dependency-cruiser 11.15.0 → 11.16.0-beta-1

package/README.md

@@ -13,47 +13,64 @@ This runs through the dependencies in any JavaScript, TypeScript, LiveScript or
   - in text (for your builds)
   - in graphics (for your eyeballs)
 
-As a side effect it can generate [**cool dependency graphs**](./doc/real-world-samples.md)
+As a side effect it can generate dependency graphs in various output formats including [**cool visualizations**](./doc/real-world-samples.md)
 you can stick on the wall to impress your grandma.
 
 ## How do I use it?
 
 ### Install it
 
-- `npm install --save-dev dependency-cruiser` to use it as a validator in your project (recommended) or...
-- `npm install --global dependency-cruiser` if you just want to inspect multiple projects.
+- `npm install --save-dev dependency-cruiser` (with `yarn` or `pnpm` use their
+  equivalent to install & save dependency-cruiser as a development dependency).
+
+### Generate a config
+
+```shell
+npx depcruise --init
+```
+
+This will look around in your environment a bit, ask you some questions and create
+a `.dependency-cruiser.js` configuration file attuned to your project[^1].
+
+[^1]:
+    We're using `npx` in the example scripts for convenience. When you use the
+    commands in a script in `package.json` it's not necessary to prefix them with
+    `npx`.
 
 ### Show stuff to your grandma
 
 To create a graph of the dependencies in your src folder, you'd run dependency
-cruiser with output type `dot` and run _GraphViz dot_ on the result. In
+cruiser with output type `dot` and run _GraphViz dot_[^2] on the result. In
 a one liner:
 
 ```shell
-depcruise --include-only "^src" --output-type dot src | dot -T svg > dependencygraph.svg
+npx depcruise src --include-only "^src" --config --output-type dot | dot -T svg > dependency-graph.svg
 ```
 
 - You can read more about what you can do with `--include-only` and other command line
   options in the [command line interface](./doc/cli.md) documentation.
 - _[Real world samples](./doc/real-world-samples.md)_
   contains dependency cruises of some of the most used projects on npm.
+- If our grandma is more into formats like `mermaid`, `json`, `csv`, `html` or plain text
+  we've [got her covered](./doc/cli.md#--output-type-specify-the-output-format)
+  as well.
+
+[^2]:
+    This assumes the GraphViz `dot` command is available - on most linux and
+    comparable systems this will be. In case it's not, see
+    [GraphViz' download page](https://www.graphviz.org/download/) for instructions
+    on how to get it on your machine.
 
 ### Validate things
 
 #### Declare some rules
 
-The easy way to get you started:
-
-```shell
-depcruise --init
-```
-
-This will ask you some questions and create a `.dependency-cruiser.js` with some
-rules that make sense in most projects (detecting **circular dependencies**,
-dependencies **missing** in package.json, **orphans**, production code relying on
-dev- or optionalDependencies, ...).
+When you ran the `depcruise --init command` above, the command also added some rules
+to `.dependency-cruiser.js` that make sense in most projects, like detecting
+**circular dependencies**, dependencies **missing** in package.json, **orphans**,
+and production code relying on dev- or optionalDependencies.
 
-Start adding your rules by tweaking that file.
+Start adding your rules own by tweaking that file.
 
 Sample rule:
 
@@ -74,12 +91,11 @@ Sample rule:
 - To read more about writing rules check the
   [writing rules](./doc/rules-tutorial.md) tutorial
   or the [rules reference](./doc/rules-reference.md)
-- You can find the `--init-rules` set [here](./doc/rules.starter.json)
 
 #### Report them
 
 ```sh
-depcruise --config .dependency-cruiser.js src
+npx depcruise --config .dependency-cruiser.js src
 ```
 
 This will validate against your rules and shows any violations in an eslint-like format:
@@ -87,14 +103,14 @@ This will validate against your rules and shows any violations in an eslint-like
 ![sample err output](https://raw.githubusercontent.com/sverweij/dependency-cruiser/master/doc/assets/sample-err-output.png)
 
 There's more ways to report validations; in a graph (like the one on top of this
-readme) or in a table.
+readme) or in an self-containing `html` file.
 
