inup 1.6.7 → 1.6.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +9 -2
- package/dist/app/interactive-ui.js +17 -15
- package/dist/app/upgrade-runner.js +11 -16
- package/dist/cli.js +12 -13
- package/dist/features/audit/headless-audit.js +4 -11
- package/dist/features/audit/index.js +9 -9
- package/dist/features/audit/presenter.js +0 -2
- package/dist/features/audit/vulnerability-audit-controller.js +3 -3
- package/dist/features/audit/vulnerability-checker.js +1 -5
- package/dist/features/changelog/clients/github-client.js +9 -7
- package/dist/features/changelog/index.js +1 -1
- package/dist/features/changelog/services/package-metadata-service.js +1 -1
- package/dist/features/changelog/services/release-notes-service.js +3 -2
- package/dist/features/debug/index.js +2 -2
- package/dist/features/debug/perf-logger.js +14 -14
- package/dist/features/headless/headless-runner.js +22 -9
- package/dist/features/headless/index.js +1 -1
- package/dist/features/interactive/index.js +10 -10
- package/dist/features/interactive/input-handler.js +3 -3
- package/dist/features/interactive/modal/index.js +1 -1
- package/dist/features/interactive/modal/layout.js +3 -3
- package/dist/features/interactive/modal/package-info-sections/index.js +1 -1
- package/dist/features/interactive/modal/package-info-sections/release-notes.js +1 -1
- package/dist/features/interactive/modal/package-info-sections/sections.js +5 -5
- package/dist/features/interactive/modal/package-info-sections/text.js +1 -1
- package/dist/features/interactive/modal/package-info.js +15 -18
- package/dist/features/interactive/renderer/confirmation.js +6 -3
- package/dist/features/interactive/renderer/help-modal.js +3 -3
- package/dist/features/interactive/renderer/index.js +3 -3
- package/dist/features/interactive/renderer/package-list/index.js +1 -1
- package/dist/features/interactive/renderer/package-list/interface.js +9 -9
- package/dist/features/interactive/renderer/package-list/rows.js +8 -9
- package/dist/features/interactive/renderer/performance-modal.js +2 -2
- package/dist/features/interactive/renderer/version-format.js +4 -4
- package/dist/features/interactive/session/action-dispatcher.js +2 -2
- package/dist/features/interactive/session/index.js +4 -4
- package/dist/features/interactive/session/interactive-session.js +9 -8
- package/dist/features/interactive/session/selection-state-builder.js +5 -4
- package/dist/features/interactive/state/filter-manager.js +1 -1
- package/dist/features/interactive/state/index.js +7 -7
- package/dist/features/interactive/state/state-manager.js +4 -4
- package/dist/features/interactive/state/theme-manager.js +4 -6
- package/dist/features/interactive/themes-colors.js +4 -5
- package/dist/features/upgrade/package-detector.js +30 -12
- package/dist/features/upgrade/upgrader.js +28 -37
- package/dist/shared/config/project-config.js +10 -11
- package/dist/shared/config/user-config.js +8 -8
- package/dist/shared/debug-logger.js +9 -9
- package/dist/shared/exec.js +4 -4
- package/dist/shared/fs/index.js +1 -1
- package/dist/shared/fs/io.js +3 -4
- package/dist/shared/fs/paths.js +4 -4
- package/dist/shared/fs/scan.js +21 -21
- package/dist/shared/git.js +3 -3
- package/dist/shared/http/resizable-semaphore.js +3 -1
- package/dist/shared/local-env.js +7 -7
- package/dist/shared/package-manager.js +25 -24
- package/dist/shared/registry/npm-registry.js +12 -10
- package/dist/shared/registry/version-checker.js +1 -1
- package/dist/shared/terminal/cursor.js +1 -1
- package/dist/shared/terminal/index.js +5 -5
- package/dist/shared/terminal/terminal-input.js +6 -2
- package/dist/shared/terminal/text.js +1 -1
- package/dist/shared/types/index.js +1 -1
- package/dist/shared/versions.js +37 -33
- package/package.json +10 -6
package/README.md
CHANGED
|
@@ -1,3 +1,7 @@
|
|
|
1
|
+
<p align="center">
|
|
2
|
+
<a href="https://donfear.github.io/inup/"><img src="docs/brand/inup-logo.webp" alt="inup logo" width="170"></a>
|
|
3
|
+
</p>
|
|
4
|
+
|
|
1
5
|
# inup — Interactive Dependency Upgrader
|
|
2
6
|
|
|
3
7
|
[](https://www.npmjs.com/package/inup)
|
|
@@ -12,6 +16,8 @@
|
|
|
12
16
|
|
|
13
17
|
**inup** is an interactive CLI for upgrading outdated npm dependencies — npm, yarn, pnpm, and bun all supported. It auto-detects your package manager, works in monorepos and workspaces, and requires zero configuration.
|
|
14
18
|
|
|
19
|
+
**[Documentation, comparisons & changelog →](https://donfear.github.io/inup/)**
|
|
20
|
+
|
|
15
21
|

|
|
16
22
|
|
|
17
23
|
## Table of Contents
|
|
@@ -68,7 +74,7 @@ inup [options]
|
|
|
68
74
|
--json Print a machine-readable JSON report and exit (read-only)
|
|
69
75
|
-c, --check Exit non-zero if updates exist, without writing (for CI)
|
|
70
76
|
--apply Non-interactively write upgrades + install (for CI/automation)
|
|
71
|
-
--target <level> With --apply:
|
|
77
|
+
--target <level> With --apply: minor (default, in-range) | patch (same major.minor) | latest
|
|
72
78
|
--debug Write verbose debug logs
|
|
73
79
|
```
|
|
74
80
|
|
|
@@ -94,7 +100,8 @@ inup --apply --target latest # include major bumps; --json to also emit the repo
|
|
|
94
100
|
|
|
95
101
|
Unlike `--json` and `--check`, **`--apply` writes**: it bumps `package.json` and runs your package
|
|
96
102
|
manager's install to update the lockfile. By default (`--target minor`) it only applies **in-range**
|
|
97
|
-
updates and leaves majors for you to review; `--target
|
|
103
|
+
updates and leaves majors for you to review; `--target patch` stays within the current
|
|
104
|
+
`major.minor` line (patch bumps only); `--target latest` includes majors. It honors `.inuprc`
|
|
98
105
|
(`ignore`, `exclude`, `scanDirs`) exactly as the report does — a package the config excludes is
|
|
99
106
|
never written. With `--apply --json`, the install output goes to stderr so stdout stays pure JSON.
