bun-doctor 0.0.1

package/dist/scan-BVcJTreL.mjs

@@ -0,0 +1,749 @@
+import path from "node:path";
+import fs from "node:fs";
+//#region src/constants.ts
+const VERSION = "0.0.1";
+const BUN_DOCS = {
+	autoInstall: "https://bun.com/docs/runtime/auto-install",
+	bunfig: "https://bun.com/docs/runtime/bunfig",
+	ci: "https://bun.com/docs/guides/install/cicd",
+	catalogs: "https://bun.com/docs/pm/catalogs",
+	environmentVariables: "https://bun.com/docs/runtime/environment-variables",
+	hashing: "https://bun.com/docs/runtime/hashing",
+	lifecycle: "https://bun.com/docs/pm/lifecycle",
+	lockfile: "https://bun.com/docs/pm/lockfile",
+	nodeCompatibility: "https://bun.com/docs/runtime/nodejs-compat",
+	securityScanner: "https://bun.com/docs/pm/security-scanner-api",
+	sqlite: "https://bun.com/docs/runtime/sqlite",
+	testConfiguration: "https://bun.com/docs/test/configuration",
+	testRunner: "https://bun.com/docs/test",
+	typescript: "https://bun.com/docs/typescript",
+	workspaces: "https://bun.com/docs/pm/workspaces"
+};
+const IGNORED_DIRECTORIES = new Set([
+	".git",
+	".next",
+	".turbo",
+	"build",
+	"coverage",
+	"dist",
+	"node_modules",
+	"vendor"
+]);
+const SOURCE_FILE_EXTENSIONS = new Set([
+	".cjs",
+	".cts",
+	".js",
+	".jsx",
+	".mjs",
+	".mts",
+	".ts",
+	".tsx"
+]);
+//#endregion
+//#region src/utils.ts
+const isPlainObject = (value) => typeof value === "object" && value !== null && !Array.isArray(value);
+const fileExists = (filePath) => {
+	try {
+		return fs.statSync(filePath).isFile();
+	} catch {
+		return false;
+	}
+};
+const readJsonFile = (filePath) => {
+	try {
+		return JSON.parse(fs.readFileSync(filePath, "utf8"));
+	} catch {
+		return null;
+	}
+};
+const collectFiles = (rootDirectory, predicate) => {
+	const files = [];
+	const stack = [rootDirectory];
+	while (stack.length > 0) {
+		const currentDirectory = stack.pop();
+		if (!currentDirectory) continue;
+		let entries = [];
+		try {
+			entries = fs.readdirSync(currentDirectory, { withFileTypes: true });
+		} catch {
+			continue;
+		}
+		for (const entry of entries) {
+			const entryPath = path.join(currentDirectory, entry.name);
+			if (entry.isDirectory()) {
+				if (!entry.name.startsWith(".") && !IGNORED_DIRECTORIES.has(entry.name)) stack.push(entryPath);
+				continue;
+			}
+			if (entry.isFile() && predicate(entryPath)) files.push(entryPath);
+		}
+	}
+	return files.sort();
+};
+const isSourceFilePath = (filePath) => {
+	if (filePath.endsWith(".d.ts")) return false;
+	return SOURCE_FILE_EXTENSIONS.has(path.extname(filePath));
+};
+const toRelativePath = (filePath, rootDirectory) => path.relative(rootDirectory, filePath).replaceAll(path.sep, "/") || ".";
+const findLineNumber = (content, pattern) => {
+	const lines = content.split(/\r?\n/);
+	const flags = pattern.flags.replace("g", "");
+	const linePattern = new RegExp(pattern.source, flags);
+	for (let lineIndex = 0; lineIndex < lines.length; lineIndex++) if (linePattern.test(lines[lineIndex] ?? "")) return lineIndex + 1;
+	return 1;
+};
+const wildcardToRegExp = (pattern) => {
+	const escaped = pattern.replace(/[.+^${}()|[\]\\]/g, "\\$&").replaceAll("**", "__DOUBLE_STAR__").replaceAll("*", "[^/]*").replaceAll("__DOUBLE_STAR__", ".*");
+	return new RegExp(`^${escaped}$`);
+};
+//#endregion
+//#region src/config.ts
+const CONFIG_FILE_NAME = "bun-doctor.config.json";
+const loadConfig = (rootDirectory, packageJson) => {
+	const configPath = path.join(rootDirectory, CONFIG_FILE_NAME);
+	if (fs.existsSync(configPath)) return readJsonFile(configPath) ?? {};
+	return packageJson.bunDoctor ?? {};
+};
+const filterIgnoredDiagnostics = (diagnostics, config, rootDirectory) => {
+	const ignoredRules = new Set(config.ignore?.rules ?? []);
+	const ignoredFilePatterns = (config.ignore?.files ?? []).map(wildcardToRegExp);
