lockdelta 0.1.0 → 0.1.2

package/dist/cli.js

@@ -4,158 +4,151 @@
 import { writeFileSync } from "fs";
 import { Command } from "commander";
 
-// src/index.ts
-import { readFileSync } from "fs";
-
 // src/core/report.ts
 import { posix as posix2 } from "path";
 
-// src/ecosystems/python/parsers/toml.ts
-import { parse } from "smol-toml";
-function parseTomlPackages(content) {
-  try {
-    const data = parse(content);
-    const packages = {};
-    for (const pkg of [...data.package ?? [], ...data.packages ?? []]) {
-      if (typeof pkg.name === "string" && typeof pkg.version === "string") {
-        packages[pkg.name] = pkg.version;
-      }
-    }
-    return packages;
-  } catch {
-    return parseTomlPackagesRegex(content);
-  }
-}
-function parseTomlPackagesRegex(content) {
-  const packages = {};
-  const blocks = content.split(/\[\[packages?\]\]/);
-  for (const block of blocks) {
-    const nameMatch = block.match(/\nname\s*=\s*"([^"]+)"/);
-    const versionMatch = block.match(/\nversion\s*=\s*"([^"]+)"/);
-    if (nameMatch && versionMatch) {
-      packages[nameMatch[1]] = versionMatch[1];
-    }
-  }
-  return packages;
-}
-
-// src/ecosystems/python/pyproject.ts
-import { parse as parse2 } from "smol-toml";
-function normalizePythonName(name) {
-  return name.toLowerCase().replace(/[-_.]+/g, "_");
-}
-function extractPkgName(dep) {
-  const match = String(dep).match(/^([\w][\w.-]*)/);
-  return match ? normalizePythonName(match[1]) : null;
+// src/ecosystems/deno/deno-json.ts
+function normalizeDenoName(name) {
+  return name.toLowerCase();
 }
 function parseDirectDeps(content) {
   const prod = /* @__PURE__ */ new Set();
-  const dev = /* @__PURE__ */ new Set();
   let data;
   try {
-    data = parse2(content);
+    data = JSON.parse(content);
   } catch {
-    return { prod, dev };
-  }
-  const project = data["project"];
-  const pep517Deps = project?.["dependencies"];
-  if (Array.isArray(pep517Deps)) {
-    for (const dep of pep517Deps) {
-      const name = extractPkgName(dep);
-      if (name) prod.add(name);
-    }
+    return { prod, dev: /* @__PURE__ */ new Set() };
   }
-  const optDeps = project?.["optional-dependencies"];
-  if (optDeps && typeof optDeps === "object") {
-    for (const group of Object.values(optDeps)) {
-      if (Array.isArray(group)) {
-        for (const dep of group) {
-          const name = extractPkgName(dep);
-          if (name && !prod.has(name)) dev.add(name);
-        }
-      }
+  const imports = data.imports;
+  if (imports) {
+    for (const specifier of Object.values(imports)) {
+      const name = extractPackageName(specifier);
+      if (name) prod.add(normalizeDenoName(name));
     }
   }
-  const tool = data["tool"];
-  const poetry = tool?.["poetry"];
-  if (poetry) {
-    const poetryDeps = poetry["dependencies"];
-    if (poetryDeps) {
-      for (const key of Object.keys(poetryDeps)) {
-        if (key.toLowerCase() !== "python") prod.add(normalizePythonName(key));
-      }
-    }
-    const devDeps = poetry["dev-dependencies"];
-    if (devDeps) {
-      for (const key of Object.keys(devDeps)) {
-        const normalized = normalizePythonName(key);
-        if (!prod.has(normalized)) dev.add(normalized);
-      }
-    }
-    const groups = poetry["group"];
-    if (groups) {
-      for (const group of Object.values(groups)) {
-        const groupDeps = group["dependencies"];
-        if (groupDeps) {
-          for (const key of Object.keys(groupDeps)) {
-            const normalized = normalizePythonName(key);
-            if (!prod.has(normalized)) dev.add(normalized);
-          }
-        }
-      }
-    }
+  const workspace = data.workspace;
+  for (const specifier of workspace?.dependencies ?? []) {
+    const name = extractPackageName(specifier);
+    if (name) prod.add(normalizeDenoName(name));
   }
-  const uv = tool?.["uv"];
-  const uvDevDeps = uv?.["dev-dependencies"];
-  if (Array.isArray(uvDevDeps)) {
-    for (const dep of uvDevDeps) {
-      const name = extractPkgName(dep);
-      if (name && !prod.has(name)) dev.add(name);
-    }
+  return { prod, dev: /* @__PURE__ */ new Set() };
+}
+function extractPackageName(specifier) {
+  const withoutProtocol = specifier.replace(/^(?:npm|jsr|node):/, "");
+  if (specifier.startsWith("node:")) return null;
+  if (withoutProtocol.startsWith("@")) {
+    const atIdx2 = withoutProtocol.indexOf("@", 1);
+    return atIdx2 > 0 ? withoutProtocol.slice(0, atIdx2) : withoutProtocol;
   }
-  const depGroups = data["dependency-groups"];
-  if (depGroups && typeof depGroups === "object") {
-    for (const group of Object.values(depGroups)) {
-      if (Array.isArray(group)) {
-        for (const entry of group) {
-          if (typeof entry === "string") {
-            const name = extractPkgName(entry);
-            if (name && !prod.has(name)) dev.add(name);
-          }
-        }
+  const atIdx = withoutProtocol.indexOf("@");
+  return atIdx > 0 ? withoutProtocol.slice(0, atIdx) : withoutProtocol || null;
+}
+
+// src/ecosystems/deno/parsers/deno-lock.ts
+function parseDenoLock(content) {
+  const data = JSON.parse(content);
+  const result = {};
+  for (const [key, registry2] of [
+    ["npm", data.packages?.npm],
+    ["jsr", data.packages?.jsr]
+  ]) {
+    if (!registry2) continue;
+    for (const specifier of Object.keys(registry2)) {
+      const { name, version } = splitSpecifier(specifier);
+      const resultKey = key === "jsr" ? `jsr:${name}` : name;
+      if (name && version && !result[resultKey]) {
+        result[resultKey] = version;
       }
     }
   }
-  return { prod, dev };
+  return result;
+}
+function splitSpecifier(specifier) {
+  if (specifier.startsWith("@")) {
+    const atIdx2 = specifier.indexOf("@", 1);
+    if (atIdx2 < 0) return { name: specifier, version: "" };
+    return { name: specifier.slice(0, atIdx2), version: specifier.slice(atIdx2 + 1) };
+  }
+  const atIdx = specifier.indexOf("@");
+  if (atIdx < 0) return { name: specifier, version: "" };
+  return { name: specifier.slice(0, atIdx), version: specifier.slice(atIdx + 1) };
 }
 
