ghostimport 0.1.0

package/dist/index.cjs

@@ -0,0 +1,476 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  checkNpm: () => checkNpm,
+  checkScary: () => checkScary,
+  extractImports: () => extractImports,
+  loadCache: () => loadCache,
+  loadConfig: () => loadConfig,
+  readPackageJsonDeps: () => readPackageJsonDeps,
+  saveCache: () => saveCache,
+  scan: () => scan,
+  walkFiles: () => walkFiles
+});
+module.exports = __toCommonJS(index_exports);
+
+// src/imports.ts
+var IMPORT_PATTERNS = [
+  /import\s+(?:[\w*{}\s,]+\s+from\s+)?['"]([^'".\n][^'"]*)['"]/g,
+  /require\s*\(\s*['"]([^'".\n][^'"]*)['"]\s*\)/g,
+  /import\s*\(\s*['"]([^'".\n][^'"]*)['"]\s*\)/g,
+  /export\s+(?:[\w*{}\s,]+\s+from\s+)?['"]([^'".\n][^'"]*)['"]/g
+];
+var BUILTIN_MODULES = /* @__PURE__ */ new Set([
+  "assert",
+  "assert/strict",
+  "async_hooks",
+  "buffer",
+  "child_process",
+  "cluster",
+  "console",
+  "constants",
+  "crypto",
+  "dgram",
+  "diagnostics_channel",
+  "dns",
+  "dns/promises",
+  "domain",
+  "events",
+  "fs",
+  "fs/promises",
+  "http",
+  "http2",
+  "https",
+  "inspector",
+  "inspector/promises",
+  "module",
+  "net",
+  "os",
+  "path",
+  "path/posix",
+  "path/win32",
+  "perf_hooks",
+  "process",
+  "punycode",
+  "querystring",
+  "readline",
+  "readline/promises",
+  "repl",
+  "sea",
+  "stream",
+  "stream/consumers",
+  "stream/promises",
+  "stream/web",
+  "string_decoder",
+  "sys",
+  "test",
+  "timers",
+  "timers/promises",
+  "tls",
+  "trace_events",
+  "tty",
+  "url",
+  "util",
+  "util/types",
+  "v8",
+  "vm",
+  "wasi",
+  "worker_threads",
+  "zlib"
+]);
+function isBuiltin(name) {
+  if (name.startsWith("node:")) return true;
+  return BUILTIN_MODULES.has(name);
+}
+function toPackageName(importPath) {
+  if (importPath.startsWith("@")) {
+    const parts = importPath.split("/");
+    if (parts.length < 2) return null;
+    return `${parts[0]}/${parts[1]}`;
+  }
+  return importPath.split("/")[0];
+}
+function extractImports(code) {
+  const found = /* @__PURE__ */ new Set();
+  for (const pattern of IMPORT_PATTERNS) {
+    pattern.lastIndex = 0;
+    let match;
+    while ((match = pattern.exec(code)) !== null) {
+      const raw = match[1];
+      const pkg = toPackageName(raw);
+      if (pkg && !isBuiltin(raw) && !isBuiltin(pkg)) {
+        found.add(pkg);
+      }
+    }
+  }
+  return [...found];
+}
+
+// src/cache.ts
+var import_fs = __toESM(require("fs"), 1);
+var import_path = __toESM(require("path"), 1);
+var import_os = __toESM(require("os"), 1);
+var CACHE_TTL = 24 * 60 * 60 * 1e3;
+function getCacheDir() {
+  const dir = import_path.default.join(import_os.default.homedir(), ".ghostimport");
+  if (!import_fs.default.existsSync(dir)) import_fs.default.mkdirSync(dir, { recursive: true });
+  return dir;
+}
+function getCachePath() {
+  return import_path.default.join(getCacheDir(), "registry-cache.json");
+}
+function loadCache() {
+  const cachePath = getCachePath();
+  if (!import_fs.default.existsSync(cachePath)) return {};
+  try {
+    return JSON.parse(import_fs.default.readFileSync(cachePath, "utf8"));
+  } catch {
+    return {};
+  }
+}
+function saveCache(cache) {
+  import_fs.default.writeFileSync(getCachePath(), JSON.stringify(cache, null, 2), "utf8");
+}
+function getCached(cache, pkgName) {
+  const entry = cache[pkgName];
+  if (!entry) return null;
+  if (Date.now() - entry.ts > CACHE_TTL) return null;
+  return entry;
+}
+
+// src/config.ts
+var import_fs2 = __toESM(require("fs"), 1);
+var import_path2 = __toESM(require("path"), 1);
+var defaults = { ignore: [], includeUndeclared: true };
+function loadConfig(dir) {
