flatlock 1.1.0 → 1.2.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "flatlock",
-  "version": "1.1.0",
+  "version": "1.2.0",
   "description": "The Matlock of lockfile parsers - extracts packages without building dependency graphs",
   "keywords": [
     "lockfile",
@@ -43,7 +43,7 @@
     "bin"
   ],
   "scripts": {
-    "test": "node --test ./test/*.test.js",
+    "test": "node --test ./test/*.test.js ./test/**/*.test.js",
     "test:coverage": "c8 node --test ./test/*.test.js",
     "build:types": "tsc",
     "lint": "biome lint src test",
@@ -62,7 +62,6 @@
   },
   "devDependencies": {
     "@biomejs/biome": "^2.3.8",
-    "@pnpm/lockfile-file": "^9.0.0",
     "@types/js-yaml": "^4.0.9",
     "@types/node": "^22.10.2",
     "c8": "^10.1.3",
@@ -71,11 +70,14 @@
     "typescript": "^5.7.2"
   },
   "optionalDependencies": {
-    "@npmcli/arborist": "^9.1.9"
+    "@cyclonedx/cyclonedx-npm": "^4.1.2",
+    "@npmcli/arborist": "^9.1.9",
+    "@pnpm/lockfile.fs": "^1001.0.0",
+    "@yarnpkg/core": "^4.5.0"
   },
   "packageManager": "pnpm@10.25.0",
   "engines": {
-    "node": ">=20"
+    "node": ">=22"
   },
   "c8": {
     "all": true,

package/src/compare.js

@@ -1,23 +1,100 @@
+import { constants } from 'node:buffer';
+import { execFileSync } from 'node:child_process';
 import { mkdtemp, readFile, rm, writeFile } from 'node:fs/promises';
+import { createRequire } from 'node:module';
 import { tmpdir } from 'node:os';
-import { join } from 'node:path';
-import Arborist from '@npmcli/arborist';
-import yarnLockfile from '@yarnpkg/lockfile';
+import { dirname, join } from 'node:path';
 import { parseSyml } from '@yarnpkg/parsers';
 import yaml from 'js-yaml';
 import { detectType, fromPath, Type } from './index.js';
-import { parseYarnBerryKey, parseYarnClassicKey } from './parsers/index.js';
+import { parseYarnBerryKey, parseYarnClassic, parseYarnClassicKey } from './parsers/index.js';
 import { parseSpec as parsePnpmSpec } from './parsers/pnpm.js';
 
+const require = createRequire(import.meta.url);
+
+// Lazy-loaded optional dependencies
+/** @type {typeof import('@npmcli/arborist') | false | null} */
+let Arborist = null;
+/** @type {typeof import('@pnpm/lockfile.fs').readWantedLockfile | false | null} */
+let readWantedLockfile = null;
+/** @type {string | false | null} */
+let cyclonedxCliPath = null;
+/** @type {typeof import('@yarnpkg/core') | false | null} */
+let yarnCore = null;
+
+/**
+ * Try to load @npmcli/arborist (optional dependency)
+ * @returns {Promise<typeof import('@npmcli/arborist') | null>}
+ */
+async function loadArborist() {
+  if (Arborist === null) {
+    try {
+      const mod = await import('@npmcli/arborist');
+      Arborist = mod.default;
+    } catch {
+      Arborist = false; // Mark as unavailable
+    }
+  }
+  return Arborist || null;
+}
+
+/**
+ * Try to load @pnpm/lockfile.fs (optional dependency)
+ * @returns {Promise<typeof import('@pnpm/lockfile.fs').readWantedLockfile | null>}
+ */
+async function loadPnpmLockfileFs() {
+  if (readWantedLockfile === null) {
+    try {
+      const mod = await import('@pnpm/lockfile.fs');
+      readWantedLockfile = mod.readWantedLockfile;
+    } catch {
+      readWantedLockfile = false; // Mark as unavailable
+    }
+  }
+  return readWantedLockfile || null;
+}
+
+/**
+ * Try to resolve @cyclonedx/cyclonedx-npm CLI path (optional dependency)
+ * @returns {string | null}
+ */
+function loadCycloneDxCliPath() {
+  if (cyclonedxCliPath === null) {
+    try {
+      cyclonedxCliPath = require.resolve('@cyclonedx/cyclonedx-npm/bin/cyclonedx-npm-cli.js');
+    } catch {
+      cyclonedxCliPath = false; // Mark as unavailable
+    }
+  }
+  return cyclonedxCliPath || null;
+}
+
+/**
+ * Try to load @yarnpkg/core (optional dependency)
+ * @returns {Promise<typeof import('@yarnpkg/core') | null>}
+ */
+async function loadYarnCore() {
+  if (yarnCore === null) {
+    try {
+      yarnCore = await import('@yarnpkg/core');
+    } catch {
+      yarnCore = false; // Mark as unavailable
+    }
+  }
+  return yarnCore || null;
+}
+
 /**
  * @typedef {Object} CompareOptions
- * @property {string} [tmpDir] - Temp directory for Arborist (npm only)
+ * @property {string} [tmpDir] - Temp directory for Arborist/CycloneDX (npm only)
+ * @property {string[]} [workspace] - Workspace paths for CycloneDX (-w flag)
  */
 