+	return diagnostics.filter((diagnostic) => {
+		if (ignoredRules.has(diagnostic.ruleId)) return false;
+		const relativePath = toRelativePath(diagnostic.filePath, rootDirectory);
+		return !ignoredFilePatterns.some((pattern) => pattern.test(relativePath));
+	});
+};
+//#endregion
+//#region src/project.ts
+const LOCKFILE_NAMES = ["bun.lock", "bun.lockb"];
+const LEGACY_LOCKFILE_NAMES = [
+	"package-lock.json",
+	"pnpm-lock.yaml",
+	"yarn.lock"
+];
+const WORKFLOW_EXTENSIONS = new Set([".yml", ".yaml"]);
+const collectDependencies = (packageJson) => ({
+	...packageJson.optionalDependencies,
+	...packageJson.peerDependencies,
+	...packageJson.devDependencies,
+	...packageJson.dependencies
+});
+const toPackageManifest = (packageJsonPath, packageJson) => ({
+	packageJsonPath,
+	packageJson,
+	packageName: packageJson.name ?? path.basename(path.dirname(packageJsonPath)),
+	dependencies: collectDependencies(packageJson),
+	trustedDependencies: new Set(packageJson.trustedDependencies ?? [])
+});
+const collectPackageManifests = (rootDirectory, rootPackageJsonPath, rootPackageJson) => {
+	return [toPackageManifest(rootPackageJsonPath, rootPackageJson), ...collectFiles(rootDirectory, (filePath) => path.basename(filePath) === "package.json" && filePath !== rootPackageJsonPath).flatMap((manifestPath) => {
+		const packageJson = readJsonFile(manifestPath);
+		if (!packageJson || typeof packageJson !== "object" || Array.isArray(packageJson)) return [];
+		return [toPackageManifest(manifestPath, packageJson)];
+	})];
+};
+const mergeDependencies = (manifests) => {
+	const dependencies = {};
+	for (const manifest of manifests) Object.assign(dependencies, manifest.dependencies);
+	return dependencies;
+};
+const mergeTrustedDependencies = (manifests) => {
+	const trustedDependencies = /* @__PURE__ */ new Set();
+	for (const manifest of manifests) for (const packageName of manifest.trustedDependencies) trustedDependencies.add(packageName);
+	return trustedDependencies;
+};
+const parseBooleanTomlValue = (content, key) => {
+	const match = content.match(new RegExp(`^\\s*${key}\\s*=\\s*(true|false)\\s*$`, "m"));
+	if (!match?.[1]) return void 0;
+	return match[1] === "true";
+};
+const parseStringTomlValue = (content, key) => {
+	return content.match(new RegExp(`^\\s*${key}\\s*=\\s*["']([^"']+)["']\\s*$`, "m"))?.[1];
+};
+const parseBunfig = (rootDirectory) => {
+	const filePath = path.join(rootDirectory, "bunfig.toml");
+	if (!fileExists(filePath)) return null;
+	const content = fs.readFileSync(filePath, "utf8");
+	return {
+		filePath,
+		content,
+		installIgnoreScripts: parseBooleanTomlValue(content, "ignoreScripts"),
+		installFrozenLockfile: parseBooleanTomlValue(content, "frozenLockfile"),
+		installAuto: parseStringTomlValue(content, "auto"),
+		installSecurityScanner: parseStringTomlValue(content, "scanner")
+	};
+};
+const readSourceFiles = (rootDirectory) => collectFiles(rootDirectory, isSourceFilePath).map((filePath) => ({
+	filePath,
+	content: fs.readFileSync(filePath, "utf8")
+}));
+const readWorkflowFiles = (rootDirectory) => {
+	const workflowDirectory = path.join(rootDirectory, ".github", "workflows");
+	if (!fs.existsSync(workflowDirectory)) return [];
+	return collectFiles(workflowDirectory, (filePath) => WORKFLOW_EXTENSIONS.has(path.extname(filePath))).map((filePath) => ({
+		filePath,
+		content: fs.readFileSync(filePath, "utf8")
+	}));
+};
+const readTsconfig = (rootDirectory) => {
+	const tsconfigPath = path.join(rootDirectory, "tsconfig.json");
+	if (!fileExists(tsconfigPath)) return {
+		path: null,
+		config: null
+	};
+	return {
+		path: tsconfigPath,
+		config: readJsonFile(tsconfigPath)
+	};
+};
+const findPackageJsonPath = (startDirectory) => {
+	const packageJsonPath = path.join(startDirectory, "package.json");
+	if (fileExists(packageJsonPath)) return packageJsonPath;
