dependency-radar 0.7.0 → 0.8.0

package/dist/runners/lockfileSignals.js

@@ -0,0 +1,303 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.runLockfileSupplyChainSignals = runLockfileSupplyChainSignals;
+const promises_1 = __importDefault(require("fs/promises"));
+const path_1 = __importDefault(require("path"));
+const utils_1 = require("../utils");
+const DEFAULT_REGISTRY_HOSTS = new Set(['registry.npmjs.org']);
+function stripJsonComments(raw) {
+    let out = '';
+    let quote;
+    let escaped = false;
+    for (let i = 0; i < raw.length; i += 1) {
+        const ch = raw[i];
+        const next = raw[i + 1];
+        if (quote) {
+            out += ch;
+            if (escaped)
+                escaped = false;
+            else if (ch === '\\')
+                escaped = true;
+            else if (ch === quote)
+                quote = undefined;
+            continue;
+        }
+        if (ch === '"' || ch === "'") {
+            quote = ch;
+            out += ch;
+            continue;
+        }
+        if (ch === '/' && next === '/') {
+            while (i < raw.length && raw[i] !== '\n')
+                i += 1;
+            out += '\n';
+            continue;
+        }
+        if (ch === '/' && next === '*') {
+            i += 2;
+            while (i < raw.length && !(raw[i] === '*' && raw[i + 1] === '/'))
+                i += 1;
+            i += 1;
+            continue;
+        }
+        out += ch;
+    }
+    return out.replace(/,\s*([}\]])/g, '$1');
+}
+function normalizeExpectedHosts(hosts) {
+    const normalized = new Set(DEFAULT_REGISTRY_HOSTS);
+    for (const host of hosts || []) {
+        const trimmed = host.trim().toLowerCase();
+        if (trimmed)
+            normalized.add(trimmed);
+    }
+    return normalized;
+}
+function addSignal(signals, seen, signal) {
+    const key = `${signal.type}|${signal.packageName || ''}|${signal.packageVersion || ''}|${signal.source}|${signal.detail}`;
+    if (seen.has(key))
+        return;
+    seen.add(key);
+    signals.push(signal);
+}
+function packageFromKey(key) {
+    var _a, _b;
+    const cleaned = key.replace(/^\/?/, '');
+    const afterLastNodeModules = ((_a = cleaned.split('/node_modules/').pop()) === null || _a === void 0 ? void 0 : _a.replace(/^node_modules\//, '')) || cleaned;
+    const parts = afterLastNodeModules.split('/').filter(Boolean);
+    if (((_b = parts[0]) === null || _b === void 0 ? void 0 : _b.startsWith('@')) && parts[1]) {
+        return { name: `${parts[0]}/${parts[1]}` };
+    }
+    return { name: parts[0] || undefined };
+}
+function packageNameFromSelector(selector) {
+    var _a;
+    const first = (_a = selector.split(',')[0]) === null || _a === void 0 ? void 0 : _a.trim();
+    if (!first)
+        return undefined;
+    const normalized = first.replace(/^["']|["']$/g, '');
+    if (normalized.startsWith('@')) {
+        const parts = normalized.split('@');
+        const scopedName = parts.length >= 3 ? `@${parts[1]}` : normalized;
+        return scopedName || undefined;
+    }
+    const atIndex = normalized.indexOf('@');
+    return atIndex > 0 ? normalized.slice(0, atIndex) : normalized;
+}
+function inspectResolvedUrl(signals, seen, sourceFile, packageName, packageVersion, value, expectedHosts) {
+    const lower = value.toLowerCase();
+    if (lower.startsWith('git+') || lower.startsWith('git://') || lower.startsWith('github:') || lower.includes('github.com:')) {
+        addSignal(signals, seen, {
+            type: 'git-dependency',
+            packageName,
+            packageVersion,
+            source: sourceFile,
+            detail: `${packageName || 'dependency'} resolves from git source ${value}`
+        });
+        return;
+    }
+    if (lower.startsWith('file:') || lower.startsWith('link:') || lower.startsWith('portal:')) {
+        addSignal(signals, seen, {
+            type: 'file-dependency',
+            packageName,
+            packageVersion,
+            source: sourceFile,
+            detail: `${packageName || 'dependency'} resolves from local source ${value}`
+        });
+        return;
+    }
+    if (!/^https?:\/\//i.test(value))
+        return;
+    try {
