@visulima/vis 1.0.0-alpha.40 → 1.0.0-alpha.41
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +27 -0
- package/dist/bin.js +1 -1
- package/dist/binx.js +2 -2
- package/dist/config/index.d.ts +18 -0
- package/dist/packem_chunks/bin.js +202 -202
- package/dist/packem_chunks/handler10.js +1 -1
- package/dist/packem_chunks/handler12.js +1 -1
- package/dist/packem_chunks/handler13.js +1 -1
- package/dist/packem_chunks/handler14.js +1 -1
- package/dist/packem_chunks/handler15.js +1 -1
- package/dist/packem_chunks/handler16.js +1 -1
- package/dist/packem_chunks/handler17.js +1 -1
- package/dist/packem_chunks/handler18.js +1 -1
- package/dist/packem_chunks/handler19.js +1 -1
- package/dist/packem_chunks/handler21.js +1 -1
- package/dist/packem_chunks/handler27.js +1 -1
- package/dist/packem_chunks/handler28.js +1 -1
- package/dist/packem_chunks/handler29.js +1 -1
- package/dist/packem_chunks/handler30.js +1 -2
- package/dist/packem_chunks/handler31.js +2 -2
- package/dist/packem_chunks/handler32.js +2 -2
- package/dist/packem_chunks/handler33.js +2 -3
- package/dist/packem_chunks/handler34.js +3 -6
- package/dist/packem_chunks/handler35.js +6 -1
- package/dist/packem_chunks/handler36.js +1 -42
- package/dist/packem_chunks/handler37.js +42 -8
- package/dist/packem_chunks/handler38.js +8 -9
- package/dist/packem_chunks/handler39.js +9 -75
- package/dist/packem_chunks/handler4.js +1 -1
- package/dist/packem_chunks/handler40.js +75 -5
- package/dist/packem_chunks/handler41.js +5 -4
- package/dist/packem_chunks/handler42.js +4 -3
- package/dist/packem_chunks/handler43.js +3 -2
- package/dist/packem_chunks/handler44.js +2 -1
- package/dist/packem_chunks/handler45.js +1 -1
- package/dist/packem_chunks/handler46.js +1 -1
- package/dist/packem_chunks/handler47.js +1 -3
- package/dist/packem_chunks/handler48.js +3 -1
- package/dist/packem_chunks/handler49.js +1 -7
- package/dist/packem_chunks/handler5.js +1 -1
- package/dist/packem_chunks/handler50.js +6 -32
- package/dist/packem_chunks/handler51.js +33 -3
- package/dist/packem_chunks/handler52.js +3 -8
- package/dist/packem_chunks/handler53.js +6 -2
- package/dist/packem_chunks/handler54.js +4 -1
- package/dist/packem_chunks/handler55.js +1 -12
- package/dist/packem_chunks/handler56.js +11 -6
- package/dist/packem_chunks/handler57.js +7 -5
- package/dist/packem_chunks/handler58.js +5 -11
- package/dist/packem_chunks/handler59.js +11 -3
- package/dist/packem_chunks/handler60.js +3 -22
- package/dist/packem_chunks/handler61.js +21 -60
- package/dist/packem_chunks/handler62.js +61 -3
- package/dist/packem_chunks/handler63.js +3 -6
- package/dist/packem_chunks/handler64.js +6 -708
- package/dist/packem_chunks/handler65.js +708 -24
- package/dist/packem_chunks/handler66.js +24 -25
- package/dist/packem_chunks/handler67.js +25 -153
- package/dist/packem_chunks/handler68.js +153 -10
- package/dist/packem_chunks/handler69.js +10 -24
- package/dist/packem_chunks/handler70.js +24 -322
- package/dist/packem_chunks/handler71.js +322 -48
- package/dist/packem_chunks/handler72.js +48 -27
- package/dist/packem_chunks/handler73.js +27 -3
- package/dist/packem_chunks/handler74.js +3 -190
- package/dist/packem_chunks/handler75.js +189 -37
- package/dist/packem_chunks/handler76.js +38 -0
- package/dist/packem_chunks/handler8.js +1 -1
- package/dist/packem_chunks/handler9.js +1 -1
- package/dist/packem_chunks/heal-accept.js +1 -1
- package/dist/packem_chunks/help-command.js +1 -1
- package/dist/packem_chunks/list.js +1 -1
- package/dist/packem_chunks/loader.js +1 -1
- package/dist/packem_chunks/orchestrator.js +1 -1
- package/dist/packem_chunks/sync2.js +1 -1
- package/dist/packem_chunks/tripwire.js +1 -1
- package/dist/packem_chunks/verify-lockfile.js +1 -1
- package/dist/packem_chunks/version-resolver.js +1 -1
- package/dist/packem_shared/command-runtime-CR70qSUM.js +1 -0
- package/dist/packem_shared/{cyclonedx-kYozDyxp.js → cyclonedx-Cadls41z.js} +1 -1
- package/dist/packem_shared/{index-Du8RWawQ.js → index-3jMNqQom.js} +1 -1
- package/dist/packem_shared/index-Bt521H5J.js +30 -0
- package/dist/packem_shared/{index-CgcF6_wo.js → index-DGSsjmpV.js} +1 -1
- package/dist/packem_shared/{pm-runner-OGResYrA.js → pm-runner-BKZQo7Ts.js} +1 -1
- package/dist/packem_shared/{provenance-_CJjMKwu.js → provenance-BFEwKgI3.js} +1 -1
- package/dist/packem_shared/{resolve-explicit-CMDl55Nz.js → resolve-explicit-C6WM-I2u.js} +1 -1
- package/dist/packem_shared/{s1ngularity-Dhr3bPk0.js → s1ngularity-DCPmPE5M.js} +1 -1
- package/dist/packem_shared/{signatures-C730vkyK.js → signatures-Xpd6HjG_.js} +1 -1
- package/index.d.ts +201 -201
- package/index.js +26 -26
- package/package.json +13 -13
- package/schemas/vis-config.schema.json +12 -0
- package/dist/packem_shared/index-yBikBkHT.js +0 -30
|
@@ -1 +1 @@
|
|
|
1
|
-
import{I as p,W as
|
|
1
|
+
import{I as p,W as d}from"../packem_shared/pm-runner-BKZQo7Ts.js";import{r as g,a as k}from"../packem_shared/command-runtime-CR70qSUM.js";import{i as v}from"../packem_shared/utils-Cxree603.js";const h=async({argument:l,logger:a,options:e,visConfig:o,workspaceRoot:c})=>{const s=l;if(!s||s.length===0)throw new Error("No command specified. Usage: vis exec <command> [args...]");const[i,...t]=s,r=c??process.cwd(),m=g({logger:a,options:e,visConfig:o},r),f=p(r,{backend:k(m),configBackend:o?.install?.backend,configCorepack:o?.install?.corepack}),n=d(f,{args:t,command:i,filter:v(e.filter),parallel:e.parallel||!1,recursive:e.recursive||!1,reverse:e.reverse||!1,shellMode:e.shellMode||!1,workspaceRoot:e.workspaceRoot||!1},r,a);n!==0&&(process.exitCode=n)};export{h as default};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
import{I as
|
|
1
|
+
import{I as f,P as d}from"../packem_shared/pm-runner-BKZQo7Ts.js";import{r as k,a as m}from"../packem_shared/command-runtime-CR70qSUM.js";const v=async({argument:o,logger:s,options:i,process:c,visConfig:e,workspaceRoot:r})=>{if(!o||o.length===0)throw new Error("No package specified. Usage: vis info <package> [field...]");const[t,...l]=o,a=r??c.cwd,p=k({logger:s,options:i,visConfig:e},a),g=f(a,{backend:m(p),configBackend:e?.install?.backend,configCorepack:e?.install?.corepack}),n=d(g,{fields:l,json:i.json||!1,package:t},a,s);n!==0&&n!==1&&(process.exitCode=n)};export{v as default};
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import{createRequire as A}from"node:module";import{m,y as N,f as $,T as S}from"../packem_shared/index-BDmTbWX1.js";import{b as F,q as h}from"./config.js";import{p as e}from"./bin.js";import{w as I}from"../packem_shared/pm-runner-
|
|
1
|
+
import{createRequire as A}from"node:module";import{m,y as N,f as $,T as S}from"../packem_shared/index-BDmTbWX1.js";import{b as F,q as h}from"./config.js";import{p as e}from"./bin.js";import{w as I}from"../packem_shared/pm-runner-BKZQo7Ts.js";import{w as P}from"../packem_shared/build-scripts-CCCi8U66.js";import{O as R}from"../packem_shared/native-config-sync-BEkJW7g3.js";import{S as T}from"../packem_shared/min-release-age-D1alDE3K.js";const B=A(import.meta.url),g=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,x=t=>{if(typeof g<"u"&&g.versions&&g.versions.node){const[s,o]=g.versions.node.split(".").map(Number);if(s>22||s===22&&o>=3||s===20&&o>=16)return g.getBuiltinModule(t)}return B(t)},{execFileSync:E}=x("node:child_process"),{createInterface:M}=x("node:readline"),q=t=>{const s=[];return $(m(t,"turbo.json"))&&s.push("turborepo"),$(m(t,"nx.json"))&&s.push("nx"),$(m(t,".moon"))&&s.push("moon"),s},C=(t,s)=>new Promise(o=>{t.question(s,i=>{o(i.trim())})}),u=async(t,s,o=!0)=>{const i=await C(t,`${s} ${o?"[Y/n]":"[y/N]"} `);return i===""?o:i.toLowerCase()==="y"||i.toLowerCase()==="yes"},w=(t,s)=>{const o=[],i=Object.entries(s.allowBuilds).filter(([,l])=>l).map(([l])=>` "${l}": true,`).join(`
|
|
2
2
|
`),a=[` installScripts: {
|
|
3
3
|
allow: ${i?`{
|
|
4
4
|
${i}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import{I as $,E as u,V as k,s as y}from"../packem_shared/Table-CcVkyULl-B_ef6zfS.js";import{p}from"./bin.js";import{r as N,M,a as R,b as S,c as x,d as A,e as V,f as b,g as C,h as E}from"../packem_shared/s1ngularity-
|
|
1
|
+
