npm - lockdelta - Versions diffs - 0.1.0 → 0.1.1 - Mend

lockdelta 0.1.0 → 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/dist/index.js CHANGED Viewed

@@ -4,152 +4,148 @@ import { readFileSync } from "fs";
 // src/core/report.ts
 import { posix as posix2 } from "path";
-// src/ecosystems/python/parsers/toml.ts
-import { parse } from "smol-toml";
-function parseTomlPackages(content) {
-  try {
-    const data = parse(content);
-    const packages = {};
-    for (const pkg of [...data.package ?? [], ...data.packages ?? []]) {
-      if (typeof pkg.name === "string" && typeof pkg.version === "string") {
-        packages[pkg.name] = pkg.version;
-      }
-    }
-    return packages;
-  } catch {
-    return parseTomlPackagesRegex(content);
-  }
-}
-function parseTomlPackagesRegex(content) {
-  const packages = {};
-  const blocks = content.split(/\[\[packages?\]\]/);
-  for (const block of blocks) {
-    const nameMatch = block.match(/\nname\s*=\s*"([^"]+)"/);
-    const versionMatch = block.match(/\nversion\s*=\s*"([^"]+)"/);
-    if (nameMatch && versionMatch) {
-      packages[nameMatch[1]] = versionMatch[1];
-    }
-  }
-  return packages;
-}
-// src/ecosystems/python/pyproject.ts
-import { parse as parse2 } from "smol-toml";
-function normalizePythonName(name) {
-  return name.toLowerCase().replace(/[-_.]+/g, "_");
-}
-function extractPkgName(dep) {
-  const match = String(dep).match(/^([\w][\w.-]*)/);
-  return match ? normalizePythonName(match[1]) : null;
+// src/ecosystems/deno/deno-json.ts
+function normalizeDenoName(name) {
+  return name.toLowerCase();
 }
 function parseDirectDeps(content) {
   const prod = /* @__PURE__ */ new Set();
-  const dev = /* @__PURE__ */ new Set();
   let data;
   try {
-    data = parse2(content);
+    data = JSON.parse(content);
   } catch {
-    return { prod, dev };
-  }
-  const project = data["project"];
-  const pep517Deps = project?.["dependencies"];
-  if (Array.isArray(pep517Deps)) {
-    for (const dep of pep517Deps) {
-      const name = extractPkgName(dep);
-      if (name) prod.add(name);
-    }
+    return { prod, dev: /* @__PURE__ */ new Set() };
   }
-  const optDeps = project?.["optional-dependencies"];
-  if (optDeps && typeof optDeps === "object") {
-    for (const group of Object.values(optDeps)) {
-      if (Array.isArray(group)) {
-        for (const dep of group) {
-          const name = extractPkgName(dep);
-          if (name && !prod.has(name)) dev.add(name);
-        }
-      }
+  const imports = data.imports;
+  if (imports) {
+    for (const specifier of Object.values(imports)) {
+      const name = extractPackageName(specifier);
+      if (name) prod.add(normalizeDenoName(name));
     }
   }
-  const tool = data["tool"];
-  const poetry = tool?.["poetry"];
-  if (poetry) {
-    const poetryDeps = poetry["dependencies"];
-    if (poetryDeps) {
-      for (const key of Object.keys(poetryDeps)) {
-        if (key.toLowerCase() !== "python") prod.add(normalizePythonName(key));
-      }
-    }
-    const devDeps = poetry["dev-dependencies"];
-    if (devDeps) {
-      for (const key of Object.keys(devDeps)) {
-        const normalized = normalizePythonName(key);
-        if (!prod.has(normalized)) dev.add(normalized);
-      }
-    }
-    const groups = poetry["group"];
-    if (groups) {
-      for (const group of Object.values(groups)) {
-        const groupDeps = group["dependencies"];
-        if (groupDeps) {
-          for (const key of Object.keys(groupDeps)) {
