candor-ts 0.4.1 → 0.4.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/scan.mjs +12 -7
package/package.json
CHANGED
package/scan.mjs
CHANGED
|
@@ -23,6 +23,7 @@ import ts from "typescript";
|
|
|
23
23
|
import fs from "node:fs";
|
|
24
24
|
import path from "node:path";
|
|
25
25
|
import { fileURLToPath } from "node:url";
|
|
26
|
+
import { createRequire } from "node:module";
|
|
26
27
|
import { parsePolicy, evaluatePolicy } from "./policy.mjs";
|
|
27
28
|
|
|
28
29
|
const ENGINE_DIR = path.dirname(fileURLToPath(import.meta.url));
|
|
@@ -89,12 +90,16 @@ if (fileNames.length === 0) { console.error(`candor-ts: no TypeScript sources un
|
|
|
89
90
|
// Builtin typings FALLBACK: the engine ships @types/node as its own dependency, so a target that
|
|
90
91
|
// hasn't installed it still resolves node:fs/node:net/… (found by the first npx-distribution
|
|
91
92
|
// probe: a bare fixture read Unknown for fs.readFileSync because nothing supplied the builtin
|
|
92
|
-
// types).
|
|
93
|
+
// types). Resolved via the module system, NOT a fixed relative path — npm HOISTS dependencies, so
|
|
94
|
+
// in an npx/install tree @types/node sits BESIDE candor-ts, not inside it (the second probe's
|
|
95
|
+
// catch). The TARGET's own @types win when present.
|
|
93
96
|
if (!compilerOptions.typeRoots) {
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
path.join(ENGINE_DIR, "
|
|
97
|
-
|
|
97
|
+
const roots = [path.join(rootDir, "node_modules", "@types")];
|
|
98
|
+
try {
|
|
99
|
+
const req = createRequire(path.join(ENGINE_DIR, "scan.mjs"));
|
|
100
|
+
roots.push(path.dirname(path.dirname(req.resolve("@types/node/package.json"))));
|
|
101
|
+
} catch {}
|
|
102
|
+
compilerOptions.typeRoots = roots;
|
|
98
103
|
}
|
|
99
104
|
if (!outPrefix) outPrefix = path.join(rootDir, ".candor", "report");
|
|
100
105
|
// The scanned package's name — the first half of the cross-package join key (SPEC §2 `hash`).
|
|
@@ -134,7 +139,7 @@ fs.mkdirSync(path.dirname(path.resolve(outPrefix)), { recursive: true });
|
|
|
134
139
|
// scan and a .d.ts resolution). Version-aware trust (§2.1): a report from a DIFFERENT engine
|
|
135
140
|
// version is downgraded to Unknown rather than silently trusted. Duplicate hashes (two same-named
|
|
136
141
|
// exports in one package) UNION — a sound over-approximation, documented.
|
|
137
|
-
const ENGINE_VERSION = "candor-ts-0.4.
|
|
142
|
+
const ENGINE_VERSION = "candor-ts-0.4.2";
|
|
138
143
|
const crossDeps = new Map(); // hash -> {inferred:Set, hosts:[], cmds:[], paths:[], tables:[]}
|
|
139
144
|
// Packages a loaded sibling report COVERS — exempt from the κ ledger even when a call joins no
|
|
140
145
|
// entry (reports omit pure functions: the silence is the purity claim, SPEC §2 rule 3 — the
|
|
@@ -778,7 +783,7 @@ for (const [name, rec] of fns) {
|
|
|
778
783
|
}
|
|
779
784
|
// `package` names what this report COVERS — a consumer chaining it registers coverage even when
|
|
780
785
|
// `functions` is empty (an all-pure package's report is its purity claim, SPEC §2 rule 3).
|
|
781
|
-
const envelope = { candor: { version: "candor-ts-0.4.
|
|
786
|
+
const envelope = { candor: { version: "candor-ts-0.4.2", toolchain: `node-${process.versions.node}`, spec: "0.4" },
|
|
782
787
|
package: pkgName, functions };
|
|
783
788
|
fs.writeFileSync(`${outPrefix}.json`, JSON.stringify(envelope, null, 1));
|
|
784
789
|
const cg = {};
|