import{I as $,E as u,V as k,s as y}from"../packem_shared/Table-CcVkyULl-B_ef6zfS.js";import{p}from"./bin.js";import{r as N,M,a as R,b as S,c as x,d as A,e as V,f as b,g as C,h as E}from"../packem_shared/s1ngularity-DCPmPE5M.js";import{g as P,a as j,r as B}from"../packem_shared/provenance-BFEwKgI3.js";import{r as D}from"../packem_shared/signatures-Xpd6HjG_.js";const v=new Set(["archivedRepo","author","downloads","expiredDomains","metadata","newBin","provenance","s1ngularity","signatures"]),I=r=>{const s=r.trim();if(s==="")return;if(s.startsWith("@")){const o=s.indexOf("@",1);return o===-1?{name:s,spec:void 0}:{name:s.slice(0,o),spec:s.slice(o+1)||void 0}}const i=s.indexOf("@");return i===-1?{name:s,spec:void 0}:{name:s.slice(0,i),spec:s.slice(i+1)||void 0}},O=r=>{if(r===void 0||r.trim()==="")return;const s=new Set;for(const i of r.split(",")){const o=i.trim();if(!v.has(o))throw new Error(`Unknown marshall in --only: ${o}. Known: ${[...v].sort().join(", ")}.`);s.add(o)}return s},m=(r,s)=>r===void 0||r.has(s),F=r=>r?.has("signatures")??!1,H=async({argument:r,options:s,workspaceRoot:i})=>{if(!r||r.length===0)throw new Error("No package specified. Usage: vis inspect <package>[@<spec>]");const o=I(r[0]);if(o===void 0)throw new Error(`Invalid package argument: "${String(r[0])}". Usage: vis inspect <package>[@<spec>]`);const t=O(s.only),f=await P(o.name,{workspaceRoot:i});if(f===void 0){p.error(`Package ${o.name} not found in the registry.`),process.exitCode=2;return}const g=j(f,o.spec);if(g===void 0){p.error(`Could not resolve ${o.name}@${o.spec??"latest"} to a published version.`),process.exitCode=2;return}const c=[{name:o.name,version:g}],n=new M;if(m(t,"author")){const e=await N(c,{workspaceRoot:i});for(const a of e)n.add({marshall:"author",message:a.message,packageName:a.packageName,severity:a.severity})}if(m(t,"provenance")){const e=await B(c);for(const a of e)n.add({marshall:"provenance",message:`Prior version ${a.priorVersionWithProvenance} had provenance but ${a.version} does not.`,packageName:a.packageName,severity:"error"})}if(m(t,"s1ngularity")){const e=await R(c,{workspaceRoot:i});for(const a of e){const d=a.hookChanges.map(w=>`${w.hook} (${w.kind})`).join(", "),l=a.hookChanges.length===1;n.add({marshall:"s1ngularity",message:`${a.version} ${l?"has an":"has"} install-script ${l?"change":"changes"} [${d}] AND dropped the provenance attestation that ${a.priorVersion} carried — this is the s1ngularity compromised-publish shape.`,packageName:a.packageName,severity:"error"})}}if(m(t,"newBin")){const e=await S(c);for(const a of e){const d=a.newBins.map(l=>l.command).join(", ");n.add({marshall:"newBin",message:`${a.toVersion} adds new bin script${a.newBins.length===1?"":"s"}: ${d} (prior: ${a.fromVersion}).`,packageName:a.packageName,severity:"warning"})}}if(m(t,"metadata")){const e=await x(c,{workspaceRoot:i});for(const a of e)n.add({marshall:"metadata",message:`Missing/invalid metadata: ${a.issues.join(", ")}.`,packageName:a.packageName,severity:"warning"})}if(m(t,"downloads")){const e=await A([o.name]);for(const a of e){const d=a.downloadsLastMonth===void 0?"unknown":String(a.downloadsLastMonth);n.add({marshall:"downloads",message:a.kind==="no-data"?"npm stats API returned no monthly download data.":`Only ${d} downloads in the past month.`,packageName:a.packageName,severity:a.severity})}}if(m(t,"expiredDomains")){const e=await V(c,{workspaceRoot:i});for(const a of e)n.add({marshall:"expiredDomains",message:a.kind==="expired"?`Maintainer email domain ${a.domain} (${a.maintainer}) is unregistered — potential hijack risk.`:`Could not verify maintainer email domain ${a.domain} (${a.maintainer}).`,packageName:a.packageName,severity:a.severity})}if(F(t)){const e=await D(c,{workspaceRoot:i});for(const a of e)n.add({marshall:"signatures",message:a.message,packageName:a.packageName,severity:a.severity})}if(m(t,"archivedRepo")){const e=await b(c,{workspaceRoot:i});for(const a of e)n.add({marshall:"archivedRepo",message:a.kind==="archived"?`Source repo ${a.owner}/${a.repo} is archived${a.archivedAt===void 0?"":` (since ${a.archivedAt})`}.`:`Source repo ${a.owner}/${a.repo} returned 404 from GitHub.`,packageName:a.packageName,severity:"warning"})}const h=n.all();if(s.json===!0)process.stdout.write(`${JSON.stringify(C(h),void 0,2)}
|
|
2
2
|
`);else{const e=`${o.name}@${g}`;if(h.length===0)p.info(`${$("✓")} ${e} — no findings.`);else{p.info(`${u("Inspecting")} ${e}`);for(const l of E(h))process.stdout.write(`${l}
|
|
3
3
|
`);const a=n.errors().length,d=n.warnings().length;process.stdout.write(`
|
|
4
4
|
${u("Summary:")} ${k(`${String(a)} error${a===1?"":"s"}`)}, ${y(`${String(d)} warning${d===1?"":"s"}`)}.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
import{m as
|
|
1
|
+
import{m as w,f as _,H as B,j as A}from"../packem_shared/index-BDmTbWX1.js";import{p as t}from"./bin.js";import{w as F,I as h,p as H,h as T}from"../packem_shared/pm-runner-BKZQo7Ts.js";import{a as M,r as N}from"../packem_shared/command-runtime-CR70qSUM.js";import{s as Q}from"../packem_shared/typosquats-DN78xx1x.js";import{h as U,P as V}from"../packem_shared/peer-warnings-BXAzXqY3.js";import{i as W}from"../packem_shared/utils-Cxree603.js";const G=["pnpm-lock.yaml","yarn.lock","package-lock.json","npm-shrinkwrap.json","bun.lock","bun.lockb"],J=a=>{let r=a;for(;;){for(const l of G)if(_(w(r,l)))return!0;const n=B(r);if(n===r||A(r).root===r)return!1;r=n}},g=new Set(["aube","auto","bun","npm","pnpm","yarn"]),se=async a=>{const{argument:r,fs:n,logger:l,options:e,visConfig:i,workspaceRoot:C}=a,s=C??process.cwd();if(r&&r.length>0){const o=e,{default:q}=await import("./handler16.js"),I=o.marshallCheck===!1||o["no-marshall-check"]===!0?!1:void 0,z=o.socketCheck===!1||o["no-socket-check"]===!0?!1:void 0,E=o.typosquatCheck===!1||o["no-typosquat-check"]===!0?!1:void 0,P=o.runScripts===!0||o["run-scripts"]===!0,j=o.workspaceRoot===!0||o["workspace-root"]===!0,D=o.saveOptional===!0||o["save-optional"]===!0,$=e.dev===!0,L={autoInstallPeers:!1,exact:o.exact===!0,filter:e.filter,global:!1,marshallCheck:I,runScripts:P,saveDev:$,saveOptional:D,savePeer:!1,socketCheck:z,to:void 0,typosquatCheck:E,workspace:!1,workspaceRoot:j};await q({...a,argument:r,options:L});return}if(e.typosquatCheck!==!1&&!await Q(s,i?.security?.typosquatAllowlist)){process.exitCode=1;return}const c=e.installer;if(c&&!g.has(c)){t.error(`Invalid --installer value: "${c}". Expected one of: ${[...g].join(", ")}.`),process.exitCode=1;return}const y=c,b=e.aube===!1,f=M(N({logger:l,options:e,visConfig:i},s));let p;try{p=b?f===void 0?F(s):h(s,{backend:f}):h(s,{backend:y??f,configBackend:i?.install?.backend,configCorepack:i?.install?.corepack})}catch(o){t.error(o instanceof Error?o.message:String(o)),process.exitCode=1;return}const m=H(s,p);m&&t.warn(m);const x=W(e.filter),u=e.ci||!1,d=e.frozenLockfile||u,O=e.frozenLockfile===!1||e.force||e.lockfileOnly,R=J(s),v=d||!O&&R;if(!d&&v&&!e.silent&&t.info("Defaulting to frozen lockfile (pass --no-frozen-lockfile to allow lockfile updates)."),u){t.info("Clean install: removing node_modules...");try{await n.rm(w(s,"node_modules"),{force:!0,recursive:!0})}catch(o){t.error(`Failed to remove node_modules: ${o instanceof Error?o.message:String(o)}`),process.exitCode=1;return}}const{code:k,output:S}=await T(p,{dev:e.dev||!1,filter:x,force:e.force||!1,frozenLockfile:v,ignoreScripts:!e.runScripts,lockfileOnly:e.lockfileOnly||!1,noOptional:e.optional===!1,offline:e.offline||!1,prod:e.prod||!1,recursive:e.recursive||!1,silent:e.silent||!1,workspaceRoot:e.workspaceRoot||!1},s,l,{ciMode:u,preferOffline:e.preferOffline||!1});k!==0&&(process.exitCode=k),k===0&&!e.silent&&U(S)&&t.info(V)};export{se as default};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
import{createRequire as E}from"node:module";import{I as x,E as j,V as T,s as A}from"../packem_shared/Table-CcVkyULl-B_ef6zfS.js";import{m as L,O as
|
|
1
|
+