|
|
100
107
|
|
|
@@ -1,11 +1,9 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.InteractiveUI = void 0;
|
|
4
|
+
const audit_1 = require("../features/audit");
|
|
4
5
|
const interactive_1 = require("../features/interactive");
|
|
5
6
|
const terminal_1 = require("../shared/terminal");
|
|
6
|
-
const interactive_2 = require("../features/interactive");
|
|
7
|
-
const audit_1 = require("../features/audit");
|
|
8
|
-
const interactive_3 = require("../features/interactive");
|
|
9
7
|
const DEFAULT_VULNERABILITY_DISPLAY_OPTIONS = {
|
|
10
8
|
showPeerDependencyVulnerabilities: false,
|
|
11
9
|
showOptionalDependencyVulnerabilities: false,
|
|
@@ -24,7 +22,7 @@ class InteractiveUI {
|
|
|
24
22
|
options;
|
|
25
23
|
saveExact;
|
|
26
24
|
vulnerabilityAuditController = new audit_1.VulnerabilityAuditController();
|
|
27
|
-
packageInfoModalController = new
|
|
25
|
+
packageInfoModalController = new interactive_1.PackageInfoModalController();
|
|
28
26
|
refreshView;
|
|
29
27
|
constructor(packageManager, options) {
|
|
30
28
|
this.renderer = new interactive_1.UIRenderer();
|
|
@@ -40,25 +38,25 @@ class InteractiveUI {
|
|
|
40
38
|
if (selectionStates.length === 0) {
|
|
41
39
|
return [];
|
|
42
40
|
}
|
|
43
|
-
const selectedStates = await (0,
|
|
41
|
+
const selectedStates = await (0, interactive_1.runInteractiveSession)(selectionStates, this.packageManager, this.renderer, this.packageInfoModalController, this.vulnerabilityAuditController, this.options, (refresh) => {
|
|
44
42
|
this.refreshView = refresh;
|
|
45
43
|
});
|
|
46
|
-
return (0,
|
|
44
|
+
return (0, interactive_1.createUpgradeChoices)(selectedStates, this.saveExact);
|
|
47
45
|
}
|
|
48
46
|
createSelectionStates(packages, previousSelections, includeUpToDate = true) {
|
|
49
|
-
return (0,
|
|
47
|
+
return (0, interactive_1.createSelectionStates)(packages, (name, version, type) => this.vulnerabilityAuditController.getCachedSummary(name, version, type), previousSelections, includeUpToDate);
|
|
50
48
|
}
|
|
51
49
|
createPendingSelectionStates(packages, previousSelections) {
|
|
52
|
-
return (0,
|
|
50
|
+
return (0, interactive_1.createPendingSelectionStates)(packages, (name, version, type) => this.vulnerabilityAuditController.getCachedSummary(name, version, type), previousSelections);
|
|
53
51
|
}
|
|
54
52
|
appendOutdatedBatchToSelectionStates(selectionStates, batch, previousSelections) {
|
|
55
53
|
const outdatedStates = this.createSelectionStates(batch.flatMap((batchItem) => batchItem.packageInfo).filter((pkg) => pkg.isOutdated), previousSelections, false);
|
|
56
54
|
if (outdatedStates.length === 0) {
|
|
57
55
|
return;
|
|
58
56
|
}
|
|
59
|
-
const seen = new Set(selectionStates.map((state) => (0,
|
|
57
|
+
const seen = new Set(selectionStates.map((state) => (0, interactive_1.selectionKey)(state.name, state.currentVersionSpecifier, state.type, state.catalog)));
|
|
60
58
|
outdatedStates.forEach((state) => {
|
|
61
|
-
const key = (0,
|
|
59
|
+
const key = (0, interactive_1.selectionKey)(state.name, state.currentVersionSpecifier, state.type, state.catalog);
|
|
62
60
|
if (!seen.has(key)) {
|
|
63
61
|
selectionStates.push(state);
|
|
64
62
|
seen.add(key);
|
|
@@ -68,10 +66,10 @@ class InteractiveUI {
|
|
|
68
66
|
}
|
|
69
67
|
async selectPackagesToUpgradeProgressive(selectionStates, progress, attachRefresh) {
|
|
70
68
|
this.enqueueSecurityAudit(selectionStates);
|
|
71
|
-
const selectedStates = await (0,
|
|
69
|
+
const selectedStates = await (0, interactive_1.runInteractiveSession)(selectionStates, this.packageManager, this.renderer, this.packageInfoModalController, this.vulnerabilityAuditController, this.options, (refresh) => {
|
|
72
70
|
this.refreshView = refresh;
|
|
73
71
|
}, progress, attachRefresh);
|
|
74
|
-
return (0,
|
|
72
|
+
return (0, interactive_1.createUpgradeChoices)(selectedStates, this.saveExact);
|
|
75
73
|
}
|
|
76
74
|
enqueueSecurityAudit(selectionStates) {
|
|
77
75
|
this.vulnerabilityAuditController.enqueueStates(selectionStates, () => this.refreshView?.());
|
|
@@ -79,10 +77,14 @@ class InteractiveUI {
|
|
|
79
77
|
async confirmUpgrade(choices) {
|
|
80
78
|
console.log(this.renderer.renderConfirmation(choices));
|
|
81
79
|
return new Promise((resolve) => {
|
|
82
|
-
// Replaced synchronously below before any keypress can invoke it
|
|
83
|
-
|
|
80
|
+
// Replaced synchronously below before any keypress can invoke it, so
|
|
81
|
+
// the placeholder body is unreachable. (The `v8 ignore next` form is
|
|
82
|
+
// not honored by coverage-v8 here; the block form is.)