+  const configPath = import_path2.default.join(dir, ".ghostimportrc.json");
+  if (!import_fs2.default.existsSync(configPath)) return { ...defaults };
+  try {
+    const raw = JSON.parse(import_fs2.default.readFileSync(configPath, "utf8"));
+    return { ...defaults, ...raw };
+  } catch {
+    return { ...defaults };
+  }
+}
+function matchesIgnore(pkg, patterns) {
+  for (const pattern of patterns) {
+    if (pattern === pkg) return true;
+    if (pattern.endsWith("/*")) {
+      const prefix = pattern.slice(0, -1);
+      if (pkg.startsWith(prefix)) return true;
+    }
+  }
+  return false;
+}
+
+// src/npm.ts
+var import_https = __toESM(require("https"), 1);
+function httpGetJson(url) {
+  return new Promise((resolve, reject) => {
+    const req = import_https.default.get(url, { headers: { Accept: "application/json" }, timeout: 8e3 }, (res) => {
+      let data = "";
+      res.on("data", (chunk) => {
+        data += chunk;
+      });
+      res.on("end", () => {
+        if (res.statusCode === 200) {
+          try {
+            resolve(JSON.parse(data));
+          } catch {
+            reject(new Error("Invalid JSON"));
+          }
+        } else if (res.statusCode === 404) {
+          resolve(null);
+        } else {
+          reject(new Error(`HTTP ${res.statusCode}`));
+        }
+      });
+    });
+    req.on("timeout", () => {
+      req.destroy();
+      reject(new Error("timeout"));
+    });
+    req.on("error", reject);
+  });
+}
+function encodePackageName(pkgName) {
+  return pkgName.startsWith("@") ? "@" + encodeURIComponent(pkgName.slice(1)) : encodeURIComponent(pkgName);
+}
+function checkNpm(pkgName) {
+  return new Promise((resolve) => {
+    const options = {
+      hostname: "registry.npmjs.org",
+      path: `/${encodePackageName(pkgName)}`,
+      method: "GET",
+      headers: { Accept: "application/json" },
+      timeout: 8e3
+    };
+    const req = import_https.default.request(options, (res) => {
+      res.resume();
+      if (res.statusCode === 200) {
+        resolve({ exists: true });
+      } else if (res.statusCode === 404) {
+        resolve({ exists: false });
+      } else {
+        resolve({ exists: null, error: `HTTP ${res.statusCode}` });
+      }
+    });
+    req.on("timeout", () => {
+      req.destroy();
+      resolve({ exists: null, error: "timeout" });
+    });
+    req.on("error", (err) => {
+      resolve({ exists: null, error: err.message });
+    });
+    req.end();
+  });
+}
+async function checkScary(pkgName) {
+  const encoded = encodePackageName(pkgName);
+  try {
+    const meta = await httpGetJson(`https://registry.npmjs.org/${encoded}`);
+    if (!meta) return { exists: false, squatRisk: "available" };
+    const created = meta.time?.created ? new Date(meta.time.created) : null;
+    const ageMs = created ? Date.now() - created.getTime() : Infinity;
+    const ageDays = Math.floor(ageMs / (1e3 * 60 * 60 * 24));
+    let downloads = null;
+    try {
+      const dl = await httpGetJson(`https://api.npmjs.org/downloads/point/last-week/${encoded}`);
+      downloads = dl?.downloads ?? null;
+    } catch {
+    }
+    const flags = [];
+    if (ageDays < 30) flags.push(`created ${ageDays} days ago`);
+    if (downloads !== null && downloads < 50) flags.push(`${downloads} weekly downloads`);
+    if (meta.versions && Object.keys(meta.versions).length <= 1) flags.push("single version published");
+    const risk = flags.length >= 2 ? "high" : flags.length === 1 ? "medium" : "low";
+    return {
+      exists: true,
+      created: created?.toISOString().slice(0, 10) ?? "unknown",
+      downloads,
+      versions: meta.versions ? Object.keys(meta.versions).length : 0,
+      risk,
+      flags
+    };
