inup 1.4.12 → 1.5.1

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Donfear
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -1,49 +1,45 @@
-# 🚀 inup
+# inup — Interactive Dependency Upgrader
 
 [![npm version](https://img.shields.io/npm/v/inup?logo=npm&logoColor=%23CB3837&style=for-the-badge&color=crimson)](https://www.npmjs.com/package/inup)
 [![Downloads](https://img.shields.io/npm/dm/inup?style=for-the-badge&color=646CFF&logoColor=white)](https://www.npmjs.com/package/inup)
 [![Total downloads](https://img.shields.io/npm/dt/inup?style=for-the-badge&color=informational)](https://www.npmjs.com/package/inup)
+[![CI](https://img.shields.io/github/actions/workflow/status/donfear/inup/ci.yml?branch=main&style=for-the-badge&label=CI)](https://github.com/donfear/inup/actions/workflows/ci.yml)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg?style=for-the-badge)](https://github.com/donfear/inup/blob/main/LICENSE)
 
-Upgrade your dependencies interactively. Works with npm, yarn, pnpm, and bun.
+Interactively upgrade outdated dependencies across npm, yarn, pnpm, and bun. Auto-detects your package manager, works in monorepos and workspaces, and requires zero configuration.
 
 ![Interactive Upgrade Demo](docs/demo/interactive-upgrade.gif)
 
-## 🚀 Usage
+## Quick Start
 
 ```bash
 npx inup
 ```
 
-Or install globally:
+Or install globally with your preferred package manager:
 
 ```bash
 npm install -g inup
+pnpm add -g inup
+yarn global add inup
+bun add -g inup
 ```
 
-That's it. The tool scans your project, finds outdated packages, and lets you pick what to upgrade.
+Run `inup` in any project — it scans for outdated packages and lets you pick what to upgrade.
 
-## 💡 Why inup?
+## Why inup?
 
-- **Inclusive by Default**: We load Dev, Peer, and Optional dependencies automatically. No more restarting the tool because you forgot a `--peer` flag.
-- **Live Toggles**: Toggle dependency types (`d`, `p`, `o`) on the fly without exiting.
-- **Zero Config**: Auto-detects your package manager.
-- **Monorepo Ready**: Seamlessly handles workspaces.
-- **Modern UX**: Search with `/`, view package details with `i`, and swap themes with `t`.
+- **All Dependencies at Once** — Dev, peer, and optional dependencies load automatically. No more re-running with `--peer` or `--dev` flags.
+- **Live Toggles** — Filter dependency types (`d`, `p`, `o`) on the fly without restarting.
+- **Zero Config** — Auto-detects npm, yarn, pnpm, or bun from your lockfile.
+- **Monorepo Ready** — Discovers and upgrades across workspaces seamlessly.
+- **Vulnerability Audit** — Flags known security vulnerabilities right in the package list so you know what's risky before upgrading.
+- **Changelog Viewer** — Read release notes and changelogs inline without leaving the terminal.
+- **Built-in Search** — Press `/` to filter packages instantly.
+- **Package Details** — Press `i` to view package info, download stats, and more.
+- **Themes** — Press `t` to switch between color themes.
 
-## ⌨️ Keyboard Shortcuts
-
-- `↑/↓` - Navigate packages
-- `←/→` - Select version (current, patch, minor, major)
-- `Space` - Toggle selection
-- `m` - Select all minor updates
-- `l` - Select all latest updates
-- `u` - Unselect all
-- `/` - Search packages
-- `t` - Change theme
-- `i` - View package info
-- `Enter` - Confirm and upgrade
-
-## ⚙️ Options
+## Options
 
 ```bash
 inup [options]
@@ -56,12 +52,25 @@ inup [options]
 --debug                       Write verbose debug logs
 ```
 
-## 🔒 Privacy
+## Keyboard Shortcuts
+
+| Key | Action |
+|-----|--------|
+| `↑` `↓` | Navigate packages |
+| `←` `→` | Select version (current, patch, minor, major) |
+| `Space` | Toggle selection |
+| `m` | Select all minor updates |
+| `l` | Select all latest updates |
+| `u` | Unselect all |
+| `/` | Search packages |
+| `i` | View package info |
+| `t` | Change theme |
+| `Enter` | Confirm and upgrade |
 
-We don't track anything. Ever.
+## Privacy
 
-Version checks and package metadata are fetched from the npm registry. When needed for immutable exact-version manifests, inup may also fetch a pinned `package.json` from jsDelivr. Weekly download counts come from the npm downloads API.
+No tracking, no telemetry, no data collection. Package metadata is fetched directly from the npm registry. Download counts come from the npm downloads API. When needed for exact-version manifests, inup may fetch a pinned `package.json` from jsDelivr.
 
