dependency-radar 0.3.0 → 0.4.0

package/dist/runners/npmLs.js

@@ -5,11 +5,17 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.runNpmLs = runNpmLs;
 const path_1 = __importDefault(require("path"));
+const fs_1 = __importDefault(require("fs"));
 const utils_1 = require("../utils");
+const PNPM_DEPTH_ATTEMPTS = ['Infinity', '8', '4', '2', '1'];
+const PNPM_MAX_OLD_SPACE_SIZE_MB = '8192';
 // Normalize package-manager-specific list output into a shared dependency tree.
-async function runNpmLs(projectPath, tempDir, tool = 'npm') {
+async function runNpmLs(projectPath, tempDir, tool = 'npm', options = {}) {
     const targetFile = path_1.default.join(tempDir, `${tool}-ls.json`);
     try {
+        if (tool === 'pnpm') {
+            return await runPnpmLsWithFallback(projectPath, targetFile, options);
+        }
         const { args, normalize } = buildLsCommand(tool);
         const result = await (0, utils_1.runCommand)(tool, args, { cwd: projectPath });
         const parsed = parseJsonOutput(result.stdout);
@@ -19,9 +25,7 @@ async function runNpmLs(projectPath, tempDir, tool = 'npm') {
             return { ok: true, data: normalized, file: targetFile };
         }
         await (0, utils_1.writeJsonFile)(targetFile, { stdout: result.stdout, stderr: result.stderr, code: result.code });
-        const error = result.code && result.code !== 0
-            ? `${tool} ls exited with code ${result.code}`
-            : `Failed to parse ${tool} ls output`;
+        const error = buildLsFailureMessage(tool, result.code, result.stderr);
         return { ok: false, error, file: targetFile };
     }
     catch (err) {
@@ -30,12 +34,6 @@ async function runNpmLs(projectPath, tempDir, tool = 'npm') {
     }
 }
 function buildLsCommand(tool) {
-    if (tool === 'pnpm') {
-        return {
-            args: ['list', '--json', '--depth', 'Infinity'],
-            normalize: normalizePnpmTree
-        };
-    }
     if (tool === 'yarn') {
         return {
             args: ['list', '--json', '--depth', 'Infinity'],
@@ -47,6 +45,115 @@ function buildLsCommand(tool) {
         normalize: normalizeNpmTree
     };
 }
+async function runPnpmLsWithFallback(projectPath, targetFile, options) {
+    const installState = createPnpmInstallState(projectPath);
+    const attempts = [];
+    const env = {
+        NODE_OPTIONS: ensureNodeMaxOldSpaceSize(process.env.NODE_OPTIONS, PNPM_MAX_OLD_SPACE_SIZE_MB)
+    };
+    for (let index = 0; index < PNPM_DEPTH_ATTEMPTS.length; index++) {
+        const depth = PNPM_DEPTH_ATTEMPTS[index];
+        const result = await (0, utils_1.runCommand)('pnpm', ['list', '--json', '--depth', depth], {
+            cwd: projectPath,
+            env
+        });
+        const parsed = parseJsonOutput(result.stdout);
+        const normalized = normalizePnpmTree(parsed, installState);
+        const outOfMemory = isOutOfMemoryError(result.stderr);
+        attempts.push({
+            depth,
+            code: result.code,
+            stdoutBytes: Buffer.byteLength(result.stdout || '', 'utf8'),
+            stderrPreview: trimText(result.stderr, 1200),
+            outOfMemory
+        });
+        if (normalized) {
+            if (index > 0) {
+                progress(options, `✔ PNPM ls recovered for workspace: ${formatContextLabel(options)} (depth=${depth})`);
+            }
+            await (0, utils_1.writeJsonFile)(targetFile, normalized);
+            return { ok: true, data: normalized, file: targetFile };
+        }
+        const reason = describeAttemptFailure(result.code, result.stderr);
+        progress(options, `✖ Failed pnpm ls for workspace: ${formatContextLabel(options)} (depth=${depth}; ${reason})`);
+        const nextDepth = PNPM_DEPTH_ATTEMPTS[index + 1];
+        if (nextDepth) {
+            progress(options, `✔ Retrying pnpm ls for workspace: ${formatContextLabel(options)} (depth=${nextDepth})`);
+        }
+    }
+    await (0, utils_1.writeJsonFile)(targetFile, {
+        error: 'pnpm ls retries exhausted',