+  } catch (err) {
+    return { exists: null, error: err.message };
+  }
+}
+
+// src/files.ts
+var import_fs3 = __toESM(require("fs"), 1);
+var import_path3 = __toESM(require("path"), 1);
+var SKIP_DIRS = /* @__PURE__ */ new Set(["node_modules", ".git", "dist", "build", ".next", "coverage", ".cache"]);
+var CODE_EXTS = /* @__PURE__ */ new Set([".js", ".jsx", ".ts", ".tsx", ".mjs", ".cjs"]);
+function walkFiles(dir) {
+  const results = [];
+  function walk(current) {
+    let entries;
+    try {
+      entries = import_fs3.default.readdirSync(current, { withFileTypes: true });
+    } catch {
+      return;
+    }
+    for (const entry of entries) {
+      if (entry.isDirectory()) {
+        if (!SKIP_DIRS.has(entry.name)) walk(import_path3.default.join(current, entry.name));
+      } else if (entry.isFile()) {
+        if (CODE_EXTS.has(import_path3.default.extname(entry.name))) results.push(import_path3.default.join(current, entry.name));
+      }
+    }
+  }
+  walk(dir);
+  return results;
+}
+function readPackageJsonDeps(dir) {
+  const pkgPath = import_path3.default.join(dir, "package.json");
+  if (!import_fs3.default.existsSync(pkgPath)) return /* @__PURE__ */ new Set();
+  try {
+    const pkg = JSON.parse(import_fs3.default.readFileSync(pkgPath, "utf8"));
+    return /* @__PURE__ */ new Set([
+      ...Object.keys(pkg.dependencies ?? {}),
+      ...Object.keys(pkg.devDependencies ?? {}),
+      ...Object.keys(pkg.peerDependencies ?? {}),
+      ...Object.keys(pkg.optionalDependencies ?? {})
+    ]);
+  } catch {
+    return /* @__PURE__ */ new Set();
+  }
+}
+function readWorkspacePackages(dir) {
+  const names = /* @__PURE__ */ new Set();
+  try {
+    const pkg = JSON.parse(import_fs3.default.readFileSync(import_path3.default.join(dir, "package.json"), "utf8"));
+    const workspaces = Array.isArray(pkg.workspaces) ? pkg.workspaces : pkg.workspaces?.packages ?? [];
+    for (const pattern of workspaces) {
+      const base = pattern.replace(/\/?\*$/, "");
+      const wsDir = import_path3.default.join(dir, base);
+      if (!import_fs3.default.existsSync(wsDir)) continue;
+      for (const entry of import_fs3.default.readdirSync(wsDir, { withFileTypes: true })) {
+        if (!entry.isDirectory()) continue;
+        const wsPkgPath = import_path3.default.join(wsDir, entry.name, "package.json");
+        if (!import_fs3.default.existsSync(wsPkgPath)) continue;
+        try {
+          const wsPkg = JSON.parse(import_fs3.default.readFileSync(wsPkgPath, "utf8"));
+          if (wsPkg.name) names.add(wsPkg.name);
+        } catch {
+        }
+      }
+    }
+  } catch {
+  }
+  const pnpmPath = import_path3.default.join(dir, "pnpm-workspace.yaml");
+  if (!import_fs3.default.existsSync(pnpmPath)) return names;
+  try {
+    const content = import_fs3.default.readFileSync(pnpmPath, "utf8");
+    for (const m of content.matchAll(/- ['"]?([^'"\n]+)['"]?/g)) {
+      const base = m[1].replace(/\/?\*$/, "");
+      const wsDir = import_path3.default.join(dir, base);
+      if (!import_fs3.default.existsSync(wsDir)) continue;
+      for (const entry of import_fs3.default.readdirSync(wsDir, { withFileTypes: true })) {
+        if (!entry.isDirectory()) continue;
+        const wsPkgPath = import_path3.default.join(wsDir, entry.name, "package.json");
+        if (!import_fs3.default.existsSync(wsPkgPath)) continue;
+        try {
+          const wsPkg = JSON.parse(import_fs3.default.readFileSync(wsPkgPath, "utf8"));
+          if (wsPkg.name) names.add(wsPkg.name);
+        } catch {
+        }
+      }
+    }
+  } catch {
+  }
+  return names;
+}
+
+// src/scan.ts
+var import_fs4 = __toESM(require("fs"), 1);