+        const url = new URL(value);
+        const host = url.host.toLowerCase();
+        if (!expectedHosts.has(host)) {
+            addSignal(signals, seen, {
+                type: value.endsWith('.tgz') ? 'non-registry-tarball' : 'unexpected-registry-host',
+                packageName,
+                packageVersion,
+                source: sourceFile,
+                detail: `${packageName || 'dependency'} resolves from ${host}`
+            });
+        }
+    }
+    catch {
+        // Ignore malformed URL strings.
+    }
+}
+function inspectNpmLockObject(obj, sourceFile, expectedHosts) {
+    const signals = [];
+    const seen = new Set();
+    const packages = (obj === null || obj === void 0 ? void 0 : obj.packages) && typeof obj.packages === 'object'
+        ? obj.packages
+        : undefined;
+    if (packages) {
+        for (const [key, entry] of Object.entries(packages)) {
+            if (!entry || typeof entry !== 'object' || key === '')
+                continue;
+            const pkg = packageFromKey(key);
+            const resolved = typeof entry.resolved === 'string' ? entry.resolved : '';
+            if (resolved)
+                inspectResolvedUrl(signals, seen, sourceFile, pkg.name, entry.version || pkg.version, resolved, expectedHosts);
+            if (resolved && !entry.integrity && !resolved.startsWith('file:') && !resolved.startsWith('link:')) {
+                addSignal(signals, seen, {
+                    type: 'missing-integrity',
+                    packageName: pkg.name,
+                    packageVersion: entry.version || pkg.version,
+                    source: sourceFile,
+                    detail: `${pkg.name || key} has a resolved source but no integrity field`
+                });
+            }
+        }
+        return signals;
+    }
+    const dependencies = (obj === null || obj === void 0 ? void 0 : obj.dependencies) && typeof obj.dependencies === 'object' ? obj.dependencies : {};
+    for (const [name, entry] of Object.entries(dependencies)) {
+        if (!entry || typeof entry !== 'object')
+            continue;
+        const resolved = typeof entry.resolved === 'string' ? entry.resolved : '';
+        if (resolved)
+            inspectResolvedUrl(signals, seen, sourceFile, name, entry.version, resolved, expectedHosts);
+        if (resolved && !entry.integrity && !resolved.startsWith('file:') && !resolved.startsWith('link:')) {
+            addSignal(signals, seen, {
+                type: 'missing-integrity',
+                packageName: name,
+                packageVersion: entry.version,
+                source: sourceFile,
+                detail: `${name} has a resolved source but no integrity field`
+            });
+        }
+    }
+    return signals;
+}
+function inspectTextLock(raw, sourceFile, expectedHosts) {
+    const signals = [];
+    const seen = new Set();
+    let currentName;
+    let currentVersion;
+    let currentHasIntegrity = false;
+    let currentResolved = '';
+    const flush = () => {
+        if (currentResolved && !currentHasIntegrity && !currentResolved.startsWith('file:') && !currentResolved.startsWith('link:')) {
+            addSignal(signals, seen, {
+                type: 'missing-integrity',
+                packageName: currentName,
+                packageVersion: currentVersion,
+                source: sourceFile,
+                detail: `${currentName || 'dependency'} has a resolved source but no integrity field`
+            });
+        }
+    };
+    for (const rawLine of raw.split(/\r?\n/)) {
+        const line = rawLine.trim();
+        if (!line || line.startsWith('#'))
+            continue;
+        if (!rawLine.startsWith(' ') && line.endsWith(':')) {
+            flush();
+            currentHasIntegrity = false;
+            currentResolved = '';
+            const selector = line.slice(0, -1).replace(/^["']|["']$/g, '');
+            currentName = packageNameFromSelector(selector);
+            currentVersion = undefined;
+            continue;
+        }
+        const versionMatch = line.match(/^version\s+["']?([^"'\s]+)["']?/);
+        if (versionMatch)
+            currentVersion = versionMatch[1];