-            const normalized = normalizePythonName(key);
-            if (!prod.has(normalized)) dev.add(normalized);
-          }
-        }
-      }
-    }
+  const workspace = data.workspace;
+  for (const specifier of workspace?.dependencies ?? []) {
+    const name = extractPackageName(specifier);
+    if (name) prod.add(normalizeDenoName(name));
   }
-  const uv = tool?.["uv"];
-  const uvDevDeps = uv?.["dev-dependencies"];
-  if (Array.isArray(uvDevDeps)) {
-    for (const dep of uvDevDeps) {
-      const name = extractPkgName(dep);
-      if (name && !prod.has(name)) dev.add(name);
-    }
+  return { prod, dev: /* @__PURE__ */ new Set() };
+}
+function extractPackageName(specifier) {
+  const withoutProtocol = specifier.replace(/^(?:npm|jsr|node):/, "");
+  if (specifier.startsWith("node:")) return null;
+  if (withoutProtocol.startsWith("@")) {
+    const atIdx2 = withoutProtocol.indexOf("@", 1);
+    return atIdx2 > 0 ? withoutProtocol.slice(0, atIdx2) : withoutProtocol;
   }
-  const depGroups = data["dependency-groups"];
-  if (depGroups && typeof depGroups === "object") {
-    for (const group of Object.values(depGroups)) {
-      if (Array.isArray(group)) {
-        for (const entry of group) {
-          if (typeof entry === "string") {
-            const name = extractPkgName(entry);
-            if (name && !prod.has(name)) dev.add(name);
-          }
-        }
+  const atIdx = withoutProtocol.indexOf("@");
+  return atIdx > 0 ? withoutProtocol.slice(0, atIdx) : withoutProtocol || null;
+}
+// src/ecosystems/deno/parsers/deno-lock.ts
+function parseDenoLock(content) {
+  const data = JSON.parse(content);
+  const result = {};
+  for (const [key, registry2] of [
+    ["npm", data.packages?.npm],
+    ["jsr", data.packages?.jsr]
+  ]) {
+    if (!registry2) continue;
+    for (const specifier of Object.keys(registry2)) {
+      const { name, version } = splitSpecifier(specifier);
+      const resultKey = key === "jsr" ? `jsr:${name}` : name;
+      if (name && version && !result[resultKey]) {
+        result[resultKey] = version;
       }
     }
   }
-  return { prod, dev };
+  return result;
+}
+function splitSpecifier(specifier) {
+  if (specifier.startsWith("@")) {
+    const atIdx2 = specifier.indexOf("@", 1);
+    if (atIdx2 < 0) return { name: specifier, version: "" };
+    return { name: specifier.slice(0, atIdx2), version: specifier.slice(atIdx2 + 1) };
+  }
+  const atIdx = specifier.indexOf("@");
+  if (atIdx < 0) return { name: specifier, version: "" };
+  return { name: specifier.slice(0, atIdx), version: specifier.slice(atIdx + 1) };
 }
-// src/ecosystems/python/index.ts
-var SUPPORTED_LOCKFILES = [
-  { filename: "uv.lock", type: "uv" },
-  { filename: "poetry.lock", type: "poetry" },
-  { filename: "pdm.lock", type: "pdm" },
-  { filename: "pylock.toml", type: "pylock" }
-  // PEP 751
-];
-var lockfileTypeMap = new Map(SUPPORTED_LOCKFILES.map((l) => [l.filename, l.type]));
-var pythonEcosystem = {
-  name: "python",
+// src/ecosystems/deno/index.ts
+var SUPPORTED_LOCKFILES = [{ filename: "deno.lock", type: "deno" }];
+var denoEcosystem = {
+  name: "deno",
   supportedLockfiles: SUPPORTED_LOCKFILES,
-  manifestName: "pyproject.toml",
+  manifestName: "deno.json",
   getLockfileType(filename) {
-    return lockfileTypeMap.get(filename);
+    return filename === "deno.lock" ? "deno" : void 0;
   },
   parseLockfile(content, _lockfileType) {
-    return parseTomlPackages(content);
+    return parseDenoLock(content);
   },