+        nodeOptions: env.NODE_OPTIONS,
+        attempts
+    });
+    const sawOom = attempts.some((attempt) => attempt.outOfMemory);
+    const lastAttempt = attempts[attempts.length - 1];
+    if (sawOom) {
+        return {
+            ok: false,
+            error: 'pnpm ls ran out of memory while building the dependency tree (retried with lower depths).',
+            file: targetFile
+        };
+    }
+    const suffix = lastAttempt && typeof lastAttempt.code === 'number'
+        ? ` Last exit code: ${lastAttempt.code}.`
+        : '';
+    return {
+        ok: false,
+        error: `Failed to parse pnpm ls output after retries.${suffix}`,
+        file: targetFile
+    };
+}
+function progress(options, line) {
+    if (typeof options.onProgress === 'function') {
+        options.onProgress(line);
+    }
+}
+function formatContextLabel(options) {
+    var _a;
+    const label = (_a = options.contextLabel) === null || _a === void 0 ? void 0 : _a.trim();
+    return label || '(unknown package)';
+}
+function describeAttemptFailure(code, stderr) {
+    if (isOutOfMemoryError(stderr))
+        return 'out of memory';
+    if (typeof code === 'number' && code !== 0)
+        return `exit code ${code}`;
+    if (code === null && stderr && stderr.trim())
+        return 'terminated before completion';
+    return 'no parseable JSON output';
+}
+function ensureNodeMaxOldSpaceSize(existing, megabytes) {
+    const token = '--max-old-space-size=';
+    if (typeof existing === 'string' && existing.includes(token)) {
+        return existing;
+    }
+    const option = `${token}${megabytes}`;
+    return existing && existing.trim() ? `${existing.trim()} ${option}` : option;
+}
+function isOutOfMemoryError(stderr) {
+    return /heap out of memory|Reached heap limit|Allocation failed - JavaScript heap out of memory/i.test(stderr || '');
+}
+function trimText(text, maxChars) {
+    if (!text)
+        return '';
+    const trimmed = text.trim();
+    if (trimmed.length <= maxChars)
+        return trimmed;
+    return trimmed.slice(trimmed.length - maxChars);
+}
+function buildLsFailureMessage(tool, code, stderr) {
+    if (isOutOfMemoryError(stderr)) {
+        return `${tool} ls ran out of memory while building the dependency tree`;
+    }
+    if (typeof code === 'number' && code !== 0) {
+        return `${tool} ls exited with code ${code}`;
+    }
+    if (code === null && stderr && stderr.trim()) {
+        return `${tool} ls failed before completion`;
+    }
+    return `Failed to parse ${tool} ls output`;
+}
 function parseJsonOutput(raw) {
     if (!raw)
         return undefined;
@@ -106,15 +213,23 @@ function normalizeNpmNode(name, node) {
     }
     return out;
 }
-function normalizePnpmTree(data) {
-    const roots = Array.isArray(data) ? data : [data];
-    const root = roots.find((entry) => entry && typeof entry === 'object');
+function normalizePnpmTree(data, installState) {
+    const roots = (Array.isArray(data) ? data : [data]).filter((entry) => entry && typeof entry === 'object');
+    const root = roots.find((entry) => !isPnpmErrorPayload(entry));
     if (!root || typeof root !== 'object')
         return undefined;
-    const dependencies = collectPnpmDependencyMap(root);
+    const dependencies = collectPnpmDependencyMap(root, installState);
     return { dependencies };
 }
-function collectPnpmDependencyMap(node) {
+function isPnpmErrorPayload(node) {
+    if (!node || typeof node !== 'object')
+        return false;
+    if (!('error' in node))
+        return false;
+    const error = node.error;
+    return typeof error === 'string' || (error !== null && typeof error === 'object');
+}
+function collectPnpmDependencyMap(node, installState) {
     const out = {};
     const groups = ['dependencies', 'devDependencies', 'optionalDependencies', 'peerDependencies'];
     for (const group of groups) {
@@ -128,7 +243,7 @@ function collectPnpmDependencyMap(node) {
                 const name = typeof entry.name === 'string' ? entry.name : undefined;
