npm - arol-ai - Versions diffs - 0.1.5 → 0.1.7 - Mend

arol-ai 0.1.5 → 0.1.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/README.md +2 -0
package/dist/cli.js +1 -8
package/dist/data.js +3 -0
package/dist/scanner.js +10 -5
package/dist/status.js +14 -0
package/package.json +5 -2
package/src/data/deprecations.json +65 -27

package/README.md CHANGED Viewed

@@ -1,5 +1,7 @@
 # arol-ai
+[![tests](https://github.com/benminor/arol/actions/workflows/ci.yml/badge.svg)](https://github.com/benminor/arol/actions/workflows/ci.yml)
 Scan a local code repo for usage of third-party APIs/SDKs that have **upcoming deprecations**, and print a clean report.
 **Everything runs locally.** No network calls, no telemetry, no uploads, no auth. Your code never leaves your machine.

package/dist/cli.js CHANGED Viewed

@@ -139,14 +139,7 @@ function runScan(targetPath, opts) {
     const within = Number.isFinite(parsedWithin) && parsedWithin >= 0
         ? parsedWithin
         : DEFAULT_WITHIN_DAYS;
-    const tripped = result.findings.some((f) => {
-        if (f.deprecation.severity === "high")
-            return true;
-        if ((0, status_1.effectiveStatus)(f.deprecation, now) !== "scheduled")
-            return false;
-        const days = (0, status_1.daysUntil)(f.deprecation.sunset_date, now);
-        return days !== null && days >= 0 && days <= within;
-    });
+    const tripped = result.findings.some((f) => (0, status_1.isActionable)(f.deprecation, now, within));
     if (tripped)
         process.exitCode = 1;
 }

package/dist/data.js CHANGED Viewed

@@ -107,6 +107,9 @@ function coerceDeprecation(raw) {
         return null;
     if ((match === "sdk" || match === "version") && sdk.length === 0)
         return null;
+    // INVARIANT: every array below is always defined here — detect.{sdk,patterns,
+    // models} default to [] and applies_to to ["*"] (above). scanner.ts depends on
+    // this and also guards with `?? []` as defense in depth. Don't drop the defaults.
     return {
         id: r.id,
         vendor: r.vendor,

package/dist/scanner.js CHANGED Viewed

@@ -36,6 +36,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.modelRegexSource = modelRegexSource;
 exports.scanRepo = scanRepo;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
@@ -104,7 +105,8 @@ function compileDeprecations(deprecations) {
     return deprecations.map((deprecation) => {
         const regexes = [];
         // Raw patterns — code identifiers, endpoints, params.
-        for (const pattern of deprecation.detect.patterns) {
+        // `?? []` guards against entries not produced by the loader (e.g. tests).
+        for (const pattern of deprecation.detect.patterns ?? []) {
             try {
                 // Global so we can iterate every match and derive line numbers.
                 regexes.push(new RegExp(pattern, "g"));
@@ -114,7 +116,7 @@ function compileDeprecations(deprecations) {
             }
         }
         // Model names — only matched inside string literals (quote-anchored).
-        for (const family of deprecation.detect.models) {
+        for (const family of deprecation.detect.models ?? []) {
             try {
                 regexes.push(new RegExp(modelRegexSource(family), "g"));
             }
@@ -122,7 +124,9 @@ function compileDeprecations(deprecations) {
                 // Defensive: a pathological family name must not crash the scan.
             }
         }
-        const appliesTo = new Set((deprecation.applies_to.length > 0 ? deprecation.applies_to : ["*"]).map((e) => e.toLowerCase()));
+        // Missing/empty applies_to means "applies everywhere" (["*"]), preserved here.
+        const declaredExts = deprecation.applies_to ?? [];
+        const appliesTo = new Set((declaredExts.length > 0 ? declaredExts : ["*"]).map((e) => e.toLowerCase()));
         return { deprecation, regexes, appliesTo };
     });
 }
@@ -291,11 +295,12 @@ function scanContent(content, relPath, compiled, sink) {
 function matchManifests(deprecations, refs) {
     const byId = new Map();
     for (const deprecation of deprecations) {
-        if (deprecation.detect.sdk.length === 0)
+        const sdks = deprecation.detect.sdk ?? [];
+        if (sdks.length === 0)
             continue;
         const matches = [];
         const seen = new Set();
-        for (const sdk of deprecation.detect.sdk) {
+        for (const sdk of sdks) {
             for (const ref of refs) {
                 if (!(0, manifests_1.nameMatches)(sdk, ref.name))
                     continue;