+	throw new Error(`No package.json found in ${startDirectory}`);
+};
+const discoverProject = (directory) => {
+	const rootDirectory = path.resolve(directory);
+	const packageJsonPath = findPackageJsonPath(rootDirectory);
+	const packageJson = readJsonFile(packageJsonPath);
+	if (!packageJson || typeof packageJson !== "object" || Array.isArray(packageJson)) throw new Error(`Could not parse ${packageJsonPath}`);
+	const lockfiles = LOCKFILE_NAMES.filter((lockfileName) => fileExists(path.join(rootDirectory, lockfileName)));
+	const legacyLockfiles = LEGACY_LOCKFILE_NAMES.filter((lockfileName) => fileExists(path.join(rootDirectory, lockfileName)));
+	const packageManifests = collectPackageManifests(rootDirectory, packageJsonPath, packageJson);
+	const tsconfig = readTsconfig(rootDirectory);
+	const pnpmWorkspacePath = path.join(rootDirectory, "pnpm-workspace.yaml");
+	return {
+		rootDirectory,
+		packageJsonPath,
+		packageJson,
+		packageName: packageJson.name ?? path.basename(rootDirectory),
+		dependencies: mergeDependencies(packageManifests),
+		trustedDependencies: mergeTrustedDependencies(packageManifests),
+		packageManifests,
+		lockfiles,
+		legacyLockfiles,
+		bunfig: parseBunfig(rootDirectory),
+		tsconfigPath: tsconfig.path,
+		tsconfig: tsconfig.config,
+		workflows: readWorkflowFiles(rootDirectory),
+		sourceFiles: readSourceFiles(rootDirectory),
+		pnpmWorkspacePath: fileExists(pnpmWorkspacePath) ? pnpmWorkspacePath : null
+	};
+};
+//#endregion
+//#region src/compat-db.ts
+const COMPAT_DB = [
+	{
+		packageName: "sqlite3",
+		severity: "risk",
+		affectedRanges: ["*"],
+		bunVersions: [">=1.0.0"],
+		platforms: ["all"],
+		confidence: "medium",
+		reason: "Native SQLite packages can depend on lifecycle scripts and Node native addon behavior. Bun ships a native SQLite driver.",
+		sources: [BUN_DOCS.sqlite, BUN_DOCS.lifecycle],
+		lastVerified: "2026-05-12",
+		replacement: "bun:sqlite",
+		migrationHint: "Evaluate replacing sqlite3 usage with Database from bun:sqlite.",
+		requiresTrustedDependency: true
+	},
+	{
+		packageName: "better-sqlite3",
+		severity: "risk",
+		affectedRanges: ["*"],
+		bunVersions: [">=1.0.0"],
+		platforms: ["all"],
+		confidence: "medium",
+		reason: "Native SQLite packages can be sensitive to lifecycle script and Node-API behavior. Bun ships a native SQLite driver.",
+		sources: [
+			BUN_DOCS.sqlite,
+			BUN_DOCS.lifecycle,
+			BUN_DOCS.nodeCompatibility
+		],
+		lastVerified: "2026-05-12",
+		replacement: "bun:sqlite",
+		workaround: "If you keep better-sqlite3, verify install and runtime on every target platform.",
+		migrationHint: "Evaluate replacing better-sqlite3 usage with Database from bun:sqlite.",
+		requiresTrustedDependency: true
+	},
+	{
+		packageName: "node-sass",
+		severity: "risk",
+		affectedRanges: ["*"],
+		bunVersions: [">=1.0.0"],
+		platforms: ["all"],
+		confidence: "high",
+		reason: "node-sass commonly relies on native install/build behavior. Bun does not run arbitrary lifecycle scripts by default.",
+		sources: [BUN_DOCS.lifecycle],
+		lastVerified: "2026-05-12",
+		replacement: "sass",
+		workaround: "Prefer Dart Sass. If you keep node-sass, explicitly trust it and verify platform installs.",
+		migrationHint: "Replace node-sass with sass where possible.",
+		requiresTrustedDependency: true
+	},
+	{
+		packageName: "dotenv",
+		severity: "win",
+		affectedRanges: ["*"],
+		bunVersions: [">=1.0.0"],
+		platforms: ["all"],
+		confidence: "high",
+		reason: "Bun automatically loads .env files, so many dotenv usages can be removed.",
+		sources: [BUN_DOCS.environmentVariables],
+		lastVerified: "2026-05-12",
+		replacement: "Bun built-in .env loading",
+		migrationHint: "Remove dotenv/config bootstrap code when Bun's automatic .env loading covers the same files."
