dependency-radar 0.1.1

package/dist/runners/depcheckRunner.js

@@ -0,0 +1,23 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.runDepcheck = runDepcheck;
+const path_1 = __importDefault(require("path"));
+const depcheck_1 = __importDefault(require("depcheck"));
+const utils_1 = require("../utils");
+async function runDepcheck(projectPath, tempDir) {
+    const targetFile = path_1.default.join(tempDir, 'depcheck.json');
+    try {
+        const result = await (0, depcheck_1.default)(projectPath, {
+            ignoreDirs: ['.dependency-radar', 'dist', 'build', 'coverage', 'node_modules']
+        });
+        await (0, utils_1.writeJsonFile)(targetFile, result);
+        return { ok: true, data: result, file: targetFile };
+    }
+    catch (err) {
+        await (0, utils_1.writeJsonFile)(targetFile, { error: String(err) });
+        return { ok: false, error: `depcheck failed: ${String(err)}`, file: targetFile };
+    }
+}

package/dist/runners/licenseChecker.js

@@ -0,0 +1,33 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.runLicenseChecker = runLicenseChecker;
+const path_1 = __importDefault(require("path"));
+const utils_1 = require("../utils");
+async function runLicenseChecker(projectPath, tempDir) {
+    const targetFile = path_1.default.join(tempDir, 'license-checker.json');
+    const bin = (0, utils_1.findBin)(projectPath, 'license-checker');
+    try {
+        const result = await (0, utils_1.runCommand)(bin, ['--json'], { cwd: projectPath });
+        let parsed;
+        try {
+            parsed = JSON.parse(result.stdout || '{}');
+        }
+        catch (err) {
+            parsed = undefined;
+        }
+        if (parsed) {
+            await (0, utils_1.writeJsonFile)(targetFile, parsed);
+            return { ok: true, data: parsed, file: targetFile };
+        }
+        await (0, utils_1.writeJsonFile)(targetFile, { stdout: result.stdout, stderr: result.stderr, code: result.code });
+        const error = result.code && result.code !== 0 ? `license-checker exited with code ${result.code}` : 'Failed to parse license-checker output';
+        return { ok: false, error, file: targetFile };
+    }
+    catch (err) {
+        await (0, utils_1.writeJsonFile)(targetFile, { error: String(err) });
+        return { ok: false, error: `license-checker failed: ${String(err)}`, file: targetFile };
+    }
+}

package/dist/runners/madgeRunner.js

@@ -0,0 +1,29 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.runMadge = runMadge;
+const path_1 = __importDefault(require("path"));
+const madge_1 = __importDefault(require("madge"));
+const utils_1 = require("../utils");
+async function runMadge(projectPath, tempDir) {
+    const targetFile = path_1.default.join(tempDir, 'madge.json');
+    try {
+        const srcPath = path_1.default.join(projectPath, 'src');
+        const hasSrc = await (0, utils_1.pathExists)(srcPath);
+        const entry = hasSrc ? srcPath : projectPath;
+        const result = await (0, madge_1.default)(entry, {
+            baseDir: projectPath,
+            includeNpm: true,
+            excludeRegExp: [/node_modules/, /dist/, /build/, /coverage/, /.dependency-radar/]
+        });
+        const graph = await result.obj();
+        await (0, utils_1.writeJsonFile)(targetFile, graph);
+        return { ok: true, data: graph, file: targetFile };
+    }
+    catch (err) {
+        await (0, utils_1.writeJsonFile)(targetFile, { error: String(err) });
+        return { ok: false, error: `madge failed: ${String(err)}`, file: targetFile };
+    }
+}

package/dist/runners/npmAudit.js

@@ -0,0 +1,31 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.runNpmAudit = runNpmAudit;
+const path_1 = __importDefault(require("path"));
+const utils_1 = require("../utils");
+async function runNpmAudit(projectPath, tempDir) {
+    const targetFile = path_1.default.join(tempDir, 'npm-audit.json');
+    try {
+        const result = await (0, utils_1.runCommand)('npm', ['audit', '--json'], { cwd: projectPath });
+        let parsed;
+        try {
+            parsed = JSON.parse(result.stdout || '{}');
+        }
+        catch (err) {
+            parsed = undefined;
+        }
+        if (parsed) {
+            await (0, utils_1.writeJsonFile)(targetFile, parsed);
+            return { ok: true, data: parsed, file: targetFile };
+        }
+        await (0, utils_1.writeJsonFile)(targetFile, { stdout: result.stdout, stderr: result.stderr, code: result.code });
+        return { ok: false, error: 'Failed to parse npm audit output', file: targetFile };
+    }
+    catch (err) {
+        await (0, utils_1.writeJsonFile)(targetFile, { error: String(err) });
+        return { ok: false, error: `npm audit failed: ${String(err)}`, file: targetFile };
+    }
+}