 /**
  * @typedef {Object} ComparisonResult
  * @property {string} type - Lockfile type
- * @property {boolean | null} identical - Whether flatlock matches comparison parser
+ * @property {string} [source] - Comparison source used (e.g., '@npmcli/arborist', '@cyclonedx/cyclonedx-npm')
+ * @property {boolean | null} equinumerous - Whether flatlock and comparison have same cardinality
  * @property {number} flatlockCount - Number of packages found by flatlock
  * @property {number} [comparisonCount] - Number of packages found by comparison parser
  * @property {number} [workspaceCount] - Number of workspace packages skipped
@@ -29,6 +106,7 @@ import { parseSpec as parsePnpmSpec } from './parsers/pnpm.js';
  * @typedef {Object} PackagesResult
  * @property {Set<string>} packages - Set of package@version strings
  * @property {number} workspaceCount - Number of workspace packages skipped
+ * @property {string} source - Comparison source used
  */
 
 /**
@@ -36,9 +114,12 @@ import { parseSpec as parsePnpmSpec } from './parsers/pnpm.js';
  * @param {string} content - Lockfile content
  * @param {string} _filepath - Path to lockfile (unused)
  * @param {CompareOptions} [options] - Options
- * @returns {Promise<PackagesResult>}
+ * @returns {Promise<PackagesResult | null>}
  */
-async function getPackagesFromNpm(content, _filepath, options = {}) {
+async function getPackagesFromArborist(content, _filepath, options = {}) {
+  const Arb = await loadArborist();
+  if (!Arb) return null;
+
   // Arborist needs a directory with package-lock.json
   const tmpDir = options.tmpDir || (await mkdtemp(join(tmpdir(), 'flatlock-cmp-')));
   const lockPath = join(tmpDir, 'package-lock.json');
@@ -56,7 +137,7 @@ async function getPackagesFromNpm(content, _filepath, options = {}) {
     };
     await writeFile(pkgPath, JSON.stringify(pkg));
 
-    const arb = new Arborist({ path: tmpDir });
+    const arb = new Arb({ path: tmpDir });
     const tree = await arb.loadVirtual();
 
     const packages = new Set();
@@ -80,7 +161,75 @@ async function getPackagesFromNpm(content, _filepath, options = {}) {
       }
     }
 