   parseDirectDeps(manifestContent) {
     return parseDirectDeps(manifestContent);
   },
   normalizeName(name) {
-    return normalizePythonName(name);
+    return normalizeDenoName(name);
   }
 };
+// src/ecosystems/javascript/package-json.ts
+var PROD_SECTIONS = ["dependencies", "optionalDependencies", "peerDependencies"];
+function normalizeJsName(name) {
+  return name.toLowerCase();
+}
+function parseDirectDeps2(content) {
+  const prod = /* @__PURE__ */ new Set();
+  const dev = /* @__PURE__ */ new Set();
+  let data;
+  try {
+    data = JSON.parse(content);
+  } catch {
+    return { prod, dev };
+  }
+  for (const section of PROD_SECTIONS) {
+    const deps = data[section];
+    if (deps && typeof deps === "object") {
+      for (const name of Object.keys(deps)) {
+        prod.add(normalizeJsName(name));
+      }
+    }
+  }
+  const devDeps = data.devDependencies;
+  if (devDeps && typeof devDeps === "object") {
+    for (const name of Object.keys(devDeps)) {
+      const normalized = normalizeJsName(name);
+      if (!prod.has(normalized)) dev.add(normalized);
+    }
+  }
+  return { prod, dev };
+}
+// src/ecosystems/javascript/parsers/bun.ts
+function parseBunLock(content) {
+  const data = JSON.parse(content);
+  const result = {};
+  for (const [name, entry] of Object.entries(data.packages ?? {})) {
+    if (!Array.isArray(entry)) continue;
+    const nameAtVersion = entry[0];
+    if (typeof nameAtVersion !== "string") continue;
+    const version = extractVersion(nameAtVersion);
+    if (!version || version.startsWith("workspace:")) continue;
+    result[name] = version;
+  }
+  return result;
+}
+function extractVersion(nameAtVersion) {
+  if (nameAtVersion.startsWith("@")) {
+    const atIdx2 = nameAtVersion.indexOf("@", 1);
+    return atIdx2 > 0 ? nameAtVersion.slice(atIdx2 + 1) : "";
+  }
+  const atIdx = nameAtVersion.indexOf("@");
+  return atIdx > 0 ? nameAtVersion.slice(atIdx + 1) : "";
+}
 // src/ecosystems/javascript/parsers/npm.ts
 function parseNpmLock(content) {
   const data = JSON.parse(content);
@@ -189,69 +185,10 @@ function parseV1Dependencies(deps, result = {}) {
   return result;
 }
-// src/ecosystems/javascript/parsers/yarn.ts
-import { parse as parseYaml } from "yaml";
-function parseYarnLock(content) {
-  return isYarnBerry(content) ? parseYarnBerry(content) : parseYarnV1(content);
-}
-function isYarnBerry(content) {
-  return content.includes("__metadata:");
-}
-function extractNameFromSpecifier(spec) {
-  const trimmed = spec.trim().replace(/^"|"$/g, "");
-  if (trimmed.startsWith("@")) {
-    const idx = trimmed.indexOf("@", 1);
-    return idx > 0 ? trimmed.slice(0, idx) : trimmed;
-  }
-  const atIdx = trimmed.indexOf("@");
-  return atIdx > 0 ? trimmed.slice(0, atIdx) : trimmed;
-}
-function parseYarnV1(content) {
-  const packages = {};
-  const blocks = content.split(/\n\n+/);
-  for (const block of blocks) {
-    const trimmed = block.trim();
-    if (!trimmed || trimmed.startsWith("#")) continue;
-    const versionMatch = trimmed.match(/^[ \t]+version "([^"]+)"/m);
-    if (!versionMatch) continue;
-    const headerLine = trimmed.split("\n")[0].trim().replace(/:$/, "");
-    const firstSpecifier = headerLine.split(",")[0].trim().replace(/^"|"$/g, "");
-    const name = extractNameFromSpecifier(firstSpecifier);
-    if (name && !packages[name]) {
-      packages[name] = versionMatch[1];
-    }
-  }
-  return packages;
-}
-function parseYarnBerry(content) {
-  const data = parseYaml(content);
