flatlock 1.2.0 → 1.3.0

package/dist/compare.d.ts

@@ -1,85 +0,0 @@
-/**
- * Compare flatlock output against established parser for a lockfile
- * @param {string} filepath - Path to lockfile
- * @param {CompareOptions} [options] - Options
- * @returns {Promise<ComparisonResult>}
- */
-export function compare(filepath: string, options?: CompareOptions): Promise<ComparisonResult>;
-/**
- * Compare multiple lockfiles
- * @param {string[]} filepaths - Paths to lockfiles
- * @param {CompareOptions} [options] - Options
- * @returns {AsyncGenerator<ComparisonResult & { filepath: string }>}
- */
-export function compareAll(filepaths: string[], options?: CompareOptions): AsyncGenerator<ComparisonResult & {
-    filepath: string;
-}>;
-/**
- * Check which optional comparison parsers are available
- * @returns {Promise<{ arborist: boolean, cyclonedx: boolean, pnpmLockfileFs: boolean, yarnCore: boolean }>}
- */
-export function getAvailableParsers(): Promise<{
-    arborist: boolean;
-    cyclonedx: boolean;
-    pnpmLockfileFs: boolean;
-    yarnCore: boolean;
-}>;
-export type CompareOptions = {
-    /**
-     * - Temp directory for Arborist/CycloneDX (npm only)
-     */
-    tmpDir?: string;
-    /**
-     * - Workspace paths for CycloneDX (-w flag)
-     */
-    workspace?: string[];
-};
-export type ComparisonResult = {
-    /**
-     * - Lockfile type
-     */
-    type: string;
-    /**
-     * - Comparison source used (e.g., '@npmcli/arborist', '@cyclonedx/cyclonedx-npm')
-     */
-    source?: string;
-    /**
-     * - Whether flatlock and comparison have same cardinality
-     */
-    equinumerous: boolean | null;
-    /**
-     * - Number of packages found by flatlock
-     */
-    flatlockCount: number;
-    /**
-     * - Number of packages found by comparison parser
-     */
-    comparisonCount?: number;
-    /**
-     * - Number of workspace packages skipped
-     */
-    workspaceCount?: number;
-    /**
-     * - Packages only found by flatlock
-     */
-    onlyInFlatlock?: string[];
-    /**
-     * - Packages only found by comparison parser
-     */
-    onlyInComparison?: string[];
-};
-export type PackagesResult = {
-    /**
-     * - Set of package@version strings
-     */
-    packages: Set<string>;
-    /**
-     * - Number of workspace packages skipped
-     */
-    workspaceCount: number;
-    /**
-     * - Comparison source used
-     */
-    source: string;
-};
-//# sourceMappingURL=compare.d.ts.map

package/dist/compare.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"compare.d.ts","sourceRoot":"","sources":["../src/compare.js"],"names":[],"mappings":"AAyhBA;;;;;GAKG;AACH,kCAJW,MAAM,YACN,cAAc,GACZ,OAAO,CAAC,gBAAgB,CAAC,CA8CrC;AAED;;;;;GAKG;AACH,sCAJW,MAAM,EAAE,YACR,cAAc,GACZ,cAAc,CAAC,gBAAgB,GAAG;IAAE,QAAQ,EAAE,MAAM,CAAA;CAAE,CAAC,CAMnE;AAED;;;GAGG;AACH,uCAFa,OAAO,CAAC;IAAE,QAAQ,EAAE,OAAO,CAAC;IAAC,SAAS,EAAE,OAAO,CAAC;IAAC,cAAc,EAAE,OAAO,CAAC;IAAC,QAAQ,EAAE,OAAO,CAAA;CAAE,CAAC,CAgB1G;;;;;aAnhBa,MAAM;;;;gBACN,MAAM,EAAE;;;;;;UAKR,MAAM;;;;aACN,MAAM;;;;kBACN,OAAO,GAAG,IAAI;;;;mBACd,MAAM;;;;sBACN,MAAM;;;;qBACN,MAAM;;;;qBACN,MAAM,EAAE;;;;uBACR,MAAM,EAAE;;;;;;cAKR,GAAG,CAAC,MAAM,CAAC;;;;oBACX,MAAM;;;;YACN,MAAM"}

