js +1 -1
  74. package/dist/packem_chunks/verify-lockfile.js +2 -0
  75. package/dist/packem_shared/{advisories-DsynpacV.js → advisories-DS8JEB_g.js} +1 -1
  76. package/dist/packem_shared/{ai-analysis-uYuTIIXi.js → ai-analysis-DGBZYlxF.js} +1 -1
  77. package/dist/packem_shared/{ai-cache-DuwHYx2O.js → ai-cache-BjlXWJtl.js} +1 -1
  78. package/dist/packem_shared/{ai-fix-DzrA-dVz.js → ai-fix-BhcTrkuW.js} +6 -6
  79. package/dist/packem_shared/cyclonedx-CO7-Y1B1.js +4 -0
  80. package/dist/packem_shared/dependency-scan-DPHTzA5r.js +1 -0
  81. package/dist/packem_shared/docker-lk0-5Z-i.js +60 -0
  82. package/dist/packem_shared/{failure-log-C3LEMmkq.js → failure-log-DF7nrFIs.js} +1 -1
  83. package/dist/packem_shared/{flakiness-Dq6K4ymq.js → flakiness-DKCOYwN7.js} +1 -1
  84. package/dist/packem_shared/index-B4gpNmrG.js +1 -0
  85. package/dist/packem_shared/license-zZU7aavK.js +1 -0
  86. package/dist/packem_shared/{lifecycle-Dv3nAtoD.js → lifecycle-boYwVQSE.js} +2 -2
  87. package/dist/packem_shared/{min-release-age-BFozFonQ.js → min-release-age-D462DvYM.js} +1 -1
  88. package/dist/packem_shared/{native-config-sync-Dvi1g2nQ.js → native-config-sync-B0_ef78M.js} +9 -9
  89. package/dist/packem_shared/osv-bloom-QSAn2Dcw.js +2 -0
  90. package/dist/packem_shared/provenance-smHa8efI.js +1 -0
  91. package/dist/packem_shared/{registry-keys-CewRFW0e.js → registry-keys-3qaVog76.js} +1 -1
  92. package/dist/packem_shared/resolve-explicit-BgFQHUEP.js +5 -0
  93. package/dist/packem_shared/{run-summary-utils-BaBGP3bo.js → run-summary-utils-DIJV_dUD.js} +1 -1
  94. package/dist/packem_shared/runtime-check-DrMx4Q9L.js +1 -0
  95. package/dist/packem_shared/s1ngularity-CwSBPB3I.js +1 -0
  96. package/dist/packem_shared/signatures-b-jJYoZd.js +2 -0
  97. package/dist/packem_shared/toolchain-OH1PXwbZ.js +5 -0
  98. package/dist/packem_shared/{typosquats-BCeR-sLf.js → typosquats-CJ4o1l7U.js} +1 -1
  99. package/dist/packem_shared/{verify-07kUNTuP.js → verify-CQbzknur.js} +1 -1
  100. package/dist/packem_shared/{vis-update-app-CFrlJ3mW.js → vis-update-app-Bnu1EIgE.js} +1 -1
  101. package/index.d.ts +78 -0
  102. package/index.js +57 -53
  103. package/package.json +22 -12
  104. package/schemas/project.schema.json +37 -7
  105. package/schemas/vis-config.schema.json +2376 -2026
  106. package/dist/packem_shared/cyclonedx-CiHXuG8M.js +0 -4
  107. package/dist/packem_shared/dependency-scan-DC3nAFHS.js +0 -1
  108. package/dist/packem_shared/docker-B-CIN_nj.js +0 -60
  109. package/dist/packem_shared/resolve-explicit-CC4Kifk5.js +0 -5
  110. package/dist/packem_shared/runtime-check-BusAwPb2.js +0 -1
  111. package/dist/packem_shared/signatures-5ZdjJ2Pu.js +0 -2
  112. package/dist/packem_shared/toolchain-Cc3cwyLP.js +0 -5
package/dist/packem_shared/{native-config-sync-Dvi1g2nQ.js → native-config-sync-B0_ef78M.js} RENAMED
@@ -1,10 +1,10 @@
1
- var v=Object.defineProperty;var E=(o,l)=>v(o,"name",{value:l,configurable:!0});import{M as c,$ as S,B as i,i as g,n as O}from"../packem_chunks/config.js";import{t as N,u as U}from"../packem_chunks/bin.js";var x=Object.defineProperty,D=E((o,l)=>x(o,"name",{value:l,configurable:!0}),"f");const P=D((o,l,d)=>{const s=[],b=Object.entries(d).filter(([,n])=>n).map(([n])=>n);switch(o){case"bun":{const n=c(l,"package.json");if(g(n))try{const e=O(n);e.trustedDependencies=b,i(n,`${JSON.stringify(e,null,2)}
2
- `),s.push(`Updated package.json trustedDependencies with ${b.length} packages`)}catch(e){s.push(`Failed to update package.json: ${e instanceof Error?e.message:String(e)}`)}break}case"npm":{const n=c(l,".npmrc");let e=g(n)?S(n):"";/^\s*ignore-scripts\s*=\s*true\s*$/m.test(e)?s.push(".npmrc already has ignore-scripts=true"):(e=`${e.trimEnd()}
1
+ var v=Object.defineProperty;var E=(o,l)=>v(o,"name",{value:l,configurable:!0});import{M as c,$ as S,B as i,i as g,n as O}from"../packem_chunks/config.js";import{n as N,o as U}from"../packem_chunks/bin.js";var x=Object.defineProperty,D=E((o,l)=>x(o,"name",{value:l,configurable:!0}),"f");const P=D((o,l,d)=>{const s=[],b=Object.entries(d).filter(([,t])=>t).map(([t])=>t);switch(o){case"bun":{const t=c(l,"package.json");if(g(t))try{const e=O(t);e.trustedDependencies=b,i(t,`${JSON.stringify(e,null,2)}
2
+ `),s.push(`Updated package.json trustedDependencies with ${b.length} packages`)}catch(e){s.push(`Failed to update package.json: ${e instanceof Error?e.message:String(e)}`)}break}case"npm":{const t=c(l,".npmrc");let e=g(t)?S(t):"";/^\s*ignore-scripts\s*=\s*true\s*$/m.test(e)?s.push(".npmrc already has ignore-scripts=true"):(e=`${e.trimEnd()}
3
3
  ignore-scripts=true
4
- `,i(n,e),s.push("Added ignore-scripts=true to .npmrc"));break}case"pnpm":{const n=c(l,"pnpm-workspace.yaml");if(!g(n)){s.push("pnpm-workspace.yaml not found. Cannot sync allowBuilds.");break}let e={},u=[];try{const t=U(n);e=t?.allowBuilds??{},u=Array.isArray(t?.onlyBuiltDependencies)?t.onlyBuiltDependencies:[]}catch{}const h={...e,...d},A=Object.keys(d).filter(t=>e[t]!==d[t]).length,m=b.toSorted((t,p)=>t.localeCompare(p)),k=[...new Set([...u,...m])].toSorted((t,p)=>t.localeCompare(p)),w=m.filter(t=>!u.includes(t)).length;if(A===0&&w===0)s.push(`All ${String(Object.keys(d).length)} allowBuilds entries already present in pnpm-workspace.yaml.`);else{const t=Object.keys(h).sort(),p=D(a=>a.startsWith("@")||a.includes("/")||/[:#\s]/.test(a),"needsQuote"),$=D(a=>p(a)?`'${a.replaceAll("'","''")}'`:a,"renderKey"),y=`allowBuilds:
5
- ${t.map(a=>` ${$(a)}: ${String(h[a])}`).join(`
4
+ `,i(t,e),s.push("Added ignore-scripts=true to .npmrc"));break}case"pnpm":{const t=c(l,"pnpm-workspace.yaml");if(!g(t)){s.push("pnpm-workspace.yaml not found. Cannot sync allowBuilds.");break}let e={},u=[];try{const n=U(t);e=n?.allowBuilds??{},u=Array.isArray(n?.onlyBuiltDependencies)?n.onlyBuiltDependencies:[]}catch{}const h={...e,...d},A=Object.keys(d).filter(n=>e[n]!==d[n]).length,m=b.toSorted((n,p)=>n.localeCompare(p)),k=[...new Set([...u,...m])].toSorted((n,p)=>n.localeCompare(p)),w=m.filter(n=>!u.includes(n)).length;if(A===0&&w===0)s.push(`All ${String(Object.keys(d).length)} allowBuilds entries already present in pnpm-workspace.yaml.`);else{const n=Object.keys(h).sort(),p=D(a=>a.startsWith("@")||a.includes("/")||/[:#\s]/.test(a),"needsQuote"),$=D(a=>p(a)?`'${a.replaceAll("'","''")}'`:a,"renderKey"),y=`allowBuilds:
5
+ ${n.map(a=>` ${$(a)}: ${String(h[a])}`).join(`
6
6
  `)}
7
- `;let r=S(n);r.endsWith(`
7
+ `;let r=S(t);r.endsWith(`
8
8
  `)||(r+=`
9
9
  `);const f=/^allowBuilds:[ \t]*\n(?:[ \t]{2}[^\n]*\n)*/m;if(r=f.test(r)?r.replace(f,y):`${r.trimEnd()}
10
10
 
@@ -13,9 +13,9 @@ ${k.map(j=>` - ${p(j)?`'${j.replaceAll("'","''")}'`:j}`).join(`
13
13
  `)}
14
14
  `,C=/^onlyBuiltDependencies:[ \t]*\n(?:[ \t]{2}[^\n]*\n)*/m;r=C.test(r)?r.replace(C,a):`${r.trimEnd()}
15
15
 
16
- ${a}`}i(n,r),s.push(`Updated pnpm-workspace.yaml allowBuilds (${String(A)} new, ${String(t.length)} total)`),w>0&&s.push(`Updated pnpm-workspace.yaml onlyBuiltDependencies (${String(w)} new, ${String(k.length)} total)`)}const B=c(l,"package.json");if(g(B)&&m.length>0)try{const t=O(B),p=Array.isArray(t.pnpm?.onlyBuiltDependencies)?t.pnpm.onlyBuiltDependencies:[],$=[...new Set([...p,...m])].toSorted((r,f)=>r.localeCompare(f)),y=m.filter(r=>!p.includes(r)).length;y>0&&(t.pnpm={...t.pnpm,onlyBuiltDependencies:$},i(B,`${JSON.stringify(t,null,2)}
17
- `),s.push(`Updated package.json pnpm.onlyBuiltDependencies (${String(y)} new, ${String($.length)} total)`))}catch(t){s.push(`Failed to update package.json pnpm.onlyBuiltDependencies: ${t instanceof Error?t.message:String(t)}`)}break}case"yarn":{if(N(l)){const n=c(l,".yarnrc.yml");let e=S(n);const u=/^\s*enableScripts\s*:/m.test(e),h=/^\s*enableScripts\s*:\s*false\s*$/m.test(e);u?h?s.push(".yarnrc.yml already has enableScripts: false"):(e=e.replace(/^\s*enableScripts\s*:.+$/m,"enableScripts: false"),i(n,e),s.push("Changed enableScripts to false in .yarnrc.yml")):(e=`${e.trimEnd()}
16
+ ${a}`}i(t,r),s.push(`Updated pnpm-workspace.yaml allowBuilds (${String(A)} new, ${String(n.length)} total)`),w>0&&s.push(`Updated pnpm-workspace.yaml onlyBuiltDependencies (${String(w)} new, ${String(k.length)} total)`)}const B=c(l,"package.json");if(g(B)&&m.length>0)try{const n=O(B),p=Array.isArray(n.pnpm?.onlyBuiltDependencies)?n.pnpm.onlyBuiltDependencies:[],$=[...new Set([...p,...m])].toSorted((r,f)=>r.localeCompare(f)),y=m.filter(r=>!p.includes(r)).length;y>0&&(n.pnpm={...n.pnpm,onlyBuiltDependencies:$},i(B,`${JSON.stringify(n,null,2)}
17
+ `),s.push(`Updated package.json pnpm.onlyBuiltDependencies (${String(y)} new, ${String($.length)} total)`))}catch(n){s.push(`Failed to update package.json pnpm.onlyBuiltDependencies: ${n instanceof Error?n.message:String(n)}`)}break}case"yarn":{if(N(l)){const t=c(l,".yarnrc.yml");let e=S(t);const u=/^\s*enableScripts\s*:/m.test(e),h=/^\s*enableScripts\s*:\s*false\s*$/m.test(e);u?h?s.push(".yarnrc.yml already has enableScripts: false"):(e=e.replace(/^\s*enableScripts\s*:.+$/m,"enableScripts: false"),i(t,e),s.push("Changed enableScripts to false in .yarnrc.yml")):(e=`${e.trimEnd()}
18
18
  enableScripts: false
19
- `,i(n,e),s.push("Added enableScripts: false to .yarnrc.yml"))}else{const n=c(l,".npmrc");let e=g(n)?S(n):"";/^\s*ignore-scripts\s*=\s*true\s*$/m.test(e)?s.push(".npmrc already has ignore-scripts=true"):(e=`${e.trimEnd()}
19
+ `,i(t,e),s.push("Added enableScripts: false to .yarnrc.yml"))}else{const t=c(l,".npmrc");let e=g(t)?S(t):"";/^\s*ignore-scripts\s*=\s*true\s*$/m.test(e)?s.push(".npmrc already has ignore-scripts=true"):(e=`${e.trimEnd()}
20
20
  ignore-scripts=true
21
- `,i(n,e),s.push("Added ignore-scripts=true to .npmrc (yarn classic lacks enableScripts)"))}break}}return s},"syncAllowBuildsToNativeConfig");export{P as N};
21
+ `,i(t,e),s.push("Added ignore-scripts=true to .npmrc (yarn classic lacks enableScripts)"))}break}}return s},"syncAllowBuildsToNativeConfig");export{P as N};
package/dist/packem_shared/osv-bloom-QSAn2Dcw.js ADDED
@@ -0,0 +1,2 @@
1
+ var U=Object.defineProperty;var l=(e,o)=>U(e,"name",{value:o,configurable:!0});import{createRequire as P}from"node:module";import{D as K}from"../packem_chunks/config.js";import{NATIVE_BINDING_VERSION as M,osvBloomDecode as Y,osvBloomProbe as Q,osvBloomProbeBatch as X}from"#native";const V=P(import.meta.url),d=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,O=l(e=>{if(typeof d<"u"&&d.versions&&d.versions.node){const[o,t]=d.versions.node.split(".").map(Number);if(o>22||o===22&&t>=3||o===20&&t>=16)return d.getBuiltinModule(e)}return V(e)},"__cjs_getBuiltinModule"),{randomUUID:H,createHash:F}=O("node:crypto"),{existsSync:p}=O("node:fs"),{readFile:y,mkdir:L,stat:I,rm:q,writeFile:G,rename:J,unlink:W}=O("node:fs/promises"),{join:w,dirname:z}=O("node:path");var Z=Object.defineProperty,s=l((e,o)=>Z(e,"name",{value:o,configurable:!0}),"r");const N=5;if(M!==N)throw new Error(`vis native binding ABI mismatch in osv-bloom: expected ${N}, got ${M}. Rebuild via \`pnpm --filter @visulima/vis run build:native\` or reinstall the platform binding package.`);const ut="https://endevco.github.io/osv-bloom",tt=new Set(["endevco.github.io"]);class g extends Error{static{l(this,"OsvBloomSourceNotAllowedError")}static{s(this,"OsvBloomSourceNotAllowedError")}cause="OSV_BLOOM_SOURCE_NOT_ALLOWED";constructor(o){super(`osv-bloom source host '${o}' is not in the built-in allowlist. Add it to \`security.audit.advisories.bloom.allowedHosts\` if intentional.`),this.name="OsvBloomSourceNotAllowedError"}}class B extends Error{static{l(this,"OsvBloomNetworkError")}static{s(this,"OsvBloomNetworkError")}cause="OSV_BLOOM_NETWORK";constructor(o,t){super(`osv-bloom fetch failed for ${o}: ${t}. Check connectivity, proxy env vars, or --source.`),this.name="OsvBloomNetworkError"}}class et extends Error{static{l(this,"OsvBloomIntegrityError")}static{s(this,"OsvBloomIntegrityError")}cause="OSV_BLOOM_INTEGRITY";constructor(o,t){super(`osv-bloom filter.bin sha256 mismatch (expected ${o}, got ${t}). Refusing to install a corrupted filter.`),this.name="OsvBloomIntegrityError"}}class v extends Error{static{l(this,"OsvBloomManifestError")}static{s(this,"OsvBloomManifestError")}cause="OSV_BLOOM_MANIFEST";constructor(o){super(`osv-bloom manifest invalid: ${o}`),this.name="OsvBloomManifestError"}}class ot extends Error{static{l(this,"OsvBloomCacheMissError")}static{s(this,"OsvBloomCacheMissError")}cause="OSV_BLOOM_CACHE_MISS";constructor(o){super(`No osv-bloom cache at ${o}. Run 'vis advisories bloom sync' first.`),this.name="OsvBloomCacheMissError"}}const b=s(e=>{const o=K("vis",{create:!0,cwd:e})??w(e,"node_modules",".cache","vis");return w(o,"osv-bloom")},"resolveOsvBloomCacheDir"),h=s(e=>w(e,"filter.bin"),"filterPath"),R=s(e=>w(e,"manifest.json"),"manifestPath"),T=s(e=>w(e,"state.json"),"statePath"),st=s((e,o)=>{let t;try{t=new URL(e)}catch{throw new g(e)}if(!t.host)throw new g(e);if(t.protocol!=="https:")throw new g(`${t.protocol}//${t.host}`);if(!new Set([...tt,...o??[]]).has(t.host))throw new g(t.host);return t},"validateOsvBloomSource"),ht=s(async e=>{const o=Date.now(),t=e.cacheDir??b(e.workspaceRoot);await L(t,{recursive:!0});const r=st(e.source,e.allowedHosts),a=new URL("manifest.json",$(r.toString())),i=new URL("filter.bin",$(r.toString())),n=await x(a,{method:"GET"});if(!n.ok)throw new B(a.toString(),n.status);const S=await n.text(),c=k(S),m=await C(t);if(!e.force&&m?.setDigestSha256===c.setDigestSha256&&p(h(t)))return{bytesOnDisk:(await I(h(t))).size,cacheDir:t,durationMs:Date.now()-o,manifest:c,upToDate:!0};const E={};!e.force&&m?.filterEtag&&(E.headers={"if-none-match":m.filterEtag});const f=await x(i,{...E,method:"GET"});if(f.status===304&&m&&p(h(t)))return await A(t,S,{fetchedAtIso:new Date().toISOString(),filterEtag:m.filterEtag,setDigestSha256:c.setDigestSha256}),{bytesOnDisk:(await I(h(t))).size,cacheDir:t,durationMs:Date.now()-o,manifest:c,upToDate:!0};if(!f.ok||!f.body)throw new B(i.toString(),f.status);const u=Buffer.from(await f.arrayBuffer());e.onProgress&&e.onProgress(u.length,u.length);const D=rt(u);if(D!==c.filterSha256)throw new et(c.filterSha256,D);if(u.length!==c.bloomByteLen)throw new v(`filter.bin length ${u.length} does not match manifest.bloom_byte_len ${c.bloomByteLen}`);const j=f.headers.get("etag")??void 0;return await _(h(t),u),await A(t,S,{fetchedAtIso:new Date().toISOString(),filterEtag:j,setDigestSha256:c.setDigestSha256}),{bytesOnDisk:u.length,cacheDir:t,durationMs:Date.now()-o,manifest:c,upToDate:!1}},"syncOsvBloom"),ft=s(async(e,o)=>{const t=o?.cacheDir??b(e),r=h(t);if(!p(r)){if(o?.softFail)return null;throw new ot(t)}const a=await y(r);return Y(a)},"loadOsvBloomHandle");s((e,o,t)=>Q(e,o,t),"probeOsvBloom");const mt=s((e,o)=>X(e,o),"probeOsvBloomBatch"),dt=s(async(e,o)=>{const t=o??b(e);if(!p(h(t)))return{cacheDir:t,present:!1};let r,a;try{r=k(await y(R(t),"utf8"))}catch{}try{a=await C(t)}catch{}return{cacheDir:t,fetchedAtIso:a?.fetchedAtIso,manifest:r,present:!0}},"getOsvBloomStatus");s(async(e,o)=>{const t=o??b(e);await q(t,{force:!0,recursive:!0})},"clearOsvBloomCache");const k=s(e=>{let o;try{o=JSON.parse(e)}catch(i){throw new v(i instanceof Error?i.message:String(i))}const t=s(i=>{const n=o[i];if(typeof n!="number"||Number.isNaN(n))throw new v(`field '${i}' missing or non-numeric`);return n},"requireNumber"),r=s(i=>{const n=o[i];if(typeof n!="string"||n.length===0)throw new v(`field '${i}' missing or empty`);return n},"requireString"),a=t("format_version");if(a!==1)throw new v(`unsupported format_version ${a} (this build expects v1)`);return{advisoryCount:t("advisory_count"),bloomByteLen:t("bloom_byte_len"),bloomKHashes:t("bloom_k_hashes"),bloomMBits:t("bloom_m_bits"),builtAtRfc3339:r("built_at_rfc3339"),builtAtUnix:t("built_at_unix"),entryCount:t("entry_count"),filterSha256:r("filter_sha256"),formatVersion:a,setDigestSha256:r("set_digest_sha256"),sourceUrl:r("source_url"),targetFpr:t("target_fpr")}},"parseManifest"),C=s(async e=>{try{const o=await y(T(e),"utf8"),t=JSON.parse(o);return typeof t.setDigestSha256!="string"||typeof t.fetchedAtIso!="string"?void 0:{fetchedAtIso:t.fetchedAtIso,filterEtag:typeof t.filterEtag=="string"?t.filterEtag:void 0,setDigestSha256:t.setDigestSha256}}catch{return}},"readState"),A=s(async(e,o,t)=>{await _(R(e),Buffer.from(o,"utf8")),await _(T(e),Buffer.from(`${JSON.stringify(t,void 0,2)}
2
+ `,"utf8"))},"persistManifestAndState"),_=s(async(e,o)=>{await L(z(e),{recursive:!0});const t=`${e}.${process.pid}.${H()}.tmp`;try{await G(t,o),await J(t,e)}catch(r){throw await W(t).catch(()=>{}),r}},"atomicWrite"),rt=s(e=>F("sha256").update(e).digest("hex"),"sha256Hex"),$=s(e=>e.endsWith("/")?e:`${e}/`,"ensureTrailingSlash"),it=3e4,x=s(async(e,o)=>{try{return await fetch(e,{...o,signal:AbortSignal.timeout(it)})}catch(t){throw new B(e.toString(),t instanceof Error?t.message:String(t))}},"safeFetch");export{ut as D,ot as O,dt as g,ft as l,mt as p,ht as s};
package/dist/packem_shared/provenance-smHa8efI.js ADDED
@@ -0,0 +1 @@
1
+ var R=Object.defineProperty;var d=(e,t)=>R(e,"name",{value:t,configurable:!0});import{createRequire as M}from"node:module";import{aB as u,k as C,i as O}from"../packem_chunks/bin.js";import{M as v,i as k,n as U,b as D}from"../packem_chunks/config.js";const T=M(import.meta.url),f=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,A=d(e=>{if(typeof f<"u"&&f.versions&&f.versions.node){const[t,r]=f.versions.node.split(".").map(Number);if(t>22||t===22&&r>=3||t===20&&r>=16)return f.getBuiltinModule(e)}return T(e)},"__cjs_getBuiltinModule"),{rmSync:p,writeFileSync:$,readdirSync:S}=A("node:fs");var N=Object.defineProperty,b=d((e,t)=>N(e,"name",{value:t,configurable:!0}),"o$1");const F=8,V=b(async(e,t,r)=>{if(e.length===0)return[];const a=Math.max(1,Math.min(t,e.length)),o=Array.from({length:e.length});let n=0;const i=b(async()=>{for(;n<e.length;){const s=n;n+=1;const l=e[s];o[s]=await r(l,s)}},"worker");return await Promise.all(Array.from({length:a},()=>i())),o},"mapWithConcurrency");var W=Object.defineProperty,c=d((e,t)=>W(e,"name",{value:t,configurable:!0}),"o");const w=2,E=1800*1e3,L=15e3,g=c(()=>v(C(),"packuments"),"getPackumentCacheDir"),P=c(e=>v(g(),`${encodeURIComponent(e)}.json`),"cacheFilePath"),x=c(e=>{const t=P(e);if(k(t))try{const r=U(t);if(r.cacheVersion!==w){p(t,{force:!0});return}if(Date.now()-r.createdAt>r.ttlMs){p(t,{force:!0});return}return r.packument}catch{p(t,{force:!0});return}},"readCached"),B=c((e,t,r)=>{D(g());const a={cacheVersion:w,createdAt:Date.now(),packument:t,ttlMs:r};$(P(e),JSON.stringify(a),"utf8")},"writeCached"),q=c(e=>{const t={},r=e.versions??{};for(const[o,n]of Object.entries(r)){const i=n.dist,s={version:o};if(n._npmUser!==void 0&&(s._npmUser=n._npmUser),n.maintainers!==void 0&&(s.maintainers=n.maintainers),n.bin!==void 0&&(s.bin=n.bin),i!==void 0){const l={};i.signatures!==void 0&&(l.signatures=i.signatures),i.attestations!==void 0&&(l.attestations=i.attestations),typeof i.integrity=="string"&&(l.integrity=i.integrity),typeof i.tarball=="string"&&(l.tarball=i.tarball),s.dist=l}n.repository!==void 0&&(s.repository=n.repository),n.license!==void 0&&(s.license=n.license),typeof n.readme=="string"&&(s.readme=n.readme),typeof n.readmeFilename=="string"&&(s.readmeFilename=n.readmeFilename),typeof n.private=="boolean"&&(s.private=n.private),typeof n.deprecated=="string"&&(s.deprecated=n.deprecated),n.scripts!==void 0&&typeof n.scripts=="object"&&(s.scripts=n.scripts),t[o]=s}const a={name:typeof e.name=="string"?e.name:"",versions:t};return e["dist-tags"]!==void 0&&(a["dist-tags"]=e["dist-tags"]),e.time!==void 0&&(a.time=e.time),typeof e.readme=="string"&&(a.readme=e.readme),a},"stripPackument"),H=c(e=>{const t={Accept:"application/json"};return e!==void 0&&e!==""&&(t.Authorization=`Bearer ${e}`),t},"buildHeaders"),z=c(async(e,t)=>{if(t.registryUrl!==void 0)return{authToken:t.authToken,url:t.registryUrl};if(t.workspaceRoot!==void 0){const{getRegistryForPackage:r,loadNpmrc:a}=await import("../packem_chunks/bin.js").then(s=>s.bK),o=a(t.workspaceRoot),{token:n,url:i}=r(e,o);return{authToken:t.authToken??n,url:i}}return{authToken:t.authToken,url:"https://registry.npmjs.org"}},"resolveRegistry"),I=c(async(e,t={})=>{const r=t.cacheTtlMs??E,a=x(e);if(a!==void 0)return a;const o=await z(e,t),n=`${o.url.endsWith("/")?o.url.slice(0,-1):o.url}/${e.replace("/","%2f")}`,i=new AbortController,s=setTimeout(()=>{i.abort()},L),l=c(()=>{i.abort()},"abortListener");t.signal?.addEventListener("abort",l,{once:!0});try{const m=await fetch(n,{headers:H(o.authToken),signal:i.signal});if(m.status===404)return;if(!m.ok)throw new Error(`Registry returned ${String(m.status)} for ${e}`);const _=await m.json(),y=q(_);return B(e,y,r),y}finally{clearTimeout(s),t.signal?.removeEventListener("abort",l)}},"getPackument"),Z=c((e,t)=>{const r=Object.keys(e.versions);if(r.length===0)return;if(t===void 0||t===""||t==="latest")return e["dist-tags"]?.latest??r.at(-1);const a=e["dist-tags"]?.[t];return a!==void 0?a:Object.hasOwn(e.versions,t)?t:u.maxSatisfying(r,t)??void 0},"resolveVersionRange");c(()=>{const e=g();if(!k(e))return 0;let t=0;for(const r of S(e))r.endsWith(".json")&&(p(v(e,r),{force:!0}),t+=1);return t},"clearPackumentCache");var J=Object.defineProperty,h=d((e,t)=>J(e,"name",{value:t,configurable:!0}),"i");const j=h((e,t)=>e.versions[t]?.dist?.attestations?.provenance!==void 0,"hasProvenance"),K=h((e,t)=>u.valid(t)?Object.keys(e.versions).filter(r=>u.valid(r)!==null&&u.lt(r,t)).filter(r=>u.satisfies(r,"*",{includePrerelease:!1})).filter(r=>j(e,r)).sort((r,a)=>u.lt(r,a)?1:-1)[0]:void 0,"findNewestPriorWithAttestations"),ee=h(async(e,t={})=>{if(O("provenance"))return[];const r=new Set(t.allowlist),a=t.concurrency??F;return(await V(e,a,async({name:o,version:n})=>{if(r.has(o))return;const i=await I(o,{workspaceRoot:t.workspaceRoot});if(i===void 0||j(i,n))return;const s=K(i,n);if(s!==void 0)return{packageName:o,priorVersionWithProvenance:s,version:n}})).filter(o=>o!==void 0)},"runProvenanceMarshall");export{F as D,Z as a,K as f,I as g,V as m,ee as r};