import{createRequire as E}from"node:module";import{I as x,E as j,V as T,s as A}from"../packem_shared/Table-CcVkyULl-B_ef6zfS.js";import{m as L,O as B}from"../packem_shared/index-BDmTbWX1.js";import{l as b,c as N,p as f,f as F,b as z,P as U,R as V,Y,Z as H,_ as C,a0 as J,a1 as W,a2 as $,B as Z,a3 as G}from"./bin.js";import"../packem_shared/public-api-WqUCiyIe.js";import{I as K,M as Q,R as X}from"../packem_shared/pm-runner-BKZQo7Ts.js";import{r as ee,a as se}from"../packem_shared/command-runtime-CR70qSUM.js";import{r as P,a as oe,p as te,b as ne}from"../packem_shared/resolve-explicit-C6WM-I2u.js";import{r as re}from"../packem_shared/typosquats-DN78xx1x.js";import{f as _,i as R}from"../packem_shared/utils-Cxree603.js";import{a as ae}from"./config.js";const q=E(import.meta.url),w=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,I=o=>{if(typeof w<"u"&&w.versions&&w.versions.node){const[c,e]=w.versions.node.split(".").map(Number);if(c>22||c===22&&e>=3||c===20&&e>=16)return w.getBuiltinModule(o)}return q(o)},{createInterface:O}=I("node:readline"),S=o=>o==="default"?"catalog:":`catalog:${o}`,v=o=>o==="default"?"default catalog":`catalog "${o}"`,ie=(o,c)=>{const e=[];for(const[s,t]of c)s.includes(":")||t.has(o)&&e.push(s);if(e.length===0)return;if(e.length===1){const[s]=e;return{source:v(s),spec:S(s)}}const r=e.find(s=>s==="default")??e[0],a=e.filter(s=>s!==r);return{candidates:[...e],conflict:!0,source:`${v(r)} (also in: ${a.map(s=>v(s)).join(", ")})`,spec:S(r)}},ce=(o,c)=>{const e=new Map;for(const[i,u]of c){if(!i.includes(":"))continue;const p=u.get(o);p!==void 0&&e.set(p,(e.get(p)??0)+1)}if(e.size===0)return;const r=[...e.entries()],a=r.reduce((i,[,u])=>i+u,0);if(r.length===1){const[[i]]=r;return{source:`siblings (${String(a)} pkg${a===1?"":"s"} on ${i})`,spec:i}}const s=[...r].sort((i,u)=>u[1]-i[1]),[t,n]=s[0],l=s.slice(1).map(([i,u])=>`${i} (×${String(u)})`);return{candidates:s.map(([i])=>i),conflict:!0,source:`siblings (most common: ${t} ×${String(n)}; conflicts: ${l.join(", ")})`,spec:t}},le=(o,c)=>ie(o,c)||ce(o,c),pe=(o,c,e)=>{const r=[];for(const a of o.values()){const{overall:s}=a.score,t=Z(s),n=`${String(Math.round(s*100))}%`,l=a.alerts.length,i=$(a),u=H(i,a.version,e),p=t==="red"?T:t==="yellow"?A:x;if(u?f.info(` ${p(n)} ${C(a)} ${j(`[accepted: ${u.reason}]`)}`):f.info(` ${p(n)} ${C(a)}`),l>0){const g=a.alerts.filter(d=>d.severity==="critical"||d.severity==="high").length;g>0&&f.warn(` ${String(g)} critical/high alert${g===1?"":"s"}`)}s<c&&!u&&r.push(a)}return r},fe=async(o,c)=>{const e=O({input:process.stdin,output:process.stdout}),r=n=>new Promise(l=>{e.question(n,i=>{l(i.trim())})}),a=String(Math.round(c*100));f.warn(""),f.warn(`${String(o.length)} package${o.length===1?"":"s"} scored below the minimum threshold (${a}%):`);for(const n of o){const l=$(n),i=`${String(Math.round(n.score.overall*100))}%`;f.warn(` • ${l}@${n.version} — score: ${i} (${J(n.score.overall)})`)}f.warn("");const s=await r("Continue adding these packages? [y/N] ");if(s.toLowerCase()!=="y"&&s.toLowerCase()!=="yes")return e.close(),!1;const t=await r("Remember this decision? (prints config snippet) [y/N] ");if(e.close(),t.toLowerCase()==="y"||t.toLowerCase()==="yes"){f.notice(""),f.notice("Add the following to security.acceptedRisks in vis.config.ts:"),f.notice("");for(const n of o){const l=$(n),i=W(l,n.version,n.score.overall,"Reviewed and accepted");f.notice(i)}f.notice("")}return!0},ue=async(o,c,e,r)=>{const a=await P(o);if(a.length===0)return!0;f.info(""),f.info(`${c.map(n=>n.displayName).join(" + ")} security check:`);const s=await F(c,a);if(s.size===0)return f.info(" Could not fetch security data. Proceeding."),!0;const t=pe(s,e,r);return t.length===0?(f.info(""),!0):process.stdin.isTTY?fe(t,e):(f.warn(`Aborting: ${String(t.length)} package${t.length===1?"":"s"} below minimum score. Use --no-socket-check to skip.`),!1)},de=["dependencies","devDependencies","peerDependencies","optionalDependencies"],ge=o=>o.savePeer?"peerDependencies":o.saveOptional?"optionalDependencies":o.saveDev?"devDependencies":"dependencies",D=(o,c)=>o.startsWith("catalog:")||!c?o:o.replace(/^[\^~]/,""),me=async(o,c)=>{const e=[];for(const s of o){const{name:t,versionSpec:n}=_(s);if(!t)continue;if(n!==void 0){e.push({explicit:n,name:t});continue}const l=le(t,c);if(l){l.conflict&&f.warn(`${t}: ambiguous constraint — picking ${l.spec} (${l.source}). Pass ${t}@<version> to override.`),e.push({entry:{name:t,source:l.source,spec:l.spec},kind:"resolved",name:t});continue}e.push({kind:"missing",name:t})}const r=e.filter(s=>"kind"in s&&s.kind==="missing").map(s=>s.name),a=r.length>0?await ne(r):new Map;return e.map(s=>{if("explicit"in s)return{name:s.name,source:"explicit",spec:s.explicit};if(s.kind==="resolved")return s.entry;const t=a.get(s.name);if(t===void 0)throw new Error(`--to: cannot resolve a version for "${s.name}" (not in any catalog or sibling, and registry lookup failed). Pass ${s.name}@<version> explicitly.`);const n=`^${t}`;return f.info(`${s.name}: no existing constraint — using registry latest (${n}). Add to a catalog to share this version across workspace packages.`),{name:s.name,source:"registry latest",spec:n}})},he=(o,c,e,r)=>{for(const{name:a,spec:s}of c){const t=D(s,r);for(const l of de){if(l===e)continue;const i=o[l];i?.[a]!==void 0&&(delete i[a],Object.keys(i).length===0&&delete o[l])}let n=o[e];n===void 0&&(n={},o[e]=n),n[a]=t}},ke=async({ignoreScripts:o,logger:c,options:e,packages:r,pm:a,target:s,visConfig:t,workspaceRoot:n})=>{const{workspace:l}=z(n,t??{}),i=l.projects[s];if(!i){const m=Object.keys(l.projects).sort();throw new Error(`--to: workspace package "${s}" not found. Available: ${m.length>0?m.slice(0,10).join(", "):"(none)"}${m.length>10?`, ... (${String(m.length-10)} more)`:""}.`)}const u=L(n,i.root,"package.json"),{packageManager:p}=U(n),g=V(n,p),d=ge(e),k=e.exact??!1,h=await me(r,g);if(h.length===0)return 0;const y=ae(u);he(y,h,d,k),B(u,y,{indent:Y(u,{useEditorconfig:t?.editorconfig??!0}),overwrite:!0});for(const m of h){const M=D(m.spec,k);f.info(`${x("+")} ${m.name}@${M} → ${s}/${d} (${j(m.source)})`)}return X(a,{dev:!1,filter:[],force:!1,frozenLockfile:!1,ignoreScripts:o,lockfileOnly:!1,noOptional:!1,offline:!1,prod:!1,recursive:!1,silent:!1,workspaceRoot:!1},n,c)},_e=async({argument:o,logger:c,options:e,visConfig:r,workspaceRoot:a})=>{let s=o;if(!s||s.length===0)throw new Error("No packages specified. Usage: vis add <packages...>");if(e.typosquatCheck!==!1){const p=s.map(d=>_(d)),g=await re(p.map(d=>d.name),r?.security?.typosquatAllowlist);if(!g.ok){process.exitCode=1;return}s=p.map((d,k)=>{const h=g.packages[k];return h!==d.name?d.versionSpec?`${h}@${d.versionSpec}`:h??"":s[k]??""})}if(e.marshallCheck!==!1){const p=await P(s);if(p.length>0){const g=await oe(p,{config:r?.security?.marshalls,workspaceRoot:a});if(!await te(g)){process.exitCode=1;return}}}if(e.socketCheck!==!1){const p=new Set;b("socket")&&p.add("socket"),b("depsDev")&&p.add("deps-dev");const g=N(r?.security,{disabled:p,minimumScore:r?.security?.policies?.score?.minimum});if(g.length>0){const d=r?.security?.policies?.score?.minimum??G;if(!await ue(s,g,d,r?.security?.acceptedRisks)){process.exitCode=1;return}}}const t=process.cwd(),n=ee({logger:c,options:e,visConfig:r},a??t),l=K(a??t,{backend:se(n),configBackend:r?.install?.backend,configCorepack:r?.install?.corepack}),i=!e.runScripts;if(e.to){if(e.global||e.workspaceRoot)throw new Error("--to is incompatible with --global / --workspace-root.");if(e.filter&&R(e.filter).length>0)throw new Error("--to and --filter are mutually exclusive — --to already targets one package.");if(!a)throw new Error("--to requires a monorepo workspace. Run from inside a pnpm/bun/yarn/npm workspace.");const p=await ke({ignoreScripts:i,logger:c,options:e,packages:s,pm:l,target:e.to,visConfig:r,workspaceRoot:a});p!==0&&(process.exitCode=p);return}const u=Q(l,{exact:e.exact||!1,filter:R(e.filter),global:e.global||!1,optional:e.saveOptional||!1,packages:s,peer:e.savePeer||!1,saveDev:e.saveDev||!1,workspace:e.workspace||!1,workspaceRoot:e.workspaceRoot||!1},t,c,{autoInstallPeers:e.autoInstallPeers||!1,ignoreScripts:i});u!==0&&(process.exitCode=u)};export{_e as default};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
import{I as
|
|
1
|
+
import{I as m,j as p}from"../packem_shared/pm-runner-BKZQo7Ts.js";import{r as g,a as d}from"../packem_shared/command-runtime-CR70qSUM.js";const u=async({argument:s,logger:e,options:r,visConfig:o,workspaceRoot:t})=>{const c=s?.[0]??null,n=t??process.cwd(),i=g({logger:e,options:r,visConfig:o},n),l=m(n,{backend:d(i),configBackend:o?.install?.backend,configCorepack:o?.install?.corepack}),a=p(l,c,n,e);a!==0&&(process.exitCode=a)};export{u as default};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