package/dist/detect.d.ts

@@ -1,33 +0,0 @@
-/**
- * Detect lockfile type from content and/or path
- *
- * Content is the primary signal - we actually parse the content to verify
- * it's a valid lockfile of the detected type. This prevents spoofing attacks
- * where malicious content contains detection markers in strings/comments.
- *
- * Path is only used as a fallback hint when content is not provided.
- *
- * @param {Object} options - Detection options
- * @param {string} [options.path] - Path to the lockfile (optional hint)
- * @param {string} [options.content] - Lockfile content (primary signal)
- * @returns {LockfileType}
- * @throws {Error} If unable to detect lockfile type
- */
-export function detectType({ path, content }?: {
-    path?: string | undefined;
-    content?: string | undefined;
-}): LockfileType;
-/**
- * @typedef {'npm' | 'pnpm' | 'yarn-classic' | 'yarn-berry'} LockfileType
- */
-/**
- * Lockfile type constants
- */
-export const Type: Readonly<{
-    NPM: "npm";
-    PNPM: "pnpm";
-    YARN_CLASSIC: "yarn-classic";
-    YARN_BERRY: "yarn-berry";
-}>;
-export type LockfileType = "npm" | "pnpm" | "yarn-classic" | "yarn-berry";
-//# sourceMappingURL=detect.d.ts.map

package/dist/detect.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"detect.d.ts","sourceRoot":"","sources":["../src/detect.js"],"names":[],"mappings":"AA6FA;;;;;;;;;;;;;;GAcG;AACH,+CALG;IAAyB,IAAI;IACJ,OAAO;CAChC,GAAU,YAAY,CAgDxB;AArJD;;GAEG;AAEH;;GAEG;AACH;;;;;GAKG;2BAXU,KAAK,GAAG,MAAM,GAAG,cAAc,GAAG,YAAY"}

package/dist/index.d.ts

@@ -1,72 +0,0 @@
-/**
- * Parse lockfile from path (auto-detect type)
- * @param {string} path - Path to lockfile
- * @param {Object} [options] - Parser options
- * @returns {AsyncGenerator<Dependency>}
- */
-export function fromPath(path: string, options?: Object): AsyncGenerator<Dependency>;
-/**
- * Parse lockfile from string (auto-detect or use options.type)
- * @param {string} content - Lockfile content
- * @param {Object} [options] - Parser options
- * @param {string} [options.path] - Path hint for type detection
- * @param {LockfileType} [options.type] - Explicit type (skip detection)
- * @returns {Generator<Dependency>}
- */
-export function fromString(content: string, options?: {
-    path?: string | undefined;
-    type?: import("./detect.js").LockfileType | undefined;
-}): Generator<Dependency>;
-/**
- * Try to parse lockfile from path (returns Result)
- * @param {string} path - Path to lockfile
- * @param {ParseOptions} [options] - Parser options
- * @returns {Promise<import('./result.js').Result<AsyncGenerator<Dependency>>>}
- */
-export function tryFromPath(path: string, options?: ParseOptions): Promise<import("./result.js").Result<AsyncGenerator<Dependency>>>;
-/**
- * Try to parse lockfile from string (returns Result)