package/dist/packem_shared/{registry-keys-CewRFW0e.js → registry-keys-3qaVog76.js} RENAMED
@@ -1 +1 @@
1
- var v=Object.defineProperty;var a=(e,r)=>v(e,"name",{value:r,configurable:!0});import{createRequire as _}from"node:module";import{M as h,i as m,n as j,b as R}from"../packem_chunks/config.js";import{n as K}from"../packem_chunks/bin.js";const k=_(import.meta.url),n=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,b=a(e=>{if(typeof n<"u"&&n.versions&&n.versions.node){const[r,t]=n.versions.node.split(".").map(Number);if(r>22||r===22&&t>=3||r===20&&t>=16)return n.getBuiltinModule(e)}return k(e)},"__cjs_getBuiltinModule"),{rmSync:d,writeFileSync:C}=b("node:fs");var M=Object.defineProperty,o=a((e,r)=>M(e,"name",{value:r,configurable:!0}),"r");const w=1440*60*1e3,A=15e3,S="https://registry.npmjs.org/-/npm/v1/keys",p=o(()=>h(K(),"registry-keys"),"getRegistryKeysCacheDir"),c=o(()=>h(p(),"npmjs.json"),"cacheFilePath"),T=o(()=>{const e=c();if(m(e))try{const r=j(e),t=Date.now()-r.createdAt>r.ttlMs;return{entry:r,expired:t}}catch{d(e,{force:!0});return}},"readCachedKeys"),D=o((e,r)=>{R(p());const t={createdAt:Date.now(),keys:e,ttlMs:r};C(c(),JSON.stringify(t),"utf8")},"writeCachedKeys"),x=o(async(e={})=>{const r=e.ttlMs??w,t=e.keysUrl??process.env.VIS_NPM_KEYS_URL??S,s=T();if(s!==void 0&&!s.expired&&e.forceRefresh!==!0)return{fromCache:!0,keys:s.entry.keys};const i=new AbortController,g=setTimeout(()=>{i.abort()},A),y=o(()=>{i.abort()},"abortListener");e.signal?.addEventListener("abort",y,{once:!0});try{const u=await fetch(t,{headers:{Accept:"application/json"},signal:i.signal});if(!u.ok)return s!==void 0?{fromCache:!0,keys:s.entry.keys,stale:!0}:void 0;const f=await u.json(),l=Array.isArray(f.keys)?f.keys:[];return D(l,r),{fromCache:!1,keys:l}}catch{return s!==void 0?{fromCache:!0,keys:s.entry.keys,stale:!0}:void 0}finally{clearTimeout(g),e.signal?.removeEventListener("abort",y)}},"fetchRegistryKeys"),N=o(()=>{const e=c();return m(e)?(d(e,{force:!0}),!0):!1},"clearRegistryKeysCache");export{N as c,x as f};
1
+ var v=Object.defineProperty;var a=(e,r)=>v(e,"name",{value:r,configurable:!0});import{createRequire as k}from"node:module";import{i as h,M as m,n as j,b as R}from"../packem_chunks/config.js";import{k as K}from"../packem_chunks/bin.js";const _=k(import.meta.url),n=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,b=a(e=>{if(typeof n<"u"&&n.versions&&n.versions.node){const[r,t]=n.versions.node.split(".").map(Number);if(r>22||r===22&&t>=3||r===20&&t>=16)return n.getBuiltinModule(e)}return _(e)},"__cjs_getBuiltinModule"),{rmSync:d,writeFileSync:C}=b("node:fs");var M=Object.defineProperty,o=a((e,r)=>M(e,"name",{value:r,configurable:!0}),"r");const w=1440*60*1e3,A=15e3,S="https://registry.npmjs.org/-/npm/v1/keys",p=o(()=>m(K(),"registry-keys"),"getRegistryKeysCacheDir"),c=o(()=>m(p(),"npmjs.json"),"cacheFilePath"),T=o(()=>{const e=c();if(h(e))try{const r=j(e),t=Date.now()-r.createdAt>r.ttlMs;return{entry:r,expired:t}}catch{d(e,{force:!0});return}},"readCachedKeys"),D=o((e,r)=>{R(p());const t={createdAt:Date.now(),keys:e,ttlMs:r};C(c(),JSON.stringify(t),"utf8")},"writeCachedKeys"),x=o(async(e={})=>{const r=e.ttlMs??w,t=e.keysUrl??process.env.VIS_NPM_KEYS_URL??S,s=T();if(s!==void 0&&!s.expired&&e.forceRefresh!==!0)return{fromCache:!0,keys:s.entry.keys};const i=new AbortController,g=setTimeout(()=>{i.abort()},A),y=o(()=>{i.abort()},"abortListener");e.signal?.addEventListener("abort",y,{once:!0});try{const u=await fetch(t,{headers:{Accept:"application/json"},signal:i.signal});if(!u.ok)return s!==void 0?{fromCache:!0,keys:s.entry.keys,stale:!0}:void 0;const f=await u.json(),l=Array.isArray(f.keys)?f.keys:[];return D(l,r),{fromCache:!1,keys:l}}catch{return s!==void 0?{fromCache:!0,keys:s.entry.keys,stale:!0}:void 0}finally{clearTimeout(g),e.signal?.removeEventListener("abort",y)}},"fetchRegistryKeys"),N=o(()=>{const e=c();return h(e)?(d(e,{force:!0}),!0):!1},"clearRegistryKeysCache");export{N as c,x as f};
package/dist/packem_shared/resolve-explicit-BgFQHUEP.js ADDED
@@ -0,0 +1,5 @@
1
+ var S=Object.defineProperty;var g=(e,a)=>S(e,"name",{value:a,configurable:!0});import{createRequire as C}from"node:module";import{s as _,i as P,p as y,aB as O}from"../packem_chunks/bin.js";import{h as V,M as F,r as L,a as I,b as B,c as W,d as U,e as Y,f as q}from"./s1ngularity-CwSBPB3I.js";import{m as f,D as v,g as k,r as H}from"./provenance-smHa8efI.js";import{r as z}from"./signatures-b-jJYoZd.js";import{d as G}from"./utils-DrNg0XTR.js";const E=C(import.meta.url),w=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,j=g(e=>{if(typeof w<"u"&&w.versions&&w.versions.node){const[a,s]=w.versions.node.split(".").map(Number);if(a>22||a===22&&s>=3||a===20&&s>=16)return w.getBuiltinModule(e)}return E(e)},"__cjs_getBuiltinModule"),{createInterface:x}=j("node:readline");var J=Object.defineProperty,m=g((e,a)=>J(e,"name",{value:a,configurable:!0}),"s");const K=15,Q=m(e=>{if(e===void 0)return!1;const a=e.trim().toLowerCase();return a!==""&&a!=="0"&&a!=="false"&&a!=="no"},"isTruthyEnv"),X=m(e=>{const a=(e.TERM??"").toLowerCase();return a!=="dumb"&&a!=="unknown"&&a!==""},"shouldAnimateCountdown"),Z=m(async e=>{const a=x({input:process.stdin,output:process.stdout});try{return await new Promise(s=>{a.question(e,r=>{s(r.trim().toLowerCase())})})}finally{a.close()}},"defaultReadline"),N=m(async(e,a)=>{const s=await a(e);return s==="y"||s==="yes"},"promptYesNo"),ee=m(async(e,a,s,r)=>new Promise(c=>{if(r?.aborted){c(!1);return}const o=X(s)&&a.isTTY!==!1;let n=e;const i=m(()=>{o?a.write(`\rContinuing in ${String(n)}s... press Ctrl-C to abort. `):n===e&&a.write(`Warnings present; proceeding in ${String(e)}s.
2
+ `)},"render");i();const d=setInterval(()=>{if(n-=1,n<=0){clearInterval(d),r?.removeEventListener("abort",l),o&&a.write(`\rContinuing now.
3
+ `),c(!0);return}i()},1e3),l=m(()=>{clearInterval(d),o&&a.write(`\rAborted.
4
+ `),c(!1)},"onAbort");r?.addEventListener("abort",l,{once:!0})}),"runCountdown"),ae=m(async(e,a={})=>{if(e.length===0)return{proceed:!0};const s=a.env??process.env,r=a.isTty??!!process.stdin.isTTY,c=a.isCi??_,o=a.strict??!1,n=a.readline??Z,i=a.output??{isTTY:!!process.stdout.isTTY,write:m(u=>process.stdout.write(u),"write")},d=Q(s.VIS_DISABLE_AUTO_CONTINUE),l=Number.parseInt(s.VIS_AUTO_CONTINUE_SECONDS??"",10),t=a.countdownSeconds??(Number.isFinite(l)&&l>0?l:K);return e.some(u=>u.severity==="error")?o?{proceed:!1,reason:"errors-present"}:c?{proceed:!1,reason:"errors-present"}:r?await N("Proceed despite errors? [y/N] ",n)?{proceed:!0}:{proceed:!1,reason:"user-aborted"}:{proceed:!1,reason:"non-tty"}:o?{proceed:!1,reason:"ci-strict"}:r?d?await N("Proceed despite warnings? [y/N] ",n)?{proceed:!0}:{proceed:!1,reason:"user-aborted"}:await ee(t,i,s,a.signal)?{proceed:!0}:{proceed:!1,reason:"user-aborted"}:{proceed:!0}},"presentMarshallDecision"),_e=m(async(e,a={})=>{if(e.isEmpty())return!0;const s=e.all(),r=a.output??{isTTY:!!process.stdout.isTTY,write:m(c=>process.stdout.write(c),"write")};for(const c of V(s))r.write(`${c}
5
+ `);return(await ae(s,{countdownSeconds:a.countdownSeconds,isCi:a.isCi,isTty:a.isTty,output:r,readline:a.readline,signal:a.signal,strict:a.strict})).proceed},"presentMarshallFindings");var re=Object.defineProperty,b=g((e,a)=>re(e,"name",{value:a,configurable:!0}),"i");const D=300,se=b(e=>{const a=e.replaceAll(new RegExp("\\p{Cc}","gu")," ").replaceAll(/\s+/gu," ").trim();return a.length>D?`${a.slice(0,D-1)}…`:a},"sanitizeReason"),ne=b(e=>{const a=e["dist-tags"]?.latest;return a!==void 0&&Object.hasOwn(e.versions,a)?a:Object.keys(e.versions).at(-1)},"resolveLatestVersion"),te=b(async(e,a={})=>{if(P("deprecation"))return[];const s=new Set(a.allowlist),r=a.concurrency??v;return(await f(e,r,async({name:c,version:o})=>{if(s.has(c))return;const n=await k(c,{workspaceRoot:a.workspaceRoot});if(n===void 0)return;const i=Object.hasOwn(n.versions,o)?o:ne(n);if(i===void 0)return;const d=n.versions[i];if(d===void 0)return;const l=typeof d.deprecated=="string"?se(d.deprecated):"";if(l!=="")return{packageName:c,reason:l,version:i}})).filter(c=>c!==void 0)},"runDeprecationMarshall");var oe=Object.defineProperty,h=g((e,a)=>oe(e,"name",{value:a,configurable:!0}),"t");const M={newPackageDays:22,unmaintainedDays:365},R=1440*60*1e3,$=h(e=>{if(e===void 0)return;const a=Date.parse(e);return Number.isNaN(a)?void 0:a},"parseTime"),A=h(e=>{const a=e.time??{};return Object.entries(a).filter(([s])=>s!=="created"&&s!=="modified").map(([,s])=>$(s)).filter(s=>s!==void 0)},"versionStamps"),ie=h(e=>{const a=$(e.time?.created);if(a!==void 0)return a;const s=A(e);return s.length>0?Math.min(...s):void 0},"firstPublishMs"),ce=h(e=>{const a=$(e.time?.modified);if(a!==void 0)return a;const s=A(e);return s.length>0?Math.max(...s):void 0},"lastPublishMs"),le=h(async(e,a={})=>{if(P("packageAge"))return[];const s=new Set(a.allowlist),r=a.concurrency??v,c=(a.now??Date.now)(),o=a.thresholds?.newPackageDays??M.newPackageDays,n=a.thresholds?.unmaintainedDays??M.unmaintainedDays;return(await f(e,r,async({name:i})=>{if(s.has(i))return;const d=await k(i,{workspaceRoot:a.workspaceRoot});if(d===void 0)return;const l=ie(d);if(l!==void 0){const u=(c-l)/R;if(u<o)return{days:Math.max(0,Math.floor(u)),kind:"new-package",packageName:i,severity:"error"}}const t=ce(d);if(t!==void 0){const u=(c-t)/R;if(u>n)return{days:Math.floor(u),kind:"unmaintained",packageName:i,severity:"warning"}}})).filter(i=>i!==void 0)},"runPackageAgeMarshall");var de=Object.defineProperty,p=g((e,a)=>de(e,"name",{value:a,configurable:!0}),"o");const pe=p(e=>({marshall:"author",message:e.message,packageName:e.packageName,severity:e.severity}),"formatAuthorFinding"),ue=p(e=>({marshall:"provenance",message:`Prior version ${e.priorVersionWithProvenance} had provenance but ${e.version} does not.`,packageName:e.packageName,severity:"error",suggestedAction:`Investigate why ${e.version} dropped sigstore attestations.`}),"formatProvenanceFinding"),me=p(e=>{const a=e.hookChanges.map(s=>`${s.hook} (${s.kind})`).join(", ");return{marshall:"s1ngularity",message:`${e.version} ${e.hookChanges.length===1?"has an":"has"} install-script ${e.hookChanges.length===1?"change":"changes"} [${a}] AND dropped the provenance attestation that ${e.priorVersion} carried — this is the s1ngularity compromised-publish shape.`,packageName:e.packageName,severity:"error",suggestedAction:`Do not install ${e.packageName}@${e.version}. Verify the publish against the project's release CI; pin to ${e.priorVersion} until confirmed. Allowlist via security.marshalls.s1ngularity.allowlist only if the conjunction is explained.`}},"formatS1ngularityFinding"),ge=p(e=>({marshall:"deprecation",message:`${e.packageName}@${e.version} is deprecated: ${e.reason}`,packageName:e.packageName,severity:"error",suggestedAction:`Migrate off ${e.packageName} or add it to security.marshalls.deprecation.allowlist if the deprecation is acceptable.`}),"formatDeprecationFinding"),we=p(e=>({marshall:"packageAge",message:e.kind==="new-package"?`Package first published ${String(e.days)} day${e.days===1?"":"s"} ago — brand-new package names are a common typosquat/dependency-confusion signature.`:`No new release in ${String(e.days)} days — package may be unmaintained.`,packageName:e.packageName,severity:e.severity}),"formatPackageAgeFinding"),he=p(e=>{const a=e.newBins.map(s=>s.command).join(", ");return{marshall:"newBin",message:`${e.toVersion} adds new bin script${e.newBins.length===1?"":"s"}: ${a} (prior: ${e.fromVersion}).`,packageName:e.packageName,severity:"warning"}},"formatNewBinFinding"),ye=p(e=>({marshall:"metadata",message:`Missing/invalid metadata: ${e.issues.join(", ")}.`,packageName:e.packageName,severity:"warning"}),"formatMetadataFinding"),fe=p(e=>e.kind==="no-data"?{marshall:"downloads",message:"npm stats API returned no monthly download data.",packageName:e.packageName,severity:e.severity}:{marshall:"downloads",message:`Only ${String(e.downloadsLastMonth??0)} downloads in the past month.`,packageName:e.packageName,severity:e.severity},"formatDownloadsFinding"),ve=p(e=>({marshall:"expiredDomains",message:e.kind==="expired"?`Maintainer email domain ${e.domain} (${e.maintainer}) is unregistered — potential hijack risk.`:`Could not verify maintainer email domain ${e.domain} (${e.maintainer}).`,packageName:e.packageName,severity:e.severity}),"formatExpiredDomainsFinding"),ke=p(e=>({marshall:"signatures",message:e.message,packageName:e.packageName,severity:e.severity}),"formatSignatureFinding"),be=p(e=>({marshall:"archivedRepo",message:e.kind==="archived"?`Source repo ${e.owner}/${e.repo} is archived${e.archivedAt===void 0?"":` (since ${e.archivedAt})`}.`:`Source repo ${e.owner}/${e.repo} returned 404 from GitHub.`,packageName:e.packageName,severity:"warning"}),"formatArchivedRepoFinding"),$e=["author","provenance","s1ngularity","newBin","metadata","deprecation","packageAge","expiredDomains","signatures","archivedRepo"],Ne=p(e=>$e.some(a=>a==="signatures"?e.signatures?.enabled===!0:e[a]?.enabled!==!1),"anyPackumentReaderEnabled"),De=p(async(e,a,s,r)=>{const c=[...new Set(e.map(o=>o.name))];await f(c,a,async o=>{try{await k(o,{signal:r,workspaceRoot:s})}catch{}})},"prefetchPackuments"),Oe=p(async(e,a={})=>{const s=new F;if(e.length===0)return s;const r=a.config??{},c=e.map(t=>t.name),o=a.signal,n=a.concurrency??v;Ne(r)&&await De(e,n,a.workspaceRoot,o);const i=[],d=[],l=p(t=>{const u=i.length;i.push([]),d.push((async()=>{try{i[u]=await t()}catch{}})())},"schedule");r.author?.enabled!==!1&&l(async()=>(await L(e,{allowlist:r.author?.allowlist,concurrency:n,signal:o,thresholds:{dormantErrorDays:r.author?.dormantErrorDays,dormantWarnDays:r.author?.dormantWarnDays,newPublisherWindowDays:r.author?.newPublisherWindowDays,recentVersionErrorDays:r.author?.recentVersionErrorDays,recentVersionWarnDays:r.author?.recentVersionWarnDays},workspaceRoot:a.workspaceRoot})).map(t=>pe(t))),r.provenance?.enabled!==!1&&l(async()=>(await H(e,{allowlist:r.provenance?.allowlist,concurrency:n,workspaceRoot:a.workspaceRoot})).map(t=>ue(t))),r.s1ngularity?.enabled!==!1&&l(async()=>(await I(e,{allowlist:r.s1ngularity?.allowlist,concurrency:n,workspaceRoot:a.workspaceRoot})).map(t=>me(t))),r.newBin?.enabled!==!1&&l(async()=>(await B(e,{allowlist:r.newBin?.allowlist,concurrency:n,workspaceRoot:a.workspaceRoot})).map(t=>he(t))),r.metadata?.enabled!==!1&&l(async()=>(await W(e,{allowlist:r.metadata?.allowlist,checks:r.metadata?.checks,concurrency:n,workspaceRoot:a.workspaceRoot})).map(t=>ye(t))),r.deprecation?.enabled!==!1&&l(async()=>(await te(e,{allowlist:r.deprecation?.allowlist,concurrency:n,workspaceRoot:a.workspaceRoot})).map(t=>ge(t))),r.packageAge?.enabled!==!1&&l(async()=>(await le(e,{allowlist:r.packageAge?.allowlist,concurrency:n,thresholds:{newPackageDays:r.packageAge?.newPackageDays,unmaintainedDays:r.packageAge?.unmaintainedDays},workspaceRoot:a.workspaceRoot})).map(t=>we(t))),r.downloads?.enabled!==!1&&l(async()=>(await U(c,{allowlist:r.downloads?.allowlist,concurrency:n,errorThreshold:r.downloads?.errorThreshold,signal:o,warnThreshold:r.downloads?.warnThreshold})).map(t=>fe(t))),r.expiredDomains?.enabled!==!1&&l(async()=>(await Y(e,{allowDomains:r.expiredDomains?.allowDomains,allowlist:r.expiredDomains?.allowlist,concurrency:n,dnsServers:r.expiredDomains?.dnsServers,perDomainTimeoutMs:r.expiredDomains?.timeoutMs,signal:o,workspaceRoot:a.workspaceRoot})).map(t=>ve(t))),r.signatures?.enabled===!0&&l(async()=>(await z(e,{allowlist:r.signatures?.allowlist,concurrency:n,keysUrl:r.signatures?.keysUrl,signal:o,treatExpiredAs:r.signatures?.treatExpiredAs,workspaceRoot:a.workspaceRoot})).map(t=>ke(t))),r.archivedRepo?.enabled!==!1&&l(async()=>(await q(e,{allowlist:r.archivedRepo?.allowlist,concurrency:n,githubToken:r.archivedRepo?.githubToken,signal:o,workspaceRoot:a.workspaceRoot})).map(t=>be(t))),await Promise.all(d);for(const t of i)s.addMany(t);return s},"runMarshallPipeline");var Me=Object.defineProperty,T=g((e,a)=>Me(e,"name",{value:a,configurable:!0}),"l");const Re=1e4,Pe=T(async(e,a=Re)=>{const s=new Map;if(e.length===0)return s;const r=new AbortController,c=setTimeout(()=>{r.abort()},a);try{await Promise.all(e.map(async o=>{try{const n=await fetch(`https://registry.npmjs.org/${o}/latest`,{headers:{Accept:"application/json"},signal:r.signal});if(n.ok){const i=await n.json();i.version?s.set(o,i.version):y.debug(`resolveLatestVersions: ${o} returned 200 but no version field; dropping.`)}else y.debug(`resolveLatestVersions: ${o} returned ${String(n.status)}; dropping.`)}catch(n){y.debug(`resolveLatestVersions: ${o} fetch failed (${n instanceof Error?n.message:String(n)}); dropping.`)}}))}finally{clearTimeout(c)}return s},"resolveLatestVersions"),Ve=T(async e=>{const a=e.map(n=>G(n)),s=new Map;for(const n of a)if(n.versionSpec){const i=O.coerce(n.versionSpec);i&&s.set(n.name,i.version)}const r=a.filter(n=>!s.has(n.name)).map(n=>n.name),c=await Pe(r),o=[];for(const n of a){const i=s.get(n.name)??c.get(n.name);i?o.push({name:n.name,version:i}):y.debug(`resolveExplicitPackages: dropping ${n.name}${n.versionSpec?`@${n.versionSpec}`:""} — neither semver-coerce nor /latest resolved a version.`)}return o},"resolveExplicitPackages");export{Pe as a,Oe as b,_e as p,Ve as r};
package/dist/packem_shared/{run-summary-utils-BaBGP3bo.js → run-summary-utils-DIJV_dUD.js} RENAMED
@@ -1 +1 @@
1
- var j=Object.defineProperty;var u=(e,s)=>j(e,"name",{value:s,configurable:!0});import{createRequire as M}from"node:module";import{M as f}from"../packem_chunks/config.js";import{o as p}from"../packem_chunks/bin.js";const _=M(import.meta.url),m=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,g=u(e=>{if(typeof m<"u"&&m.versions&&m.versions.node){const[s,t]=m.versions.node.split(".").map(Number);if(s>22||s===22&&t>=3||s===20&&t>=16)return m.getBuiltinModule(e)}return _(e)},"__cjs_getBuiltinModule"),{readdir:l,stat:h,readFile:y}=g("node:fs/promises");var v=Object.defineProperty,c=u((e,s)=>v(e,"name",{value:s,configurable:!0}),"m");const w=c((e,s)=>e.tasks.find(t=>t.taskId===s),"findTaskInSummary"),d=c((e,s)=>{const t=e??{},n=s??{},i=[],r=[],o=[];for(const a of Object.keys(t))a in n?t[a]!==n[a]&&o.push(a):i.push(a);for(const a of Object.keys(n))a in t||r.push(a);return i.sort(),r.sort(),o.sort(),{added:i,changed:o,removed:r}},"diffHashBuckets"),B=c((e,s)=>({commandChanged:(e?.command??"")!==(s?.command??""),implicitDeps:d(e?.implicitDeps,s?.implicitDeps),nodes:d(e?.nodes,s?.nodes),runtime:d(e?.runtime,s?.runtime)}),"diffHashDetails"),D=c(async(e,s)=>{const t=f(p(e),`${s}.json`);try{const n=await y(t,"utf8");return JSON.parse(n)}catch{return}},"readRunSummaryById"),I=c(async(e,s)=>{const t=p(e);let n;try{n=await l(t)}catch{return}const i=[];for(const r of n){if(!r.endsWith(".json")||s!==void 0&&r===`${s}.json`)continue;const o=f(t,r);try{const a=await h(o);a.isFile()&&i.push({mtimeMs:a.mtimeMs,path:o})}catch{}}if(i.length!==0){i.sort((r,o)=>o.mtimeMs-r.mtimeMs);try{const r=await y(i[0].path,"utf8");return JSON.parse(r)}catch{return}}},"readPreviousRunSummary"),O=c(async e=>{const s=p(e);let t;try{t=await l(s)}catch{return[]}const n=[];for(const i of t){if(!i.endsWith(".json"))continue;const r=f(s,i);try{const o=await h(r);o.isFile()&&n.push({id:i.slice(0,-5),mtimeMs:o.mtimeMs,path:r})}catch{}}return n.sort((i,r)=>r.mtimeMs-i.mtimeMs),n},"listRunSummaries");export{I as a,B as d,w as f,O as l,D as r};
1
