npm - dependency-change-report - Versions diffs - 1.1.2 → 1.3.1 - Mend

dependency-change-report 1.1.2 → 1.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/.github/workflows/dependency-report.yml +112 -0
package/README.md +126 -0
package/changelog-cli.mjs +65 -0
package/cli.mjs +306 -86
package/lib/core/analyzer.mjs +133 -26
package/lib/core/dependency-comparer.mjs +19 -8
package/lib/core/package-lock-parser.mjs +230 -3
package/lib/generate-changelog.mjs +421 -0
package/lib/utils/version-detector.mjs +68 -0
package/package.json +3 -2

package/.github/workflows/dependency-report.yml ADDED Viewed

@@ -0,0 +1,112 @@
+name: Dependency Change Report
+on:
+  pull_request:
+    branches: [ main, master ]
+  push:
+    branches: [ main, master ]
+    tags: [ 'v*' ]
+jobs:
+  dependency-report:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0  # Need full history for version detection
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '18'
+          cache: 'npm'
+      - name: Generate dependency report
+        id: dep-report
+        run: npx dependency-change-report auto --output-dir ./reports
+        continue-on-error: true
+      - name: Upload reports as artifacts
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: dependency-report-${{ github.event_name }}-${{ github.run_number }}
+          path: ./reports/
+          retention-days: 30
+      # Only comment on PRs, not pushes
+      - name: Comment PR with dependency report
+        if: github.event_name == 'pull_request' && steps.dep-report.outcome == 'success'
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const fs = require('fs');
+            const path = require('path');
+            // Look for the markdown report
+            const reportDir = './reports';
+            const files = fs.readdirSync(reportDir);
+            const markdownFile = files.find(f => f.endsWith('.md'));
+            if (markdownFile) {
+              const reportPath = path.join(reportDir, markdownFile);
+              const report = fs.readFileSync(reportPath, 'utf8');
+              // Add a header with artifact download link
+              const artifactName = `dependency-report-${{ github.event_name }}-${{ github.run_number }}`;
+              const header = `## 📦 Dependency Change Report
+              📊 **[Download Full Report Artifacts](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }})**
+              ---
+              `;
+              const fullReport = header + report;
+              // Check if we already commented
+              const { data: comments } = await github.rest.issues.listComments({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                issue_number: context.issue.number,
+              });
+              const botComment = comments.find(comment =>
+                comment.user.type === 'Bot' &&
+                comment.body.includes('📦 Dependency Change Report')
+              );
+              if (botComment) {
+                // Update existing comment
+                await github.rest.issues.updateComment({
+                  owner: context.repo.owner,
+                  repo: context.repo.repo,
+                  comment_id: botComment.id,
+                  body: fullReport
+                });
+              } else {
+                // Create new comment
+                await github.rest.issues.createComment({
+                  owner: context.repo.owner,
+                  repo: context.repo.repo,
+                  issue_number: context.issue.number,
+                  body: fullReport
+                });
+              }
+            }
+      - name: Check for major dependency changes
+        if: steps.dep-report.outcome == 'success'
+        run: |
+          if [ "${{ steps.dep-report.outputs.upgraded-count }}" -gt "0" ]; then
+            echo "::notice::Found ${{ steps.dep-report.outputs.upgraded-count }} upgraded dependencies"
+          fi
+          if [ "${{ steps.dep-report.outputs.added-count }}" -gt "5" ]; then
+            echo "::warning::Large number of new dependencies added (${{ steps.dep-report.outputs.added-count }})"
+          fi

