flatlock 1.2.0 → 1.3.0

package/src/parsers/npm.js

@@ -1,5 +1,18 @@
+import { readFile } from 'node:fs/promises';
+import { join } from 'node:path';
+
 /** @typedef {import('./types.js').Dependency} Dependency */
 
+/**
+ * @typedef {Object} WorkspacePackage
+ * @property {string} name
+ * @property {string} version
+ * @property {Record<string, string>} [dependencies]
+ * @property {Record<string, string>} [devDependencies]
+ * @property {Record<string, string>} [optionalDependencies]
+ * @property {Record<string, string>} [peerDependencies]
+ */
+
 /**
  * LIMITATION: Workspace symlinks are not yielded
  *
@@ -141,3 +154,72 @@ export function* fromPackageLock(input, _options = {}) {
     }
   }
 }
+
+/**
+ * Extract workspace paths from npm lockfile.
+ *
+ * npm workspace packages are entries in `packages` that:
+ * - Are not the root ('')
+ * - Don't contain 'node_modules/' (those are installed deps)
+ * - Have a version field
+ *
+ * @param {string | object} input - Lockfile content string or pre-parsed object
+ * @returns {string[]} Array of workspace paths (e.g., ['workspaces/arborist', 'workspaces/libnpmfund'])
+ *
+ * @example
+ * extractWorkspacePaths(lockfile)
+ * // => ['workspaces/arborist', 'workspaces/libnpmfund', ...]
+ */
+export function extractWorkspacePaths(input) {
+  const lockfile = typeof input === 'string' ? JSON.parse(input) : input;
+  const packages = lockfile.packages || {};
+  const paths = [];
+
+  for (const [path, pkg] of Object.entries(packages)) {
+    // Skip root and node_modules entries
+    if (path === '' || path.includes('node_modules')) continue;
+
+    // Workspace entries have a version
+    if (pkg.version) {
+      paths.push(path);
+    }
+  }
+
+  return paths;
+}
+
+/**
+ * Build workspace packages map by reading package.json files.
+ *
+ * @param {string | object} input - Lockfile content string or pre-parsed object
+ * @param {string} repoDir - Path to repository root
+ * @returns {Promise<Record<string, WorkspacePackage>>} Map of workspace path to package info
+ *
+ * @example
+ * const workspaces = await buildWorkspacePackages(lockfile, '/path/to/repo');
+ * // => { 'workspaces/arborist': { name: '@npmcli/arborist', version: '1.0.0', dependencies: {...} } }
+ */
+export async function buildWorkspacePackages(input, repoDir) {
+  const paths = extractWorkspacePaths(input);
+  /** @type {Record<string, WorkspacePackage>} */
+  const workspacePackages = {};
+
+  for (const wsPath of paths) {
+    const pkgJsonPath = join(repoDir, wsPath, 'package.json');
+    try {
+      const pkg = JSON.parse(await readFile(pkgJsonPath, 'utf8'));
+      workspacePackages[wsPath] = {
+        name: pkg.name,
+        version: pkg.version || '0.0.0',
+        dependencies: pkg.dependencies,
+        devDependencies: pkg.devDependencies,
+        optionalDependencies: pkg.optionalDependencies,
+        peerDependencies: pkg.peerDependencies
+      };
+    } catch {
+      // Skip workspaces with missing or invalid package.json
+    }
+  }
+
+  return workspacePackages;
+}

package/src/parsers/pnpm/index.js

@@ -11,6 +11,8 @@
  * @module flatlock/parsers/pnpm
  */
 
+import { readFile } from 'node:fs/promises';
+import { join } from 'node:path';
 import yaml from 'js-yaml';
 
 import { detectVersion } from './detect.js';
@@ -20,6 +22,16 @@ import { parseSpecV6Plus } from './v6plus.js';
 
 /** @typedef {import('../types.js').Dependency} Dependency */
 
+/**
+ * @typedef {Object} WorkspacePackage
+ * @property {string} name
+ * @property {string} version
+ * @property {Record<string, string>} [dependencies]
+ * @property {Record<string, string>} [devDependencies]
+ * @property {Record<string, string>} [optionalDependencies]
+ * @property {Record<string, string>} [peerDependencies]
+ */
+
 // Public API: detectVersion for users who need to inspect lockfile version
 export { detectVersion } from './detect.js';
 