-    return { packages, workspaceCount };
+    return { packages, workspaceCount, source: '@npmcli/arborist' };
+  } finally {
+    if (!options.tmpDir) {
+      await rm(tmpDir, { recursive: true, force: true });
+    }
+  }
+}
+
+/**
+ * Get packages from npm lockfile using CycloneDX SBOM generation
+ * @param {string} content - Lockfile content
+ * @param {string} _filepath - Path to lockfile (unused)
+ * @param {CompareOptions} [options] - Options
+ * @returns {Promise<PackagesResult | null>}
+ */
+async function getPackagesFromCycloneDX(content, _filepath, options = {}) {
+  const cliPath = loadCycloneDxCliPath();
+  if (!cliPath) return null;
+
+  // CycloneDX needs a directory with package-lock.json and package.json
+  const tmpDir = options.tmpDir || (await mkdtemp(join(tmpdir(), 'flatlock-cdx-')));
+  const lockPath = join(tmpDir, 'package-lock.json');
+  const pkgPath = join(tmpDir, 'package.json');
+
+  try {
+    await writeFile(lockPath, content);
+
+    // Create minimal package.json from lockfile root entry
+    const lockfile = JSON.parse(content);
+    const root = lockfile.packages?.[''] || {};
+    const pkg = {
+      name: root.name || 'cyclonedx-temp',
+      version: root.version || '1.0.0'
+    };
+    await writeFile(pkgPath, JSON.stringify(pkg));
+
+    const args = [
+      cliPath,
+      '--output-format',
+      'JSON',
+      '--output-file',
+      '-',
+      '--package-lock-only' // Don't require node_modules
+    ];
+
+    // Add workspace flags if specified
+    if (options.workspace) {
+      for (const ws of options.workspace) {
+        args.push('-w', ws);
+      }
+    }
+
+    const sbomBuffer = execFileSync(process.execPath, args, {
+      cwd: tmpDir,
+      stdio: ['ignore', 'pipe', 'ignore'],
+      encoding: 'buffer',
+      maxBuffer: constants.MAX_LENGTH
+    });
+
+    const sbom = JSON.parse(sbomBuffer.toString('utf8'));
+    const packages = new Set();
+
+    for (const component of sbom.components || []) {
+      if (component.name && component.version) {
+        packages.add(`${component.name}@${component.version}`);
+      }
+    }
+
+    return { packages, workspaceCount: 0, source: '@cyclonedx/cyclonedx-npm' };
   } finally {
     if (!options.tmpDir) {
       await rm(tmpDir, { recursive: true, force: true });
@@ -88,14 +237,34 @@ async function getPackagesFromNpm(content, _filepath, options = {}) {
   }
 }
 
+/**
+ * Get packages from npm lockfile - tries Arborist first, falls back to CycloneDX
+ * @param {string} content - Lockfile content
+ * @param {string} filepath - Path to lockfile
+ * @param {CompareOptions} [options] - Options
+ * @returns {Promise<PackagesResult>}
+ */
+async function getPackagesFromNpm(content, filepath, options = {}) {
+  // Try Arborist first (faster, more accurate)
+  const arboristResult = await getPackagesFromArborist(content, filepath, options);
+  if (arboristResult) return arboristResult;
+
+  // Fall back to CycloneDX
+  const cyclonedxResult = await getPackagesFromCycloneDX(content, filepath, options);
+  if (cyclonedxResult) return cyclonedxResult;
+
+  throw new Error(
+    'No npm comparison parser available. Install @npmcli/arborist or @cyclonedx/cyclonedx-npm'
+  );
+}
+
 /**
  * Get packages from yarn classic lockfile
  * @param {string} content - Lockfile content
  * @returns {Promise<PackagesResult>}
  */
 async function getPackagesFromYarnClassic(content) {
-  const parse = yarnLockfile.parse || yarnLockfile.default?.parse;
-  const parsed = parse(content);
+  const parsed = parseYarnClassic(content);
 
   if (parsed.type !== 'success' && parsed.type !== 'merge') {
     throw new Error('Failed to parse yarn.lock');
@@ -121,15 +290,92 @@ async function getPackagesFromYarnClassic(content) {
     }
   }
 
-  return { packages, workspaceCount };
+  return { packages, workspaceCount, source: '@yarnpkg/lockfile' };
 }
 