-  const packages = {};
-  for (const [key, value] of Object.entries(data)) {
-    if (key === "__metadata") continue;
-    if (typeof value !== "object" || !value) continue;
-    const entry = value;
-    if (entry.linkType === "soft") continue;
-    if (!entry.version) continue;
-    const cleanKey = key.replace(/^"|"$/g, "");
-    const name = extractNameFromBerryKey(cleanKey);
-    if (name && !packages[name]) {
-      packages[name] = entry.version;
-    }
-  }
-  return packages;
-}
-function extractNameFromBerryKey(key) {
-  if (key.startsWith("@")) {
-    const idx = key.indexOf("@", 1);
-    return idx > 0 ? key.slice(0, idx) : key;
-  }
-  return key.split("@")[0];
-}
 // src/ecosystems/javascript/parsers/pnpm.ts
-import { parse as parseYaml2 } from "yaml";
+import { parse as parseYaml } from "yaml";
 function parsePnpmLock(content) {
-  const data = parseYaml2(content);
+  const data = parseYaml(content);
   if (!data?.packages) return {};
   const lockfileVersion = parseLockfileVersion(data.lockfileVersion);
   if (lockfileVersion >= 9) {
@@ -261,13 +198,14 @@ function parsePnpmLock(content) {
 }
 function parseLockfileVersion(v) {
   if (typeof v === "number") return v;
-  if (typeof v === "string") return parseFloat(v);
+  if (typeof v === "string") return Number.parseFloat(v);
   return 0;
 }
 function parsePnpmV9(packages) {
   const result = {};
   for (const key of Object.keys(packages)) {
-    let name, version;
+    let name;
+    let version;
     if (key.startsWith("@")) {
       const atIdx = key.indexOf("@", 1);
       if (atIdx < 0) continue;
@@ -290,7 +228,8 @@ function parsePnpmLegacy(packages) {
   const result = {};
   for (const key of Object.keys(packages)) {
     const cleaned = key.startsWith("/") ? key.slice(1) : key;
-    let name, version;
+    let name;
+    let version;
     if (cleaned.startsWith("@")) {
       const secondSlash = cleaned.indexOf("/", cleaned.indexOf("/") + 1);
       const secondAt = cleaned.indexOf("@", 1);
@@ -327,59 +266,63 @@ function stripVersionSuffix(version) {
   return version.split("(")[0].split("_")[0].trim();
 }
-// src/ecosystems/javascript/parsers/bun.ts
-function parseBunLock(content) {
-  const data = JSON.parse(content);
-  const result = {};
-  for (const [name, entry] of Object.entries(data.packages ?? {})) {
-    if (!Array.isArray(entry)) continue;
-    const nameAtVersion = entry[0];
-    if (typeof nameAtVersion !== "string") continue;
-    const version = extractVersion(nameAtVersion);
-    if (!version || version.startsWith("workspace:")) continue;
-    result[name] = version;
-  }
-  return result;
-}
-function extractVersion(nameAtVersion) {
-  if (nameAtVersion.startsWith("@")) {
-    const atIdx2 = nameAtVersion.indexOf("@", 1);
-    return atIdx2 > 0 ? nameAtVersion.slice(atIdx2 + 1) : "";
-  }
-  const atIdx = nameAtVersion.indexOf("@");
-  return atIdx > 0 ? nameAtVersion.slice(atIdx + 1) : "";
+// src/ecosystems/javascript/parsers/yarn.ts
+import { parse as parseYaml2 } from "yaml";
+function parseYarnLock(content) {
+  return isYarnBerry(content) ? parseYarnBerry(content) : parseYarnV1(content);
 }
-// src/ecosystems/javascript/package-json.ts
-var PROD_SECTIONS = ["dependencies", "optionalDependencies", "peerDependencies"];
-function normalizeJsName(name) {
-  return name.toLowerCase();
+function isYarnBerry(content) {
+  return content.includes("__metadata:");
 }
-function parseDirectDeps2(content) {
-  const prod = /* @__PURE__ */ new Set();
