dependency-radar 0.4.0 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +24 -14
- package/dist/cli.js +19 -0
- package/dist/cta.js +7 -1
- package/dist/generated/spdx.js +3 -0
- package/dist/report-assets.js +1 -1
- package/dist/report.js +38 -4
- package/dist/runners/lockfileGraph.js +1146 -0
- package/dist/runners/npmLs.js +15 -1
- package/package.json +6 -2
package/dist/runners/npmLs.js
CHANGED
|
@@ -7,12 +7,26 @@ exports.runNpmLs = runNpmLs;
|
|
|
7
7
|
const path_1 = __importDefault(require("path"));
|
|
8
8
|
const fs_1 = __importDefault(require("fs"));
|
|
9
9
|
const utils_1 = require("../utils");
|
|
10
|
+
const lockfileGraph_1 = require("./lockfileGraph");
|
|
10
11
|
const PNPM_DEPTH_ATTEMPTS = ['Infinity', '8', '4', '2', '1'];
|
|
11
12
|
const PNPM_MAX_OLD_SPACE_SIZE_MB = '8192';
|
|
12
|
-
|
|
13
|
+
/**
|
|
14
|
+
* Produce a unified dependency tree for a project by using a lockfile if available or by running the package manager's list command and normalizing its output.
|
|
15
|
+
*
|
|
16
|
+
* @param projectPath - Path to the project whose dependencies should be listed
|
|
17
|
+
* @param tempDir - Directory where the resulting JSON file and any diagnostics will be written
|
|
18
|
+
* @param tool - Package manager to use (`npm`, `pnpm`, or `yarn`)
|
|
19
|
+
* @param options - Optional progress callbacks and context; if `lockfileSearchRoot` is provided it will be used as the root when searching for a lockfile
|
|
20
|
+
* @returns The tool result. On success, `data` is the normalized dependency tree and `file` is the path of the written JSON; on failure, `error` contains a message suitable for users and `file` points to the diagnostics JSON written to disk.
|
|
21
|
+
*/
|
|
13
22
|
async function runNpmLs(projectPath, tempDir, tool = 'npm', options = {}) {
|
|
14
23
|
const targetFile = path_1.default.join(tempDir, `${tool}-ls.json`);
|
|
15
24
|
try {
|
|
25
|
+
const lockfileTree = await (0, lockfileGraph_1.tryBuildDependencyTreeFromLockfile)(projectPath, tool, options.lockfileSearchRoot);
|
|
26
|
+
if (lockfileTree) {
|
|
27
|
+
await (0, utils_1.writeJsonFile)(targetFile, lockfileTree.data);
|
|
28
|
+
return { ok: true, data: lockfileTree.data, file: targetFile };
|
|
29
|
+
}
|
|
16
30
|
if (tool === 'pnpm') {
|
|
17
31
|
return await runPnpmLsWithFallback(projectPath, targetFile, options);
|
|
18
32
|
}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "dependency-radar",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.5.0",
|
|
4
4
|
"description": "Local-first dependency analysis tool that generates a single HTML report showing risk, size, usage, and structure of your project's dependencies.",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"bin": {
|
|
@@ -63,5 +63,9 @@
|
|
|
63
63
|
"vite": "^5.4.0",
|
|
64
64
|
"vitest": "^2.1.8"
|
|
65
65
|
},
|
|
66
|
-
"packageManager": "pnpm@9.5.0+sha512.140036830124618d624a2187b50d04289d5a087f326c9edfc0ccd733d76c4f52c3a313d4fc148794a2a9d81553016004e6742e8cf850670268a7387fc220c903"
|
|
66
|
+
"packageManager": "pnpm@9.5.0+sha512.140036830124618d624a2187b50d04289d5a087f326c9edfc0ccd733d76c4f52c3a313d4fc148794a2a9d81553016004e6742e8cf850670268a7387fc220c903",
|
|
67
|
+
"dependencies": {
|
|
68
|
+
"@yarnpkg/lockfile": "^1.1.0",
|
|
69
|
+
"yaml": "^2.8.2"
|
|
70
|
+
}
|
|
67
71
|
}
|