npm - ghostimport - Versions diffs - 0.1.0 - Mend

ghostimport 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

package/dist/index.js ADDED Viewed

@@ -0,0 +1,431 @@
+// src/imports.ts
+var IMPORT_PATTERNS = [
+  /import\s+(?:[\w*{}\s,]+\s+from\s+)?['"]([^'".\n][^'"]*)['"]/g,
+  /require\s*\(\s*['"]([^'".\n][^'"]*)['"]\s*\)/g,
+  /import\s*\(\s*['"]([^'".\n][^'"]*)['"]\s*\)/g,
+  /export\s+(?:[\w*{}\s,]+\s+from\s+)?['"]([^'".\n][^'"]*)['"]/g
+];
+var BUILTIN_MODULES = /* @__PURE__ */ new Set([
+  "assert",
+  "assert/strict",
+  "async_hooks",
+  "buffer",
+  "child_process",
+  "cluster",
+  "console",
+  "constants",
+  "crypto",
+  "dgram",
+  "diagnostics_channel",
+  "dns",
+  "dns/promises",
+  "domain",
+  "events",
+  "fs",
+  "fs/promises",
+  "http",
+  "http2",
+  "https",
+  "inspector",
+  "inspector/promises",
+  "module",
+  "net",
+  "os",
+  "path",
+  "path/posix",
+  "path/win32",
+  "perf_hooks",
+  "process",
+  "punycode",
+  "querystring",
+  "readline",
+  "readline/promises",
+  "repl",
+  "sea",
+  "stream",
+  "stream/consumers",
+  "stream/promises",
+  "stream/web",
+  "string_decoder",
+  "sys",
+  "test",
+  "timers",
+  "timers/promises",
+  "tls",
+  "trace_events",
+  "tty",
+  "url",
+  "util",
+  "util/types",
+  "v8",
+  "vm",
+  "wasi",
+  "worker_threads",
+  "zlib"
+]);
+function isBuiltin(name) {
+  if (name.startsWith("node:")) return true;
+  return BUILTIN_MODULES.has(name);
+}
+function toPackageName(importPath) {
+  if (importPath.startsWith("@")) {
+    const parts = importPath.split("/");
+    if (parts.length < 2) return null;
+    return `${parts[0]}/${parts[1]}`;
+  }
+  return importPath.split("/")[0];
+}
+function extractImports(code) {
+  const found = /* @__PURE__ */ new Set();
+  for (const pattern of IMPORT_PATTERNS) {
+    pattern.lastIndex = 0;
+    let match;
+    while ((match = pattern.exec(code)) !== null) {
+      const raw = match[1];
+      const pkg = toPackageName(raw);
+      if (pkg && !isBuiltin(raw) && !isBuiltin(pkg)) {
+        found.add(pkg);
+      }
+    }
+  }
+  return [...found];
+}
+// src/cache.ts
+import fs from "fs";
+import path from "path";
+import os from "os";
+var CACHE_TTL = 24 * 60 * 60 * 1e3;
+function getCacheDir() {
+  const dir = path.join(os.homedir(), ".ghostimport");
+  if (!fs.existsSync(dir)) fs.mkdirSync(dir, { recursive: true });
+  return dir;
+}
+function getCachePath() {
+  return path.join(getCacheDir(), "registry-cache.json");
+}
+function loadCache() {
+  const cachePath = getCachePath();
+  if (!fs.existsSync(cachePath)) return {};
+  try {
+    return JSON.parse(fs.readFileSync(cachePath, "utf8"));
+  } catch {
+    return {};
+  }
+}
+function saveCache(cache) {
+  fs.writeFileSync(getCachePath(), JSON.stringify(cache, null, 2), "utf8");
+}
+function getCached(cache, pkgName) {
+  const entry = cache[pkgName];
+  if (!entry) return null;
+  if (Date.now() - entry.ts > CACHE_TTL) return null;
+  return entry;
+}
+// src/config.ts
+import fs2 from "fs";
+import path2 from "path";
+var defaults = { ignore: [], includeUndeclared: true };
+function loadConfig(dir) {
+  const configPath = path2.join(dir, ".ghostimportrc.json");
+  if (!fs2.existsSync(configPath)) return { ...defaults };
+  try {