-  const dev = /* @__PURE__ */ new Set();
-  let data;
-  try {
-    data = JSON.parse(content);
-  } catch {
-    return { prod, dev };
-  }
-  for (const section of PROD_SECTIONS) {
-    const deps = data[section];
-    if (deps && typeof deps === "object") {
-      for (const name of Object.keys(deps)) {
-        prod.add(normalizeJsName(name));
-      }
+function extractNameFromSpecifier(spec) {
+  const trimmed = spec.trim().replace(/^"|"$/g, "");
+  if (trimmed.startsWith("@")) {
+    const idx = trimmed.indexOf("@", 1);
+    return idx > 0 ? trimmed.slice(0, idx) : trimmed;
+  }
+  const atIdx = trimmed.indexOf("@");
+  return atIdx > 0 ? trimmed.slice(0, atIdx) : trimmed;
+}
+function parseYarnV1(content) {
+  const packages = {};
+  const blocks = content.split(/\n\n+/);
+  for (const block of blocks) {
+    const trimmed = block.trim();
+    if (!trimmed || trimmed.startsWith("#")) continue;
+    const versionMatch = trimmed.match(/^[ \t]+version "([^"]+)"/m);
+    if (!versionMatch) continue;
+    const headerLine = trimmed.split("\n")[0].trim().replace(/:$/, "");
+    const firstSpecifier = headerLine.split(",")[0].trim().replace(/^"|"$/g, "");
+    const name = extractNameFromSpecifier(firstSpecifier);
+    if (name && !packages[name]) {
+      packages[name] = versionMatch[1];
     }
   }
-  const devDeps = data["devDependencies"];
-  if (devDeps && typeof devDeps === "object") {
-    for (const name of Object.keys(devDeps)) {
-      const normalized = normalizeJsName(name);
-      if (!prod.has(normalized)) dev.add(normalized);
+  return packages;
+}
+function parseYarnBerry(content) {
+  const data = parseYaml2(content);
+  const packages = {};
+  for (const [key, value] of Object.entries(data)) {
+    if (key === "__metadata") continue;
+    if (typeof value !== "object" || !value) continue;
+    const entry = value;
+    if (entry.linkType === "soft") continue;
+    if (!entry.version) continue;
+    const cleanKey = key.replace(/^"|"$/g, "");
+    const name = extractNameFromBerryKey(cleanKey);
+    if (name && !packages[name]) {
+      packages[name] = entry.version;
     }
   }
-  return { prod, dev };
+  return packages;
+}
+function extractNameFromBerryKey(key) {
+  if (key.startsWith("@")) {
+    const idx = key.indexOf("@", 1);
+    return idx > 0 ? key.slice(0, idx) : key;
+  }
+  return key.split("@")[0];
 }
 // src/ecosystems/javascript/index.ts
@@ -389,13 +332,13 @@ var SUPPORTED_LOCKFILES2 = [
   { filename: "pnpm-lock.yaml", type: "pnpm" },
   { filename: "bun.lock", type: "bun" }
 ];
-var lockfileTypeMap2 = new Map(SUPPORTED_LOCKFILES2.map((l) => [l.filename, l.type]));
+var lockfileTypeMap = new Map(SUPPORTED_LOCKFILES2.map((l) => [l.filename, l.type]));
 var javascriptEcosystem = {
   name: "javascript",
   supportedLockfiles: SUPPORTED_LOCKFILES2,
   manifestName: "package.json",
   getLockfileType(filename) {
-    return lockfileTypeMap2.get(filename);
+    return lockfileTypeMap.get(filename);
   },
   parseLockfile(content, lockfileType) {
     switch (lockfileType) {
@@ -419,90 +362,149 @@ var javascriptEcosystem = {
   }
 };
-// src/ecosystems/deno/parsers/deno-lock.ts
-function parseDenoLock(content) {
-  const data = JSON.parse(content);
-  const result = {};
-  for (const [key, registry2] of [
-    ["npm", data.packages?.npm],
-    ["jsr", data.packages?.jsr]
-  ]) {
-    if (!registry2) continue;
-    for (const specifier of Object.keys(registry2)) {
-      const { name, version } = splitSpecifier(specifier);