-// src/ecosystems/python/index.ts
-var SUPPORTED_LOCKFILES = [
-  { filename: "uv.lock", type: "uv" },
-  { filename: "poetry.lock", type: "poetry" },
-  { filename: "pdm.lock", type: "pdm" },
-  { filename: "pylock.toml", type: "pylock" }
-  // PEP 751
-];
-var lockfileTypeMap = new Map(SUPPORTED_LOCKFILES.map((l) => [l.filename, l.type]));
-var pythonEcosystem = {
-  name: "python",
+// src/ecosystems/deno/index.ts
+var SUPPORTED_LOCKFILES = [{ filename: "deno.lock", type: "deno" }];
+var denoEcosystem = {
+  name: "deno",
   supportedLockfiles: SUPPORTED_LOCKFILES,
-  manifestName: "pyproject.toml",
+  manifestName: "deno.json",
   getLockfileType(filename) {
-    return lockfileTypeMap.get(filename);
+    return filename === "deno.lock" ? "deno" : void 0;
   },
   parseLockfile(content, _lockfileType) {
-    return parseTomlPackages(content);
+    return parseDenoLock(content);
   },
   parseDirectDeps(manifestContent) {
     return parseDirectDeps(manifestContent);
   },
   normalizeName(name) {
-    return normalizePythonName(name);
+    return normalizeDenoName(name);
   }
 };
 