import{I as
|
|
1
|
+
import{I as g,B as m}from"../packem_shared/pm-runner-BKZQo7Ts.js";import{r as u,a as f}from"../packem_shared/command-runtime-CR70qSUM.js";const b=async({argument:s,logger:i,options:t,visConfig:e,workspaceRoot:c})=>{const o=s;if(!o||o.length===0)throw new Error("No subcommand specified. Available: cache, publish, audit, list, view, config, whoami, login, logout, pack, owner, dist-tag, search, fund, ping, token, deprecate, rebuild, prune, plugin");const[r,...l]=o,n=c??process.cwd(),p=u({logger:i,options:t,visConfig:e},n),d=g(n,{backend:f(p),configBackend:e?.install?.backend,configCorepack:e?.install?.corepack}),a=m(d,r,l,n,i);a!==0&&(process.exitCode=a)};export{b as default};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
import{I as
|
|
1
|
+
import{I as p,D as f}from"../packem_shared/pm-runner-BKZQo7Ts.js";import{r as g,a as k}from"../packem_shared/command-runtime-CR70qSUM.js";import{i as m}from"../packem_shared/utils-Cxree603.js";const w=async({argument:t,logger:r,options:e,visConfig:o,workspaceRoot:n})=>{const a=t;if(!a||a.length===0)throw new Error("No packages specified. Usage: vis remove <packages...>");const s=process.cwd(),c=g({logger:r,options:e,visConfig:o},n??s),l=p(n??s,{backend:k(c),configBackend:o?.install?.backend,configCorepack:o?.install?.corepack}),i=f(l,{filter:m(e.filter),global:e.global||!1,packages:a,recursive:e.recursive||!1,saveDev:e.saveDev||!1,workspaceRoot:e.workspaceRoot||!1},s,r);i!==0&&(process.exitCode=i)};export{w as default};
|
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
import{B as k,a as B,H as g}from"../packem_shared/index-BDmTbWX1.js";import{b as h,O as j,p as m}from"./bin.js";import{b as v,s as y}from"../packem_shared/cyclonedx-
|
|
1
|
+
import{B as k,a as B,H as g}from"../packem_shared/index-BDmTbWX1.js";import{b as h,O as j,p as m}from"./bin.js";import{b as v,s as y}from"../packem_shared/cyclonedx-Cadls41z.js";const l=["json","xml"],C=n=>l.includes(n),R=async({fs:n,options:e,visConfig:d,workspaceRoot:o})=>{if(!o)throw new Error("Could not determine workspace root. Run inside a monorepo.");const{packageJsons:f,workspace:i}=h(o,d),u=j(o,i,f),c=e.focus,w=c?c.split(",").map(b=>b.trim()).filter(Boolean):void 0,s=(e.format??"json").toLowerCase();if(!C(s))throw new Error(`Unknown --format: "${s}". Expected one of: ${l.join(", ")}.`);const t=v({focus:w,includeDev:!!e.includeDev,projectGraph:u,workspace:i,workspaceRoot:o}),a=s==="xml"?y(t):`${JSON.stringify(t,void 0,2)}
|
|
2
2
|
`,p=e.output??(s==="xml"?"sbom.cdx.xml":"sbom.cdx.json");if(p==="-"){process.stdout.write(a);return}const r=k(o,p);B(g(r)),await n.writeFile(r,a,"utf8");const x=t.components?.length??0,$=t.dependencies?.length??0;m.success(`SBOM written to ${r}`),m.notice(`${x} components, ${$} dependency edges`)};export{R as default};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
import{I as
|
|
1
|
+
import{I as m,S as p}from"../packem_shared/pm-runner-BKZQo7Ts.js";import{r as g,a as d}from"../packem_shared/command-runtime-CR70qSUM.js";const u=async({argument:r,logger:s,options:a,visConfig:e,workspaceRoot:i})=>{const t=r||[],o=i??process.cwd(),c=g({logger:s,options:a,visConfig:e},o),l=m(o,{backend:d(c),configBackend:e?.install?.backend,configCorepack:e?.install?.corepack}),n=p(l,t,a.recursive||!1,o,s);n!==0&&(process.exitCode=n)};export{u as default};
|
|
@@ -1,3 +1,3 @@
|
|
|
1
|
-
import{createRequire as u}from"node:module";import{c as p}from"../packem_shared/index-
|
|
1
|
+
import{createRequire as u}from"node:module";import{c as p}from"../packem_shared/index-Bt521H5J.js";const f=u(import.meta.url),r=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,a=s=>{if(typeof r<"u"&&r.versions&&r.versions.node){const[e,i]=r.versions.node.split(".").map(Number);if(e>22||e===22&&i>=3||e===20&&i>=16)return r.getBuiltinModule(s)}return f(s)},{execSync:d,spawnSync:l}=a("node:child_process"),v=async({argument:s,logger:e,options:i})=>{const t=s?.[0];e.info("info: checking for updates...");const n=p.version;let o;try{const c=d("npm view @visulima/vis version",{encoding:"utf8"}).trim();o=t??c}catch{throw new Error("Failed to query npm registry. Check your network connection.")}if(n===o&&!i.force){e.info(`
|
|
2
2
|
✓ Already up to date (${n})`);return}if(i.check){n===o?e.info(`✓ Already up to date (${n})`):e.info(`info: found @visulima/vis@${o} (current: ${n})`);return}if(e.info(`info: found @visulima/vis@${o} (current: ${n})`),e.info("info: installing..."),l("npm",["install","-g",`@visulima/vis@${o}`],{encoding:"utf8",stdio:"inherit"}).status!==0)throw new Error("Failed to update. Try running with sudo or fix npm permissions.");e.info(`
|
|
3
3
|
✓ Updated @visulima/vis from ${n} → ${o}`)};export{v as default};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
import{I as
|
|
1
|
+
import{I as f,E as d}from"../packem_shared/pm-runner-BKZQo7Ts.js";import{r as g,a as m}from"../packem_shared/command-runtime-CR70qSUM.js";import{i as k}from"../packem_shared/utils-Cxree603.js";const h=async({argument:r,logger:n,options:o,process:i,visConfig:a,workspaceRoot:t})=>{const e=r;if(!e||e.length===0)throw new Error("No packages specified. Usage: vis why <package...>");const s=t??i.cwd,p=g({logger:n,options:o,visConfig:a},s),c=f(s,{backend:m(p),configBackend:a?.install?.backend,configCorepack:a?.install?.corepack}),l=d(c,{depth:o.depth===void 0?void 0:Number(o.depth),dev:o.dev||!1,filter:k(o.filter),global:o.global||!1,json:o.json||!1,long:o.long||!1,noOptional:o.optional===!1,packages:e,parseable:o.parseable||!1,prod:o.prod||!1,recursive:o.recursive||!1},s,n);l!==0&&l!==1&&(process.exitCode=l)};export{h as default};
|
|
@@ -1,2 +1 @@
|
|
|
1
|
-
import{createRequire as
|
|
2
|
-
`)[0]?.slice(0,80)??""}`))};export{W as __setBotPrRunnerForTests,Y as default,D as parseBotPrTitle};
|
|
1
|
+
import{createRequire as h}from"node:module";import{A as b,B as v}from"../packem_shared/index-BDmTbWX1.js";import{r as y}from"../packem_shared/command-runtime-CR70qSUM.js";const w=h(import.meta.url),n=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,_=o=>{if(typeof n<"u"&&n.versions&&n.versions.node){const[r,s]=n.versions.node.split(".").map(Number);if(r>22||r===22&&s>=3||r===20&&s>=16)return n.getBuiltinModule(o)}return w(o)},{spawnSync:l}=_("node:child_process"),x=["--experimental-transform-types","--disable-warning=ExperimentalWarning"],E=(o,r,s)=>{const e=l(process.execPath,[...x,o,...r],{cwd:s,stdio:"inherit"});if(e.error)throw e.error;return e.status??(e.signal?1:0)},j=(o,r,s)=>{const e=l("bun",["run",o,...r],{cwd:s,stdio:"inherit"});if(e.error){const{code:c}=e.error;throw c==="ENOENT"?new Error("Runtime is set to bun but the `bun` binary is not on PATH. Install it from https://bun.sh."):e.error}return e.status??(e.signal?1:0)},N=async({argument:o,logger:r,options:s,rawUnknown:e,visConfig:c,workspaceRoot:d})=>{const f=o??[],[t,...m]=f;if(t===void 0)throw new Error("No file specified. Usage: vis x <file> [args...]");const i=process.cwd(),a=b(t)?t:v(i,t),u=[...m,...e??[]],{runtime:g}=y({logger:r,options:s,visConfig:c},d??i),p=g==="bun"?j(a,u,i):E(a,u,i);p!==0&&(process.exitCode=p)};export{N as default};
|
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
import{
|
|
2
|
-
`)
|
|
1
|
+
