npm - check-npm-lockfile - Versions diffs - 0.0.1 - Mend

check-npm-lockfile 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/dist/chunk-3YXJPGA4.js +398 -0
package/dist/chunk-3YXJPGA4.js.map +1 -0
package/dist/cli.d.ts +1 -0
package/dist/cli.js +60 -0
package/dist/cli.js.map +1 -0
package/dist/index.d.ts +80 -0
package/dist/index.js +21 -0
package/dist/index.js.map +1 -0
package/package.json +37 -0

package/dist/chunk-3YXJPGA4.js ADDED Viewed

@@ -0,0 +1,398 @@
+// src/parsers/yarn-lock.ts
+import lockfile from "@yarnpkg/lockfile";
+import { parse as parseYaml } from "yaml";
+function detectYarnVersion(content) {
+  if (content.includes("__metadata:")) {
+    return "yarn-berry";
+  }
+  return "yarn-v1";
+}
+function parseYarnLockV1(content) {
+  const result = lockfile.parse(content);
+  if (result.type !== "success") {
+    throw new Error("Failed to parse yarn.lock file");
+  }
+  const packages = [];
+  const seen = /* @__PURE__ */ new Set();
+  for (const [key, value] of Object.entries(result.object)) {
+    const match = key.match(/^(@?[^@]+)@/);
+    if (!match) continue;
+    const name = match[1];
+    const version = value.version;
+    const uniqueKey = `${name}@${version}`;
+    if (seen.has(uniqueKey)) continue;
+    seen.add(uniqueKey);
+    packages.push({
+      name,
+      version,
+      resolved: value.resolved,
+      integrity: value.integrity
+    });
+  }
+  return packages;
+}
+function parseYarnLockBerry(content) {
+  const parsed = parseYaml(content);
+  const packages = [];
+  const seen = /* @__PURE__ */ new Set();
+  for (const [key, value] of Object.entries(parsed)) {
+    if (key === "__metadata") continue;
+    const descriptors = key.split(", ");
+    for (const descriptor of descriptors) {
+      const match = descriptor.match(/^(@?[^@]+)@/);
+      if (!match) continue;
+      const name = match[1];
+      const version = value.version;
+      const uniqueKey = `${name}@${version}`;
+      if (seen.has(uniqueKey)) continue;
+      seen.add(uniqueKey);
+      packages.push({
+        name,
+        version,
+        resolved: value.resolution,
+        integrity: value.checksum
+      });
+      break;
+    }
+  }
+  return packages;
+}
+function parseYarnLock(content) {
+  const version = detectYarnVersion(content);
+  const packages = version === "yarn-v1" ? parseYarnLockV1(content) : parseYarnLockBerry(content);
+  return { packages, version };
+}
+// src/parsers/package-lock.ts
+function parsePackageLock(content) {
+  const parsed = JSON.parse(content);
+  const lockfileVersion = parsed.lockfileVersion || 1;
+  if (lockfileVersion >= 2) {
+    return parsePackageLockV2(parsed);
+  }
+  return parsePackageLockV1(parsed);
+}
+function parsePackageLockV2(data) {
+  const packages = [];
+  for (const [path, info] of Object.entries(data.packages || {})) {
+    if (path === "") continue;
+    const segments = path.split("node_modules/");
+    const packageName = segments[segments.length - 1];
+    if (!packageName || !info.version) continue;
+    packages.push({
+      name: packageName,
+      version: info.version,
+      resolved: info.resolved,
+      integrity: info.integrity
+    });
+  }
+  return deduplicatePackages(packages);
+}
+function parsePackageLockV1(data) {
+  const packages = [];
+  function traverse(deps) {
+    for (const [name, info] of Object.entries(deps)) {
+      packages.push({
+        name,
+        version: info.version,
+        resolved: info.resolved,
+        integrity: info.integrity
+      });
+      if (info.dependencies) {
+        traverse(info.dependencies);
+      }
+    }
+  }
+  traverse(data.dependencies || {});
+  return deduplicatePackages(packages);
+}
+function deduplicatePackages(packages) {
+  const seen = /* @__PURE__ */ new Map();
+  for (const pkg of packages) {
+    const key = `${pkg.name}@${pkg.version}`;
+    if (!seen.has(key)) {
+      seen.set(key, pkg);
+    }
+  }
+  return Array.from(seen.values());
+}
+// src/registry/npm-client.ts
+import pLimit from "p-limit";
+var NPM_REGISTRY = "https://registry.npmjs.org";
+var NpmRegistryClient = class {
+  cache = /* @__PURE__ */ new Map();
+  limiter;
+  retryDelay = 1e3;
+  maxRetries = 3;
+  constructor(concurrency = 10) {
+    this.limiter = pLimit(concurrency);
+  }
+  async getPackageTime(name) {
+    const cached = this.cache.get(name);
+    if (cached) return cached;
+    return this.limiter(async () => {
+      const cachedAfterWait = this.cache.get(name);
+      if (cachedAfterWait) return cachedAfterWait;
+      const data = await this.fetchWithRetry(name);
+      this.cache.set(name, data);
+      return data;
+    });
+  }
+  async fetchWithRetry(name, attempt = 1) {
+    const url = `${NPM_REGISTRY}/${encodeURIComponent(name).replace("%40", "@")}`;
+    try {
+      const response = await fetch(url, {
+        headers: {
+          Accept: "application/json"
+        }
+      });
+      if (response.status === 429) {
+        if (attempt <= this.maxRetries) {
+          const delay = this.retryDelay * Math.pow(2, attempt - 1);
+          await this.sleep(delay);
+          return this.fetchWithRetry(name, attempt + 1);
+        }
+        throw new Error(`Rate limited after ${this.maxRetries} retries`);
+      }
+      if (response.status === 404) {
+        throw new Error(`Package not found: ${name}`);
+      }
+      if (!response.ok) {
+        throw new Error(`HTTP ${response.status}: ${response.statusText}`);
+      }
+      const data = await response.json();
+      return data.time;
+    } catch (error) {
+      if (attempt <= this.maxRetries && this.isRetryableError(error)) {