+// src/ecosystems/javascript/package-json.ts
+var PROD_SECTIONS = ["dependencies", "optionalDependencies", "peerDependencies"];
+function normalizeJsName(name) {
+  return name.toLowerCase();
+}
+function parseDirectDeps2(content) {
+  const prod = /* @__PURE__ */ new Set();
+  const dev = /* @__PURE__ */ new Set();
+  let data;
+  try {
+    data = JSON.parse(content);
+  } catch {
+    return { prod, dev };
+  }
+  for (const section of PROD_SECTIONS) {
+    const deps = data[section];
+    if (deps && typeof deps === "object") {
+      for (const name of Object.keys(deps)) {
+        prod.add(normalizeJsName(name));
+      }
+    }
+  }
+  const devDeps = data.devDependencies;
+  if (devDeps && typeof devDeps === "object") {
+    for (const name of Object.keys(devDeps)) {
+      const normalized = normalizeJsName(name);
+      if (!prod.has(normalized)) dev.add(normalized);
+    }
+  }
+  return { prod, dev };
+}
+
+// src/ecosystems/javascript/parsers/bun.ts
+function parseBunLock(content) {
+  const data = JSON.parse(content);
+  const result = {};
+  for (const [name, entry] of Object.entries(data.packages ?? {})) {
+    if (!Array.isArray(entry)) continue;
+    const nameAtVersion = entry[0];
+    if (typeof nameAtVersion !== "string") continue;
+    const version = extractVersion(nameAtVersion);
+    if (!version || version.startsWith("workspace:")) continue;
+    result[name] = version;
+  }
+  return result;
+}
+function extractVersion(nameAtVersion) {
+  if (nameAtVersion.startsWith("@")) {
+    const atIdx2 = nameAtVersion.indexOf("@", 1);
+    return atIdx2 > 0 ? nameAtVersion.slice(atIdx2 + 1) : "";
+  }
+  const atIdx = nameAtVersion.indexOf("@");
+  return atIdx > 0 ? nameAtVersion.slice(atIdx + 1) : "";
+}
+
 // src/ecosystems/javascript/parsers/npm.ts
 function parseNpmLock(content) {
   const data = JSON.parse(content);
@@ -195,69 +188,10 @@ function parseV1Dependencies(deps, result = {}) {
   return result;
 }
 
-// src/ecosystems/javascript/parsers/yarn.ts
-import { parse as parseYaml } from "yaml";
-function parseYarnLock(content) {
-  return isYarnBerry(content) ? parseYarnBerry(content) : parseYarnV1(content);
-}
-function isYarnBerry(content) {
-  return content.includes("__metadata:");
-}
-function extractNameFromSpecifier(spec) {
-  const trimmed = spec.trim().replace(/^"|"$/g, "");
-  if (trimmed.startsWith("@")) {
-    const idx = trimmed.indexOf("@", 1);
-    return idx > 0 ? trimmed.slice(0, idx) : trimmed;
-  }
-  const atIdx = trimmed.indexOf("@");
-  return atIdx > 0 ? trimmed.slice(0, atIdx) : trimmed;
-}
-function parseYarnV1(content) {
-  const packages = {};
-  const blocks = content.split(/\n\n+/);
-  for (const block of blocks) {
-    const trimmed = block.trim();
-    if (!trimmed || trimmed.startsWith("#")) continue;
-    const versionMatch = trimmed.match(/^[ \t]+version "([^"]+)"/m);
-    if (!versionMatch) continue;
-    const headerLine = trimmed.split("\n")[0].trim().replace(/:$/, "");
-    const firstSpecifier = headerLine.split(",")[0].trim().replace(/^"|"$/g, "");
-    const name = extractNameFromSpecifier(firstSpecifier);
-    if (name && !packages[name]) {
-      packages[name] = versionMatch[1];
-    }
-  }
-  return packages;
-}
-function parseYarnBerry(content) {
-  const data = parseYaml(content);
-  const packages = {};
-  for (const [key, value] of Object.entries(data)) {
-    if (key === "__metadata") continue;
-    if (typeof value !== "object" || !value) continue;
-    const entry = value;
-    if (entry.linkType === "soft") continue;
-    if (!entry.version) continue;
-    const cleanKey = key.replace(/^"|"$/g, "");
-    const name = extractNameFromBerryKey(cleanKey);
-    if (name && !packages[name]) {
-      packages[name] = entry.version;
-    }
-  }
-  return packages;
-}
-function extractNameFromBerryKey(key) {
-  if (key.startsWith("@")) {
-    const idx = key.indexOf("@", 1);
-    return idx > 0 ? key.slice(0, idx) : key;
-  }
-  return key.split("@")[0];
-}
-
 // src/ecosystems/javascript/parsers/pnpm.ts
-import { parse as parseYaml2 } from "yaml";
+import { parse as parseYaml } from "yaml";
 function parsePnpmLock(content) {
-  const data = parseYaml2(content);
+  const data = parseYaml(content);
   if (!data?.packages) return {};
   const lockfileVersion = parseLockfileVersion(data.lockfileVersion);
   if (lockfileVersion >= 9) {
@@ -267,13 +201,14 @@ function parsePnpmLock(content) {
 }
 function parseLockfileVersion(v) {
   if (typeof v === "number") return v;
-  if (typeof v === "string") return parseFloat(v);
+  if (typeof v === "string") return Number.parseFloat(v);
   return 0;
 }
 function parsePnpmV9(packages) {
   const result = {};
   for (const key of Object.keys(packages)) {
-    let name, version;
+    let name;
+    let version;
     if (key.startsWith("@")) {
       const atIdx = key.indexOf("@", 1);
       if (atIdx < 0) continue;
@@ -296,7 +231,8 @@ function parsePnpmLegacy(packages) {
   const result = {};
   for (const key of Object.keys(packages)) {
     const cleaned = key.startsWith("/") ? key.slice(1) : key;
-    let name, version;
+    let name;
+    let version;
     if (cleaned.startsWith("@")) {
       const secondSlash = cleaned.indexOf("/", cleaned.indexOf("/") + 1);
       const secondAt = cleaned.indexOf("@", 1);
@@ -333,59 +269,63 @@ function stripVersionSuffix(version) {
   return version.split("(")[0].split("_")[0].trim();
 }
 