+        const resolvedMatch = line.match(/^(resolved|resolution)\s+["']?([^"']+)["']?/);
+        if (resolvedMatch) {
+            currentResolved = resolvedMatch[2];
+            inspectResolvedUrl(signals, seen, sourceFile, currentName, currentVersion, currentResolved, expectedHosts);
+        }
+        if (/^integrity\s+/.test(line) || /checksum:\s+/.test(line)) {
+            currentHasIntegrity = true;
+        }
+        const specMatch = line.match(/(?:^|["'\s])((?:git\+|git:\/\/|github:|file:|link:|portal:|https?:\/\/)[^"'\s]+)/);
+        if (specMatch)
+            inspectResolvedUrl(signals, seen, sourceFile, currentName, currentVersion, specMatch[1], expectedHosts);
+    }
+    flush();
+    return signals;
+}
+async function collectLockfileSignals(projectPath, expectedHosts) {
+    const signals = [];
+    const candidates = ['package-lock.json', 'npm-shrinkwrap.json', 'pnpm-lock.yaml', 'yarn.lock', 'bun.lock'];
+    for (const fileName of candidates) {
+        const filePath = path_1.default.join(projectPath, fileName);
+        if (!(await (0, utils_1.pathExists)(filePath)))
+            continue;
+        const raw = await promises_1.default.readFile(filePath, 'utf8');
+        if (fileName === 'package-lock.json' || fileName === 'npm-shrinkwrap.json') {
+            try {
+                signals.push(...inspectNpmLockObject(JSON.parse(raw), fileName, expectedHosts));
+            }
+            catch {
+                signals.push(...inspectTextLock(raw, fileName, expectedHosts));
+            }
+        }
+        else if (fileName === 'bun.lock' && raw.trim().startsWith('{')) {
+            try {
+                signals.push(...inspectNpmLockObject(JSON.parse(stripJsonComments(raw)), fileName, expectedHosts));
+            }
+            catch {
+                signals.push(...inspectTextLock(raw, fileName, expectedHosts));
+            }
+        }
+        else {
+            signals.push(...inspectTextLock(raw, fileName, expectedHosts));
+        }
+    }
+    return signals;
+}
+async function runNpmAuditSignatures(projectPath) {
+    try {
+        const result = await (0, utils_1.runCommand)('npm', ['audit', 'signatures'], { cwd: projectPath });
+        const output = `${result.stdout || ''}${result.stderr ? `\n${result.stderr}` : ''}`.trim();
+        return {
+            attempted: true,
+            ok: result.code === 0,
+            status: result.code === 0 ? 'verified' : 'failed',
+            ...(output ? { output } : {}),
+            ...(result.code === 0 ? {} : { error: `npm audit signatures exited with code ${result.code}` })
+        };
+    }
+    catch (err) {
+        return {
+            attempted: true,
+            ok: false,
+            status: 'failed',
+            error: err instanceof Error ? err.message : String(err)
+        };
+    }
+}
+async function runLockfileSupplyChainSignals(projectPath, tempDir, options = {}) {
+    const persistToDisk = options.persistToDisk !== false;
+    const targetFile = path_1.default.join(tempDir, 'supply-chain-signals.json');
+    try {
+        const signals = await collectLockfileSignals(projectPath, normalizeExpectedHosts(options.expectedRegistryHosts));
+        const signatureAudit = options.auditSignatures && !options.offline
+            ? await runNpmAuditSignatures(projectPath)
+            : options.auditSignatures && options.offline
+                ? { attempted: false, ok: false, status: 'skipped', error: 'skipped (--offline)' }
+                : undefined;
+        const data = {
+            signals,
+            ...(signatureAudit ? { signatureAudit } : {})
+        };
+        if (persistToDisk)
+            await (0, utils_1.writeJsonFile)(targetFile, data);
+        return { ok: true, data, ...(persistToDisk ? { file: targetFile } : {}) };
+    }
+    catch (err) {
+        if (persistToDisk)
+            await (0, utils_1.writeJsonFile)(targetFile, { error: String(err) });
+        return {
+            ok: false,
+            error: `lockfile supply-chain signal collection failed: ${String(err)}`,
+            ...(persistToDisk ? { file: targetFile } : {})
+        };
+    }
+}