                 if (!name)
                     continue;
-                const normalized = normalizePnpmNode(name, entry);
+                const normalized = normalizePnpmNode(name, entry, installState);
                 if (normalized)
                     out[name] = normalized;
             }
@@ -138,7 +253,7 @@ function collectPnpmDependencyMap(node) {
             for (const [name, entry] of Object.entries(value)) {
                 if (!entry || typeof entry !== 'object')
                     continue;
-                const normalized = normalizePnpmNode(name, entry);
+                const normalized = normalizePnpmNode(name, entry, installState);
                 if (normalized)
                     out[name] = normalized;
             }
@@ -148,19 +263,21 @@ function collectPnpmDependencyMap(node) {
         return out;
     if ((node === null || node === void 0 ? void 0 : node.dependencies) && typeof node.dependencies === 'object') {
         for (const [name, entry] of Object.entries(node.dependencies)) {
-            const normalized = normalizePnpmNode(name, entry);
+            const normalized = normalizePnpmNode(name, entry, installState);
             if (normalized)
                 out[name] = normalized;
         }
     }
     return out;
 }
-function normalizePnpmNode(name, node) {
+function normalizePnpmNode(name, node, installState) {
     const version = typeof (node === null || node === void 0 ? void 0 : node.version) === 'string' ? node.version.trim() : '';
     if (!version || version === 'unknown' || version === 'missing' || version === 'invalid')
         return undefined;
+    if (!isPnpmPackageInstalled(name, version, installState))
+        return undefined;
     const out = { name, version, dependencies: {} };
-    const childMap = collectPnpmDependencyMap(node);
+    const childMap = collectPnpmDependencyMap(node, installState);
     if (Object.keys(childMap).length > 0) {
         out.dependencies = childMap;
     }
@@ -171,6 +288,103 @@ function normalizePnpmNode(name, node) {
         out.dev = Boolean(node.dev);
     return out;
 }
+function createPnpmInstallState(projectPath) {
+    const nodeModulesRoots = findNodeModulesRoots(projectPath);
+    const virtualStoreEntries = new Set();
+    for (const root of nodeModulesRoots) {
+        const virtualStoreDir = path_1.default.join(root, '.pnpm');
+        if (!safePathExists(virtualStoreDir))
+            continue;
+        for (const entry of safeReadDirNames(virtualStoreDir)) {
+            virtualStoreEntries.add(entry);
+        }
+    }
+    return {
+        enabled: virtualStoreEntries.size > 0 || nodeModulesRoots.length > 0,
+        virtualStoreEntries,
+        nodeModulesRoots,
+        installedCache: new Map()
+    };
+}
+function findNodeModulesRoots(startPath) {
+    const roots = [];
+    let current = path_1.default.resolve(startPath);
+    while (true) {
+        const candidate = path_1.default.join(current, 'node_modules');
+        if (safePathExists(candidate)) {
+            roots.push(candidate);
+        }
+        const parent = path_1.default.dirname(current);
+        if (parent === current)
+            break;
+        current = parent;
+    }
+    return roots;
+}
+function isPnpmPackageInstalled(name, version, installState) {
+    if (!installState.enabled)
+        return true;
+    const cacheKey = `${name}@${version}`;
+    const cached = installState.installedCache.get(cacheKey);
+    if (cached !== undefined)
+        return cached;
+    const normalizedName = normalizeScopedPackageNameForPnpmStore(name);
+    const storePrefix = `${normalizedName}@${version}`;
+    for (const entry of installState.virtualStoreEntries) {
+        if (entry === storePrefix || entry.startsWith(`${storePrefix}_`) || entry.startsWith(`${storePrefix}(`)) {
+            installState.installedCache.set(cacheKey, true);
+            return true;
+        }
+    }
+    // Workspace links may resolve outside the virtual store, but still exist in node_modules.