-## 📄 License
+## License
 
-MIT
+[MIT](LICENSE)

package/dist/cli.js

@@ -4,6 +4,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.runCli = runCli;
 const commander_1 = require("commander");
 const chalk_1 = __importDefault(require("chalk"));
 const fs_1 = require("fs");
@@ -12,24 +13,23 @@ const index_1 = require("./index");
 const services_1 = require("./services");
 const config_1 = require("./config");
 const utils_1 = require("./utils");
+const git_1 = require("./utils/git");
+const terminal_input_1 = require("./ui/utils/terminal-input");
 const packageJson = JSON.parse((0, fs_1.readFileSync)((0, path_1.join)(__dirname, '../package.json'), 'utf-8'));
 const program = new commander_1.Command();
-program
-    .name('inup')
-    .description('Interactive upgrade tool for package managers. Auto-detects and works with npm, yarn, pnpm, and bun.')
-    .version(packageJson.version)
-    .option('-d, --dir <directory>', 'specify directory to run in', process.cwd())
-    .option('-e, --exclude <patterns>', 'exclude paths matching regex patterns (comma-separated)', '')
-    .option('-i, --ignore <packages>', 'ignore packages (comma-separated, supports glob patterns like @babel/*)')
-    .option('--max-depth <number>', 'maximum directory depth for package.json discovery', '10')
-    .option('--package-manager <name>', 'manually specify package manager (npm, yarn, pnpm, bun)')
-    .option('--debug', 'write verbose debug log to /tmp/inup-debug-YYYY-MM-DD.log')
-    .action(async (options) => {
-    console.log(chalk_1.default.bold.blue(`🚀 `) + chalk_1.default.bold.red(`i`) + chalk_1.default.bold.yellow(`n`) + chalk_1.default.bold.blue(`u`) + chalk_1.default.bold.magenta(`p`) + `\n`);
+async function runCli(options) {
     const cwd = (0, path_1.resolve)(options.dir);
     if (options.debug || process.env.INUP_DEBUG === '1') {
         (0, utils_1.enableDebugLogging)();
     }
+    const gitState = (0, git_1.getGitWorkingTreeState)(cwd);
+    if (gitState.isRepo && gitState.isDirty) {
+        const shouldProceed = await terminal_input_1.TerminalInput.promptForImmediateConfirmation(`${chalk_1.default.yellow('Warning:')} dirty working tree. Proceed anyway? ${chalk_1.default.dim('[y/N]')} `, false);
+        if (!shouldProceed) {
+            console.log(chalk_1.default.yellow('Upgrade cancelled.'));
+            return;
+        }
+    }
     // Load project config from .inuprc
     const projectConfig = (0, config_1.loadProjectConfig)(cwd);
     // Merge CLI exclude patterns with config
@@ -73,6 +73,8 @@ program
         maxDepth,
         ignorePackages,
         packageManager,
+        showPeerDependencyVulnerabilities: projectConfig.showPeerDependencyVulnerabilities ?? false,
+        showOptionalDependencyVulnerabilities: projectConfig.showOptionalDependencyVulnerabilities ?? false,
         debug: options.debug || process.env.INUP_DEBUG === '1',
     });
     await upgrader.run();
@@ -98,7 +100,18 @@ program
         console.log(chalk_1.default.yellow('└' + '─'.repeat(78) + '┘'));
         console.log('');
     }
-});
+}
+program
+    .name('inup')
+    .description('Interactive upgrade tool for package managers. Auto-detects and works with npm, yarn, pnpm, and bun.')
+    .version(packageJson.version)
+    .option('-d, --dir <directory>', 'specify directory to run in', process.cwd())
+    .option('-e, --exclude <patterns>', 'exclude paths matching regex patterns (comma-separated)', '')
+    .option('-i, --ignore <packages>', 'ignore packages (comma-separated, supports glob patterns like @babel/*)')
+    .option('--max-depth <number>', 'maximum directory depth for package.json discovery', '10')
+    .option('--package-manager <name>', 'manually specify package manager (npm, yarn, pnpm, bun)')
+    .option('--debug', 'write verbose debug log to /tmp/inup-debug-YYYY-MM-DD.log')
+    .action(runCli);
 // Handle uncaught errors gracefully
 process.on('uncaughtException', (error) => {
     console.error(chalk_1.default.red('Uncaught Exception:'), error.message);
@@ -127,5 +140,7 @@ process.on('SIGTERM', () => {
     console.log(chalk_1.default.yellow('\n\nOperation cancelled.'));
     process.exit(0);
 });
-program.parse();
+if (require.main === module) {
+    program.parse();
+}
 //# sourceMappingURL=cli.js.map