package/dist/runners/npmLs.js

@@ -30,9 +30,24 @@ async function runNpmLs(projectPath, tempDir, tool = 'npm', options = {}) {
             }
             return { ok: true, data: lockfileTree.data, ...(persistToDisk ? { file: targetFile } : {}) };
         }
+        if (tool === 'bun') {
+            const lockbPath = path_1.default.join(projectPath, 'bun.lockb');
+            if (fs_1.default.existsSync(lockbPath) && !fs_1.default.existsSync(path_1.default.join(projectPath, 'bun.lock'))) {
+                const error = 'Binary bun.lockb is not supported. Run `bun install --save-text-lockfile --frozen-lockfile --lockfile-only` and commit bun.lock.';
+                if (persistToDisk)
+                    await (0, utils_1.writeJsonFile)(targetFile, { error });
+                return { ok: false, error, ...(persistToDisk ? { file: targetFile } : {}) };
+            }
+        }
         if (tool === 'pnpm') {
             return await runPnpmLsWithFallback(projectPath, targetFile, options);
         }
+        if (tool === 'bun') {
+            const error = 'bun.lock could not be parsed and Bun has no supported list fallback in this release.';
+            if (persistToDisk)
+                await (0, utils_1.writeJsonFile)(targetFile, { error });
+            return { ok: false, error, ...(persistToDisk ? { file: targetFile } : {}) };
+        }
         const { args, normalize } = buildLsCommand(tool);
         const result = await (0, utils_1.runCommand)(tool, args, { cwd: projectPath });
         const parsed = parseJsonOutput(result.stdout);