|
|
83
|
+
/* v8 ignore start */
|
|
84
|
+
let cleanupConfirmationSession = () => {
|
|
84
85
|
terminal_1.CursorUtils.show();
|
|
85
86
|
};
|
|
87
|
+
/* v8 ignore stop */
|
|
86
88
|
const handleConfirm = (confirmed) => {
|
|
87
89
|
cleanupConfirmationSession();
|
|
88
90
|
resolve(confirmed);
|
|
@@ -117,7 +119,7 @@ class InteractiveUI {
|
|
|
117
119
|
};
|
|
118
120
|
terminal_1.CursorUtils.hide();
|
|
119
121
|
}
|
|
120
|
-
catch
|
|
122
|
+
catch {
|
|
121
123
|
process.off('exit', confirmEmergencyCleanup);
|
|
122
124
|
terminal_1.TerminalInput.promptForConfirmation('Proceed with upgrade? [Y/n] ')
|
|
123
125
|
.then(resolve)
|
|
@@ -5,13 +5,12 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
5
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
6
|
exports.UpgradeRunner = void 0;
|
|
7
7
|
const chalk_1 = __importDefault(require("chalk"));
|
|
8
|
+
const debug_1 = require("../features/debug");
|
|
9
|
+
const interactive_1 = require("../features/interactive");
|
|
8
10
|
const upgrade_1 = require("../features/upgrade");
|
|
9
|
-
const interactive_ui_1 = require("./interactive-ui");
|
|
10
|
-
const upgrade_2 = require("../features/upgrade");
|
|
11
11
|
const package_manager_1 = require("../shared/package-manager");
|
|
12
12
|
const terminal_1 = require("../shared/terminal");
|
|
13
|
-
const
|
|
14
|
-
const debug_1 = require("../features/debug");
|
|
13
|
+
const interactive_ui_1 = require("./interactive-ui");
|
|
15
14
|
/**
|
|
16
15
|
* Main orchestrator for the inup upgrade process
|
|
17
16
|
*/
|
|
@@ -35,7 +34,7 @@ class UpgradeRunner {
|
|
|
35
34
|
showOptionalDependencyVulnerabilities: options?.showOptionalDependencyVulnerabilities ?? false,
|
|
36
35
|
saveExact: options?.saveExact ?? false,
|
|
37
36
|
});
|
|
38
|
-
this.upgrader = new
|
|
37
|
+
this.upgrader = new upgrade_1.PackageUpgrader(this.packageManager);
|
|
39
38
|
}
|
|
40
39
|
async run() {
|
|
41
40
|
try {
|
|
@@ -121,19 +120,15 @@ class UpgradeRunner {
|
|
|
121
120
|
}
|
|
122
121
|
// Validate selected choices before confirmation
|
|
123
122
|
this.validateSelectedChoices(selectedChoices, latestPackages);
|
|
124
|
-
// Store current selections
|
|
125
|
-
|
|
126
|
-
//
|
|
127
|
-
|
|
128
|
-
const choiceMap = new Map();
|
|
123
|
+
// Store current selections (keyed by package name and version specifier)
|
|
124
|
+
// in the format expected by selectPackagesToUpgrade, for potential
|
|
125
|
+
// return to selection.
|
|
126
|
+
const nextSelections = new Map();
|
|
129
127
|
selectedChoices.forEach((choice) => {
|
|
130
128
|
const key = (0, interactive_1.selectionKey)(choice.name, choice.currentVersionSpecifier, choice.dependencyType, choice.catalog);
|
|
131
|
-
|
|
132
|
-
});
|
|
133
|
-
// Convert to the format expected by selectPackagesToUpgrade
|
|
134
|
-
choiceMap.forEach((upgradeType, key) => {
|
|
135
|
-
previousSelections.set(key, upgradeType);
|
|
129
|
+
nextSelections.set(key, choice.upgradeType);
|
|
136
130
|
});
|
|
131
|
+
previousSelections = nextSelections;
|
|
137
132
|
// Confirm upgrade
|
|
138
133
|
shouldProceed = await this.ui.confirmUpgrade(selectedChoices);
|
|
139
134
|
if (shouldProceed === null) {
|
|
@@ -181,7 +176,7 @@ class UpgradeRunner {
|
|
|
181
176
|
// Print summary of what will be upgraded
|
|
182
177
|
const packageJsonPaths = new Set(selectedChoices.map((c) => c.packageJsonPath));
|
|
183
178
|
const uniquePackages = new Set(selectedChoices.map((c) => c.name));
|
|
184
|
-
console.log(
|
|
179
|
+
console.log(`\n${chalk_1.default.bold('📋 Upgrade Summary')}`);
|
|
185
180
|
console.log(chalk_1.default.gray('─'.repeat(50)));
|
|
186
181
|
console.log(`${chalk_1.default.cyan(uniquePackages.size.toString())} package(s) will be upgraded`);
|
|
187
182
|
console.log(`${chalk_1.default.cyan(packageJsonPaths.size.toString())} package.json file(s) will be modified`);
|
package/dist/cli.js
CHANGED
|
@@ -5,18 +5,17 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
5
5
|
};
|
|
6
6
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
7
7
|
exports.runCli = runCli;
|
|
8
|
-
const
|
|
8
|
+
const node_path_1 = require("node:path");
|
|
9
9
|
const chalk_1 = __importDefault(require("chalk"));
|
|
10
|
-
const
|
|
11
|
-
const index_1 = require("./index");
|
|
10
|
+
const commander_1 = require("commander");
|
|
12
11
|
const headless_1 = require("./features/headless");
|
|
13
|
-
const
|
|
12
|
+
const index_1 = require("./index");
|
|
14
13
|
const config_1 = require("./shared/config");
|
|
15
14
|
const debug_logger_1 = require("./shared/debug-logger");
|
|
16
|
-
const terminal_1 = require("./shared/terminal");
|
|
17
|
-
const local_env_1 = require("./shared/local-env");
|
|
18
15
|
const git_1 = require("./shared/git");
|
|
19
|
-
const
|
|
16
|
+
const local_env_1 = require("./shared/local-env");
|
|
17
|
+
const version_checker_1 = require("./shared/registry/version-checker");
|
|
18
|
+
const terminal_1 = require("./shared/terminal");
|
|
20
19
|
// Load developer-only toggles from <inup-repo>/.env.local before anything reads
|
|
21
20
|
// env. Best-effort, gitignored, never overrides real env. Lets perf/debug be
|
|
22
21
|
// "set once" across every project without shell config.