package/dist/config/project-config.js

@@ -49,6 +49,12 @@ function normalizeConfig(config) {
             normalized.exclude = config.exclude.filter((item) => typeof item === 'string');
         }
     }
+    if (typeof config.showPeerDependencyVulnerabilities === 'boolean') {
+        normalized.showPeerDependencyVulnerabilities = config.showPeerDependencyVulnerabilities;
+    }
+    if (typeof config.showOptionalDependencyVulnerabilities === 'boolean') {
+        normalized.showOptionalDependencyVulnerabilities = config.showOptionalDependencyVulnerabilities;
+    }
     return normalized;
 }
 /**

package/dist/core/package-detector.js

@@ -44,7 +44,7 @@ class PackageDetector {
     constructor(options) {
         this.packageJsonPath = null;
         this.packageJson = null;
-        this.batchSizes = [10, 15, 20, 25];
+        this.batchSize = 25;
         this.batchConcurrency = 5;
         this.cwd = options?.cwd || process.cwd();
         this.excludePatterns = options?.excludePatterns || [];
@@ -115,7 +115,7 @@ class PackageDetector {
                 },
             });
         }, prepared.currentVersions, {
-            batchSizes: this.batchSizes,
+            batchSize: this.batchSize,
             concurrency: this.batchConcurrency,
         });
         utils_3.debugLog.perf('PackageDetector', `registry fetch (${resolved}/${prepared.uniquePackages.length} resolved)`, tFetch);
@@ -245,6 +245,7 @@ class PackageDetector {
                     isOutdated,
                     hasRangeUpdate,
                     hasMajorUpdate,
+                    allVersions,
                 };
             }
             catch (error) {

package/dist/core/upgrade-runner.js

@@ -9,6 +9,7 @@ const package_detector_1 = require("./package-detector");
 const interactive_ui_1 = require("../interactive-ui");
 const upgrader_1 = require("./upgrader");
 const package_manager_detector_1 = require("../services/package-manager-detector");
+const utils_1 = require("../ui/utils");
 /**
  * Main orchestrator for the inup upgrade process
  */
@@ -24,7 +25,10 @@ class UpgradeRunner {
             this.packageManager = package_manager_detector_1.PackageManagerDetector.detect(cwd);
         }
         this.detector = new package_detector_1.PackageDetector(options);
-        this.ui = new interactive_ui_1.InteractiveUI(this.packageManager);
+        this.ui = new interactive_ui_1.InteractiveUI(this.packageManager, {
+            showPeerDependencyVulnerabilities: options?.showPeerDependencyVulnerabilities ?? false,
+            showOptionalDependencyVulnerabilities: options?.showOptionalDependencyVulnerabilities ?? false,
+        });
         this.upgrader = new upgrader_1.PackageUpgrader(this.packageManager);
     }
     async run() {
@@ -114,8 +118,7 @@ class UpgradeRunner {
                 shouldProceed = await this.ui.confirmUpgrade(selectedChoices);
                 if (shouldProceed === null) {
                     // User pressed N or ESC - go back to selection with current selections preserved
-                    console.clear();
-                    console.log(chalk_1.default.bold.blue('🚀 inup\n'));
+                    utils_1.ConsoleUtils.clearProgress();
                     selectedChoices = progress.isLoading
                         ? await this.ui.selectPackagesToUpgradeProgressive(selectionStates, progress, (refresh) => {
                             refreshUI = refresh;