+        const delay = this.retryDelay * Math.pow(2, attempt - 1);
+        await this.sleep(delay);
+        return this.fetchWithRetry(name, attempt + 1);
+      }
+      throw error;
+    }
+  }
+  isRetryableError(error) {
+    if (error instanceof Error) {
+      return error.message.includes("ECONNRESET") || error.message.includes("ETIMEDOUT") || error.message.includes("fetch failed");
+    }
+    return false;
+  }
+  sleep(ms) {
+    return new Promise((resolve2) => setTimeout(resolve2, ms));
+  }
+};
+// src/analyzer/index.ts
+import { readFileSync, existsSync } from "fs";
+import { resolve, basename } from "path";
+function parseMinimumReleaseAge(value) {
+  const match = value.match(/^(\d+)\s*(days?|hours?|minutes?)?$/i);
+  if (!match) {
+    throw new Error(
+      `Invalid minimumReleaseAge format: "${value}". Use format like "3 days", "7 days", or "24 hours"`
+    );
+  }
+  const num = parseInt(match[1], 10);
+  const unit = (match[2] || "days").toLowerCase();
+  if (unit.startsWith("day")) {
+    return num;
+  } else if (unit.startsWith("hour")) {
+    return num / 24;
+  } else if (unit.startsWith("minute")) {
+    return num / (24 * 60);
+  }
+  return num;
+}
+async function analyzeLockfile(lockfilePath, options, onProgress) {
+  const resolvedPath = resolveLockfilePath(lockfilePath);
+  const content = readFileSync(resolvedPath, "utf-8");
+  const { packages, lockfileType } = parseLockfile(resolvedPath, content);
+  const filteredPackages = packages.filter(
+    (pkg) => !options.exclude.includes(pkg.name)
+  );
+  const client = new NpmRegistryClient(options.concurrency);
+  const thresholdDays = parseMinimumReleaseAge(options.minimumReleaseAge);
+  const thresholdDate = /* @__PURE__ */ new Date();
+  thresholdDate.setDate(thresholdDate.getDate() - thresholdDays);
+  const recentPackages = [];
+  const errors = [];
+  const total = filteredPackages.length;
+  let processed = 0;
+  const checkPromises = filteredPackages.map(async (pkg) => {
+    try {
+      const timeInfo = await client.getPackageTime(pkg.name);
+      const publishedAt = new Date(timeInfo[pkg.version]);
+      if (isNaN(publishedAt.getTime())) {
+        throw new Error(`Invalid publish date for version ${pkg.version}`);
+      }
+      const daysAgo = Math.floor(
+        (Date.now() - publishedAt.getTime()) / (1e3 * 60 * 60 * 24)
+      );
+      const isWithinThreshold = publishedAt >= thresholdDate;
+      const isNew = isFirstVersion(timeInfo, pkg.version);
+      if (isWithinThreshold) {
+        recentPackages.push({
+          name: pkg.name,
+          version: pkg.version,
+          publishedAt,
+          isNew,
+          daysAgo,
+          isWithinThreshold
+        });
+      }
+    } catch (error) {
+      errors.push({
+        name: pkg.name,
+        version: pkg.version,
+        error: error instanceof Error ? error.message : String(error)
+      });
+    } finally {
+      processed++;
+      onProgress?.(processed, total);
+    }
+  });
+  await Promise.all(checkPromises);
+  recentPackages.sort(
+    (a, b) => b.publishedAt.getTime() - a.publishedAt.getTime()
+  );
+  return {
+    lockfileType,
+    lockfilePath: resolvedPath,
+    totalPackages: filteredPackages.length,
+    checkedPackages: filteredPackages.length - errors.length,
+    recentPackages,
+    errors,
+    analysisDate: /* @__PURE__ */ new Date(),
+    thresholdDays
+  };
+}
+function resolveLockfilePath(path) {
+  if (path) {
+    const resolved = resolve(path);
+    if (!existsSync(resolved)) {
+      throw new Error(`Lockfile not found: ${resolved}`);
+    }
+    return resolved;
+  }
+  const candidates = ["yarn.lock", "package-lock.json"];
+  for (const candidate of candidates) {
+    const resolved = resolve(candidate);
+    if (existsSync(resolved)) {
+      return resolved;
+    }
+  }
+  throw new Error(
+    "No lockfile found. Please specify a path or run in a directory with yarn.lock or package-lock.json"
+  );
+}
+function parseLockfile(path, content) {
+  const filename = basename(path);
+  if (filename === "yarn.lock") {
+    const { packages, version } = parseYarnLock(content);
+    return { packages, lockfileType: version };
+  }
+  if (filename === "package-lock.json") {
+    return {
+      packages: parsePackageLock(content),
+      lockfileType: "npm"
+    };
+  }
+  throw new Error(`Unsupported lockfile: ${filename}`);
+}
+function isFirstVersion(timeInfo, version) {
+  const versions = Object.keys(timeInfo).filter(
+    (k) => k !== "created" && k !== "modified"
+  );
+  if (versions.length === 0) return true;
+  let earliestVersion = versions[0];
+  let earliestDate = new Date(timeInfo[versions[0]]);
+  for (const v of versions) {
+    const date = new Date(timeInfo[v]);
+    if (date < earliestDate) {
+      earliestDate = date;
+      earliestVersion = v;
+    }
+  }
+  return version === earliestVersion;
+}
+// src/output/console.ts
+import chalk from "chalk";
+function formatConsole(result) {
+  console.log();
+  console.log(chalk.bold("Lockfile Analysis Report"));
+  console.log(chalk.gray("-".repeat(50)));
+  console.log(`File: ${chalk.cyan(result.lockfilePath)}`);
+  console.log(`Type: ${chalk.cyan(result.lockfileType)}`);
+  console.log(`Threshold: ${chalk.yellow(result.thresholdDays)} days`);
+  console.log(`Total packages: ${result.totalPackages}`);
+  console.log(`Checked: ${result.checkedPackages}`);
+  console.log();
+  if (result.recentPackages.length === 0) {
+    console.log(chalk.green("No recently published packages found."));
+  } else {
+    console.log(
+      chalk.red.bold(
+        `Found ${result.recentPackages.length} package(s) published within ${result.thresholdDays} days:`