|
|
@@ -25,7 +24,7 @@ const program = new commander_1.Command();
|
|
|
25
24
|
async function runCli(options) {
|
|
26
25
|
// Resolve colored-output intent before anything renders.
|
|
27
26
|
(0, terminal_1.applyColorSetting)(options.color);
|
|
28
|
-
const cwd = (0,
|
|
27
|
+
const cwd = (0, node_path_1.resolve)(options.dir);
|
|
29
28
|
if (options.debug || process.env.INUP_DEBUG === '1') {
|
|
30
29
|
(0, debug_logger_1.enableDebugLogging)();
|
|
31
30
|
}
|
|
@@ -42,7 +41,7 @@ async function runCli(options) {
|
|
|
42
41
|
if (interactive) {
|
|
43
42
|
const gitState = (0, git_1.getGitWorkingTreeState)(cwd);
|
|
44
43
|
if (gitState.isRepo && gitState.isDirty) {
|
|
45
|
-
const shouldProceed = await
|
|
44
|
+
const shouldProceed = await terminal_1.TerminalInput.promptForImmediateConfirmation(`${chalk_1.default.yellow('Warning:')} dirty working tree. Proceed anyway? ${chalk_1.default.dim('[y/N]')} `, false);
|
|
46
45
|
if (!shouldProceed) {
|
|
47
46
|
console.log(chalk_1.default.yellow('Upgrade cancelled.'));
|
|
48
47
|
return;
|
|
@@ -130,12 +129,12 @@ async function runCli(options) {
|
|
|
130
129
|
' → ' +
|
|
131
130
|
chalk_1.default.green(updateCheck.latestVersion);
|
|
132
131
|
const line2Plain = ` Run: ${updateCheck.updateCommand}`;
|
|
133
|
-
const line2 =
|
|
132
|
+
const line2 = ` ${chalk_1.default.gray('Run: ')}${chalk_1.default.cyan(updateCheck.updateCommand)}`;
|
|
134
133
|
console.log('');
|
|
135
|
-
console.log(border('
|
|
134
|
+
console.log(border(`┌${'─'.repeat(innerWidth)}┐`));
|
|
136
135
|
console.log(border('│') + line1 + padTo(line1Plain.length) + border('│'));
|
|
137
136
|
console.log(border('│') + line2 + padTo(line2Plain.length) + border('│'));
|
|
138
|
-
console.log(border('
|
|
137
|
+
console.log(border(`└${'─'.repeat(innerWidth)}┘`));
|
|
139
138
|
console.log('');
|
|
140
139
|
}
|
|
141
140
|
}
|
|
@@ -154,7 +153,7 @@ program
|
|
|
154
153
|
.option('--json', 'print a machine-readable JSON report and exit (non-interactive, read-only)')
|
|
155
154
|
.option('-c, --check', 'exit non-zero if updates exist, without writing (for CI; read-only)')
|
|
156
155
|
.option('--apply', 'non-interactively write upgrades to package.json and run install (honors .inuprc ignore/exclude)')
|
|
157
|
-
.option('--target <level>', 'with --apply: how far to bump — minor | patch | latest (default: minor
|
|
156
|
+
.option('--target <level>', 'with --apply: how far to bump — minor (in-range) | patch (same major.minor only) | latest (default: minor)', 'minor')
|
|
158
157
|
.action(runCli);
|
|
159
158
|
// Handle uncaught errors gracefully
|
|
160
159
|
process.on('uncaughtException', (error) => {
|
|
@@ -36,8 +36,8 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
36
36
|
exports.auditVulnerabilities = auditVulnerabilities;
|
|
37
37
|
exports.upgradeClears = upgradeClears;
|
|
38
38
|
const semver = __importStar(require("semver"));
|
|
39
|
-
const vulnerability_checker_1 = require("./vulnerability-checker");
|
|
40
39
|
const versions_1 = require("../../shared/versions");
|
|
40
|
+
const vulnerability_checker_1 = require("./vulnerability-checker");
|
|
41
41
|
/**
|
|
42
42
|
* Audit the outdated packages' currently-installed versions (one bulk request, matching the
|
|
43
43
|
* interactive audit) and, for each advisory, cross-reference its affected range against the
|
|
@@ -94,17 +94,10 @@ function upgradeClears(target, vulnerableVersions) {
|
|
|
94
94
|
const comparable = (0, versions_1.toComparableVersion)(target);
|
|
95
95
|
if (!comparable)
|
|
96
96
|
return false;
|
|
97
|
+
// validRange rejects unparseable ranges above and comparable is a concrete
|
|
98
|
+
// version, so satisfies() has valid inputs and never throws here.