package/dist/runners/npmLs.js

@@ -0,0 +1,32 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.runNpmLs = runNpmLs;
+const path_1 = __importDefault(require("path"));
+const utils_1 = require("../utils");
+async function runNpmLs(projectPath, tempDir) {
+    const targetFile = path_1.default.join(tempDir, 'npm-ls.json');
+    try {
+        const result = await (0, utils_1.runCommand)('npm', ['ls', '--json', '--all'], { cwd: projectPath });
+        let parsed;
+        try {
+            parsed = JSON.parse(result.stdout || '{}');
+        }
+        catch (err) {
+            parsed = undefined;
+        }
+        if (parsed) {
+            await (0, utils_1.writeJsonFile)(targetFile, parsed);
+            return { ok: true, data: parsed, file: targetFile };
+        }
+        await (0, utils_1.writeJsonFile)(targetFile, { stdout: result.stdout, stderr: result.stderr, code: result.code });
+        const error = result.code && result.code !== 0 ? `npm ls exited with code ${result.code}` : 'Failed to parse npm ls output';
+        return { ok: false, error, file: targetFile };
+    }
+    catch (err) {
+        await (0, utils_1.writeJsonFile)(targetFile, { error: String(err) });
+        return { ok: false, error: `npm ls failed: ${String(err)}`, file: targetFile };
+    }
+}

package/dist/types.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/utils.js