+	},
+	{
+		packageName: "node-fetch",
+		severity: "win",
+		affectedRanges: ["*"],
+		bunVersions: [">=1.0.0"],
+		platforms: ["all"],
+		confidence: "high",
+		reason: "Bun provides a native fetch implementation through Web APIs.",
+		sources: [BUN_DOCS.nodeCompatibility],
+		lastVerified: "2026-05-12",
+		replacement: "global fetch",
+		migrationHint: "Prefer global fetch for new Bun-targeted code."
+	},
+	{
+		packageName: "cross-fetch",
+		severity: "win",
+		affectedRanges: ["*"],
+		bunVersions: [">=1.0.0"],
+		platforms: ["all"],
+		confidence: "high",
+		reason: "Bun provides native Request, Response, Headers, and fetch Web APIs.",
+		sources: [BUN_DOCS.nodeCompatibility],
+		lastVerified: "2026-05-12",
+		replacement: "global fetch",
+		migrationHint: "Prefer global fetch when all target runtimes provide it."
+	},
+	{
+		packageName: "bcrypt",
+		severity: "win",
+		affectedRanges: ["*"],
+		bunVersions: [">=1.0.0"],
+		platforms: ["all"],
+		confidence: "medium",
+		reason: "Bun ships password hashing APIs, which can remove native bcrypt install complexity in some apps.",
+		sources: [BUN_DOCS.hashing, BUN_DOCS.lifecycle],
+		lastVerified: "2026-05-12",
+		replacement: "Bun.password",
+		migrationHint: "Evaluate Bun.password for new Bun-only password hashing code.",
+		requiresTrustedDependency: true
+	},
+	{
+		packageName: "ts-node",
+		severity: "migration",
+		affectedRanges: ["*"],
+		bunVersions: [">=1.0.0"],
+		platforms: ["all"],
+		confidence: "high",
+		reason: "Bun runs TypeScript files directly, so ts-node is often unnecessary after migration.",
+		sources: [BUN_DOCS.typescript],
+		lastVerified: "2026-05-12",
+		replacement: "bun run file.ts",
+		migrationHint: "Replace ts-node scripts with bun run or direct bun execution where possible."
+	},
+	{
+		packageName: "tsx",
+		severity: "migration",
+		affectedRanges: ["*"],
+		bunVersions: [">=1.0.0"],
+		platforms: ["all"],
+		confidence: "high",
+		reason: "Bun runs TypeScript files directly and has watch/hot modes.",
+		sources: [BUN_DOCS.typescript],
+		lastVerified: "2026-05-12",
+		replacement: "bun run file.ts",
+		migrationHint: "Replace tsx scripts with bun run where Bun is the target runtime."
+	},
+	{
+		packageName: "nodemon",
+		severity: "migration",
+		affectedRanges: ["*"],
+		bunVersions: [">=1.0.0"],
+		platforms: ["all"],
+		confidence: "high",
+		reason: "Bun has built-in watch and hot reload modes for many runtime workflows.",
+		sources: ["https://bun.com/docs/runtime/watch-mode"],
+		lastVerified: "2026-05-12",
+		replacement: "bun --watch or bun --hot",
+		migrationHint: "Replace nodemon development scripts with bun --watch or bun --hot when behavior matches."
+	},
+	{
+		packageName: "jest",
+		severity: "migration",
+		affectedRanges: ["*"],
+		bunVersions: [">=1.0.0"],
+		platforms: ["all"],
+		confidence: "medium",
+		reason: "Bun ships a Jest-compatible test runner, but config/setup behavior needs migration review.",
+		sources: [BUN_DOCS.testRunner, BUN_DOCS.testConfiguration],
+		lastVerified: "2026-05-12",
+		replacement: "bun test",
+		workaround: "Keep Jest if you rely on unsupported Jest-specific behavior.",
+		migrationHint: "Audit jest.config and setup files before replacing test scripts with bun test."
+	},
+	{
+		packageName: "webpack",
+		severity: "win",
+		affectedRanges: ["*"],
+		bunVersions: [">=1.0.0"],
+		platforms: ["all"],
+		confidence: "medium",
+		reason: "Bun includes a native bundler for many application and library workflows.",
+		sources: ["https://bun.com/docs/bundler"],
+		lastVerified: "2026-05-12",
+		replacement: "bun build",
+		migrationHint: "Evaluate bun build for simple library or app bundles before keeping webpack by default."
+	},
+	{
+		packageName: "esbuild",
+		severity: "win",
+		affectedRanges: ["*"],
+		bunVersions: [">=1.0.0"],
+		platforms: ["all"],
+		confidence: "medium",
+		reason: "Bun includes a native bundler and provides an esbuild migration guide.",
+		sources: ["https://bun.com/docs/bundler/esbuild"],
+		lastVerified: "2026-05-12",
+		replacement: "bun build",
+		migrationHint: "Evaluate bun build for build scripts that only need basic esbuild behavior."