import{createRequire as R}from"node:module";import{DEFAULT_CHANGES_DIR as C}from"./DEFAULT_CLEAN_KEEP.js";import{b as E,f as B}from"./orchestrator.js";import{r as T}from"../packem_shared/slug-DoueYuLo.js";import{VisReleaseError as w}from"../packem_shared/VisReleaseError-DMGRBTNO.js";const S=R(import.meta.url),u=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,$=e=>{if(typeof u<"u"&&u.versions&&u.versions.node){const[o,n]=u.versions.node.split(".").map(Number);if(o>22||o===22&&n>=3||o===20&&n>=16)return u.getBuiltinModule(e)}return S(e)},{mkdir:V,writeFile:O}=$("node:fs/promises"),{resolve:b,sep:k,join:P}=$("node:path");let y;const W=e=>{y=e},_=async()=>y||(await import("./shell-runner.js")).createShellRunner(),v=e=>!e||!/^[\dv]/i.test(e)?!1:/^[\d.+\-a-z]+$/i.test(e),D=e=>{const o=e.trim(),n=/^(?:[a-z]+(?:\([^)]+\))?:\s+)?[Bb]ump\s+(?<dep>\S+)\s+from\s+(?<fromVersion>\S+)\s+to\s+(?<toVersion>\S+)(?:\s+in\s+\S+)?$/.exec(o);if(n?.groups){const t=n.groups.toVersion;return v(t)?{dep:n.groups.dep,fromVersion:n.groups.fromVersion,toVersion:t}:void 0}const s=/^(?:[a-z]+(?:\([^)]+\))?:\s+)?[Uu]pdate\s+(?:dependency|module)\s+(?<dep>\S+)\s+to\s+(?<toVersion>\S+)(?:\s+\S.*)?$/.exec(o);if(s?.groups){const t=s.groups.toVersion;return v(t)?{dep:s.groups.dep,fromVersion:"",toVersion:t}:void 0}},A=async e=>{const o=process.env.PR_NUMBER;if(o&&/^\d+$/.test(o))return Number.parseInt(o,10);const n=process.env.GITHUB_REF;if(n){const s=/^refs\/pull\/(\d+)\//.exec(n);if(s)return Number.parseInt(s[1],10)}try{const s=await(await _()).run("gh",["pr","view","--json","number"],{cwd:e,silent:!0});if(s.exitCode===0){const t=JSON.parse(s.stdout.trim());if(typeof t.number=="number")return t.number}}catch{}},L=async(e,o)=>{try{const n=await(await _()).run("gh",["pr","view",String(o),"--json","title,body,author"],{cwd:e,silent:!0});return n.exitCode!==0?void 0:JSON.parse(n.stdout.trim())}catch{return}},U=(e,o)=>{const n=[];for(const s of o){const{manifest:t}=s;(Object.hasOwn(t.dependencies??{},e)||Object.hasOwn(t.devDependencies??{},e)||Object.hasOwn(t.peerDependencies??{},e)||Object.hasOwn(t.optionalDependencies??{},e))&&n.push(s.name)}return n},F=e=>{const o={};for(const n of e.split(",")){const s=n.trim();if(!s)continue;const t=s.lastIndexOf(":");if(t<1)throw new w({code:"BUMP_FILE_INVALID",message:`Invalid --packages entry: ${JSON.stringify(s)}. Expected "package:level".`});const i=s.slice(0,t).trim(),r=s.slice(t+1).trim();if(r!=="major"&&r!=="minor"&&r!=="patch"&&r!=="none")throw new w({code:"BUMP_FILE_INVALID",message:`Invalid bump level: ${JSON.stringify(r)}. Expected major|minor|patch|none.`});o[i]=r}return o},M=async e=>{const{multiSelectPrompt:o,selectPrompt:n,textPrompt:s}=await import("./prompts.js"),t=await o("Which packages to bump?",e.map(p=>({label:p,value:p}))),i={};for(const p of t){const f=await n(`Bump level for ${p}?`,[{label:"patch — bug fixes only",value:"patch"},{label:"minor — new feature, backward-compatible",value:"minor"},{label:"major — breaking change",value:"major"},{label:"none — acknowledged, no direct bump",value:"none"}]);i[p]=f}const r=await s("Changelog entry (markdown):","");return{bumps:i,message:r}},Y=async({logger:e,options:o,workspaceRoot:n})=>{const s=n??process.cwd(),t=await E({cwd:s,skipRegistryLookup:!0});let i={},r=o.message??"";if(o.fromBotPr){const c=await A(s);if(c===void 0){e.error("No PR found. Set PR_NUMBER, run inside a GitHub Actions PR workflow, or check `gh pr view` works on this branch."),process.exitCode=1;return}const a=await L(s,c);if(!a||typeof a.title!="string"){e.error(`Could not fetch PR #${c} via \`gh pr view\`. Ensure gh is on PATH and authenticated.`),process.exitCode=1;return}const d=D(a.title);if(!d){e.info(`PR #${c} title is not a recognised Dependabot / Renovate pattern; skipping.`),e.info(`Title: ${a.title}`),process.exitCode=0;return}const h=U(d.dep,t.packages),N=d.fromVersion?`from ${d.fromVersion} to ${d.toVersion}`:`to ${d.toVersion}`;if(r=r||`Updated ${d.dep} ${N}`,h.length===0){const g=t.packages[0]?.name;if(!g){e.error("Workspace has no packages — cannot author an acknowledging change file."),process.exitCode=1;return}i={[g]:"none"},r=`${r} (no workspace package depends on ${d.dep})`}else for(const g of h)i[g]="patch"}else if(o.empty)i={},r=r||"Empty change file (no release).";else if(o.packages){i=F(o.packages);const c=new Set(t.packages.map(a=>a.name));for(const a of Object.keys(i))if(!c.has(a))throw new w({code:"BUMP_FILE_INVALID",message:`Unknown workspace package in --packages: ${JSON.stringify(a)}.`,packageName:a})}else{if(!process.stdout.isTTY){e.error("--packages is required when stdin is not a TTY."),e.error("Example: vis release add --packages '@scope/cerebro:minor' --message 'Add X'"),process.exitCode=1;return}const c=await M(t.packages.map(a=>a.name));i=c.bumps,r=r||c.message}if(Object.keys(i).length===0){e.error("No bumps specified."),process.exitCode=1;return}const p=t.config.changesDir??C,f=(o.name??T()).replaceAll(/[^a-z0-9-]/gi,"-"),l=b(s),x=l.endsWith(k)?l:`${l}${k}`,m=b(s,p);if(m!==l&&!m.startsWith(x))throw new w({code:"CONFIG_INVALID",message:`changesDir resolves outside the workspace: ${m} (workspace: ${l}).`});const j=P(m,`${f}.md`),I=B({bumps:i},r);await V(m,{recursive:!0}),await O(j,I,{flag:"wx"}),e.info(`Created ${p}/${f}.md`),e.info("");for(const[c,a]of Object.entries(i))e.info(` ${c}: ${a}`);r&&(e.info(""),e.info(` Body: ${r.split(`
|
|
2
|
+
`)[0]?.slice(0,80)??""}`))};export{W as __setBotPrRunnerForTests,Y as default,D as parseBotPrTitle};
|
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
import{
|
|
2
|
-
`).
|
|
1
|
+
import{releaseChangelog as l}from"../packem_shared/ReleaseClient-YHzBIxYS.js";const c=async({logger:o,options:t,workspaceRoot:r})=>{const s=r??process.cwd(),i=t.filter?t.filter.split(",").map(e=>e.trim()).filter(Boolean):void 0,n=await l({channel:t.channel,cwd:s,projects:i});if(t.json){process.stdout.write(`${JSON.stringify(n,null,2)}
|
|
2
|
+
`),n.projectChangelogs.length===0&&(process.exitCode=1);return}if(n.projectChangelogs.length===0){o.info("No pending releases — no changelog entries to render."),process.exitCode=1;return}for(const e of n.projectChangelogs)o.info(`# ${e.package} → ${e.file}`),o.info(""),o.info(e.content),o.info("")};export{c as default};
|
|
@@ -1,3 +1,2 @@
|
|
|
1
|
-
import{
|
|
2
|
-
`);
|
|
3
|
-
`)},v=async({logger:o,options:a,workspaceRoot:e})=>{const n=e??process.cwd(),s=a.noFail===!0,r=a.strict===!0,t=g(),i=await w(t,n),c=R(process.env);(!i||!c)&&o.warn("Not running in a PR context (GITHUB_REF / PR_NUMBER missing or `gh repo view` failed). Falling back to local print.");const p=await h({cwd:n,skipRegistryLookup:!0}),{printConfigIfRequested:d}=await import("./print-config.js");if(d(a,p,o))return;const m=p.config.versionPr?.commentMarker??"<!-- vis-release-comment -->",l=k(p.plan,p.channel?.tag);if(i&&c){const u=await $({body:l,cwd:n,issueNumber:c,marker:m,repo:i,runner:t});if(u)o.info(`${u.created?"Posted":"Updated"} release-plan comment on PR #${c} (id: ${u.id}).`);else{o.error("Failed to post / update PR comment."),process.exitCode=s?0:1;return}}else o.info(l);r&&p.plan.releases.length===0&&(o.error("--strict and no pending releases."),process.exitCode=s?0:1)};export{v as default};
|
|
1
|
+
import{DEFAULT_CHANGES_DIR as R}from"./DEFAULT_CLEAN_KEEP.js";import{b as D,r as F,c as b}from"./orchestrator.js";import{createShellRunner as E}from"./shell-runner.js";const y=async({logger:r,options:d,workspaceRoot:$})=>{const s=$??process.cwd(),p=d.noFail===!0,u=d.strict===!0,t=await D({cwd:s}),{printConfigIfRequested:x}=await import("./print-config.js");if(x(d,t,r))return;const{files:i}=await F({changesDir:t.config.changesDir,cwd:s});if(i.length===0){u?(r.error("No change files present and --strict is set."),r.error(`Run \`vis release add\` to author one in ${t.config.changesDir??R}.`),process.exitCode=p?0:1):(r.warn("No change files present. PR will not produce a release."),process.exitCode=0);return}if(!u){r.info(`${i.length} change file(s) present. ✓`),process.exitCode=0;return}const m=t.config.baseBranch??"main",g=await E().run("git",["diff","--name-only",`${m}...HEAD`],{cwd:s,silent:!0});if(g.exitCode!==0){r.warn(`Could not run git diff vs ${m}: ${g.stderr}`),process.exitCode=0;return}const f=g.stdout.split(`
|
|
2
|
+
`).map(e=>e.trim()).filter(Boolean);if(f.length===0){r.info("No source files changed. ✓"),process.exitCode=0;return}const{default:w}=await import("./index.js"),k=t.config.changedFilePatterns??["**"],v=(e,n,l)=>{if(!e.startsWith(`${n}/`))return!1;const h=e.slice(n.length+1);return l.some(o=>w(o,h))},C=new Set(b(i).keys()),c=new Set;for(const e of f){const n=t.packages.find(o=>{const a=o.dir.startsWith(s)?o.dir.slice(s.length).replace(/^[/\\]/,""):o.dir;return e===`${a}/package.json`||e.startsWith(`${a}/`)});for(const o of t.packages){const a=t.perPackageConfig.get(o.name)?.additionalPaths;!a||a.length===0||a.some(P=>w(P,e))&&!C.has(o.name)&&c.add(o.name)}if(!n)continue;const l=n.dir.startsWith(s)?n.dir.slice(s.length).replace(/^[/\\]/,""):n.dir,h=t.perPackageConfig.get(n.name)?.changedFilePatterns??k;e!==`${l}/package.json`&&!v(e,l,h)||C.has(n.name)||c.add(n.name)}if(c.size>0){r.error("The following packages have changes but no covering change file:");for(const e of c)r.error(` - ${e}`);r.error("Run `vis release add` to author one."),process.exitCode=p?0:1;return}r.info(`${i.length} change file(s); ${f.length} changed file(s) all covered. ✓`),process.exitCode=0};export{y as default};
