jpm-pkg 1.0.3

package/src/commands/init.js

@@ -0,0 +1,88 @@
+'use strict';
+
+const readline = require('node:readline');
+const path = require('node:path');
+const os = require('node:os');
+const PackageJSON = require('../core/package-json');
+const logger = require('../utils/logger');
+
+module.exports = async function init(args, flags) {
+    const cwd = process.cwd();
+    const pkgFile = path.join(cwd, 'package.json');
+    const pkg = new PackageJSON(pkgFile);
+
+    if (flags.y || flags.yes) {
+        // Non-interactive: write defaults
+        pkg.save();
+        logger.success(`Created package.json`);
+        return;
+    }
+
+    logger.section('JPM Init — create a new package.json');
+    logger.log(logger.c.gray('Press Enter to accept defaults shown in parentheses.\n'));
+
+    const existing = pkg.data;
+
+    const answers = await prompt([
+        { key: 'name', label: 'Package name', default: existing.name || path.basename(cwd) },
+        { key: 'version', label: 'Version', default: existing.version || '1.0.0' },
+        { key: 'description', label: 'Description', default: existing.description || '' },
+        { key: 'main', label: 'Entry point', default: existing.main || 'index.js' },
+        { key: 'author', label: 'Author', default: existing.author || os.userInfo().username },
+        { key: 'license', label: 'License', default: existing.license || 'MIT' },
+    ]);
+
+    const data = {
+        name: answers.name,
+        version: answers.version,
+        description: answers.description,
+        main: answers.main,
+        scripts: existing.scripts || { test: 'echo "Error: no test specified" && exit 1' },
+        keywords: existing.keywords || [],
+        author: answers.author,
+        license: answers.license,
+        dependencies: existing.dependencies || {},
+        devDependencies: existing.devDependencies || {},
+    };
+
+    // Strip empty strings from output
+    for (const [k, v] of Object.entries(data)) {
+        if (v === '') delete data[k];
+    }
+
+    logger.log('\n' + JSON.stringify(data, null, 2));
+    const confirm = await ask('\nIs this OK? (yes) ');
+    if (confirm === 'no' || confirm === 'n') {
+        logger.warn('Aborted.');
+        return;
+    }
+
+    for (const [k, v] of Object.entries(data)) pkg.setField(k, v);
+    pkg.save();
+    logger.success(`\nWrote to ${pkgFile}`);
+};
+
+function prompt(fields) {
+    const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+    const answers = {};
+    return new Promise(resolve => {
+        let i = 0;
+        function next() {
+            if (i >= fields.length) { rl.close(); resolve(answers); return; }
+            const f = fields[i++];
+            const label = logger.c.cyan(f.label) + (f.default ? logger.c.gray(` (${f.default})`) : '') + ': ';
+            rl.question(label, (val) => {
+                answers[f.key] = val.trim() || f.default || '';
+                next();
+            });
+        }
+        next();
+    });
+}
+
+function ask(label) {
+    const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+    return new Promise(resolve => {
+        rl.question(logger.c.cyan(label), (val) => { rl.close(); resolve(val.trim()); });
+    });
+}