package/dist/features/changelog/clients/github-client.js

@@ -0,0 +1,134 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.GitHubClient = void 0;
+const repository_ref_1 = require("../parsers/repository-ref");
+const GITHUB_RELEASES_PAGE_LIMIT = 3;
+class GitHubClient {
+    constructor() {
+        this.releasesCache = new Map();
+        this.rawChangelogCache = new Map();
+    }
+    clearCache() {
+        this.releasesCache.clear();
+        this.rawChangelogCache.clear();
+    }
+    async fetchReleaseByTag(repoUrl, tag, signal) {
+        const repo = (0, repository_ref_1.parseGitHubRepo)(repoUrl);
+        if (!repo)
+            return null;
+        try {
+            const response = await fetch(`https://api.github.com/repos/${repo.owner}/${repo.repo}/releases/tags/${tag}`, {
+                method: 'GET',
+                headers: {
+                    accept: 'application/vnd.github.v3+json',
+                    'user-agent': 'inup-cli',
+                },
+                signal,
+            });
+            if (!response.ok)
+                return null;
+            const data = (await response.json());
+            return data.body?.trim() ? data.body.trim() : null;
+        }
+        catch (error) {
+            if (error instanceof DOMException && error.name === 'AbortError') {
+                throw error;
+            }
+            return null;
+        }
+    }
+    async fetchReleasePageHtml(repoUrl, tag, signal) {
+        const repo = (0, repository_ref_1.parseGitHubRepo)(repoUrl);
+        if (!repo)
+            return null;
+        try {
+            const response = await fetch(`https://github.com/${repo.owner}/${repo.repo}/releases/tag/${tag}`, {
+                method: 'GET',
+                signal,
+            });
+            if (!response.ok)
+                return null;
+            return await response.text();
+        }
+        catch (error) {
+            if (error instanceof DOMException && error.name === 'AbortError') {
+                throw error;
+            }
+            return null;
+        }
+    }
+    async fetchReleases(repoUrl, signal) {
+        const repo = (0, repository_ref_1.parseGitHubRepo)(repoUrl);
+        if (!repo)
+            return null;
+        const cacheKey = `${repo.owner}/${repo.repo}`;
+        if (this.releasesCache.has(cacheKey)) {
+            return this.releasesCache.get(cacheKey);
+        }
+        const releases = [];
+        for (let page = 1; page <= GITHUB_RELEASES_PAGE_LIMIT; page += 1) {
+            try {
+                const response = await fetch(`https://api.github.com/repos/${repo.owner}/${repo.repo}/releases?per_page=100&page=${page}`, {
+                    method: 'GET',
+                    headers: {
+                        accept: 'application/vnd.github.v3+json',
+                        'user-agent': 'inup-cli',
+                    },
+                    signal,
+                });
+                if (!response.ok)
+                    break;
+                const pageReleases = (await response.json());
+                if (!Array.isArray(pageReleases) || pageReleases.length === 0)
+                    break;
+                releases.push(...pageReleases);
+                if (pageReleases.length < 100)
+                    break;
+            }
+            catch (error) {
+                if (error instanceof DOMException && error.name === 'AbortError') {
+                    throw error;
+                }
+                break;
+            }
+        }
+        const result = releases.length > 0 ? releases : null;
+        this.releasesCache.set(cacheKey, result);
+        return result;
+    }
+    async fetchRawChangelog(repoUrl, signal) {
+        const repo = (0, repository_ref_1.parseGitHubRepo)(repoUrl);
+        if (!repo)
+            return null;
+        const cacheKey = `${repo.owner}/${repo.repo}`;
+        if (this.rawChangelogCache.has(cacheKey)) {
+            return this.rawChangelogCache.get(cacheKey);
+        }
+        const branches = ['main', 'master'];
+        const filenames = ['CHANGELOG.md', 'CHANGES.md', 'HISTORY.md'];
+        for (const branch of branches) {
+            for (const filename of filenames) {
+                try {
+                    const response = await fetch(`https://raw.githubusercontent.com/${repo.owner}/${repo.repo}/${branch}/${filename}`, {
+                        method: 'GET',
+                        signal,
+                    });
+                    if (response.ok) {
+                        const text = await response.text();
+                        this.rawChangelogCache.set(cacheKey, text);
+                        return text;
+                    }
+                }
+                catch (error) {
+                    if (error instanceof DOMException && error.name === 'AbortError') {
+                        throw error;
+                    }
+                }
+            }
+        }
+        this.rawChangelogCache.set(cacheKey, null);
+        return null;
+    }
+}
+exports.GitHubClient = GitHubClient;
+//# sourceMappingURL=github-client.js.map