 - Read more about the err, dot, csv and html reporters in the
   [command line interface](./doc/cli.md)
   documentation.
 - dependency-cruiser uses itself to check on itself in its own build process;
   see the `depcruise` script in the
-  [package.json](https://github.com/sverweij/dependency-cruiser/blob/master/package.json#L64)
+  [package.json](https://github.com/sverweij/dependency-cruiser/blob/master/package.json#L76)
 
 ## I want to know more!
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "dependency-cruiser",
-  "version": "11.15.0",
+  "version": "11.16.0-beta-1",
   "description": "Validate and visualize dependencies. With your rules. JavaScript, TypeScript, CoffeeScript. ES6, CommonJS, AMD.",
   "keywords": [
     "static analysis",
@@ -89,13 +89,13 @@
     "depcruise:graph:fdp": "node ./bin/dependency-cruise.js bin src --config --output-type dot | fdp -GK=0.1 -Gsplines=true -T svg > tmp_deps.svg",
     "depcruise:graph:osage": "node ./bin/dependency-cruise.js bin src --config --output-type dot | osage -Gpack=32 -GpackMode=array2 -T svg > tmp_deps.svg",
     "depcruise:graph:view": "node ./bin/dependency-cruise.js bin src --prefix vscode://file/$(pwd)/ --config configs/.dependency-cruiser-show-metrics-config.json --output-type dot --progress cli-feedback | dot -T svg | node ./bin/wrap-stream-in-html.js | browser",
-    "depcruise:graph:view:diff": "node ./bin/dependency-cruise.js bin src --prefix vscode://file/$(pwd)/ --config configs/.dependency-cruiser-show-metrics-config.json --output-type dot --progress cli-feedback --focus \"$(watskeburt develop)\" | dot -T svg | node ./bin/wrap-stream-in-html.js | browser",
+    "depcruise:graph:view:diff": "node ./bin/dependency-cruise.js bin src test --prefix vscode://file/$(pwd)/ --config configs/.dependency-cruiser-show-metrics-config.json --output-type dot --progress cli-feedback --reaches \"$(watskeburt develop)\" | dot -T svg | node ./bin/wrap-stream-in-html.js | browser",
     "depcruise:report": "node ./bin/dependency-cruise.js src bin test configs types --output-type err-html --config configs/.dependency-cruiser-show-metrics-config.json --output-to dependency-violations.html",
     "depcruise:report:view": "node ./bin/dependency-cruise.js src bin test configs types --output-type err-html --config configs/.dependency-cruiser-show-metrics-config.json --output-to - | browser",
     "depcruise:focus": "node ./bin/dependency-cruise.js src bin test configs types tools --progress --config configs/.dependency-cruiser-show-metrics-config.json --output-type text --focus",
     "depcruise:reaches": "node ./bin/dependency-cruise.js src bin test configs types tools --progress --config configs/.dependency-cruiser-show-metrics-config.json --output-type text --reaches",
     "lint": "npm-run-all --parallel --aggregate-output lint:eslint lint:prettier lint:types",
-    "lint:eslint": "eslint bin/dependency-cruise.js src test configs tools/**/*.mjs --cache --cache-location node_modules/.cache/eslint/",
+    "lint:eslint": "eslint bin/dependency-cruise.js bin src test configs tools/**/*.mjs --cache --cache-location node_modules/.cache/eslint/",
     "lint:eslint:fix": "eslint --fix bin src test configs  tools/**/*.mjs --cache --cache-location node_modules/.cache/eslint/",
     "lint:fix": "npm-run-all lint:eslint:fix lint:prettier:fix lint:types:fix",
     "lint:prettier": "prettier --loglevel warn --check \"src/**/*.js\" \"configs/**/*.js\" \"tools/**/*.mjs\" \"bin/*\" \"types/*.d.ts\" \"test/**/*.spec.{cjs,js}\" \"test/**/*.{spec,utl}.mjs\"",
@@ -134,6 +134,7 @@
     "test:load:short": "hyperfine --warmup 1 --runs 5 \"bin/dependency-cruise.js --ignore-known --validate -- src bin test configs types tools\"",
     "test:watch": "mocha --watch --watch-extensions=json --reporter=min test/\\*\\*/\\*.spec.js",
     "update-dependencies": "npm-run-all upem:update upem:install build:clean build lint:fix depcruise test:cover",
+    "upem-outdated": "npm outdated --json --long | upem --dry-run",
     "upem:install": "npm install",
     "upem:update": "npm outdated --json --long | upem | pbcopy && pbpaste",
     "version": "npm-run-all build depcruise:graph:doc scm:stage"
@@ -154,6 +155,7 @@
     "handlebars": "4.7.7",
     "indent-string": "^4.0.0",
     "interpret": "^2.2.0",
+    "is-installed-globally": "0.4.0",
     "json5": "2.2.1",
     "lodash": "4.17.21",
     "prompts": "2.4.2",
@@ -167,24 +169,25 @@
     "wrap-ansi": "^7.0.0"
   },
   "devDependencies": {
-    "@babel/core": "7.18.10",
+    "@babel/core": "7.18.13",
     "@babel/plugin-transform-modules-commonjs": "7.18.6",
     "@babel/preset-typescript": "7.18.6",
-    "@swc/core": "1.2.241",
+    "@swc/core": "1.2.246",
     "@types/lodash": "4.14.184",
-    "@types/node": "18.7.8",
+    "@types/node": "18.7.14",
     "@types/prompts": "2.0.14",
-    "@typescript-eslint/eslint-plugin": "5.33.1",
-    "@typescript-eslint/parser": "5.33.1",
-    "@vue/compiler-sfc": "3.2.37",
+    "@typescript-eslint/eslint-plugin": "5.36.1",
+    "@typescript-eslint/parser": "5.36.1",
+    "@vue/compiler-sfc": "3.2.38",
     "c8": "7.12.0",
     "chai": "4.3.6",
     "chai-json-schema": "1.5.1",
     "coffeescript": "2.7.0",
-    "eslint": "8.22.0",
-    "eslint-config-moving-meadow": "3.0.0",
+    "eslint": "8.23.0",
+    "eslint-config-moving-meadow": "4.0.2",
     "eslint-config-prettier": "8.5.0",
-    "eslint-plugin-budapestian": "4.0.0",
+    "eslint-plugin-budapestian": "5.0.0",
+    "eslint-plugin-eslint-comments": "3.2.0",
     "eslint-plugin-import": "2.26.0",
     "eslint-plugin-mocha": "10.1.0",
     "eslint-plugin-node": "11.1.0",
@@ -199,11 +202,11 @@
     "prettier": "2.7.1",
     "proxyquire": "2.1.3",
     "shx": "0.3.4",
-    "svelte": "3.49.0",
+    "svelte": "3.50.0",
     "symlink-dir": "5.0.1",
-    "typescript": "4.7.4",
-    "upem": "7.2.0",
-    "vue-template-compiler": "2.7.9",
+    "typescript": "4.8.2",
+    "upem": "7.3.0",
+    "vue-template-compiler": "2.7.10",
     "yarn": "1.22.19"
   },
   "upem": {