+ var j=Object.defineProperty;var u=(e,s)=>j(e,"name",{value:s,configurable:!0});import{createRequire as M}from"node:module";import{M as f}from"../packem_chunks/config.js";import{l as p}from"../packem_chunks/bin.js";const _=M(import.meta.url),m=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,g=u(e=>{if(typeof m<"u"&&m.versions&&m.versions.node){const[s,t]=m.versions.node.split(".").map(Number);if(s>22||s===22&&t>=3||s===20&&t>=16)return m.getBuiltinModule(e)}return _(e)},"__cjs_getBuiltinModule"),{readdir:l,stat:h,readFile:y}=g("node:fs/promises");var v=Object.defineProperty,c=u((e,s)=>v(e,"name",{value:s,configurable:!0}),"m");const w=c((e,s)=>e.tasks.find(t=>t.taskId===s),"findTaskInSummary"),d=c((e,s)=>{const t=e??{},n=s??{},i=[],r=[],o=[];for(const a of Object.keys(t))a in n?t[a]!==n[a]&&o.push(a):i.push(a);for(const a of Object.keys(n))a in t||r.push(a);return i.sort(),r.sort(),o.sort(),{added:i,changed:o,removed:r}},"diffHashBuckets"),B=c((e,s)=>({commandChanged:(e?.command??"")!==(s?.command??""),implicitDeps:d(e?.implicitDeps,s?.implicitDeps),nodes:d(e?.nodes,s?.nodes),runtime:d(e?.runtime,s?.runtime)}),"diffHashDetails"),D=c(async(e,s)=>{const t=f(p(e),`${s}.json`);try{const n=await y(t,"utf8");return JSON.parse(n)}catch{return}},"readRunSummaryById"),I=c(async(e,s)=>{const t=p(e);let n;try{n=await l(t)}catch{return}const i=[];for(const r of n){if(!r.endsWith(".json")||s!==void 0&&r===`${s}.json`)continue;const o=f(t,r);try{const a=await h(o);a.isFile()&&i.push({mtimeMs:a.mtimeMs,path:o})}catch{}}if(i.length!==0){i.sort((r,o)=>o.mtimeMs-r.mtimeMs);try{const r=await y(i[0].path,"utf8");return JSON.parse(r)}catch{return}}},"readPreviousRunSummary"),O=c(async e=>{const s=p(e);let t;try{t=await l(s)}catch{return[]}const n=[];for(const i of t){if(!i.endsWith(".json"))continue;const r=f(s,i);try{const o=await h(r);o.isFile()&&n.push({id:i.slice(0,-5),mtimeMs:o.mtimeMs,path:r})}catch{}}return n.sort((i,r)=>r.mtimeMs-i.mtimeMs),n},"listRunSummaries");export{I as a,B as d,w as f,O as l,D as r};
package/dist/packem_shared/runtime-check-DrMx4Q9L.js ADDED
@@ -0,0 +1 @@
1
+ var h=Object.defineProperty;var f=(n,r)=>h(n,"name",{value:r,configurable:!0});import{M as m,i as k,$ as v,n as M}from"../packem_chunks/config.js";import{whichBin as $}from"#native";var b=Object.defineProperty,g=f((n,r)=>b(n,"name",{value:r,configurable:!0}),"p");const j=g(n=>{for(const r of[".nvmrc",".node-version"]){const i=m(n,r);if(k(i))try{return v(i).trim().replace(/^v/,"")}catch{}}},"readNodeVersionFile"),l=g((n,r)=>{const i=n.split(/[.\-+]/).map(s=>Number.parseInt(s,10)||0),c=r.split(/[.\-+]/).map(s=>Number.parseInt(s,10)||0),e=Math.max(i.length,c.length);for(let s=0;s<e;s++){const t=i[s]??0,a=c[s]??0;if(t!==a)return t-a}return 0},"compareVersions"),y=g((n,r)=>{const i=r.trim();if(i===""||i==="*")return!0;const c=i.split(/\s+/).filter(Boolean);for(const e of c)if(e.startsWith(">=")){if(l(n,e.slice(2).trim())<0)return!1}else if(e.startsWith("<=")){if(l(n,e.slice(2).trim())>0)return!1}else if(e.startsWith(">")){if(l(n,e.slice(1).trim())<=0)return!1}else if(e.startsWith("<")){if(l(n,e.slice(1).trim())>=0)return!1}else if(/^\d/.test(e)){const s=n.split("."),t=e.split(".");for(const[a,o]of t.entries())if(o!==s[a])return!1}return!0},"satisfiesRange"),R=g(n=>{const r=[],i=m(n,"package.json");let c;try{c=M(i)}catch{return r}const e=process.versions.node;if(c.engines?.node){const t=c.engines.node;y(e,t)||r.push({actual:e,expected:t,kind:"node",message:`package.json engines.node requires ${t}, but the current Node.js is ${e}.`,severity:"error"})}const s=j(n);if(s){const[t,a]=s.split("."),[o,p]=e.split(".");(t!==o||a!==void 0&&a!==p)&&r.push({actual:e,expected:s,kind:"node",message:`.nvmrc pins Node ${s} but the current Node.js is ${e}. Run \`nvm use\` or switch runtimes.`,severity:"warning"})}if(c.packageManager){const[t,a]=c.packageManager.split("@"),o=(process.env.npm_config_user_agent??"").split(" ")[0]??"",[p,u]=o.split("/"),d=t==="aube"&&$("aube")!==null;p&&t&&p!==t?r.push({actual:p,expected:t,kind:"packageManager",message:`package.json packageManager pins ${c.packageManager} but the current invocation is ${o}. Install the correct package manager.`,severity:d?"warning":"error"}):u&&a&&u!==a&&r.push({actual:u,expected:a,kind:"packageManager",message:`package.json packageManager pins ${t}@${a} but the current invocation uses ${t}@${u}.`,severity:"warning"})}return r},"checkRuntimeVersions");export{R as c};
package/dist/packem_shared/s1ngularity-CwSBPB3I.js ADDED
@@ -0,0 +1 @@
1
+ var ie=Object.defineProperty;var p=(r,e)=>ie(r,"name",{value:e,configurable:!0});import{createRequire as oe}from"node:module";import{a as Q,e as C,k as L,i as b,aB as g}from"../packem_chunks/bin.js";import{M as k,i as N,n as W,b as B}from"../packem_chunks/config.js";import{m as D,D as M,g as S}from"./provenance-smHa8efI.js";const ae=oe(import.meta.url),E=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,F=p(r=>{if(typeof E<"u"&&E.versions&&E.versions.node){const[e,t]=E.versions.node.split(".").map(Number);if(e>22||e===22&&t>=3||e===20&&t>=16)return E.getBuiltinModule(r)}return ae(r)},"__cjs_getBuiltinModule"),{rmSync:y,writeFileSync:U,readdirSync:V}=F("node:fs"),{createHash:ce}=F("node:crypto"),{Resolver:de}=F("node:dns/promises");var le=Object.defineProperty,I=p((r,e)=>le(r,"name",{value:e,configurable:!0}),"t$2");class hr{static{p(this,"MarshallFindings")}static{I(this,"MarshallFindings")}entries=[];add(e){this.entries.push(e)}addMany(e){for(const t of e)this.entries.push(t)}all(){return this.entries}errors(){return this.entries.filter(e=>e.severity==="error")}warnings(){return this.entries.filter(e=>e.severity==="warning")}hasErrors(){return this.entries.some(e=>e.severity==="error")}hasWarnings(){return this.entries.some(e=>e.severity==="warning")}isEmpty(){return this.entries.length===0}size(){return this.entries.length}}const fr=I(r=>{if(r.length===0)return[];const e=[],t=r.filter(s=>s.severity==="error"),n=r.filter(s=>s.severity==="warning");if(t.length>0){e.push(Q(`${String(t.length)} error${t.length===1?"":"s"}:`));for(const s of t)e.push(` ${Q("✗")} [${s.marshall}] ${s.packageName}: ${s.message}`),s.suggestedAction!==void 0&&e.push(` ${C("→")} ${s.suggestedAction}`)}if(n.length>0){t.length>0&&e.push(""),e.push(C(`${String(n.length)} warning${n.length===1?"":"s"}:`));for(const s of n)e.push(` ${C("⚠")} [${s.marshall}] ${s.packageName}: ${s.message}`),s.suggestedAction!==void 0&&e.push(` ${C("→")} ${s.suggestedAction}`)}return e},"formatMarshallFindingsAsTable"),vr=I(r=>({errors:r.filter(e=>e.severity==="error"),findings:[...r],summary:{errorCount:r.filter(e=>e.severity==="error").length,warningCount:r.filter(e=>e.severity==="warning").length},warnings:r.filter(e=>e.severity==="warning")}),"formatMarshallFindingsAsJson");var ue=Object.defineProperty,w=p((r,e)=>ue(r,"name",{value:e,configurable:!0}),"o$1");const he=1440*60*1e3,fe=15e3,ve="https://api.github.com/repos",H=w(()=>k(L(),"archived-repo"),"getArchivedRepoCacheDir"),te=w((r,e)=>k(H(),`${encodeURIComponent(r)}__${encodeURIComponent(e)}.json`),"cacheFilePath"),me=w((r,e)=>{const t=te(r,e);if(N(t))try{const n=W(t);if(Date.now()-n.createdAt>n.ttlMs){y(t,{force:!0});return}return n}catch{y(t,{force:!0});return}},"readCachedRepo"),Z=w((r,e,t,n)=>{B(H());const s={createdAt:Date.now(),ttlMs:n,...t};U(te(r,e),JSON.stringify(s),"utf8")},"writeCachedRepo"),pe=w(r=>{if(typeof r!="string"||r.trim()==="")return;const e=r.trim().replace(/^git\+/,""),t=/^git@github\.com:([^/]+)\/(.+?)(?:\.git)?\/?$/i.exec(e);if(t)return{owner:t[1],repo:t[2]};const n=/^ssh:\/\/git@github\.com\/([^/]+)\/(.+?)(?:\.git)?\/?$/i.exec(e);if(n)return{owner:n[1],repo:n[2]};const s=/^https?:\/\/(?:www\.)?github\.com\/([^/]+)\/([^/?#]+?)(?:\.git)?\/?$/i.exec(e);if(s)return{owner:s[1],repo:s[2]}},"parseGitHubUrl"),ge=w(async(r,e,t,n)=>{const s=`${ve}/${encodeURIComponent(r)}/${encodeURIComponent(e)}`,c=new AbortController,o=setTimeout(()=>{c.abort()},fe),i=w(()=>{c.abort()},"abortListener");n?.addEventListener("abort",i,{once:!0});const a={Accept:"application/vnd.github+json","User-Agent":"visulima-vis-marshall"};t!==void 0&&t!==""&&(a.Authorization=`Bearer ${t}`);try{const d=await fetch(s,{headers:a,signal:c.signal});if(d.status===404)return{kind:"missing"};if(!d.ok)return{kind:"transient-error"};const l=await d.json(),u=l.archived===!0,h=typeof l.archived_at=="string"?l.archived_at:void 0;return{archived:u,archivedAt:h,kind:"ok"}}catch{return{kind:"transient-error"}}finally{clearTimeout(o),n?.removeEventListener("abort",i)}},"fetchGitHubRepo"),we=w((r,e)=>e!==void 0&&r.includes(e)?e:r.at(-1),"resolveLatestVersion"),mr=w(async(r,e={})=>{if(b("archivedRepo"))return[];const t=new Set(e.allowlist),n=e.cacheTtlMs??he,s=e.githubToken??process.env.GITHUB_TOKEN,c=e.concurrency??M,o=new Map,i=w(async(a,d)=>{const l=`${a}/${d}`;let u=o.get(l);return u===void 0&&(u=(async()=>{const h=me(a,d);if(h!==void 0)return h.missing===!0?{archived:!1,kind:"missing"}:{archived:h.archived,archivedAt:h.archivedAt,kind:"ok"};const f=await ge(a,d,s,e.signal);return f.kind==="missing"?Z(a,d,{archived:!1,missing:!0},n):f.kind==="ok"&&Z(a,d,{archived:f.archived===!0,archivedAt:f.archivedAt},n),f})(),o.set(l,u)),u},"fetchRepoOnce");return(await D(r,c,async({name:a,version:d})=>{if(t.has(a))return;const l=await S(a,{workspaceRoot:e.workspaceRoot});if(l===void 0)return;const u=l.versions[d]??l.versions[we(Object.keys(l.versions),l["dist-tags"]?.latest)??""];if(u===void 0)return;const h=pe(u.repository?.url);if(h===void 0)return;const f=await i(h.owner,h.repo);if(f.kind!=="transient-error"){if(f.kind==="missing")return{kind:"missing-repo",owner:h.owner,packageName:a,repo:h.repo};if(f.archived===!0)return{...f.archivedAt===void 0?{}:{archivedAt:f.archivedAt},kind:"archived",owner:h.owner,packageName:a,repo:h.repo}}})).filter(a=>a!==void 0)},"runArchivedRepoMarshall");w(()=>{const r=H();if(!N(r))return 0;let e=0;for(const t of V(r))t.endsWith(".json")&&(y(k(r,t),{force:!0}),e+=1);return e},"clearArchivedRepoCache");var ye=Object.defineProperty,O=p((r,e)=>ye(r,"name",{value:e,configurable:!0}),"h$1");const ke={dormantErrorDays:274,dormantWarnDays:183,newPublisherWindowDays:21,recentVersionErrorDays:7,recentVersionWarnDays:30},$e=1440*60*1e3,J=O((r,e)=>(r-e)/$e,"daysBetween"),T=O(r=>{if(r!==void 0)return r.email??r.name},"userIdentity"),be=O((r,e,t,n,s)=>{const c=r.time?.[t];if(c===void 0)return;const o=new Date(c).getTime();if(!Number.isFinite(o))return;const i=J(n,o);if(i<s.recentVersionErrorDays)return{kind:"recent-version",message:`published ${i.toFixed(1)} days ago (error threshold: ${String(s.recentVersionErrorDays)})`,packageName:e,severity:"error",version:t};if(i<s.recentVersionWarnDays)return{kind:"recent-version",message:`published ${i.toFixed(1)} days ago (warn threshold: ${String(s.recentVersionWarnDays)})`,packageName:e,severity:"warning",version:t}},"checkRecentVersion"),De=O((r,e,t,n,s)=>{const c=r.versions[t],o=T(c?._npmUser);if(o===void 0)return;const i=Object.keys(r.versions).filter(u=>g.valid(u)!==null).filter(u=>g.lt(u,t));if(i.length===0||i.some(u=>T(r.versions[u]?._npmUser)===o))return;const a=r.time?.[i[0]??""];if(a===void 0)return;const d=new Date(a).getTime();if(!Number.isFinite(d))return;const l=J(n,d);if(!(l<=s.newPublisherWindowDays))return{kind:"new-publisher",message:`first publish by ${o} on a ${l.toFixed(0)}-day-old package`,packageName:e,severity:"error",version:t}},"checkNewPublisher"),Me=O((r,e,t,n,s)=>{const c=r.versions[t],o=T(c?._npmUser);if(o===void 0)return;const i=[];for(const[l,u]of Object.entries(r.versions)){if(l===t||T(u._npmUser)!==o)continue;const h=r.time?.[l];if(h===void 0)continue;const f=new Date(h).getTime();Number.isFinite(f)&&i.push(f)}if(i.length===0)return;const a=Math.max(...i),d=J(n,a);if(d>=s.dormantErrorDays)return{kind:"dormant-maintainer",message:`previous release by ${o} was ${d.toFixed(0)} days ago (error threshold: ${String(s.dormantErrorDays)})`,packageName:e,severity:"error",version:t};if(d>=s.dormantWarnDays)return{kind:"dormant-maintainer",message:`previous release by ${o} was ${d.toFixed(0)} days ago (warn threshold: ${String(s.dormantWarnDays)})`,packageName:e,severity:"warning",version:t}},"checkDormantMaintainer"),pr=O(async(r,e={})=>{if(b("author"))return[];const t=new Set(e.allowlist),n={...ke,...e.thresholds},s=e.now??(()=>Date.now()),c=e.concurrency??M;return(await D(r,c,async({name:o,version:i})=>{if(t.has(o))return[];const a=await S(o,{cacheTtlMs:e.cacheTtlMs,signal:e.signal,workspaceRoot:e.workspaceRoot});if(a===void 0)return[];const d=s(),l=[],u=be(a,o,i,d,n);u!==void 0&&l.push(u);const h=De(a,o,i,d,n);h!==void 0&&l.push(h);const f=Me(a,o,i,d,n);return f!==void 0&&l.push(f),l})).flat()},"runAuthorMarshall");var Re=Object.defineProperty,$=p((r,e)=>Re(r,"name",{value:e,configurable:!0}),"t$1");const Ae=1440*60*1e3,Ne=15e3,Se=20,Oe=1e4,Ee="https://api.npmjs.org/downloads/point/last-month",z=$(()=>k(L(),"downloads"),"getDownloadsCacheDir"),ne=$(r=>k(z(),`${encodeURIComponent(r)}.json`),"cacheFilePath"),je=$(r=>{const e=ne(r);if(N(e))try{const t=W(e);if(Date.now()-t.createdAt>t.ttlMs){y(e,{force:!0});return}return t.downloads}catch{y(e,{force:!0});return}},"readCachedDownloads"),Ce=$((r,e,t)=>{B(z());const n={createdAt:Date.now(),downloads:e,observedAt:new Date().toISOString(),ttlMs:t};U(ne(r),JSON.stringify(n),"utf8")},"writeCachedDownloads"),Te=$(async(r,e)=>{const t=`${Ee}/${encodeURIComponent(r)}`,n=new AbortController,s=setTimeout(()=>{n.abort()},Ne),c=$(()=>{n.abort()},"abortListener");e?.addEventListener("abort",c,{once:!0});try{const o=await fetch(t,{signal:n.signal});if(o.status===404)return{kind:"no-data"};if(!o.ok)return{kind:"error"};const i=await o.json();return typeof i.downloads=="number"?{downloads:i.downloads,kind:"ok"}:{kind:"no-data"}}catch{return{kind:"error"}}finally{clearTimeout(s),e?.removeEventListener("abort",c)}},"fetchDownloads"),gr=$(async(r,e={})=>{if(b("downloads"))return[];const t=new Set(e.allowlist),n=e.errorThreshold??Se,s=e.warnThreshold??Oe,c=e.cacheTtlMs??Ae,o=e.concurrency??M;return(await D(r,o,async i=>{if(t.has(i))return;let a=je(i);if(a===void 0){const d=await Te(i,e.signal);if(d.kind==="no-data"||d.kind==="error")return{downloadsLastMonth:void 0,kind:"no-data",packageName:i,severity:"warning"};a=d.downloads??0,Ce(i,a,c)}if(a<n)return{downloadsLastMonth:a,kind:"below-error",packageName:i,severity:"error"};if(a<s)return{downloadsLastMonth:a,kind:"below-warning",packageName:i,severity:"warning"}})).filter(i=>i!==void 0)},"runDownloadsMarshall");$(()=>{const r=z();if(!N(r))return 0;let e=0;for(const t of V(r))t.endsWith(".json")&&(y(k(r,t),{force:!0}),e+=1);return e},"clearDownloadsCache");var xe=Object.defineProperty,m=p((r,e)=>xe(r,"name",{value:e,configurable:!0}),"t");const Pe=1440*60*1e3,_e=4e3,Fe=["1.1.1.1","8.8.8.8"],q=m(()=>k(L(),"expired-domains"),"getExpiredDomainsCacheDir"),se=m(r=>{const e=ce("sha256").update(r).digest("hex").slice(0,12);return k(q(),`${e}.json`)},"cacheFilePath"),Le=m(r=>{const e=se(r);if(N(e))try{const t=W(e);if(Date.now()-t.createdAt>t.ttlMs){y(e,{force:!0});return}return t}catch{y(e,{force:!0});return}},"readCachedDomain"),Ue=m((r,e,t)=>{B(q());const n={createdAt:Date.now(),outcome:e,ttlMs:t};U(se(r),JSON.stringify(n),"utf8")},"writeCachedDomain"),Ve=m(r=>{if(typeof r!="string")return;const e=r.lastIndexOf("@");if(e===-1||e===r.length-1)return;const t=r.slice(e+1).trim().toLowerCase();return t===""?void 0:t},"extractDomain"),We=m((r,e)=>{const t=[];e!==void 0&&t.push(e);for(const n of r??[])t.push(n);return t},"collectMaintainers"),Be=m(async(r,e)=>{let t;try{return await Promise.race([r,new Promise((n,s)=>{t=setTimeout(()=>{s(new Error("ETIMEDOUT"))},e)})])}finally{t!==void 0&&clearTimeout(t)}},"withTimeout"),Ie=m(r=>{if(r===null||typeof r!="object")return!1;const{code:e}=r;return e==="ENOTFOUND"||e==="ENODATA"||e==="NXDOMAIN"},"isExpiredError"),He=m(async(r,e,t)=>{try{const n=await Be(r.resolveNs(e),t);return Array.isArray(n)&&n.length>0?{kind:"ok"}:{kind:"expired"}}catch(n){return Ie(n)?{kind:"expired"}:{kind:"transient-error"}}},"resolveDomain"),Je=m((r,e)=>e!==void 0&&r.includes(e)?e:r.at(-1),"resolveLatestVersion"),wr=m(async(r,e={})=>{if(b("expiredDomains"))return[];const t=new Set(e.allowlist),n=new Set((e.allowDomains??[]).map(u=>u.toLowerCase())),s=e.cacheTtlMs??Pe,c=e.perDomainTimeoutMs??_e,o=e.dnsServers??Fe,i=e.concurrency??M,a=e.createResolver===void 0?new de:e.createResolver();typeof a.setServers=="function"&&a.setServers(o);const d=new Map,l=m(async u=>{let h=d.get(u);return h===void 0&&(h=(async()=>{const f=Le(u);if(f!==void 0)return{kind:f.outcome==="ok"?"ok":"expired"};const v=await He(a,u,c);return v.kind!=="transient-error"&&Ue(u,v.kind,s),v})(),d.set(u,h)),h},"resolveDomainOnce");return(await D(r,i,async({name:u,version:h})=>{if(t.has(u))return[];const f=await S(u,{workspaceRoot:e.workspaceRoot});if(f===void 0)return[];const v=f.versions[h]??f.versions[Je(Object.keys(f.versions),f["dist-tags"]?.latest)??""];if(v===void 0)return[];const P=We(v.maintainers,v._npmUser),K=new Set,_=[];for(const j of P){const A=Ve(j.email);if(A===void 0||n.has(A))continue;const X=`${A}:${j.email??""}`;if(K.has(X))continue;K.add(X);const Y=await l(A);Y.kind==="expired"?_.push({domain:A,kind:"expired",maintainer:j.email??"",packageName:u,severity:"error"}):Y.kind==="transient-error"&&_.push({domain:A,kind:"unresolved",maintainer:j.email??"",packageName:u,severity:"warning"})}return _})).flat()},"runExpiredDomainsMarshall");m(()=>{const r=q();if(!N(r))return 0;let e=0;for(const t of V(r))t.endsWith(".json")&&(y(k(r,t),{force:!0}),e+=1);return e},"clearExpiredDomainsCache");var ze=Object.defineProperty,R=p((r,e)=>ze(r,"name",{value:e,configurable:!0}),"s");const qe=["readme","license","repo"],Ge=["ERROR: No README data found!","# Security holding package"],Ke=R(r=>{const e=r.trim();return e===""?!0:Ge.some(t=>e.startsWith(t))},"isPlaceholderReadme"),Xe=R((r,e)=>{if(typeof e.readme=="string")return e.readme;if(typeof r.readme=="string")return r.readme},"getReadme"),Ye=R((r,e)=>{const t=Xe(r,e);if(t===void 0)return"missing-readme";if(Ke(t))return"placeholder-readme"},"checkReadme"),Qe=R(r=>{const{license:e}=r;return e===void 0?"missing-license":typeof e=="string"?e.trim()===""?"missing-license":void 0:typeof e.type=="string"&&e.type.trim()!==""?void 0:"missing-license"},"checkLicense"),Ze=R(r=>{const{repository:e}=r;if(e===void 0)return"missing-repo";const t=typeof e.url=="string"?e.url.trim():"";if(t==="")return"missing-repo";let n=t.replace(/^git\+/,"");const s=/^git@([^:]+):(.+?)(?:\.git)?$/.exec(n);return s&&(n=`https://${s[1]}/${s[2]}`),URL.canParse(n)?void 0:"invalid-repo-url"},"checkRepository"),er=R(r=>{const e=r["dist-tags"]?.latest;return e!==void 0&&Object.hasOwn(r.versions,e)?e:Object.keys(r.versions).at(-1)},"resolveLatestVersion"),yr=R(async(r,e={})=>{if(b("metadata"))return[];const t=new Set(e.allowlist),n=new Set(e.checks??qe),s=e.concurrency??M;return(await D(r,s,async({name:c,version:o})=>{if(t.has(c))return;const i=await S(c,{workspaceRoot:e.workspaceRoot});if(i===void 0)return;const a=i.versions[o]??i.versions[er(i)??""];if(a===void 0||a.private===!0)return;const d=[];if(n.has("readme")){const l=Ye(i,a);l!==void 0&&d.push(l)}if(n.has("license")){const l=Qe(a);l!==void 0&&d.push(l)}if(n.has("repo")){const l=Ze(a);l!==void 0&&d.push(l)}if(d.length!==0)return{issues:d,packageName:c,version:o}})).filter(c=>c!==void 0)},"runMetadataMarshall");var rr=Object.defineProperty,G=p((r,e)=>rr(r,"name",{value:e,configurable:!0}),"o");const ee=G((r,e)=>r===void 0?{}:typeof r=="string"?{[e.startsWith("@")?e.split("/").at(1)??e:e]:r}:{...r},"normalizeBin"),tr=G((r,e)=>g.valid(e)?Object.keys(r.versions).filter(t=>g.valid(t)!==null&&g.lt(t,e)).sort((t,n)=>g.lt(t,n)?1:-1)[0]:void 0,"findImmediatelyPriorVersion"),kr=G(async(r,e={})=>{if(b("newBin"))return[];const t=new Set(e.allowlist),n=new Set(e.allowBins),s=e.concurrency??M;return(await D(r,s,async({name:c,version:o})=>{if(t.has(c))return;const i=await S(c,{workspaceRoot:e.workspaceRoot});if(i===void 0)return;const a=i.versions[o];if(a===void 0)return;const d=tr(i,o);if(d===void 0)return;const l=i.versions[d];if(l===void 0)return;const u=ee(a.bin,c),h=ee(l.bin,c),f=Object.entries(u).filter(([v])=>!(v in h)).filter(([v])=>!n.has(v)).map(([v,P])=>({command:P,name:v}));if(f.length!==0)return{fromVersion:d,newBins:f,packageName:c,toVersion:o}})).filter(c=>c!==void 0)},"runNewBinMarshall");var nr=Object.defineProperty,x=p((r,e)=>nr(r,"name",{value:e,configurable:!0}),"a");const sr=["preinstall","install","postinstall"],re=x((r,e)=>r.versions[e]?.dist?.attestations?.provenance!==void 0,"hasProvenance"),ir=x((r,e)=>{if(g.valid(e)!==null)return Object.keys(r.versions).filter(t=>g.valid(t)!==null&&g.prerelease(t)===null&&g.lt(t,e)).sort((t,n)=>g.lt(t,n)?1:-1)[0]},"findNewestPriorStable"),or=x((r,e)=>{const t=r??{},n=e??{},s=[];for(const c of sr){const o=t[c];if(o===void 0||o==="")continue;const i=n[c];i===void 0||i===""?s.push({command:o,hook:c,kind:"introduced"}):i!==o&&s.push({command:o,hook:c,kind:"changed"})}return s},"installHookChanges"),$r=x(async(r,e={})=>{if(b("s1ngularity"))return[];const t=new Set(e.allowlist),n=e.concurrency??M;return(await D(r,n,async({name:s,version:c})=>{if(t.has(s))return;const o=await S(s,{workspaceRoot:e.workspaceRoot});if(o?.versions[c]===void 0)return;const i=ir(o,c);if(i===void 0||!re(o,i)||re(o,c))return;const a=or(o.versions[c]?.scripts,o.versions[i]?.scripts);if(a.length!==0)return{hookChanges:a,packageName:s,priorVersion:i,trustSignal:"provenance-dropped",version:c}})).filter(s=>s!==void 0)},"runS1ngularityMarshall");export{hr as M,$r as a,kr as b,yr as c,gr as d,wr as e,mr as f,vr as g,fr as h,pr as r};
package/dist/packem_shared/signatures-b-jJYoZd.js ADDED
@@ -0,0 +1,2 @@
1