package/dist/schema.js

@@ -0,0 +1,107 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.REPORT_JSON_SCHEMA = exports.REPORT_SCHEMA_VERSION = void 0;
+exports.renderReportJsonSchema = renderReportJsonSchema;
+exports.REPORT_SCHEMA_VERSION = '1.4';
+exports.REPORT_JSON_SCHEMA = {
+    $schema: 'https://json-schema.org/draft/2020-12/schema',
+    $id: 'https://dependency-radar.com/schemas/dependency-radar-1.4.schema.json',
+    title: 'Dependency Radar Report',
+    type: 'object',
+    required: ['schemaVersion', 'generatedAt', 'dependencyRadarVersion', 'project', 'environment', 'workspaces', 'summary', 'dependencies'],
+    properties: {
+        schemaVersion: { const: exports.REPORT_SCHEMA_VERSION },
+        generatedAt: { type: 'string', format: 'date-time' },
+        dependencyRadarVersion: { type: 'string' },
+        git: {
+            type: 'object',
+            properties: { branch: { type: 'string' } },
+            additionalProperties: true
+        },
+        project: { type: 'object', additionalProperties: true },
+        environment: { type: 'object', additionalProperties: true },
+        workspaces: { type: 'object', additionalProperties: true },
+        summary: {
+            type: 'object',
+            required: ['dependencyCount', 'directCount', 'transitiveCount'],
+            properties: {
+                dependencyCount: { type: 'number' },
+                directCount: { type: 'number' },
+                transitiveCount: { type: 'number' },
+                findingCount: { type: 'number' }
+            },
+            additionalProperties: true
+        },
+        supplyChain: {
+            type: 'object',
+            required: ['signals'],
+            properties: {
+                signals: {
+                    type: 'array',
+                    items: {
+                        type: 'object',
+                        required: ['type', 'source', 'detail'],
+                        properties: {
+                            type: {
+                                enum: [
+                                    'git-dependency',
+                                    'file-dependency',
+                                    'non-registry-tarball',
+                                    'missing-integrity',
+                                    'unexpected-registry-host'
+                                ]
+                            },
+                            packageName: { type: 'string' },
+                            packageVersion: { type: 'string' },
+                            packageId: { type: 'string' },
+                            source: { type: 'string' },
+                            detail: { type: 'string' }
+                        },
+                        additionalProperties: false
+                    }
+                },
+                signatureAudit: {
+                    type: 'object',
+                    required: ['attempted', 'ok'],
+                    properties: {
+                        attempted: { type: 'boolean' },
+                        ok: { type: 'boolean' },
+                        status: { enum: ['verified', 'failed', 'skipped'] },
+                        output: { type: 'string' },
+                        error: { type: 'string' }
+                    },
+                    additionalProperties: false
+                }
+            },
+            additionalProperties: false
+        },
+        findings: {
+            type: 'array',
+            items: {
+                type: 'object',
+                required: ['id', 'category', 'severity', 'packageId', 'packageName', 'packageVersion', 'title', 'message'],
+                properties: {
+                    id: { type: 'string' },
+                    category: { enum: ['security', 'license', 'execution', 'upgrade', 'supply-chain'] },
+                    severity: { enum: ['info', 'warning', 'error'] },
+                    packageId: { type: 'string' },
+                    packageName: { type: 'string' },
+                    packageVersion: { type: 'string' },
+                    title: { type: 'string' },
+                    message: { type: 'string' },
+                    evidence: { type: 'string' },
+                    recommendation: { type: 'string' }
+                },
+                additionalProperties: false
+            }
+        },
+        dependencies: {
+            type: 'object',
+            additionalProperties: { type: 'object', additionalProperties: true }
+        }
+    },
+    additionalProperties: true
+};
+function renderReportJsonSchema() {
+    return JSON.stringify(exports.REPORT_JSON_SCHEMA, null, 2);
+}

package/dist/utils.js

@@ -25,6 +25,13 @@ const promises_1 = __importDefault(require("fs/promises"));
 const path_1 = __importDefault(require("path"));
 function runCommand(command, args, options = {}) {
     return new Promise((resolve, reject) => {
+        var _a;
+        const validPositive = (value, fallback) => {
+            const parsed = typeof value === 'number' ? value : Number(value);
+            return Number.isFinite(parsed) && parsed > 0 ? parsed : fallback;
+        };
+        const timeoutMs = validPositive((_a = options.timeoutMs) !== null && _a !== void 0 ? _a : process.env.DEPENDENCY_RADAR_COMMAND_TIMEOUT_MS, 120000);
+        const maxOutputBytes = validPositive(options.maxOutputBytes, 50 * 1024 * 1024);
         const child = (0, child_process_1.spawn)(command, args, {
             cwd: options.cwd,
             shell: false,
@@ -32,10 +39,62 @@ function runCommand(command, args, options = {}) {
         });
         const stdoutChunks = [];
         const stderrChunks = [];
-        child.stdout.on('data', (d) => stdoutChunks.push(Buffer.from(d)));
-        child.stderr.on('data', (d) => stderrChunks.push(Buffer.from(d)));
-        child.on('error', (err) => reject(err));
+        let totalBytes = 0;
+        let settled = false;
+        let timedOut = false;
+        let outputExceeded = false;
+        function terminate() {
+            var _a, _b;
+            child.kill('SIGTERM');
+            (_b = (_a = setTimeout(() => {
+                if (!settled)
+                    child.kill('SIGKILL');
+            }, 2000)).unref) === null || _b === void 0 ? void 0 : _b.call(_a);
+        }
+        const timer = timeoutMs > 0
+            ? setTimeout(() => {
+                timedOut = true;
+                terminate();
+            }, timeoutMs)
+            : undefined;
+        function collect(chunks, data) {
+            const nextBytes = totalBytes + data.length;
+            if (nextBytes > maxOutputBytes) {
+                outputExceeded = true;
+                const remaining = Math.max(0, maxOutputBytes - totalBytes);
+                if (remaining > 0)
+                    chunks.push(Buffer.from(data.subarray(0, remaining)));
+                totalBytes = maxOutputBytes;
+                terminate();
+                return;
+            }
+            chunks.push(Buffer.from(data));
+            totalBytes = nextBytes;
+        }
+        child.stdout.on('data', (d) => {
+            collect(stdoutChunks, Buffer.from(d));
+        });
+        child.stderr.on('data', (d) => {
+            collect(stderrChunks, Buffer.from(d));
+        });
+        child.on('error', (err) => {
+            if (timer)
+                clearTimeout(timer);
+            settled = true;
+            reject(err);
+        });
         child.on('close', (code) => {
+            if (timer)
+                clearTimeout(timer);
+            settled = true;
+            if (timedOut) {
+                reject(new Error(`${command} timed out after ${timeoutMs}ms`));
+                return;
+            }
+            if (outputExceeded) {
+                reject(new Error(`${command} output exceeded ${maxOutputBytes} bytes`));
+                return;
+            }
             resolve({
                 stdout: Buffer.concat(stdoutChunks).toString('utf8'),
                 stderr: Buffer.concat(stderrChunks).toString('utf8'),