+      )
+    );
+    console.log();
+    for (const pkg of result.recentPackages) {
+      const newBadge = pkg.isNew ? chalk.bgRed.white(" NEW ") + " " : "  ";
+      const daysLabel = pkg.daysAgo === 0 ? "today" : pkg.daysAgo === 1 ? "1 day ago" : `${pkg.daysAgo} days ago`;
+      console.log(
+        `${newBadge}${chalk.bold(pkg.name)}@${chalk.yellow(pkg.version)}`
+      );
+      console.log(
+        `    Published: ${chalk.gray(pkg.publishedAt.toISOString())} (${chalk.yellow(daysLabel)})`
+      );
+    }
+  }
+  if (result.errors.length > 0) {
+    console.log();
+    console.log(
+      chalk.yellow(
+        `Warnings: ${result.errors.length} package(s) could not be checked`
+      )
+    );
+    for (const err of result.errors) {
+      console.log(chalk.gray(`  - ${err.name}@${err.version}: ${err.error}`));
+    }
+  }
+  console.log();
+}
+// src/output/json.ts
+function formatJson(result) {
+  const output = {
+    ...result,
+    recentPackages: result.recentPackages.map((pkg) => ({
+      ...pkg,
+      publishedAt: pkg.publishedAt.toISOString()
+    })),
+    analysisDate: result.analysisDate.toISOString()
+  };
+  console.log(JSON.stringify(output, null, 2));
+}
+// src/output/index.ts
+function formatOutput(result, format) {
+  if (format === "json") {
+    formatJson(result);
+  } else {
+    formatConsole(result);
+  }
+}
+export {
+  parseYarnLock,
+  parsePackageLock,
+  NpmRegistryClient,
+  parseMinimumReleaseAge,
+  analyzeLockfile,
+  formatConsole,
+  formatJson,
+  formatOutput
+};
+//# sourceMappingURL=chunk-3YXJPGA4.js.map

package/dist/chunk-3YXJPGA4.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/parsers/yarn-lock.ts","../src/parsers/package-lock.ts","../src/registry/npm-client.ts","../src/analyzer/index.ts","../src/output/console.ts","../src/output/json.ts","../src/output/index.ts"],"sourcesContent":["import lockfile from \"@yarnpkg/lockfile\";\nimport { parse as parseYaml } from \"yaml\";\nimport type { ParsedPackage } from \"../types/index.js\";\n\nexport function detectYarnVersion(content: string): \"yarn-v1\" | \"yarn-berry\" {\n if (content.includes(\"__metadata:\")) {\n return \"yarn-berry\";\n }\n return \"yarn-v1\";\n}\n\nexport function parseYarnLockV1(content: string): ParsedPackage[] {\n const result = lockfile.parse(content);\n\n if (result.type !== \"success\") {\n throw new Error(\"Failed to parse yarn.lock file\");\n }\n\n const packages: ParsedPackage[] = [];\n const seen = new Set<string>();\n\n for (const [key, value] of Object.entries(result.object)) {\n const match = key.match(/^(@?[^@]+)@/);\n if (!match) continue;\n\n const name = match[1];\n const version = (value as { version: string }).version;\n const uniqueKey = `${name}@${version}`;\n\n if (seen.has(uniqueKey)) continue;\n seen.add(uniqueKey);\n\n packages.push({\n name,\n version,\n resolved: (value as { resolved?: string }).resolved,\n integrity: (value as { integrity?: string }).integrity,\n });\n }\n\n return packages;\n}\n\nexport function parseYarnLockBerry(content: string): ParsedPackage[] {\n const parsed = parseYaml(content) as Record<string, unknown>;\n const packages: ParsedPackage[] = [];\n const seen = new Set<string>();\n\n for (const [key, value] of Object.entries(parsed)) {\n if (key === \"__metadata\") continue;\n\n const descriptors = key.split(\", \");\n\n for (const descriptor of descriptors) {\n const match = descriptor.match(/^(@?[^@]+)@/);\n if (!match) continue;\n\n const name = match[1];\n const version = (value as { version: string }).version;\n const uniqueKey = `${name}@${version}`;\n\n if (seen.has(uniqueKey)) continue;\n seen.add(uniqueKey);\n\n packages.push({\n name,\n version,\n resolved: (value as { resolution?: string }).resolution,\n integrity: (value as { checksum?: string }).checksum,\n });\n\n break;\n }\n }\n\n return packages;\n}\n\nexport function parseYarnLock(content: string): {\n packages: ParsedPackage[];\n version: \"yarn-v1\" | \"yarn-berry\";\n} {\n const version = detectYarnVersion(content);\n const packages =\n version === \"yarn-v1\"\n ? parseYarnLockV1(content)\n : parseYarnLockBerry(content);\n return { packages, version };\n}\n","import type { ParsedPackage } from \"../types/index.js\";\n\ninterface PackageLockV2 {\n lockfileVersion: number;\n packages: Record<\n string,\n {\n version: string;\n resolved?: string;\n integrity?: string;\n }\n >;\n}\n\ninterface PackageLockV1 {\n lockfileVersion: 1;\n dependencies: Record<\n string,\n {\n version: string;\n resolved?: string;\n integrity?: string;\n dependencies?: Record<string, unknown>;\n }\n >;\n}\n\nexport function parsePackageLock(content: string): ParsedPackage[] {\n const parsed = JSON.parse(content) as { lockfileVersion?: number };\n const lockfileVersion = parsed.lockfileVersion || 1;\n\n if (lockfileVersion >= 2) {\n return parsePackageLockV2(parsed as PackageLockV2);\n }\n\n return parsePackageLockV1(parsed as PackageLockV1);\n}\n\nfunction parsePackageLockV2(data: PackageLockV2): ParsedPackage[] {\n const packages: ParsedPackage[] = [];\n\n for (const [path, info] of Object.entries(data.packages || {})) {\n if (path === \"\") continue;\n\n const segments = path.split(\"node_modules/\");\n const packageName = segments[segments.length - 1];\n\n if (!packageName || !info.version) continue;\n\n packages.push({\n name: packageName,\n version: info.version,\n resolved: info.resolved,\n integrity: info.integrity,\n });\n }\n\n return deduplicatePackages(packages);\n}\n\nfunction parsePackageLockV1(data: PackageLockV1): ParsedPackage[] {\n const packages: ParsedPackage[] = [];\n\n function traverse(deps: Record<string, { version: string; resolved?: string; integrity?: string; dependencies?: Record<string, unknown> }>) {\n for (const [name, info] of Object.entries(deps)) {\n packages.push({\n name,\n version: info.version,\n resolved: info.resolved,\n integrity: info.integrity,\n });\n\n if (info.dependencies) {\n traverse(info.dependencies as typeof deps);\n }\n }\n }\n\n traverse(data.dependencies || {});\n return deduplicatePackages(packages);\n}\n\nfunction deduplicatePackages(packages: ParsedPackage[]): ParsedPackage[] {\n const seen = new Map<string, ParsedPackage>();\n\n for (const pkg of packages) {\n const key = `${pkg.name}@${pkg.version}`;\n if (!seen.has(key)) {\n seen.set(key, pkg);\n }\n }\n\n return Array.from(seen.values());\n}\n","import pLimit from \"p-limit\";\nimport type { PackageTimeInfo } from \"../types/index.js\";\n\nconst NPM_REGISTRY = \"https://registry.npmjs.org\";\n\nexport class NpmRegistryClient {\n private cache: Map<string, PackageTimeInfo> = new Map();\n private limiter: ReturnType<typeof pLimit>;\n private retryDelay = 1000;\n private maxRetries = 3;\n\n constructor(concurrency = 10) {\n this.limiter = pLimit(concurrency);\n }\n\n async getPackageTime(name: string): Promise<PackageTimeInfo> {\n const cached = this.cache.get(name);\n if (cached) return cached;\n\n return this.limiter(async () => {\n const cachedAfterWait = this.cache.get(name);\n if (cachedAfterWait) return cachedAfterWait;\n\n const data = await this.fetchWithRetry(name);\n this.cache.set(name, data);\n return data;\n });\n }\n\n private async fetchWithRetry(\n name: string,\n attempt = 1\n ): Promise<PackageTimeInfo> {\n const url = `${NPM_REGISTRY}/${encodeURIComponent(name).replace(\"%40\", \"@\")}`;\n\n try {\n const response = await fetch(url, {\n headers: {\n Accept: \"application/json\",\n },\n });\n\n if (response.status === 429) {\n if (attempt <= this.maxRetries) {\n const delay = this.retryDelay * Math.pow(2, attempt - 1);\n await this.sleep(delay);\n return this.fetchWithRetry(name, attempt + 1);\n }\n throw new Error(`Rate limited after ${this.maxRetries} retries`);\n }\n\n if (response.status === 404) {\n throw new Error(`Package not found: ${name}`);\n }\n\n if (!response.ok) {\n throw new Error(`HTTP ${response.status}: ${response.statusText}`);\n }\n\n const data = (await response.json()) as { time: PackageTimeInfo };\n return data.time;\n } catch (error) {\n if (attempt <= this.maxRetries && this.isRetryableError(error)) {\n const delay = this.retryDelay * Math.pow(2, attempt - 1);\n await this.sleep(delay);\n return this.fetchWithRetry(name, attempt + 1);\n }\n throw error;\n }\n }\n\n private isRetryableError(error: unknown): boolean {\n if (error instanceof Error) {\n return (\n error.message.includes(\"ECONNRESET\") ||\n error.message.includes(\"ETIMEDOUT\") ||\n error.message.includes(\"fetch failed\")\n );\n }\n return false;\n }\n\n private sleep(ms: number): Promise<void> {\n return new Promise((resolve) => setTimeout(resolve, ms));\n }\n}\n","import { readFileSync, existsSync } from \"fs\";\nimport { resolve, basename } from \"path\";\nimport { parseYarnLock } from \"../parsers/yarn-lock.js\";\nimport { parsePackageLock } from \"../parsers/package-lock.js\";\nimport { NpmRegistryClient } from \"../registry/npm-client.js\";\nimport type {\n ParsedPackage,\n AnalysisResult,\n PackageCheckResult,\n PackageError,\n CLIOptions,\n LockfileType,\n PackageTimeInfo,\n} from \"../types/index.js\";\n\nexport function parseMinimumReleaseAge(value: string): number {\n const match = value.match(/^(\\d+)\\s*(days?|hours?|minutes?)?$/i);\n if (!match) {\n throw new Error(\n `Invalid minimumReleaseAge format: \"${value}\". Use format like \"3 days\", \"7 days\", or \"24 hours\"`\n );\n }\n\n const num = parseInt(match[1], 10);\n const unit = (match[2] || \"days\").toLowerCase();\n\n if (unit.startsWith(\"day\")) {\n return num;\n } else if (unit.startsWith(\"hour\")) {\n return num / 24;\n } else if (unit.startsWith(\"minute\")) {\n return num / (24 * 60);\n }\n\n return num;\n}\n\nexport async function analyzeLockfile(\n lockfilePath: string | undefined,\n options: CLIOptions,\n onProgress?: (current: number, total: number) => void\n): Promise<AnalysisResult> {\n const resolvedPath = resolveLockfilePath(lockfilePath);\n const content = readFileSync(resolvedPath, \"utf-8\");\n\n const { packages, lockfileType } = parseLockfile(resolvedPath, content);\n\n const filteredPackages = packages.filter(\n (pkg) => !options.exclude.includes(pkg.name)\n );\n\n const client = new NpmRegistryClient(options.concurrency);\n const thresholdDays = parseMinimumReleaseAge(options.minimumReleaseAge);\n const thresholdDate = new Date();\n thresholdDate.setDate(thresholdDate.getDate() - thresholdDays);\n\n const recentPackages: PackageCheckResult[] = [];\n const errors: PackageError[] = [];\n\n const total = filteredPackages.length;\n let processed = 0;\n\n const checkPromises = filteredPackages.map(async (pkg) => {\n try {\n const timeInfo = await client.getPackageTime(pkg.name);\n const publishedAt = new Date(timeInfo[pkg.version]);\n\n if (isNaN(publishedAt.getTime())) {\n throw new Error(`Invalid publish date for version ${pkg.version}`);\n }\n\n const daysAgo = Math.floor(\n (Date.now() - publishedAt.getTime()) / (1000 * 60 * 60 * 24)\n );\n\n const isWithinThreshold = publishedAt >= thresholdDate;\n const isNew = isFirstVersion(timeInfo, pkg.version);\n\n if (isWithinThreshold) {\n recentPackages.push({\n name: pkg.name,\n version: pkg.version,\n publishedAt,\n isNew,\n daysAgo,\n isWithinThreshold,\n });\n }\n } catch (error) {\n errors.push({\n name: pkg.name,\n version: pkg.version,\n error: error instanceof Error ? error.message : String(error),\n });\n } finally {\n processed++;\n onProgress?.