package/src/commands/install.js

@@ -0,0 +1,139 @@
+'use strict';
+
+const Resolver = require('../core/resolver');
+const Installer = require('../core/installer');
+const Lockfile = require('../core/lockfile');
+const PackageJSON = require('../core/package-json');
+const registry = require('../core/registry');
+const semver = require('../utils/semver');
+const { Spinner } = require('../utils/progress');
+const logger = require('../utils/logger');
+const config = require('../utils/config');
+
+/**
+ * Command handler for 'jpm install' (and its aliases 'get', 'add', 'syn').
+ * Orchestrates package resolution, downloading, and filesystem installation.
+ * 
+ * @param {string[]} args - Positional arguments (package names/versions)
+ * @param {Object} flags - CLI flags (e.g., --save-dev, --fast)
+ * @returns {Promise<void>}
+ */
+module.exports = async function install(args, flags) {
+    const cwd = process.cwd();
+    const pkgJson = PackageJSON.fromDir(cwd);
+    const lockfile = new Lockfile(cwd);
+    const isDev = flags.D || flags['save-dev'];
+    const isExact = flags.E || flags['save-exact'] || config.saveExact;
+    const noSave = flags['no-save'];
+    const dryRun = flags['dry-run'];
+
+    // ── Parse packages to install ──────────────────────────────────────────────
+    let toInstall = [];
+
+    if (args.length) {
+        // `jpm install express lodash@4.17.21 @types/node`
+        for (const arg of args) {
+            const lastAt = arg.lastIndexOf('@');
+            const hasVersion = lastAt > 0;
+            const name = hasVersion ? arg.slice(0, lastAt) : arg;
+            const version = hasVersion ? arg.slice(lastAt + 1) : 'latest';
+            toInstall.push({ name, version });
+        }
+    } else {
+        const spinner = new Spinner('Reading package.json...').start();
+        const allDeps = {
+            ...pkgJson.dependencies,
+            ...(flags.production ? {} : pkgJson.devDependencies),
+        };
+        spinner.succeed(`Found ${Object.keys(allDeps).length} dependencies`);
+
+        // Prioritize lockfile-based installation for deterministic results
+        if (lockfile.exists()) {
+            logger.info('Using lock file for deterministic install');
+            const lockData = lockfile.allPackages();
+            const installer = new Installer(cwd);
+            const bar = new (require('../utils/progress').Spinner)('Installing from lock file...');
+            bar.start();
+            const fakeMap = new Map(lockData.map(p => [`${p.name}@${p.version}`, p]));
+            await installer.installAll(fakeMap, { dryRun, flags });
+            bar.succeed(`Installed ${lockData.length} packages`);
+            return;
+        }
+
+        toInstall = Object.entries(allDeps).map(([name, version]) => ({ name, version }));
+    }
+
+    if (!toInstall.length) {
+        logger.info('Nothing to install.');
+        return;
+    }
+
+    // ── Resolve ────────────────────────────────────────────────────────────────
+    const resolveSpinner = new Spinner(`Resolving ${toInstall.length} package(s)...`).start();
+    const resolver = new Resolver();
+
+    const deps = {};
+    const devDeps = {};
+    for (const { name, version } of toInstall) {
+        if (isDev) devDeps[name] = version;
+        else deps[name] = version;
+    }
+
+    let resolvedMap;
+    try {
+        resolvedMap = await resolver.resolve(deps, devDeps, {}, (count, total) => {
+            resolveSpinner.text = `Resolving packages... (${count} resolved)`;
+        });
+        resolveSpinner.succeed(`Resolved ${resolvedMap.size} packages (including transitive deps)`);
+    } catch (err) {
+        resolveSpinner.fail(`Resolution failed: ${err.message}`);
+        process.exit(1);
+    }
+
+    // Warn about circular deps
+    const circular = resolver.findCircular();
+    if (circular.length) {
+        logger.warn(`Circular dependencies detected:\n  ${circular.join('\n  ')}`);
+    }
+
+    // ── Install ────────────────────────────────────────────────────────────────
+    logger.info(`Installing ${resolvedMap.size} packages...`);
+    const installer = new Installer(cwd);
+    try {
+        await installer.installAll(resolvedMap, { dryRun, flags });
+    } catch (err) {
+        logger.error(`Install failed: ${err.message}`);
+        process.exit(1);
+    }
+
+    // ── Update package.json & lock file ─────────────────────────────────────────
+    if (!noSave && !dryRun && args.length) {
+        for (const { name } of toInstall) {
+            // Find actual resolved version
+            const resolved = [...resolvedMap.values()].find(m => m.name === name);
+            if (!resolved) continue;
+            pkgJson.addDependency(name, resolved.version, { dev: !!isDev, exact: isExact });
+        }
+        pkgJson.save();
+        logger.verbose('Updated package.json');
+    }
+
+    if (!dryRun) {
+        lockfile.update(resolvedMap).save();
+        logger.verbose('Updated jpm-lock.json');
+    }
+
+    // ── Summary ────────────────────────────────────────────────────────────────
+    const dupes = resolver.deduplicate();
+    if (dupes.length) {
+        logger.verbose(`Deduplication: ${dupes.length} packages have multiple versions`);
+    }
+
+    const directly = toInstall.map(({ name }) => {
+        const r = [...resolvedMap.values()].find(m => m.name === name);
+        return r ? `${r.name}@${r.version}` : name;
+    });
+
+    logger.success(`\nadded ${resolvedMap.size} packages`);
+    directly.forEach(p => logger.log(`  + ${logger.c.green(p)}`));
+};