 /**
- * Get packages from yarn berry lockfile
+ * Get packages from yarn berry lockfile using @yarnpkg/core Project.originalPackages
+ *
+ * This is the equivalent of Arborist.loadVirtual() - loads yarn's internal representation.
+ *
+ * Key insight: By calling setupResolutions() directly (a private method), we can populate
+ * originalPackages from the lockfile WITHOUT requiring a valid project setup. This gives
+ * us yarn's ground truth package data.
+ *
+ * @param {string} content - Lockfile content
+ * @param {CompareOptions} [options] - Options
+ * @returns {Promise<PackagesResult | null>}
+ */
+async function getPackagesFromYarnBerryCore(content, options = {}) {
+  const core = await loadYarnCore();
+  if (!core) return null;
+
+  const { Configuration, Project, structUtils } = core;
+
+  // Create temp directory with yarn.lock and minimal package.json
+  const tmpDir = options.tmpDir || (await mkdtemp(join(tmpdir(), 'flatlock-yarn-')));
+  const lockPath = join(tmpDir, 'yarn.lock');
+  const pkgPath = join(tmpDir, 'package.json');
+
+  try {
+    await writeFile(lockPath, content);
+    // Minimal package.json - only needed for Configuration.find
+    await writeFile(
+      pkgPath,
+      JSON.stringify({ name: 'flatlock-temp', version: '0.0.0', private: true })
+    );
+
+    // Load configuration
+    const configuration = await Configuration.find(/** @type {any} */ (tmpDir), null);
+
+    // Create project manually (don't use Project.find which calls setupWorkspaces)
+    const project = new Project(/** @type {any} */ (tmpDir), { configuration });
+
+    // Call setupResolutions directly - this parses the lockfile and populates originalPackages
+    // This is a private method but it's the only way to get ground truth without a full project
+    await /** @type {any} */ (project).setupResolutions();
+
+    const packages = new Set();
+    let workspaceCount = 0;
+
+    // Iterate over originalPackages - this is yarn's ground truth from the lockfile
+    for (const pkg of project.originalPackages.values()) {
+      const ref = pkg.reference;
+
+      // Check for workspace/link/portal protocols
+      if (ref.startsWith('workspace:') || ref.startsWith('link:') || ref.startsWith('portal:')) {
+        workspaceCount++;
+        continue;
+      }
+
+      // Skip virtual packages (peer dependency variants)
+      if (structUtils.isVirtualLocator(pkg)) {
+        continue;
+      }
+
+      const name = structUtils.stringifyIdent(pkg);
+      if (name && pkg.version) {
+        packages.add(`${name}@${pkg.version}`);
+      }
+    }
+
+    return { packages, workspaceCount, source: '@yarnpkg/core' };
+  } catch (_err) {
+    // If @yarnpkg/core fails (e.g., incompatible lockfile), return null to fall back
+    return null;
+  } finally {
+    if (!options.tmpDir) {
+      await rm(tmpDir, { recursive: true, force: true });
+    }
+  }
+}
+
+/**
+ * Get packages from yarn berry lockfile using @yarnpkg/parsers (fallback)
  * @param {string} content - Lockfile content
  * @returns {Promise<PackagesResult>}
  */
-async function getPackagesFromYarnBerry(content) {
+async function getPackagesFromYarnBerryParsers(content) {
   const parsed = parseSyml(content);
 
   const packages = new Set();
@@ -139,11 +385,16 @@ async function getPackagesFromYarnBerry(content) {
     if (key === '__metadata') continue;
 
     // Skip workspace/link entries - flatlock only cares about external dependencies
+    // Keys look like: "@pkg@workspace:path" or "pkg@workspace:path"
+    // Resolutions look like: "@pkg@workspace:path" or "pkg@npm:1.0.0"
     const resolution = value.resolution || '';
     if (
-      resolution.startsWith('workspace:') ||
-      resolution.startsWith('portal:') ||
-      resolution.startsWith('link:')
+      key.includes('@workspace:') ||
+      key.includes('@portal:') ||
+      key.includes('@link:') ||
+      resolution.includes('@workspace:') ||
+      resolution.includes('@portal:') ||
+      resolution.includes('@link:')
     ) {
       workspaceCount++;
       continue;
@@ -156,15 +407,84 @@ async function getPackagesFromYarnBerry(content) {
     }
   }
 
-  return { packages, workspaceCount };
+  return { packages, workspaceCount, source: '@yarnpkg/parsers' };
 }
 