- * @param {string} content - Lockfile content
- * @param {ParseOptions} [options] - Parser options
- * @returns {import('./result.js').Result<Generator<Dependency>>}
- */
-export function tryFromString(content: string, options?: ParseOptions): import("./result.js").Result<Generator<Dependency>>;
-/**
- * Parse yarn.lock (auto-detect classic vs berry)
- * @param {string} content - Lockfile content
- * @param {Object} [options] - Parser options
- * @returns {Generator<Dependency>}
- */
-export function fromYarnLock(content: string, options?: Object): Generator<Dependency>;
-/**
- * Collect all dependencies into an array
- * @param {string} pathOrContent - Path to lockfile or content string
- * @param {Object} [options] - Parser options
- * @returns {Promise<Dependency[]>}
- */
-export function collect(pathOrContent: string, options?: Object): Promise<Dependency[]>;
-export type LockfileType = import("./detect.js").LockfileType;
-export type Dependency = import("./parsers/npm.js").Dependency;
-export type ParseOptions = {
-    /**
-     * - Path hint for type detection
-     */
-    path?: string;
-    /**
-     * - Explicit type (skip detection)
-     */
-    type?: LockfileType;
-};
-import { Type } from './detect.js';
-import { detectType } from './detect.js';
-import { Ok } from './result.js';
-import { Err } from './result.js';
-import { fromPackageLock } from './parsers/index.js';
-import { fromPnpmLock } from './parsers/index.js';
-import { fromYarnClassicLock } from './parsers/index.js';
-import { fromYarnBerryLock } from './parsers/index.js';
-import { FlatlockSet } from './set.js';
-export { Type, detectType, Ok, Err, fromPackageLock, fromPnpmLock, fromYarnClassicLock, fromYarnBerryLock, FlatlockSet };
-export { compare, compareAll, getAvailableParsers } from "./compare.js";
-export { parseNpmKey, parsePnpmKey, parseYarnBerryKey, parseYarnClassicKey } from "./parsers/index.js";
-//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.js"],"names":[],"mappings":"AAgCA;;;;;GAKG;AACH,+BAJW,MAAM,YACN,MAAM,GACJ,cAAc,CAAC,UAAU,CAAC,CAOtC;AAED;;;;;;;GAOG;AACH,oCANW,MAAM,YAEd;IAAyB,IAAI;IACE,IAAI;CACnC,GAAU,SAAS,CAAC,UAAU,CAAC,CA0BjC;AAED;;;;;GAKG;AACH,kCAJW,MAAM,YACN,YAAY,GACV,OAAO,CAAC,OAAO,aAAa,EAAE,MAAM,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC,CAAC,CAS7E;AAED;;;;;GAKG;AACH,uCAJW,MAAM,YACN,YAAY,GACV,OAAO,aAAa,EAAE,MAAM,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC,CAW/D;AAED;;;;;GAKG;AACH,sCAJW,MAAM,YACN,MAAM,GACJ,SAAS,CAAC,UAAU,CAAC,CAUjC;AAED;;;;;GAKG;AACH,uCAJW,MAAM,YACN,MAAM,GACJ,OAAO,CAAC,UAAU,EAAE,CAAC,CAmBjC;2BA3Ia,OAAO,aAAa,EAAE,YAAY;yBAClC,OAAO,kBAAkB,EAAE,UAAU;;;;;WAIrC,MAAM;;;;WACN,YAAY;;qBAhBO,aAAa;2BAAb,aAAa;mBAOtB,aAAa;oBAAb,aAAa;gCAD9B,oBAAoB;6BAApB,oBAAoB;oCAApB,oBAAoB;kCAApB,oBAAoB;4BAEC,UAAU"}