package/src/commands/list.js

@@ -0,0 +1,103 @@
+'use strict';
+
+const fs = require('node:fs');
+const path = require('node:path');
+const PackageJSON = require('../core/package-json');
+const { formatBytes } = require('../utils/fs');
+const logger = require('../utils/logger');
+
+module.exports = async function list(args, flags) {
+    const cwd = process.cwd();
+    const depth = parseInt(flags.depth ?? flags.d ?? '0', 10);
+    const json = flags.json;
+    const nodeModules = path.join(cwd, 'node_modules');
+
+    const pkgJson = PackageJSON.fromDir(cwd);
+
+    if (!fs.existsSync(nodeModules)) {
+        logger.warn('No node_modules found. Run `jpm install` first.');
+        return;
+    }
+
+    // Collect top-level installed packages
+    const installed = [];
+    for (const entry of fs.readdirSync(nodeModules, { withFileTypes: true })) {
+        if (entry.name.startsWith('.')) continue;
+
+        if (entry.name.startsWith('@') && entry.isDirectory()) {
+            const scopeDir = path.join(nodeModules, entry.name);
+            for (const scoped of fs.readdirSync(scopeDir, { withFileTypes: true })) {
+                const pkg = readPkg(path.join(scopeDir, scoped.name));
+                if (pkg) installed.push(pkg);
+            }
+        } else if (entry.isDirectory()) {
+            const pkg = readPkg(path.join(nodeModules, entry.name));
+            if (pkg) installed.push(pkg);
+        }
+    }
+
+    // Sort alphabetically
+    installed.sort((a, b) => a.name.localeCompare(b.name));
+
+    if (json) {
+        process.stdout.write(JSON.stringify({ name: pkgJson.name, dependencies: toObj(installed) }, null, 2) + '\n');
+        return;
+    }
+
+    logger.log(`\n${logger.c.bold(pkgJson.name)}@${pkgJson.version}`);
+
+    const directDeps = new Set([
+        ...Object.keys(pkgJson.dependencies),
+        ...Object.keys(pkgJson.devDependencies),
+    ]);
+
+    const total = installed.length;
+    let totalSize = 0;
+
+    for (let i = 0; i < installed.length; i++) {
+        const pkg = installed[i];
+        const isLast = i === installed.length - 1;
+        const isDir = directDeps.has(pkg.name);
+        const devMark = Object.keys(pkgJson.devDependencies).includes(pkg.name)
+            ? logger.c.gray(' dev')
+            : '';
+
+        const conn = isLast ? '└── ' : '├── ';
+        const nameStr = logger.c.cyan(pkg.name);
+        const verStr = logger.c.gray(`@${pkg.version}`);
+        logger.log(`${conn}${nameStr}${verStr}${devMark}`);
+
+        if (depth > 0 && pkg.dependencies) {
+            const subDeps = Object.entries(pkg.dependencies);
+            subDeps.forEach(([depName, depRange], j) => {
+                const isLastSub = j === subDeps.length - 1;
+                const ext = isLast ? '    ' : '│   ';
+                const subConn = isLastSub ? '└── ' : '├── ';
+                logger.log(`${ext}${subConn}${logger.c.gray(depName)} ${logger.c.gray(depRange)}`);
+            });
+        }
+
+        totalSize += pkg.size || 0;
+    }
+
+    logger.log(`\n${total} packages  ${formatBytes(totalSize)}`);
+};
+
+function readPkg(dir) {
+    const f = path.join(dir, 'package.json');
+    try {
+        const data = JSON.parse(fs.readFileSync(f, 'utf8'));
+        let size = 0;
+        try {
+            for (const file of fs.readdirSync(dir)) {
+                const s = fs.statSync(path.join(dir, file));
+                if (s.isFile()) size += s.size;
+            }
+        } catch { }
+        return { name: data.name, version: data.version, dependencies: data.dependencies, size };
+    } catch { return null; }
+}
+
+function toObj(arr) {
+    return Object.fromEntries(arr.map(p => [p.name, { version: p.version }]));
+}