-// src/ecosystems/javascript/parsers/bun.ts
-function parseBunLock(content) {
-  const data = JSON.parse(content);
-  const result = {};
-  for (const [name, entry] of Object.entries(data.packages ?? {})) {
-    if (!Array.isArray(entry)) continue;
-    const nameAtVersion = entry[0];
-    if (typeof nameAtVersion !== "string") continue;
-    const version = extractVersion(nameAtVersion);
-    if (!version || version.startsWith("workspace:")) continue;
-    result[name] = version;
-  }
-  return result;
-}
-function extractVersion(nameAtVersion) {
-  if (nameAtVersion.startsWith("@")) {
-    const atIdx2 = nameAtVersion.indexOf("@", 1);
-    return atIdx2 > 0 ? nameAtVersion.slice(atIdx2 + 1) : "";
-  }
-  const atIdx = nameAtVersion.indexOf("@");
-  return atIdx > 0 ? nameAtVersion.slice(atIdx + 1) : "";
+// src/ecosystems/javascript/parsers/yarn.ts
+import { parse as parseYaml2 } from "yaml";
+function parseYarnLock(content) {
+  return isYarnBerry(content) ? parseYarnBerry(content) : parseYarnV1(content);
 }
-
-// src/ecosystems/javascript/package-json.ts
-var PROD_SECTIONS = ["dependencies", "optionalDependencies", "peerDependencies"];
-function normalizeJsName(name) {
-  return name.toLowerCase();
+function isYarnBerry(content) {
+  return content.includes("__metadata:");
 }
-function parseDirectDeps2(content) {
-  const prod = /* @__PURE__ */ new Set();
-  const dev = /* @__PURE__ */ new Set();
-  let data;
-  try {
-    data = JSON.parse(content);
-  } catch {
-    return { prod, dev };
+function extractNameFromSpecifier(spec) {
+  const trimmed = spec.trim().replace(/^"|"$/g, "");
+  if (trimmed.startsWith("@")) {
+    const idx = trimmed.indexOf("@", 1);
+    return idx > 0 ? trimmed.slice(0, idx) : trimmed;
   }
-  for (const section of PROD_SECTIONS) {
-    const deps = data[section];
-    if (deps && typeof deps === "object") {
-      for (const name of Object.keys(deps)) {
-        prod.add(normalizeJsName(name));
-      }
+  const atIdx = trimmed.indexOf("@");
+  return atIdx > 0 ? trimmed.slice(0, atIdx) : trimmed;
+}
+function parseYarnV1(content) {
+  const packages = {};
+  const blocks = content.split(/\n\n+/);
+  for (const block of blocks) {
+    const trimmed = block.trim();
+    if (!trimmed || trimmed.startsWith("#")) continue;
+    const versionMatch = trimmed.match(/^[ \t]+version "([^"]+)"/m);
+    if (!versionMatch) continue;
+    const headerLine = trimmed.split("\n")[0].trim().replace(/:$/, "");
+    const firstSpecifier = headerLine.split(",")[0].trim().replace(/^"|"$/g, "");
+    const name = extractNameFromSpecifier(firstSpecifier);
+    if (name && !packages[name]) {
+      packages[name] = versionMatch[1];
     }
   }
-  const devDeps = data["devDependencies"];
-  if (devDeps && typeof devDeps === "object") {
-    for (const name of Object.keys(devDeps)) {
-      const normalized = normalizeJsName(name);
-      if (!prod.has(normalized)) dev.add(normalized);
+  return packages;
+}
+function parseYarnBerry(content) {
+  const data = parseYaml2(content);
+  const packages = {};
+  for (const [key, value] of Object.entries(data)) {
+    if (key === "__metadata") continue;
+    if (typeof value !== "object" || !value) continue;
+    const entry = value;
+    if (entry.linkType === "soft") continue;
+    if (!entry.version) continue;
+    const cleanKey = key.replace(/^"|"$/g, "");
+    const name = extractNameFromBerryKey(cleanKey);
+    if (name && !packages[name]) {
+      packages[name] = entry.version;
     }
   }
-  return { prod, dev };
+  return packages;
+}
+function extractNameFromBerryKey(key) {
+  if (key.startsWith("@")) {
+    const idx = key.indexOf("@", 1);
+    return idx > 0 ? key.slice(0, idx) : key;
+  }
+  return key.split("@")[0];
 }
 