package/dist/parsers/index.d.ts

@@ -1,5 +0,0 @@
-export { fromPackageLock, parseLockfileKey as parseNpmKey } from "./npm.js";
-export { fromPnpmLock, parseLockfileKey as parsePnpmKey } from "./pnpm.js";
-export { fromYarnBerryLock, parseLockfileKey as parseYarnBerryKey, parseResolution as parseYarnBerryResolution } from "./yarn-berry.js";
-export { fromYarnClassicLock, parseLockfileKey as parseYarnClassicKey, parseYarnClassic } from "./yarn-classic.js";
-//# sourceMappingURL=index.d.ts.map

package/dist/parsers/index.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/parsers/index.js"],"names":[],"mappings":""}

package/dist/parsers/npm.d.ts

@@ -1,109 +0,0 @@
-/** @typedef {import('./types.js').Dependency} Dependency */
-/**
- * LIMITATION: Workspace symlinks are not yielded
- *
- * npm workspaces create two entries in package-lock.json:
- *   1. packages/<workspace-path> → has version (workspace definition)
- *   2. node_modules/<pkg-name> → link:true, NO version (symlink to #1)
- *
- * Arborist resolves #2 to get version from #1. This parser does not.
- * Entries with link:true but no version are skipped.
- *
- * To include workspace packages, users should use @npmcli/arborist directly.
- */
-/**
- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- * !! WARNING: DO NOT MODIFY THIS FUNCTION                                   !!
- * !! AI AGENTS (Claude, Copilot, etc.): DO NOT TOUCH THIS CODE              !!
- * !!                                                                        !!
- * !! This is PATH parsing, NOT spec parsing. It extracts package names from !!
- * !! filesystem paths like "node_modules/@scope/name", NOT from package     !!
- * !! specs like "@scope/name@^1.0.0".                                       !!
- * !!                                                                        !!
- * !! npm-package-arg (npa) is for SPEC parsing. This is PATH parsing.       !!
- * !! They are different things. Do not "improve" this with npa.             !!
- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- *
- * Extract package name from npm lockfile path.
- *
- * Paths in package-lock.json follow this grammar:
- *   path := (node_modules/<pkg>)+
- *     | <workspace>/<path>
- *     | <workspace>/<path>/(node_modules/<pkg>)+
- *
- *   pkg := name (unscoped)
- *     | @scope/name (scoped)
- *
- * @param {string} path - Lockfile path key
- * @returns {string} Package name
- *
- * @example
- * // Simple unscoped package
- * parseLockfileKey('node_modules/lodash')
- * // => 'lodash'
- *
- * @example
- * // Scoped package
- * parseLockfileKey('node_modules/@babel/core')
- * // => '@babel/core'
- *
- * @example
- * // Nested dependency (hoisted conflict resolution)
- * parseLockfileKey('node_modules/foo/node_modules/bar')
- * // => 'bar'
- *
- * @example
- * // Nested scoped dependency
- * parseLockfileKey('node_modules/foo/node_modules/@scope/bar')
- * // => '@scope/bar'
- *
- * @example
- * // Deeply nested dependency
- * parseLockfileKey('node_modules/a/node_modules/b/node_modules/c')
- * // => 'c'
- *
- * @example
- * // Deeply nested scoped dependency
- * parseLockfileKey('node_modules/a/node_modules/@types/node')
- * // => '@types/node'
- *
- * @example
- * // Workspace package path (definition)
- * parseLockfileKey('packages/my-lib')
- * // => 'my-lib'
- *
- * @example
- * // Workspace nested dependency
- * parseLockfileKey('packages/my-lib/node_modules/lodash')
- * // => 'lodash'
- *
- * @example
- * // Workspace nested scoped dependency
- * parseLockfileKey('packages/my-lib/node_modules/@types/react')
- * // => '@types/react'
- *
- * @example
- * // Package with hyphenated name
- * parseLockfileKey('node_modules/string-width')
- * // => 'string-width'
- *
- * @example
- * // Scoped package with hyphenated name
- * parseLockfileKey('node_modules/@emotion/styled')
- * // => '@emotion/styled'
- *
- * @example
- * // Complex nested path
- * parseLockfileKey('node_modules/@babel/core/node_modules/@babel/helper-compilation-targets')
- * // => '@babel/helper-compilation-targets'
- */
-export function parseLockfileKey(path: string): string;
-/**
- * Parse npm package-lock.json (v1, v2, v3)
- * @param {string | object} input - Lockfile content string or pre-parsed object
- * @param {Object} [_options] - Parser options (unused, reserved for future use)
- * @returns {Generator<Dependency>}
- */
-export function fromPackageLock(input: string | object, _options?: Object): Generator<Dependency>;
-export type Dependency = import("./types.js").Dependency;
-//# sourceMappingURL=npm.d.ts.map

package/dist/parsers/npm.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"npm.d.ts","sourceRoot":"","sources":["../../src/parsers/npm.js"],"names":[],"mappings":"AAAA,4DAA4D;AAE5D;;;;;;;;;;;GAWG;AAEH;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqFG;AACH,uCA/DW,MAAM,GACJ,MAAM,CAoElB;AAED;;;;;GAKG;AACH,uCAJW,MAAM,GAAG,MAAM,aACf,MAAM,GACJ,SAAS,CAAC,UAAU,CAAC,CA6BjC;yBA9Ia,OAAO,YAAY,EAAE,UAAU"}