package/src/commands/publish.js

@@ -0,0 +1,148 @@
+'use strict';
+
+const fs = require('node:fs');
+const path = require('node:path');
+const crypto = require('node:crypto');
+const tar = require('tar');
+const PackageJSON = require('../core/package-json');
+const integrity = require('../security/integrity');
+const { getJSON } = require('../utils/http');
+const { tempDir, mkdirp } = require('../utils/fs');
+const { Spinner } = require('../utils/progress');
+const logger = require('../utils/logger');
+const config = require('../utils/config');
+
+module.exports = async function publish(args, flags) {
+    const cwd = process.cwd();
+    const pkgJson = PackageJSON.fromDir(cwd);
+
+    // 1. Validate
+    const errors = pkgJson.validate();
+    if (errors.length) {
+        logger.error('package.json validation failed:');
+        errors.forEach(e => logger.error(`  ${e}`));
+        process.exit(1);
+    }
+
+    const { name, version } = pkgJson;
+    const registry = config.registry.replace(/\/$/, '');
+
+    logger.section(`Publishing ${name}@${version}`);
+
+    // 2. Check auth token
+    const token = config.get('//registry.npmjs.org/:_authToken') || config.get('_authToken');
+    if (!token) {
+        logger.error('Not logged in. Set _authToken in ~/.jpmrc or run: npm login');
+        process.exit(1);
+    }
+
+    // 3. Check if version already exists
+    const spinner = new Spinner('Checking if version exists...').start();
+    try {
+        const existing = await getJSON(`${registry}/${encodeURIComponent(name)}/${version}`);
+        spinner.fail(`Version ${name}@${version} already exists in registry`);
+        process.exit(1);
+    } catch (err) {
+        if (err.status !== 404) {
+            spinner.warn('Could not verify version uniqueness, continuing...');
+        } else {
+            spinner.succeed('Version check passed');
+        }
+    }
+
+    // 4. Create tarball
+    const tmp = tempDir('jpm-publish-');
+    const tgz = path.join(tmp, `${name.replace('@', '').replace('/', '-')}-${version}.tgz`);
+
+    const packSpinner = new Spinner('Packing tarball...').start();
+
+    // Collect files respecting .npmignore / default ignore list
+    const ignore = getIgnoreList(cwd);
+    await tar.create(
+        { gzip: true, file: tgz, cwd, prefix: 'package' },
+        getFilesToPack(cwd, ignore)
+    );
+
+    const tgzStat = fs.statSync(tgz);
+    const shasum = await integrity.hashFile(tgz, 'sha1', 'hex');
+    const integrityH = await integrity.generateIntegrity(tgz);
+    const tgzBase64 = fs.readFileSync(tgz).toString('base64');
+
+    packSpinner.succeed(`Packed ${logger.c.gray(`(${(tgzStat.size / 1024).toFixed(1)} KB)`)}`);
+
+    // 5. Build publish body
+    const body = {
+        _id: name,
+        name,
+        'dist-tags': { latest: version },
+        versions: {
+            [version]: {
+                ...pkgJson.data,
+                dist: {
+                    shasum,
+                    integrity: integrityH,
+                    tarball: `${registry}/${encodeURIComponent(name)}/-/${name}-${version}.tgz`,
+                },
+            },
+        },
+        _attachments: {
+            [`${name}-${version}.tgz`]: {
+                content_type: 'application/octet-stream',
+                data: tgzBase64,
+                length: tgzStat.size,
+            },
+        },
+    };
+
+    // 6. PUT to registry
+    const uploadSpinner = new Spinner('Uploading to registry...').start();
+    const { request } = require('../utils/http');
+    const bodyStr = JSON.stringify(body);
+
+    try {
+        const res = await request(`${registry}/${encodeURIComponent(name)}`, {
+            method: 'PUT',
+            headers: {
+                'Content-Type': 'application/json',
+                'Authorization': `Bearer ${token}`,
+                'Content-Length': Buffer.byteLength(bodyStr),
+                ...(flags.otp ? { 'npm-otp': flags.otp } : {}),
+            },
+            body: bodyStr,
+            retries: 1,
+        });
+
+        if (res.status < 200 || res.status >= 300) {
+            uploadSpinner.fail(`Publish failed: HTTP ${res.status} — ${res.body.slice(0, 200)}`);
+            process.exit(1);
+        }
+
+        uploadSpinner.succeed('Published!');
+        logger.success(`\n+ ${name}@${version}`);
+        logger.log(logger.c.gray(`${registry}/${encodeURIComponent(name)}`));
+    } catch (err) {
+        uploadSpinner.fail(`Publish error: ${err.message}`);
+        process.exit(1);
+    }
+};
+
+function getIgnoreList(dir) {
+    const defaults = new Set(['node_modules', '.git', '.DS_Store', '*.log', 'coverage', '.jpm-lock.json']);
+    const ignoreFile = path.join(dir, '.npmignore');
+    if (fs.existsSync(ignoreFile)) {
+        fs.readFileSync(ignoreFile, 'utf8').split('\n').forEach(l => {
+            const t = l.trim();
+            if (t && !t.startsWith('#')) defaults.add(t);
+        });
+    }
+    return defaults;
+}
+
+function getFilesToPack(dir, ignore) {
+    const files = [];
+    for (const entry of fs.readdirSync(dir)) {
+        if ([...ignore].some(ig => entry === ig || entry.startsWith(ig.replace('*', '')))) continue;
+        files.push(entry);
+    }
+    return files.length ? files : ['.'];
+}