|
|
@@ -1,6 +1,3 @@
|
|
|
1
|
-
import{
|
|
2
|
-
`);const
|
|
3
|
-
${
|
|
4
|
-
__VIS_RELEASE_EOF__`];try{f(c,`${e.join(`
|
|
5
|
-
`)}
|
|
6
|
-
`)}catch(d){n.warn(`Could not write $GITHUB_OUTPUT: ${d.message}`)}}};export{B as default};
|
|
1
|
+
import{b as h}from"./orchestrator.js";import{escapeMarkdown as f}from"./security.js";import{createShellRunner as g}from"./shell-runner.js";import{d as w,a as R,u as $}from"../packem_shared/sticky-comment-D6_7-w8T.js";const k=(o,a)=>{const e=["### 🚀 Release Plan",""];if(a&&(e.push(`Channel: \`${a}\``),e.push("")),o.releases.length===0)return e.push("_No pending releases._ (Add a change file via `vis release add` to mark this PR as releasing.)"),e.join(`
|
|
2
|
+
`);const n={major:[],minor:[],patch:[]};for(const s of o.releases)n[s.type].push(s);for(const s of["major","minor","patch"])if(n[s].length!==0){e.push(`#### ${s.charAt(0).toUpperCase()}${s.slice(1)}`),e.push("");for(const r of n[s]){const t=[];r.isCascadeBump&&t.push("cascade"),r.isGroupBump&&t.push("group"),r.isDependencyBump&&!r.isCascadeBump&&t.push("dep-bump");const i=t.length>0?` _(${t.join(", ")})_`:"";e.push(`- \`${r.name}\`: ${r.oldVersion} → **${r.newVersion}**${i}`)}e.push("")}if(o.warnings.length>0){e.push("#### ⚠️ Warnings"),e.push("");for(const s of o.warnings)e.push(`- ${f(s)}`)}return e.join(`
|
|
3
|
+
`)},v=async({logger:o,options:a,workspaceRoot:e})=>{const n=e??process.cwd(),s=a.noFail===!0,r=a.strict===!0,t=g(),i=await w(t,n),c=R(process.env);(!i||!c)&&o.warn("Not running in a PR context (GITHUB_REF / PR_NUMBER missing or `gh repo view` failed). Falling back to local print.");const p=await h({cwd:n,skipRegistryLookup:!0}),{printConfigIfRequested:d}=await import("./print-config.js");if(d(a,p,o))return;const m=p.config.versionPr?.commentMarker??"<!-- vis-release-comment -->",l=k(p.plan,p.channel?.tag);if(i&&c){const u=await $({body:l,cwd:n,issueNumber:c,marker:m,repo:i,runner:t});if(u)o.info(`${u.created?"Posted":"Updated"} release-plan comment on PR #${c} (id: ${u.id}).`);else{o.error("Failed to post / update PR comment."),process.exitCode=s?0:1;return}}else o.info(l);r&&p.plan.releases.length===0&&(o.error("--strict and no pending releases."),process.exitCode=s?0:1)};export{v as default};
|
|
@@ -1 +1,6 @@
|
|
|
1
|
-
import{
|
|
1
|
+
import{createRequire as _}from"node:module";import{b as y}from"./orchestrator.js";const m=_(import.meta.url),r=typeof globalThis<"u"&&typeof globalThis.process<"u"?globalThis.process:process,g=n=>{if(typeof r<"u"&&r.versions&&r.versions.node){const[o,i]=r.versions.node.split(".").map(Number);if(o>22||o===22&&i>=3||o===20&&i>=16)return r.getBuiltinModule(n)}return m(n)},{appendFileSync:f}=g("node:fs"),B=async({logger:n,options:o,workspaceRoot:i})=>{const l=i??process.cwd(),s=await y({cwd:l,skipRegistryLookup:!0}),{printConfigIfRequested:u}=await import("./print-config.js");if(u(o,s,n))return;const t=s.plan.releases.length===0?"nothing":s.channel?.mode==="version-pr"?"version-pr":"publish",a=s.plan.releases.map(e=>e.name),p={channel:s.channel?.tag,mode:t,packages:a,plan:s.plan.releases.map(e=>({isCascadeBump:e.isCascadeBump,isDependencyBump:e.isDependencyBump,isGroupBump:e.isGroupBump,name:e.name,newVersion:e.newVersion,oldVersion:e.oldVersion,type:e.type})),prerelease:s.channel?.prerelease,warnings:s.plan.warnings};process.stdout.write(`${JSON.stringify(p,null,2)}
|
|
2
|
+
`);const c=process.env.GITHUB_OUTPUT;if(c){const e=[`mode=${t}`,`packages=${a.join(",")}`,`json<<__VIS_RELEASE_EOF__
|
|
3
|
+
${JSON.stringify(p)}
|
|
4
|
+
__VIS_RELEASE_EOF__`];try{f(c,`${e.join(`
|
|
5
|
+
`)}
|
|
6
|
+
`)}catch(d){n.warn(`Could not write $GITHUB_OUTPUT: ${d.message}`)}}};export{B as default};
|
|
@@ -1,42 +1 @@
|
|
|
1
|
-
const i
|
|
2
|
-
🔧 vis release CI setup
|
|
3
|
-
|
|
4
|
-
1. Workflow permissions
|
|
5
|
-
Add to .github/workflows/vis-release.yml:
|
|
6
|
-
permissions:
|
|
7
|
-
contents: write
|
|
8
|
-
pull-requests: write
|
|
9
|
-
id-token: write # required for OIDC trusted publishing on npm
|
|
10
|
-
|
|
11
|
-
2. Secrets
|
|
12
|
-
Required:
|
|
13
|
-
- VIS_GH_TOKEN — PAT or GitHub App token. Used to force-push the
|
|
14
|
-
version-PR branch and create/edit the version PR. The default
|
|
15
|
-
\${{ github.token }} is anti-recursion-locked and cannot trigger
|
|
16
|
-
downstream workflows on the version-PR.
|
|
17
|
-
- GH_TOKEN — \${{ github.token }} works for read-only / commenting.
|
|
18
|
-
Optional:
|
|
19
|
-
- NPM_TOKEN — fallback when OIDC is not available. Trusted Publishing
|
|
20
|
-
(id-token: write) is preferred.
|
|
21
|
-
|
|
22
|
-
3. Trusted Publishing on npm
|
|
23
|
-
For each published package:
|
|
24
|
-
a. https://npmjs.com/package/<name>/access → Publishing access
|
|
25
|
-
b. Add a Trusted Publisher with provider=GitHub Actions
|
|
26
|
-
c. Repository: visulima/visulima
|
|
27
|
-
d. Workflow filename: vis-release.yml
|
|
28
|
-
e. Environment name: (leave blank unless you use one)
|
|
29
|
-
|
|
30
|
-
4. Concurrency group (recommended)
|
|
31
|
-
concurrency:
|
|
32
|
-
group: vis-release-\${{ github.ref }}
|
|
33
|
-
cancel-in-progress: false
|
|
34
|
-
|
|
35
|
-
5. Husky pre-commit gate (optional)
|
|
36
|
-
Add to .husky/pre-commit:
|
|
37
|
-
vis release check --hook pre-commit --no-fail
|
|
38
|
-
(Or run \`vis release init\` and confirm the prompt — it'll auto-wire
|
|
39
|
-
the hook if you say yes.)
|
|
40
|
-
|
|
41
|
-
📚 RFC: packages/tooling/vis/rfc/design-release-manager.md (§16)
|
|
42
|
-
`,o=async({logger:e})=>{e.info(i)};export{o as default};
|
|
1
|
+
import{b as f}from"./orchestrator.js";import{createShellRunner as g}from"./shell-runner.js";const p=async({logger:r,options:n,workspaceRoot:l})=>{const t=l??process.cwd(),i=g(),s=await f({cwd:t}),e=n.branch??s.config.versionPr?.branch??"vis-release/version-packages",o=n.base??s.config.baseBranch??"main";r.info(`Rebasing ${e} onto ${o}...`);const a=await i.run("git",["fetch","origin",`${e}:${e}`,o],{cwd:t,silent:!0});if(a.exitCode!==0){r.info(`No remote branch ${e} to rebase (${a.stderr.trim()||"fetch failed"}). Skipping.`);return}const c=await i.run("git",["switch",e],{cwd:t,silent:!0});if(c.exitCode!==0){r.error(`Could not switch to ${e}: ${c.stderr.trim()}`),process.exitCode=1;return}if((await i.run("git",["rebase",`origin/${o}`],{cwd:t,silent:!0})).exitCode!==0){await i.run("git",["rebase","--abort"],{cwd:t,silent:!0}),r.error("Rebase produced conflicts; aborting. Resolve manually, or let the next `vis release ci release` recompute the version PR from scratch."),process.exitCode=1;return}const u=await i.run("git",["rev-list","--count",`origin/${e}..${e}`],{cwd:t,silent:!0});if(u.exitCode===0&&u.stdout.trim()==="0"){r.info(`${e} is already up to date with ${o}. Nothing to push.`);return}const d=await i.run("git",["push","--force-with-lease","origin",`${e}:${e}`],{cwd:t,silent:!0});if(d.exitCode!==0){r.error(`Failed to force-push ${e}: ${d.stderr.trim()}`),process.exitCode=1;return}r.info(`Force-pushed ${e} after rebasing onto ${o}.`)};export{p as default};
|
|
@@ -1,8 +1,42 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
1
|
+
const i=`
|
|
2
|
+
🔧 vis release CI setup
|
|
3
|
+
|
|
4
|
+
1. Workflow permissions
|
|
5
|
+
Add to .github/workflows/vis-release.yml:
|
|
6
|
+
permissions:
|
|
7
|
+
contents: write
|
|
8
|
+
pull-requests: write
|
|
9
|
+
id-token: write # required for OIDC trusted publishing on npm
|
|
10
|
+
|
|
11
|
+
2. Secrets
|
|
12
|
+
Required:
|
|
13
|
+
- VIS_GH_TOKEN — PAT or GitHub App token. Used to force-push the
|
|
14
|
+
version-PR branch and create/edit the version PR. The default
|
|
15
|
+
\${{ github.token }} is anti-recursion-locked and cannot trigger
|
|
16
|
+
downstream workflows on the version-PR.