+ var b=Object.defineProperty;var y=(s,e)=>b(s,"name",{value:e,configurable:!0});import{createRequire as N}from"node:module";import{m as x,D as B,g as E}from"./provenance-smHa8efI.js";import{i as M}from"../packem_chunks/bin.js";import{f as j}from"./registry-keys-3qaVog76.js";const P=N(import.meta.url),g=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,_=y(s=>{if(typeof g<"u"&&g.versions&&g.versions.node){const[e,i]=g.versions.node.split(".").map(Number);if(e>22||e===22&&i>=3||e===20&&i>=16)return g.getBuiltinModule(s)}return P(s)},"__cjs_getBuiltinModule"),{createPublicKey:S,createVerify:R}=_("node:crypto");var A=Object.defineProperty,h=y((s,e)=>A(s,"name",{value:e,configurable:!0}),"n");const C=h(s=>{const e=["-----BEGIN PUBLIC KEY-----"],i=s.replaceAll(/\s+/g,"");for(let t=0;t<i.length;t+=64)e.push(i.slice(t,t+64));return e.push("-----END PUBLIC KEY-----"),e.join(`
2
+ `)},"wrapSpkiPem"),D=h(({keyBase64:s,message:e,signatureBase64:i})=>{try{const t=S({format:"pem",key:C(s)}),o=R("SHA256");return o.update(e),o.end(),o.verify(t,Buffer.from(i,"base64"))}catch{return!1}},"verifyEcdsaSignature");var L=Object.defineProperty,f=y((s,e)=>L(s,"name",{value:e,configurable:!0}),"g");const U=f((s,e)=>{if(s.expires===void 0||s.expires==="")return!1;const i=Date.parse(s.expires);return Number.isNaN(i)?!1:i<=e},"isKeyExpired"),K=f((s,e,i)=>`${s}@${e}:${i}`,"buildSignedMessage"),T=f((s,e)=>e!==void 0&&s.includes(e)?e:s.at(-1),"resolveLatestVersion"),V=f(async(s,e={})=>{if(M("signatures"))return[];const i=new Set(e.allowlist),t=e.treatExpiredAs??"warning",o=e.concurrency??B,k=await j({keysUrl:e.keysUrl,signal:e.signal,ttlMs:e.keysTtlMs});if(k===void 0)return s.filter(({name:r})=>!i.has(r)).map(({name:r,version:a})=>({code:"fetch-failed",message:"Could not fetch registry signing keys.",packageName:r,severity:"warning",version:a}));const v=new Map;for(const r of k.keys)v.set(r.keyid,r);const w=Date.now();return(await x(s,o,async({name:r,version:a})=>{if(i.has(r))return[];const c=await E(r,{workspaceRoot:e.workspaceRoot});if(c===void 0)return[];const l=c.versions[a]??c.versions[T(Object.keys(c.versions),c["dist-tags"]?.latest)??""];if(l===void 0)return[];const p=l.dist?.signatures,m=l.dist?.integrity;if(p===void 0||p.length===0)return[{code:"missing-signature",message:`Package ${r}@${a} has no dist.signatures from the registry.`,packageName:r,severity:"warning",version:a}];if(typeof m!="string"||m==="")return[{code:"missing-signature",message:`Package ${r}@${a} has signatures but no dist.integrity to verify against.`,packageName:r,severity:"warning",version:a}];const $=K(r,a,m),u=[];for(const n of p){const d=v.get(n.keyid);if(d===void 0){u.push({code:"unknown-keyid",keyid:n.keyid,message:`Package ${r}@${a} was signed with an unrecognized keyid (${n.keyid}).`,packageName:r,severity:"error",version:a});continue}if(U(d,w)){u.push({code:"expired-key",keyid:n.keyid,message:`Package ${r}@${a} was signed with an expired key (${n.keyid}, expired ${d.expires??"unknown"}).`,packageName:r,severity:t,version:a});continue}D({keyBase64:d.key,message:$,signatureBase64:n.sig})||u.push({code:"invalid-signature",keyid:n.keyid,message:`Package ${r}@${a} signature did not verify against ${n.keyid}.`,packageName:r,severity:"error",version:a})}return u})).flat()},"runSignatureMarshall");export{V as r};
package/dist/packem_shared/toolchain-OH1PXwbZ.js ADDED
@@ -0,0 +1,5 @@
1
+ var N=Object.defineProperty;var x=(o,e)=>N(o,"name",{value:e,configurable:!0});import{createRequire as I}from"node:module";import{M as d,i as g,$ as k,n as O,d as J,f as R}from"../packem_chunks/config.js";const B=I(import.meta.url),M=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,j=x(o=>{if(typeof M<"u"&&M.versions&&M.versions.node){const[e,n]=M.versions.node.split(".").map(Number);if(e>22||e===22&&n>=3||e===20&&n>=16)return M.getBuiltinModule(o)}return B(o)},"__cjs_getBuiltinModule"),{execFileSync:w}=j("node:child_process"),{randomBytes:D}=j("node:crypto"),{writeFileSync:U,renameSync:q,unlinkSync:H}=j("node:fs");var z=Object.defineProperty,f=x((o,e)=>z(o,"name",{value:e,configurable:!0}),"f");const V=["proto","mise","fnm","volta","asdf","nvm","corepack"],Z={asdf:["bun","deno","go","node","npm","pnpm","python","ruby","rust","yarn"],corepack:["npm","pnpm","yarn"],fnm:["node"],mise:["aube","bun","deno","go","node","npm","pnpm","python","ruby","rust","yarn"],nvm:["node"],proto:["bun","deno","go","node","npm","pnpm","python","ruby","rust","yarn"],volta:["node","npm","pnpm","yarn"]},X=["proto","mise","fnm","volta","asdf","nvm","corepack"],W={asdf:[".tool-versions"],corepack:[],fnm:[".nvmrc",".node-version"],mise:[".mise.toml",".config/mise.toml","mise.toml"],nvm:[".nvmrc"],proto:[".prototools"],volta:[]},$=new Map,b=f(o=>{const e=$.get(o);if(e!==void 0||$.has(o))return e;const n=process.env.PATH;if(!n){$.set(o,void 0);return}const t=process.platform==="win32"?["",...(process.env.PATHEXT??".COM;.EXE;.BAT;.CMD").split(";")]:[""];for(const r of n.split(J)){const a=r.replaceAll(/^["']|["']$/g,"").trim();if(a!=="")for(const l of t){const s=`${a}${R}${o}${l}`;if(g(s))return $.set(o,s),s}}$.set(o,void 0)},"isOnPath"),_=f((o,e=["--version"])=>{try{const n=w(o,e,{encoding:"utf8",stdio:["ignore","pipe","ignore"],timeout:2e3}),t=/\d+\.\d+(?:\.\d+)?/.exec(n);return t?t[0]:n.trim()||void 0}catch{return}},"queryManagerVersion"),A=f((o,e)=>{const n=d(o,"package.json");if(!g(n))return[];try{const t=O(n)[e];if(e==="volta"&&typeof t=="object"&&t!==null&&Object.keys(t).length>0)return["package.json"];if(e==="packageManager"&&typeof t=="string"&&t.length>0)return["package.json"]}catch{}return[]},"pkgFieldConfigFiles"),G=f((o,e)=>o==="volta"?A(e,"volta"):o==="corepack"?A(e,"packageManager"):W[o].filter(n=>g(d(e,n))),"configFilesFor"),P=new Map,K=f(()=>{P.clear(),$.clear()},"clearToolchainCache"),S=f((o,e)=>{if(!e?.refresh){const a=P.get(o);if(a)return a}const n=[],t=!!b("pnpm")||!!b("yarn");for(const a of X){const l=a==="nvm"?void 0:b(a),s=a==="nvm"&&!!process.env.NVM_DIR,c=G(a,o),i=!!l||s;a==="corepack"&&!i&&(!(c.length>0)||t)||!i&&c.length===0||n.push({binPath:l,configFiles:c,installed:i,name:a,version:l?_(l):void 0})}const r=Object.freeze(n);return P.set(o,r),r},"findInstalledManagers"),be=f((o,e,n)=>{const t=n??S(o);return e?.preferredManager&&e.preferredManager!=="none"?t.find(r=>r.name===e.preferredManager)??{configFiles:[],installed:!1,name:e.preferredManager}:t.find(r=>r.installed&&r.configFiles.length>0)??t.find(r=>r.installed)??t.find(r=>r.configFiles.length>0)??{configFiles:[],installed:!1,name:"none"}},"pickPrimaryManager"),L=f((o,e)=>{for(const n of e){const t=d(o,n);if(g(t))try{const r=k(t).trim();if(r!=="")return{name:n,value:r.replace(/^v/,"")}}catch{}}},"readVersionFile"),Q=/^([a-z][\w-]*)\s*=\s*"?([^"\n#]+?)"?\s*(?:#.*)?$/i,Y=f(o=>{const e=d(o,".prototools");if(!g(e))return[];const n=k(e),t=[];let r=!1;for(const a of n.split(/\r?\n/)){const l=a.trim();if(l===""||l.startsWith("#"))continue;if(l.startsWith("[")){r=!0;continue}if(r)continue;const s=Q.exec(l);if(!s)continue;const[,c,i]=s,u=h(c);u&&t.push({source:".prototools",tool:u,version:i.trim()})}return t},"parsePrototools"),ee=/^\[tools\]\s*$/i,oe=/^([a-z][\w-]*)\s*=\s*"?([^"\n#]+?)"?\s*(?:#.*)?$/i,ne=f(o=>{for(const e of W.mise){const n=d(o,e);if(!g(n))continue;const t=[],r=k(n);let a=!1;for(const l of r.split(/\r?\n/)){const s=l.trim();if(s===""||s.startsWith("#"))continue;if(s.startsWith("[")){a=ee.test(s);continue}if(!a)continue;const c=oe.exec(s);if(!c)continue;const[,i,u]=c,m=h(i);m&&t.push({source:".mise.toml",tool:m,version:u.trim()})}if(t.length>0)return t}return[]},"parseMiseToml"),te=f(o=>{const e=d(o,".tool-versions");if(!g(e))return[];const n=k(e),t=[];for(const r of n.split(/\r?\n/)){const a=r.trim();if(a===""||a.startsWith("#"))continue;const l=a.split(/\s+/);if(l.length<2)continue;const[s,...c]=l,i=h(s);i&&c[0]&&t.push({source:".tool-versions",tool:i,version:c[0]})}return t},"parseToolVersions"),h=f(o=>{switch(o.toLowerCase()){case"aube":return"aube";case"bun":return"bun";case"deno":return"deno";case"go":case"golang":return"go";case"node":case"nodejs":return"node";case"npm":return"npm";case"pnpm":return"pnpm";case"python":case"python3":return"python";case"ruby":return"ruby";case"rust":case"rustc":return"rust";case"yarn":return"yarn";default:return}},"normalizeToolName"),re=f(o=>{const[e]=o.split("+",1),n=/^(pnpm|yarn|npm|bun)@(.+)$/.exec(e??"");if(!n)return;const t=h(n[1]);if(t)return{source:"packageManager",tool:t,version:n[2]}},"parsePackageManagerField"),se=f((o,e)=>{const n=new Map,t=f(s=>{n.set(s.tool,s)},"add"),r=d(o,"package.json");let a={};try{g(r)&&(a=O(r))}catch{}if(a.engines)for(const[s,c]of Object.entries(a.engines)){const i=h(s);i&&typeof c=="string"&&t({source:"engines",tool:i,version:c})}if(a.packageManager){const s=re(a.packageManager);s&&t(s)}if(a.volta)for(const[s,c]of Object.entries(a.volta)){const i=h(s);i&&typeof c=="string"&&t({source:"volta",tool:i,version:c})}const l=L(o,[".nvmrc",".node-version"]);l&&t({source:l.name===".nvmrc"?".nvmrc":".node-version",tool:"node",version:l.value});for(const s of te(o))t(s);for(const s of ne(o))t(s);for(const s of Y(o))t(s);if(e?.tools)for(const[s,c]of Object.entries(e.tools)){const i=h(s);i&&typeof c=="string"&&t({source:"vis.config.ts",tool:i,version:c})}return[...n.values()]},"parseExpectedTools"),F={aube:{args:["--version"],binaries:["aube"]},bun:{args:["--version"],binaries:["bun"]},deno:{args:["--version"],binaries:["deno"]},go:{args:["version"],binaries:["go"]},node:{args:["--version"],binaries:["node"]},npm:{args:["--version"],binaries:["npm"]},pnpm:{args:["--version"],binaries:["pnpm"]},python:{args:["--version"],binaries:["python","python3"]},ruby:{args:["--version"],binaries:["ruby"]},rust:{args:["--version"],binaries:["rustc"]},yarn:{args:["--version"],binaries:["yarn"]}},ae=f(o=>{const e=F[o];for(const n of e.binaries){const t=b(n);if(t)return _(t,e.args)}if(o==="node")return process.versions.node},"queryToolVersion"),ie=f((o,e)=>{const n=e.trim();if(n===""||n==="*"||n==="latest")return!0;if(/^\d[\d.]*$/.test(n))return o===n||o.startsWith(`${n}.`);const t=f(s=>s.split(/[.\-+]/).map(c=>Number.parseInt(c,10)||0),"parse"),r=f((s,c)=>{const i=t(s),u=t(c),m=Math.max(i.length,u.length);for(let p=0;p<m;p++){const y=i[p]??0,v=u[p]??0;if(y!==v)return y-v}return 0},"compare"),a=f(s=>{for(const c of s)if(c.startsWith(">=")){if(r(o,c.slice(2).trim())<0)return!1}else if(c.startsWith("<=")){if(r(o,c.slice(2).trim())>0)return!1}else if(c.startsWith(">")){if(r(o,c.slice(1).trim())<=0)return!1}else if(c.startsWith("<")){if(r(o,c.slice(1).trim())>=0)return!1}else if(c.startsWith("^")||c.startsWith("~")){const i=c.slice(1).trim(),[u,m]=t(i),[p,y]=t(o);if(p!==u||c.startsWith("~")&&y!==m||r(o,i)<0)return!1}return!0},"matchesAll"),l=n.split("||").map(s=>s.trim().split(/\s+/).filter(Boolean)).filter(s=>s.length>0);return l.length===0?!0:l.some(s=>a(s))},"satisfies"),ce=f((o,e)=>{switch(o){case".mise.toml":return["mise"];case".node-version":case".nvmrc":return["fnm","nvm","volta","proto","mise","asdf"];case".prototools":return["proto"];case".tool-versions":return["asdf","mise"];case"packageManager":return e==="pnpm"||e==="yarn"?["self-activate","volta","proto","mise","corepack"]:e==="npm"?["volta","proto","mise","asdf","corepack"]:e==="aube"?["mise"]:e==="bun"?["proto","mise","asdf"]:["volta","proto","mise"];case"volta":return["volta"];default:return["proto","mise","fnm","volta","asdf","nvm","corepack"]}},"preferenceFor"),le=f((o,e,n)=>{if(n?.preferredManager&&n.preferredManager!=="none"&&T(n.preferredManager,o.tool)){const r=e.find(a=>a.name===n.preferredManager);return r?{installed:r.installed,name:r.name}:{installed:!1,name:n.preferredManager,note:`${n.preferredManager} is the preferred manager but isn't on PATH`}}const t=ce(o.source,o.tool);for(const r of t){if(r==="self-activate"){if((o.tool==="pnpm"||o.tool==="yarn")&&b(o.tool))return{installed:!0,name:"self-activate",note:`${o.tool} will activate ${o.version} from the packageManager field on next invocation`};continue}if(T(r,o.tool)&&e.find(a=>a.name===r)?.installed)return{installed:!0,name:r}}for(const r of t)if(!(r==="self-activate"||!T(r,o.tool)))return{installed:!1,name:r,note:`${r} can install ${o.tool} — run \`vis toolchain install\` after adding it to PATH`};return{installed:!1,name:"none",note:"No manager knows how to install this tool"}},"resolveManagerFor"),T=f((o,e)=>o==="none"?!1:o==="self-activate"?e==="pnpm"||e==="yarn":Z[o].includes(e),"canHandle"),fe=f((o,e)=>{const n=S(o),t=se(o,e).map(r=>{const a=ae(r.tool),l=a!==void 0&&ie(a,r.version),s=le(r,n,e);return{actual:a,expected:r,manager:s,matches:l}});return{detected:n,tools:t}},"getToolchainStatus"),pe=f((o,e)=>{switch(o){case"asdf":return e?{args:["install",e.tool,e.version],bin:"asdf"}:void 0;case"corepack":return e?{args:["prepare",`${e.tool}@${e.version}`,"--activate"],bin:"corepack"}:{args:["prepare","--activate"],bin:"corepack",hint:"reads the packageManager field in package.json"};case"fnm":return e?.tool!=="node"?void 0:{args:["install",e.version],bin:"fnm"};case"mise":return e?{args:["install",`${e.tool}@${e.version}`],bin:"mise"}:void 0;case"none":return;case"nvm":return{args:[],bin:"nvm",hint:"nvm is a shell function — run `nvm install` / `nvm use` from your shell"};case"proto":return e?{args:["install",e.tool,e.version],bin:"proto"}:void 0;case"self-activate":return{args:[],bin:e?.tool??"pnpm",hint:`${e?.tool??"pnpm"} will self-activate on next invocation — no install needed`};case"volta":return e?{args:["install",`${e.tool}@${e.version}`],bin:"volta"}:{args:["install","node@lts"],bin:"volta",hint:"volta pins per-tool; specify <tool>@<version>"};default:{const n=o;throw new Error(`Unknown manager: ${n}`)}}},"buildInstallInvocation"),ye=f((o,e)=>{switch(o){case"asdf":return{args:["local",e.tool,e.version],bin:"asdf",configChange:{file:".tool-versions",hint:`Pins ${e.tool} ${e.version}`}};case"corepack":return e.tool!=="npm"&&e.tool!=="pnpm"&&e.tool!=="yarn"?void 0:{args:["use",`${e.tool}@${e.version}`],bin:"corepack",configChange:{file:"package.json",hint:`Writes packageManager: "${e.tool}@${e.version}"`}};case"fnm":return e.tool==="node"?{args:["use",e.version],bin:"fnm"}:void 0;case"mise":return{args:["use","--",`${e.tool}@${e.version}`],bin:"mise",configChange:{file:".mise.toml",hint:`Pins ${e.tool} ${e.version}`}};case"none":return;case"nvm":return e.tool==="node"?{args:[],bin:"nvm",configChange:{file:".nvmrc",hint:"Write version to .nvmrc manually (nvm doesn't persist)."}}:void 0;case"proto":return{args:["pin",e.tool,e.version],bin:"proto",configChange:{file:".prototools",hint:`Pins ${e.tool} ${e.version}`}};case"self-activate":return{args:[],bin:e.tool,configChange:{file:"package.json",hint:`Set packageManager: "${e.tool}@${e.version}" — ${e.tool} will self-activate on next invocation`}};case"volta":return{args:["pin",`${e.tool}@${e.version}`],bin:"volta",configChange:{file:"package.json",hint:`Writes volta.${e.tool}`}};default:{const n=o;throw new Error(`Unknown manager: ${n}`)}}},"buildUseInvocation"),$e=f(o=>{for(const e of F[o].binaries){const n=b(e);if(n)return n}},"findOnPathByAlias"),ke=f((o,e)=>{const n=F[e].binaries;if(o.installed&&o.binPath&&(o.name==="proto"||o.name==="mise"||o.name==="asdf"||o.name==="volta"||o.name==="fnm"))for(const t of n)try{const r=w(o.binPath,["which",t],{encoding:"utf8",stdio:["ignore","pipe","ignore"],timeout:2e3}).trim();if(r)return r}catch{}for(const t of n){const r=b(t);if(r)return r}},"resolveToolBinary"),E=f((o,e)=>{const n=`${o}.${process.pid}.${D(6).toString("hex")}.tmp`;U(n,e);try{q(n,o)}catch(t){try{H(n)}catch{}throw t}},"atomicWrite"),ue=f((o,e)=>{if("packageManager"in o)return o.packageManager=e,o;const n={};let t=!1;for(const[r,a]of Object.entries(o))!t&&(r==="dependencies"||r==="devDependencies"||r==="peerDependencies"||r==="optionalDependencies")&&(n.packageManager=e,t=!0),n[r]=a;return t||(n.packageManager=e),n},"insertPackageManagerKey"),Me=f((o,e)=>{if(e.tool!=="pnpm"&&e.tool!=="yarn"&&e.tool!=="npm"&&e.tool!=="bun")return;const n=d(o,"package.json");if(!g(n))throw new Error(`Cannot pin ${e.tool}: ${n} does not exist.`);const t=k(n),r=/\n([ \t]+)/.exec(t)?.[1]??" ";let a;try{a=JSON.parse(t)}catch(i){throw new Error(`${n} is not valid JSON — fix it before running \`vis toolchain use\`. Underlying error: ${i.message}`,{cause:i})}const l=`${e.tool}@${e.version}`,s=ue(a,l),c=t.endsWith(`
2
+ `)?`
3
+ `:"";return E(n,`${JSON.stringify(s,void 0,r)}${c}`),l},"writePackageManagerField"),we=f((o,e)=>{const n=d(o,"package.json");if(!g(n))return;const t=k(n);let r;try{r=JSON.parse(t)}catch(s){throw new Error(`${n} is not valid JSON — fix it before running \`vis toolchain use\`. Underlying error: ${s.message}`,{cause:s})}if(r.engines?.[e.tool]===void 0||r.engines[e.tool]===e.version)return;r.engines[e.tool]=e.version;const a=/\n([ \t]+)/.exec(t)?.[1]??" ",l=t.endsWith(`
4
+ `)?`
5
+ `:"";return E(n,`${JSON.stringify(r,void 0,a)}${l}`),e.version},"updateEnginesField"),xe=f(o=>{const e=/^([a-z][\w-]*)@(.+)$/i.exec(o.trim());if(!e)return;const n=h(e[1]);if(n)return{source:"vis.config.ts",tool:n,version:e[2]}},"parseUseArgument"),ge=f(async(o,e,n)=>{const t=fe(o,e),r=t.tools.filter(i=>!i.matches);if(r.length===0)return{attempted:[],failed:[],upToDate:!0};const a=t.detected.some(i=>i.installed);if(!(e?.autoInstall??a))return{attempted:[],failed:[],upToDate:!1};const l=[],s=[],c=new Map;for(const i of r){const u=c.get(i.manager.name);u?u.push(i):c.set(i.manager.name,[i])}for(const[i,u]of c){if(i==="self-activate"){for(const{expected:p}of u)n.info(`toolchain: ${p.tool} ${p.version} will self-activate on next ${p.tool} invocation`),l.push(p);continue}if(i==="none"){for(const{expected:p}of u)s.push({error:`no manager can install ${p.tool} — install one of ${V.join(", ")}`,spec:p});continue}if(!t.detected.find(p=>p.name===i)?.installed){for(const{expected:p}of u)s.push({error:`${i} is not on PATH`,spec:p});continue}const m=u.map(p=>({invocation:pe(i,p.expected),tool:p})).filter(p=>p.invocation!==void 0);for(const{invocation:p,tool:y}of m){const{expected:v}=y;if(p.bin==="nvm"&&p.args.length===0){n.warn(`toolchain: nvm requires a shell-side activation for ${v.tool} ${v.version}. Run \`nvm install\` / \`nvm use\` manually.`),s.push({error:"nvm requires shell-side activation",spec:v});continue}n.info(`toolchain: $ ${p.bin} ${p.args.join(" ")}`);try{w(p.bin,p.args,{cwd:o,stdio:"inherit"}),l.push(v),i==="fnm"&&de(p.bin,n)}catch(C){s.push({error:C.message,spec:v});break}}}return K(),{attempted:l,failed:s,upToDate:!1}},"ensureToolchain"),Te=f(async(o,e,n,t=!1)=>{if(t)return;const r=await ge(o,e,n);for(const a of r.failed)n.warn(`toolchain: ${a.spec.tool} ${a.spec.version} — ${a.error}`)},"runToolchainPreflight"),de=f((o,e)=>{const n=process.platform==="win32"?"powershell":"bash";try{const t=w(o,["env","--shell",n],{encoding:"utf8",stdio:["ignore","pipe","ignore"],timeout:2e3});for(const r of t.split(/\r?\n/)){const a=r.trim();if(a==="")continue;const l=/^\$env:([A-Z_]\w*)\s*=\s*(.+)$/i.exec(a);if(l){const[,i,u]=l;process.env[i]=u.replaceAll(/^["']|["']$/g,"");continue}const s=/^set\s+"?([A-Z_]\w*)=(.*?)"?$/i.exec(a);if(s){const[,i,u]=s;process.env[i]=u;continue}const c=/^(?:export\s+)?([A-Z_]\w*)=(.+)$/i.exec(a);if(c){const[,i,u]=c;process.env[i]=u.replaceAll(/^["']|["']$/g,"")}}}catch(t){e.warn(`toolchain: could not activate fnm env (${t.message}). Subsequent tasks may use the previous Node version.`)}},"activateFnmEnv");export{V as S,le as a,pe as b,ye as c,ke as d,$e as e,S as f,fe as g,be as h,xe as p,Te as r,we as u,Me as w};
package/dist/packem_shared/{typosquats-BCeR-sLf.js → typosquats-CJ4o1l7U.js} RENAMED
@@ -1 +1 @@
1