+    const raw = JSON.parse(fs2.readFileSync(configPath, "utf8"));
+    return { ...defaults, ...raw };
+  } catch {
+    return { ...defaults };
+  }
+}
+function matchesIgnore(pkg, patterns) {
+  for (const pattern of patterns) {
+    if (pattern === pkg) return true;
+    if (pattern.endsWith("/*")) {
+      const prefix = pattern.slice(0, -1);
+      if (pkg.startsWith(prefix)) return true;
+    }
+  }
+  return false;
+}
+// src/npm.ts
+import https from "https";
+function httpGetJson(url) {
+  return new Promise((resolve, reject) => {
+    const req = https.get(url, { headers: { Accept: "application/json" }, timeout: 8e3 }, (res) => {
+      let data = "";
+      res.on("data", (chunk) => {
+        data += chunk;
+      });
+      res.on("end", () => {
+        if (res.statusCode === 200) {
+          try {
+            resolve(JSON.parse(data));
+          } catch {
+            reject(new Error("Invalid JSON"));
+          }
+        } else if (res.statusCode === 404) {
+          resolve(null);
+        } else {
+          reject(new Error(`HTTP ${res.statusCode}`));
+        }
+      });
+    });
+    req.on("timeout", () => {
+      req.destroy();
+      reject(new Error("timeout"));
+    });
+    req.on("error", reject);
+  });
+}
+function encodePackageName(pkgName) {
+  return pkgName.startsWith("@") ? "@" + encodeURIComponent(pkgName.slice(1)) : encodeURIComponent(pkgName);
+}
+function checkNpm(pkgName) {
+  return new Promise((resolve) => {
+    const options = {
+      hostname: "registry.npmjs.org",
+      path: `/${encodePackageName(pkgName)}`,
+      method: "GET",
+      headers: { Accept: "application/json" },
+      timeout: 8e3
+    };
+    const req = https.request(options, (res) => {
+      res.resume();
+      if (res.statusCode === 200) {
+        resolve({ exists: true });
+      } else if (res.statusCode === 404) {
+        resolve({ exists: false });
+      } else {
+        resolve({ exists: null, error: `HTTP ${res.statusCode}` });
+      }
+    });
+    req.on("timeout", () => {
+      req.destroy();
+      resolve({ exists: null, error: "timeout" });
+    });
+    req.on("error", (err) => {
+      resolve({ exists: null, error: err.message });
+    });
+    req.end();
+  });
+}
+async function checkScary(pkgName) {
+  const encoded = encodePackageName(pkgName);
+  try {
+    const meta = await httpGetJson(`https://registry.npmjs.org/${encoded}`);
+    if (!meta) return { exists: false, squatRisk: "available" };
+    const created = meta.time?.created ? new Date(meta.time.created) : null;
+    const ageMs = created ? Date.now() - created.getTime() : Infinity;
+    const ageDays = Math.floor(ageMs / (1e3 * 60 * 60 * 24));
+    let downloads = null;
+    try {
+      const dl = await httpGetJson(`https://api.npmjs.org/downloads/point/last-week/${encoded}`);
+      downloads = dl?.downloads ?? null;
+    } catch {
+    }
+    const flags = [];
+    if (ageDays < 30) flags.push(`created ${ageDays} days ago`);
+    if (downloads !== null && downloads < 50) flags.push(`${downloads} weekly downloads`);
+    if (meta.versions && Object.keys(meta.versions).length <= 1) flags.push("single version published");
+    const risk = flags.length >= 2 ? "high" : flags.length === 1 ? "medium" : "low";
+    return {
+      exists: true,