|
|
97
99
|
if (semver.validRange(vulnerableVersions) === null)
|
|
98
100
|
return false;
|
|
99
|
-
|
|
100
|
-
return !semver.satisfies(comparable, vulnerableVersions, { includePrerelease: true });
|
|
101
|
-
// validRange above already rejected unparseable ranges and satisfies
|
|
102
|
-
// swallows the rest internally; this is a safety net for semver changes.
|
|
103
|
-
/* v8 ignore start */
|
|
104
|
-
}
|
|
105
|
-
catch {
|
|
106
|
-
return false;
|
|
107
|
-
}
|
|
108
|
-
/* v8 ignore stop */
|
|
101
|
+
return !semver.satisfies(comparable, vulnerableVersions, { includePrerelease: true });
|
|
109
102
|
}
|
|
110
103
|
//# sourceMappingURL=headless-audit.js.map
|
|
@@ -14,14 +14,12 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
|
14
14
|
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
15
|
};
|
|
16
16
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
-
exports.
|
|
18
|
-
__exportStar(require("./types"), exports);
|
|
19
|
-
var vulnerability_checker_1 = require("./vulnerability-checker");
|
|
20
|
-
Object.defineProperty(exports, "fetchVulnerabilities", { enumerable: true, get: function () { return vulnerability_checker_1.fetchVulnerabilities; } });
|
|
17
|
+
exports.fetchVulnerabilities = exports.VulnerabilityAuditController = exports.shouldDisplayVulnerabilityForDependency = exports.selectRepresentativeAdvisory = exports.mergeVulnerabilitySummary = exports.getVulnerabilitySeverityColor = exports.getVulnerabilityLinkLabel = exports.getVulnerabilityBadge = exports.createVulnerabilitySummary = exports.upgradeClears = exports.auditVulnerabilities = exports.BackgroundAuditTracker = void 0;
|
|
21
18
|
var background_audit_1 = require("./background-audit");
|
|
22
19
|
Object.defineProperty(exports, "BackgroundAuditTracker", { enumerable: true, get: function () { return background_audit_1.BackgroundAuditTracker; } });
|
|
23
|
-
var
|
|
24
|
-
Object.defineProperty(exports, "
|
|
20
|
+
var headless_audit_1 = require("./headless-audit");
|
|
21
|
+
Object.defineProperty(exports, "auditVulnerabilities", { enumerable: true, get: function () { return headless_audit_1.auditVulnerabilities; } });
|
|
22
|
+
Object.defineProperty(exports, "upgradeClears", { enumerable: true, get: function () { return headless_audit_1.upgradeClears; } });
|
|
25
23
|
var presenter_1 = require("./presenter");
|
|
26
24
|
Object.defineProperty(exports, "createVulnerabilitySummary", { enumerable: true, get: function () { return presenter_1.createVulnerabilitySummary; } });
|
|
27
25
|
Object.defineProperty(exports, "getVulnerabilityBadge", { enumerable: true, get: function () { return presenter_1.getVulnerabilityBadge; } });
|
|
@@ -30,7 +28,9 @@ Object.defineProperty(exports, "getVulnerabilitySeverityColor", { enumerable: tr
|
|
|
30
28
|
Object.defineProperty(exports, "mergeVulnerabilitySummary", { enumerable: true, get: function () { return presenter_1.mergeVulnerabilitySummary; } });
|
|
31
29
|
Object.defineProperty(exports, "selectRepresentativeAdvisory", { enumerable: true, get: function () { return presenter_1.selectRepresentativeAdvisory; } });
|
|
32
30
|
Object.defineProperty(exports, "shouldDisplayVulnerabilityForDependency", { enumerable: true, get: function () { return presenter_1.shouldDisplayVulnerabilityForDependency; } });
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
Object.defineProperty(exports, "
|
|
31
|
+
__exportStar(require("./types"), exports);
|
|
32
|
+
var vulnerability_audit_controller_1 = require("./vulnerability-audit-controller");
|
|
33
|
+
Object.defineProperty(exports, "VulnerabilityAuditController", { enumerable: true, get: function () { return vulnerability_audit_controller_1.VulnerabilityAuditController; } });
|
|
34
|
+
var vulnerability_checker_1 = require("./vulnerability-checker");
|
|
35
|
+
Object.defineProperty(exports, "fetchVulnerabilities", { enumerable: true, get: function () { return vulnerability_checker_1.fetchVulnerabilities; } });
|
|
36
36
|
//# sourceMappingURL=index.js.map
|
|
@@ -2,8 +2,8 @@
|
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.VulnerabilityAuditController = void 0;
|
|
4
4
|
const background_audit_1 = require("./background-audit");
|
|
5
|
-
const vulnerability_checker_1 = require("./vulnerability-checker");
|
|
6
5
|
const presenter_1 = require("./presenter");
|
|
6
|
+
const vulnerability_checker_1 = require("./vulnerability-checker");
|
|
7
7
|
class VulnerabilityAuditController {
|
|
8
8
|
tracker = new background_audit_1.BackgroundAuditTracker();
|
|
9
9
|
cache = new Map();
|
|
@@ -21,7 +21,7 @@ class VulnerabilityAuditController {
|
|
|
21
21
|
}));
|
|
22
22
|
const added = this.tracker.enqueue(packages);
|
|
23
23
|
if (added > 0) {
|
|
24
|
-
this.drain(selectionStates, onUpdate);
|
|
24
|
+
void this.drain(selectionStates, onUpdate);
|
|
25
25
|
}
|
|
26
26
|
}
|
|
27
27
|
async drain(selectionStates, onUpdate) {
|
|
@@ -82,7 +82,7 @@ class VulnerabilityAuditController {
|
|
|
82
82
|
// race window, so it cannot be exercised deterministically in tests.