package/dist/parsers/pnpm/detect.d.ts

@@ -1,136 +0,0 @@
-/**
- * @fileoverview Version detection for pnpm lockfiles
- *
- * Detects the era and version of pnpm lockfiles including:
- * - shrinkwrap.yaml (v3/v4) from 2016-2019
- * - pnpm-lock.yaml v5.x (2019-2022)
- * - pnpm-lock.yaml v6.0 (2023)
- * - pnpm-lock.yaml v9.0 (2024+)
- *
- * @module flatlock/parsers/pnpm/detect
- */
-/**
- * @typedef {'shrinkwrap'|'v5'|'v5-inline'|'v6'|'v9'|'unknown'} LockfileEra
- */
-/**
- * @typedef {Object} DetectedVersion
- * @property {LockfileEra} era - The lockfile era/format family
- * @property {string|number} version - The raw version from the lockfile
- * @property {boolean} isShrinkwrap - True if this is a shrinkwrap.yaml file
- */
-/**
- * Detect the version and era of a pnpm lockfile.
- *
- * Version detection rules:
- * - If `shrinkwrapVersion` exists: shrinkwrap era (v3/v4)
- * - If `lockfileVersion` is a number: v5 era
- * - If `lockfileVersion` is '5.4-inlineSpecifiers': v5-inline era
- * - If `lockfileVersion` starts with '6': v6 era
- * - If `lockfileVersion` starts with '9': v9 era
- *
- * @param {Object} lockfile - Parsed pnpm lockfile object
- * @param {string|number} [lockfile.lockfileVersion] - The lockfile version field
- * @param {number} [lockfile.shrinkwrapVersion] - The shrinkwrap version field (v3/v4)
- * @param {number} [lockfile.shrinkwrapMinorVersion] - Minor version for shrinkwrap
- * @returns {DetectedVersion} The detected version information
- *
- * @example
- * // shrinkwrap.yaml v3
- * detectVersion({ shrinkwrapVersion: 3 })
- * // => { era: 'shrinkwrap', version: 3, isShrinkwrap: true }
- *
- * @example
- * // pnpm-lock.yaml v5.4
- * detectVersion({ lockfileVersion: 5.4 })
- * // => { era: 'v5', version: 5.4, isShrinkwrap: false }
- *
- * @example
- * // pnpm-lock.yaml v6.0
- * detectVersion({ lockfileVersion: '6.0' })
- * // => { era: 'v6', version: '6.0', isShrinkwrap: false }
- *
- * @example
- * // pnpm-lock.yaml v9.0
- * detectVersion({ lockfileVersion: '9.0' })
- * // => { era: 'v9', version: '9.0', isShrinkwrap: false }
- */
-export function detectVersion(lockfile: {
-    lockfileVersion?: string | number | undefined;
-    shrinkwrapVersion?: number | undefined;
-    shrinkwrapMinorVersion?: number | undefined;
-}): DetectedVersion;
-/**
- * Check if a lockfile uses the v6+ package key format (name@version).
- *
- * v5 and earlier use: /name/version or /@scope/name/version
- * v6+ use: /name@version or /@scope/name@version
- * v9+ use: name@version (no leading slash)
- *
- * @param {DetectedVersion} detected - The detected version info
- * @returns {boolean} True if the lockfile uses @ separator for name@version
- *
- * @example
- * usesAtSeparator({ era: 'v5', version: 5.4 }) // => false
- * usesAtSeparator({ era: 'v6', version: '6.0' }) // => true
- * usesAtSeparator({ era: 'v9', version: '9.0' }) // => true
- */
-export function usesAtSeparator(detected: DetectedVersion): boolean;
-/**
- * Check if a lockfile uses the packages/snapshots split (v9+).
- *
- * v9 separates package metadata (packages) from dependency relationships (snapshots).
- *
- * @param {DetectedVersion} detected - The detected version info
- * @returns {boolean} True if the lockfile has packages/snapshots split
- *
- * @example
- * usesSnapshotsSplit({ era: 'v6', version: '6.0' }) // => false
- * usesSnapshotsSplit({ era: 'v9', version: '9.0' }) // => true
- */
-export function usesSnapshotsSplit(detected: DetectedVersion): boolean;
-/**
- * Check if a lockfile uses inline specifiers.
- *
- * v5.4-inlineSpecifiers and v6+ use inline specifiers in importers.
- * Earlier versions have a separate `specifiers` block.
- *
- * @param {DetectedVersion} detected - The detected version info
- * @returns {boolean} True if specifiers are inlined
- *
- * @example
- * usesInlineSpecifiers({ era: 'v5', version: 5.4 }) // => false
- * usesInlineSpecifiers({ era: 'v5-inline', version: '5.4-inlineSpecifiers' }) // => true
- * usesInlineSpecifiers({ era: 'v6', version: '6.0' }) // => true
- */
-export function usesInlineSpecifiers(detected: DetectedVersion): boolean;
-/**
- * Check if package keys have a leading slash.
- *
- * v5 and v6 use leading slash: /name/version or /name@version
- * v9 omits leading slash: name@version
- *
- * @param {DetectedVersion} detected - The detected version info
- * @returns {boolean} True if package keys have leading slash
- *
- * @example
- * hasLeadingSlash({ era: 'v5', version: 5.4 }) // => true
- * hasLeadingSlash({ era: 'v6', version: '6.0' }) // => true
- * hasLeadingSlash({ era: 'v9', version: '9.0' }) // => false
- */
-export function hasLeadingSlash(detected: DetectedVersion): boolean;
-export type LockfileEra = "shrinkwrap" | "v5" | "v5-inline" | "v6" | "v9" | "unknown";
-export type DetectedVersion = {
-    /**
-     * - The lockfile era/format family
-     */
-    era: LockfileEra;
-    /**
-     * - The raw version from the lockfile
-     */
-    version: string | number;
-    /**
-     * - True if this is a shrinkwrap.yaml file
-     */
-    isShrinkwrap: boolean;
-};
-//# sourceMappingURL=detect.d.ts.map