 // src/ecosystems/javascript/index.ts
@@ -395,13 +335,13 @@ var SUPPORTED_LOCKFILES2 = [
   { filename: "pnpm-lock.yaml", type: "pnpm" },
   { filename: "bun.lock", type: "bun" }
 ];
-var lockfileTypeMap2 = new Map(SUPPORTED_LOCKFILES2.map((l) => [l.filename, l.type]));
+var lockfileTypeMap = new Map(SUPPORTED_LOCKFILES2.map((l) => [l.filename, l.type]));
 var javascriptEcosystem = {
   name: "javascript",
   supportedLockfiles: SUPPORTED_LOCKFILES2,
   manifestName: "package.json",
   getLockfileType(filename) {
-    return lockfileTypeMap2.get(filename);
+    return lockfileTypeMap.get(filename);
   },
   parseLockfile(content, lockfileType) {
     switch (lockfileType) {
@@ -425,90 +365,149 @@ var javascriptEcosystem = {
   }
 };
 
-// src/ecosystems/deno/parsers/deno-lock.ts
-function parseDenoLock(content) {
-  const data = JSON.parse(content);
-  const result = {};
-  for (const [key, registry2] of [
-    ["npm", data.packages?.npm],
-    ["jsr", data.packages?.jsr]
-  ]) {
-    if (!registry2) continue;
-    for (const specifier of Object.keys(registry2)) {
-      const { name, version } = splitSpecifier(specifier);
-      const resultKey = key === "jsr" ? `jsr:${name}` : name;
-      if (name && version && !result[resultKey]) {
-        result[resultKey] = version;
+// src/ecosystems/python/parsers/toml.ts
+import { parse } from "smol-toml";
+function parseTomlPackages(content) {
+  try {
+    const data = parse(content);
+    const packages = {};
+    for (const pkg of [...data.package ?? [], ...data.packages ?? []]) {
+      if (typeof pkg.name === "string" && typeof pkg.version === "string") {
+        packages[pkg.name] = pkg.version;
       }
     }
+    return packages;
+  } catch {
+    return parseTomlPackagesRegex(content);
   }
-  return result;
 }
-function splitSpecifier(specifier) {
-  if (specifier.startsWith("@")) {
-    const atIdx2 = specifier.indexOf("@", 1);
-    if (atIdx2 < 0) return { name: specifier, version: "" };
-    return { name: specifier.slice(0, atIdx2), version: specifier.slice(atIdx2 + 1) };
+function parseTomlPackagesRegex(content) {
+  const packages = {};
+  const blocks = content.split(/\[\[packages?\]\]/);
+  for (const block of blocks) {
+    const nameMatch = block.match(/\nname\s*=\s*"([^"]+)"/);
+    const versionMatch = block.match(/\nversion\s*=\s*"([^"]+)"/);
+    if (nameMatch && versionMatch) {
+      packages[nameMatch[1]] = versionMatch[1];
+    }
   }
-  const atIdx = specifier.indexOf("@");
-  if (atIdx < 0) return { name: specifier, version: "" };
-  return { name: specifier.slice(0, atIdx), version: specifier.slice(atIdx + 1) };
+  return packages;
 }
 