(processed, total);\n }\n });\n\n await Promise.all(checkPromises);\n\n recentPackages.sort(\n (a, b) => b.publishedAt.getTime() - a.publishedAt.getTime()\n );\n\n return {\n lockfileType,\n lockfilePath: resolvedPath,\n totalPackages: filteredPackages.length,\n checkedPackages: filteredPackages.length - errors.length,\n recentPackages,\n errors,\n analysisDate: new Date(),\n thresholdDays,\n };\n}\n\nfunction resolveLockfilePath(path?: string): string {\n if (path) {\n const resolved = resolve(path);\n if (!existsSync(resolved)) {\n throw new Error(`Lockfile not found: ${resolved}`);\n }\n return resolved;\n }\n\n const candidates = [\"yarn.lock\", \"package-lock.json\"];\n\n for (const candidate of candidates) {\n const resolved = resolve(candidate);\n if (existsSync(resolved)) {\n return resolved;\n }\n }\n\n throw new Error(\n \"No lockfile found. Please specify a path or run in a directory with yarn.lock or package-lock.json\"\n );\n}\n\nfunction parseLockfile(\n path: string,\n content: string\n): { packages: ParsedPackage[]; lockfileType: LockfileType } {\n const filename = basename(path);\n\n if (filename === \"yarn.lock\") {\n const { packages, version } = parseYarnLock(content);\n return { packages, lockfileType: version };\n }\n\n if (filename === \"package-lock.json\") {\n return {\n packages: parsePackageLock(content),\n lockfileType: \"npm\",\n };\n }\n\n throw new Error(`Unsupported lockfile: ${filename}`);\n}\n\nfunction isFirstVersion(\n timeInfo: PackageTimeInfo,\n version: string\n): boolean {\n const versions = Object.keys(timeInfo).filter(\n (k) => k !== \"created\" && k !== \"modified\"\n );\n\n if (versions.length === 0) return true;\n\n let earliestVersion = versions[0];\n let earliestDate = new Date(timeInfo[versions[0]]);\n\n for (const v of versions) {\n const date = new Date(timeInfo[v]);\n if (date < earliestDate) {\n earliestDate = date;\n earliestVersion = v;\n }\n }\n\n return version === earliestVersion;\n}\n","import chalk from \"chalk\";\nimport type { AnalysisResult } from \"../types/index.js\";\n\nexport function formatConsole(result: AnalysisResult): void {\n console.log();\n console.log(chalk.bold(\"Lockfile Analysis Report\"));\n console.log(chalk.gray(\"-\".repeat(50)));\n console.log(`File: ${chalk.cyan(result.lockfilePath)}`);\n console.log(`Type: ${chalk.cyan(result.lockfileType)}`);\n console.log(`Threshold: ${chalk.yellow(result.thresholdDays)} days`);\n console.log(`Total packages: ${result.totalPackages}`);\n console.log(`Checked: ${result.checkedPackages}`);\n console.log();\n\n if (result.recentPackages.length === 0) {\n console.log(chalk.green(\"No recently published packages found.\"));\n } else {\n console.log(\n chalk.red.bold(\n `Found ${result.recentPackages.length} package(s) published within ${result.thresholdDays} days:`\n )\n );\n console.log();\n\n for (const pkg of result.recentPackages) {\n const newBadge = pkg.isNew ? chalk.bgRed.white(\" NEW \") + \" \" : \" \";\n const daysLabel =\n pkg.daysAgo === 0\n ? \"today\"\n : pkg.daysAgo === 1\n ? \"1 day ago\"\n : `${pkg.daysAgo} days ago`;\n\n console.log(\n `${newBadge}${chalk.bold(pkg.name)}@${chalk.yellow(pkg.version)}`\n );\n console.log(\n ` Published: ${chalk.gray(pkg.publishedAt.toISOString())} (${chalk.yellow(daysLabel)})`\n );\n }\n }\n\n if (result.errors.length > 0) {\n console.log();\n console.log(\n chalk.yellow(\n `Warnings: ${result.errors.length} package(s) could not be checked`\n )\n );\n\n for (const err of result.errors) {\n console.log(chalk.gray(` - ${err.name}@${err.version}: ${err.error}`));\n }\n }\n\n console.log();\n}\n","import type { AnalysisResult } from \"../types/index.js\";\n\nexport function formatJson(result: AnalysisResult): void {\n const output = {\n ...result,\n recentPackages: result.recentPackages.map((pkg) => ({\n ...pkg,\n publishedAt: pkg.publishedAt.toISOString(),\n })),\n analysisDate: result.analysisDate.toISOString(),\n };\n\n console.log(JSON.stringify(output, null, 2));\n}\n","import type { AnalysisResult } from \"../types/index.js\";\nimport { formatConsole } from \"./console.js\";\nimport { formatJson } from \"./json.js\";\n\nexport function formatOutput(\n result: AnalysisResult,\n format: \"console\" | \"json\"\n): void {\n if (format === \"json\") {\n formatJson(result);\n } else {\n formatConsole(result);\n }\n}\n\nexport { formatConsole } from \"./console.js\";\nexport { formatJson } from \"./json.js\";\n"],"mappings":";AAAA,OAAO,cAAc;AACrB,SAAS,SAAS,iBAAiB;AAG5B,SAAS,kBAAkB,SAA2C;AAC3E,MAAI,QAAQ,SAAS,aAAa,GAAG;AACnC,WAAO;AAAA,EACT;AACA,SAAO;AACT;AAEO,SAAS,gBAAgB,SAAkC;AAChE,QAAM,SAAS,SAAS,MAAM,OAAO;AAErC,MAAI,OAAO,SAAS,WAAW;AAC7B,UAAM,IAAI,MAAM,gCAAgC;AAAA,EAClD;AAEA,QAAM,WAA4B,CAAC;AACnC,QAAM,OAAO,oBAAI,IAAY;AAE7B,aAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,OAAO,MAAM,GAAG;AACxD,UAAM,QAAQ,IAAI,MAAM,aAAa;AACrC,QAAI,CAAC,MAAO;AAEZ,UAAM,OAAO,MAAM,CAAC;AACpB,UAAM,UAAW,MAA8B;AAC/C,UAAM,YAAY,GAAG,IAAI,IAAI,OAAO;AAEpC,QAAI,KAAK,IAAI,SAAS,EAAG;AACzB,SAAK,IAAI,SAAS;AAElB,aAAS,KAAK;AAAA,MACZ;AAAA,MACA;AAAA,MACA,UAAW,MAAgC;AAAA,MAC3C,WAAY,MAAiC;AAAA,IAC/C,CAAC;AAAA,EACH;AAEA,SAAO;AACT;AAEO,SAAS,mBAAmB,SAAkC;AACnE,QAAM,SAAS,UAAU,OAAO;AAChC,QAAM,WAA4B,CAAC;AACnC,QAAM,OAAO,oBAAI,IAAY;AAE7B,aAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,MAAM,GAAG;AACjD,QAAI,QAAQ,aAAc;AAE1B,UAAM,cAAc,IAAI,MAAM,IAAI;AAElC,eAAW,cAAc,aAAa;AACpC,YAAM,QAAQ,WAAW,MAAM,aAAa;AAC5C,UAAI,CAAC,MAAO;AAEZ,YAAM,OAAO,MAAM,CAAC;AACpB,YAAM,UAAW,MAA8B;AAC/C,YAAM,YAAY,GAAG,IAAI,IAAI,OAAO;AAEpC,UAAI,KAAK,IAAI,SAAS,EAAG;AACzB,WAAK,IAAI,SAAS;AAElB,eAAS,KAAK;AAAA,QACZ;AAAA,QACA;AAAA,QACA,UAAW,MAAkC;AAAA,QAC7C,WAAY,MAAgC;AAAA,MAC9C,CAAC;AAED;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AACT;AAEO,SAAS,cAAc,SAG5B;AACA,QAAM,UAAU,kBAAkB,OAAO;AACzC,QAAM,WACJ,YAAY,YACR,gBAAgB,OAAO,IACvB,mBAAmB,OAAO;AAChC,SAAO,EAAE,UAAU,QAAQ;AAC7B;;;AC7DO,SAAS,iBAAiB,SAAkC;AACjE,QAAM,SAAS,KAAK,MAAM,OAAO;AACjC,QAAM,kBAAkB,OAAO,mBAAmB;AAElD,MAAI,mBAAmB,GAAG;AACxB,WAAO,mBAAmB,MAAuB;AAAA,EACnD;AAEA,SAAO,mBAAmB,MAAuB;AACnD;AAEA,SAAS,mBAAmB,MAAsC;AAChE,QAAM,WAA4B,CAAC;AAEnC,aAAW,CAAC,MAAM,IAAI,KAAK,OAAO,QAAQ,KAAK,YAAY,CAAC,CAAC,GAAG;AAC9D,QAAI,SAAS,GAAI;AAEjB,UAAM,WAAW,KAAK,MAAM,eAAe;AAC3C,UAAM,cAAc,SAAS,SAAS,SAAS,CAAC;AAEhD,QAAI,CAAC,eAAe,CAAC,KAAK,QAAS;AAEnC,aAAS,KAAK;AAAA,MACZ,MAAM;AAAA,MACN,SAAS,KAAK;AAAA,MACd,UAAU,KAAK;AAAA,MACf,WAAW,KAAK;AAAA,IAClB,CAAC;AAAA,EACH;AAEA,SAAO,oBAAoB,QAAQ;AACrC;AAEA,SAAS,mBAAmB,MAAsC;AAChE,QAAM,WAA4B,CAAC;AAEnC,WAAS,SAAS,MAA0H;AAC1I,eAAW,CAAC,MAAM,IAAI,KAAK,OAAO,QAAQ,IAAI,GAAG;AAC/C,eAAS,KAAK;AAAA,QACZ;AAAA,QACA,SAAS,KAAK;AAAA,QACd,UAAU,KAAK;AAAA,QACf,WAAW,KAAK;AAAA,MAClB,CAAC;AAED,UAAI,KAAK,cAAc;AACrB,iBAAS,KAAK,YAA2B;AAAA,MAC3C;AAAA,IACF;AAAA,EACF;AAEA,WAAS,KAAK,gBAAgB,CAAC,CAAC;AAChC,SAAO,oBAAoB,QAAQ;AACrC;AAEA,SAAS,oBAAoB,UAA4C;AACvE,QAAM,OAAO,oBAAI,IAA2B;AAE5C,aAAW,OAAO,UAAU;AAC1B,UAAM,MAAM,GAAG,IAAI,IAAI,IAAI,IAAI,OAAO;AACtC,QAAI,CAAC,KAAK,IAAI,GAAG,GAAG;AAClB,WAAK,IAAI,KAAK,GAAG;AAAA,IACnB;AAAA,EACF;AAEA,SAAO,MAAM,KAAK,KAAK,OAAO,CAAC;AACjC;;;AC7FA,OAAO,YAAY;AAGnB,IAAM,eAAe;AAEd,IAAM,oBAAN,MAAwB;AAAA,EACrB,QAAsC,oBAAI,IAAI;AAAA,EAC9C;AAAA,EACA,aAAa;AAAA,EACb,aAAa;AAAA,EAErB,YAAY,cAAc,IAAI;AAC5B,SAAK,UAAU,OAAO,WAAW;AAAA,EACnC;AAAA,EAEA,MAAM,eAAe,MAAwC;AAC3D,UAAM,SAAS,KAAK,MAAM,IAAI,IAAI;AAClC,QAAI,OAAQ,QAAO;AAEnB,WAAO,KAAK,QAAQ,YAAY;AAC9B,YAAM,kBAAkB,KAAK,MAAM,IAAI,IAAI;AAC3C,UAAI,gBAAiB,QAAO;AAE5B,YAAM,OAAO,MAAM,KAAK,eAAe,IAAI;AAC3C,WAAK,MAAM,IAAI,MAAM,IAAI;AACzB,aAAO;AAAA,IACT,CAAC;AAAA,EACH;AAAA,EAEA,MAAc,eACZ,MACA,UAAU,GACgB;AAC1B,UAAM,MAAM,GAAG,YAAY,IAAI,mBAAmB,IAAI,EAAE,QAAQ,OAAO,GAAG,CAAC;AAE3E,QAAI;AACF,YAAM,WAAW,MAAM,MAAM,KAAK;AAAA,QAChC,SAAS;AAAA,UACP,QAAQ;AAAA,QACV;AAAA,MACF,CAAC;AAED,UAAI,SAAS,WAAW,KAAK;AAC3B,YAAI,WAAW,KAAK,YAAY;AAC9B,gBAAM,QAAQ,KAAK,aAAa,KAAK,IAAI,GAAG,UAAU,CAAC;AACvD,gBAAM,KAAK,MAAM,KAAK;AACtB,iBAAO,KAAK,eAAe,MAAM,UAAU,CAAC;AAAA,QAC9C;AACA,cAAM,IAAI,MAAM,sBAAsB,KAAK,UAAU,UAAU;AAAA,MACjE;AAEA,UAAI,SAAS,WAAW,KAAK;AAC3B,cAAM,IAAI,MAAM,sBAAsB,IAAI,EAAE;AAAA,MAC9C;AAEA,UAAI,CAAC,SAAS,IAAI;AAChB,cAAM,IAAI,MAAM,QAAQ,SAAS,MAAM,KAAK,SAAS,UAAU,EAAE;AAAA,MACnE;AAEA,YAAM,OAAQ,MAAM,SAAS,KAAK;AAClC,aAAO,KAAK;AAAA,IACd,SAAS,OAAO;AACd,UAAI,WAAW,KAAK,cAAc,KAAK,iBAAiB,KAAK,GAAG;AAC9D,cAAM,QAAQ,KAAK,aAAa,KAAK,IAAI,GAAG,UAAU,CAAC;AACvD,cAAM,KAAK,MAAM,KAAK;AACtB,eAAO,KAAK,eAAe,MAAM,UAAU,CAAC;AAAA,MAC9C;AACA,YAAM;AAAA,IACR;AAAA,EACF;AAAA,EAEQ,iBAAiB,OAAyB;AAChD,QAAI,iBAAiB,OAAO;AAC1B,aACE,MAAM,QAAQ,SAAS,YAAY,KACnC,MAAM,QAAQ,SAAS,WAAW,KAClC,MAAM,QAAQ,SAAS,cAAc;AAAA,IAEzC;AACA,WAAO;AAAA,EACT;AAAA,EAEQ,MAAM,IAA2B;AACvC,WAAO,IAAI,QAAQ,CAACA,aAAY,WAAWA,UAAS,EAAE,CAAC;AAAA,EACzD;AACF;;;ACrFA,SAAS,cAAc,kBAAkB;AACzC,SAAS,SAAS,gBAAgB;AAc3B,SAAS,uBAAuB,OAAuB;AAC5D,QAAM,QAAQ,MAAM,MAAM,qCAAqC;AAC/D,MAAI,CAAC,OAAO;AACV,UAAM,IAAI;AAAA,MACR,sCAAsC,KAAK;AAAA,IAC7C;AAAA,EACF;AAEA,QAAM,MAAM,SAAS,MAAM,CAAC,GAAG,EAAE;AACjC,QAAM,QAAQ,MAAM,CAAC,KAAK,QAAQ,YAAY;AAE9C,MAAI,KAAK,WAAW,KAAK,GAAG;AAC1B,WAAO;AAAA,EACT,WAAW,KAAK,WAAW,MAAM,GAAG;AAClC,WAAO,MAAM;AAAA,EACf,WAAW,KAAK,WAAW,QAAQ,GAAG;AACpC,WAAO,OAAO,KAAK;AAAA,EACrB;AAEA,SAAO;AACT;AAEA,eAAsB,gBACpB,cACA,SACA,YACyB;AACzB,QAAM,eAAe,oBAAoB,YAAY;AACrD,QAAM,UAAU,aAAa,cAAc,OAAO;AAElD,QAAM,EAAE,UAAU,aAAa,IAAI,cAAc,cAAc,OAAO;AAEtE,QAAM,mBAAmB,SAAS;AAAA,IAChC,CAAC,QAAQ,CAAC,QAAQ,QAAQ,SAAS,IAAI,IAAI;AAAA,EAC7C;AAEA,QAAM,SAAS,IAAI,kBAAkB,QAAQ,WAAW;AACxD,QAAM,gBAAgB,uBAAuB,QAAQ,iBAAiB;AACtE,QAAM,gBAAgB,oBAAI,KAAK;AAC/B,gBAAc,QAAQ,cAAc,QAAQ,IAAI,aAAa;AAE7D,QAAM,iBAAuC,CAAC;AAC9C,QAAM,SAAyB,CAAC;AAEhC,QAAM,QAAQ,iBAAiB;AAC/B,MAAI,YAAY;AAEhB,QAAM,gBAAgB,iBAAiB,IAAI,OAAO,QAAQ;AACxD,QAAI;AACF,YAAM,WAAW,MAAM,OAAO,eAAe,IAAI,IAAI;AACrD,YAAM,cAAc,IAAI,KAAK,SAAS,IAAI,OAAO,CAAC;AAElD,UAAI,MAAM,YAAY,QAAQ,CAAC,GAAG;AAChC,cAAM,IAAI,MAAM,oCAAoC,IAAI,OAAO,EAAE;AAAA,MACnE;AAEA,YAAM,UAAU,KAAK;AAAA,SAClB,KAAK,IAAI,IAAI,YAAY,QAAQ,MAAM,MAAO,KAAK,KAAK;AAAA,MAC3D;AAEA,YAAM,oBAAoB,eAAe;AACzC,YAAM,QAAQ,eAAe,UAAU,IAAI,OAAO;AAElD,UAAI,mBAAmB;AACrB,uBAAe,KAAK;AAAA,UAClB,MAAM,IAAI;AAAA,UACV,SAAS,IAAI;AAAA,UACb;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,QACF,CAAC;AAAA,MACH;AAAA,IACF,SAAS,OAAO;AACd,aAAO,KAAK;AAAA,QACV,MAAM,IAAI;AAAA,QACV,SAAS,IAAI;AAAA,QACb,OAAO,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAAA,MAC9D,CAAC;AAAA,IACH,UAAE;AACA;AACA,mBAAa,WAAW,KAAK;AAAA,IAC/B;AAAA,EACF,CAAC;AAED,QAAM,QAAQ,IAAI,aAAa;AAE/B,iBAAe;AAAA,IACb,CAAC,GAAG,MAAM,EAAE,YAAY,QAAQ,IAAI,EAAE,YAAY,QAAQ;AAAA,EAC5D;AAEA,SAAO;AAAA,IACL;AAAA,IACA,cAAc;AAAA,IACd,eAAe,iBAAiB;AAAA,IAChC,iBAAiB,iBAAiB,SAAS,OAAO;AAAA,IAClD;AAAA,IACA;AAAA,IACA,cAAc,oBAAI,KAAK;AAAA,IACvB;AAAA,EACF;AACF;AAEA,SAAS,oBAAoB,MAAuB;AAClD,MAAI,MAAM;AACR,UAAM,WAAW,QAAQ,IAAI;AAC7B,QAAI,CAAC,WAAW,QAAQ,GAAG;AACzB,YAAM,IAAI,MAAM,uBAAuB,QAAQ,EAAE;AAAA,IACnD;AACA,WAAO;AAAA,EACT;AAEA,QAAM,aAAa,CAAC,aAAa,mBAAmB;AAEpD,aAAW,aAAa,YAAY;AAClC,UAAM,WAAW,QAAQ,SAAS;AAClC,QAAI,WAAW,QAAQ,GAAG;AACxB,aAAO;AAAA,IACT;AAAA,EACF;AAEA,QAAM,IAAI;AAAA,IACR;AAAA,EACF;AACF;AAEA,SAAS,cACP,MACA,SAC2D;AAC3D,QAAM,WAAW,SAAS,IAAI;AAE9B,MAAI,aAAa,aAAa;AAC5B,UAAM,EAAE,UAAU,QAAQ,IAAI,cAAc,OAAO;AACnD,WAAO,EAAE,UAAU,cAAc,QAAQ;AAAA,EAC3C;AAEA,MAAI,aAAa,qBAAqB;AACpC,WAAO;AAAA,MACL,UAAU,iBAAiB,OAAO;AAAA,MAClC,cAAc;AAAA,IAChB;AAAA,EACF;AAEA,QAAM,IAAI,MAAM,yBAAyB,QAAQ,EAAE;AACrD;AAEA,SAAS,eACP,UACA,SACS;AACT,QAAM,WAAW,OAAO,KAAK,QAAQ,EAAE;AAAA,IACrC,CAAC,MAAM,MAAM,aAAa,MAAM;AAAA,EAClC;AAEA,MAAI,SAAS,WAAW,EAAG,QAAO;AAElC,MAAI,kBAAkB,SAAS,CAAC;AAChC,MAAI,eAAe,IAAI,KAAK,SAAS,SAAS,CAAC,CAAC,CAAC;AAEjD,aAAW,KAAK,UAAU;AACxB,UAAM,OAAO,IAAI,KAAK,SAAS,CAAC,CAAC;AACjC,QAAI,OAAO,cAAc;AACvB,qBAAe;AACf,wBAAkB;AAAA,IACpB;AAAA,EACF;AAEA,SAAO,YAAY;AACrB;;;ACxLA,OAAO,WAAW;AAGX,SAAS,cAAc,QAA8B;AAC1D,UAAQ,IAAI;AACZ,UAAQ,IAAI,MAAM,KAAK,0BAA0B,CAAC;AAClD,UAAQ,IAAI,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC,CAAC;AACtC,UAAQ,IAAI,SAAS,MAAM,KAAK,OAAO,YAAY,CAAC,EAAE;AACtD,UAAQ,IAAI,SAAS,MAAM,KAAK,OAAO,YAAY,CAAC,EAAE;AACtD,UAAQ,IAAI,cAAc,MAAM,OAAO,OAAO,aAAa,CAAC,OAAO;AACnE,UAAQ,IAAI,mBAAmB,OAAO,aAAa,EAAE;AACrD,UAAQ,IAAI,YAAY,OAAO,eAAe,EAAE;AAChD,UAAQ,IAAI;AAEZ,MAAI,OAAO,eAAe,WAAW,GAAG;AACtC,YAAQ,IAAI,MAAM,MAAM,uCAAuC,CAAC;AAAA,EAClE,OAAO;AACL,YAAQ;AAAA,MACN,MAAM,IAAI;AAAA,QACR,SAAS,OAAO,eAAe,MAAM,gCAAgC,OAAO,aAAa;AAAA,MAC3F;AAAA,IACF;AACA,YAAQ,IAAI;AAEZ,eAAW,OAAO,OAAO,gBAAgB;AACvC,YAAM,WAAW,IAAI,QAAQ,MAAM,MAAM,MAAM,OAAO,IAAI,MAAM;AAChE,YAAM,YACJ,IAAI,YAAY,IACZ,UACA,IAAI,YAAY,IACd,cACA,GAAG,IAAI,OAAO;AAEtB,cAAQ;AAAA,QACN,GAAG,QAAQ,GAAG,MAAM,KAAK,IAAI,IAAI,CAAC,IAAI,MAAM,OAAO,IAAI,OAAO,CAAC;AAAA,MACjE;AACA,cAAQ;AAAA,QACN,kBAAkB,MAAM,KAAK,IAAI,YAAY,YAAY,CAAC,CAAC,KAAK,MAAM,OAAO,SAAS,CAAC;AAAA,MACzF;AAAA,IACF;AAAA,EACF;AAEA,MAAI,OAAO,OAAO,SAAS,GAAG;AAC5B,YAAQ,IAAI;AACZ,YAAQ;AAAA,MACN,MAAM;AAAA,QACJ,aAAa,OAAO,OAAO,MAAM;AAAA,MACnC;AAAA,IACF;AAEA,eAAW,OAAO,OAAO,QAAQ;AAC/B,cAAQ,IAAI,MAAM,KAAK,OAAO,IAAI,IAAI,IAAI,IAAI,OAAO,KAAK,IAAI,KAAK,EAAE,CAAC;AAAA,IACxE;AAAA,EACF;AAEA,UAAQ,IAAI;AACd;;;ACtDO,SAAS,WAAW,QAA8B;AACvD,QAAM,SAAS;AAAA,IACb,GAAG;AAAA,IACH,gBAAgB,OAAO,eAAe,IAAI,CAAC,SAAS;AAAA,MAClD,GAAG;AAAA,MACH,aAAa,IAAI,YAAY,YAAY;AAAA,IAC3C,EAAE;AAAA,IACF,cAAc,OAAO,aAAa,YAAY;AAAA,EAChD;AAEA,UAAQ,IAAI,KAAK,UAAU,QAAQ,MAAM,CAAC,CAAC;AAC7C;;;ACTO,SAAS,aACd,QACA,QACM;AACN,MAAI,WAAW,QAAQ;AACrB,eAAW,MAAM;AAAA,EACnB,OAAO;AACL,kBAAc,MAAM;AAAA,EACtB;AACF;","names":["resolve"]}

package/dist/cli.d.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ #!/usr/bin/env node

package/dist/cli.js ADDED Viewed

@@ -0,0 +1,60 @@
+#!/usr/bin/env node
+import {
+  analyzeLockfile,
+  formatOutput
+} from "./chunk-3YXJPGA4.js";
+// src/cli.ts
+import { Command } from "commander";
+import ora from "ora";
+var program = new Command();
+program.name("check-npm-lockfile").description(
+  "Detect recently published npm packages in lockfiles for supply chain attack prevention"
+).version("0.0.1").argument("[lockfile]", "Path to lockfile (auto-detects if not specified)").option(
+  "--minimum-release-age <duration>",
+  "Minimum age threshold (e.g., '3 days', '7 days')",
+  "3 days"
+).option(
+  "-e, --exclude <packages...>",
+  "Packages to exclude from checking",
+  []
+).option("-f, --format <type>", "Output format: console or json", "console").option(
+  "-c, --concurrency <number>",
+  "Max concurrent API requests",
+  "10"
+).option("--no-exit-code", "Always exit with code 0").option("-v, --verbose", "Show verbose output").action(
+  async (lockfilePath, opts) => {
+    const options = {
+      minimumReleaseAge: opts.minimumReleaseAge,
+      exclude: opts.exclude,
+      format: opts.format,
+      concurrency: parseInt(opts.concurrency, 10),
+      exitCode: opts.exitCode,
+      verbose: opts.verbose
+    };
+    const spinner = options.format === "console" ? ora("Analyzing lockfile...").start() : null;
+    try {
+      const result = await analyzeLockfile(
+        lockfilePath,
+        options,
+        (current, total) => {
+          if (spinner && options.verbose) {
+            spinner.text = `Checking packages: ${current}/${total}`;
+          }
+        }
+      );
+      spinner?.stop();
+      formatOutput(result, options.format);
+      if (options.exitCode && result.recentPackages.length > 0) {
+        process.exit(1);
+      }
+    } catch (error) {
+      spinner?.fail(
+        error instanceof Error ? error.message : "Unknown error"
+      );
+      process.exit(1);
+    }
+  }
+);
+program.parse();
+//# sourceMappingURL=cli.js.map

package/dist/cli.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/cli.ts"],"sourcesContent":["#!/usr/bin/env node\nimport { Command } from \"commander\";\nimport ora from \"ora\";\nimport { analyzeLockfile } from \"./analyzer/index.js\";\nimport { formatOutput } from \"./output/index.js\";\nimport type { CLIOptions } from \"./types/index.js\";\n\nconst program = new Command();\n\nprogram\n .name(\"check-npm-lockfile\")\n .description(\n \"Detect recently published npm packages in lockfiles for supply chain attack prevention\"\n )\n .version(\"0.0.1\")\n .argument(\"[lockfile]\", \"Path to lockfile (auto-detects if not specified)\")\n .option(\n \"--minimum-release-age <duration>\",\n \"Minimum age threshold (e.g., '3 days', '7 days')\",\n \"3 days\"\n )\n .option(\n \"-e, --exclude <packages...>\",\n \"Packages to exclude from checking\",\n []\n )\n .option(\"-f, --format <type>\", \"Output format: console or json\", \"console\")\n .option(\n \"-c, --concurrency <number>\",\n \"Max concurrent API requests\",\n \"10\"\n )\n .option(\"--no-exit-code\", \"Always exit with code 0\")\n .option(\"-v, --verbose\", \"Show verbose output\")\n .action(\n async (\n lockfilePath: string | undefined,\n opts: {\n minimumReleaseAge: string;\n exclude: string[];\n format: string;\n concurrency: string;\n exitCode: boolean;\n verbose: boolean;\n }\n ) => {\n const options: CLIOptions = {\n minimumReleaseAge: opts.minimumReleaseAge,\n exclude: opts.exclude,\n format: opts.format as \"console\" | \"json\",\n concurrency: parseInt(opts.concurrency, 10),\n exitCode: opts.exitCode,\n verbose: opts.verbose,\n };\n\n const spinner =\n options.format === \"console\" ? ora(\"Analyzing lockfile...