-      const resultKey = key === "jsr" ? `jsr:${name}` : name;
-      if (name && version && !result[resultKey]) {
-        result[resultKey] = version;
+// src/ecosystems/python/parsers/toml.ts
+import { parse } from "smol-toml";
+function parseTomlPackages(content) {
+  try {
+    const data = parse(content);
+    const packages = {};
+    for (const pkg of [...data.package ?? [], ...data.packages ?? []]) {
+      if (typeof pkg.name === "string" && typeof pkg.version === "string") {
+        packages[pkg.name] = pkg.version;
       }
     }
+    return packages;
+  } catch {
+    return parseTomlPackagesRegex(content);
   }
-  return result;
 }
-function splitSpecifier(specifier) {
-  if (specifier.startsWith("@")) {
-    const atIdx2 = specifier.indexOf("@", 1);
-    if (atIdx2 < 0) return { name: specifier, version: "" };
-    return { name: specifier.slice(0, atIdx2), version: specifier.slice(atIdx2 + 1) };
+function parseTomlPackagesRegex(content) {
+  const packages = {};
+  const blocks = content.split(/\[\[packages?\]\]/);
+  for (const block of blocks) {
+    const nameMatch = block.match(/\nname\s*=\s*"([^"]+)"/);
+    const versionMatch = block.match(/\nversion\s*=\s*"([^"]+)"/);
+    if (nameMatch && versionMatch) {
+      packages[nameMatch[1]] = versionMatch[1];
+    }
   }
-  const atIdx = specifier.indexOf("@");
-  if (atIdx < 0) return { name: specifier, version: "" };
-  return { name: specifier.slice(0, atIdx), version: specifier.slice(atIdx + 1) };
+  return packages;
 }
-// src/ecosystems/deno/deno-json.ts
-function normalizeDenoName(name) {
-  return name.toLowerCase();
+// src/ecosystems/python/pyproject.ts
+import { parse as parse2 } from "smol-toml";
+function normalizePythonName(name) {
+  return name.toLowerCase().replace(/[-_.]+/g, "_");
+}
+function extractPkgName(dep) {
+  const match = String(dep).match(/^([\w][\w.-]*)/);
+  return match ? normalizePythonName(match[1]) : null;
 }
 function parseDirectDeps3(content) {
   const prod = /* @__PURE__ */ new Set();
+  const dev = /* @__PURE__ */ new Set();
   let data;
   try {
-    data = JSON.parse(content);
+    data = parse2(content);
   } catch {
-    return { prod, dev: /* @__PURE__ */ new Set() };
+    return { prod, dev };
   }
-  const imports = data["imports"];
-  if (imports) {
-    for (const specifier of Object.values(imports)) {
-      const name = extractPackageName(specifier);
-      if (name) prod.add(normalizeDenoName(name));
+  const project = data.project;
+  const pep517Deps = project?.dependencies;
+  if (Array.isArray(pep517Deps)) {
+    for (const dep of pep517Deps) {
+      const name = extractPkgName(dep);
+      if (name) prod.add(name);
     }
   }
-  const workspace = data["workspace"];
-  for (const specifier of workspace?.dependencies ?? []) {
-    const name = extractPackageName(specifier);
-    if (name) prod.add(normalizeDenoName(name));
+  const optDeps = project?.["optional-dependencies"];
+  if (optDeps && typeof optDeps === "object") {
+    for (const group of Object.values(optDeps)) {
+      if (Array.isArray(group)) {
+        for (const dep of group) {
+          const name = extractPkgName(dep);
+          if (name && !prod.has(name)) dev.add(name);
+        }
+      }
+    }
   }
-  return { prod, dev: /* @__PURE__ */ new Set() };
-}
-function extractPackageName(specifier) {
-  const withoutProtocol = specifier.replace(/^(?:npm|jsr|node):/, "");
-  if (specifier.startsWith("node:")) return null;
-  if (withoutProtocol.startsWith("@")) {