-// src/ecosystems/deno/deno-json.ts
-function normalizeDenoName(name) {
-  return name.toLowerCase();
+// src/ecosystems/python/pyproject.ts
+import { parse as parse2 } from "smol-toml";
+function normalizePythonName(name) {
+  return name.toLowerCase().replace(/[-_.]+/g, "_");
+}
+function extractPkgName(dep) {
+  const match = String(dep).match(/^([\w][\w.-]*)/);
+  return match ? normalizePythonName(match[1]) : null;
 }
 function parseDirectDeps3(content) {
   const prod = /* @__PURE__ */ new Set();
+  const dev = /* @__PURE__ */ new Set();
   let data;
   try {
-    data = JSON.parse(content);
+    data = parse2(content);
   } catch {
-    return { prod, dev: /* @__PURE__ */ new Set() };
+    return { prod, dev };
   }
-  const imports = data["imports"];
-  if (imports) {
-    for (const specifier of Object.values(imports)) {
-      const name = extractPackageName(specifier);
-      if (name) prod.add(normalizeDenoName(name));
+  const project = data.project;
+  const pep517Deps = project?.dependencies;
+  if (Array.isArray(pep517Deps)) {
+    for (const dep of pep517Deps) {
+      const name = extractPkgName(dep);
+      if (name) prod.add(name);
     }
   }
-  const workspace = data["workspace"];
-  for (const specifier of workspace?.dependencies ?? []) {
-    const name = extractPackageName(specifier);
-    if (name) prod.add(normalizeDenoName(name));
+  const optDeps = project?.["optional-dependencies"];
+  if (optDeps && typeof optDeps === "object") {
+    for (const group of Object.values(optDeps)) {
+      if (Array.isArray(group)) {
+        for (const dep of group) {
+          const name = extractPkgName(dep);
+          if (name && !prod.has(name)) dev.add(name);
+        }
+      }
+    }
   }
-  return { prod, dev: /* @__PURE__ */ new Set() };
-}
-function extractPackageName(specifier) {
-  const withoutProtocol = specifier.replace(/^(?:npm|jsr|node):/, "");
-  if (specifier.startsWith("node:")) return null;
-  if (withoutProtocol.startsWith("@")) {
-    const atIdx2 = withoutProtocol.indexOf("@", 1);
-    return atIdx2 > 0 ? withoutProtocol.slice(0, atIdx2) : withoutProtocol;
+  const tool = data.tool;
+  const poetry = tool?.poetry;
+  if (poetry) {
+    const poetryDeps = poetry.dependencies;
+    if (poetryDeps) {
+      for (const key of Object.keys(poetryDeps)) {
+        if (key.toLowerCase() !== "python") prod.add(normalizePythonName(key));
+      }
+    }
+    const devDeps = poetry["dev-dependencies"];
+    if (devDeps) {
+      for (const key of Object.keys(devDeps)) {
+        const normalized = normalizePythonName(key);
+        if (!prod.has(normalized)) dev.add(normalized);
+      }
+    }
+    const groups = poetry.group;
+    if (groups) {
+      for (const group of Object.values(groups)) {
+        const groupDeps = group.dependencies;
+        if (groupDeps) {
+          for (const key of Object.keys(groupDeps)) {
+            const normalized = normalizePythonName(key);
+            if (!prod.has(normalized)) dev.add(normalized);
+          }
+        }
+      }
+    }
   }
-  const atIdx = withoutProtocol.indexOf("@");
-  return atIdx > 0 ? withoutProtocol.slice(0, atIdx) : withoutProtocol || null;
+  const uv = tool?.uv;
+  const uvDevDeps = uv?.["dev-dependencies"];
+  if (Array.isArray(uvDevDeps)) {
+    for (const dep of uvDevDeps) {
+      const name = extractPkgName(dep);
+      if (name && !prod.has(name)) dev.add(name);
+    }
+  }
+  const depGroups = data["dependency-groups"];
+  if (depGroups && typeof depGroups === "object") {
+    for (const group of Object.values(depGroups)) {
+      if (Array.isArray(group)) {
+        for (const entry of group) {
+          if (typeof entry === "string") {
+            const name = extractPkgName(entry);
+            if (name && !prod.has(name)) dev.add(name);
+          }
+        }
+      }
+    }
+  }
+  return { prod, dev };
 }
 
-// src/ecosystems/deno/index.ts
-var SUPPORTED_LOCKFILES3 = [{ filename: "deno.lock", type: "deno" }];
-var denoEcosystem = {
-  name: "deno",
+// src/ecosystems/python/index.ts
+var SUPPORTED_LOCKFILES3 = [
+  { filename: "uv.lock", type: "uv" },
+  { filename: "poetry.lock", type: "poetry" },
+  { filename: "pdm.lock", type: "pdm" },
+  { filename: "pylock.toml", type: "pylock" }
+  // PEP 751
+];
+var lockfileTypeMap2 = new Map(SUPPORTED_LOCKFILES3.map((l) => [l.filename, l.type]));
+var pythonEcosystem = {
+  name: "python",
   supportedLockfiles: SUPPORTED_LOCKFILES3,
-  manifestName: "deno.json",
+  manifestName: "pyproject.toml",
   getLockfileType(filename) {
-    return filename === "deno.lock" ? "deno" : void 0;
+    return lockfileTypeMap2.get(filename);
   },
   parseLockfile(content, _lockfileType) {
-    return parseDenoLock(content);
+    return parseTomlPackages(content);
   },
   parseDirectDeps(manifestContent) {
     return parseDirectDeps3(manifestContent);
   },
   normalizeName(name) {
-    return normalizeDenoName(name);
+    return normalizePythonName(name);
   }
 };
 