package/dist/parsers/pnpm/detect.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"detect.d.ts","sourceRoot":"","sources":["../../../src/parsers/pnpm/detect.js"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH;;GAEG;AAEH;;;;;GAKG;AAEH;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmCG;AACH,wCAzBG;IAAiC,eAAe;IACtB,iBAAiB;IACjB,sBAAsB;CAChD,GAAU,eAAe,CAyF3B;AAED;;;;;;;;;;;;;;GAcG;AACH,0CARW,eAAe,GACb,OAAO,CASnB;AAED;;;;;;;;;;;GAWG;AACH,6CAPW,eAAe,GACb,OAAO,CAQnB;AAED;;;;;;;;;;;;;GAaG;AACH,+CARW,eAAe,GACb,OAAO,CASnB;AAED;;;;;;;;;;;;;GAaG;AACH,0CARW,eAAe,GACb,OAAO,CASnB;0BAxLY,YAAY,GAAC,IAAI,GAAC,WAAW,GAAC,IAAI,GAAC,IAAI,GAAC,SAAS;;;;;SAKhD,WAAW;;;;aACX,MAAM,GAAC,MAAM;;;;kBACb,OAAO"}

package/dist/parsers/pnpm/index.d.ts

@@ -1,120 +0,0 @@
-/**
- * Parse pnpm package spec to extract name and version.
- *
- * This is the unified parser that auto-detects the format based on the spec pattern.
- * It supports all pnpm lockfile versions without requiring version context.
- *
- * Detection heuristics:
- * 1. If spec contains '(' -> v6+ format (peer deps in parentheses)
- * 2. If spec contains '@' after position 0 and no '/' after the '@' -> v6+ format
- * 3. Otherwise -> v5 or earlier format (slash separator)
- *
- * @param {string} spec - Package spec from pnpm lockfile
- * @returns {{ name: string | null, version: string | null }}
- *
- * @example
- * // v5 format - unscoped package
- * parseSpec('/lodash/4.17.21')
- * // => { name: 'lodash', version: '4.17.21' }
- *
- * @example
- * // v5 format - scoped package
- * parseSpec('/@babel/core/7.23.0')
- * // => { name: '@babel/core', version: '7.23.0' }
- *
- * @example
- * // v5 format - with peer dependency suffix (underscore)
- * parseSpec('/styled-jsx/3.0.9_react@17.0.2')
- * // => { name: 'styled-jsx', version: '3.0.9' }
- *
- * @example
- * // v6 format - unscoped package (with leading slash)
- * parseSpec('/lodash@4.17.21')
- * // => { name: 'lodash', version: '4.17.21' }
- *
- * @example
- * // v6 format - scoped package
- * parseSpec('/@babel/core@7.23.0')
- * // => { name: '@babel/core', version: '7.23.0' }
- *
- * @example
- * // v9 format - unscoped package (no leading slash)
- * parseSpec('lodash@4.17.21')
- * // => { name: 'lodash', version: '4.17.21' }
- *
- * @example
- * // v9 format - scoped package (no leading slash)
- * parseSpec('@babel/core@7.23.0')
- * // => { name: '@babel/core', version: '7.23.0' }
- *
- * @example
- * // v9 format - with peer dependency suffix (parentheses)
- * parseSpec('@babel/core@7.23.0(@types/node@20.0.0)')
- * // => { name: '@babel/core', version: '7.23.0' }
- *
- * @example
- * // v9 format - multiple peer dependencies
- * parseSpec('@testing-library/react@14.0.0(react-dom@18.2.0)(react@18.2.0)')
- * // => { name: '@testing-library/react', version: '14.0.0' }
- *
- * @example
- * // Shrinkwrap v3/v4 format - with peer suffix (slash)
- * parseSpec('/foo/1.0.0/bar@2.0.0')
- * // => { name: 'foo', version: '1.0.0' }
- *
- * @example