+	}
+];
+//#endregion
+//#region src/rules.ts
+const CATEGORY_BY_LEVEL = {
+	blocker: "Blockers",
+	risk: "Risks",
+	migration: "Migration work",
+	win: "Bun wins"
+};
+const createDiagnostic = (input) => {
+	if (input.sources.length === 0) throw new Error(`Rule ${input.ruleId} is missing a source`);
+	return {
+		ruleId: input.ruleId,
+		title: input.title,
+		level: input.level,
+		category: CATEGORY_BY_LEVEL[input.level],
+		message: input.message,
+		filePath: input.filePath,
+		line: input.line ?? 1,
+		sources: input.sources,
+		help: input.help,
+		packageName: input.packageName
+	};
+};
+const getCompilerOptions = (project) => {
+	const compilerOptions = project.tsconfig?.compilerOptions;
+	return isPlainObject(compilerOptions) ? compilerOptions : {};
+};
+const usesBunGlobal = (project) => project.sourceFiles.some((sourceFile) => /\bBun\.|from\s+["']bun["']|require\(["']bun["']\)/.test(sourceFile.content));
+const hasDependency = (project, packageName) => Boolean(project.dependencies[packageName]);
+const findDependencyManifests = (project, packageName) => project.packageManifests.filter((manifest) => Boolean(manifest.dependencies[packageName]));
+const hasPackageJsonWorkspaces = (project) => Boolean(project.packageJson.workspaces);
+const hasCatalogReference = (project) => Object.values(project.dependencies).some((version) => version.startsWith("catalog:"));
+const hasPackageJsonCatalog = (project) => Boolean(project.packageJson.catalog) || Boolean(project.packageJson.catalogs) || isPlainObject(project.packageJson.workspaces) && (Boolean(project.packageJson.workspaces.catalog) || Boolean(project.packageJson.workspaces.catalogs));
+const workflowUsesBun = (content) => /\bbun\s+(install|run|test|build|x)\b/.test(content);
+const workflowUsesSetupBun = (content) => /oven-sh\/setup-bun@/.test(content);
+const workflowUsesLegacyInstall = (content) => /\b(npm ci|npm install|pnpm install|yarn install|yarn --frozen-lockfile)\b/.test(content);
+const workflowUsesUnfrozenBunInstall = (content) => /^\s*(-\s*)?run:\s*bun install\s*$/m.test(content) || /\bbun install\b(?![^\n]*--frozen-lockfile)/.test(content);
+const runPackageRules = (project) => {
+	const diagnostics = [];
+	const packageJsonPath = project.packageJsonPath;
+	const hasBunLock = project.lockfiles.includes("bun.lock");
+	const hasBunLockb = project.lockfiles.includes("bun.lockb");
+	const hasAnyBunLock = hasBunLock || hasBunLockb;
+	if (!hasAnyBunLock) diagnostics.push(createDiagnostic({
+		ruleId: "bun/lockfile-missing",
+		title: "Missing Bun lockfile",
+		level: "migration",
+		message: "This project has no bun.lock. Commit Bun's lockfile before treating installs or CI as reproducible under Bun.",
+		filePath: packageJsonPath,
+		sources: [BUN_DOCS.lockfile],
+		help: "Run bun install and commit bun.lock."
+	}));
+	if (hasBunLockb) diagnostics.push(createDiagnostic({
+		ruleId: "bun/legacy-lockb",
+		title: "Legacy binary Bun lockfile",
+		level: "migration",
+		message: "bun.lockb is the legacy binary lockfile format. Bun v1.2 defaults to the text-based bun.lock.",
+		filePath: path.join(project.rootDirectory, "bun.lockb"),
+		sources: [BUN_DOCS.lockfile],
+		help: "Migrate with bun install --save-text-lockfile --frozen-lockfile --lockfile-only, then remove bun.lockb after verification."
+	}));
+	if (hasAnyBunLock && project.legacyLockfiles.length > 0) diagnostics.push(createDiagnostic({
+		ruleId: "bun/mixed-lockfiles",
+		title: "Mixed package-manager lockfiles",
+		level: "risk",
+		message: `Bun lockfile exists alongside ${project.legacyLockfiles.join(", ")}. Mixed lockfiles make it unclear which package manager owns dependency resolution.`,
+		filePath: packageJsonPath,
+		sources: [BUN_DOCS.lockfile],
+		help: "Keep legacy lockfiles only if another supported workflow still owns them; otherwise remove them after validating bun.lock."