+    for (const nodeModulesRoot of installState.nodeModulesRoots) {
+        const packageDir = path_1.default.join(nodeModulesRoot, ...name.split('/'));
+        if (safePathExists(packageDir) && packageDirectoryMatchesVersion(packageDir, version)) {
+            installState.installedCache.set(cacheKey, true);
+            return true;
+        }
+    }
+    installState.installedCache.set(cacheKey, false);
+    return false;
+}
+function normalizeScopedPackageNameForPnpmStore(name) {
+    if (!name.startsWith('@'))
+        return name;
+    const slashIndex = name.indexOf('/');
+    if (slashIndex <= 0)
+        return name;
+    return `${name.slice(0, slashIndex)}+${name.slice(slashIndex + 1)}`;
+}
+function safePathExists(targetPath) {
+    try {
+        return fs_1.default.existsSync(targetPath);
+    }
+    catch {
+        return false;
+    }
+}
+function safeReadDirNames(dirPath) {
+    try {
+        return fs_1.default.readdirSync(dirPath);
+    }
+    catch {
+        return [];
+    }
+}
+function packageDirectoryMatchesVersion(packageDir, expectedVersion) {
+    const pkgJsonPath = path_1.default.join(packageDir, 'package.json');
+    if (!safePathExists(pkgJsonPath))
+        return true;
+    try {
+        const raw = fs_1.default.readFileSync(pkgJsonPath, 'utf8');
+        const parsed = JSON.parse(raw);
+        const version = typeof (parsed === null || parsed === void 0 ? void 0 : parsed.version) === 'string' ? parsed.version.trim() : '';
+        return !version || version === expectedVersion;
+    }
+    catch {
+        return true;
+    }
+}
 function normalizeYarnTree(data) {
     const treePayload = resolveYarnTreePayload(data);
     if (!treePayload || !Array.isArray(treePayload.trees))

package/dist/runners/npmOutdated.js

@@ -11,24 +11,7 @@ function normalizeOutdatedOutput(tool, data) {
         return undefined;
     if (typeof data === "object" && !Array.isArray(data) && !data.type)
         return data;
-    if (Array.isArray(data)) {
-        // pnpm often returns arrays of rows
-        const out = {};
-        for (const entry of data) {
-            if (!entry || typeof entry !== "object")
-                continue;
-            const name = entry.name || entry.packageName;
-            if (typeof name !== "string" || !name.trim())
-                continue;
-            out[name] = {
-                current: entry.current || entry.currentVersion || entry.from,
-                latest: entry.latest || entry.latestVersion || entry.to,
-                wanted: entry.wanted,
-            };
-        }
-        return Object.keys(out).length > 0 ? out : undefined;
-    }
-    // Yarn JSONL table output
+    // Yarn JSONL table output (classic) must be checked before generic array parsing.