|
|
83
83
|
/* v8 ignore start */
|
|
84
84
|
if (this.tracker.getProgress().isRunning) {
|
|
85
|
-
this.drain(selectionStates, onUpdate);
|
|
85
|
+
void this.drain(selectionStates, onUpdate);
|
|
86
86
|
}
|
|
87
87
|
/* v8 ignore stop */
|
|
88
88
|
});
|
|
@@ -14,11 +14,7 @@ function isKnownSeverity(severity) {
|
|
|
14
14
|
return severity in SEVERITY_ORDER;
|
|
15
15
|
}
|
|
16
16
|
function getHighestSeverity(vulnerabilities) {
|
|
17
|
-
//
|
|
18
|
-
/* v8 ignore start */
|
|
19
|
-
if (vulnerabilities.length === 0)
|
|
20
|
-
return null;
|
|
21
|
-
/* v8 ignore stop */
|
|
17
|
+
// Caller skips empty advisory lists, so there is always at least one entry.
|
|
22
18
|
let highest = 'info';
|
|
23
19
|
for (const vuln of vulnerabilities) {
|
|
24
20
|
if (SEVERITY_ORDER[vuln.severity] > SEVERITY_ORDER[highest]) {
|
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.GitHubClient = void 0;
|
|
4
|
-
const repository_ref_1 = require("../parsers/repository-ref");
|
|
5
4
|
const config_1 = require("../../../shared/config");
|
|
5
|
+
const repository_ref_1 = require("../parsers/repository-ref");
|
|
6
6
|
const GITHUB_RELEASES_PAGE_LIMIT = 3;
|
|
7
7
|
/**
|
|
8
8
|
* Headers for api.github.com requests. Honors an ambient token (GitHub Actions
|
|
@@ -17,7 +17,7 @@ function githubApiHeaders() {
|
|
|
17
17
|
};
|
|
18
18
|
const token = process.env.GITHUB_TOKEN || process.env.GH_TOKEN;
|
|
19
19
|
if (token) {
|
|
20
|
-
headers
|
|
20
|
+
headers.authorization = `Bearer ${token}`;
|
|
21
21
|
}
|
|
22
22
|
return headers;
|
|
23
23
|
}
|
|
@@ -30,7 +30,7 @@ function githubApiHeaders() {
|
|
|
30
30
|
async function fetchGitHubApi(url, signal) {
|
|
31
31
|
const headers = githubApiHeaders();
|
|
32
32
|
const response = await fetch(url, { method: 'GET', headers, signal });
|
|
33
|
-
if (response.status === 401 && headers
|
|
33
|
+
if (response.status === 401 && headers.authorization) {
|
|
34
34
|
const { authorization: _rejected, ...anonymousHeaders } = headers;
|
|
35
35
|
return fetch(url, { method: 'GET', headers: anonymousHeaders, signal });
|
|
36
36
|
}
|
|
@@ -86,8 +86,9 @@ class GitHubClient {
|
|
|
86
86
|
if (!repo)
|
|
87
87
|
return null;
|
|
88
88
|
const cacheKey = `${repo.owner}/${repo.repo}`;
|
|
89
|
-
|
|
90
|
-
|
|
89
|
+
const cached = this.releasesCache.get(cacheKey);
|
|
90
|
+
if (cached !== undefined) {
|
|
91
|
+
return cached;
|
|
91
92
|
}
|
|
92
93
|
const releases = [];
|
|
93
94
|
for (let page = 1; page <= GITHUB_RELEASES_PAGE_LIMIT; page += 1) {
|
|
@@ -118,8 +119,9 @@ class GitHubClient {
|
|
|
118
119
|
if (!repo)
|
|
119
120
|
return null;
|
|
120
121
|
const cacheKey = `${repo.owner}/${repo.repo}`;
|
|
121
|
-
|
|
122
|
-
|
|
122
|
+
const cached = this.rawChangelogCache.get(cacheKey);
|
|
123
|
+
if (cached !== undefined) {
|
|
124
|
+
return cached;
|
|
123
125
|
}
|
|
124
126
|
const branches = ['main', 'master'];
|
|
125
127
|
const filenames = ['CHANGELOG.md', 'CHANGES.md', 'HISTORY.md'];
|
|
@@ -14,6 +14,6 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
|
14
14
|
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
15
|
};
|
|
16
16
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
-
__exportStar(require("./types"), exports);
|
|
18
17
|
__exportStar(require("./services/changelog-service"), exports);
|
|
18
|
+
__exportStar(require("./types"), exports);
|
|
19
19
|
//# sourceMappingURL=index.js.map
|
|
@@ -1,9 +1,9 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.PackageMetadataService = void 0;
|
|
4
|
+
const inflight_1 = require("../../../shared/http/inflight");
|
|
4
5
|
const npm_registry_client_1 = require("../clients/npm-registry-client");
|
|
5
6
|
const package_metadata_1 = require("../parsers/package-metadata");
|
|
6
|
-
const inflight_1 = require("../../../shared/http/inflight");
|
|
7
7
|
class PackageMetadataService {
|
|
8
8
|
npmRegistryClient;
|
|
9
9
|
cache = new Map();
|
|
@@ -55,8 +55,9 @@ class ReleaseNotesService {
|
|
|
55
55
|
}
|
|
56
56
|
async fetchReleaseNotesForVersion(packageName, version, signal) {
|
|
57
57
|
const cacheKey = `release-notes:${packageName}@${version}`;
|
|
58
|
-
|
|
59
|
-
|
|
58
|
+
const cached = this.releaseNotesCache.get(cacheKey);
|
|
59
|
+
if (cached !== undefined) {
|
|
60
|
+
return cached;
|
|
60
61
|
}
|
|
61
62
|
const inFlight = this.releaseNotesInFlight.get(cacheKey);
|
|
62
63
|
if (inFlight) {
|
|
@@ -14,7 +14,7 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
|
14
14
|
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
15
|
};
|
|
16
16
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
-
__exportStar(require("./types"), exports);
|
|
18
|
-
__exportStar(require("./performance-tracker"), exports);
|
|
19
17
|
__exportStar(require("./perf-logger"), exports);
|
|
18
|
+
__exportStar(require("./performance-tracker"), exports);
|
|
19
|
+
__exportStar(require("./types"), exports);
|
|
20
20
|
//# sourceMappingURL=index.js.map
|
|
@@ -4,8 +4,8 @@ exports.isPerfLoggingEnabled = isPerfLoggingEnabled;
|
|
|
4
4
|
exports.perfEnv = perfEnv;
|
|
5
5
|
exports.getPerfDir = getPerfDir;
|
|
6
6
|
exports.writePerfLog = writePerfLog;
|
|
7
|
-
const
|
|
8
|
-
const
|
|
7
|
+
const node_fs_1 = require("node:fs");
|
|
8
|
+
const node_path_1 = require("node:path");
|
|
9
9
|
const adaptive_controller_1 = require("../../shared/http/adaptive-controller");
|
|
10
10
|
/**
|
|
11
11
|
* Performance debug logger.