+      created: created?.toISOString().slice(0, 10) ?? "unknown",
+      downloads,
+      versions: meta.versions ? Object.keys(meta.versions).length : 0,
+      risk,
+      flags
+    };
+  } catch (err) {
+    return { exists: null, error: err.message };
+  }
+}
+// src/files.ts
+import fs3 from "fs";
+import path3 from "path";
+var SKIP_DIRS = /* @__PURE__ */ new Set(["node_modules", ".git", "dist", "build", ".next", "coverage", ".cache"]);
+var CODE_EXTS = /* @__PURE__ */ new Set([".js", ".jsx", ".ts", ".tsx", ".mjs", ".cjs"]);
+function walkFiles(dir) {
+  const results = [];
+  function walk(current) {
+    let entries;
+    try {
+      entries = fs3.readdirSync(current, { withFileTypes: true });
+    } catch {
+      return;
+    }
+    for (const entry of entries) {
+      if (entry.isDirectory()) {
+        if (!SKIP_DIRS.has(entry.name)) walk(path3.join(current, entry.name));
+      } else if (entry.isFile()) {
+        if (CODE_EXTS.has(path3.extname(entry.name))) results.push(path3.join(current, entry.name));
+      }
+    }
+  }
+  walk(dir);
+  return results;
+}
+function readPackageJsonDeps(dir) {
+  const pkgPath = path3.join(dir, "package.json");
+  if (!fs3.existsSync(pkgPath)) return /* @__PURE__ */ new Set();
+  try {
+    const pkg = JSON.parse(fs3.readFileSync(pkgPath, "utf8"));
+    return /* @__PURE__ */ new Set([
+      ...Object.keys(pkg.dependencies ?? {}),
+      ...Object.keys(pkg.devDependencies ?? {}),
+      ...Object.keys(pkg.peerDependencies ?? {}),
+      ...Object.keys(pkg.optionalDependencies ?? {})
+    ]);
+  } catch {
+    return /* @__PURE__ */ new Set();
+  }
+}
+function readWorkspacePackages(dir) {
+  const names = /* @__PURE__ */ new Set();
+  try {
+    const pkg = JSON.parse(fs3.readFileSync(path3.join(dir, "package.json"), "utf8"));
+    const workspaces = Array.isArray(pkg.workspaces) ? pkg.workspaces : pkg.workspaces?.packages ?? [];
+    for (const pattern of workspaces) {
+      const base = pattern.replace(/\/?\*$/, "");
+      const wsDir = path3.join(dir, base);
+      if (!fs3.existsSync(wsDir)) continue;
+      for (const entry of fs3.readdirSync(wsDir, { withFileTypes: true })) {
+        if (!entry.isDirectory()) continue;
+        const wsPkgPath = path3.join(wsDir, entry.name, "package.json");
+        if (!fs3.existsSync(wsPkgPath)) continue;
+        try {
+          const wsPkg = JSON.parse(fs3.readFileSync(wsPkgPath, "utf8"));
+          if (wsPkg.name) names.add(wsPkg.name);
+        } catch {
+        }
+      }
+    }
+  } catch {
+  }
+  const pnpmPath = path3.join(dir, "pnpm-workspace.yaml");
+  if (!fs3.existsSync(pnpmPath)) return names;
+  try {
+    const content = fs3.readFileSync(pnpmPath, "utf8");
+    for (const m of content.matchAll(/- ['"]?([^'"\n]+)['"]?/g)) {
+      const base = m[1].replace(/\/?\*$/, "");
+      const wsDir = path3.join(dir, base);
+      if (!fs3.existsSync(wsDir)) continue;
+      for (const entry of fs3.readdirSync(wsDir, { withFileTypes: true })) {
+        if (!entry.isDirectory()) continue;
+        const wsPkgPath = path3.join(wsDir, entry.name, "package.json");
+        if (!fs3.existsSync(wsPkgPath)) continue;
+        try {
+          const wsPkg = JSON.parse(fs3.readFileSync(wsPkgPath, "utf8"));