package/src/cache/cache.js

@@ -14,7 +14,7 @@ function writeCache(pCacheFolder, pCruiseResult) {
   writeFileSync(
     join(pCacheFolder, CACHE_FILE_NAME),
     JSON.stringify(pCruiseResult),
-    "utf-8"
+    "utf8"
   );
 }
 
@@ -26,7 +26,7 @@ function writeCache(pCacheFolder, pCruiseResult) {
 function readCache(pCacheFolder) {
   try {
     return JSON.parse(
-      readFileSync(join(pCacheFolder, CACHE_FILE_NAME), "utf-8")
+      readFileSync(join(pCacheFolder, CACHE_FILE_NAME), "utf8")
     );
   } catch (pError) {
     return { modules: [], summary: {} };

package/src/cache/revision-data.js

@@ -42,7 +42,7 @@ function hash(pString) {
 
 function getFileHash(pFileName) {
   try {
-    return hash(readFileSync(pFileName, "utf-8"));
+    return hash(readFileSync(pFileName, "utf8"));
   } catch (pError) {
     return "file not found";
   }

package/src/cli/index.js

@@ -2,6 +2,8 @@ const glob = require("glob");
 const get = require("lodash/get");
 const clone = require("lodash/clone");
 const set = require("lodash/set");
+const isInstalledGlobally = require("is-installed-globally");
+const { red, yellow, bold } = require("chalk");
 
 const main = require("../main");
 const bus = require("../utl/bus");
@@ -138,13 +140,30 @@ module.exports = function executeCli(pFileDirectoryArray, pCruiseOptions) {
   let lExitCode = 0;
 