 /**
- * Get packages from pnpm lockfile
+ * Get packages from yarn berry lockfile - tries @yarnpkg/core first, falls back to @yarnpkg/parsers
  * @param {string} content - Lockfile content
+ * @param {CompareOptions} [options] - Options
  * @returns {Promise<PackagesResult>}
  */
-async function getPackagesFromPnpm(content) {
+async function getPackagesFromYarnBerry(content, options = {}) {
+  // Try @yarnpkg/core first (official yarn implementation with Project.restoreInstallState)
+  const coreResult = await getPackagesFromYarnBerryCore(content, options);
+  if (coreResult) return coreResult;
+
+  // Fall back to @yarnpkg/parsers with manual filtering
+  return getPackagesFromYarnBerryParsers(content);
+}
+
+/**
+ * Get packages from pnpm lockfile using @pnpm/lockfile.fs (official parser)
+ * @param {string} _content - Lockfile content (unused, reads from disk)
+ * @param {string} filepath - Path to lockfile
+ * @param {CompareOptions} [_options] - Options (unused)
+ * @returns {Promise<PackagesResult | null>}
+ */
+async function getPackagesFromPnpmOfficial(_content, filepath, _options = {}) {
+  const readLockfile = await loadPnpmLockfileFs();
+  if (!readLockfile) return null;
+
+  const projectDir = dirname(filepath);
+
+  try {
+    const lockfile = await readLockfile(projectDir, {
+      ignoreIncompatible: true
+    });
+
+    if (!lockfile) return null;
+
+    const packages = new Set();
+    let workspaceCount = 0;
+    const pkgs = lockfile.packages || {};
+
+    // If no packages found, likely version incompatibility - fall back to js-yaml
+    if (Object.keys(pkgs).length === 0) {
+      return null;
+    }
+
+    for (const [key, _value] of Object.entries(pkgs)) {
+      // Skip link/file entries
+      if (
+        key.startsWith('link:') ||
+        key.startsWith('file:') ||
+        key.includes('@link:') ||
+        key.includes('@file:')
+      ) {
+        workspaceCount++;
+        continue;
+      }
+
+      const { name, version } = parsePnpmSpec(key);
+      if (name && version) {
+        packages.add(`${name}@${version}`);
+      }
+    }
+
+    return { packages, workspaceCount, source: '@pnpm/lockfile.fs' };
+  } catch {
+    // Fall back to js-yaml if official parser fails (version incompatibility)
+    return null;
+  }
+}
+
+/**
+ * Get packages from pnpm lockfile using js-yaml (fallback)
+ * @param {string} content - Lockfile content
+ * @returns {Promise<PackagesResult>}
+ */
+async function getPackagesFromPnpmYaml(content) {
   const parsed = /** @type {{ packages?: Record<string, any> }} */ (yaml.load(content));
 
   const packages = new Set();
@@ -196,7 +516,23 @@ async function getPackagesFromPnpm(content) {
     }
   }
 
-  return { packages, workspaceCount };
+  return { packages, workspaceCount, source: 'js-yaml' };
+}
+
+/**
+ * Get packages from pnpm lockfile - tries official parser first, falls back to js-yaml
+ * @param {string} content - Lockfile content
+ * @param {string} filepath - Path to lockfile
+ * @param {CompareOptions} [options] - Options
+ * @returns {Promise<PackagesResult>}
+ */
+async function getPackagesFromPnpm(content, filepath, options = {}) {
+  // Try official pnpm parser first
+  const officialResult = await getPackagesFromPnpmOfficial(content, filepath, options);
+  if (officialResult) return officialResult;
+
+  // Fall back to js-yaml
+  return getPackagesFromPnpmYaml(content);
 }
 
 /**
@@ -225,23 +561,24 @@ export async function compare(filepath, options = {}) {
       comparisonResult = await getPackagesFromYarnClassic(content);
       break;
     case Type.YARN_BERRY:
-      comparisonResult = await getPackagesFromYarnBerry(content);
+      comparisonResult = await getPackagesFromYarnBerry(content, options);
       break;
     case Type.PNPM:
-      comparisonResult = await getPackagesFromPnpm(content);
+      comparisonResult = await getPackagesFromPnpm(content, filepath, options);
       break;
     default:
-      return { type, identical: null, flatlockCount: flatlockSet.size };
+      return { type, equinumerous: null, flatlockCount: flatlockSet.size };
   }
 
-  const { packages: comparisonSet, workspaceCount } = comparisonResult;
+  const { packages: comparisonSet, workspaceCount, source } = comparisonResult;
   const onlyInFlatlock = new Set([...flatlockSet].filter(x => !comparisonSet.has(x)));
   const onlyInComparison = new Set([...comparisonSet].filter(x => !flatlockSet.has(x)));
-  const identical = onlyInFlatlock.size === 0 && onlyInComparison.size === 0;
+  const equinumerous = onlyInFlatlock.size === 0 && onlyInComparison.size === 0;
 