@@ -533,6 +532,29 @@ registerEcosystem(pythonEcosystem);
 registerEcosystem(javascriptEcosystem);
 registerEcosystem(denoEcosystem);
 
+// src/core/diff.ts
+function diffPackages(oldPkgs, newPkgs, directDeps, normalizeName) {
+  const allNames = /* @__PURE__ */ new Set([...Object.keys(oldPkgs), ...Object.keys(newPkgs)]);
+  const changes = [];
+  for (const name of [...allNames].sort()) {
+    const inOld = name in oldPkgs;
+    const inNew = name in newPkgs;
+    if (inOld && inNew && oldPkgs[name] === newPkgs[name]) continue;
+    const normalized = normalizeName(name);
+    const isProd = directDeps.prod.has(normalized);
+    const isDev = directDeps.dev.has(normalized) && !isProd;
+    changes.push({
+      name,
+      change_type: !inOld ? "added" : !inNew ? "removed" : "updated",
+      old_version: inOld ? oldPkgs[name] : null,
+      new_version: inNew ? newPkgs[name] : null,
+      is_direct: isProd || isDev,
+      is_dev: isDev
+    });
+  }
+  return changes;
+}
+
 // src/core/discovery.ts
 import { posix } from "path";
 function workspaceFromPath(filePath) {
@@ -596,6 +618,7 @@ function resolveLockfilePair(baseFiles, headFiles) {
       basePath: chosen.path,
       baseType: chosen.type,
       headPath: chosen.path,
+      // biome-ignore lint/style/noNonNullAssertion: path is guaranteed present (comes from common set)
       headType: headByPath.get(chosen.path).type,
       migrationNote: null,
       ecosystemName: chosen.ecosystemName
@@ -638,29 +661,6 @@ function resolveLockfilePair(baseFiles, headFiles) {
   return null;
 }
 
-// src/core/diff.ts
-function diffPackages(oldPkgs, newPkgs, directDeps, normalizeName) {
-  const allNames = /* @__PURE__ */ new Set([...Object.keys(oldPkgs), ...Object.keys(newPkgs)]);
-  const changes = [];
-  for (const name of [...allNames].sort()) {
-    const inOld = name in oldPkgs;
-    const inNew = name in newPkgs;
-    if (inOld && inNew && oldPkgs[name] === newPkgs[name]) continue;
-    const normalized = normalizeName(name);
-    const isProd = directDeps.prod.has(normalized);
-    const isDev = directDeps.dev.has(normalized) && !isProd;
-    changes.push({
-      name,
-      change_type: !inOld ? "added" : !inNew ? "removed" : "updated",
-      old_version: inOld ? oldPkgs[name] : null,
-      new_version: inNew ? newPkgs[name] : null,
-      is_direct: isProd || isDev,
-      is_dev: isDev
-    });
-  }
-  return changes;
-}
-
 // src/core/report.ts
 async function buildLockfileEntry(pair, workspace, getBase, getHead) {
   const ecosystem = getEcosystemByName(pair.ecosystemName);
@@ -793,14 +793,29 @@ function gitLsTree(ref) {
 // src/sources/github.ts
 import { execFileSync as execFileSync2 } from "child_process";
 var API_BASE = "https://api.github.com";
-function token() {
-  const t = process.env["GITHUB_TOKEN"];
-  if (!t) throw new Error("GITHUB_TOKEN is required for GitHub API access");
-  return t;
+var cachedToken;
+function resolveToken() {
+  if (cachedToken) return cachedToken;
+  if (process.env.GITHUB_TOKEN) {
+    cachedToken = process.env.GITHUB_TOKEN;
+    return cachedToken;
+  }
+  try {
+    const t = execFileSync2("gh", ["auth", "token"], {
+      encoding: "utf-8",
+      stdio: ["pipe", "pipe", "pipe"]
+    }).trim();
+    if (t) {
+      cachedToken = t;
+      return cachedToken;
+    }
+  } catch {
+  }
+  throw new Error("No GitHub token found. Set GITHUB_TOKEN or run `gh auth login`.");
 }
 function headers(accept = "application/vnd.github+json") {
   return {
-    Authorization: `Bearer ${token()}`,
+    Authorization: `Bearer ${resolveToken()}`,
     Accept: accept,
     "X-GitHub-Api-Version": "2022-11-28"
   };
@@ -830,7 +845,7 @@ async function getPrShas(prNumber, repo) {
   return { baseRefOid: data.base.sha, headRefOid: data.head.sha };
 }
 function detectRepo() {
-  const fromEnv = process.env["GITHUB_REPOSITORY"];
+  const fromEnv = process.env.GITHUB_REPOSITORY;
   if (fromEnv) return fromEnv;
   try {
     const remote = execFileSync2("git", ["remote", "get-url", "origin"], {
@@ -841,15 +856,27 @@ function detectRepo() {
     if (match) return match[1];
   } catch {
   }
-  throw new Error(
-    "Could not detect GitHub repo \u2014 set GITHUB_REPOSITORY or pass --repo"
-  );
+  throw new Error("Could not detect GitHub repo \u2014 set GITHUB_REPOSITORY or pass --repo");
+}
+
+// src/sources/local.ts
+import { readFileSync } from "fs";
+function readLocalFile(path) {
+  try {
+    return readFileSync(path, "utf-8");
+  } catch {
+    return null;
+  }
 }
 