   try {
+    /* c8 ignore start */
+    if (isInstalledGlobally) {
+      process.stderr.write(
+        `\n  ${yellow(
+          "WARNING"
+        )}: You're running a globally installed dependency-cruiser.\n\n` +
+          `           We recommend to ${bold.italic.underline(
+            "install and run it as a local devDependency"
+          )} in\n` +
+          `           your project instead. There it has your project's environment and\n` +
+          `           transpilers at its disposal. That will ensure it can find e.g.\n` +
+          `           TypeScript, Vue or Svelte modules and dependencies.\n\n`
+      );
+    }
+    /* c8 ignore stop */
     if (pCruiseOptions.info === true) {
       process.stdout.write(formatMetaInfo());
     } else if (pCruiseOptions.init) {
-      // requiring init-config takes ~100ms (most of it taken up by requiring
+      // requiring init-config took ~100ms (most of it taken up by requiring
       // inquirer, measured on a 2.6GHz quad core i7 with flash storage on
       // macOS 10.15.7). Only requiring it when '--init' is necessary speeds up
-      // (the start-up) of cruises by that same amount.
+      // (the start-up) of cruises by that same amount. We've since replaced
+      // inquirer with 'prompts' (which is much smaller), but the same reasoning
+      // holds.
       // eslint-disable-next-line node/global-require
       const initConfig = require("./init-config");
       initConfig(pCruiseOptions.init);
@@ -152,7 +171,7 @@ module.exports = function executeCli(pFileDirectoryArray, pCruiseOptions) {
       lExitCode = runCruise(pFileDirectoryArray, pCruiseOptions);
     }
   } catch (pError) {
-    process.stderr.write(`\n  ERROR: ${pError.message}\n`);
+    process.stderr.write(`\n  ${red("ERROR")}: ${pError.message}\n`);
     bus.emit("end");
     lExitCode = 1;
   }

package/src/cli/init-config/build-config.js

@@ -17,11 +17,10 @@ require("./config.js.template");
 module.exports = function buildConfig(pNormalizedInitOptions) {
   return Handlebars.templates["config.js.template.hbs"]({
     ...pNormalizedInitOptions,
-    ...{
-      sourceLocationRE: folderNameArrayToRE(
-        pNormalizedInitOptions.sourceLocation
-      ),
-      testLocationRE: folderNameArrayToRE(pNormalizedInitOptions.testLocation),
-    },
+
+    sourceLocationRE: folderNameArrayToRE(
+      pNormalizedInitOptions.sourceLocation
+    ),
+    testLocationRE: folderNameArrayToRE(pNormalizedInitOptions.testLocation),
   });
 };

package/src/cli/init-config/environment-helpers.js

@@ -79,11 +79,8 @@ function isLikelyMonoRepo(pFolderNames = getFolderNames(process.cwd())) {
 }
 
 function hasTestsWithinSource(pTestLocations, pSourceLocations) {
-  return (
-    pTestLocations.length === 0 ||
-    pTestLocations.every((pTestLocation) =>
-      pSourceLocations.includes(pTestLocation)
-    )
+  return pTestLocations.every((pTestLocation) =>
+    pSourceLocations.includes(pTestLocation)
   );
 }
 

package/src/cli/utl/io.js

@@ -32,7 +32,6 @@ function writeToStdOut(pString, pBufferSize = PIPE_BUFFER_SIZE) {
 
   /* eslint no-plusplus: 0 */
   for (lIndex = 0; lIndex < lNumberOfChunks; lIndex++) {
-    // eslint-disable-next-line unicorn/prefer-string-slice
     process.stdout.write(
       pString.substr(lIndex * pBufferSize, pBufferSize),
       "utf8"

package/src/config-utl/extract-known-violations.js

@@ -5,7 +5,7 @@ const makeAbsolute = require("./make-absolute");
 module.exports = function extractKnownViolations(pKnownViolationsFileName) {
   try {
     return json5.parse(
-      readFileSync(makeAbsolute(pKnownViolationsFileName), "utf-8")
+      readFileSync(makeAbsolute(pKnownViolationsFileName), "utf8")
     );
     // TODO: apparently node12 native coverage doesn't see this is covered with UT
     //      (node 14 and 16 do), so c8 doesn't either. The ignore can be removed

package/src/config-utl/extract-webpack-resolve-config.js

@@ -82,7 +82,7 @@ function tryRegisterNonNative(pWebpackConfigFilename) {
  * @throws {Error} when the webpack config isn't usable (e.g. because it
  *                 doesn't exist, or because it's invalid)
  */
-// eslint-disable-next-line max-lines-per-function, complexity
+
 module.exports = function extractWebpackResolveConfig(
   pWebpackConfigFilename,
   pEnvironment,