|
|
17
|
+
- GH_TOKEN — \${{ github.token }} works for read-only / commenting.
|
|
18
|
+
Optional:
|
|
19
|
+
- NPM_TOKEN — fallback when OIDC is not available. Trusted Publishing
|
|
20
|
+
(id-token: write) is preferred.
|
|
21
|
+
|
|
22
|
+
3. Trusted Publishing on npm
|
|
23
|
+
For each published package:
|
|
24
|
+
a. https://npmjs.com/package/<name>/access → Publishing access
|
|
25
|
+
b. Add a Trusted Publisher with provider=GitHub Actions
|
|
26
|
+
c. Repository: visulima/visulima
|
|
27
|
+
d. Workflow filename: vis-release.yml
|
|
28
|
+
e. Environment name: (leave blank unless you use one)
|
|
29
|
+
|
|
30
|
+
4. Concurrency group (recommended)
|
|
31
|
+
concurrency:
|
|
32
|
+
group: vis-release-\${{ github.ref }}
|
|
33
|
+
cancel-in-progress: false
|
|
34
|
+
|
|
35
|
+
5. Husky pre-commit gate (optional)
|
|
36
|
+
Add to .husky/pre-commit:
|
|
37
|
+
vis release check --hook pre-commit --no-fail
|
|
38
|
+
(Or run \`vis release init\` and confirm the prompt — it'll auto-wire
|
|
39
|
+
the hook if you say yes.)
|
|
40
|
+
|
|
41
|
+
📚 RFC: packages/tooling/vis/rfc/design-release-manager.md (§16)
|
|
42
|
+
`,o=async({logger:e})=>{e.info(i)};export{o as default};
|
|
@@ -1,9 +1,8 @@
|
|
|
1
|
-
import{b as
|
|
2
|
-
${i.stderr}`,s=/Token scopes:\s*(.+)/.exec(t);if(i.exitCode!==0||!s)a.push({message:"Skipped: `gh auth status` did not return a parseable Token scopes line. (Fine-grained tokens / OIDC-only auth fall in this bucket.)",name:"github.token-scopes",severity:"info",status:"skip"});else{const r=s[1].split(",").map(l=>l.trim().replaceAll(/^['"]|['"]$/g,"")).filter(Boolean),o=new Set(["admin:org","admin:repo_hook","delete_repo","repo","site_admin"]),g=r.filter(l=>o.has(l));g.length>0?a.push({message:`Token carries broader scopes than vis needs: ${g.join(", ")}. The release flow needs only contents:write + pull-requests:write (+ optional id-token:write for OIDC). Consider provisioning a fine-grained PAT or scoping the workflow's permissions block.`,name:"github.token-scopes",severity:"warn",status:"fail"}):a.push({message:`Token scopes look appropriately narrow: ${r.join(", ")||"(none)"}.`,name:"github.token-scopes",severity:"info",status:"pass"})}}catch{a.push({message:"Skipped: gh auth status could not be invoked.",name:"github.token-scopes",severity:"info",status:"skip"})}(process.env.CI==="true"||process.env.GITHUB_ACTIONS==="true")&&(process.env.ACTIONS_ID_TOKEN_REQUEST_URL?a.push({message:"GitHub Actions OIDC env vars present.",name:"oidc-available",severity:"info",status:"pass"}):process.env.NPM_TOKEN?a.push({message:"OIDC env vars missing; falling back to NPM_TOKEN. Add `permissions: { id-token: write }` to the workflow to enable trusted publishing.",name:"oidc-available",severity:"warn",status:"fail"}):a.push({message:"Neither OIDC env vars nor NPM_TOKEN are set in CI. Publish will fail.",name:"oidc-available",severity:"error",status:"fail"}));const y=await import("node:fs/promises"),b=await import("node:path");for(const e of n.packages){if(e.manifest.napi===void 0)continue;const i=b.join(e.dir,"npm");try{const t=(await y.readdir(i,{withFileTypes:!0})).filter(g=>g.isDirectory());if(t.length===0){a.push({message:`${e.name} has a napi field but no npm/<platform>/ subdirs. Run pnpm exec napi artifacts before publishing.`,name:`napi-${e.name}-platforms`,severity:"warn",status:"fail"});continue}const s=[];for(const g of t){const l=b.join(i,g.name,"package.json");try{const p=JSON.parse(await y.readFile(l,"utf8"));p.version!==e.version&&s.push(`${g.name} (${p.version} vs parent ${e.version})`)}catch{s.push(`${g.name} (unreadable manifest)`)}}s.length>0?a.push({message:`${e.name}: platform versions out of sync — ${s.join(", ")}. They'll be re-synced on next publish.`,name:`napi-${e.name}-versions`,severity:"warn",status:"fail"}):a.push({message:`${e.name}: ${t.length} platform package(s), all versions in sync.`,name:`napi-${e.name}`,severity:"info",status:"pass"});const r=e.manifest.optionalDependencies??{},o=[];for(const g of t)try{const l=JSON.parse(await y.readFile(b.join(i,g.name,"package.json"),"utf8"));Object.hasOwn(r,l.name)||o.push(l.name)}catch{}o.length>0&&a.push({message:`${e.name}: missing optionalDependencies entries for: ${o.join(", ")}. Consumers won't get the right binary.`,name:`napi-${e.name}-optdeps`,severity:"error",status:"fail"})}catch{a.push({message:`${e.name}: could not read npm/ subdir.`,name:`napi-${e.name}-platforms`,severity:"warn",status:"skip"})}}{const{resolveVersionActionsId:e}=await import("./orchestrator.js").then(t=>t.w),i=n.packages.filter(t=>e(t,n.perPackageConfig.get(t.name)??{})==="jsr");for(const t of i){const s=n.perPackageConfig.get(t.name)??{},r=["jsr","publish","--dry-run","--allow-dirty"],o=s.jsrConfigPath;o!==void 0&&o!=="jsr.json"&&r.push("--config",o);for(const g of s.jsrPublishArgs??[])r.push(g);try{const g=await n.pm.runner.run("npx",r,{cwd:t.dir,silent:!0});g.exitCode===0?a.push({message:`${t.name}: \`jsr publish --dry-run\` passed.`,name:`jsr-dry-run/${t.name}`,severity:"info",status:"pass"}):a.push({message:`${t.name}: \`jsr publish --dry-run\` reported issues (slow types / exports / auth?): ${(g.stderr||g.stdout).trim().slice(0,300)}`,name:`jsr-dry-run/${t.name}`,severity:"warn",status:"fail"})}catch(g){a.push({message:`${t.name}: could not run \`npx jsr publish --dry-run\` (${g.message}). Install the jsr CLI / check network to enable this pre-flight.`,name:`jsr-dry-run/${t.name}`,severity:"warn",status:"skip"})}}}if(n.plan.warnings.length>0)for(const e of n.plan.warnings)a.push({message:e,name:"plan-warning",severity:"warn",status:"fail"});else a.push({message:n.plan.releases.length===0?"No pending releases.":`Plan resolves ${n.plan.releases.length} release(s).`,name:"plan-readable",severity:"info",status:"pass"});const d=n.config.publish?.guards;if(d?.packSecretScan)try{await import("@visulima/secret-scanner"),a.push({message:"@visulima/secret-scanner resolves; pack-set secret scanning will run.",name:"publish-guards.packSecretScan",severity:"info",status:"pass"})}catch{a.push({message:"publish.guards.packSecretScan is enabled but @visulima/secret-scanner is not installed. pnpm add -D @visulima/secret-scanner, or set the gate to false.",name:"publish-guards.packSecretScan",severity:"error",status:"fail"})}d?.audit&&d.audit!=="off"&&a.push({message:`Runtime npm audit gate active at "${d.audit}" severity.`,name:"publish-guards.audit",severity:"info",status:"pass"});const f=n.config.publish?.releaseAssets;if((f?.stampHashes||f?.uploadTarball)&&a.push({message:`Release-asset attestation: stampHashes=${f.stampHashes??!1}, uploadTarball=${f.uploadTarball??!1}.`,name:"publish-releaseAssets",severity:"info",status:"pass"}),n.config.publish?.stage){try{const{execSync:r}=await import("node:child_process"),o=r("npm --version",{stdio:["ignore","pipe","ignore"]}).toString().trim(),[g="0",l="0"]=o.split("."),p=Number.parseInt(g,10)>11||Number.parseInt(g,10)===11&&Number.parseInt(l,10)>=15;a.push({message:p?`npm ${o} supports \`npm stage publish\`.`:`npm ${o} is too old for staged publishing. Upgrade to npm ≥ 11.15.0.`,name:"publish-stage.npm-version",severity:p?"info":"error",status:p?"pass":"fail"})}catch{a.push({message:"publish.stage is enabled but npm is not on PATH.",name:"publish-stage.npm-version",severity:"error",status:"fail"})}const e=n.config.publish?.registry??"https://registry.npmjs.org/",i=/(?:^|:\/\/)registry\.npmjs\.(?:org|com)\//.test(e);a.push({message:i?"Registry is npmjs.com; staging is supported.":`publish.stage is enabled but registry "${e}" is not npmjs.com. Staging is npm Inc-specific; the request will be rejected.`,name:"publish-stage.registry",severity:i?"info":"warn",status:i?"pass":"fail"});const t=n.packages.filter(r=>r.manifest.publishConfig?.access==="restricted"),s=!!process.env.ACTIONS_ID_TOKEN_REQUEST_URL&&!process.env.NPM_TOKEN;t.length>0&&s&&a.push({message:`${t.length} package(s) have publishConfig.access: "restricted" and OIDC trusted publishing is active. Staging this combo is not supported in v1 (no static token for the post-decision read). Set NPM_TOKEN, or disable publish.stage for these packages.