@@ -0,0 +1,148 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.runCommand = runCommand;
+exports.delay = delay;
+exports.getDependencyRadarVersion = getDependencyRadarVersion;
+exports.ensureDir = ensureDir;
+exports.writeJsonFile = writeJsonFile;
+exports.pathExists = pathExists;
+exports.removeDir = removeDir;
+exports.readJsonFile = readJsonFile;
+exports.readPackageJson = readPackageJson;
+exports.findBin = findBin;
+exports.licenseRiskLevel = licenseRiskLevel;
+exports.vulnRiskLevel = vulnRiskLevel;
+exports.maintenanceRisk = maintenanceRisk;
+exports.readLicenseFromPackageJson = readLicenseFromPackageJson;
+const child_process_1 = require("child_process");
+const fs_1 = __importDefault(require("fs"));
+const promises_1 = __importDefault(require("fs/promises"));
+const path_1 = __importDefault(require("path"));
+function runCommand(command, args, options = {}) {
+    return new Promise((resolve, reject) => {
+        const child = (0, child_process_1.spawn)(command, args, {
+            cwd: options.cwd,
+            shell: false
+        });
+        const stdoutChunks = [];
+        const stderrChunks = [];
+        child.stdout.on('data', (d) => stdoutChunks.push(Buffer.from(d)));
+        child.stderr.on('data', (d) => stderrChunks.push(Buffer.from(d)));
+        child.on('error', (err) => reject(err));
+        child.on('close', (code) => {
+            resolve({
+                stdout: Buffer.concat(stdoutChunks).toString('utf8'),
+                stderr: Buffer.concat(stderrChunks).toString('utf8'),
+                code
+            });
+        });
+    });
+}
+function delay(ms) {
+    return new Promise((resolve) => setTimeout(resolve, ms));
+}
+function getDependencyRadarVersion() {
+    try {
+        const pkgPath = path_1.default.join(__dirname, '..', 'package.json');
+        const raw = fs_1.default.readFileSync(pkgPath, 'utf8');
+        const pkg = JSON.parse(raw);
+        return pkg.version || 'unknown';
+    }
+    catch {
+        return 'unknown';
+    }
+}
+async function ensureDir(dir) {
+    await promises_1.default.mkdir(dir, { recursive: true });
+}
+async function writeJsonFile(filePath, data) {
+    await ensureDir(path_1.default.dirname(filePath));
+    const content = JSON.stringify(data, null, 2);
+    await promises_1.default.writeFile(filePath, content, 'utf8');
+}
+async function pathExists(target) {
+    try {
+        await promises_1.default.access(target);
+        return true;
+    }
+    catch (err) {
+        return false;
+    }
+}
+async function removeDir(target) {
+    await promises_1.default.rm(target, { recursive: true, force: true });
+}
+async function readJsonFile(filePath) {
+    const raw = await promises_1.default.readFile(filePath, 'utf8');
+    return JSON.parse(raw);
+}
+async function readPackageJson(projectPath) {
+    const pkgPath = path_1.default.join(projectPath, 'package.json');
+    const pkgRaw = await promises_1.default.readFile(pkgPath, 'utf8');
+    return JSON.parse(pkgRaw);
+}
+function findBin(projectPath, binName) {
+    const ext = process.platform === 'win32' ? '.cmd' : '';
+    const candidates = [
+        path_1.default.join(projectPath, 'node_modules', '.bin', `${binName}${ext}`),
+        path_1.default.join(process.cwd(), 'node_modules', '.bin', `${binName}${ext}`),
+        path_1.default.join(__dirname, '..', 'node_modules', '.bin', `${binName}${ext}`),
+        `${binName}${ext}`
+    ];
+    for (const candidate of candidates) {
+        if (fs_1.default.existsSync(candidate))
+            return candidate;
+    }
+    return candidates[candidates.length - 1];
+}
+function licenseRiskLevel(license) {
+    if (!license)
+        return 'red';
+    const normalized = license.toUpperCase();
+    const green = ['MIT', 'BSD-2-CLAUSE', 'BSD-3-CLAUSE', 'APACHE-2.0', 'ISC'];
+    const amber = ['LGPL', 'LGPL-2.1', 'LGPL-3.0', 'MPL', 'MPL-2.0'];
+    if (green.includes(normalized))
+        return 'green';
+    if (amber.includes(normalized))
+        return 'amber';
+    return 'red';
+}
+function vulnRiskLevel(counts) {
+    const { low = 0, moderate = 0, high = 0, critical = 0 } = counts;
+    if (high > 0 || critical > 0)
+        return 'red';
+    if (low > 0 || moderate > 0)
+        return 'amber';
+    return 'green';
+}
+function maintenanceRisk(lastPublished) {
+    if (!lastPublished)
+        return 'unknown';
+    const last = new Date(lastPublished).getTime();
+    if (Number.isNaN(last))
+        return 'unknown';
+    const now = Date.now();
+    const months = (now - last) / (1000 * 60 * 60 * 24 * 30);
+    if (months <= 12)
+        return 'green';
+    if (months <= 36)
+        return 'amber';
+    return 'red';
+}
+async function readLicenseFromPackageJson(pkgName, projectPath) {
+    try {
+        const pkgJsonPath = require.resolve(path_1.default.join(pkgName, 'package.json'), { paths: [projectPath] });
+        const pkgRaw = await promises_1.default.readFile(pkgJsonPath, 'utf8');
+        const pkg = JSON.parse(pkgRaw);
+        const license = pkg.license || (Array.isArray(pkg.licenses) ? pkg.licenses.map((l) => (typeof l === 'string' ? l : l === null || l === void 0 ? void 0 : l.type)).filter(Boolean).join(' OR ') : undefined);
+        if (!license)
+            return undefined;
+        return { license, licenseFile: pkgJsonPath };
+    }
+    catch (err) {
+        return undefined;
+    }
+}

package/package.json

@@ -0,0 +1,56 @@
+{
+  "name": "dependency-radar",
+  "version": "0.1.1",
+  "description": "Local-first dependency analysis tool that generates a single HTML report showing risk, size, usage, and structure of your project’s dependencies.",
+  "main": "dist/index.js",
+  "bin": {
+    "dependency-radar": "dist/cli.js"
+  },
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "dev": "ts-node src/cli.ts scan",
+    "scan": "node dist/cli.js scan",
+    "prepublishOnly": "npm run build",
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "author": " ",
+  "license": "MIT",
+  "engines": {
+    "node": ">=18"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/JosephMaynard/dependency-radar.git"
+  },
+  "homepage": "http://dependency-radar.com",
+  "bugs": {
+    "url": "https://github.com/JosephMaynard/dependency-radar/issues"
+  },
+  "keywords": [
+    "dependency",
+    "dependencies",
+    "analysis",
+    "audit",
+    "security",
+    "license",
+    "cli",
+    "report",
+    "scan",
+    "npm",
+    "node",
+    "html"
+  ],
+  "dependencies": {
+    "depcheck": "^1.4.7",
+    "license-checker": "^25.0.1",
+    "madge": "^8.0.0"
+  },
+  "devDependencies": {
+    "@types/node": "^20.11.30",
+    "ts-node": "^10.9.2",
+    "typescript": "^5.4.3"
+  }
+}