+	}));
+	if (!project.packageJson.packageManager?.startsWith("bun@")) diagnostics.push(createDiagnostic({
+		ruleId: "bun/package-manager-field",
+		title: "packageManager does not pin Bun",
+		level: "migration",
+		message: "package.json does not pin Bun in packageManager, so contributors and CI may use different package managers.",
+		filePath: packageJsonPath,
+		sources: [BUN_DOCS.lockfile],
+		help: "Set packageManager to the Bun version used by the project, for example bun@1.3.11."
+	}));
+	if (project.pnpmWorkspacePath && !hasPackageJsonWorkspaces(project)) diagnostics.push(createDiagnostic({
+		ruleId: "bun/pnpm-workspace-only",
+		title: "Workspaces only declared for pnpm",
+		level: "blocker",
+		message: "Bun reads workspaces from package.json. A pnpm-workspace.yaml without package.json workspaces will not define Bun workspaces.",
+		filePath: project.pnpmWorkspacePath,
+		sources: [BUN_DOCS.workspaces],
+		help: "Move workspace globs into package.json workspaces before relying on bun install at the repo root."
+	}));
+	if (hasCatalogReference(project) && !hasPackageJsonCatalog(project)) diagnostics.push(createDiagnostic({
+		ruleId: "bun/catalog-without-package-json-catalog",
+		title: "Catalog references need Bun catalog definitions",
+		level: "blocker",
+		message: "This project uses catalog: dependency references, but no Bun catalog or catalogs definition was found in package.json.",
+		filePath: packageJsonPath,
+		sources: [BUN_DOCS.catalogs],
+		help: "Define catalog or catalogs in package.json, preferably under workspaces for monorepos."
+	}));
+	for (const workflow of project.workflows) {
+		if (workflowUsesBun(workflow.content) && !workflowUsesSetupBun(workflow.content)) diagnostics.push(createDiagnostic({
+			ruleId: "bun/ci-missing-setup-bun",
+			title: "CI uses Bun without setup-bun",
+			level: "blocker",
+			message: "This workflow runs bun commands but does not install Bun with oven-sh/setup-bun.",
+			filePath: workflow.filePath,
+			line: findLineNumber(workflow.content, /\bbun\s+(install|run|test|build|x)\b/),
+			sources: [BUN_DOCS.ci],
+			help: "Add oven-sh/setup-bun before bun commands in GitHub Actions."
+		}));
+		if (hasAnyBunLock && workflowUsesLegacyInstall(workflow.content)) diagnostics.push(createDiagnostic({
+			ruleId: "bun/ci-uses-legacy-package-manager",
+			title: "CI still installs with another package manager",
+			level: "migration",
+			message: "This workflow uses npm, pnpm, or yarn install even though the project has a Bun lockfile.",
+			filePath: workflow.filePath,
+			line: findLineNumber(workflow.content, /\b(npm ci|npm install|pnpm install|yarn install|yarn --frozen-lockfile)\b/),
+			sources: [BUN_DOCS.ci],
+			help: "Switch Bun-owned CI jobs to bun install --frozen-lockfile."
+		}));
+		if (workflowUsesUnfrozenBunInstall(workflow.content)) diagnostics.push(createDiagnostic({
+			ruleId: "bun/ci-install-not-frozen",
+			title: "CI Bun install is not frozen",
+			level: "risk",
+			message: "This workflow runs bun install without --frozen-lockfile, so CI can update bun.lock instead of verifying it.",
+			filePath: workflow.filePath,
+			line: findLineNumber(workflow.content, /\bbun install\b/),
+			sources: [BUN_DOCS.bunfig, BUN_DOCS.ci],
+			help: "Use bun install --frozen-lockfile in CI."
+		}));
+	}
+	if (usesBunGlobal(project) && !hasDependency(project, "@types/bun")) diagnostics.push(createDiagnostic({
+		ruleId: "bun/types-package-missing",
+		title: "Bun types are missing",
+		level: "migration",
+		message: "Source files reference Bun APIs, but @types/bun is not installed.",
+		filePath: packageJsonPath,
+		sources: [BUN_DOCS.typescript],
+		help: "Install @types/bun as a dev dependency."
+	}));
+	const compilerTypes = getCompilerOptions(project).types;
+	if (hasDependency(project, "@types/bun") && Array.isArray(compilerTypes) && !compilerTypes.includes("bun")) diagnostics.push(createDiagnostic({
+		ruleId: "bun/tsconfig-types-missing-bun",
+		title: "tsconfig types excludes Bun",
+		level: "risk",
+		message: "@types/bun is installed, but compilerOptions.types does not include bun. TypeScript 6+ requires explicit Bun types in this mode.",
+		filePath: project.tsconfigPath ?? packageJsonPath,
+		sources: [BUN_DOCS.typescript],
+		help: "Add \"bun\" to compilerOptions.types or remove types if you do not need to restrict global type packages."