|
|
@@ -27,7 +27,7 @@ const adaptive_controller_1 = require("../../shared/http/adaptive-controller");
|
|
|
27
27
|
const PERF_DIR_NAME = '.inup-perf';
|
|
28
28
|
/** Filesystem-safe slug of a project name for use in filenames. */
|
|
29
29
|
function projectSlug(cwd) {
|
|
30
|
-
const name = (0,
|
|
30
|
+
const name = (0, node_path_1.basename)((0, node_path_1.resolve)(cwd)) || 'root';
|
|
31
31
|
return name.replace(/[^a-zA-Z0-9._-]/g, '-').slice(0, 40);
|
|
32
32
|
}
|
|
33
33
|
function isPerfLoggingEnabled() {
|
|
@@ -53,12 +53,12 @@ function perfEnv() {
|
|
|
53
53
|
function getPerfDir(cwd = process.cwd()) {
|
|
54
54
|
const override = process.env.INUP_PERF_DIR;
|
|
55
55
|
const dir = override
|
|
56
|
-
? (0,
|
|
56
|
+
? (0, node_path_1.isAbsolute)(override)
|
|
57
57
|
? override
|
|
58
|
-
: (0,
|
|
59
|
-
: (0,
|
|
60
|
-
if (!(0,
|
|
61
|
-
(0,
|
|
58
|
+
: (0, node_path_1.resolve)(cwd, override)
|
|
59
|
+
: (0, node_path_1.join)(cwd, PERF_DIR_NAME);
|
|
60
|
+
if (!(0, node_fs_1.existsSync)(dir)) {
|
|
61
|
+
(0, node_fs_1.mkdirSync)(dir, { recursive: true });
|
|
62
62
|
}
|
|
63
63
|
return dir;
|
|
64
64
|
}
|
|
@@ -92,10 +92,10 @@ function writePerfLog(config, snapshot) {
|
|
|
92
92
|
// Project name in the filename keeps multi-project runs distinct when many
|
|
93
93
|
// collect into one centralized INUP_PERF_DIR.
|
|
94
94
|
const fileName = `run-${fileStamp(now)}-${projectSlug(config.cwd)}-${adaptiveTag}-${modeTag}.json`;
|
|
95
|
-
const filePath = (0,
|
|
96
|
-
(0,
|
|
95
|
+
const filePath = (0, node_path_1.join)(dir, fileName);
|
|
96
|
+
(0, node_fs_1.writeFileSync)(filePath, JSON.stringify(record, null, 2));
|
|
97
97
|
// Maintain a stable pointer to the most recent run for quick reads.
|
|
98
|
-
(0,
|
|
98
|
+
(0, node_fs_1.writeFileSync)((0, node_path_1.join)(dir, 'latest.json'), JSON.stringify(record, null, 2));
|
|
99
99
|
// And a cheap one-line-per-run index for fast scanning.
|
|
100
100
|
appendPerfIndex(dir, record);
|
|
101
101
|
if (process.env.INUP_DEBUG === '1') {
|
|
@@ -111,7 +111,7 @@ function writePerfLog(config, snapshot) {
|
|
|
111
111
|
/** Append a single line to a NDJSON index for ultra-cheap scanning, best-effort. */
|
|
112
112
|
function appendPerfIndex(dir, record) {
|
|
113
113
|
try {
|
|
114
|
-
const line = JSON.stringify({
|
|
114
|
+
const line = `${JSON.stringify({
|
|
115
115
|
timestamp: record.timestamp,
|
|
116
116
|
wallMs: record.wallMs,
|
|
117
117
|
adaptive: record.config.adaptive,
|
|
@@ -119,8 +119,8 @@ function appendPerfIndex(dir, record) {
|
|
|
119
119
|
uniquePackages: record.snapshot.counts.uniquePackages,
|
|
120
120
|
registryFetch: record.snapshot.phases.registryFetch,
|
|
121
121
|
controlTicks: record.snapshot.controlTicks.length,
|
|
122
|
-
})
|
|
123
|
-
(0,
|
|
122
|
+
})}\n`;
|
|
123
|
+
(0, node_fs_1.appendFileSync)((0, node_path_1.join)(dir, 'index.ndjson'), line);
|
|
124
124
|
}
|
|
125
125
|
catch {
|
|
126
126
|
/* best-effort */
|
|
@@ -5,12 +5,12 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
5
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
6
|
exports.HeadlessRunner = void 0;
|
|
7
7
|
const chalk_1 = __importDefault(require("chalk"));
|
|
8
|
-
const
|
|
8
|
+
const debug_1 = require("../../features/debug");
|
|
9
9
|
const package_manager_1 = require("../../shared/package-manager");
|
|
10
10
|
const versions_1 = require("../../shared/versions");
|
|
11
11
|
const audit_1 = require("../audit");
|
|
12
|
+
const upgrade_1 = require("../upgrade");
|
|
12
13
|
const report_1 = require("./report");
|
|
13
|
-
const debug_1 = require("../../features/debug");
|
|
14
14
|
/**
|
|
15
15
|
* Non-interactive entry point. Resolves the outdated list without rendering the TUI, then either
|
|
16
16
|
* emits a JSON report (--json) or a plain line-based report. With --check, sets a non-zero exit
|
|
@@ -95,19 +95,17 @@ class HeadlessRunner {
|
|
|
95
95
|
* Build `PackageUpgradeChoice[]` from the outdated set per the version policy. Mirrors
|
|
96
96
|
* `createUpgradeChoices` in the TUI: preserves the original range prefix (^/~) unless --save-exact.