+          if (wsPkg.name) names.add(wsPkg.name);
+        } catch {
+        }
+      }
+    }
+  } catch {
+  }
+  return names;
+}
+// src/scan.ts
+import fs4 from "fs";
+import path4 from "path";
+var CONCURRENCY = 10;
+async function scan(targetDir, { onProgress, useCache = true, scary = false, config } = {}) {
+  const conf = config ?? loadConfig(targetDir);
+  const files = walkFiles(targetDir);
+  const declaredDeps = readPackageJsonDeps(targetDir);
+  const workspacePkgs = readWorkspacePackages(targetDir);
+  const cache = useCache ? loadCache() : {};
+  let cacheHits = 0;
+  const importMap = /* @__PURE__ */ new Map();
+  for (const file of files) {
+    let code;
+    try {
+      code = fs4.readFileSync(file, "utf8");
+    } catch {
+      continue;
+    }
+    for (const pkg of extractImports(code)) {
+      if (!importMap.has(pkg)) importMap.set(pkg, []);
+      importMap.get(pkg).push(path4.relative(targetDir, file));
+    }
+  }
+  const allPkgs = [...importMap.keys()].filter(
+    (pkg) => !matchesIgnore(pkg, conf.ignore) && !workspacePkgs.has(pkg)
+  );
+  const results = {
+    scanned: files.length,
+    packages: allPkgs.length,
+    hallucinated: [],
+    notInPackageJson: [],
+    errors: [],
+    scary: [],
+    cacheHits: 0
+  };
+  for (let i = 0; i < allPkgs.length; i += CONCURRENCY) {
+    const batch = allPkgs.slice(i, i + CONCURRENCY);
+    const checks = await Promise.all(
+      batch.map((pkg) => {
+        const cached = getCached(cache, pkg);
+        if (cached) {
+          cacheHits++;
+          return Promise.resolve({ exists: cached.exists });
+        }
+        return checkNpm(pkg);
+      })
+    );
+    for (let j = 0; j < batch.length; j++) {
+      const pkg = batch[j];
+      const { exists, error } = checks[j];
+      const matchedFiles = importMap.get(pkg);
+      if (exists !== null && useCache) {
+        cache[pkg] = { exists, ts: Date.now() };
+      }
+      onProgress?.({ pkg, exists, error, total: allPkgs.length, done: i + j + 1 });
+      if (exists === false) {
+        results.hallucinated.push({ pkg, files: matchedFiles });
+      } else if (exists === null && error) {
+        results.errors.push({ pkg, error, files: matchedFiles });
+      } else if (exists === true && !declaredDeps.has(pkg)) {
+        results.notInPackageJson.push({ pkg, files: matchedFiles });
+      }
+    }
+  }
+  if (useCache) saveCache(cache);
+  results.cacheHits = cacheHits;
+  if (scary) {
+    for (const { pkg, files: matchedFiles } of results.hallucinated) {
+      results.scary.push({ pkg, files: matchedFiles, type: "available" });
+    }
+    for (const { pkg, files: matchedFiles } of results.notInPackageJson) {
+      const info = await checkScary(pkg);
+      if (info.exists === true && info.risk !== "low") {
+        results.scary.push({
+          pkg,
+          files: matchedFiles,
+          type: "suspicious",
+          exists: true,
+          created: info.created,
+          downloads: info.downloads,
+          versions: info.versions,
+          risk: info.risk,
+          flags: info.flags
+        });
+      }
+    }
+  }
+  return results;
+}
+export {
+  checkNpm,
+  checkScary,
+  extractImports,
+  loadCache,
+  loadConfig,
+  readPackageJsonDeps,
+  saveCache,
+  scan,
+  walkFiles
+};