package/dist/features/changelog/clients/npm-registry-client.js

@@ -0,0 +1,53 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.NpmRegistryClient = void 0;
+const constants_1 = require("../../../config/constants");
+class NpmRegistryClient {
+    async fetchPackageManifest(packageName, version, signal) {
+        try {
+            const response = await fetch(`${constants_1.NPM_REGISTRY_URL}/${encodeURIComponent(packageName)}/${encodeURIComponent(version)}`, {
+                method: 'GET',
+                headers: {
+                    accept: 'application/json',
+                },
+                signal,
+            });
+            if (!response.ok) {
+                return null;
+            }
+            return (await response.json());
+        }
+        catch (error) {
+            if (error instanceof DOMException && error.name === 'AbortError') {
+                throw error;
+            }
+            return null;
+        }
+    }
+    async fetchDownloadStats(packageName, signal) {
+        try {
+            const response = await fetch(`https://api.npmjs.org/downloads/point/last-week/${encodeURIComponent(packageName)}`, {
+                method: 'GET',
+                headers: {
+                    accept: 'application/json',
+                },
+                signal,
+            });
+            if (!response.ok) {
+                return null;
+            }
+            const data = (await response.json());
+            return {
+                downloads: data.downloads || 0,
+            };
+        }
+        catch (error) {
+            if (error instanceof DOMException && error.name === 'AbortError') {
+                throw error;
+            }
+            return null;
+        }
+    }
+}
+exports.NpmRegistryClient = NpmRegistryClient;
+//# sourceMappingURL=npm-registry-client.js.map

package/dist/features/changelog/index.js

@@ -0,0 +1,19 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./types/changelog.types"), exports);
+__exportStar(require("./services/changelog-service"), exports);
+//# sourceMappingURL=index.js.map

package/dist/features/changelog/parsers/changelog-parser.js

@@ -0,0 +1,68 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.normalizeReleaseTag = normalizeReleaseTag;
+exports.extractVersionSection = extractVersionSection;
+const semver = __importStar(require("semver"));
+function normalizeReleaseTag(tagName) {
+    if (!tagName)
+        return null;
+    const cleanedTag = semver.clean(tagName);
+    if (cleanedTag)
+        return cleanedTag;
+    const semverMatch = tagName.match(/\d+\.\d+\.\d+(?:-[0-9A-Za-z-.]+)?(?:\+[0-9A-Za-z-.]+)?/);
+    if (!semverMatch)
+        return null;
+    return semver.clean(semverMatch[0]);
+}
+function extractVersionSection(changelog, version) {
+    const escapedVersion = version.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+    const sectionRegex = new RegExp(`^##\\s+\\[?v?${escapedVersion}\\]?[^\\n]*\\n`, 'm');
+    const match = sectionRegex.exec(changelog);
+    if (!match)
+        return null;
+    const startIndex = match.index + match[0].length;
+    const nextSectionMatch = /^## /m.exec(changelog.slice(startIndex));
+    const endIndex = nextSectionMatch ? startIndex + nextSectionMatch.index : changelog.length;
+    const section = changelog.slice(startIndex, endIndex).trim();
+    if (section.length === 0)
+        return null;
+    const lines = section.split('\n');
+    if (lines.length > 100) {
+        return `${lines.slice(0, 100).join('\n')}\n...`;
+    }
+    return section;
+}
+//# sourceMappingURL=changelog-parser.js.map