     const entries = Array.isArray(data) ? data : [data];
     const tableEntry = entries.find((e) => { var _a; return e && typeof e === "object" && (e.type === "table" || ((_a = e.data) === null || _a === void 0 ? void 0 : _a.body)); });
     const table = (tableEntry === null || tableEntry === void 0 ? void 0 : tableEntry.data) || tableEntry;
@@ -55,10 +38,31 @@ function normalizeOutdatedOutput(tool, data) {
         }
         return Object.keys(out).length > 0 ? out : undefined;
     }
+    if (Array.isArray(data)) {
+        // pnpm often returns arrays of rows
+        const out = {};
+        for (const entry of data) {
+            if (!entry || typeof entry !== "object")
+                continue;
+            const name = entry.name || entry.packageName;
+            if (typeof name !== "string" || !name.trim())
+                continue;
+            out[name] = {
+                current: entry.current || entry.currentVersion || entry.from,
+                latest: entry.latest || entry.latestVersion || entry.to,
+                wanted: entry.wanted,
+            };
+        }
+        return Object.keys(out).length > 0 ? out : undefined;
+    }
     if (tool === "pnpm" && data.outdated)
         return data.outdated;
     return undefined;
 }
+function isYarnOutdatedUnsupported(result) {
+    const output = `${result.stdout}\n${result.stderr}`;
+    return /Couldn't find a script named "outdated"/i.test(output);
+}
 function buildOutdatedCommand(tool) {
     if (tool === "pnpm") {
         return {
@@ -93,6 +97,18 @@ async function runPackageOutdated(projectPath, tempDir, tool) {
             await (0, utils_1.writeJsonFile)(targetFile, normalized);
             return { ok: true, data: normalized, file: targetFile };
         }
+        if (tool === "yarn" && isYarnOutdatedUnsupported(result)) {
+            await (0, utils_1.writeJsonFile)(targetFile, {
+                stdout: result.stdout,
+                stderr: result.stderr,
+                code: result.code,
+            });
+            return {
+                ok: false,
+                error: 'Yarn outdated is not available in this Yarn release (common on Yarn Berry).',
+                file: targetFile,
+            };
+        }
         await (0, utils_1.writeJsonFile)(targetFile, {
             stdout: result.stdout,
             stderr: result.stderr,

package/dist/utils.js

@@ -27,7 +27,8 @@ function runCommand(command, args, options = {}) {
     return new Promise((resolve, reject) => {
         const child = (0, child_process_1.spawn)(command, args, {
             cwd: options.cwd,
-            shell: false
+            shell: false,
+            env: options.env ? { ...process.env, ...options.env } : process.env
         });
         const stdoutChunks = [];
         const stderrChunks = [];
@@ -148,7 +149,7 @@ async function getPnpmStoreIndex(pnpmDir) {
     const entries = await getPnpmStoreEntries(pnpmDir);
     const index = new Map();
     for (const entry of entries) {
-        const prefix = entry.split('(')[0];
+        const prefix = extractPnpmStoreEntryPrefix(entry);
         if (!prefix)
             continue;
         if (!index.has(prefix))
@@ -158,6 +159,20 @@ async function getPnpmStoreIndex(pnpmDir) {
     pnpmStoreIndexCache.set(pnpmDir, index);
     return index;
 }
+function extractPnpmStoreEntryPrefix(entry) {
+    const atIndex = entry.startsWith('@') ? entry.indexOf('@', 1) : entry.indexOf('@');
+    if (atIndex <= 0)
+        return entry.split('(')[0];
+    const versionAndSuffix = entry.slice(atIndex + 1);
+    const underscoreIndex = versionAndSuffix.indexOf('_');
+    const parenIndex = versionAndSuffix.indexOf('(');
+    let cutoff = versionAndSuffix.length;
+    if (underscoreIndex >= 0)
+        cutoff = Math.min(cutoff, underscoreIndex);
+    if (parenIndex >= 0)
+        cutoff = Math.min(cutoff, parenIndex);
+    return entry.slice(0, atIndex + 1 + cutoff);
+}
 async function resolvePnpmPackageJsonPath(pkgName, version, resolvePaths) {
     if (!version || version.startsWith('link:') || version.startsWith('workspace:') || version.startsWith('file:')) {