- var $=Object.defineProperty;var m=(e,s)=>$(e,"name",{value:s,configurable:!0});import{createRequire as z}from"node:module";import{aQ as C,i as f,p as i,a as b,e as k}from"../packem_chunks/bin.js";import{M as D,i as A,n as O}from"../packem_chunks/config.js";const _=z(import.meta.url),l=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,T=m(e=>{if(typeof l<"u"&&l.versions&&l.versions.node){const[s,r]=l.versions.node.split(".").map(Number);if(s>22||s===22&&r>=3||s===20&&r>=16)return l.getBuiltinModule(e)}return _(e)},"__cjs_getBuiltinModule"),{createInterface:M}=T("node:readline");var F=["aj","aju","av","avj","ejv","jav","jv"],N=["angula","angular-node","angularjs"],P=["auto-prefixer"],B=["aaxios","aios","axio","axioos","axios-node","axioss","axis","axiso","axois","axos","axxios"],R=["abel","babbel","babe","babel-js","babel-node","babl","bable","bbael","bebel"],S=["bcrpyt","bcrypt-node","brcypt","crypt","dcrypt"],W=["bcryptjs-node","dcryptjs"],L=["bunan","bunya","bunyan-node","buynan"],E=["cai","cha","chaijs","chal","chi","chia","hai"],U=["cahlk","calk","cchalk","ch4lk","cha1k","chaalk","chaik","chak","chakl","chalk-node","chalkk","challk","chhalk","chlak","chlk","halk","hcalk"],V=["cheero","cherio"],I=["c0lor","ccolor","clor","colo","coloor","color-js","colorjs","colorr","colr","coolor","coolr"],J=["ccolors","colors-node","colorss","colorz","colrs","coolors"],Q=["c0mmander","ccommander","cmmander","cmomander","co-mmander","comamnder","comander","comm4nder","commaander","commader","commadner","commamder","command3r","commandder","commande","commandeer","commander-js","commanderr","commandr","commandre","commanedr","commaner","commannder","commender","commmander","commnader","commnder","coommander","ocmmander","ommander"],Y=["cor","corss","cos","cosr","cros","crs","ors"],G=["days"],H=["d3bug","dbeug","dbug","ddebug","debbug","debg","debgu","debu","debu9","debug-js","debug-node","debugg","debugjs","debuug","deebug","deubg","deug","ebug","edbug"],K=["dot-env","dotenv-node","dotenvjs","dotevn"],X=["3lectron","eectron","eelctron","eelectron","el3ctron","elcetron","elctron","elecctron","elecron","elecrton","electon","electorn","electr0n","electrn","electrno","electro","electrom","electron-node","electronn","electroon","electrron","electtron","eleectron","eletcron","eletron","ellectron","lectron","leectron"],Z=["asbuild","ebuild","esbuild-node","esbuildjs","ezbuild","sbuild"],ee=["aslint","elint","eslint-js","eslint-node","eslit","ezlint","slint"],oe=["eexpress","epress","epxress","experss","expess","exppress","expreess","expres","express-node","expressjs","expresss","exprress","exprses","exprss","exress","exrpess","exxpress","xepress","xpress"],se=["astify"],re=["firebasejs"],ae=["form1dable"],te=["glb","glo","glob-js","globjs","gob","golb","lob"],ne=["go","goot","gotjs","gott","gt","gto","ogt","ot","qot"],ce=["helmetjs","helnet"],ie=["homo","hon","hoo","hoon","ohno","ono"],de=["inquire","inquirer-js","nquirer"],le=["iredis"],me=["ejst","est","jast","jes","jestjs","jestt","jet","jets","jst"],pe=["imp","jim","jip","jmp"],ue=["ji","jio","jo","joii","jol","oi","oji"],ve=["jdom","jsdm","jsdo","jsdom-js","jsdon","jsom","sdom"],he=["jsonwebtoken-js","jsonwebtoken-node"],je=["ka","kao","ko","koaa","koajs","koe","oa","oka"],be=["1odash","iodash","l0dash","ldash","ldoash","llodash","lo-dash","loadsh","loash","lobash","lod4sh","lodaash","lodah","lodahs","lodas","lodash-node","lodashh","lodassh","loddash","lodesh","lodsah","lodsh","loodash","odash","oldash"],ke=["luca","luci","lucie"],ge=["luon","luxo","luxon-js"],fe=["imcromatch","mciromatch","micormatch","micrmoatch","micro-match","microamtch","micromacth","micromathc","micromtach","mircomatch"],ye=["minimath"],xe=["mcha","mmocha","moca","moch","mocha-js","moha","nocha","ocha"],we=["m0ment","mment","mmoent","mmoment","moemnt","moent","mom3nt","momeent","momemt","momen","momen7","momennt","moment-js","momentjs","momentt","momet","mometn","momment","momnet","momnt","monent","mooment","oment","omment"],qe=["mognoose","mogoose","mongoos","mongose","monqoose","moongoose"],$e=["moran","organ"],ze=["muler","multer-js","muter"],_e=["mysql"],Te=["ext","mext","n3xt","naxt","net","netx","nex","next-js","next-node","nextjs","nxt"],Me=["node-mailer","nodemailer-js"],Ce=["nodemo","nodemonjs","nodmeon"],De=["oar","or","ora-node","ore","ra","roa"],Ae=["arcel","parce","parceljs"],Oe=["passport-js"],Fe=["phase","phaser-node"],Ne=["ino","pimo","pin","pino-node","pinojs","pio","pion"],Pe=["playright","playwright-js"],Be=["postcss-js","postcss-node","potscss"],Re=["pettier","pprettier","pretier","prettierjs","prettierr","prtetier"],Se=["prima","prism","prisma-js","prismajs","prizma"],We=["pupeteer"],Le=["rada","rama","ramd","randa"],Ee=["eact","eract","r3act","raact","ract","raect","re4ct","reaact","reac","reac7","reacct","react-node","reactjs","reactt","reat","reatc","recat","rect","reeact","reect","rreact"],Ue=["erdis","radis","rdis","redi","redis-js","redis-node","rediss","rediz","reds","reis","rredis"],Ve=["resen","rsend"],Ie=["ollup","rollup-js","rollup-node"],Je=["ass","asss","sas","sass-node","sess","ssas","sss"],Qe=["emver","seemver","semver-node","semvre","senver","sever"],Ye=["sequelize-js","sequelize-node"],Ge=["harp","shap","shar","sharp-js","sharpjs"],He=["stipe","strip","stripe-node","tripe"],Ke=["supabase-js"],Xe=["suelte","svelt3","svelte-js","sveltejs","velte"],Ze=["tailwindcss-js"],eo=["auri","taui"],oo=["hree","htree","thee","there","three-js","three-node","tree"],so=["stx","sx","ts","tsxx","ttsx","tx","txs","tzx"],ro=["ttypescript","typecript","typescipt","typescript-node","typescriptjs","typescrit","typescritp"],ao=["udnerscore","undercore","underscoer","underscore-node","underscroe","undersocre","undesrcore"],to=["uid","uud","uudi","uui","uuid-js","uuid-node","uuidjs","vuid"],no=["ite","vie","vit","vita","vite-node","vitee","vlte","vte"],co=["itest","uitest","vitestjs","vitezt","vittest","vtest"],io=["ue","uue","uve","ve","veu","vu","vu3","vua","vue-node","vuee","vuejs","vuue","vve","vvue"],lo=["web-pack","weback","webpac","webpack-node","webpackjs","webpak","weebpack","wepack","wepback"],mo=["winson","winston-js","winstoon"],po=["up","uyp","yp","yu","yupjs","yupp"],uo=["od","zd","zdo","zo","zob","zod-js","zodjs"];const vo={ajv:F,angular:N,autoprefixer:P,"aws-sdk":["awssdk","ews-sdk"],axios:B,babel:R,bcrypt:S,bcryptjs:W,"body-parser":["body-paresr","body-parse","body-parser-js","body_parser"],bunyan:L,chai:E,chalk:U,cheerio:V,color:I,colors:J,commander:Q,"cookie-parser":["cookie-parse","cookieparser"],cors:Y,"cross-env":["crossenv"],"date-fns":["data-fns","date-fn"],dayjs:G,debug:H,dotenv:K,electron:X,esbuild:Z,eslint:ee,express:oe,fastify:se,firebase:re,formidable:ae,glob:te,got:ne,helmet:ce,hono:ie,inquirer:de,ioredis:le,jest:me,jimp:pe,joi:ue,jsdom:ve,jsonwebtoken:he,koa:je,lodash:be,lucia:ke,luxon:ge,micromatch:fe,minimatch:ye,mocha:xe,moment:we,mongoose:qe,morgan:$e,multer:ze,mysql2:_e,next:Te,"node-fetch":["node-fecth","node-fethc","node.fetch"],nodemailer:Me,nodemon:Ce,ora:De,parcel:Ae,passport:Oe,phaser:Fe,pino:Ne,playwright:Pe,postcss:Be,prettier:Re,prisma:Se,puppeteer:We,ramda:Le,react:Ee,"react-dom":["eact-dom","eract-dom","r3act-dom","ract-dom","raect-dom","re4ct-dom","reaact-dom","reac-dom","reac7-dom","reacct-dom","react-bom","react-d0m","react-ddom","react-dm","react-dmo","react-do","react-domm","react-don","react-doom","react-odm","react-om","react.dom","reactdom","reactt-dom","reat-dom","reatc-dom","recat-dom","rect-dom","reeact-dom","rreact-dom"],redis:Ue,resend:Ve,rollup:Ie,sass:Je,semver:Qe,sequelize:Ye,sharp:Ge,"socket.io":["ocket.io","oscket.io","scket.io","scoket.io","soccket.io","socekt.io","socet.io","sock3t.io","socke.io","socke7.io","sockeet.io","socket.1o","socket.i","socket.iio","socket.ioo","socket.lo","socket.o","socket.oi","sockett.io","sockket.io","sockt.io","sockte.io","sokcet.io","soket.io","soocket.io","ssocket.io"],stripe:He,supabase:Ke,svelte:Xe,tailwindcss:Ze,tauri:eo,three:oo,"ts-node":["tts-node"],tsx:so,typescript:ro,underscore:ao,uuid:to,vite:no,vitest:co,vue:io,webpack:lo,winston:mo,yup:po,zod:uo};var v,g;function ho(){return g||(g=1,v={"@tanstack/start":["start-tanstack-app","tanstack","tanstack-app","tanstack-start"]}),v}m(ho,"requireTyposquatsManual");var jo=ho();const bo=C(jo);var ko=Object.defineProperty,n=m((e,s)=>ko(e,"name",{value:s,configurable:!0}),"c");const go={a:["4","e"],b:["d"],d:["b"],e:["3","a"],g:["9","q"],i:["1","l"],l:["1","i"],m:["n"],n:["m"],o:["0"],s:["5","z"],t:["7"],u:["v"],v:["u"]},fo=["app","cli","core","kit","lib","pkg","sdk"],yo=n(e=>{const s=new Set;if(e.length<3)return s;for(let o=0;o<e.length;o++){const a=e[o],t=a==="-"||a==="."||a==="_";if(t||s.add(e.slice(0,o)+e.slice(o+1)),t||s.add(e.slice(0,o)+a+e.slice(o)),o<e.length-1&&e[o]!==e[o+1]){const u=e[o+1]==="-"||e[o+1]==="."||e[o+1]==="_";if(!t&&!u){const d=[...e];[d[o],d[o+1]]=[d[o+1],d[o]],s.add(d.join(""))}}const c=e[o].toLowerCase(),j=go[c];if(j)for(const u of j)s.add(e.slice(0,o)+u+e.slice(o+1))}const r=/[-._]/g;if(r.test(e))s.add(e.replaceAll(r,"")),s.add(e.replaceAll(r,"-")),s.add(e.replaceAll(r,".")),s.add(e.replaceAll(r,"_"));else if(e.length>5)for(let o=2;o<e.length-2;o++)s.add(`${e.slice(0,o)}-${e.slice(o)}`),s.add(`${e.slice(0,o)}.${e.slice(o)}`),s.add(`${e.slice(0,o)}_${e.slice(o)}`);if(e.startsWith("@")||(s.add(`${e}-js`),s.add(`${e}js`),s.add(`${e}-node`)),e.startsWith("@")){const o=e.indexOf("/");if(o>1&&o<e.length-1){const a=e.slice(1,o),t=e.slice(o+1);a.length>=3&&s.add(a);for(const c of["","-",".","_"])s.add(`${a}${c}${t}`),s.add(`${t}${c}${a}`);for(const c of fo)s.add(`${a}-${c}`),s.add(`${t}-${a}-${c}`),s.add(`${c}-${a}-${t}`)}}return s.delete(e),s},"generateVariants");let h,p;const y=n(()=>{if(!h){const e={};for(const s of[vo,bo])for(const[r,o]of Object.entries(s)){const a=e[r]??(e[r]=[]);for(const t of o)a.includes(t)||a.push(t)}h=e}return h},"loadBlocklist"),xo=n(()=>{if(!p){p=new Map;for(const[e,s]of Object.entries(y()))for(const r of s)p.set(r,e)}return p},"getReverseLookup"),wo=n(e=>e.startsWith("@")?e.split("/")[1]??e:e,"bareName"),qo=n(e=>{const s=wo(e),r=xo().get(s);if(r)return{input:e,legitimate:r,method:"blocklist"};for(const o of Object.keys(y()))if(yo(o).has(s))return{input:e,legitimate:o,method:"heuristic"}},"checkTyposquat"),x=n((e,s)=>{const r=s?new Set(s):void 0,o=[];for(const a of e){if(r?.has(a))continue;const t=qo(a);t&&o.push(t)}return o},"checkTyposquats"),w=n((e,s)=>{i.warn(""),i.warn(b(`Possible typosquat${e.length===1?"":"s"} ${s}:`));for(const r of e){const o=r.method==="blocklist"?"known typosquat":"similar name";i.warn(` ${k("⚠")} ${b(r.input)} — did you mean ${k(r.legitimate)}? (${o})`)}i.warn("")},"printTyposquatWarnings"),q=n(async e=>{if(!process.stdin.isTTY){i.warn("Aborting: potential typosquat detected in non-interactive mode. Use --no-typosquat-check to skip.");return}const s=M({input:process.stdin,output:process.stdout}),r=await new Promise(o=>{s.question(e,a=>{o(a.trim().toLowerCase())})});return s.close(),r},"askConfirmation"),Ao=n(async(e,s)=>{if(f("typosquats"))return{ok:!0,packages:e};const r=x(e,s);if(r.length===0)return{ok:!0,packages:e};w(r,"detected");const o=await q(`Use suggested package${r.length===1?"":"s"} instead? [S]uggested / [y]es, keep original / [N]o, abort (default: N) `);if(o===void 0)return{ok:!1,packages:e};if(o==="s"||o==="suggested"){const a=new Map(r.map(t=>[t.input,t.legitimate]));return{ok:!0,packages:e.map(t=>a.get(t)??t)}}return o==="y"||o==="yes"?{ok:!0,packages:e}:{ok:!1,packages:e}},"runTyposquatCheck"),$o=/^(?:npm|pnpm|yarn):(.+?)(?:@.*)?$/,zo=n(e=>$o.exec(e)?.[1],"parseAliasTarget"),_o=n(e=>{if(!A(e))return[];const s=O(e),r={...s.dependencies,...s.devDependencies,...s.optionalDependencies,...s.peerDependencies},o=new Set;for(const[a,t]of Object.entries(r)){o.add(a);const c=zo(t);c&&o.add(c)}return[...o]},"readDepsFromPackageJson"),Oo=n(async(e,s)=>{if(f("typosquats"))return!0;const r=D(e,"package.json"),o=_o(r);if(o.length===0)return!0;const a=x(o,s);if(a.length===0)return!0;w(a,"in package.json dependencies"),i.warn("Fix the package name in package.json before proceeding.");const t=await q("Continue anyway? [y/N] ");return t==="y"||t==="yes"},"scanDepsForTyposquats");export{Ao as r,Oo as s};
1
+ var $=Object.defineProperty;var m=(e,s)=>$(e,"name",{value:s,configurable:!0});import{createRequire as z}from"node:module";import{aC as C,i as f,p as i,a as b,e as k}from"../packem_chunks/bin.js";import{M as D,i as A,n as O}from"../packem_chunks/config.js";const _=z(import.meta.url),l=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,T=m(e=>{if(typeof l<"u"&&l.versions&&l.versions.node){const[s,r]=l.versions.node.split(".").map(Number);if(s>22||s===22&&r>=3||s===20&&r>=16)return l.getBuiltinModule(e)}return _(e)},"__cjs_getBuiltinModule"),{createInterface:M}=T("node:readline");var F=["aj","aju","av","avj","ejv","jav","jv"],N=["angula","angular-node","angularjs"],P=["auto-prefixer"],B=["aaxios","aios","axio","axioos","axios-node","axioss","axis","axiso","axois","axos","axxios"],R=["abel","babbel","babe","babel-js","babel-node","babl","bable","bbael","bebel"],S=["bcrpyt","bcrypt-node","brcypt","crypt","dcrypt"],W=["bcryptjs-node","dcryptjs"],L=["bunan","bunya","bunyan-node","buynan"],E=["cai","cha","chaijs","chal","chi","chia","hai"],U=["cahlk","calk","cchalk","ch4lk","cha1k","chaalk","chaik","chak","chakl","chalk-node","chalkk","challk","chhalk","chlak","chlk","halk","hcalk"],V=["cheero","cherio"],I=["c0lor","ccolor","clor","colo","coloor","color-js","colorjs","colorr","colr","coolor","coolr"],J=["ccolors","colors-node","colorss","colorz","colrs","coolors"],Y=["c0mmander","ccommander","cmmander","cmomander","co-mmander","comamnder","comander","comm4nder","commaander","commader","commadner","commamder","command3r","commandder","commande","commandeer","commander-js","commanderr","commandr","commandre","commanedr","commaner","commannder","commender","commmander","commnader","commnder","coommander","ocmmander","ommander"],G=["cor","corss","cos","cosr","cros","crs","ors"],H=["days"],K=["d3bug","dbeug","dbug","ddebug","debbug","debg","debgu","debu","debu9","debug-js","debug-node","debugg","debugjs","debuug","deebug","deubg","deug","ebug","edbug"],Q=["dot-env","dotenv-node","dotenvjs","dotevn"],X=["3lectron","eectron","eelctron","eelectron","el3ctron","elcetron","elctron","elecctron","elecron","elecrton","electon","electorn","electr0n","electrn","electrno","electro","electrom","electron-node","electronn","electroon","electrron","electtron","eleectron","eletcron","eletron","ellectron","lectron","leectron"],Z=["asbuild","ebuild","esbuild-node","esbuildjs","ezbuild","sbuild"],ee=["aslint","elint","eslint-js","eslint-node","eslit","ezlint","slint"],oe=["eexpress","epress","epxress","experss","expess","exppress","expreess","expres","express-node","expressjs","expresss","exprress","exprses","exprss","exress","exrpess","exxpress","xepress","xpress"],se=["astify"],re=["firebasejs"],ae=["form1dable"],te=["glb","glo","glob-js","globjs","gob","golb","lob"],ne=["go","goot","gotjs","gott","gt","gto","ogt","ot","qot"],ce=["helmetjs","helnet"],ie=["homo","hon","hoo","hoon","ohno","ono"],de=["inquire","inquirer-js","nquirer"],le=["iredis"],me=["ejst","est","jast","jes","jestjs","jestt","jet","jets","jst"],pe=["imp","jim","jip","jmp"],ue=["ji","jio","jo","joii","jol","oi","oji"],ve=["jdom","jsdm","jsdo","jsdom-js","jsdon","jsom","sdom"],he=["jsonwebtoken-js","jsonwebtoken-node"],je=["ka","kao","ko","koaa","koajs","koe","oa","oka"],be=["1odash","iodash","l0dash","ldash","ldoash","llodash","lo-dash","loadsh","loash","lobash","lod4sh","lodaash","lodah","lodahs","lodas","lodash-node","lodashh","lodassh","loddash","lodesh","lodsah","lodsh","loodash","odash","oldash"],ke=["luca","luci","lucie"],ge=["luon","luxo","luxon-js"],fe=["imcromatch","mciromatch","micormatch","micrmoatch","micro-match","microamtch","micromacth","micromathc","micromtach","mircomatch"],ye=["minimath"],xe=["mcha","mmocha","moca","moch","mocha-js","moha","nocha","ocha"],we=["m0ment","mment","mmoent","mmoment","moemnt","moent","mom3nt","momeent","momemt","momen","momen7","momennt","moment-js","momentjs","momentt","momet","mometn","momment","momnet","momnt","monent","mooment","oment","omment"],qe=["mognoose","mogoose","mongoos","mongose","monqoose","moongoose"],$e=["moran","organ"],ze=["muler","multer-js","muter"],_e=["mysql"],Te=["ext","mext","n3xt","naxt","net","netx","nex","next-js","next-node","nextjs","nxt"],Me=["node-mailer","nodemailer-js"],Ce=["nodemo","nodemonjs","nodmeon"],De=["oar","or","ora-node","ore","ra","roa"],Ae=["arcel","parce","parceljs"],Oe=["passport-js"],Fe=["phase","phaser-node"],Ne=["ino","pimo","pin","pino-node","pinojs","pio","pion"],Pe=["playright","playwright-js"],Be=["postcss-js","postcss-node","potscss"],Re=["pettier","pprettier","pretier","prettierjs","prettierr","prtetier"],Se=["prima","prism","prisma-js","prismajs","prizma"],We=["pupeteer"],Le=["rada","rama","ramd","randa"],Ee=["eact","eract","r3act","raact","ract","raect","re4ct","reaact","reac","reac7","reacct","react-node","reactjs","reactt","reat","reatc","recat","rect","reeact","reect","rreact"],Ue=["erdis","radis","rdis","redi","redis-js","redis-node","rediss","rediz","reds","reis","rredis"],Ve=["resen","rsend"],Ie=["ollup","rollup-js","rollup-node"],Je=["ass","asss","sas","sass-node","sess","ssas","sss"],Ye=["emver","seemver","semver-node","semvre","senver","sever"],Ge=["sequelize-js","sequelize-node"],He=["harp","shap","shar","sharp-js","sharpjs"],Ke=["stipe","strip","stripe-node","tripe"],Qe=["supabase-js"],Xe=["suelte","svelt3","svelte-js","sveltejs","velte"],Ze=["tailwindcss-js"],eo=["auri","taui"],oo=["hree","htree","thee","there","three-js","three-node","tree"],so=["stx","sx","ts","tsxx","ttsx","tx","txs","tzx"],ro=["ttypescript","typecript","typescipt","typescript-node","typescriptjs","typescrit","typescritp"],ao=["udnerscore","undercore","underscoer","underscore-node","underscroe","undersocre","undesrcore"],to=["uid","uud","uudi","uui","uuid-js","uuid-node","uuidjs","vuid"],no=["ite","vie","vit","vita","vite-node","vitee","vlte","vte"],co=["itest","uitest","vitestjs","vitezt","vittest","vtest"],io=["ue","uue","uve","ve","veu","vu","vu3","vua","vue-node","vuee","vuejs","vuue","vve","vvue"],lo=["web-pack","weback","webpac","webpack-node","webpackjs","webpak","weebpack","wepack","wepback"],mo=["winson","winston-js","winstoon"],po=["up","uyp","yp","yu","yupjs","yupp"],uo=["od","zd","zdo","zo","zob","zod-js","zodjs"];const vo={ajv:F,angular:N,autoprefixer:P,"aws-sdk":["awssdk","ews-sdk"],axios:B,babel:R,bcrypt:S,bcryptjs:W,"body-parser":["body-paresr","body-parse","body-parser-js","body_parser"],bunyan:L,chai:E,chalk:U,cheerio:V,color:I,colors:J,commander:Y,"cookie-parser":["cookie-parse","cookieparser"],cors:G,"cross-env":["crossenv"],"date-fns":["data-fns","date-fn"],dayjs:H,debug:K,dotenv:Q,electron:X,esbuild:Z,eslint:ee,express:oe,fastify:se,firebase:re,formidable:ae,glob:te,got:ne,helmet:ce,hono:ie,inquirer:de,ioredis:le,jest:me,jimp:pe,joi:ue,jsdom:ve,jsonwebtoken:he,koa:je,lodash:be,lucia:ke,luxon:ge,micromatch:fe,minimatch:ye,mocha:xe,moment:we,mongoose:qe,morgan:$e,multer:ze,mysql2:_e,next:Te,"node-fetch":["node-fecth","node-fethc","node.fetch"],nodemailer:Me,nodemon:Ce,ora:De,parcel:Ae,passport:Oe,phaser:Fe,pino:Ne,playwright:Pe,postcss:Be,prettier:Re,prisma:Se,puppeteer:We,ramda:Le,react:Ee,"react-dom":["eact-dom","eract-dom","r3act-dom","ract-dom","raect-dom","re4ct-dom","reaact-dom","reac-dom","reac7-dom","reacct-dom","react-bom","react-d0m","react-ddom","react-dm","react-dmo","react-do","react-domm","react-don","react-doom","react-odm","react-om","react.dom","reactdom","reactt-dom","reat-dom","reatc-dom","recat-dom","rect-dom","reeact-dom","rreact-dom"],redis:Ue,resend:Ve,rollup:Ie,sass:Je,semver:Ye,sequelize:Ge,sharp:He,"socket.io":["ocket.io","oscket.io","scket.io","scoket.io","soccket.io","socekt.io","socet.io","sock3t.io","socke.io","socke7.io","sockeet.io","socket.1o","socket.i","socket.iio","socket.ioo","socket.lo","socket.o","socket.oi","sockett.io","sockket.io","sockt.io","sockte.io","sokcet.io","soket.io","soocket.io","ssocket.io"],stripe:Ke,supabase:Qe,svelte:Xe,tailwindcss:Ze,tauri:eo,three:oo,"ts-node":["tts-node"],tsx:so,typescript:ro,underscore:ao,uuid:to,vite:no,vitest:co,vue:io,webpack:lo,winston:mo,yup:po,zod:uo};var v,g;function ho(){return g||(g=1,v={"@tanstack/start":["start-tanstack-app","tanstack","tanstack-app","tanstack-start"]}),v}m(ho,"requireTyposquatsManual");var jo=ho();const bo=C(jo);var ko=Object.defineProperty,n=m((e,s)=>ko(e,"name",{value:s,configurable:!0}),"c");const go={a:["4","e"],b:["d"],d:["b"],e:["3","a"],g:["9","q"],i:["1","l"],l:["1","i"],m:["n"],n:["m"],o:["0"],s:["5","z"],t:["7"],u:["v"],v:["u"]},fo=["app","cli","core","kit","lib","pkg","sdk"],yo=n(e=>{const s=new Set;if(e.length<3)return s;for(let o=0;o<e.length;o++){const a=e[o],t=a==="-"||a==="."||a==="_";if(t||s.add(e.slice(0,o)+e.slice(o+1)),t||s.add(e.slice(0,o)+a+e.slice(o)),o<e.length-1&&e[o]!==e[o+1]){const u=e[o+1]==="-"||e[o+1]==="."||e[o+1]==="_";if(!t&&!u){const d=[...e];[d[o],d[o+1]]=[d[o+1],d[o]],s.add(d.join(""))}}const c=e[o].toLowerCase(),j=go[c];if(j)for(const u of j)s.add(e.slice(0,o)+u+e.slice(o+1))}const r=/[-._]/g;if(r.test(e))s.add(e.replaceAll(r,"")),s.add(e.replaceAll(r,"-")),s.add(e.replaceAll(r,".")),s.add(e.replaceAll(r,"_"));else if(e.length>5)for(let o=2;o<e.length-2;o++)s.add(`${e.slice(0,o)}-${e.slice(o)}`),s.add(`${e.slice(0,o)}.${e.slice(o)}`),s.add(`${e.slice(0,o)}_${e.slice(o)}`);if(e.startsWith("@")||(s.add(`${e}-js`),s.add(`${e}js`),s.add(`${e}-node`)),e.startsWith("@")){const o=e.indexOf("/");if(o>1&&o<e.length-1){const a=e.slice(1,o),t=e.slice(o+1);a.length>=3&&s.add(a);for(const c of["","-",".","_"])s.add(`${a}${c}${t}`),s.add(`${t}${c}${a}`);for(const c of fo)s.add(`${a}-${c}`),s.add(`${t}-${a}-${c}`),s.add(`${c}-${a}-${t}`)}}return s.delete(e),s},"generateVariants");let h,p;const y=n(()=>{if(!h){const e={};for(const s of[vo,bo])for(const[r,o]of Object.entries(s)){const a=e[r]??(e[r]=[]);for(const t of o)a.includes(t)||a.push(t)}h=e}return h},"loadBlocklist"),xo=n(()=>{if(!p){p=new Map;for(const[e,s]of Object.entries(y()))for(const r of s)p.set(r,e)}return p},"getReverseLookup"),wo=n(e=>e.startsWith("@")?e.split("/")[1]??e:e,"bareName"),qo=n(e=>{const s=wo(e),r=xo().get(s);if(r)return{input:e,legitimate:r,method:"blocklist"};for(const o of Object.keys(y()))if(yo(o).has(s))return{input:e,legitimate:o,method:"heuristic"}},"checkTyposquat"),x=n((e,s)=>{const r=s?new Set(s):void 0,o=[];for(const a of e){if(r?.has(a))continue;const t=qo(a);t&&o.push(t)}return o},"checkTyposquats"),w=n((e,s)=>{i.warn(""),i.warn(b(`Possible typosquat${e.length===1?"":"s"} ${s}:`));for(const r of e){const o=r.method==="blocklist"?"known typosquat":"similar name";i.warn(` ${k("⚠")} ${b(r.input)} — did you mean ${k(r.legitimate)}? (${o})`)}i.warn("")},"printTyposquatWarnings"),q=n(async e=>{if(!process.stdin.isTTY){i.warn("Aborting: potential typosquat detected in non-interactive mode. Use --no-typosquat-check to skip.");return}const s=M({input:process.stdin,output:process.stdout}),r=await new Promise(o=>{s.question(e,a=>{o(a.trim().toLowerCase())})});return s.close(),r},"askConfirmation"),Ao=n(async(e,s)=>{if(f("typosquats"))return{ok:!0,packages:e};const r=x(e,s);if(r.length===0)return{ok:!0,packages:e};w(r,"detected");const o=await q(`Use suggested package${r.length===1?"":"s"} instead? [S]uggested / [y]es, keep original / [N]o, abort (default: N) `);if(o===void 0)return{ok:!1,packages:e};if(o==="s"||o==="suggested"){const a=new Map(r.map(t=>[t.input,t.legitimate]));return{ok:!0,packages:e.map(t=>a.get(t)??t)}}return o==="y"||o==="yes"?{ok:!0,packages:e}:{ok:!1,packages:e}},"runTyposquatCheck"),$o=/^(?:npm|pnpm|yarn):(.+?)(?:@.*)?$/,zo=n(e=>$o.exec(e)?.[1],"parseAliasTarget"),_o=n(e=>{if(!A(e))return[];const s=O(e),r={...s.dependencies,...s.devDependencies,...s.optionalDependencies,...s.peerDependencies},o=new Set;for(const[a,t]of Object.entries(r)){o.add(a);const c=zo(t);c&&o.add(c)}return[...o]},"readDepsFromPackageJson"),Oo=n(async(e,s)=>{if(f("typosquats"))return!0;const r=D(e,"package.json"),o=_o(r);if(o.length===0)return!0;const a=x(o,s);if(a.length===0)return!0;w(a,"in package.json dependencies"),i.warn("Fix the package name in package.json before proceeding.");const t=await q("Continue anyway? [y/N] ");return t==="y"||t==="yes"},"scanDepsForTyposquats");export{Ao as r,Oo as s};