+	}));
+	if (project.bunfig?.installAuto && project.bunfig.installAuto !== "disable") diagnostics.push(createDiagnostic({
+		ruleId: "bun/auto-install-enabled",
+		title: "Bun auto-install is enabled",
+		level: "risk",
+		message: `bunfig.toml sets install.auto to ${project.bunfig.installAuto}. Auto-install can fetch packages during execution when node_modules is absent.`,
+		filePath: project.bunfig.filePath,
+		line: findLineNumber(project.bunfig.content, /auto\s*=/),
+		sources: [BUN_DOCS.autoInstall, BUN_DOCS.bunfig],
+		help: "For application repos and CI, consider install.auto = \"disable\" for more predictable execution."
+	}));
+	for (const entry of COMPAT_DB) for (const manifest of findDependencyManifests(project, entry.packageName)) {
+		diagnostics.push(createDiagnostic({
+			ruleId: `compat/${entry.packageName}`,
+			title: `${entry.packageName} compatibility note`,
+			level: entry.severity,
+			message: entry.reason,
+			filePath: manifest.packageJsonPath,
+			sources: entry.sources,
+			packageName: entry.packageName,
+			help: [
+				entry.replacement ? `Replacement: ${entry.replacement}.` : "",
+				entry.workaround,
+				entry.migrationHint
+			].filter(Boolean).join(" ")
+		}));
+		if (entry.requiresTrustedDependency && !manifest.trustedDependencies.has(entry.packageName)) diagnostics.push(createDiagnostic({
+			ruleId: `bun/trusted-dependency/${entry.packageName}`,
+			title: `${entry.packageName} may need trustedDependencies`,
+			level: "risk",
+			message: `${entry.packageName} can require lifecycle scripts, but it is not listed in trustedDependencies. Bun does not run arbitrary lifecycle scripts by default.`,
+			filePath: manifest.packageJsonPath,
+			sources: [BUN_DOCS.lifecycle],
+			packageName: entry.packageName,
+			help: `If you keep ${entry.packageName}, verify whether it needs install scripts and add it to trustedDependencies only after review.`
+		}));
+	}
+	return diagnostics;
+};
+const CODE_RULES = [
+	{
+		ruleId: "code/node-repl",
+		title: "node:repl is not implemented in Bun",
+		level: "blocker",
+		pattern: /(?:from\s+["']node:repl["']|require\(["']node:repl["']\))/,
+		message: "Bun's Node compatibility table marks node:repl as not implemented.",
+		sources: [BUN_DOCS.nodeCompatibility]
+	},
+	{
+		ruleId: "code/node-trace-events",
+		title: "node:trace_events is not implemented in Bun",
+		level: "blocker",
+		pattern: /(?:from\s+["']node:trace_events["']|require\(["']node:trace_events["']\))/,
+		message: "Bun's Node compatibility table marks node:trace_events as not implemented.",
+		sources: [BUN_DOCS.nodeCompatibility]
+	},
+	{
+		ruleId: "code/node-sqlite",
+		title: "node:sqlite is not implemented in Bun",
+		level: "blocker",
+		pattern: /(?:from\s+["']node:sqlite["']|require\(["']node:sqlite["']\))/,
+		message: "Bun does not implement node:sqlite. Bun provides bun:sqlite instead.",
+		sources: [BUN_DOCS.nodeCompatibility, BUN_DOCS.sqlite],
+		help: "Use bun:sqlite for Bun-targeted SQLite code."
+	},
+	{
+		ruleId: "code/process-binding",
+		title: "process.binding usage is compatibility-sensitive",
+		level: "risk",
+		pattern: /\bprocess\.binding\s*\(/,
+		message: "process.binding is an internal Node API and only partially implemented by Bun.",
+		sources: [BUN_DOCS.nodeCompatibility],
+		help: "Replace internal Node binding access with public APIs before migrating."
+	},
+	{
+		ruleId: "code/process-missing-api",
+		title: "Node process API is not implemented in Bun",
+		level: "blocker",
+		pattern: /\bprocess\.(loadEnvFile|getBuiltinModule)\s*\(/,
+		message: "Bun's compatibility docs list process.loadEnvFile and process.getBuiltinModule as not implemented.",
+		sources: [BUN_DOCS.nodeCompatibility]
+	},
+	{
+		ruleId: "code/module-register",
+		title: "module.register is not implemented in Bun",
+		level: "blocker",
+		pattern: /\bmodule\.register\s*\(/,
+		message: "Bun's compatibility docs list module.register as not implemented and recommend Bun.plugin in the meantime.",
+		sources: [BUN_DOCS.nodeCompatibility, "https://bun.com/docs/runtime/plugins"],
+		help: "Evaluate Bun.plugin or avoid runtime module loader hooks in Bun-targeted code."