package/dist/why.js

@@ -0,0 +1,69 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.findDependencyPaths = findDependencyPaths;
+exports.formatWhyOutput = formatWhyOutput;
+function directDependencyIds(data) {
+    return Object.values(data.dependencies || {})
+        .filter((dep) => dep.usage.direct)
+        .map((dep) => dep.package.id)
+        .sort();
+}
+function childIds(dep) {
+    return Object.values(dep.graph.subDeps || {})
+        .flatMap((group) => Object.values(group || {}))
+        .map((entry) => entry[1])
+        .filter((resolved) => Boolean(resolved));
+}
+function findDependencyPaths(data, packageName, options = {}) {
+    var _a;
+    const limit = (_a = options.limit) !== null && _a !== void 0 ? _a : 10;
+    const targetIds = new Set(Object.values(data.dependencies || {})
+        .filter((dep) => dep.package.name === packageName || dep.package.id === packageName)
+        .map((dep) => dep.package.id));
+    if (targetIds.size === 0)
+        return [];
+    const paths = [];
+    const queue = directDependencyIds(data).map((id) => [id]);
+    while (queue.length > 0 && paths.length < limit) {
+        const path = queue.shift();
+        const currentId = path[path.length - 1];
+        if (targetIds.has(currentId)) {
+            paths.push(path);
+            continue;
+        }
+        const current = data.dependencies[currentId];
+        if (!current)
+            continue;
+        for (const child of childIds(current).sort()) {
+            if (path.includes(child))
+                continue;
+            queue.push([...path, child]);
+        }
+    }
+    return paths;
+}
+function formatWhyOutput(data, packageName) {
+    const paths = findDependencyPaths(data, packageName);
+    const matches = Object.values(data.dependencies || {})
+        .filter((dep) => dep.package.name === packageName || dep.package.id === packageName)
+        .sort((a, b) => a.package.id.localeCompare(b.package.id));
+    if (paths.length === 0 && matches.length === 0)
+        return `Package not found or no path identified: ${packageName}`;
+    const lines = [`Dependency paths for ${packageName}`, '-'.repeat(Math.max(24, packageName.length + 21)), ''];
+    if (paths.length === 0) {
+        for (const dep of matches) {
+            lines.push(dep.package.id);
+            if (dep.usage.origins.topRootPackages.length > 0) {
+                lines.push(`  roots: ${dep.usage.origins.topRootPackages.map((root) => `${root.name}@${root.version}`).join(', ')}`);
+            }
+            if (dep.usage.origins.topParentPackages.length > 0) {
+                lines.push(`  parents: ${dep.usage.origins.topParentPackages.join(', ')}`);
+            }
+        }
+        return lines.join('\n');
+    }
+    for (const path of paths) {
+        lines.push(path.join(' -> '));
+    }
+    return lines.join('\n');
+}