-    const atIdx2 = withoutProtocol.indexOf("@", 1);
-    return atIdx2 > 0 ? withoutProtocol.slice(0, atIdx2) : withoutProtocol;
+  const tool = data.tool;
+  const poetry = tool?.poetry;
+  if (poetry) {
+    const poetryDeps = poetry.dependencies;
+    if (poetryDeps) {
+      for (const key of Object.keys(poetryDeps)) {
+        if (key.toLowerCase() !== "python") prod.add(normalizePythonName(key));
+      }
+    }
+    const devDeps = poetry["dev-dependencies"];
+    if (devDeps) {
+      for (const key of Object.keys(devDeps)) {
+        const normalized = normalizePythonName(key);
+        if (!prod.has(normalized)) dev.add(normalized);
+      }
+    }
+    const groups = poetry.group;
+    if (groups) {
+      for (const group of Object.values(groups)) {
+        const groupDeps = group.dependencies;
+        if (groupDeps) {
+          for (const key of Object.keys(groupDeps)) {
+            const normalized = normalizePythonName(key);
+            if (!prod.has(normalized)) dev.add(normalized);
+          }
+        }
+      }
+    }
   }
-  const atIdx = withoutProtocol.indexOf("@");
-  return atIdx > 0 ? withoutProtocol.slice(0, atIdx) : withoutProtocol || null;
+  const uv = tool?.uv;
+  const uvDevDeps = uv?.["dev-dependencies"];
+  if (Array.isArray(uvDevDeps)) {
+    for (const dep of uvDevDeps) {
+      const name = extractPkgName(dep);
+      if (name && !prod.has(name)) dev.add(name);
+    }
+  }
+  const depGroups = data["dependency-groups"];
+  if (depGroups && typeof depGroups === "object") {
+    for (const group of Object.values(depGroups)) {
+      if (Array.isArray(group)) {
+        for (const entry of group) {
+          if (typeof entry === "string") {
+            const name = extractPkgName(entry);
+            if (name && !prod.has(name)) dev.add(name);
+          }
+        }
+      }
+    }
+  }
+  return { prod, dev };
 }
-// src/ecosystems/deno/index.ts
-var SUPPORTED_LOCKFILES3 = [{ filename: "deno.lock", type: "deno" }];
-var denoEcosystem = {
-  name: "deno",
+// src/ecosystems/python/index.ts
+var SUPPORTED_LOCKFILES3 = [
+  { filename: "uv.lock", type: "uv" },
+  { filename: "poetry.lock", type: "poetry" },
+  { filename: "pdm.lock", type: "pdm" },
+  { filename: "pylock.toml", type: "pylock" }
+  // PEP 751
+];
+var lockfileTypeMap2 = new Map(SUPPORTED_LOCKFILES3.map((l) => [l.filename, l.type]));
+var pythonEcosystem = {
+  name: "python",
   supportedLockfiles: SUPPORTED_LOCKFILES3,
-  manifestName: "deno.json",
+  manifestName: "pyproject.toml",
   getLockfileType(filename) {
-    return filename === "deno.lock" ? "deno" : void 0;
+    return lockfileTypeMap2.get(filename);
   },
   parseLockfile(content, _lockfileType) {
-    return parseDenoLock(content);
+    return parseTomlPackages(content);
   },
   parseDirectDeps(manifestContent) {
     return parseDirectDeps3(manifestContent);
   },
   normalizeName(name) {
-    return normalizeDenoName(name);
+    return normalizePythonName(name);
   }
 };
@@ -527,6 +529,29 @@ registerEcosystem(pythonEcosystem);
 registerEcosystem(javascriptEcosystem);
 registerEcosystem(denoEcosystem);
+// src/core/diff.ts
+function diffPackages(oldPkgs, newPkgs, directDeps, normalizeName) {
+  const allNames = /* @__PURE__ */ new Set([...Object.keys(oldPkgs), ...Object.keys(newPkgs)]);
+  const changes = [];
+  for (const name of [...allNames].sort()) {
+    const inOld = name in oldPkgs;
+    const inNew = name in newPkgs;
+    if (inOld && inNew && oldPkgs[name] === newPkgs[name]) continue;