package/dist/features/changelog/parsers/github-release-html-parser.js

@@ -0,0 +1,61 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.extractReleaseNotesFromHtml = extractReleaseNotesFromHtml;
+function extractReleaseNotesFromHtml(html) {
+    const bodyContentIndex = html.indexOf('data-test-selector="body-content"');
+    if (bodyContentIndex === -1)
+        return null;
+    const markdownBodyIndex = html.indexOf('class="markdown-body', bodyContentIndex);
+    if (markdownBodyIndex === -1)
+        return null;
+    const contentStart = html.indexOf('>', markdownBodyIndex);
+    if (contentStart === -1)
+        return null;
+    let depth = 1;
+    let cursor = contentStart + 1;
+    while (depth > 0 && cursor < html.length) {
+        const nextOpen = html.indexOf('<div', cursor);
+        const nextClose = html.indexOf('</div>', cursor);
+        if (nextClose === -1)
+            return null;
+        if (nextOpen !== -1 && nextOpen < nextClose) {
+            depth += 1;
+            cursor = nextOpen + 4;
+        }
+        else {
+            depth -= 1;
+            cursor = nextClose + 6;
+        }
+    }
+    if (depth !== 0)
+        return null;
+    const normalized = html
+        .slice(contentStart + 1, cursor - 6)
+        .replace(/<svg[\s\S]*?<\/svg>/g, '')
+        .replace(/<h([1-6])[^>]*>/g, (_full, level) => `${'#'.repeat(Number(level))} `)
+        .replace(/<\/h[1-6]>/g, '\n\n')
+        .replace(/<li[^>]*>/g, '- ')
+        .replace(/<\/li>/g, '\n')
+        .replace(/<p[^>]*>/g, '')
+        .replace(/<\/p>/g, '\n\n')
+        .replace(/<br\s*\/?>/g, '\n')
+        .replace(/<a\b[^>]*>([\s\S]*?)<\/a>/g, '$1')
+        .replace(/<strong[^>]*>([\s\S]*?)<\/strong>/g, '**$1**')
+        .replace(/<code[^>]*>([\s\S]*?)<\/code>/g, '`$1`')
+        .replace(/<[^>]+>/g, '');
+    const decoded = normalized
+        .replace(/&amp;/g, '&')
+        .replace(/&lt;/g, '<')
+        .replace(/&gt;/g, '>')
+        .replace(/&quot;/g, '"')
+        .replace(/&#39;/g, "'")
+        .replace(/&nbsp;/g, ' ');
+    const cleaned = decoded
+        .split('\n')
+        .map((line) => line.trimEnd())
+        .join('\n')
+        .replace(/\n{3,}/g, '\n\n')
+        .trim();
+    return cleaned.length > 0 ? cleaned : null;
+}
+//# sourceMappingURL=github-release-html-parser.js.map

package/dist/features/changelog/parsers/package-metadata.js

@@ -0,0 +1,34 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.mapPackageManifestToMetadata = mapPackageManifestToMetadata;
+const repository_ref_1 = require("./repository-ref");
+function mapPackageManifestToMetadata(packageName, rawData) {
+    const repository = rawData.repository;
+    const bugs = rawData.bugs;
+    const keywords = Array.isArray(rawData.keywords) ? rawData.keywords : [];
+    const author = typeof rawData.author === 'object' && rawData.author !== null
+        ? (rawData.author.name ?? rawData.author)
+        : rawData.author;
+    const repositoryUrl = (0, repository_ref_1.extractRepositoryUrl)(repository?.url || '');
+    const npmUrl = `https://www.npmjs.com/package/${encodeURIComponent(packageName)}`;
+    const issuesUrl = repositoryUrl ? `${repositoryUrl}/issues` : undefined;
+    const metadata = {
+        description: typeof rawData.description === 'string' && rawData.description
+            ? rawData.description
+            : 'No description available',
+        homepage: typeof rawData.homepage === 'string' ? rawData.homepage : undefined,
+        repository,
+        bugs,
+        keywords,
+        author: typeof author === 'string' ? author : undefined,
+        license: typeof rawData.license === 'string' ? rawData.license : undefined,
+        repositoryUrl,
+        npmUrl,
+        issuesUrl,
+    };
+    if (repositoryUrl) {
+        metadata.releaseNotes = `${repositoryUrl}/releases`;
+    }
+    return metadata;
+}
+//# sourceMappingURL=package-metadata.js.map