\").start() : null;\n\n try {\n const result = await analyzeLockfile(\n lockfilePath,\n options,\n (current, total) => {\n if (spinner && options.verbose) {\n spinner.text = `Checking packages: ${current}/${total}`;\n }\n }\n );\n\n spinner?.stop();\n\n formatOutput(result, options.format);\n\n if (options.exitCode && result.recentPackages.length > 0) {\n process.exit(1);\n }\n } catch (error) {\n spinner?.fail(\n error instanceof Error ? error.message : \"Unknown error\"\n );\n process.exit(1);\n }\n }\n );\n\nprogram.parse();\n"],"mappings":";;;;;;;AACA,SAAS,eAAe;AACxB,OAAO,SAAS;AAKhB,IAAM,UAAU,IAAI,QAAQ;AAE5B,QACG,KAAK,oBAAoB,EACzB;AAAA,EACC;AACF,EACC,QAAQ,OAAO,EACf,SAAS,cAAc,kDAAkD,EACzE;AAAA,EACC;AAAA,EACA;AAAA,EACA;AACF,EACC;AAAA,EACC;AAAA,EACA;AAAA,EACA,CAAC;AACH,EACC,OAAO,uBAAuB,kCAAkC,SAAS,EACzE;AAAA,EACC;AAAA,EACA;AAAA,EACA;AACF,EACC,OAAO,kBAAkB,yBAAyB,EAClD,OAAO,iBAAiB,qBAAqB,EAC7C;AAAA,EACC,OACE,cACA,SAQG;AACH,UAAM,UAAsB;AAAA,MAC1B,mBAAmB,KAAK;AAAA,MACxB,SAAS,KAAK;AAAA,MACd,QAAQ,KAAK;AAAA,MACb,aAAa,SAAS,KAAK,aAAa,EAAE;AAAA,MAC1C,UAAU,KAAK;AAAA,MACf,SAAS,KAAK;AAAA,IAChB;AAEA,UAAM,UACJ,QAAQ,WAAW,YAAY,IAAI,uBAAuB,EAAE,MAAM,IAAI;AAExE,QAAI;AACF,YAAM,SAAS,MAAM;AAAA,QACnB;AAAA,QACA;AAAA,QACA,CAAC,SAAS,UAAU;AAClB,cAAI,WAAW,QAAQ,SAAS;AAC9B,oBAAQ,OAAO,sBAAsB,OAAO,IAAI,KAAK;AAAA,UACvD;AAAA,QACF;AAAA,MACF;AAEA,eAAS,KAAK;AAEd,mBAAa,QAAQ,QAAQ,MAAM;AAEnC,UAAI,QAAQ,YAAY,OAAO,eAAe,SAAS,GAAG;AACxD,gBAAQ,KAAK,CAAC;AAAA,MAChB;AAAA,IACF,SAAS,OAAO;AACd,eAAS;AAAA,QACP,iBAAiB,QAAQ,MAAM,UAAU;AAAA,MAC3C;AACA,cAAQ,KAAK,CAAC;AAAA,IAChB;AAAA,EACF;AACF;AAEF,QAAQ,MAAM;","names":[]}

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,80 @@
+/** Lockfile type discriminator */
+type LockfileType = "yarn-v1" | "yarn-berry" | "npm";
+/** Parsed package information from lockfile */
+interface ParsedPackage {
+    name: string;
+    version: string;
+    resolved?: string;
+    integrity?: string;
+}
+/** npm registry package time information */
+interface PackageTimeInfo {
+    created: string;
+    modified: string;
+    [version: string]: string;
+}
+/** Result of checking a single package */
+interface PackageCheckResult {
+    name: string;
+    version: string;
+    publishedAt: Date;
+    isNew: boolean;
+    daysAgo: number;
+    isWithinThreshold: boolean;
+}
+/** Overall analysis result */
+interface AnalysisResult {
+    lockfileType: LockfileType;
+    lockfilePath: string;
+    totalPackages: number;
+    checkedPackages: number;
+    recentPackages: PackageCheckResult[];
+    errors: PackageError[];
+    analysisDate: Date;
+    thresholdDays: number;
+}
+/** Error information for packages that couldn't be checked */
+interface PackageError {
+    name: string;
+    version: string;
+    error: string;
+}
+/** CLI options */
+interface CLIOptions {
+    minimumReleaseAge: string;
+    exclude: string[];
+    format: "console" | "json";
+    concurrency: number;
+    exitCode: boolean;
+    verbose: boolean;
+}
+declare function parseMinimumReleaseAge(value: string): number;
+declare function analyzeLockfile(lockfilePath: string | undefined, options: CLIOptions, onProgress?: (current: number, total: number) => void): Promise<AnalysisResult>;
+declare function parseYarnLock(content: string): {
+    packages: ParsedPackage[];
+    version: "yarn-v1" | "yarn-berry";
+};
+declare function parsePackageLock(content: string): ParsedPackage[];
+declare class NpmRegistryClient {
+    private cache;
+    private limiter;
+    private retryDelay;
+    private maxRetries;
+    constructor(concurrency?: number);
+    getPackageTime(name: string): Promise<PackageTimeInfo>;
+    private fetchWithRetry;
+    private isRetryableError;
+    private sleep;
+}
+declare function formatConsole(result: AnalysisResult): void;
+declare function formatJson(result: AnalysisResult): void;
+declare function formatOutput(result: AnalysisResult, format: "console" | "json"): void;
+export { type AnalysisResult, type CLIOptions, type LockfileType, NpmRegistryClient, type PackageCheckResult, type PackageError, type PackageTimeInfo, type ParsedPackage, analyzeLockfile, formatConsole, formatJson, formatOutput, parseMinimumReleaseAge, parsePackageLock, parseYarnLock };

package/dist/index.js ADDED Viewed

@@ -0,0 +1,21 @@
+import {
+  NpmRegistryClient,
+  analyzeLockfile,
+  formatConsole,
+  formatJson,
+  formatOutput,
+  parseMinimumReleaseAge,
+  parsePackageLock,
+  parseYarnLock
+} from "./chunk-3YXJPGA4.js";
+export {
+  NpmRegistryClient,
+  analyzeLockfile,
+  formatConsole,
+  formatJson,
+  formatOutput,
+  parseMinimumReleaseAge,
+  parsePackageLock,
+  parseYarnLock
+};
+//# sourceMappingURL=index.js.map

package/dist/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/package.json ADDED Viewed

@@ -0,0 +1,37 @@
+{
+  "name": "check-npm-lockfile",
+  "version": "0.0.1",
+  "description": "Detect recently published npm packages in lockfiles for supply chain attack prevention",
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "bin": {
+    "check-npm-lockfile": "./dist/cli.js"
+  },
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "build": "tsup",
+    "dev": "tsup --watch",
+    "prepublishOnly": "npm run build"
+  },
+  "author": "Masahiro Saito",
+  "license": "MIT",
+  "engines": {
+    "node": ">=22.0.0"
+  },
+  "dependencies": {
+    "@yarnpkg/lockfile": "^1.1.0",
+    "chalk": "^5.4.1",
+    "commander": "^13.0.0",
+    "ora": "^8.1.1",
+    "p-limit": "^6.2.0",
+    "yaml": "^2.7.0"
+  },
+  "devDependencies": {
+    "@types/node": "^22.10.5",
+    "tsup": "^8.3.5",
+    "typescript": "^5.7.2"
+  }
+}