package/dist/npm.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+import type { NpmCheckResult, ScaryCheckResult } from './types';
+export declare function checkNpm(pkgName: string): Promise<NpmCheckResult>;
+export declare function checkScary(pkgName: string): Promise<ScaryCheckResult>;

package/dist/scan.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ import type { ScanOptions, ScanResult } from './types';
2	+ export declare function scan(targetDir: string, { onProgress, useCache, scary, config }?: ScanOptions): Promise<ScanResult>;

package/dist/types.d.ts ADDED Viewed

@@ -0,0 +1,70 @@
+export interface Config {
+    ignore: string[];
+    includeUndeclared: boolean;
+}
+export interface ScanOptions {
+    onProgress?: (progress: ScanProgress) => void;
+    useCache?: boolean;
+    scary?: boolean;
+    config?: Config;
+}
+export interface ScanProgress {
+    pkg: string;
+    exists: boolean | null;
+    error?: string;
+    total: number;
+    done: number;
+}
+export interface PackageRef {
+    pkg: string;
+    files: string[];
+}
+export interface PackageError extends PackageRef {
+    error: string;
+}
+export type ScaryEntry = {
+    pkg: string;
+    files: string[];
+    type: 'available';
+} | {
+    pkg: string;
+    files: string[];
+    type: 'suspicious';
+    exists: true;
+    created: string;
+    downloads: number | null;
+    versions: number;
+    risk: 'medium' | 'high';
+    flags: string[];
+};
+export interface ScanResult {
+    scanned: number;
+    packages: number;
+    hallucinated: PackageRef[];
+    notInPackageJson: PackageRef[];
+    errors: PackageError[];
+    scary: ScaryEntry[];
+    cacheHits: number;
+}
+export interface NpmCheckResult {
+    exists: boolean | null;
+    error?: string;
+}
+export type ScaryCheckResult = {
+    exists: true;
+    created: string;
+    downloads: number | null;
+    versions: number;
+    risk: 'low' | 'medium' | 'high';
+    flags: string[];
+} | {
+    exists: false;
+    squatRisk: 'available';
+} | {
+    exists: null;
+    error: string;
+};
+export interface CacheEntry {
+    exists: boolean;
+    ts: number;
+}

package/package.json ADDED Viewed

@@ -0,0 +1,61 @@
+{
+  "name": "ghostimport",
+  "version": "0.1.0",
+  "description": "Detects ghost imports in your code - imports that don't exist, hallucinated by AI coding tools.",
+  "keywords": [
+    "npm",
+    "ai",
+    "hallucination",
+    "vibe-coding",
+    "cursor",
+    "claude",
+    "imports",
+    "security",
+    "lint",
+    "ghost"
+  ],
+  "homepage": "https://github.com/FGuerreir0/ghostimport#readme",
+  "bugs": {
+    "url": "https://github.com/FGuerreir0/ghostimport/issues"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/FGuerreir0/ghostimport.git"
+  },
+  "license": "MIT",
+  "author": "Fábio Guerreiro",
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "sideEffects": false,
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js",
+      "require": "./dist/index.cjs"
+    }
+  },
+  "bin": {
+    "ghostimport": "dist/cli.js"
+  },
+  "files": [
+    "dist"
+  ],
+  "engines": {
+    "node": ">=22"
+  },
+  "scripts": {
+    "build": "node build.js",
+    "typecheck": "tsc",
+    "clean": "node -e \"require('fs').rmSync('dist', { recursive: true, force: true })\"",
+    "test": "tsx tests/test.ts",
+    "dev": "tsx src/cli.ts",
+    "prepublishOnly": "npm run build"
+  },
+  "devDependencies": {
+    "@types/node": "^20.19.39",
+    "esbuild": "^0.25.0",
+    "tsx": "^4.21.0",
+    "typescript": "^5.9.3"
+  }
+}