package/README.md CHANGED Viewed

@@ -122,6 +122,132 @@ The HTML report provides a user-friendly visualization of this data, including:
 - Git
 - npm
+## GitHub Actions Integration
+This tool is designed to work seamlessly with GitHub Actions to automatically generate dependency reports for pull requests and releases.
+### Basic Setup
+Create `.github/workflows/dependency-report.yml` in your repository:
+```yaml
+name: Dependency Change Report
+on:
+  pull_request:
+    branches: [ main ]
+jobs:
+  dependency-report:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0  # Need full history for version detection
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '18'
+      - name: Generate dependency report
+        run: npx dependency-change-report auto --output-dir ./reports
+      - name: Upload reports as artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: dependency-reports
+          path: ./reports/
+          retention-days: 30
+```
+### Advanced Setup with PR Comments
+For automatic PR comments with the dependency report:
+```yaml
+name: Dependency Change Report
+on:
+  pull_request:
+    branches: [ main ]
+jobs:
+  dependency-report:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '18'
+      - name: Generate dependency report
+        id: dep-report
+        run: npx dependency-change-report auto --output-dir ./reports
+      - name: Upload reports as artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: dependency-report-PR-${{ github.event.number }}
+          path: ./reports/
+          retention-days: 30
+      - name: Comment PR with report
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const fs = require('fs');
+            const path = './reports/dependency-report-PR-${{ github.event.number }}.md';
+            if (fs.existsSync(path)) {
+              const report = fs.readFileSync(path, 'utf8');
+              github.rest.issues.createComment({
+                issue_number: context.issue.number,
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                body: report
+              });
+            }
+```
+### Compare Specific Versions
+To compare specific commits or tags instead of auto-detection:
+```yaml
+      - name: Generate dependency report
+        run: npx dependency-change-report compare https://github.com/${{ github.repository }} ${{ github.event.pull_request.base.sha }} ${{ github.event.pull_request.head.sha }} --output-dir ./reports
+```
+### Available Outputs
+When running in GitHub Actions, the tool provides these outputs that can be used in subsequent steps:
+- `has-changes`: `true` if any dependencies changed
+- `added-count`: Number of added dependencies
+- `upgraded-count`: Number of upgraded dependencies
+- `removed-count`: Number of removed dependencies
+- `report-dir`: Directory containing the generated reports
+### Generated Files
+In GitHub Actions, the tool automatically generates files with PR-specific names:
+- `dependency-report-PR-123.html` - Interactive HTML report
+- `dependency-report-PR-123.md` - Markdown report (perfect for PR comments)
+- `dependency-report-PR-123.txt` - Plain text report
+- `report.json` - Raw JSON data
+### Accessing Reports
+Reports are saved as GitHub Actions artifacts and can be:
+1. **Downloaded from the Actions tab** - Click on the workflow run and download the artifact
+2. **Viewed in PR comments** - If using the advanced setup with PR comments
+3. **Accessed programmatically** - Using the GitHub API to download artifacts
 ## License
 ISC

package/changelog-cli.mjs ADDED Viewed

@@ -0,0 +1,65 @@
+#!/usr/bin/env node
+import { generateChangelogReport } from './lib/generate-changelog.mjs';
+/**
+ * CLI interface for generating CHANGELOG-style dependency reports
+ * @returns {Promise<void>}
+ */
+const main = async () => {
+  try {
+    const args = process.argv.slice(2);
+    if (args.length < 1) {
+      console.error('Usage: node changelog-cli.mjs <report.json> [output-path] [--llm-command <command>]');
+      console.error('');
+      console.error('Generate a CHANGELOG-style report from a dependency analysis JSON file.');
+      console.error('');
+      console.error('Arguments:');
+      console.error('  <report.json>     Path to the JSON report file from dependency analysis');
+      console.error('  [output-path]     Optional output path for the changelog (default: auto-generated)');
+      console.error('  --llm-command     LLM command to use for summarization (default: ollama)');
+      console.error('');
+      console.error('Examples:');
+      console.error('  node changelog-cli.mjs report.json');
+      console.error('  node changelog-cli.mjs report.json CHANGELOG-deps.md');
+      console.error('  node changelog-cli.mjs report.json --llm-command "llm -m gpt-4"');
+      process.exit(1);
+    }
+    let jsonPath = args[0];
+    let outputPath = null;
+    let llmCommand = 'ollama';
+    // Parse arguments
+    for (let i = 1; i < args.length; i++) {
+      if (args[i] === '--llm-command') {
+        if (i + 1 < args.length) {
+          llmCommand = args[i + 1];
+          i++; // Skip next argument as it's the command
+        } else {
+          console.error('Error: --llm-command requires a value');
+          process.exit(1);
+        }
+      } else if (!outputPath && !args[i].startsWith('--')) {
+        outputPath = args[i];
+      }
+    }
+    console.log(`Generating CHANGELOG from ${jsonPath}...`);
+    console.log(`Using LLM command: ${llmCommand}`);
+    console.log('Note: This may take a while as each dependency\'s commits are summarized by the LLM...\n');
+    const changelogPath = await generateChangelogReport(jsonPath, outputPath, llmCommand);
+    console.log('\n✅ CHANGELOG generated successfully!');
+    console.log(`📝 Output: ${changelogPath}`);
+  } catch (error) {
+    console.error(`Error: ${error.message}`);
+    process.exit(1);
+  }
+};
+// Run the main function
+main();