package/src/commands/run.js

@@ -0,0 +1,72 @@
+'use strict';
+
+const { spawnSync } = require('node:child_process');
+const path = require('node:path');
+const PackageJSON = require('../core/package-json');
+const logger = require('../utils/logger');
+
+module.exports = async function run(args, flags) {
+    const [scriptName, ...scriptArgs] = args;
+    const cwd = process.cwd();
+    const pkgJson = PackageJSON.fromDir(cwd);
+    const scripts = pkgJson.scripts;
+
+    // `jpm run` with no script — list available scripts
+    if (!scriptName) {
+        logger.section('Available scripts:');
+        if (!Object.keys(scripts).length) {
+            logger.info('No scripts defined in package.json');
+            return;
+        }
+        for (const [name, cmd] of Object.entries(scripts)) {
+            logger.log(`  ${logger.c.cyan(name.padEnd(20))} ${logger.c.gray(cmd)}`);
+        }
+        return;
+    }
+
+    if (!scripts[scriptName]) {
+        logger.error(`Script "${scriptName}" not found in package.json`);
+        logger.info(`Available: ${Object.keys(scripts).join(', ')}`);
+        process.exit(1);
+    }
+
+    // Pre-hook: check for 'pre<script>'
+    if (scripts[`pre${scriptName}`]) {
+        logger.info(`> ${pkgJson.name} pre${scriptName}`);
+        run_script(`pre${scriptName}`, scripts, cwd, scriptArgs);
+    }
+
+    logger.info(`\n> ${pkgJson.name} ${scriptName}`);
+    logger.info(`> ${scripts[scriptName]}\n`);
+
+    const result = run_script(scriptName, scripts, cwd, scriptArgs);
+
+    // Post-hook: check for 'post<script>'
+    if (scripts[`post${scriptName}`]) {
+        logger.info(`> ${pkgJson.name} post${scriptName}`);
+        run_script(`post${scriptName}`, scripts, cwd, scriptArgs);
+    }
+
+    if (result.status !== 0) {
+        logger.error(`Script "${scriptName}" exited with code ${result.status}`);
+        process.exit(result.status || 1);
+    }
+};
+
+function run_script(name, scripts, cwd, extraArgs) {
+    const cmd = scripts[name] + (extraArgs.length ? ' ' + extraArgs.join(' ') : '');
+
+    // Add local .bin to PATH so locally installed binaries work
+    const binPath = path.join(cwd, 'node_modules', '.bin');
+    const env = {
+        ...process.env,
+        PATH: `${binPath}${process.platform === 'win32' ? ';' : ':'}${process.env.PATH}`,
+    };
+
+    return spawnSync(cmd, {
+        cwd,
+        shell: true,
+        stdio: 'inherit',
+        env,
+    });
+}