`,name:"publish-stage.oidc-restricted",severity:"error",status:"fail"})}try{const{DEFAULT_CHANGES_DIR:e}=await import("./DEFAULT_CLEAN_KEEP.js"),{readStagedRegistry:i}=await import("./staged-registry.js"),t=await i(c,n.config.changesDir??e);if(t.pending.length>0){const s=t.pending.map(r=>`${r.name}@${r.version} (${r.reason})`).join(", ");a.push({message:`${t.pending.length} pending stage(s) recorded in .vis/release/staged.json: ${s}. Approve / reject before the next release: vis release stage approve --all`,name:"publish-stage.pending",severity:"warn",status:"fail"})}}catch{}try{const{DEFAULT_CHANGES_DIR:e}=await import("./DEFAULT_CLEAN_KEEP.js"),{readFile:i}=await import("node:fs/promises"),{join:t}=await import("node:path"),s=t(c,n.config.changesDir??e,".state.json"),r=await i(s,"utf8"),o=JSON.parse(r);Array.isArray(o.stagedIds)&&o.stagedIds.length>0&&a.push({message:`Found ${o.stagedIds.length} legacy stage id(s) in .state.json#stagedIds: ${o.stagedIds.join(", ")}. The new registry lives in .vis/release/staged.json. Approve / reject these via npmjs.com or \`vis release stage approve <id>\` to avoid losing them.`,name:"publish-stage.legacy-stagedIds",severity:"warn",status:"fail"})}catch{}{const e=n.packages.filter(i=>n.perPackageConfig.get(i.name)?.versionActions==="shell");for(const i of e){const t=n.perPackageConfig.get(i.name)??{},s=n.config.allowCustomCommands,r=s===!0||Array.isArray(s)&&s.includes(i.name),o=t.publishCommand!==void 0&&t.publishCommand!=="";r||a.push({message:`${i.name} uses versionActions: "shell" but release.allowCustomCommands does not permit it. Set allowCustomCommands: true or include "${i.name}" in the array.`,name:`shell-actions.${i.name}.trust-gate`,severity:"error",status:"fail"}),o?r&&a.push({message:`${i.name} → shell publish (${Array.isArray(t.publishCommand)?`${t.publishCommand.length} commands`:"1 command"}).`,name:`shell-actions.${i.name}`,severity:"info",status:"pass"}):a.push({message:`${i.name} uses versionActions: "shell" but no publishCommand is configured. Set release.packages["${i.name}"].publishCommand.`,name:`shell-actions.${i.name}.publish-command`,severity:"error",status:"fail"})}}if(!n.config.gitUser)try{const{createShellRunner:e}=await import("./shell-runner.js"),i=e(),t=await i.run("git",["config","user.name"],{cwd:c,silent:!0}),s=await i.run("git",["config","user.email"],{cwd:c,silent:!0}),r=t.exitCode===0&&t.stdout.trim().length>0,o=s.exitCode===0&&s.stdout.trim().length>0;!r||!o?a.push({message:`git config user.name/user.email is not set (name=${r?"ok":"missing"}, email=${o?"ok":"missing"}). vis auto-commits staged.json and version bumps — these will fail without an identity. Set release.gitUser in vis.config.ts or configure git globally.`,name:"git.identity",severity:"warn",status:"fail"}):a.push({message:`git identity: ${t.stdout.trim()} <${s.stdout.trim()}>.`,name:"git.identity",severity:"info",status:"pass"})}catch{}if(n.config.signing){const{signing:e}=n.config;try{const{createShellRunner:i}=await import("./shell-runner.js"),t=i(),s=await t.run("git",["config","user.signingkey"],{cwd:c,silent:!0}),r=await t.run("git",["config","gpg.format"],{cwd:c,silent:!0}),o=s.exitCode===0?s.stdout.trim():"",g=r.exitCode===0?r.stdout.trim():"",l=o.length>0||!!e.key;if(e.mode==="ssh")g!=="ssh"||!l?a.push({message:`release.signing.mode is "ssh" but git config is incomplete (gpg.format=${g||"<unset>"}, user.signingkey=${l?"ok":"missing"}). Run \`git config gpg.format ssh\` and \`git config user.signingkey <path-to-key>\` before releasing.`,name:"git.signing",severity:"warn",status:"fail"}):a.push({message:"git signing: ssh mode active (gpg.format=ssh, signingkey configured).",name:"git.signing",severity:"info",status:"pass"});else if(e.mode==="sigstore"){const{gitsignAvailable:p}=await import("./git.js");await p({cwd:c,runner:t})?a.push({message:"git signing: sigstore mode (preview); gitsign is on PATH.",name:"git.signing",severity:"info",status:"pass"}):a.push({message:'release.signing.mode is "sigstore" (preview) but gitsign is not on PATH. Tags will fall back to GPG signing with a warning. Install gitsign: https://github.com/sigstore/gitsign',name:"git.signing",severity:"warn",status:"fail"})}else if(l){const p=e.key?/[\\/]/.test(e.key)||/\.(?:pem|gpg|key|asc|p12|pfx)$/i.test(e.key)||e.key.length<8?"configured":`…${e.key.slice(-4)}`:"from git config";a.push({message:`git signing: gpg mode active (key: ${p}).`,name:"git.signing",severity:"info",status:"pass"})}else a.push({message:'release.signing.mode is "gpg" but neither release.signing.key nor git config user.signingkey is set. Configure one before releasing.',name:"git.signing",severity:"warn",status:"fail"})}catch(i){a.push({message:`Could not verify git signing config: ${i.message}.`,name:"git.signing",severity:"warn",status:"skip"})}}if(n.config.floatingMajorTag===!0&&n.config.signing?.mode==="sigstore"&&a.push({message:`release.floatingMajorTag and release.signing.mode="sigstore" are both enabled. The floating-tag retarget force-pushes <unscoped-name>-v<major> (e.g. acme-action-v1) on every release, which appends a new sigstore transparency-log entry to Rekor each time (Rekor is append-only — entries are never removed). Over a long-lived major you'll accumulate one log entry per release. Consider either dropping floatingMajorTag (and pin consumers to a specific tag) or switching to gpg/ssh signing if the Rekor footprint matters for your project.`,name:"floating-major-tag.signing-risk",severity:"warn",status:"fail"}),n.config.floatingMajorTag===!0)try{const{createShellRunner:e}=await import("./shell-runner.js"),i=await e().run("git",["tag","--list","v*"],{cwd:c,silent:!0});if(i.exitCode===0){const t=i.stdout.split(`
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
`);return}for(const c of h){const a=`${c.status==="pass"?"✓":c.status==="fail"?"✗":"—"} [${c.severity}] ${c.name}: ${c.message}`;c.severity==="error"&&c.status==="fail"?u.error(a):c.severity==="warn"&&c.status==="fail"?u.warn(a):u.info(a)}};export{A as default};
|
|
1
|
+
import{b as g}from"./orchestrator.js";import{detectRemoteProvider as h,createRemoteClient as $}from"./detect2.js";import{createShellRunner as w}from"./shell-runner.js";import{runSnapshot as R}from"./snapshot.js";const y=(r,o)=>{if(r.length===0)return"_No packages were affected by this PR._";const n=["### 📦 Preview Packages",""];for(const e of r){const t=`${e.name}@${e.version}`;n.push(`- \`${e.name}\` → \`${e.version}\``),o?n.push(` \`\`\`sh
|
|
2
|
+
npm i ${t} --registry ${o}
|
|
3
|
+
\`\`\``):n.push(` \`\`\`sh
|
|
4
|
+
npm i ${t}
|
|
5
|
+
\`\`\``)}return n.join(`
|
|
6
|
+
`)},S=async({logger:r,options:o,workspaceRoot:n})=>{const e=n??process.cwd(),t=w(),l=await h(e,t),a=$(l),s=a.detectPullRequestNumber(process.env),p=o.tag??(s?`pr-${s}`:void 0);if(!p){r.error("Could not determine snapshot tag. Pass --tag or run in a PR context (GITHUB_REF=refs/pull/<n>/merge)."),process.exitCode=1;return}if(o.onClose){await C(e,t,a,s,r);return}let c,u;try{c=await g({cwd:e});const{printConfigIfRequested:i}=await import("./print-config.js");if(i(o,c,r))return;u=await R({context:c,runner:t,tag:p})}catch(i){r.error(`Snapshot failed: ${i.message}`),process.exitCode=1;return}if(r.info(`Snapshotted ${u.published.length} package(s) at version ${u.snapshotVersion} → tag "${u.tag}"`),!s)return;const d=await a.detectRepoSlug(e,t);if(!d){r.warn("Could not detect repo slug — skipping sticky PR comment.");return}const m="<!-- vis-release-snapshot-comment -->",f=`${m}
|
|
7
|
+
|
|
8
|
+
${y(u.published,c.config.snapshot?.registry)}`;try{const i=await a.upsertStickyComment(t,{body:f,cwd:e,issueNumber:s,marker:m,repo:d});i&&r.info(`${i.created?"Posted":"Updated"} snapshot comment on PR #${s}.`)}catch(i){r.warn(`upsertStickyComment failed (publish already succeeded): ${i.message}`)}},C=async(r,o,n,e,t)=>{if(!e){t.error("PR-close cleanup requires a PR context."),process.exitCode=1;return}const l=await n.detectRepoSlug(r,o);if(!l){t.warn("Could not detect repo slug — skipping cleanup.");return}const a=await o.run("gh",["api",`repos/${l}/pulls/${e}/commits`,"--paginate"],{cwd:r,silent:!0});if(a.exitCode!==0){t.warn(`gh api failed: ${a.stderr}`);return}let s;try{s=JSON.parse(a.stdout)}catch{t.warn("Could not parse gh api output.");return}const p=[`pr-${e}`];for(const c of s)p.push(c.sha,c.sha.slice(0,7));t.info(`Cleanup intent for PR #${e}: ${p.length} tag pattern(s) across ${s.length} commit(s)`),t.info("Default backend (pkg-pr-new) auto-cleans by TTL — no DELETE issued. Implement a custom backend's delete endpoint to enable real cleanup.")};export{S as default};
|