- * // link: protocol - skipped (returns null)
- * parseSpec('link:packages/my-pkg')
- * // => { name: null, version: null }
- *
- * @example
- * // file: protocol - skipped (returns null)
- * parseSpec('file:../local-package')
- * // => { name: null, version: null }
- *
- * @example
- * // Null input
- * parseSpec(null)
- * // => { name: null, version: null }
- *
- * @example
- * // Prerelease version
- * parseSpec('@verdaccio/ui-theme@6.0.0-6-next.50')
- * // => { name: '@verdaccio/ui-theme', version: '6.0.0-6-next.50' }
- */
-export function parseSpec(spec: string): {
-    name: string | null;
-    version: string | null;
-};
-/**
- * Extract package name from pnpm lockfile key.
- * Wraps parseSpec to return just the name (consistent with other parsers).
- *
- * @param {string} key - pnpm lockfile key
- * @returns {string | null} Package name
- *
- * @example
- * parseLockfileKey('/@babel/core@7.23.0') // => '@babel/core'
- * parseLockfileKey('/lodash/4.17.21') // => 'lodash'
- */
-export function parseLockfileKey(key: string): string | null;
-/**
- * Parse pnpm lockfile (shrinkwrap.yaml, pnpm-lock.yaml v5.x, v6, v9)
- *
- * @param {string | object} input - Lockfile content string or pre-parsed object
- * @param {Object} [_options] - Parser options (unused, reserved for future use)
- * @returns {Generator<Dependency>}
- *
- * @example
- * // Parse from string
- * const deps = [...fromPnpmLock(yamlContent)];
- *
- * @example
- * // Parse from pre-parsed object
- * const lockfile = yaml.load(content);
- * const deps = [...fromPnpmLock(lockfile)];
- */
-export function fromPnpmLock(input: string | object, _options?: Object): Generator<Dependency>;
-export { detectVersion } from "./detect.js";
-export type Dependency = import("../types.js").Dependency;
-//# sourceMappingURL=index.d.ts.map

package/dist/parsers/pnpm/index.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/parsers/pnpm/index.js"],"names":[],"mappings":"AA2BA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmFG;AACH,gCAzEW,MAAM,GACJ;IAAE,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IAAC,OAAO,EAAE,MAAM,GAAG,IAAI,CAAA;CAAE,CA+H3D;AAED;;;;;;;;;;GAUG;AACH,sCAPW,MAAM,GACJ,MAAM,GAAG,IAAI,CAQzB;AAED;;;;;;;;;;;;;;;GAeG;AACH,oCAbW,MAAM,GAAG,MAAM,aACf,MAAM,GACJ,SAAS,CAAC,UAAU,CAAC,CAoGjC;;yBA5Qa,OAAO,aAAa,EAAE,UAAU"}

package/dist/parsers/pnpm/internal.d.ts

@@ -1,5 +0,0 @@
-export { detectVersion, hasLeadingSlash, usesAtSeparator, usesInlineSpecifiers, usesSnapshotsSplit } from "./detect.js";
-export { extractPeerSuffix, hasPeerSuffix, parseSpecShrinkwrap } from "./shrinkwrap.js";
-export { extractPeerSuffixV5, hasPeerSuffixV5, parseSpecV5 } from "./v5.js";
-export { extractPeerSuffixV6Plus, hasPeerSuffixV6Plus, parsePeerDependencies, parseSpecV6Plus } from "./v6plus.js";
-//# sourceMappingURL=internal.d.ts.map

package/dist/parsers/pnpm/internal.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"internal.d.ts","sourceRoot":"","sources":["../../../src/parsers/pnpm/internal.js"],"names":[],"mappings":""}