package/dist/workspaceFilter.js

@@ -0,0 +1,25 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.buildWorkspaceFilterOptions = buildWorkspaceFilterOptions;
+function buildWorkspaceFilterOptions(report) {
+    if (!report.workspaces.enabled)
+        return [];
+    const names = new Set();
+    (report.workspaces.workspacePackages || []).forEach((workspace) => {
+        if (workspace.name)
+            names.add(workspace.name);
+    });
+    Object.values(report.dependencies || {}).forEach((dep) => {
+        (dep.usage.origins.workspaces || []).forEach((workspaceName) => {
+            if (workspaceName)
+                names.add(workspaceName);
+        });
+    });
+    return Array.from(names).sort((a, b) => {
+        if (a === 'root')
+            return -1;
+        if (b === 'root')
+            return 1;
+        return a.localeCompare(b);
+    });
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "dependency-radar",
-  "version": "0.7.0",
+  "version": "0.8.0",
   "description": "Local-first dependency analysis tool that generates a single HTML report showing risk, size, usage, and structure of your project's dependencies.",
   "main": "dist/index.js",
   "bin": {
@@ -10,11 +10,12 @@
     "dist"
   ],
   "scripts": {
+    "clean": "node -e \"require('fs').rmSync('dist',{recursive:true,force:true})\"",
     "dev:report": "cd report-ui && npx vite",
     "build:spdx": "ts-node scripts/build-spdx.ts",
     "build:report-ui": "cd report-ui && npx vite build",
     "build:report": "npm run build:report-ui && npx ts-node scripts/build-report.ts",
-    "build": "npm run build:spdx && npm run build:report && tsc",
+    "build": "npm run clean && npm run build:spdx && npm run build:report && tsc",
     "dev": "ts-node src/cli.ts scan",
     "scan": "node dist/cli.js scan",
     "test": "npm run test:unit",
@@ -30,7 +31,7 @@
     "test:release": "npm run build && npm run test:unit && npm run test:fixtures:all && npm run test:docker && npm run test:pack && npm run test:release:ok",
     "prepublishOnly": "npm run build"
   },
-  "author": " ",
+  "author": "Joseph Maynard",
   "license": "MIT",
   "engines": {
     "node": ">=14.14.0"
@@ -39,7 +40,7 @@
     "type": "git",
     "url": "git+https://github.com/JosephMaynard/dependency-radar.git"
   },
-  "homepage": "http://dependency-radar.com",
+  "homepage": "https://www.dependency-radar.com",
   "bugs": {
     "url": "https://github.com/JosephMaynard/dependency-radar/issues"
   },

package/dist/runners/depcheckRunner.js

@@ -1,23 +0,0 @@
-"use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.runDepcheck = runDepcheck;
-const path_1 = __importDefault(require("path"));
-const depcheck_1 = __importDefault(require("depcheck"));
-const utils_1 = require("../utils");
-async function runDepcheck(projectPath, tempDir) {
-    const targetFile = path_1.default.join(tempDir, 'depcheck.json');
-    try {
-        const result = await (0, depcheck_1.default)(projectPath, {
-            ignoreDirs: ['.dependency-radar', 'dist', 'build', 'coverage', 'node_modules']
-        });
-        await (0, utils_1.writeJsonFile)(targetFile, result);
-        return { ok: true, data: result, file: targetFile };
-    }
-    catch (err) {
-        await (0, utils_1.writeJsonFile)(targetFile, { error: String(err) });
-        return { ok: false, error: `depcheck failed: ${String(err)}`, file: targetFile };
-    }
-}