         return undefined;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "dependency-radar",
-  "version": "0.3.0",
+  "version": "0.4.0",
   "description": "Local-first dependency analysis tool that generates a single HTML report showing risk, size, usage, and structure of your project's dependencies.",
   "main": "dist/index.js",
   "bin": {
@@ -17,26 +17,16 @@
     "build": "npm run build:spdx && npm run build:report && tsc",
     "dev": "ts-node src/cli.ts scan",
     "scan": "node dist/cli.js scan",
-    "fixtures:install:npm": "cd test-fixtures/npm-basic && npm install",
-    "fixtures:install:npm-heavy": "cd test-fixtures/npm-heavy && npm install --force",
-    "fixtures:install:pnpm": "cd test-fixtures/pnpm-workspace && pnpm install",
-    "fixtures:install:pnpm-hoisted": "cd test-fixtures/pnpm-workspace-hoisted && pnpm install",
-    "fixtures:install:yarn": "cd test-fixtures/yarn-workspace && yarn install",
-    "fixtures:install:yarn-berry": "cd test-fixtures/yarn-berry-workspace && yarn install",
-    "fixtures:install:optional": "cd test-fixtures/optional-deps && npm install",
-    "fixtures:scan:npm": "npm run dev -- --project test-fixtures/npm-basic --out test-fixtures/npm-basic/dependency-radar.html --json --keep-temp",
-    "fixtures:scan:npm-heavy": "npm run dev -- --project test-fixtures/npm-heavy --out test-fixtures/npm-heavy/dependency-radar.html --json --keep-temp",
-    "fixtures:scan:pnpm": "npm run dev -- --project test-fixtures/pnpm-workspace --out test-fixtures/pnpm-workspace/dependency-radar.html --json --keep-temp",
-    "fixtures:scan:pnpm-hoisted": "npm run dev -- --project test-fixtures/pnpm-workspace-hoisted --out test-fixtures/pnpm-workspace-hoisted/dependency-radar.html --json --keep-temp",
-    "fixtures:scan:yarn": "npm run dev -- --project test-fixtures/yarn-workspace --out test-fixtures/yarn-workspace/dependency-radar.html --json --keep-temp",
-    "fixtures:scan:yarn-berry": "npm run dev -- --project test-fixtures/yarn-berry-workspace --out test-fixtures/yarn-berry-workspace/dependency-radar.html --json --keep-temp",
-    "fixtures:scan:optional": "npm run dev -- --project test-fixtures/optional-deps --out test-fixtures/optional-deps/dependency-radar.html --json --keep-temp",
-    "fixtures:scan:no-node-modules": "npm run dev -- --project test-fixtures/no-node-modules --out test-fixtures/no-node-modules/dependency-radar.html --json --keep-temp",
-    "fixtures:install": "npm run fixtures:install:npm && npm run fixtures:install:npm-heavy && npm run fixtures:install:pnpm && npm run fixtures:install:yarn",
-    "fixtures:scan": "npm run fixtures:scan:npm && npm run fixtures:scan:npm-heavy && npm run fixtures:scan:pnpm && npm run fixtures:scan:pnpm-hoisted && npm run fixtures:scan:yarn && npm run fixtures:scan:yarn-berry && npm run fixtures:scan:optional",
-    "fixtures:install:all": "npm run fixtures:install:npm && npm run fixtures:install:npm-heavy && npm run fixtures:install:pnpm && npm run fixtures:install:pnpm-hoisted && npm run fixtures:install:yarn && npm run fixtures:install:yarn-berry && npm run fixtures:install:optional",
-    "prepublishOnly": "npm run build",
-    "test": "echo \"Error: no test specified\" && exit 1"
+    "test": "npm run test:unit",
+    "test:unit": "vitest run",
+    "test:unit:watch": "vitest",
+    "test:fixtures": "npm --prefix test-fixtures run test",
+    "test:fixtures:online": "npm --prefix test-fixtures run test:online",
+    "test:fixtures:all": "npm --prefix test-fixtures run test:all",
+    "test:pack": "npm pack --dry-run",
+    "test:release:ok": "node -e \"console.log('\\n✅ test:release passed')\"",
+    "test:release": "npm run build && npm run test:unit && npm run test:fixtures:all && npm run test:pack && npm run test:release:ok",
+    "prepublishOnly": "npm run build"
   },
   "author": " ",
   "license": "MIT",
@@ -70,7 +60,8 @@
     "terser": "^5.27.0",
     "ts-node": "^10.9.2",
     "typescript": "^5.4.3",
-    "vite": "^5.4.0"
+    "vite": "^5.4.0",
+    "vitest": "^2.1.8"
   },
   "packageManager": "pnpm@9.5.0+sha512.140036830124618d624a2187b50d04289d5a087f326c9edfc0ccd733d76c4f52c3a313d4fc148794a2a9d81553016004e6742e8cf850670268a7387fc220c903"
 }