package/src/commands/search.js

@@ -0,0 +1,41 @@
+'use strict';
+
+const registry = require('../core/registry');
+const { Spinner } = require('../utils/progress');
+const logger = require('../utils/logger');
+
+module.exports = async function search(args, flags) {
+    const query = args.join(' ');
+    if (!query) { logger.error('Usage: jpm search <query>'); process.exit(1); }
+
+    const size = parseInt(flags.size || flags.n || '20', 10);
+    const spinner = new Spinner(`Searching for "${query}"...`).start();
+
+    let results;
+    try {
+        results = await registry.search(query, { size });
+    } catch (err) {
+        spinner.fail(`Search failed: ${err.message}`);
+        process.exit(1);
+    }
+
+    spinner.succeed(`Found ${results.length} result(s) for "${query}"`);
+
+    if (!results.length) { logger.info('No packages found.'); return; }
+
+    logger.log('');
+    const rows = results.map(r => ({
+        Name: r.package?.name || '',
+        Version: r.package?.version || '',
+        Description: (r.package?.description || '').slice(0, 55),
+        Downloads: r.downloads?.weekly != null
+            ? r.downloads.weekly.toLocaleString()
+            : 'n/a',
+        Score: r.score?.final != null
+            ? (r.score.final * 100).toFixed(0) + '%'
+            : 'n/a',
+    }));
+    logger.table(rows, ['Name', 'Version', 'Description', 'Downloads', 'Score']);
+
+    logger.log(`\n${logger.c.gray('Run `jpm info <package>` for details. `jpm install <package>` to install.')}`);
+};

package/src/commands/uninstall.js

@@ -0,0 +1,48 @@
+'use strict';
+
+const PackageJSON = require('../core/package-json');
+const Installer = require('../core/installer');
+const Lockfile = require('../core/lockfile');
+const Resolver = require('../core/resolver');
+const { Spinner } = require('../utils/progress');
+const logger = require('../utils/logger');
+
+module.exports = async function uninstall(args, flags) {
+    if (!args.length) {
+        logger.error('Usage: jpm uninstall <package> [package2 ...]');
+        process.exit(1);
+    }
+
+    const cwd = process.cwd();
+    const pkgJson = PackageJSON.fromDir(cwd);
+    const lockfile = new Lockfile(cwd);
+    const installer = new Installer(cwd);
+
+    for (const name of args) {
+        const spinner = new Spinner(`Removing ${name}...`).start();
+
+        const removed = await installer.uninstall(name);
+        if (!removed) {
+            spinner.warn(`${name} was not installed`);
+            continue;
+        }
+
+        // Remove from package.json
+        pkgJson.removeDependency(name);
+
+        // Remove from lock file — remove all entries with this name
+        const toRemove = lockfile.allPackages()
+            .filter(p => p.name === name)
+            .map(p => ({ name: p.name, version: p.version }));
+
+        for (const { name: n, version: v } of toRemove) {
+            lockfile.removePackage(n, v);
+        }
+
+        spinner.succeed(`Removed ${name}`);
+    }
+
+    pkgJson.save();
+    lockfile.save();
+    logger.success(`\nRemoved ${args.length} package(s)`);
+};