   return {
     type,
-    identical,
+    source,
+    equinumerous,
     flatlockCount: flatlockSet.size,
     comparisonCount: comparisonSet.size,
     workspaceCount,
@@ -261,3 +598,23 @@ export async function* compareAll(filepaths, options = {}) {
     yield { filepath, ...(await compare(filepath, options)) };
   }
 }
+
+/**
+ * Check which optional comparison parsers are available
+ * @returns {Promise<{ arborist: boolean, cyclonedx: boolean, pnpmLockfileFs: boolean, yarnCore: boolean }>}
+ */
+export async function getAvailableParsers() {
+  const [arborist, pnpmLockfileFs, yarnCoreModule] = await Promise.all([
+    loadArborist(),
+    loadPnpmLockfileFs(),
+    loadYarnCore()
+  ]);
+  const cyclonedx = loadCycloneDxCliPath();
+
+  return {
+    arborist: !!arborist,
+    cyclonedx: !!cyclonedx,
+    pnpmLockfileFs: !!pnpmLockfileFs,
+    yarnCore: !!yarnCoreModule
+  };
+}

package/src/detect.js

@@ -1,6 +1,6 @@
-import yarnLockfile from '@yarnpkg/lockfile';
 import { parseSyml } from '@yarnpkg/parsers';
 import yaml from 'js-yaml';
+import { parseYarnClassic } from './parsers/yarn-classic.js';
 
 /**
  * @typedef {'npm' | 'pnpm' | 'yarn-classic' | 'yarn-berry'} LockfileType
@@ -57,10 +57,9 @@ function tryParseYarnBerry(content) {
  */
 function tryParseYarnClassic(content) {
   try {
-    const parse = yarnLockfile.default?.parse || yarnLockfile.parse;
-    if (!parse) return false;
+    if (!parseYarnClassic) return false;
 
-    const result = parse(content);
+    const result = parseYarnClassic(content);
     // Must parse successfully and NOT have __metadata (that's berry)
     // Must have at least one package entry (not empty object)
     const isValidResult = result.type === 'success' || result.type === 'merge';

package/src/index.js

@@ -7,6 +7,7 @@ import {
   fromYarnClassicLock
 } from './parsers/index.js';
 import { Err, Ok } from './result.js';
+import { FlatlockSet } from './set.js';
 
 /** @typedef {import('./detect.js').LockfileType} LockfileType */
 /** @typedef {import('./parsers/npm.js').Dependency} Dependency */
@@ -26,6 +27,9 @@ export { Ok, Err };
 // Re-export individual parsers
 export { fromPackageLock, fromPnpmLock, fromYarnClassicLock, fromYarnBerryLock };
 
+// Re-export FlatlockSet class
+export { FlatlockSet };
+
 /**
  * Parse lockfile from path (auto-detect type)
  * @param {string} path - Path to lockfile
@@ -130,8 +134,8 @@ export function* fromYarnLock(content, options = {}) {
 export async function collect(pathOrContent, options = {}) {
   const deps = [];
 
-  // Check if it's a path or content
-  const isPath = !pathOrContent.includes('\n') && !pathOrContent.startsWith('{');
+  // Better heuristic: paths don't contain newlines and are reasonably short
+  const isPath = !pathOrContent.includes('\n') && pathOrContent.length < 1000;
 
   if (isPath) {
     for await (const dep of fromPath(pathOrContent, options)) {
@@ -146,6 +150,9 @@ export async function collect(pathOrContent, options = {}) {
   return deps;
 }
 
+// Re-export compare API
+export { compare, compareAll, getAvailableParsers } from './compare.js';
+
 // Re-export lockfile key parsing utilities
 export {
   parseNpmKey,

package/src/parsers/index.js

@@ -4,5 +4,13 @@
 
 export { fromPackageLock, parseLockfileKey as parseNpmKey } from './npm.js';
 export { fromPnpmLock, parseLockfileKey as parsePnpmKey } from './pnpm.js';
-export { fromYarnBerryLock, parseLockfileKey as parseYarnBerryKey } from './yarn-berry.js';
-export { fromYarnClassicLock, parseLockfileKey as parseYarnClassicKey } from './yarn-classic.js';
+export {
+  fromYarnBerryLock,
+  parseLockfileKey as parseYarnBerryKey,
+  parseResolution as parseYarnBerryResolution
+} from './yarn-berry.js';
+export {
+  fromYarnClassicLock,
+  parseLockfileKey as parseYarnClassicKey,
+  parseYarnClassic
+} from './yarn-classic.js';