package/dist/packem_shared/{verify-07kUNTuP.js → verify-CQbzknur.js} RENAMED
@@ -1 +1 @@
1
- var u=Object.defineProperty;var g=(n,s)=>u(n,"name",{value:s,configurable:!0});import{createRequire as m}from"node:module";import{M as i,i as a,$ as f}from"../packem_chunks/config.js";import{u as $}from"../packem_chunks/bin.js";const j=m(import.meta.url),k=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,b=g(n=>{if(typeof k<"u"&&k.versions&&k.versions.node){const[s,o]=k.versions.node.split(".").map(Number);if(s>22||s===22&&o>=3||s===20&&o>=16)return k.getBuiltinModule(n)}return j(n)},"__cjs_getBuiltinModule"),{readdirSync:v}=b("node:fs");var w=Object.defineProperty,l=g((n,s)=>w(n,"name",{value:s,configurable:!0}),"o");const _=[".husky/pre-commit",".vis-hooks/pre-commit",".git/hooks/pre-commit"],D=[".secretlintrc",".secretlintrc.json",".secretlintrc.js",".secretlintrc.mjs",".secretlintrc.cjs",".secretlintrc.yml",".secretlintrc.yaml"],S=[".syncpackrc",".syncpackrc.json",".syncpackrc.yaml",".syncpackrc.yml",".syncpackrc.cjs",".syncpackrc.js",".syncpackrc.mjs",".syncpackrc.ts","syncpack.config.cjs","syncpack.config.js","syncpack.config.mjs","syncpack.config.ts"],M=l(n=>{const s=i(n,"package.json");if(!a(s))return[];let o;try{o=JSON.parse(f(s))}catch{return[]}const e=[];if(o.scripts)for(const[t,c]of Object.entries(o.scripts))typeof c=="string"&&(/\bgitleaks\b/.test(c)&&e.push({detail:`Script "${t}" still invokes gitleaks: ${c}`,kind:"script",location:"package.json",tool:"gitleaks"}),/\bsecretlint\b/.test(c)&&e.push({detail:`Script "${t}" still invokes secretlint: ${c}`,kind:"script",location:"package.json",tool:"secretlint"}),/\bsyncpack\b/.test(c)&&e.push({detail:`Script "${t}" still invokes syncpack: ${c}`,kind:"script",location:"package.json",tool:"syncpack"}),/\bsherif\b/.test(c)&&e.push({detail:`Script "${t}" still invokes sherif: ${c}`,kind:"script",location:"package.json",tool:"sherif"}));if(o.devDependencies)for(const t of Object.keys(o.devDependencies))(t==="gitleaks"||t==="@gitleaks/cli")&&e.push({detail:`devDependency \`${t}\` is still installed`,kind:"devDep",location:"package.json",tool:"gitleaks"}),(t==="secretlint"||t.startsWith("@secretlint/"))&&e.push({detail:`devDependency \`${t}\` is still installed`,kind:"devDep",location:"package.json",tool:"secretlint"}),t==="syncpack"&&e.push({detail:`devDependency \`${t}\` is still installed`,kind:"devDep",location:"package.json",tool:"syncpack"}),t==="sherif"&&e.push({detail:`devDependency \`${t}\` is still installed`,kind:"devDep",location:"package.json",tool:"sherif"});return o.sherif&&e.push({detail:"`sherif` config block still present in package.json",kind:"config",location:"package.json",tool:"sherif"}),e},"scanPackageJson"),O=l(n=>{const s=[];for(const o of _){const e=i(n,o);if(!a(e))continue;const t=f(e);/\bgitleaks\b/.test(t)&&s.push({detail:"gitleaks invocation still present in hook",kind:"hook",location:o,tool:"gitleaks"}),/\bsecretlint\b/.test(t)&&s.push({detail:"secretlint invocation still present in hook",kind:"hook",location:o,tool:"secretlint"}),/\bsyncpack\b/.test(t)&&s.push({detail:"syncpack invocation still present in hook",kind:"hook",location:o,tool:"syncpack"}),/\bsherif\b/.test(t)&&s.push({detail:"sherif invocation still present in hook",kind:"hook",location:o,tool:"sherif"})}return s},"scanHooks"),C=l(n=>{const s=[];for(const o of D)a(i(n,o))&&s.push({detail:"secretlint config should be removed after migration",kind:"config",location:o,tool:"secretlint"});for(const o of S)a(i(n,o))&&s.push({detail:"syncpack config should be removed after migration",kind:"config",location:o,tool:"syncpack"});return s},"scanConfigs"),N=[".github/workflows",".gitlab-ci.yml",".circleci/config.yml",".woodpecker.yml",".drone.yml"],q=l(n=>{const s=[],o=l(e=>{const t=i(n,e);if(!a(t))return;const c=f(t);/\bsyncpack\b/.test(c)&&s.push({detail:"syncpack invocation still present in CI",kind:"ci",location:e,tool:"syncpack"}),/\bsherif\b/.test(c)&&s.push({detail:"sherif invocation still present in CI",kind:"ci",location:e,tool:"sherif"})},"scanFile");for(const e of N){const t=i(n,e);if(a(t)){if(e===".github/workflows"){try{for(const c of v(t))(c.endsWith(".yml")||c.endsWith(".yaml"))&&o(`.github/workflows/${c}`)}catch{}continue}o(e)}}return s},"scanCi"),I=l(n=>{const s=[],o=i(n,"pnpm-workspace.yaml");if(a(o)){let t;try{t=$(o)}catch{t=void 0}if(t&&typeof t=="object"){const c=t.catalog;c&&typeof c.syncpack=="string"&&s.push({detail:"`syncpack` still listed in pnpm-workspace.yaml#catalog",kind:"catalog",location:"pnpm-workspace.yaml",tool:"syncpack"});const r=t.catalogs;if(r&&typeof r=="object")for(const[d,p]of Object.entries(r))p&&typeof p.syncpack=="string"&&s.push({detail:`\`syncpack\` still listed in pnpm-workspace.yaml#catalogs.${d}`,kind:"catalog",location:"pnpm-workspace.yaml",tool:"syncpack"})}}const e=i(n,"package.json");if(a(e)){let t;try{t=JSON.parse(f(e))}catch{return s}const c=t.workspaces;if(c&&typeof c=="object"&&!Array.isArray(c)){const d=c.catalog;d&&typeof d.syncpack=="string"&&s.push({detail:"`syncpack` still listed in package.json#workspaces.catalog",kind:"catalog",location:"package.json",tool:"syncpack"});const p=c.catalogs;if(p&&typeof p=="object")for(const[h,y]of Object.entries(p))y&&typeof y.syncpack=="string"&&s.push({detail:`\`syncpack\` still listed in package.json#workspaces.catalogs.${h}`,kind:"catalog",location:"package.json",tool:"syncpack"})}const r=t.catalog;r&&typeof r.syncpack=="string"&&s.push({detail:"`syncpack` still listed in package.json#catalog",kind:"catalog",location:"package.json",tool:"syncpack"})}return s},"scanCatalogs"),J=l(n=>[...M(n),...O(n),...C(n),...q(n),...I(n)],"scanMigrationLeftovers"),B=l((n,s)=>{const o=J(n);if(o.length===0)return s.info("✓ No unmigrated gitleaks/secretlint/sherif/syncpack references found."),[];s.warn(`Found ${String(o.length)} unmigrated reference(s):`);for(const e of o)s.warn(` [${e.kind}] ${e.location} — ${e.detail}`);return o},"verifyMigration");export{J as s,B as v};
1
+ var u=Object.defineProperty;var g=(n,s)=>u(n,"name",{value:s,configurable:!0});import{createRequire as m}from"node:module";import{M as i,i as a,$ as f}from"../packem_chunks/config.js";import{o as $}from"../packem_chunks/bin.js";const j=m(import.meta.url),k=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,b=g(n=>{if(typeof k<"u"&&k.versions&&k.versions.node){const[s,o]=k.versions.node.split(".").map(Number);if(s>22||s===22&&o>=3||s===20&&o>=16)return k.getBuiltinModule(n)}return j(n)},"__cjs_getBuiltinModule"),{readdirSync:v}=b("node:fs");var w=Object.defineProperty,l=g((n,s)=>w(n,"name",{value:s,configurable:!0}),"o");const _=[".husky/pre-commit",".vis-hooks/pre-commit",".git/hooks/pre-commit"],D=[".secretlintrc",".secretlintrc.json",".secretlintrc.js",".secretlintrc.mjs",".secretlintrc.cjs",".secretlintrc.yml",".secretlintrc.yaml"],S=[".syncpackrc",".syncpackrc.json",".syncpackrc.yaml",".syncpackrc.yml",".syncpackrc.cjs",".syncpackrc.js",".syncpackrc.mjs",".syncpackrc.ts","syncpack.config.cjs","syncpack.config.js","syncpack.config.mjs","syncpack.config.ts"],M=l(n=>{const s=i(n,"package.json");if(!a(s))return[];let o;try{o=JSON.parse(f(s))}catch{return[]}const e=[];if(o.scripts)for(const[t,c]of Object.entries(o.scripts))typeof c=="string"&&(/\bgitleaks\b/.test(c)&&e.push({detail:`Script "${t}" still invokes gitleaks: ${c}`,kind:"script",location:"package.json",tool:"gitleaks"}),/\bsecretlint\b/.test(c)&&e.push({detail:`Script "${t}" still invokes secretlint: ${c}`,kind:"script",location:"package.json",tool:"secretlint"}),/\bsyncpack\b/.test(c)&&e.push({detail:`Script "${t}" still invokes syncpack: ${c}`,kind:"script",location:"package.json",tool:"syncpack"}),/\bsherif\b/.test(c)&&e.push({detail:`Script "${t}" still invokes sherif: ${c}`,kind:"script",location:"package.json",tool:"sherif"}));if(o.devDependencies)for(const t of Object.keys(o.devDependencies))(t==="gitleaks"||t==="@gitleaks/cli")&&e.push({detail:`devDependency \`${t}\` is still installed`,kind:"devDep",location:"package.json",tool:"gitleaks"}),(t==="secretlint"||t.startsWith("@secretlint/"))&&e.push({detail:`devDependency \`${t}\` is still installed`,kind:"devDep",location:"package.json",tool:"secretlint"}),t==="syncpack"&&e.push({detail:`devDependency \`${t}\` is still installed`,kind:"devDep",location:"package.json",tool:"syncpack"}),t==="sherif"&&e.push({detail:`devDependency \`${t}\` is still installed`,kind:"devDep",location:"package.json",tool:"sherif"});return o.sherif&&e.push({detail:"`sherif` config block still present in package.json",kind:"config",location:"package.json",tool:"sherif"}),e},"scanPackageJson"),O=l(n=>{const s=[];for(const o of _){const e=i(n,o);if(!a(e))continue;const t=f(e);/\bgitleaks\b/.test(t)&&s.push({detail:"gitleaks invocation still present in hook",kind:"hook",location:o,tool:"gitleaks"}),/\bsecretlint\b/.test(t)&&s.push({detail:"secretlint invocation still present in hook",kind:"hook",location:o,tool:"secretlint"}),/\bsyncpack\b/.test(t)&&s.push({detail:"syncpack invocation still present in hook",kind:"hook",location:o,tool:"syncpack"}),/\bsherif\b/.test(t)&&s.push({detail:"sherif invocation still present in hook",kind:"hook",location:o,tool:"sherif"})}return s},"scanHooks"),C=l(n=>{const s=[];for(const o of D)a(i(n,o))&&s.push({detail:"secretlint config should be removed after migration",kind:"config",location:o,tool:"secretlint"});for(const o of S)a(i(n,o))&&s.push({detail:"syncpack config should be removed after migration",kind:"config",location:o,tool:"syncpack"});return s},"scanConfigs"),N=[".github/workflows",".gitlab-ci.yml",".circleci/config.yml",".woodpecker.yml",".drone.yml"],q=l(n=>{const s=[],o=l(e=>{const t=i(n,e);if(!a(t))return;const c=f(t);/\bsyncpack\b/.test(c)&&s.push({detail:"syncpack invocation still present in CI",kind:"ci",location:e,tool:"syncpack"}),/\bsherif\b/.test(c)&&s.push({detail:"sherif invocation still present in CI",kind:"ci",location:e,tool:"sherif"})},"scanFile");for(const e of N){const t=i(n,e);if(a(t)){if(e===".github/workflows"){try{for(const c of v(t))(c.endsWith(".yml")||c.endsWith(".yaml"))&&o(`.github/workflows/${c}`)}catch{}continue}o(e)}}return s},"scanCi"),I=l(n=>{const s=[],o=i(n,"pnpm-workspace.yaml");if(a(o)){let t;try{t=$(o)}catch{t=void 0}if(t&&typeof t=="object"){const c=t.catalog;c&&typeof c.syncpack=="string"&&s.push({detail:"`syncpack` still listed in pnpm-workspace.yaml#catalog",kind:"catalog",location:"pnpm-workspace.yaml",tool:"syncpack"});const r=t.catalogs;if(r&&typeof r=="object")for(const[d,p]of Object.entries(r))p&&typeof p.syncpack=="string"&&s.push({detail:`\`syncpack\` still listed in pnpm-workspace.yaml#catalogs.${d}`,kind:"catalog",location:"pnpm-workspace.yaml",tool:"syncpack"})}}const e=i(n,"package.json");if(a(e)){let t;try{t=JSON.parse(f(e))}catch{return s}const c=t.workspaces;if(c&&typeof c=="object"&&!Array.isArray(c)){const d=c.catalog;d&&typeof d.syncpack=="string"&&s.push({detail:"`syncpack` still listed in package.json#workspaces.catalog",kind:"catalog",location:"package.json",tool:"syncpack"});const p=c.catalogs;if(p&&typeof p=="object")for(const[h,y]of Object.entries(p))y&&typeof y.syncpack=="string"&&s.push({detail:`\`syncpack\` still listed in package.json#workspaces.catalogs.${h}`,kind:"catalog",location:"package.json",tool:"syncpack"})}const r=t.catalog;r&&typeof r.syncpack=="string"&&s.push({detail:"`syncpack` still listed in package.json#catalog",kind:"catalog",location:"package.json",tool:"syncpack"})}return s},"scanCatalogs"),J=l(n=>[...M(n),...O(n),...C(n),...q(n),...I(n)],"scanMigrationLeftovers"),B=l((n,s)=>{const o=J(n);if(o.length===0)return s.info("✓ No unmigrated gitleaks/secretlint/sherif/syncpack references found."),[];s.warn(`Found ${String(o.length)} unmigrated reference(s):`);for(const e of o)s.warn(` [${e.kind}] ${e.location} — ${e.detail}`);return o},"verifyMigration");export{J as s,B as v};
package/dist/packem_shared/{vis-update-app-CFrlJ3mW.js → vis-update-app-Bnu1EIgE.js} RENAMED
@@ -1 +1 @@
1
- var fe=Object.defineProperty;var T=(s,l)=>fe(s,"name",{value:l,configurable:!0});import{jsxs as t,jsx as r,Fragment as Z}from"react/jsx-runtime";import{Box as i}from"@visulima/tui/components/box";import{Spinner as we}from"@visulima/tui/components/spinner";import{Text as e}from"@visulima/tui/components/text";import{useWindowSize as se}from"@visulima/tui/hooks/use-window-size";import{useSyncExternalStore as ye,useState as L,useRef as W,useMemo as be,useCallback as he,useEffect as Ce}from"react";import{Dialog as ee}from"@visulima/tui/components/dialog";import{useApp as ke}from"@visulima/tui/hooks/use-app";import{useInput as xe}from"@visulima/tui/hooks/use-input";import{W as ue,aT as ae}from"../packem_chunks/bin.js";import{ScrollView as Te}from"@visulima/tui/components/scroll-view";import{ScrollBar as Se}from"@visulima/tui/components/scroll-bar";import{Tab as ve}from"@visulima/tui/components/tab";import{Tabs as Ae}from"@visulima/tui/components/tabs";import{u as Re}from"./use-measured-height-DjYgUOKk.js";var Ee=Object.defineProperty,Ie=T((s,l)=>Ee(s,"name",{value:l,configurable:!0}),"a$1");const pr=Ie(({current:s,total:l})=>{const{columns:h}=se(),c=h||80,p=l>0?Math.min(1,s/l):0,a=`${String(Math.round(p*100)).padStart(3)}%`,y=`${String(s)}/${String(l)}`,b=Math.max(10,c-2-a.length-1),m=Math.round(b*p),f=b-m;return t(i,{flexDirection:"column",paddingX:1,children:[t(i,{children:[r(we,{type:"dots"}),r(e,{children:" Checking catalog dependencies "}),r(e,{dimColor:!0,children:y})]}),t(i,{children:[r(e,{color:"cyan",children:"━".repeat(m)}),r(e,{dimColor:!0,children:"─".repeat(f)}),t(e,{dimColor:!0,children:[" ",a]})]})]})},"CheckProgressApp");var De=Object.defineProperty,H=T((s,l)=>De(s,"name",{value:l,configurable:!0}),"r");const z=H(s=>{const l=new Map;for(const h of s){const c=l.get(h.catalogName);c?c.push(h):l.set(h.catalogName,[h])}return l},"groupByCatalog"),Q=H((s,l,h)=>{let c=s;if(l!=="all"&&(c=l==="security"?c.filter(p=>p.vulnerabilities&&p.vulnerabilities.length>0||p.socketReport&&p.socketReport.alerts.length>0):c.filter(p=>p.updateType===l)),h){const p=h.toLowerCase();c=c.filter(a=>a.packageName.toLowerCase().includes(p))}return c},"filterEntries");class gr{static{T(this,"UpdateStore")}static{H(this,"UpdateStore")}#e;#l=new Set;#t;#i=null;constructor(l,h=null){this.#t=l,h&&(this.#i=new Map(h.recommendations.map(c=>[c.package,c]))),this.#e={aiResult:h,allChecked:!0,applyProgress:null,checkedEntries:new Set(l.map(c=>c.packageName)),entries:l,error:null,filterActive:!1,filterText:"",filterType:"all",focusedPanel:"list",groupedByCatalog:z(l),phase:"browsing",selectedIndex:0}}getSnapshot=H(()=>this.#e,"getSnapshot");subscribe=H(l=>(this.#l.add(l),()=>{this.#l.delete(l)}),"subscribe");getFilteredEntries(){return Q(this.#t,this.#e.filterType,this.#e.filterText)}getRecommendation(l){return this.#i?.get(l)}getCheckedEntries(){return this.#t.filter(l=>this.#e.checkedEntries.has(l.packageName))}setSelectedIndex(l){const h=this.getFilteredEntries(),c=Math.max(0,Math.min(l,h.length-1));c!==this.#e.selectedIndex&&this.#r({...this.#e,selectedIndex:c})}setFocusedPanel(l){l!==this.#e.focusedPanel&&this.#r({...this.#e,focusedPanel:l})}setFilterType(l){if(l!==this.#e.filterType){const h=Q(this.#t,l,this.#e.filterText);this.#r({...this.#e,entries:h,filterType:l,groupedByCatalog:z(h),selectedIndex:0})}}setFilter(l){const h=Q(this.#t,this.#e.filterType,l);this.#r({...this.#e,entries:h,filterText:l,groupedByCatalog:z(h),selectedIndex:0})}setFilterActive(l){if(l!==this.#e.filterActive)if(l)this.#r({...this.#e,filterActive:!0});else{const h=Q(this.#t,this.#e.filterType,"");this.#r({...this.#e,entries:h,filterActive:!1,filterText:"",groupedByCatalog:z(h),selectedIndex:0})}}toggleCheck(l){const h=new Set(this.#e.checkedEntries);h.has(l)?h.delete(l):h.add(l),this.#r({...this.#e,allChecked:h.size===this.#t.length,checkedEntries:h})}checkAll(){this.#r({...this.#e,allChecked:!0,checkedEntries:new Set(this.#t.map(l=>l.packageName))})}uncheckAll(){this.#r({...this.#e,allChecked:!1,checkedEntries:new Set})}toggleAll(){this.#e.allChecked?this.uncheckAll():this.checkAll()}startApply(){const l=this.getCheckedEntries();this.#r({...this.#e,applyProgress:{current:0,total:l.length},phase:"applying"})}updateApplyProgress(l){this.#e.applyProgress&&this.#r({...this.#e,applyProgress:{...this.#e.applyProgress,current:l}})}markDone(){this.#r({...this.#e,phase:"done"})}setError(l){this.#r({...this.#e,error:l,phase:"error"})}#r(l){this.#e=l;for(const h of this.#l)try{h()}catch{}}}var Be=Object.defineProperty,Ne=T((s,l)=>Be(s,"name",{value:l,configurable:!0}),"d");const Pe={major:"red",minor:"yellow",patch:"green"},Le={CRITICAL:"red",HIGH:"red",LOW:"gray",MODERATE:"yellow",UNKNOWN:"gray"},Me={critical:"red",high:"red",low:"gray",medium:"yellow"},je={critical:"red",high:"red",low:"green",medium:"yellow"},$e={defer:"gray",review:"yellow",skip:"red",update:"green"},Fe=Ne(({changelogUrl:s,entry:l,focused:h,recommendation:c,scrollRef:p})=>{const a=h?"white":"gray";if(!l)return r(i,{alignItems:"center",borderColor:"gray",borderStyle:"single",flexDirection:"column",flexGrow:1,justifyContent:"center",children:r(e,{dimColor:!0,children:"No package selected"})});const y=Pe[l.updateType]??"white",b=l.vulnerabilities&&l.vulnerabilities.length>0,m=l.socketReport?.score.overall??0,f=l.socketReport?ue(m):"gray";return t(i,{borderColor:a,borderStyle:"single",flexDirection:"column",flexGrow:1,children:[r(i,{flexShrink:0,paddingTop:1,paddingX:2,children:r(e,{bold:!0,color:"white",children:l.packageName})}),t(Te,{flexGrow:1,flexShrink:1,paddingX:2,ref:p,scrollbar:!0,scrollbarColor:"gray",scrollbarStyle:"block",children:[r(e,{}),t(i,{children:[r(i,{width:12,children:r(e,{dimColor:!0,children:"Current:"})}),r(e,{children:l.currentRange})]}),t(i,{children:[r(i,{width:12,children:r(e,{dimColor:!0,children:"Target:"})}),r(e,{children:l.newRange}),t(e,{bold:!0,color:y,children:[" ","(",l.updateType,")"]})]}),t(i,{children:[r(i,{width:12,children:r(e,{dimColor:!0,children:"Version:"})}),r(e,{children:l.targetVersion})]}),t(i,{children:[r(i,{width:12,children:r(e,{dimColor:!0,children:"Catalog:"})}),r(e,{children:l.catalogName})]}),l.acceptedRisk&&t(i,{flexDirection:"column",marginTop:1,children:[r(e,{color:"gray",children:"── "}),r(e,{bold:!0,color:"gray",children:"ACKNOWLEDGED RISK"}),t(i,{flexDirection:"column",paddingLeft:2,children:[t(i,{children:[r(e,{dimColor:!0,children:"Reason: "}),r(e,{children:l.acceptedRisk.reason})]}),t(i,{children:[r(e,{dimColor:!0,children:"Accepted: "}),r(e,{children:l.acceptedRisk.acceptedAt.slice(0,10)})]})]})]}),b&&t(i,{flexDirection:"column",marginTop:1,children:[r(e,{dimColor:!0,children:"── "}),r(e,{bold:!0,color:"red",children:"SECURITY"}),r(e,{}),l.vulnerabilities.map(o=>t(i,{flexDirection:"column",marginBottom:1,children:[t(i,{gap:1,children:[t(e,{bold:!0,color:Le[o.severity]??"gray",children:["⚠"," ",o.severity]}),r(e,{bold:!0,children:o.id})]}),r(i,{paddingLeft:2,children:r(e,{children:o.summary})}),t(i,{gap:2,paddingLeft:2,children:[o.cvssScore!