@@ -287,3 +299,61 @@ export function* fromPnpmLock(input, _options = {}) {
   // Note: importers (workspace packages) are intentionally NOT yielded
   // flatlock only cares about external dependencies
 }
+
+/**
+ * Extract workspace paths from pnpm lockfile.
+ *
+ * pnpm stores workspace packages in the `importers` section.
+ * Each key is a workspace path relative to the repo root.
+ *
+ * @param {string | object} input - Lockfile content string or pre-parsed object
+ * @returns {string[]} Array of workspace paths (e.g., ['packages/foo', 'packages/bar'])
+ *
+ * @example
+ * extractWorkspacePaths(lockfile)
+ * // => ['packages/vue', 'packages/compiler-core', ...]
+ */
+export function extractWorkspacePaths(input) {
+  const lockfile = /** @type {Record<string, any>} */ (
+    typeof input === 'string' ? yaml.load(input) : input
+  );
+
+  const importers = lockfile.importers || {};
+  return Object.keys(importers).filter(k => k !== '.');
+}
+
+/**
+ * Build workspace packages map by reading package.json files.
+ *
+ * @param {string | object} input - Lockfile content string or pre-parsed object
+ * @param {string} repoDir - Path to repository root
+ * @returns {Promise<Record<string, WorkspacePackage>>} Map of workspace path to package info
+ *
+ * @example
+ * const workspaces = await buildWorkspacePackages(lockfile, '/path/to/repo');
+ * // => { 'packages/foo': { name: '@scope/foo', version: '1.0.0', dependencies: {...} } }
+ */
+export async function buildWorkspacePackages(input, repoDir) {
+  const paths = extractWorkspacePaths(input);
+  /** @type {Record<string, WorkspacePackage>} */
+  const workspacePackages = {};
+
+  for (const wsPath of paths) {
+    const pkgJsonPath = join(repoDir, wsPath, 'package.json');
+    try {
+      const pkg = JSON.parse(await readFile(pkgJsonPath, 'utf8'));
+      workspacePackages[wsPath] = {
+        name: pkg.name,
+        version: pkg.version || '0.0.0',
+        dependencies: pkg.dependencies,
+        devDependencies: pkg.devDependencies,
+        optionalDependencies: pkg.optionalDependencies,
+        peerDependencies: pkg.peerDependencies
+      };
+    } catch {
+      // Skip workspaces with missing or invalid package.json
+    }
+  }
+
+  return workspacePackages;
+}

package/src/parsers/yarn-berry.js

@@ -1,7 +1,19 @@
+import { readFile } from 'node:fs/promises';
+import { join } from 'node:path';
 import { parseSyml } from '@yarnpkg/parsers';
 
 /** @typedef {import('./types.js').Dependency} Dependency */
 
+/**
+ * @typedef {Object} WorkspacePackage
+ * @property {string} name
+ * @property {string} version
+ * @property {Record<string, string>} [dependencies]
+ * @property {Record<string, string>} [devDependencies]
+ * @property {Record<string, string>} [optionalDependencies]
+ * @property {Record<string, string>} [peerDependencies]
+ */
+
 /**
  * Extract package name from yarn berry resolution field.
  *
@@ -252,3 +264,79 @@ export function* fromYarnBerryLock(input, _options = {}) {
     }
   }
 }
+
+/**
+ * Extract workspace paths from yarn berry lockfile.
+ *
+ * Yarn berry workspace entries use `@workspace:` protocol in keys.
+ * Keys can have multiple comma-separated descriptors.
+ *
+ * @param {string | object} input - Lockfile content string or pre-parsed object
+ * @returns {string[]} Array of workspace paths (e.g., ['packages/foo', 'packages/bar'])
+ *
+ * @example
+ * extractWorkspacePaths(lockfile)
+ * // => ['packages/babel-core', 'packages/babel-parser', ...]
+ */
+export function extractWorkspacePaths(input) {
+  const lockfile = typeof input === 'string' ? parseSyml(input) : input;
+  const paths = new Set();
+
+  for (const key of Object.keys(lockfile)) {
+    if (key === '__metadata') continue;
+    if (!key.includes('@workspace:')) continue;
+
+    // Keys can have multiple comma-separated descriptors:
+    // "@babel/types@workspace:*, @babel/types@workspace:^, @babel/types@workspace:packages/babel-types"
+    const descriptors = key.split(', ');
+    for (const desc of descriptors) {
+      if (!desc.includes('@workspace:')) continue;
+
+      const wsIndex = desc.indexOf('@workspace:');
+      const path = desc.slice(wsIndex + '@workspace:'.length);
+
+      // Skip wildcards (*, ^) and root workspace (.)
+      if (path && path !== '.' && path !== '*' && path !== '^' && path.includes('/')) {
+        paths.add(path);
+      }
+    }
+  }
+
+  return [...paths];
+}
+
+/**
+ * Build workspace packages map by reading package.json files.
+ *
+ * @param {string | object} input - Lockfile content string or pre-parsed object
+ * @param {string} repoDir - Path to repository root
+ * @returns {Promise<Record<string, WorkspacePackage>>} Map of workspace path to package info
+ *
+ * @example
+ * const workspaces = await buildWorkspacePackages(lockfile, '/path/to/repo');
+ * // => { 'packages/foo': { name: '@scope/foo', version: '1.0.0', dependencies: {...} } }
+ */
+export async function buildWorkspacePackages(input, repoDir) {
+  const paths = extractWorkspacePaths(input);
+  /** @type {Record<string, WorkspacePackage>} */
+  const workspacePackages = {};
+
+  for (const wsPath of paths) {
+    const pkgJsonPath = join(repoDir, wsPath, 'package.json');
+    try {
+      const pkg = JSON.parse(await readFile(pkgJsonPath, 'utf8'));
+      workspacePackages[wsPath] = {
+        name: pkg.name,
+        version: pkg.version || '0.0.0',
+        dependencies: pkg.dependencies,
+        devDependencies: pkg.devDependencies,
+        optionalDependencies: pkg.optionalDependencies,
+        peerDependencies: pkg.peerDependencies
+      };
+    } catch {
+      // Skip workspaces with missing or invalid package.json
+    }
+  }
+
+  return workspacePackages;
+}