+    const normalized = normalizeName(name);
+    const isProd = directDeps.prod.has(normalized);
+    const isDev = directDeps.dev.has(normalized) && !isProd;
+    changes.push({
+      name,
+      change_type: !inOld ? "added" : !inNew ? "removed" : "updated",
+      old_version: inOld ? oldPkgs[name] : null,
+      new_version: inNew ? newPkgs[name] : null,
+      is_direct: isProd || isDev,
+      is_dev: isDev
+    });
+  }
+  return changes;
+}
 // src/core/discovery.ts
 import { posix } from "path";
 function workspaceFromPath(filePath) {
@@ -590,6 +615,7 @@ function resolveLockfilePair(baseFiles, headFiles) {
       basePath: chosen.path,
       baseType: chosen.type,
       headPath: chosen.path,
+      // biome-ignore lint/style/noNonNullAssertion: path is guaranteed present (comes from common set)
       headType: headByPath.get(chosen.path).type,
       migrationNote: null,
       ecosystemName: chosen.ecosystemName
@@ -632,29 +658,6 @@ function resolveLockfilePair(baseFiles, headFiles) {
   return null;
 }
-// src/core/diff.ts
-function diffPackages(oldPkgs, newPkgs, directDeps, normalizeName) {
-  const allNames = /* @__PURE__ */ new Set([...Object.keys(oldPkgs), ...Object.keys(newPkgs)]);
-  const changes = [];
-  for (const name of [...allNames].sort()) {
-    const inOld = name in oldPkgs;
-    const inNew = name in newPkgs;
-    if (inOld && inNew && oldPkgs[name] === newPkgs[name]) continue;
-    const normalized = normalizeName(name);
-    const isProd = directDeps.prod.has(normalized);
-    const isDev = directDeps.dev.has(normalized) && !isProd;
-    changes.push({
-      name,
-      change_type: !inOld ? "added" : !inNew ? "removed" : "updated",
-      old_version: inOld ? oldPkgs[name] : null,
-      new_version: inNew ? newPkgs[name] : null,
-      is_direct: isProd || isDev,
-      is_dev: isDev
-    });
-  }
-  return changes;
-}
 // src/core/report.ts
 async function buildLockfileEntry(pair, workspace, getBase, getHead) {
   const ecosystem = getEcosystemByName(pair.ecosystemName);
@@ -788,7 +791,7 @@ function gitLsTree(ref) {
 import { execFileSync as execFileSync2 } from "child_process";
 var API_BASE = "https://api.github.com";
 function token() {
-  const t = process.env["GITHUB_TOKEN"];
+  const t = process.env.GITHUB_TOKEN;
   if (!t) throw new Error("GITHUB_TOKEN is required for GitHub API access");
   return t;
 }
@@ -824,7 +827,7 @@ async function getPrShas(prNumber, repo) {
   return { baseRefOid: data.base.sha, headRefOid: data.head.sha };
 }
 function detectRepo() {
-  const fromEnv = process.env["GITHUB_REPOSITORY"];
+  const fromEnv = process.env.GITHUB_REPOSITORY;
   if (fromEnv) return fromEnv;
   try {
     const remote = execFileSync2("git", ["remote", "get-url", "origin"], {
@@ -835,15 +838,17 @@ function detectRepo() {
     if (match) return match[1];
   } catch {
   }
-  throw new Error(
-    "Could not detect GitHub repo \u2014 set GITHUB_REPOSITORY or pass --repo"
-  );
+  throw new Error("Could not detect GitHub repo \u2014 set GITHUB_REPOSITORY or pass --repo");
 }
 // src/index.ts
 async function resolveApiShas(options) {
   if (options.baseSha && options.headSha) {
-    return { baseSha: options.baseSha, headSha: options.headSha, repo: options.repo ?? detectRepo() };
+    return {
+      baseSha: options.baseSha,
+      headSha: options.headSha,
+      repo: options.repo ?? detectRepo()
+    };
   }
   if (options.prNumber) {
     const repo = options.repo ?? detectRepo();