package/src/extract/ast-extractors/extract-typescript-deps.js

@@ -1,4 +1,4 @@
-/* eslint-disable valid-jsdoc, no-inline-comments */
+/* eslint-disable no-inline-comments */
 const tryRequire = require("semver-try-require");
 const { supportedTranspilers } = require("../../../src/meta.js");
 

package/src/main/index.js

@@ -1,5 +1,5 @@
 /* eslint-disable no-magic-numbers */
-/* eslint-disable import/max-dependencies */
+
 const Ajv = require("ajv").default;
 const extract = require("../extract");
 const enrich = require("../enrich");

package/src/main/options/validate.js

@@ -81,10 +81,10 @@ function validateCruiseOptions(pOptions) {
   let lReturnValue = {};
 
   if (Boolean(pOptions)) {
-    // neccessary because can slip through the cracks when passed as a cli parameter
+    // necessary because can slip through the cracks when passed as a cli parameter
     validateSystems(pOptions.moduleSystems);
 
-    // neccessary because this safety check can't be done in json schema (a.f.a.i.k.)
+    // necessary because this safety check can't be done in json schema (a.f.a.i.k.)
     validatePathsSafety(pOptions.doNotFollow);
     validatePathsSafety(pOptions.exclude);
     validateRegExpSafety(pOptions.includeOnly);
@@ -95,7 +95,7 @@ function validateCruiseOptions(pOptions) {
     // necessary because not in the config schema
     validateOutputType(pOptions.outputType);
 
-    // neccessary because not found a way to do this properly in JSON schema
+    // necessary because not found a way to do this properly in JSON schema
     validateMaxDepth(pOptions.maxDepth);
 
     validateFocusDepth(pOptions.focusDepth);

package/src/main/rule-set/validate.js

@@ -5,6 +5,18 @@ const { validateCruiseOptions } = require("../options/validate");
 const configurationSchema = require("../../schema/configuration.schema.js");
 
 const ajv = new Ajv();
+// the default for this is 25 - as noted in the safe-regex source code already,
+// the repeat limit is not the best of heuristics for indicating exponential time
+// regular expressions - and it leads to false positives. E.g. if you use rules
+// 'generated' from rules it could be the generated 'from' or 'to' have a list
+// of file patterns that's easily > 25 of length. It's currently not possible
+// to disable this check in safe-regex (e.g. by setting it to an odd value like
+// 0 or -1, or by passing a 'switch this thing off please' option), so the only
+// option is to increase the repeat limit to something fairly high.
+//
+// This does _not_ influence the star height algorithm, which is the main value
+// of the safe-regex package.
+const MAX_SAFE_REGEX_STAR_REPEAT_LIMIT = 10000;
 
 function validateAgainstSchema(pSchema, pConfiguration) {
   if (!ajv.validate(pSchema, pConfiguration)) {
@@ -21,7 +33,9 @@ function hasPath(pObject, pSection, pCondition) {
 function safeRule(pRule, pSection, pCondition) {
   return (
     !hasPath(pRule, pSection, pCondition) ||
-    safeRegex(pRule[pSection][pCondition])
+    safeRegex(pRule[pSection][pCondition], {
+      limit: MAX_SAFE_REGEX_STAR_REPEAT_LIMIT,
+    })
   );
 }
 

package/src/main/utl/normalize-re-properties.js

@@ -1,4 +1,3 @@
-/* eslint-disable security/detect-object-injection */
 const get = require("lodash/get");
 const has = require("lodash/has");
 const set = require("lodash/set");

package/src/meta.js

@@ -1,7 +1,7 @@
 /* generated - don't edit */
 
 module.exports = {
-  version: "11.15.0",
+  version: "11.16.0-beta-1",
   engines: {
     node: "^12.20||^14||>=16",
   },

package/src/report/dot/default-theme.js

@@ -1,6 +1,5 @@
 module.exports = {
   graph: {
-    ordering: "out",
     rankdir: "LR",
     splines: "true",
     overlap: "false",

package/src/report/error-html/index.js

@@ -1,4 +1,3 @@
-/* eslint-disable security/detect-object-injection */
 const Handlebars = require("handlebars/runtime");
 const { formatSummaryForReport, aggregateViolations } = require("./utl");
 

package/src/report/error.js

@@ -1,4 +1,3 @@
-/* eslint-disable security/detect-object-injection */
 const chalk = require("chalk");
 const figures = require("figures");
 const get = require("lodash/get");