|
|
97
97
|
*
|
|
98
|
-
* - minor
|
|
98
|
+
* - minor: take the in-range target (`rangeVersion`); skip packages whose only update is a
|
|
99
99
|
* major (no in-range bump). Uses upgradeType 'range'.
|
|
100
|
+
* - patch: take the highest patch in the current major.minor line; skip packages whose only
|
|
101
|
+
* update crosses a minor (or major) boundary. Uses upgradeType 'range'.
|
|
100
102
|
* - latest: take `latestVersion`; uses upgradeType 'latest' (majors included).
|
|
101
103
|
*/
|
|
102
104
|
buildChoices(outdated, target) {
|
|
103
105
|
const saveExact = this.options?.saveExact ?? false;
|
|
104
106
|
const choices = [];
|
|
105
107
|
for (const pkg of outdated) {
|
|
106
|
-
const
|
|
107
|
-
// minor/patch only act on packages with an in-range bump; major-only updates are skipped.
|
|
108
|
-
if (!useLatest && !pkg.hasRangeUpdate)
|
|
109
|
-
continue;
|
|
110
|
-
const targetVersion = useLatest ? pkg.latestVersion : pkg.rangeVersion;
|
|
108
|
+
const targetVersion = this.resolveTargetVersion(pkg, target);
|
|
111
109
|
if (!targetVersion)
|
|
112
110
|
continue;
|
|
113
111
|
const targetVersionWithPrefix = saveExact
|
|
@@ -117,7 +115,7 @@ class HeadlessRunner {
|
|
|
117
115
|
name: pkg.name,
|
|
118
116
|
packageJsonPath: pkg.packageJsonPath,
|
|
119
117
|
dependencyType: pkg.type,
|
|
120
|
-
upgradeType:
|
|
118
|
+
upgradeType: target === 'latest' ? 'latest' : 'range',
|
|
121
119
|
targetVersion: targetVersionWithPrefix,
|
|
122
120
|
currentVersionSpecifier: pkg.currentVersion,
|
|
123
121
|
catalog: pkg.catalog,
|
|
@@ -125,6 +123,21 @@ class HeadlessRunner {
|
|
|
125
123
|
}
|
|
126
124
|
return choices;
|
|
127
125
|
}
|
|
126
|
+
/** Resolve the version a package should be bumped to under the given policy, or null to skip. */
|
|
127
|
+
resolveTargetVersion(pkg, target) {
|
|
128
|
+
if (target === 'latest') {
|
|
129
|
+
return pkg.latestVersion || null;
|
|
130
|
+
}
|
|
131
|
+
if (target === 'patch') {
|
|
132
|
+
// Strictly patch-level: computed from the full version list, not `rangeVersion` (which may
|
|
133
|
+
// be a minor bump). Null when the only updates cross a minor boundary.
|
|
134
|
+
return (0, versions_1.findHighestPatchVersion)(pkg.currentVersion, pkg.allVersions ?? []);
|
|
135
|
+
}
|
|
136
|
+
// minor: in-range bump only; major-only updates are skipped.
|
|
137
|
+
if (!pkg.hasRangeUpdate)
|
|
138
|
+
return null;
|
|
139
|
+
return pkg.rangeVersion || null;
|
|
140
|
+
}
|
|
128
141
|
/** Resolve the package manager the same way the interactive runner does. */
|
|
129
142
|
resolvePackageManager() {
|
|
130
143
|
const cwd = this.options?.cwd || process.cwd();
|
|
@@ -15,10 +15,10 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
|
15
15
|
};
|
|
16
16
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
17
|
exports.renderPlainReport = exports.buildHeadlessReport = exports.HeadlessRunner = void 0;
|
|
18
|
-
__exportStar(require("./types"), exports);
|
|
19
18
|
var headless_runner_1 = require("./headless-runner");
|
|
20
19
|
Object.defineProperty(exports, "HeadlessRunner", { enumerable: true, get: function () { return headless_runner_1.HeadlessRunner; } });
|
|
21
20
|
var report_1 = require("./report");
|
|
22
21
|
Object.defineProperty(exports, "buildHeadlessReport", { enumerable: true, get: function () { return report_1.buildHeadlessReport; } });
|
|
23
22
|
Object.defineProperty(exports, "renderPlainReport", { enumerable: true, get: function () { return report_1.renderPlainReport; } });
|
|
23
|
+
__exportStar(require("./types"), exports);
|
|
24
24
|
//# sourceMappingURL=index.js.map
|