+	},
+	{
+		ruleId: "code/node-test",
+		title: "node:test is only partly implemented in Bun",
+		level: "migration",
+		pattern: /(?:from\s+["']node:test["']|require\(["']node:test["']\))/,
+		message: "Bun's compatibility docs mark node:test as partly implemented. Bun has its own bun:test runner.",
+		sources: [BUN_DOCS.nodeCompatibility, BUN_DOCS.testRunner],
+		help: "Prefer bun:test when migrating the test runner to Bun."
+	},
+	{
+		ruleId: "code/v8-specific-api",
+		title: "V8-specific APIs are compatibility-sensitive",
+		level: "risk",
+		pattern: /(?:from\s+["']node:v8["']|require\(["']node:v8["']\)|\bv8\.(serialize|deserialize|setFlagsFromString|cachedDataVersionTag)\s*\()/,
+		message: "Bun runs on JavaScriptCore, and its Node v8 compatibility is partial.",
+		sources: [BUN_DOCS.nodeCompatibility],
+		help: "Avoid V8-specific runtime assumptions in Bun-targeted code."
+	},
+	{
+		ruleId: "code/worker-resource-limits",
+		title: "worker_threads resource limits are unsupported",
+		level: "risk",
+		pattern: /\bresourceLimits\s*:/,
+		message: "Bun's worker_threads compatibility notes list resourceLimits as unsupported.",
+		sources: [BUN_DOCS.nodeCompatibility],
+		help: "Verify worker behavior under Bun or avoid Node-specific Worker options."
+	}
+];
+const runCodeRules = (project) => {
+	const diagnostics = [];
+	for (const sourceFile of project.sourceFiles) for (const rule of CODE_RULES) {
+		if (!rule.pattern.test(sourceFile.content)) continue;
+		diagnostics.push(createDiagnostic({
+			ruleId: rule.ruleId,
+			title: rule.title,
+			level: rule.level,
+			message: rule.message,
+			filePath: sourceFile.filePath,
+			line: findLineNumber(sourceFile.content, rule.pattern),
+			sources: rule.sources,
+			help: rule.help
+		}));
+	}
+	return diagnostics;
+};
+//#endregion
+//#region src/score.ts
+const getScoreLabel = (score) => {
+	if (score >= 90) return "Ready";
+	if (score >= 75) return "Close";
+	if (score >= 50) return "Risky";
+	return "Blocked";
+};
+const collectUniqueRuleCounts = (diagnostics) => {
+	const counts = {
+		blocker: /* @__PURE__ */ new Set(),
+		risk: /* @__PURE__ */ new Set(),
+		migration: /* @__PURE__ */ new Set(),
+		win: /* @__PURE__ */ new Set()
+	};
+	for (const diagnostic of diagnostics) counts[diagnostic.level].add(diagnostic.ruleId);
+	return counts;
+};
+const calculateScore = (diagnostics) => {
+	const counts = collectUniqueRuleCounts(diagnostics);
+	const penalty = counts.blocker.size * 12 + counts.risk.size * 5 + counts.migration.size * 2;
+	const score = Math.max(0, Math.round(100 - penalty));
+	return {
+		score,
+		label: getScoreLabel(score)
+	};
+};
+const summarizeDiagnostics = (diagnostics) => ({
+	blockers: diagnostics.filter((diagnostic) => diagnostic.level === "blocker").length,
+	risks: diagnostics.filter((diagnostic) => diagnostic.level === "risk").length,
+	migrations: diagnostics.filter((diagnostic) => diagnostic.level === "migration").length,
+	wins: diagnostics.filter((diagnostic) => diagnostic.level === "win").length
+});
+//#endregion
+//#region src/scan.ts
+const scan = async (directory, options = {}) => {
+	const project = discoverProject(directory);
+	const loadedConfig = options.configOverride ?? loadConfig(project.rootDirectory, project.packageJson);
+	const shouldRunPackageChecks = options.packageChecks ?? loadedConfig.package ?? true;
+	const shouldRunCodeChecks = options.codeChecks ?? loadedConfig.code ?? true;
+	const filteredDiagnostics = filterIgnoredDiagnostics([...shouldRunPackageChecks ? runPackageRules(project) : [], ...shouldRunCodeChecks ? runCodeRules(project) : []], loadedConfig, project.rootDirectory);
+	return {
+		project,
+		diagnostics: filteredDiagnostics,
+		score: calculateScore(filteredDiagnostics),
+		summary: summarizeDiagnostics(filteredDiagnostics)
+	};
+};
+//#endregion
+export { VERSION as a, toRelativePath as i, calculateScore as n, summarizeDiagnostics as r, scan as t };
+
+//# sourceMappingURL=scan-BVcJTreL.mjs.map