+var import_path4 = __toESM(require("path"), 1);
+var CONCURRENCY = 10;
+async function scan(targetDir, { onProgress, useCache = true, scary = false, config } = {}) {
+  const conf = config ?? loadConfig(targetDir);
+  const files = walkFiles(targetDir);
+  const declaredDeps = readPackageJsonDeps(targetDir);
+  const workspacePkgs = readWorkspacePackages(targetDir);
+  const cache = useCache ? loadCache() : {};
+  let cacheHits = 0;
+  const importMap = /* @__PURE__ */ new Map();
+  for (const file of files) {
+    let code;
+    try {
+      code = import_fs4.default.readFileSync(file, "utf8");
+    } catch {
+      continue;
+    }
+    for (const pkg of extractImports(code)) {
+      if (!importMap.has(pkg)) importMap.set(pkg, []);
+      importMap.get(pkg).push(import_path4.default.relative(targetDir, file));
+    }
+  }
+  const allPkgs = [...importMap.keys()].filter(
+    (pkg) => !matchesIgnore(pkg, conf.ignore) && !workspacePkgs.has(pkg)
+  );
+  const results = {
+    scanned: files.length,
+    packages: allPkgs.length,
+    hallucinated: [],
+    notInPackageJson: [],
+    errors: [],
+    scary: [],
+    cacheHits: 0
+  };
+  for (let i = 0; i < allPkgs.length; i += CONCURRENCY) {
+    const batch = allPkgs.slice(i, i + CONCURRENCY);
+    const checks = await Promise.all(
+      batch.map((pkg) => {
+        const cached = getCached(cache, pkg);
+        if (cached) {
+          cacheHits++;
+          return Promise.resolve({ exists: cached.exists });
+        }
+        return checkNpm(pkg);
+      })
+    );
+    for (let j = 0; j < batch.length; j++) {
+      const pkg = batch[j];
+      const { exists, error } = checks[j];
+      const matchedFiles = importMap.get(pkg);
+      if (exists !== null && useCache) {
+        cache[pkg] = { exists, ts: Date.now() };
+      }
+      onProgress?.({ pkg, exists, error, total: allPkgs.length, done: i + j + 1 });
+      if (exists === false) {
+        results.hallucinated.push({ pkg, files: matchedFiles });
+      } else if (exists === null && error) {
+        results.errors.push({ pkg, error, files: matchedFiles });
+      } else if (exists === true && !declaredDeps.has(pkg)) {
+        results.notInPackageJson.push({ pkg, files: matchedFiles });
+      }
+    }
+  }
+  if (useCache) saveCache(cache);
+  results.cacheHits = cacheHits;
+  if (scary) {
+    for (const { pkg, files: matchedFiles } of results.hallucinated) {
+      results.scary.push({ pkg, files: matchedFiles, type: "available" });
+    }
+    for (const { pkg, files: matchedFiles } of results.notInPackageJson) {
+      const info = await checkScary(pkg);
+      if (info.exists === true && info.risk !== "low") {
+        results.scary.push({
+          pkg,
+          files: matchedFiles,
+          type: "suspicious",
+          exists: true,
+          created: info.created,
+          downloads: info.downloads,
+          versions: info.versions,
+          risk: info.risk,
+          flags: info.flags
+        });
+      }
+    }
+  }
+  return results;
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  checkNpm,
+  checkScary,
+  extractImports,
+  loadCache,
+  loadConfig,
+  readPackageJsonDeps,
+  saveCache,
+  scan,
+  walkFiles
+});

package/dist/index.d.ts

@@ -0,0 +1,7 @@
+export { extractImports } from './imports';
+export { loadCache, saveCache } from './cache';
+export { loadConfig } from './config';
+export { checkNpm, checkScary } from './npm';
+export { walkFiles, readPackageJsonDeps } from './files';
+export { scan } from './scan';
+export type { Config, ScanOptions, ScanProgress, ScanResult, PackageRef, PackageError, ScaryEntry, NpmCheckResult, ScaryCheckResult, CacheEntry, } from './types';