 // src/index.ts
 async function resolveApiShas(options) {
   if (options.baseSha && options.headSha) {
-    return { baseSha: options.baseSha, headSha: options.headSha, repo: options.repo ?? detectRepo() };
+    return {
+      baseSha: options.baseSha,
+      headSha: options.headSha,
+      repo: options.repo ?? detectRepo()
+    };
   }
   if (options.prNumber) {
     const repo = options.repo ?? detectRepo();
@@ -863,15 +890,8 @@ async function run(options = {}) {
   if (options.oldFile && options.newFile) {
     const oldPath = options.oldFile;
     const newPath = options.newFile;
-    const readLocal = (filePath) => {
-      try {
-        return readFileSync(filePath, "utf-8");
-      } catch {
-        return null;
-      }
-    };
-    const getBase2 = (path) => Promise.resolve(path === oldPath ? readLocal(oldPath) : null);
-    const getHead2 = (path) => Promise.resolve(path === newPath ? readLocal(newPath) : null);
+    const getBase2 = (path) => Promise.resolve(path === oldPath ? readLocalFile(oldPath) : null);
+    const getHead2 = (path) => Promise.resolve(path === newPath ? readLocalFile(newPath) : null);
     const lockfiles2 = await collectLockfileEntries({
       getBase: getBase2,
       getHead: getHead2,
@@ -924,22 +944,22 @@ async function run(options = {}) {
 
 // src/cli.ts
 var program = new Command();
-program.name("depdiff").description("Diff dependency lockfiles between git refs, PRs, or local files").version("0.1.0").option(
+program.name("lockdelta").description("Diff dependency lockfiles between git refs, PRs, or local files").version("0.1.0").option(
   "--base <ref>",
   'Base git ref (default: HEAD~1). In CI, reads GITHUB_BASE_REF \u2014 may need "origin/" prefix.',
-  process.env["GITHUB_BASE_REF"]
+  process.env.GITHUB_BASE_REF
 ).option(
   "--head <ref>",
   "Head git ref (default: HEAD). In CI, reads GITHUB_HEAD_REF.",
-  process.env["GITHUB_HEAD_REF"]
+  process.env.GITHUB_HEAD_REF
 ).option(
   "--pr <number>",
   "GitHub PR number. Fetches exact SHAs via gh CLI.",
-  process.env["GITHUB_PR_NUMBER"]
+  process.env.GITHUB_PR_NUMBER
 ).option(
   "--repo <owner/name>",
   "GitHub repo in OWNER/NAME format. Auto-detected if omitted.",
-  process.env["GITHUB_REPOSITORY"]
+  process.env.GITHUB_REPOSITORY
 ).option("--lockfile <path>", "Specific lockfile path. Auto-discovers all lockfiles if omitted.").option("--type <type>", "Force lockfile type: uv, poetry, pdm. Only used with --lockfile.").option("--old <path>", "Old lockfile path (local file comparison mode).").option("--new <path>", "New lockfile path (local file comparison mode).").option("--output <path>", "Write JSON report to file instead of stdout.").action(async (opts) => {
   try {
     const report = await run({
@@ -954,7 +974,8 @@ program.name("depdiff").description("Diff dependency lockfiles between git refs,
       onNote: (msg) => process.stderr.write(`Note: ${msg}
 `)
     });
-    const json = JSON.stringify(report, null, 2) + "\n";
+    const json = `${JSON.stringify(report, null, 2)}
+`;
     if (opts.output) {
       writeFileSync(opts.output, json, "utf-8");
       process.stderr.write(`Report written to ${opts.output}