package/dist/status.js CHANGED Viewed

@@ -3,6 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.parseSunsetDate = parseSunsetDate;
 exports.daysUntil = daysUntil;
 exports.effectiveStatus = effectiveStatus;
+exports.isActionable = isActionable;
 const MS_PER_DAY = 24 * 60 * 60 * 1000;
 /** Midnight-UTC timestamp for a Date's calendar day. */
 function startOfDayUTC(d) {
@@ -43,3 +44,16 @@ function effectiveStatus(d, now) {
         return "deprecated";
     return t < startOfDayUTC(now) ? "retired" : "scheduled";
 }
+/**
+ * Whether a finding should fail the CI gate (non-zero exit): any high-severity
+ * finding, or a scheduled finding landing within `within` days. Dateless
+ * "deprecated" and non-imminent medium/low findings are warn-only.
+ */
+function isActionable(d, now, within) {
+    if (d.severity === "high")
+        return true;
+    if (effectiveStatus(d, now) !== "scheduled")
+        return false;
+    const days = daysUntil(d.sunset_date, now);
+    return days !== null && days >= 0 && days <= within;
+}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "arol-ai",
-  "version": "0.1.5",
+  "version": "0.1.7",
   "description": "Scan a local repo for upcoming third-party API/SDK deprecations. Fully local — no network, no telemetry, your code never leaves the machine.",
   "keywords": [
     "deprecation",
@@ -29,6 +29,8 @@
   "scripts": {
     "build": "tsc",
     "scan": "node dist/cli.js scan",
+    "test": "vitest run",
+    "test:watch": "vitest",
     "prepublishOnly": "npm run build"
   },
   "dependencies": {
@@ -37,6 +39,7 @@
   },
   "devDependencies": {
     "@types/node": "^22.10.0",
-    "typescript": "^5.7.2"
+    "typescript": "^5.7.2",
+    "vitest": "^4.1.8"
   }
 }