==void 0&&t(e,{dimColor:!0,children:["CVSS:",String(o.cvssScore)]}),o.fixedVersions.length>0&&t(e,{dimColor:!0,children:["Fixed in:",o.fixedVersions.join(", ")]})]})]},o.id))]}),l.socketReport&&t(i,{flexDirection:"column",marginTop:1,children:[r(e,{dimColor:!0,children:"── "}),r(e,{bold:!0,color:"cyan",children:"SOCKET.DEV"}),r(e,{}),t(i,{gap:2,children:[t(i,{children:[r(e,{dimColor:!0,children:"Overall: "}),t(e,{bold:!0,color:f,children:[String(Math.round(m*100)),"%"]})]}),t(i,{children:[r(e,{dimColor:!0,children:"Supply Chain: "}),t(e,{children:[String(Math.round(l.socketReport.score.supplyChain*100)),"%"]})]}),t(i,{children:[r(e,{dimColor:!0,children:"Quality: "}),t(e,{children:[String(Math.round(l.socketReport.score.quality*100)),"%"]})]})]}),t(i,{gap:2,children:[t(i,{children:[r(e,{dimColor:!0,children:"Maintenance: "}),t(e,{children:[String(Math.round(l.socketReport.score.maintenance*100)),"%"]})]}),t(i,{children:[r(e,{dimColor:!0,children:"Vulnerability: "}),t(e,{children:[String(Math.round(l.socketReport.score.vulnerability*100)),"%"]})]}),t(i,{children:[r(e,{dimColor:!0,children:"License: "}),t(e,{children:[l.socketReport.license||"unknown"," ","(",String(Math.round(l.socketReport.score.license*100)),"%)"]})]})]}),l.socketReport.alerts.length>0&&t(i,{flexDirection:"column",marginTop:1,children:[t(e,{bold:!0,color:"yellow",children:["⚠"," ",String(l.socketReport.alerts.length)," ","alert",l.socketReport.alerts.length===1?"":"s",":"]}),l.socketReport.alerts.map(o=>t(i,{gap:1,paddingLeft:2,children:[t(e,{bold:!0,color:Me[o.severity]??"gray",children:["[",o.severity.toUpperCase(),"]"]}),r(e,{children:o.type}),t(e,{dimColor:!0,children:["(",o.category,")"]})]},o.key))]})]}),c&&t(i,{flexDirection:"column",marginTop:1,children:[r(e,{dimColor:!0,children:"── "}),r(e,{bold:!0,color:"white",children:"AI ANALYSIS"}),r(e,{}),t(i,{gap:2,children:[t(i,{children:[r(e,{dimColor:!0,children:"Action: "}),r(e,{bold:!0,color:$e[c.action]??"white",children:c.action})]}),t(i,{children:[r(e,{dimColor:!0,children:"Risk: "}),r(e,{bold:!0,color:je[c.riskLevel]??"white",children:c.riskLevel})]}),t(i,{children:[r(e,{dimColor:!0,children:"Effort: "}),r(e,{bold:!0,children:c.effort})]})]}),c.reason&&r(i,{marginTop:1,paddingLeft:2,children:r(e,{children:c.reason})}),c.breakingChanges.length>0&&t(i,{flexDirection:"column",marginTop:1,paddingLeft:2,children:[r(e,{bold:!0,color:"yellow",children:"Breaking changes:"}),c.breakingChanges.map((o,I)=>t(e,{children:[" ","•"," ",o]},String(I)))]})]}),s&&t(i,{flexDirection:"column",marginTop:1,children:[r(e,{dimColor:!0,children:"── "}),r(e,{bold:!0,color:"white",children:"CHANGELOG"}),r(i,{marginTop:1,paddingLeft:2,children:r(e,{color:"cyan",underline:!0,children:s})})]}),t(i,{flexDirection:"column",marginTop:1,children:[r(e,{dimColor:!0,children:"── "}),r(e,{bold:!0,color:"white",children:"LINKS"}),r(i,{flexDirection:"column",marginTop:1,paddingLeft:2,children:t(e,{color:"cyan",underline:!0,children:["https://npmx.dev/",l.packageName]})})]}),!c&&t(i,{flexDirection:"column",marginTop:1,children:[r(e,{dimColor:!0,children:"── "}),r(e,{bold:!0,color:"white",children:"GUIDANCE"}),t(i,{flexDirection:"column",marginTop:1,paddingLeft:2,children:[l.updateType==="major"&&t(Z,{children:[t(e,{color:"red",children:["⚠"," ","Major update — likely contains breaking changes."]}),r(e,{dimColor:!0,children:" Review the changelog before updating."}),r(e,{dimColor:!0,children:" Use --changelog to fetch release URLs."})]}),l.updateType==="minor"&&t(Z,{children:[t(e,{color:"yellow",children:["ℹ"," ","Minor update — new features, backward compatible."]}),r(e,{dimColor:!0,children:" Generally safe to update."})]}),l.updateType==="patch"&&t(Z,{children:[t(e,{color:"green",children:["✓"," ","Patch update — bug fixes only."]}),r(e,{dimColor:!0,children:" Safe to update."})]}),!c&&r(e,{dimColor:!0,children:" Use --ai to get AI-powered analysis."})]})]})]})]})},"PackageDetailPanel");var Oe=Object.defineProperty,re=T((s,l)=>Oe(s,"name",{value:l,configurable:!0}),"x");const Ue={major:"red",minor:"yellow",patch:"green"},Ge=[{id:"all",label:"All"},{id:"major",label:"Major"},{id:"minor",label:"Minor"},{id:"patch",label:"Patch"},{id:"security",label:"Security"}],He=re(({checked:s,entry:l,isSelected:h})=>{const c=Ue[l.updateType]??"white",p=l.vulnerabilities&&l.vulnerabilities.length>0,a=l.socketReport&&l.socketReport.alerts.length>0,y=!!l.acceptedRisk,b=s?"☑":"☐",m=l.socketReport?`${String(Math.round(l.socketReport.score.overall*100))}%`:"",f=l.socketReport?ue(l.socketReport.score.overall):"gray";return t(i,{flexShrink:0,height:1,children:[r(e,{children:h?">":" "}),t(e,{color:s?"white":"gray",children:[" ",b," "]}),p||a?r(e,{color:y?"gray":"red",children:y?"✓ ":"⚠ "}):r(e,{children:" "}),r(i,{flexGrow:1,children:t(e,{bold:h,inverse:h,wrap:"truncate",children:[l.packageName,y?" [ack]":""]})}),m&&t(e,{color:f,children:[" ",m]}),t(e,{dimColor:!0,children:[" ",l.currentRange]}),t(e,{dimColor:!0,children:[" ","→"," "]}),t(e,{children:[l.newRange," "]}),r(e,{bold:!0,color:c,children:l.updateType})]})},"PackageRow"),Ve=re(({count:s,name:l})=>t(i,{flexShrink:0,height:1,marginTop:1,children:[t(e,{dimColor:!0,children:["▼"," "]}),r(e,{bold:!0,color:"white",children:l.toUpperCase()}),t(e,{dimColor:!0,children:[" ","(",s,")"]})]}),"CatalogHeader"),qe=re(({checkedEntries:s,entries:l,filterActive:h,filteredOutCount:c,filterText:p,filterType:a,focused:y,groupedByCatalog:b,isDryRun:m,onViewportHeightChange:f,scrollOffset:o,selectedIndex:I,totalCatalogEntries:D,totalChecked:v,totalEntries:V,viewportHeight:M})=>{const j=y?"white":"gray",{measuredHeight:w,ref:A}=Re(M,f);let $=0,S=0,B=0,R=0;for(const g of l)g.updateType==="major"?$++:g.updateType==="minor"?S++:B++,(g.vulnerabilities&&g.vulnerabilities.length>0||g.socketReport&&g.socketReport.alerts.length>0)&&R++;const k=[];$>0&&k.push(`${$} major`),S>0&&k.push(`${S} minor`),B>0&&k.push(`${B} patch`),R>0&&k.push(`${R} vulnerable`);const N=k.length>0?` (${k.join(", ")})`:"";let x=0;for(const g of l)s.has(g.packageName)&&x++;const C=[];let q=0;for(const[g,E]of b){C.push(r(Ve,{count:E.length,name:g},`hdr-${g}`));for(const O of E){const P=q;C.push(r(He,{checked:s.has(O.packageName),entry:O,isSelected:P===I},O.packageName)),q++}}let F=0;for(const[,g]of b)F+=2+g.length;const K=F>w&&w>0;return t(i,{borderColor:j,borderStyle:"single",flexDirection:"column",flexGrow:1,children:[t(i,{flexShrink:0,gap:1,paddingX:1,children:[r(e,{bold:!0,inverse:!0,children:" VIS "}),t(e,{wrap:"truncate",children:[V,v>0?`/${v}`:""," ","outdated",N,D>v?` · ${D-v} dupes`:""]}),!m&&x>0&&t(e,{dimColor:!0,children:[" ","—",x," ","selected"]})]}),r(i,{flexShrink:0,paddingX:1,paddingY:1,children:r(Ae,{isFocused:y,keyMap:{next:[],previous:[],useNumbers:!1,useTab:!1},onChange:T(()=>{},"onChange"),showIndex:!1,value:a,children:Ge.map(({id:g,label:E})=>r(ve,{name:g,children:E},g))})}),h&&t(i,{flexShrink:0,paddingX:1,children:[r(e,{bold:!0,color:"white",children:"/ "}),r(e,{children:p}),r(e,{inverse:!0,children:" "})]}),c>0&&r(i,{flexShrink:0,paddingX:1,children:t(e,{color:"yellow",children:["⚠"," ",c," ","package",c===1?"":"s"," ","filtered out by target constraint — press"," ",r(e,{bold:!0,color:"white",children:"f"})," ","to view"]})}),t(i,{flexDirection:"row",flexGrow:1,overflow:"hidden",ref:A,children:[r(i,{flexDirection:"column",flexGrow:1,overflow:"hidden",paddingLeft:1,children:r(i,{flexDirection:"column",marginTop:-o,children:C})}),K&&r(i,{flexShrink:0,marginLeft:1,marginRight:1,children:r(Se,{contentHeight:F,placement:"inset",scrollOffset:o,style:"block",viewportHeight:w})})]},`list-${a}-${p}`)]})},"PackageListPanel");var Ke=Object.defineProperty,Xe=T((s,l)=>Ke(s,"name",{value:l,configurable:!0}),"X");const Ye=100,We=40,ze=10,Qe=[],G=["all","major","minor","patch","security"],mr=Xe(({autoExitSeconds:s=0,changelogUrls:l,checkedCount:h=0,filteredOutEntries:c=Qe,isDryRun:p,store:a,totalCatalogEntries:y=0})=>{const{exit:b}=ke(),{columns:m,rows:f}=se(),o=ye(a.subscribe,a.getSnapshot),[I,D]=L(!1),[v,V]=L(!1),M=W(null),j=W(null),w=W(null),A=W(null),[$,S]=L(0),[B,R]=L(!1),[k,N]=L(!1),x=be(()=>a.getFilteredEntries(),[o.entries,o.filterType,o.filterText]),C=x[o.selectedIndex]??null,q=C?a.getRecommendation(C.packageName):void 0,F=C&&l?l.get(C.packageName):void 0,K=he(n=>{let d=0,u=0;for(const[,J]of o.groupedByCatalog){d+=2;for(let de=0;de<J.length;de++){if(u===n)return d;d+=1,u++}}return d},[o.groupedByCatalog]),g=Math.max(1,f-8-(o.filterActive?1:0)),[E,O]=L(g),P=E>0?E:g,U=he(n=>{const d=K(n);S(u=>d>u+P-2?Math.max(0,d-P+2):d<u+1?Math.max(0,d-1):u)},[K,P]);if(Ce(()=>{w.current?.scrollToTop()},[C?.packageName]),xe((n,d)=>{if(n==="c"&&d.ctrl){b();return}if(!k){if(v){d.escape||n==="f"||n==="q"?V(!1):d.downArrow||n==="j"?j.current?.scrollBy(1):(d.upArrow||n==="k")&&j.current?.scrollBy(-1);return}if(B){n==="u"||d.return?(R(!1),a.startApply(),b(a.getCheckedEntries())):d.escape||n==="q"?R(!1):d.downArrow||n==="j"?A.current?.scrollBy(1):d.upArrow||n==="k"?A.current?.scrollBy(-1):d.pageDown?A.current?.scrollBy(5):d.pageUp&&A.current?.scrollBy(-5);return}if(I){d.escape||n==="?"?D(!1):n==="q"?(D(!1),N(!0)):d.downArrow||n==="j"?M.current?.scrollBy(1):(d.upArrow||n==="k")&&M.current?.scrollBy(-1);return}if(n==="?"){D(!0);return}if(n==="q"){N(!0);return}if(d.tab){a.setFocusedPanel(o.focusedPanel==="list"?"detail":"list");return}if(o.focusedPanel==="list"&&(d.leftArrow||d.rightArrow)){const u=G.indexOf(o.filterType),J=d.rightArrow?(u+1)%G.length:(u-1+G.length)%G.length;S(0),w.current?.scrollToTop(),a.setFilterType(G[J]);return}if(n==="f"&&c.length>0){V(u=>!u);return}if(o.filterActive){if(d.escape){a.setFilterActive(!1);return}if(d.return){a.setFilterActive(!1);return}if(d.backspace){S(0),a.setFilter(o.filterText.slice(0,-1));return}if(n&&!d.ctrl&&!d.meta){S(0),a.setFilter(o.filterText+n);return}return}if(o.focusedPanel==="list"){if(d.downArrow||n==="j"){const u=Math.min(o.selectedIndex+1,x.length-1);a.setSelectedIndex(u),U(u);return}if(d.upArrow||n==="k"){const u=Math.max(o.selectedIndex-1,0);a.setSelectedIndex(u),U(u);return}if(d.pageDown){const u=Math.min(o.selectedIndex+10,x.length-1);a.setSelectedIndex(u),U(u);return}if(d.pageUp){const u=Math.max(o.selectedIndex-10,0);a.setSelectedIndex(u),U(u);return}if(d.home){a.setSelectedIndex(0),S(0);return}if(d.end){const u=x.length-1;a.setSelectedIndex(u),U(u);return}if(n===" "||d.return){C&&a.toggleCheck(C.packageName);return}if(n==="a"){a.toggleAll();return}if(n==="/"){a.setFilterActive(!0);return}if(n==="u"&&!p&&o.checkedEntries.size>0){R(!0);return}if(d.rightArrow){a.setFocusedPanel("detail");return}return}if(o.focusedPanel==="detail"){if(d.escape||d.leftArrow){a.setFocusedPanel("list");return}if(d.downArrow||n==="j"){w.current?.scrollBy(1);return}if(d.upArrow||n==="k"){w.current?.scrollBy(-1);return}if(d.pageDown){w.current?.scrollBy(10);return}if(d.pageUp){w.current?.scrollBy(-10);return}if(d.home){w.current?.scrollToTop();return}d.end&&w.current?.scrollToBottom()}}},{isActive:!0}),m<We||f<ze)return r(i,{alignItems:"center",height:f,justifyContent:"center",width:m,children:t(e,{color:"yellow",children:["Terminal too small (",m,"x",f,")"]})});const pe=m>=Ye,X=[t(i,{gap:1,children:[r(e,{bold:!0,color:"white",children:"q"}),r(e,{dimColor:!0,children:"QUIT"})]},"q"),t(i,{gap:1,children:[r(e,{bold:!0,color:"white",children:"?"}),r(e,{dimColor:!0,children:"HELP"})]},"?"),t(i,{gap:1,children:[r(e,{bold:!0,color:"white",children:"↑↓"}),r(e,{dimColor:!0,children:"NAV"})]},"nav"),t(i,{gap:1,children:[r(e,{bold:!0,color:"white",children:"Space"}),r(e,{dimColor:!0,children:"CHECK"})]},"sp"),t(i,{gap:1,children:[r(e,{bold:!0,color:"white",children:"a"}),r(e,{dimColor:!0,children:"ALL"})]},"a")];!p&&o.checkedEntries.size>0&&X.push(t(i,{gap:1,children:[r(e,{bold:!0,color:"green",children:"u"}),r(e,{dimColor:!0,children:"APPLY"})]},"u")),c.length>0&&X.push(t(i,{gap:1,children:[r(e,{bold:!0,color:"yellow",children:"f"}),t(e,{dimColor:!0,children:["FILTERED (",c.length,")"]})]},"fo")),X.push(t(i,{gap:1,children:[r(e,{bold:!0,color:"white",children:"←→"}),r(e,{dimColor:!0,children:"FILTER"})]},"lr"),t(i,{gap:1,children:[r(e,{bold:!0,color:"white",children:"/"}),r(e,{dimColor:!0,children:"SEARCH"})]},"f"),t(i,{gap:1,children:[r(e,{bold:!0,color:"white",children:"Tab"}),r(e,{dimColor:!0,children:"PANEL"})]},"t"));const te=r(i,{borderBottom:!1,borderColor:"gray",borderLeft:!1,borderRight:!1,borderStyle:"single",flexShrink:0,children:r(i,{flexWrap:"wrap",gap:2,paddingX:1,children:X})}),le=t(ee,{footer:t(e,{dimColor:!0,children:[r(e,{bold:!0,color:"white",children:"↑↓"})," ","scroll"," ",r(e,{bold:!0,color:"white",children:"?"}),"/",r(e,{bold:!0,color:"white",children:"Esc"})," ","close"]}),scrollRef:M,title:"KEYBOARD SHORTCUTS",visible:I,width:52,children:[t(i,{flexDirection:"column",marginBottom:1,children:[t(i,{marginBottom:1,children:[r(e,{dimColor:!0,children:"── "}),r(e,{bold:!0,color:"white",children:"NAVIGATION"})]}),t(i,{children:[r(i,{width:24,children:t(e,{children:[t(e,{bold:!0,color:"white",children:[" ","↑","/k"]}),r(e,{dimColor:!0,children:" Move up"})]})}),t(e,{children:[t(e,{bold:!0,color:"white",children:[" ","↓","/j"]}),r(e,{dimColor:!0,children:" Move down"})]})]}),t(e,{children:[t(e,{bold:!0,color:"white",children:[" ","Tab"]}),r(e,{dimColor:!0,children:" Switch panel"})]}),t(e,{children:[t(e,{bold:!0,color:"white",children:[" ","→","/","←"]}),r(e,{dimColor:!0,children:" Focus detail/list"})]})]}),t(i,{flexDirection:"column",marginBottom:1,children:[t(i,{marginBottom:1,children:[r(e,{dimColor:!0,children:"── "}),r(e,{bold:!0,color:"white",children:"SELECTION"})]}),t(e,{children:[t(e,{bold:!0,color:"white",children:[" ","Space"]}),r(e,{dimColor:!0,children:" Toggle check on package"})]}),t(e,{children:[t(e,{bold:!0,color:"white",children:[" ","a"]}),r(e,{dimColor:!0,children:" Toggle check all"})]})]}),t(i,{flexDirection:"column",marginBottom:1,children:[t(i,{marginBottom:1,children:[r(e,{dimColor:!0,children:"── "}),r(e,{bold:!0,color:"white",children:"FILTERS"})]}),t(e,{children:[t(e,{bold:!0,color:"white",children:[" ","←→"]}),r(e,{dimColor:!0,children:" Switch filter tab"})]}),t(e,{children:[t(e,{bold:!0,color:"white",children:[" ","/"]}),r(e,{dimColor:!0,children:" Text filter"})]}),c.length>0&&t(e,{children:[t(e,{bold:!0,color:"white",children:[" ","f"]}),r(e,{dimColor:!0,children:" View filtered-out packages"})]})]}),t(i,{flexDirection:"column",children:[t(i,{marginBottom:1,children:[r(e,{dimColor:!0,children:"── "}),r(e,{bold:!0,color:"white",children:"ACTIONS"})]}),!p&&t(e,{children:[t(e,{bold:!0,color:"white",children:[" ","u"]}),r(e,{dimColor:!0,children:" Apply selected updates"})]}),t(e,{children:[t(e,{bold:!0,color:"white",children:[" ","q"]}),r(e,{dimColor:!0,children:" Quit"})]}),t(e,{children:[t(e,{bold:!0,color:"white",children:[" ","?"]}),r(e,{dimColor:!0,children:" Toggle help"})]})]})]}),Y=a.getCheckedEntries(),_=Y.filter(n=>n.updateType==="major").length,ge=t(i,{alignItems:"center",flexDirection:"column",children:[_>0&&r(i,{marginBottom:1,marginTop:1,children:t(e,{color:"yellow",children:["⚠"," ",_," ","major update",_===1?"":"s"," ","— review breaking changes"]})}),t(e,{dimColor:!0,children:["Press"," ",r(e,{bold:!0,color:"white",children:"u"})," ","or"," ",r(e,{bold:!0,color:"white",children:"Enter"})," ","to confirm,"," ",r(e,{bold:!0,color:"white",children:"Esc"})," ","to cancel"]})]}),ie=r(ee,{footer:ge,scrollRef:A,title:`Apply ${Y.length} update${Y.length===1?"":"s"}?`,visible:B,width:70,children:Y.map(n=>t(i,{gap:1,children:[t(e,{children:[" ",n.packageName]}),t(e,{dimColor:!0,children:[n.currentRange," ","→"," ",n.newRange]}),r(e,{bold:!0,color:n.updateType==="major"?"red":n.updateType==="minor"?"yellow":"green",children:n.updateType})]},n.packageName))}),oe=c.length>0?r(ee,{footer:t(e,{dimColor:!0,children:[r(e,{bold:!0,color:"white",children:"↑↓"})," ","scroll"," ",r(e,{bold:!0,color:"white",children:"f"}),"/",r(e,{bold:!0,color:"white",children:"Esc"})," ","close"]}),scrollRef:j,title:`${c.length} PACKAGE${c.length===1?"":"S"} FILTERED BY TARGET`,visible:v,width:70,children:t(i,{flexDirection:"column",children:[r(i,{marginBottom:1,children:t(e,{dimColor:!0,children:["These packages have newer versions available but are excluded by the current target constraint. Use"," ",r(e,{bold:!0,color:"white",children:"--target latest"})," ","to include them."]})}),c.map(n=>t(i,{gap:1,children:[t(e,{children:[" ",n.packageName]}),t(e,{dimColor:!0,children:[n.currentRange," ","→"," ",n.newRange]}),r(e,{bold:!0,color:n.updateType==="major"?"red":n.updateType==="minor"?"yellow":"green",children:n.updateType})]},n.packageName))]})}):null,ne=r(qe,{checkedEntries:o.checkedEntries,entries:x,filterActive:o.filterActive,filteredOutCount:c.length,filterText:o.filterText,filterType:o.filterType,focused:o.focusedPanel==="list",groupedByCatalog:o.groupedByCatalog,isDryRun:p,onViewportHeightChange:O,scrollOffset:$,selectedIndex:o.selectedIndex,totalCatalogEntries:y,totalChecked:h,totalEntries:x.length,viewportHeight:P}),ce=r(Fe,{changelogUrl:F,entry:C,focused:o.focusedPanel==="detail",recommendation:q,scrollRef:w});if(pe){const n=Math.floor(m*.35);return t(i,{flexDirection:"column",height:f,width:m,children:[t(i,{flexDirection:"row",flexGrow:1,children:[r(i,{flexGrow:1,children:ne}),r(i,{width:n,children:ce})]}),te,ie,oe,r(ae,{autoExitSeconds:s||3,onCancel:T(()=>{N(!1)},"onCancel"),visible:k}),le]})}const me=Math.floor(f*.55);return t(i,{flexDirection:"column",height:f,width:m,children:[r(i,{height:me,children:ne}),r(i,{flexGrow:1,children:ce}),te,ie,oe,r(ae,{autoExitSeconds:s||3,onCancel:T(()=>{N(!1)},"onCancel"),visible:k}),le]})},"VisUpdateApp");export{mr as C,gr as U,pr as a};
1
+ var fe=Object.defineProperty;var T=(s,l)=>fe(s,"name",{value:l,configurable:!0});import{jsxs as t,jsx as r,Fragment as Z}from"react/jsx-runtime";import{Box as i}from"@visulima/tui/components/box";import{Spinner as we}from"@visulima/tui/components/spinner";import{Text as e}from"@visulima/tui/components/text";import{useWindowSize as se}from"@visulima/tui/hooks/use-window-size";import{useSyncExternalStore as ye,useState as L,useRef as z,useMemo as be,useCallback as he,useEffect as Ce}from"react";import{Dialog as ee}from"@visulima/tui/components/dialog";import{useApp as ke}from"@visulima/tui/hooks/use-app";import{useInput as xe}from"@visulima/tui/hooks/use-input";import{K as ue,aV as ae}from"../packem_chunks/bin.js";import{ScrollView as Te}from"@visulima/tui/components/scroll-view";import{ScrollBar as Se}from"@visulima/tui/components/scroll-bar";import{Tab as ve}from"@visulima/tui/components/tab";import{Tabs as Ae}from"@visulima/tui/components/tabs";import{u as Re}from"./use-measured-height-DjYgUOKk.js";var Ee=Object.defineProperty,Ie=T((s,l)=>Ee(s,"name",{value:l,configurable:!0}),"a$1");const pr=Ie(({current:s,total:l})=>{const{columns:h}=se(),c=h||80,p=l>0?Math.min(1,s/l):0,a=`${String(Math.round(p*100)).padStart(3)}%`,y=`${String(s)}/${String(l)}`,b=Math.max(10,c-2-a.length-1),m=Math.round(b*p),f=b-m;return t(i,{flexDirection:"column",paddingX:1,children:[t(i,{children:[r(we,{type:"dots"}),r(e,{children:" Checking catalog dependencies "}),r(e,{dimColor:!0,children:y})]}),t(i,{children:[r(e,{color:"cyan",children:"━".repeat(m)}),r(e,{dimColor:!0,children:"─".repeat(f)}),t(e,{dimColor:!0,children:[" ",a]})]})]})},"CheckProgressApp");var De=Object.defineProperty,H=T((s,l)=>De(s,"name",{value:l,configurable:!0}),"r");const W=H(s=>{const l=new Map;for(const h of s){const c=l.get(h.catalogName);c?c.push(h):l.set(h.catalogName,[h])}return l},"groupByCatalog"),Q=H((s,l,h)=>{let c=s;if(l!=="all"&&(c=l==="security"?c.filter(p=>p.vulnerabilities&&p.vulnerabilities.length>0||p.socketReport&&p.socketReport.alerts.length>0):c.filter(p=>p.updateType===l)),h){const p=h.toLowerCase();c=c.filter(a=>a.packageName.toLowerCase().includes(p))}return c},"filterEntries");class gr{static{T(this,"UpdateStore")}static{H(this,"UpdateStore")}#e;#l=new Set;#t;#i=null;constructor(l,h=null){this.#t=l,h&&(this.#i=new Map(h.recommendations.map(c=>[c.package,c]))),this.#e={aiResult:h,allChecked:!0,applyProgress:null,checkedEntries:new Set(l.map(c=>c.packageName)),entries:l,error:null,filterActive:!1,filterText:"",filterType:"all",focusedPanel:"list",groupedByCatalog:W(l),phase:"browsing",selectedIndex:0}}getSnapshot=H(()=>this.#e,"getSnapshot");subscribe=H(l=>(this.#l.add(l),()=>{this.#l.delete(l)}),"subscribe");getFilteredEntries(){return Q(this.#t,this.#e.filterType,this.#e.filterText)}getRecommendation(l){return this.#i?.get(l)}getCheckedEntries(){return this.#t.filter(l=>this.#e.checkedEntries.has(l.packageName))}setSelectedIndex(l){const h=this.getFilteredEntries(),c=Math.max(0,Math.min(l,h.length-1));c!==this.#e.selectedIndex&&this.#r({...this.#e,selectedIndex:c})}setFocusedPanel(l){l!==this.#e.focusedPanel&&this.#r({...this.#e,focusedPanel:l})}setFilterType(l){if(l!==this.#e.filterType){const h=Q(this.#t,l,this.#e.filterText);this.#r({...this.#e,entries:h,filterType:l,groupedByCatalog:W(h),selectedIndex:0})}}setFilter(l){const h=Q(this.#t,this.#e.filterType,l);this.#r({...this.#e,entries:h,filterText:l,groupedByCatalog:W(h),selectedIndex:0})}setFilterActive(l){if(l!==this.#e.filterActive)if(l)this.#r({...this.#e,filterActive:!0});else{const h=Q(this.#t,this.#e.filterType,"");this.#r({...this.