package/src/data/deprecations.json CHANGED Viewed

@@ -10,8 +10,8 @@
     "detect": {
       "sdk": ["openai"],
       "patterns": [
-        "beta\\.assistants",
-        "beta\\.threads",
+        "\\bbeta\\.assistants\\b",
+        "\\bbeta\\.threads\\b",
         "/v1/assistants",
         "/v1/threads"
       ]
@@ -180,13 +180,13 @@
     "detect": {
       "sdk": ["@stripe/stripe-js", "stripe"],
       "patterns": [
-        "handleCardPayment",
-        "confirmPaymentIntent",
-        "handleFpxPayment",
-        "handleCardSetup",
-        "confirmSetupIntent",
-        "createSource",
-        "retrieveSource"
+        "\\bhandleCardPayment\\b",
+        "\\bconfirmPaymentIntent\\b",
+        "\\bhandleFpxPayment\\b",
+        "\\bhandleCardSetup\\b",
+        "\\bconfirmSetupIntent\\b",
+        "\\bstripe\\.createSource\\b",
+        "\\bstripe\\.retrieveSource\\b"
       ]
     },
     "migration_url": "https://docs.stripe.com/changelog/dahlia/2026-03-25/remove-legacy-stripejs-methods",
@@ -203,7 +203,7 @@
     "sunset_date": "2024-05-15",
     "detect": {
       "sdk": ["stripe"],
-      "patterns": ["\\.sources\\.create", "charges\\.create", "Charge\\.create"]
+      "patterns": ["\\bstripe\\.sources\\.create", "\\bstripe\\.charges\\.create", "\\bstripe\\.Charge\\.create"]
     },
     "migration_url": "https://docs.stripe.com/payments/older-apis",
     "summary": "The Sources API is deprecated (local payment methods stopped being accepted May 15, 2024) and the Charges API is legacy. Migrate to the PaymentMethods + PaymentIntents APIs.",
@@ -216,15 +216,14 @@
     "severity": "high",
     "match": "pattern",
     "applies_to": ["py", "js", "ts", "jsx", "tsx", "mjs"],
-    "sunset_date": "2027-01-31",
-    "date_confidence": "verify",
+    "sunset_date": "2025-12-31",
     "detect": {
       "sdk": ["twilio"],
-      "patterns": ["notify\\.v1", "\\.notify\\.services", "client\\.notify"]
+      "patterns": ["\\bnotify\\.v1\\b", "\\.notify\\.services\\b"]
     },
-    "migration_url": "https://www.twilio.com/en-us/changelog",
-    "summary": "Twilio Notify reaches end of life Jan 31, 2027; after that all Notify API requests will fail. No 1:1 replacement — rebuild with Programmable Messaging / Conversations. Verify the date against Twilio's official EOL notice.",
-    "source": "https://www.courier.com/blog/twilio-notify-end-of-life"
+    "migration_url": "https://support.twilio.com/hc/en-us/articles/9198083260571-Transitioning-off-Notify",
+    "summary": "Twilio Notify reached end of life December 31, 2025; Notify API requests now fail. No 1:1 replacement — rebuild with Programmable Messaging / Conversations.",
+    "source": "https://www.twilio.com/en-us/changelog/notify-api-end-of-life-further-extension-notice"
   },
   {
     "id": "twilio-programmable-chat-retired",
@@ -236,12 +235,28 @@
     "sunset_date": "2022-07-25",
     "detect": {
       "sdk": ["twilio", "twilio-chat"],
-      "patterns": ["chat\\.v2", "IpMessaging", "twilio-chat"]
+      "patterns": ["\\bchat\\.v2\\b", "\\bIpMessaging\\b"]
     },
     "migration_url": "https://www.twilio.com/docs/conversations/migrating-chat-conversations",
     "summary": "The standalone Programmable Chat API was sunset July 25, 2022 (Programmable Chat in Flex ended June 1, 2026). Migrate to the Conversations API.",
     "source": "https://www.twilio.com/en-us/changelog/programmable-chat-end-of-life-notice"
   },
+  {
+    "id": "twilio-chat-package-eol",
+    "vendor": "Twilio",
+    "title": "twilio-chat SDK package (Programmable Chat)",
+    "severity": "high",
+    "match": "sdk",
+    "applies_to": ["js", "ts", "jsx", "tsx", "mjs"],
+    "sunset_date": "2022-07-25",
+    "detect": {
+      "sdk": ["twilio-chat"],
+      "patterns": []
+    },
+    "migration_url": "https://www.twilio.com/docs/conversations/migrating-chat-conversations",
+    "summary": "The twilio-chat npm package is the client SDK for the retired Programmable Chat API (sunset July 25, 2022). Remove the dependency and migrate to @twilio/conversations.",
+    "source": "https://www.twilio.com/en-us/changelog/programmable-chat-end-of-life-notice"
+  },
   {
     "id": "aws-sdk-js-v2-eol",
     "vendor": "AWS",
@@ -285,10 +300,10 @@
     "detect": {
       "sdk": ["openai"],
       "patterns": [
-        "openai\\.ChatCompletion",
-        "openai\\.Completion\\.create",
-        "openai\\.Embedding\\.create",
-        "openai\\.Moderation\\.create"
+        "\\bopenai\\.ChatCompletion\\b",
+        "\\bopenai\\.Completion\\.create\\b",
+        "\\bopenai\\.Embedding\\.create\\b",
+        "\\bopenai\\.Moderation\\.create\\b"
       ]
     },
     "migration_url": "https://github.com/openai/openai-python/discussions/742",
@@ -308,9 +323,9 @@
       "patterns": [
         "from ['\"]ai/react['\"]",
         "from ['\"]ai/openai['\"]",
-        "experimental_streamText",
-        "experimental_generateText",
-        "StreamingTextResponse"
+        "\\bexperimental_streamText\\b",
+        "\\bexperimental_generateText\\b",
+        "\\bStreamingTextResponse\\b"
       ]
     },
     "migration_url": "https://ai-sdk.dev/docs/migration-guides/migration-guide-5-0",
@@ -331,8 +346,8 @@
         "from langchain\\.llms import",
         "from langchain\\.chat_models import",
         "from langchain\\.embeddings import",
-        "initialize_agent",
-        "LLMChain"
+        "\\binitialize_agent\\b",
+        "\\bLLMChain\\b"
       ]
     },
     "migration_url": "https://python.langchain.com/docs/versions/v0_2/",
@@ -350,10 +365,33 @@
     "sunset_date": null,
     "detect": {
       "sdk": ["resend"],
-      "patterns": ["\\.audiences\\.", "\\.Audiences\\."]
+      "patterns": ["\\bresend\\.audiences\\.", "\\bresend\\.Audiences\\."]
     },
     "migration_url": "https://resend.com/docs/dashboard/segments/migrating-from-audiences-to-segments",
     "summary": "Resend's Audiences API is deprecated in favor of Segments. The endpoints still work but will be removed in the future (no date announced). Migrate the audiences.* calls to the Segments API.",
     "source": "https://resend.com/docs/api-reference/audiences/create-audience"
+  },
+  {
+    "id": "clerk-redirect-to-user-profile-component",
+    "vendor": "Clerk",
+    "title": "<RedirectToUserProfile /> control component deprecated",
+    "severity": "low",
+    "match": "pattern",
+    "applies_to": ["jsx", "tsx", "js", "ts"],
+    "sunset_date": null,
+    "status": "deprecated",
+    "detect": {
+      "sdk": [
+        "@clerk/nextjs",
+        "@clerk/clerk-react",
+        "@clerk/nuxt",
+        "@clerk/vue"
+      ],
+      "patterns": ["\\bRedirectToUserProfile\\b"],
+      "models": []
+    },
+    "migration_url": "https://clerk.com/docs/reference/objects/clerk#redirect-to-user-profile",
+    "summary": "Clerk's <RedirectToUserProfile /> control component is deprecated in favor of the redirectToUserProfile() method on the Clerk object. No removal date announced.",
+    "source": "https://clerk.com/docs/nextjs/reference/components/control/redirect-to-user-profile"
   }
 ]