#e,entries:h,filterActive:!1,filterText:"",groupedByCatalog:W(h),selectedIndex:0})}}toggleCheck(l){const h=new Set(this.#e.checkedEntries);h.has(l)?h.delete(l):h.add(l),this.#r({...this.#e,allChecked:h.size===this.#t.length,checkedEntries:h})}checkAll(){this.#r({...this.#e,allChecked:!0,checkedEntries:new Set(this.#t.map(l=>l.packageName))})}uncheckAll(){this.#r({...this.#e,allChecked:!1,checkedEntries:new Set})}toggleAll(){this.#e.allChecked?this.uncheckAll():this.checkAll()}startApply(){const l=this.getCheckedEntries();this.#r({...this.#e,applyProgress:{current:0,total:l.length},phase:"applying"})}updateApplyProgress(l){this.#e.applyProgress&&this.#r({...this.#e,applyProgress:{...this.#e.applyProgress,current:l}})}markDone(){this.#r({...this.#e,phase:"done"})}setError(l){this.#r({...this.#e,error:l,phase:"error"})}#r(l){this.#e=l;for(const h of this.#l)try{h()}catch{}}}var Be=Object.defineProperty,Ne=T((s,l)=>Be(s,"name",{value:l,configurable:!0}),"d");const Pe={major:"red",minor:"yellow",patch:"green"},Le={CRITICAL:"red",HIGH:"red",LOW:"gray",MODERATE:"yellow",UNKNOWN:"gray"},Me={critical:"red",high:"red",low:"gray",medium:"yellow"},je={critical:"red",high:"red",low:"green",medium:"yellow"},$e={defer:"gray",review:"yellow",skip:"red",update:"green"},Fe=Ne(({changelogUrl:s,entry:l,focused:h,recommendation:c,scrollRef:p})=>{const a=h?"white":"gray";if(!l)return r(i,{alignItems:"center",borderColor:"gray",borderStyle:"single",flexDirection:"column",flexGrow:1,justifyContent:"center",children:r(e,{dimColor:!0,children:"No package selected"})});const y=Pe[l.updateType]??"white",b=l.vulnerabilities&&l.vulnerabilities.length>0,m=l.socketReport?.score.overall??0,f=l.socketReport?ue(m):"gray";return t(i,{borderColor:a,borderStyle:"single",flexDirection:"column",flexGrow:1,children:[r(i,{flexShrink:0,paddingTop:1,paddingX:2,children:r(e,{bold:!0,color:"white",children:l.packageName})}),t(Te,{flexGrow:1,flexShrink:1,paddingX:2,ref:p,scrollbar:!0,scrollbarColor:"gray",scrollbarStyle:"block",children:[r(e,{}),t(i,{children:[r(i,{width:12,children:r(e,{dimColor:!0,children:"Current:"})}),r(e,{children:l.currentRange})]}),t(i,{children:[r(i,{width:12,children:r(e,{dimColor:!0,children:"Target:"})}),r(e,{children:l.newRange}),t(e,{bold:!0,color:y,children:[" ","(",l.updateType,")"]})]}),t(i,{children:[r(i,{width:12,children:r(e,{dimColor:!0,children:"Version:"})}),r(e,{children:l.targetVersion})]}),t(i,{children:[r(i,{width:12,children:r(e,{dimColor:!0,children:"Catalog:"})}),r(e,{children:l.catalogName})]}),l.acceptedRisk&&t(i,{flexDirection:"column",marginTop:1,children:[r(e,{color:"gray",children:"── "}),r(e,{bold:!0,color:"gray",children:"ACKNOWLEDGED RISK"}),t(i,{flexDirection:"column",paddingLeft:2,children:[t(i,{children:[r(e,{dimColor:!0,children:"Reason: "}),r(e,{children:l.acceptedRisk.reason})]}),t(i,{children:[r(e,{dimColor:!0,children:"Accepted: "}),r(e,{children:l.acceptedRisk.acceptedAt.slice(0,10)})]})]})]}),b&&t(i,{flexDirection:"column",marginTop:1,children:[r(e,{dimColor:!0,children:"── "}),r(e,{bold:!0,color:"red",children:"SECURITY"}),r(e,{}),l.vulnerabilities.map(o=>t(i,{flexDirection:"column",marginBottom:1,children:[t(i,{gap:1,children:[t(e,{bold:!0,color:Le[o.severity]??"gray",children:["⚠"," ",o.severity]}),r(e,{bold:!0,children:o.id})]}),r(i,{paddingLeft:2,children:r(e,{children:o.summary})}),t(i,{gap:2,paddingLeft:2,children:[o.cvssScore!==void 0&&t(e,{dimColor:!0,children:["CVSS:",String(o.cvssScore)]}),o.fixedVersions.length>0&&t(e,{dimColor:!0,children:["Fixed in:",o.fixedVersions.join(", ")]})]})]},o.id))]}),l.socketReport&&t(i,{flexDirection:"column",marginTop:1,children:[r(e,{dimColor:!0,children:"── "}),r(e,{bold:!0,color:"cyan",children:"SOCKET.DEV"}),r(e,{}),t(i,{gap:2,children:[t(i,{children:[r(e,{dimColor:!0,children:"Overall: "}),t(e,{bold:!0,color:f,children:[String(Math.round(m*100)),"%"]})]}),t(i,{children:[r(e,{dimColor:!0,children:"Supply Chain: "}),t(e,{children:[String(Math.round(l.socketReport.score.supplyChain*100)),"%"]})]}),t(i,{children:[r(e,{dimColor:!0,children:"Quality: "}),t(e,{children:[String(Math.round(l.socketReport.score.quality*100)),"%"]})]})]}),t(i,{gap:2,children:[t(i,{children:[r(e,{dimColor:!0,children:"Maintenance: "}),t(e,{children:[String(Math.round(l.socketReport.score.maintenance*100)),"%"]})]}),t(i,{children:[r(e,{dimColor:!0,children:"Vulnerability: "}),t(e,{children:[String(Math.round(l.socketReport.score.vulnerability*100)),"%"]})]}),t(i,{children:[r(e,{dimColor:!0,children:"License: "}),t(e,{children:[l.socketReport.license||"unknown"," ","(",String(Math.round(l.socketReport.score.license*100)),"%)"]})]})]}),l.socketReport.alerts.length>0&&t(i,{flexDirection:"column",marginTop:1,children:[t(e,{bold:!0,color:"yellow",children:["⚠"," ",String(l.socketReport.alerts.length)," ","alert",l.socketReport.alerts.length===1?"":"s",":"]}),l.socketReport.alerts.map(o=>t(i,{gap:1,paddingLeft:2,children:[t(e,{bold:!0,color:Me[o.severity]??"gray",children:["[",o.severity.toUpperCase(),"]"]}),r(e,{children:o.type}),t(e,{dimColor:!0,children:["(",o.category,")"]})]},o.key))]})]}),c&&t(i,{flexDirection:"column",marginTop:1,children:[r(e,{dimColor:!0,children:"── "}),r(e,{bold:!0,color:"white",children:"AI ANALYSIS"}),r(e,{}),t(i,{gap:2,children:[t(i,{children:[r(e,{dimColor:!0,children:"Action: "}),r(e,{bold:!0,color:$e[c.action]??"white",children:c.action})]}),t(i,{children:[r(e,{dimColor:!0,children:"Risk: "}),r(e,{bold:!0,color:je[c.riskLevel]??"white",children:c.riskLevel})]}),t(i,{children:[r(e,{dimColor:!0,children:"Effort: "}),r(e,{bold:!0,children:c.effort})]})]}),c.reason&&r(i,{marginTop:1,paddingLeft:2,children:r(e,{children:c.reason})}),c.breakingChanges.length>0&&t(i,{flexDirection:"column",marginTop:1,paddingLeft:2,children:[r(e,{bold:!0,color:"yellow",children:"Breaking changes:"}),c.breakingChanges.map((o,I)=>t(e,{children:[" ","•"," ",o]},String(I)))]})]}),s&&t(i,{flexDirection:"column",marginTop:1,children:[r(e,{dimColor:!0,children:"── "}),r(e,{bold:!0,color:"white",children:"CHANGELOG"}),r(i,{marginTop:1,paddingLeft:2,children:r(e,{color:"cyan",underline:!0,children:s})})]}),t(i,{flexDirection:"column",marginTop:1,children:[r(e,{dimColor:!0,children:"── "}),r(e,{bold:!0,color:"white",children:"LINKS"}),r(i,{flexDirection:"column",marginTop:1,paddingLeft:2,children:t(e,{color:"cyan",underline:!0,children:["https://npmx.dev/",l.packageName]})})]}),!c&&t(i,{flexDirection:"column",marginTop:1,children:[r(e,{dimColor:!0,children:"── "}),r(e,{bold:!0,color:"white",children:"GUIDANCE"}),t(i,{flexDirection:"column",marginTop:1,paddingLeft:2,children:[l.updateType==="major"&&t(Z,{children:[t(e,{color:"red",children:["⚠"," ","Major update — likely contains breaking changes."]}),r(e,{dimColor:!0,children:" Review the changelog before updating."}),r(e,{dimColor:!0,children:" Use --changelog to fetch release URLs."})]}),l.updateType==="minor"&&t(Z,{children:[t(e,{color:"yellow",children:["ℹ"," ","Minor update — new features, backward compatible."]}),r(e,{dimColor:!0,children:" Generally safe to update."})]}),l.updateType==="patch"&&t(Z,{children:[t(e,{color:"green",children:["✓"," ","Patch update — bug fixes only."]}),r(e,{dimColor:!0,children:" Safe to update."})]}),!c&&r(e,{dimColor:!0,children:" Use --ai to get AI-powered analysis."})]})]})]})]})},"PackageDetailPanel");var Oe=Object.defineProperty,re=T((s,l)=>Oe(s,"name",{value:l,configurable:!0}),"x");const Ue={major:"red",minor:"yellow",patch:"green"},Ge=[{id:"all",label:"All"},{id:"major",label:"Major"},{id:"minor",label:"Minor"},{id:"patch",label:"Patch"},{id:"security",label:"Security"}],He=re(({checked:s,entry:l,isSelected:h})=>{const c=Ue[l.updateType]??"white",p=l.vulnerabilities&&l.vulnerabilities.length>0,a=l.socketReport&&l.socketReport.alerts.length>0,y=!!l.acceptedRisk,b=s?"☑":"☐",m=l.socketReport?`${String(Math.round(l.socketReport.score.overall*100))}%`:"",f=l.socketReport?ue(l.socketReport.score.overall):"gray";return t(i,{flexShrink:0,height:1,children:[r(e,{children:h?">":" "}),t(e,{color:s?"white":"gray",children:[" ",b," "]}),p||a?r(e,{color:y?"gray":"red",children:y?"✓ ":"⚠ "}):r(e,{children:" "}),r(i,{flexGrow:1,children:t(e,{bold:h,inverse:h,wrap:"truncate",children:[l.packageName,y?" [ack]":""]})}),m&&t(e,{color:f,children:[" ",m]}),t(e,{dimColor:!0,children:[" ",l.currentRange]}),t(e,{dimColor:!0,children:[" ","→"," "]}),t(e,{children:[l.newRange," "]}),r(e,{bold:!0,color:c,children:l.updateType})]})},"PackageRow"),Ve=re(({count:s,name:l})=>t(i,{flexShrink:0,height:1,marginTop:1,children:[t(e,{dimColor:!0,children:["▼"," "]}),r(e,{bold:!0,color:"white",children:l.toUpperCase()}),t(e,{dimColor:!0,children:[" ","(",s,")"]})]}),"CatalogHeader"),qe=re(({checkedEntries:s,entries:l,filterActive:h,filteredOutCount:c,filterText:p,filterType:a,focused:y,groupedByCatalog:b,isDryRun:m,onViewportHeightChange:f,scrollOffset:o,selectedIndex:I,totalCatalogEntries:D,totalChecked:v,totalEntries:V,viewportHeight:M})=>{const j=y?"white":"gray",{measuredHeight:w,ref:A}=Re(M,f);let $=0,S=0,B=0,R=0;for(const g of l)g.updateType==="major"?$++:g.updateType==="minor"?S++:B++,(g.vulnerabilities&&g.vulnerabilities.length>0||g.socketReport&&g.socketReport.alerts.length>0)&&R++;const k=[];$>0&&k.push(`${$} major`),S>0&&k.push(`${S} minor`),B>0&&k.push(`${B} patch`),R>0&&k.push(`${R} vulnerable`);const N=k.length>0?` (${k.join(", ")})`:"";let x=0;for(const g of l)s.has(g.packageName)&&x++;const C=[];let q=0;for(const[g,E]of b){C.push(r(Ve,{count:E.length,name:g},`hdr-${g}`));for(const O of E){const P=q;C.push(r(He,{checked:s.has(O.packageName),entry:O,isSelected:P===I},O.packageName)),q++}}let F=0;for(const[,g]of b)F+=2+g.length;const K=F>w&&w>0;return t(i,{borderColor:j,borderStyle:"single",flexDirection:"column",flexGrow:1,children:[t(i,{flexShrink:0,gap:1,paddingX:1,children:[r(e,{bold:!0,inverse:!0,children:" VIS "}),t(e,{wrap:"truncate",children:[V,v>0?`/${v}`:""," ","outdated",N,D>v?` · ${D-v} dupes`:""]}),!m&&x>0&&t(e,{dimColor:!0,children:[" ","—",x," ","selected"]})]}),r(i,{flexShrink:0,paddingX:1,paddingY:1,children:r(Ae,{isFocused:y,keyMap:{next:[],previous:[],useNumbers:!1,useTab:!1},onChange:T(()=>{},"onChange"),showIndex:!1,value:a,children:Ge.map(({id:g,label:E})=>r(ve,{name:g,children:E},g))})}),h&&t(i,{flexShrink:0,paddingX:1,children:[r(e,{bold:!0,color:"white",children:"/ "}),r(e,{children:p}),r(e,{inverse:!0,children:" "})]}),c>0&&r(i,{flexShrink:0,paddingX:1,children:t(e,{color:"yellow",children:["⚠"," ",c," ","package",c===1?"":"s"," ","filtered out by target constraint — press"," ",r(e,{bold:!0,color:"white",children:"f"})," ","to view"]})}),t(i,{flexDirection:"row",flexGrow:1,overflow:"hidden",ref:A,children:[r(i,{flexDirection:"column",flexGrow:1,overflow:"hidden",paddingLeft:1,children:r(i,{flexDirection:"column",marginTop:-o,children:C})}),K&&r(i,{flexShrink:0,marginLeft:1,marginRight:1,children:r(Se,{contentHeight:F,placement:"inset",scrollOffset:o,style:"block",viewportHeight:w})})]},`list-${a}-${p}`)]})},"PackageListPanel");var Ke=Object.defineProperty,Xe=T((s,l)=>Ke(s,"name",{value:l,configurable:!0}),"X");const Ye=100,ze=40,We=10,Qe=[],G=["all","major","minor","patch","security"],mr=Xe(({autoExitSeconds:s=0,changelogUrls:l,checkedCount:h=0,filteredOutEntries:c=Qe,isDryRun:p,store:a,totalCatalogEntries:y=0})=>{const{exit:b}=ke(),{columns:m,rows:f}=se(),o=ye(a.subscribe,a.getSnapshot),[I,D]=L(!1),[v,V]=L(!1),M=z(null),j=z(null),w=z(null),A=z(null),[$,S]=L(0),[B,R]=L(!1),[k,N]=L(!1),x=be(()=>a.getFilteredEntries(),[o.entries,o.filterType,o.filterText]),C=x[o.selectedIndex]??null,q=C?a.getRecommendation(C.packageName):void 0,F=C&&l?l.get(C.packageName):void 0,K=he(n=>{let d=0,u=0;for(const[,J]of o.groupedByCatalog){d+=2;for(let de=0;de<J.length;de++){if(u===n)return d;d+=1,u++}}return d},[o.groupedByCatalog]),g=Math.max(1,f-8-(o.filterActive?1:0)),[E,O]=L(g),P=E>0?E:g,U=he(n=>{const d=K(n);S(u=>d>u+P-2?Math.max(0,d-P+2):d<u+1?Math.max(0,d-1):u)},[K,P]);if(Ce(()=>{w.current?.scrollToTop()},[C?.packageName]),xe((n,d)=>{if(n==="c"&&d.ctrl){b();return}if(!k){if(v){d.escape||n==="f"||n==="q"?V(!1):d.downArrow||n==="j"?j.current?.scrollBy(1):(d.upArrow||n==="k")&&j.current?.scrollBy(-1);return}if(B){n==="u"||d.return?(R(!1),a.startApply(),b(a.getCheckedEntries())):d.escape||n==="q"?R(!1):d.downArrow||n==="j"?A.current?.scrollBy(1):d.upArrow||n==="k"?A.current?.scrollBy(-1):d.pageDown?A.current?.scrollBy(5):d.pageUp&&A.current?.scrollBy(-5);return}if(I){d.escape||n==="?"?D(!1):n==="q"?(D(!1),N(!0)):d.downArrow||n==="j"?M.current?.scrollBy(1):(d.upArrow||n==="k")&&M.current?.scrollBy(-1);return}if(n==="?"){D(!0);return}if(n==="q"){N(!0);return}if(d.tab){a.setFocusedPanel(o.focusedPanel==="list"?"detail":"list");return}if(o.focusedPanel==="list"&&(d.leftArrow||d.rightArrow)){const u=G.indexOf(o.filterType),J=d.rightArrow?(u+1)%G.length:(u-1+G.length)%G.length;S(0),w.current?.scrollToTop(),a.setFilterType(G[J]);return}if(n==="f"&&c.length>0){V(u=>!u);return}if(o.filterActive){if(d.escape){a.setFilterActive(!1);return}if(d.return){a.setFilterActive(!1);return}if(d.backspace){S(0),a.setFilter(o.filterText.slice(0,-1));return}if(n&&!d.ctrl&&!d.meta){S(0),a.setFilter(o.filterText+n);return}return}if(o.focusedPanel==="list"){if(d.downArrow||n==="j"){const u=Math.min(o.selectedIndex+1,x.length-1);a.setSelectedIndex(u),U(u);return}if(d.upArrow||n==="k"){const u=Math.max(o.selectedIndex-1,0);a.setSelectedIndex(u),U(u);return}if(d.pageDown){const u=Math.min(o.selectedIndex+10,x.length-1);a.setSelectedIndex(u),U(u);return}if(d.pageUp){const u=Math.max(o.selectedIndex-10,0);a.setSelectedIndex(u),U(u);return}if(d.home){a.setSelectedIndex(0),S(0);return}if(d.end){const u=x.length-1;a.setSelectedIndex(u),U(u);return}if(n===" "||d.return){C&&a.toggleCheck(C.packageName);return}if(n==="a"){a.toggleAll();return}if(n==="/"){a.setFilterActive(!0);return}if(n==="u"&&!p&&o.checkedEntries.size>0){R(!0);return}if(d.rightArrow){a.setFocusedPanel("detail");return}return}if(o.focusedPanel==="detail"){if(d.escape||d.leftArrow){a.setFocusedPanel("list");return}if(d.downArrow||n==="j"){w.current?.scrollBy(1);return}if(d.upArrow||n==="k"){w.current?.scrollBy(-1);return}if(d.pageDown){w.current?.scrollBy(10);return}if(d.pageUp){w.current?.scrollBy(-10);return}if(d.home){w.current?.scrollToTop();return}d.end&&w.current?.scrollToBottom()}}},{isActive:!0}),m<ze||f<We)return r(i,{alignItems:"center",height:f,justifyContent:"center",width:m,children:t(e,{color:"yellow",children:["Terminal too small (",m,"x",f,")"]})});const pe=m>=Ye,X=[t(i,{gap:1,children:[r(e,{bold:!0,color:"white",children:"q"}),r(e,{dimColor:!0,children:"QUIT"})]},"q"),t(i,{gap:1,children:[r(e,{bold:!0,color:"white",children:"?"}),r(e,{dimColor:!0,children:"HELP"})]},"?"),t(i,{gap:1,children:[r(e,{bold:!0,color:"white",children:"↑↓"}),r(e,{dimColor:!0,children:"NAV"})]},"nav"),t(i,{gap:1,children:[r(e,{bold:!0,color:"white",children:"Space"}),r(e,{dimColor:!0,children:"CHECK"})]},"sp"),t(i,{gap:1,children:[r(e,{bold:!0,color:"white",children:"a"}),r(e,{dimColor:!0,children:"ALL"})]},"a")];!p&&o.checkedEntries.size>0&&X.push(t(i,{gap:1,children:[r(e,{bold:!0,color:"green",children:"u"}),r(e,{dimColor:!0,children:"APPLY"})]},"u")),c.length>0&&X.push(t(i,{gap:1,children:[r(e,{bold:!0,color:"yellow",children:"f"}),t(e,{dimColor:!0,children:["FILTERED (",c.length,")"]})]},"fo")),X.push(t(i,{gap:1,children:[r(e,{bold:!0,color:"white",children:"←→"}),r(e,{dimColor:!0,children:"FILTER"})]},"lr"),t(i,{gap:1,children:[r(e,{bold:!0,color:"white",children:"/"}),r(e,{dimColor:!0,children:"SEARCH"})]},"f"),t(i,{gap:1,children:[r(e,{bold:!0,color:"white",children:"Tab"}),r(e,{dimColor:!0,children:"PANEL"})]},"t"));const te=r(i,{borderBottom:!1,borderColor:"gray",borderLeft:!1,borderRight:!1,borderStyle:"single",flexShrink:0,children:r(i,{flexWrap:"wrap",gap:2,paddingX:1,children:X})}),le=t(ee,{footer:t(e,{dimColor:!0,children:[r(e,{bold:!0,color:"white",children:"↑↓"})," ","scroll"," ",r(e,{bold:!0,color:"white",children:"?"}),"/",r(e,{bold:!0,color:"white",children:"Esc"})," ","close"]}),scrollRef:M,title:"KEYBOARD SHORTCUTS",visible:I,width:52,children:[t(i,{flexDirection:"column",marginBottom:1,children:[t(i,{marginBottom:1,children:[r(e,{dimColor:!0,children:"── "}),r(e,{bold:!0,color:"white",children:"NAVIGATION"})]}),t(i,{children:[r(i,{width:24,children:t(e,{children:[t(e,{bold:!0,color:"white",children:[" ","↑","/k"]}),r(e,{dimColor:!0,children:" Move up"})]})}),t(e,{children:[t(e,{bold:!0,color:"white",children:[" ","↓","/j"]}),r(e,{dimColor:!0,children:" Move down"})]})]}),t(e,{children:[t(e,{bold:!0,color:"white",children:[" ","Tab"]}),r(e,{dimColor:!0,children:" Switch panel"})]}),t(e,{children:[t(e,{bold:!0,color:"white",children:[" ","→","/","←"]}),r(e,{dimColor:!0,children:" Focus detail/list"})]})]}),t(i,{flexDirection:"column",marginBottom:1,children:[t(i,{marginBottom:1,children:[r(e,{dimColor:!0,children:"── "}),r(e,{bold:!0,color:"white",children:"SELECTION"})]}),t(e,{children:[t(e,{bold:!0,color:"white",children:[" ","Space"]}),r(e,{dimColor:!0,children:" Toggle check on package"})]}),t(e,{children:[t(e,{bold:!0,color:"white",children:[" ","a"]}),r(e,{dimColor:!0,children:" Toggle check all"})]})]}),t(i,{flexDirection:"column",marginBottom:1,children:[t(i,{marginBottom:1,children:[r(e,{dimColor:!0,children:"── "}),r(e,{bold:!0,color:"white",children:"FILTERS"})]}),t(e,{children:[t(e,{bold:!0,color:"white",children:[" ","←→"]}),r(e,{dimColor:!0,children:" Switch filter tab"})]}),t(e,{children:[t(e,{bold:!0,color:"white",children:[" ","/"]}),r(e,{dimColor:!0,children:" Text filter"})]}),c.length>0&&t(e,{children:[t(e,{bold:!0,color:"white",children:[" ","f"]}),r(e,{dimColor:!0,children:" View filtered-out packages"})]})]}),t(i,{flexDirection:"column",children:[t(i,{marginBottom:1,children:[r(e,{dimColor:!0,children:"── "}),r(e,{bold:!0,color:"white",children:"ACTIONS"})]}),!p&&t(e,{children:[t(e,{bold:!0,color:"white",children:[" ","u"]}),r(e,{dimColor:!0,children:" Apply selected updates"})]}),t(e,{children:[t(e,{bold:!0,color:"white",children:[" ","q"]}),r(e,{dimColor:!0,children:" Quit"})]}),t(e,{children:[t(e,{bold:!0,color:"white",children:[" ","?"]}),r(e,{dimColor:!0,children:" Toggle help"})]})]})]}),Y=a.getCheckedEntries(),_=Y.filter(n=>n.updateType==="major").length,ge=t(i,{alignItems:"center",flexDirection:"column",children:[_>0&&r(i,{marginBottom:1,marginTop:1,children:t(e,{color:"yellow",children:["⚠"," ",_," ","major update",_===1?"":"s"," ","— review breaking changes"]})}),t(e,{dimColor:!0,children:["Press"," ",r(e,{bold:!0,color:"white",children:"u"})," ","or"," ",r(e,{bold:!0,color:"white",children:"Enter"})," ","to confirm,"," ",r(e,{bold:!0,color:"white",children:"Esc"})," ","to cancel"]})]}),ie=r(ee,{footer:ge,scrollRef:A,title:`Apply ${Y.length} update${Y.length===1?"":"s"}?`,visible:B,width:70,children:Y.map(n=>t(i,{gap:1,children:[t(e,{children:[" ",n.packageName]}),t(e,{dimColor:!0,children:[n.currentRange," ","→"," ",n.newRange]}),r(e,{bold:!0,color:n.updateType==="major"?"red":n.updateType==="minor"?"yellow":"green",children:n.updateType})]},n.packageName))}),oe=c.length>0?r(ee,{footer:t(e,{dimColor:!0,children:[r(e,{bold:!0,color:"white",children:"↑↓"})," ","scroll"," ",r(e,{bold:!0,color:"white",children:"f"}),"/",r(e,{bold:!0,color:"white",children:"Esc"})," ","close"]}),scrollRef:j,title:`${c.length} PACKAGE${c.length===1?"":"S"} FILTERED BY TARGET`,visible:v,width:70,children:t(i,{flexDirection:"column",children:[r(i,{marginBottom:1,children:t(e,{dimColor:!0,children:["These packages have newer versions available but are excluded by the current target constraint. Use"," ",r(e,{bold:!0,color:"white",children:"--target latest"})," ","to include them."]})}),c.map(n=>t(i,{gap:1,children:[t(e,{children:[" ",n.packageName]}),t(e,{dimColor:!0,children:[n.currentRange," ","→"," ",n.newRange]}),r(e,{bold:!0,color:n.updateType==="major"?"red":n.updateType==="minor"?"yellow":"green",children:n.updateType})]},n.packageName))]})}):null,ne=r(qe,{checkedEntries:o.checkedEntries,entries:x,filterActive:o.filterActive,filteredOutCount:c.length,filterText:o.filterText,filterType:o.filterType,focused:o.focusedPanel==="list",groupedByCatalog:o.groupedByCatalog,isDryRun:p,onViewportHeightChange:O,scrollOffset:$,selectedIndex:o.selectedIndex,totalCatalogEntries:y,totalChecked:h,totalEntries:x.length,viewportHeight:P}),ce=r(Fe,{changelogUrl:F,entry:C,focused:o.focusedPanel==="detail",recommendation:q,scrollRef:w});if(pe){const n=Math.floor(m*.35);return t(i,{flexDirection:"column",height:f,width:m,children:[t(i,{flexDirection:"row",flexGrow:1,children:[r(i,{flexGrow:1,children:ne}),r(i,{width:n,children:ce})]}),te,ie,oe,r(ae,{autoExitSeconds:s||3,onCancel:T(()=>{N(!1)},"onCancel"),visible:k}),le]})}const me=Math.floor(f*.55);return t(i,{flexDirection:"column",height:f,width:m,children:[r(i,{height:me,children:ne}),r(i,{flexGrow:1,children:ce}),te,ie,oe,r(ae,{autoExitSeconds:s||3,onCancel:T(()=>{N(!1)},"onCancel"),visible:k}),le]})},"VisUpdateApp");export{mr as C,gr as U,pr as a};