lockdelta 0.1.1 → 0.1.3

package/dist/cli.js

@@ -4,9 +4,6 @@
 import { writeFileSync } from "fs";
 import { Command } from "commander";
 
-// src/index.ts
-import { readFileSync } from "fs";
-
 // src/core/report.ts
 import { posix as posix2 } from "path";
 
@@ -60,7 +57,7 @@ function parseDenoLock(content) {
       const { name, version } = splitSpecifier(specifier);
       const resultKey = key === "jsr" ? `jsr:${name}` : name;
       if (name && version && !result[resultKey]) {
-        result[resultKey] = version;
+        result[resultKey] = { version };
       }
     }
   }
@@ -139,7 +136,7 @@ function parseBunLock(content) {
     if (typeof nameAtVersion !== "string") continue;
     const version = extractVersion(nameAtVersion);
     if (!version || version.startsWith("workspace:")) continue;
-    result[name] = version;
+    result[name] = { version };
   }
   return result;
 }
@@ -174,7 +171,10 @@ function parseV2Packages(packages) {
     const name = key.slice("node_modules/".length);
     const pkgVersion = pkg.version;
     if (pkgVersion && !result[name]) {
-      result[name] = pkgVersion;
+      const entry = { version: pkgVersion };
+      const registryUrl = resolvedToOrigin(pkg.resolved);
+      if (registryUrl !== void 0) entry.registryUrl = registryUrl;
+      result[name] = entry;
     }
   }
   return result;
@@ -182,7 +182,10 @@ function parseV2Packages(packages) {
 function parseV1Dependencies(deps, result = {}) {
   for (const [name, pkg] of Object.entries(deps)) {
     if (pkg.version && !result[name]) {
-      result[name] = pkg.version;
+      const entry = { version: pkg.version };
+      const registryUrl = resolvedToOrigin(pkg.resolved);
+      if (registryUrl !== void 0) entry.registryUrl = registryUrl;
+      result[name] = entry;
     }
     if (pkg.dependencies) {
       parseV1Dependencies(pkg.dependencies, result);
@@ -190,6 +193,14 @@ function parseV1Dependencies(deps, result = {}) {
   }
   return result;
 }
+function resolvedToOrigin(resolved) {
+  if (!resolved) return void 0;
+  try {
+    return new URL(resolved).origin;
+  } catch {
+    return void 0;
+  }
+}
 
 // src/ecosystems/javascript/parsers/pnpm.ts
 import { parse as parseYaml } from "yaml";
@@ -209,7 +220,7 @@ function parseLockfileVersion(v) {
 }
 function parsePnpmV9(packages) {
   const result = {};
-  for (const key of Object.keys(packages)) {
+  for (const [key, value] of Object.entries(packages)) {
     let name;
     let version;
     if (key.startsWith("@")) {
@@ -225,14 +236,18 @@ function parsePnpmV9(packages) {
     }
     version = stripVersionSuffix(version);
     if (name && version && !result[name]) {
-      result[name] = version;
+      const entry = { version };
+      const pkg = value;
+      const registryUrl = pkg?.resolution?.tarball ? resolvedToOrigin2(pkg.resolution.tarball) : void 0;
+      if (registryUrl !== void 0) entry.registryUrl = registryUrl;
+      result[name] = entry;
     }
   }
   return result;
 }
 function parsePnpmLegacy(packages) {
   const result = {};
-  for (const key of Object.keys(packages)) {
+  for (const [key, value] of Object.entries(packages)) {
     const cleaned = key.startsWith("/") ? key.slice(1) : key;
     let name;
     let version;
@@ -263,7 +278,11 @@ function parsePnpmLegacy(packages) {
     }
     version = stripVersionSuffix(version);
     if (name && version && !result[name]) {
-      result[name] = version;
+      const entry = { version };
+      const pkg = value;
+      const registryUrl = pkg?.resolution?.tarball ? resolvedToOrigin2(pkg.resolution.tarball) : void 0;
+      if (registryUrl !== void 0) entry.registryUrl = registryUrl;
+      result[name] = entry;
     }
   }
   return result;
@@ -271,6 +290,13 @@ function parsePnpmLegacy(packages) {
 function stripVersionSuffix(version) {
   return version.split("(")[0].split("_")[0].trim();
 }
+function resolvedToOrigin2(url) {
+  try {
+    return new URL(url).origin;
+  } catch {
+    return void 0;
+  }
+}
 
 // src/ecosystems/javascript/parsers/yarn.ts
 import { parse as parseYaml2 } from "yaml";
@@ -301,7 +327,13 @@ function parseYarnV1(content) {
     const firstSpecifier = headerLine.split(",")[0].trim().replace(/^"|"$/g, "");
     const name = extractNameFromSpecifier(firstSpecifier);
     if (name && !packages[name]) {
-      packages[name] = versionMatch[1];
+      const entry = { version: versionMatch[1] };
+      const resolvedMatch = trimmed.match(/^[ \t]+resolved "([^"]+)"/m);
+      if (resolvedMatch) {
+        const registryUrl = resolvedToOrigin3(resolvedMatch[1]);
+        if (registryUrl !== void 0) entry.registryUrl = registryUrl;
+      }
+      packages[name] = entry;
     }
   }
   return packages;
@@ -312,13 +344,16 @@ function parseYarnBerry(content) {
   for (const [key, value] of Object.entries(data)) {
     if (key === "__metadata") continue;
     if (typeof value !== "object" || !value) continue;
-    const entry = value;
-    if (entry.linkType === "soft") continue;
-    if (!entry.version) continue;
+    const berryEntry = value;
+    if (berryEntry.linkType === "soft") continue;
+    if (!berryEntry.version) continue;
     const cleanKey = key.replace(/^"|"$/g, "");
     const name = extractNameFromBerryKey(cleanKey);
     if (name && !packages[name]) {
-      packages[name] = entry.version;
+      const entry = { version: berryEntry.version };
+      const registryUrl = extractBerryRegistryOrigin(berryEntry.resolution);
+      if (registryUrl !== void 0) entry.registryUrl = registryUrl;
+      packages[name] = entry;
     }
   }
   return packages;
@@ -330,6 +365,23 @@ function extractNameFromBerryKey(key) {
   }
   return key.split("@")[0];
 }
+function extractBerryRegistryOrigin(resolution) {
+  if (!resolution) return void 0;
+  const atIdx = resolution.startsWith("@") ? resolution.indexOf("@", 1) : resolution.indexOf("@");
+  if (atIdx < 0) return void 0;
+  const spec = resolution.slice(atIdx + 1);
+  if (spec.startsWith("http://") || spec.startsWith("https://")) {
+    return resolvedToOrigin3(spec.split("#")[0]);
+  }
+  return void 0;
+}
+function resolvedToOrigin3(url) {
+  try {
+    return new URL(url).origin;
+  } catch {
+    return void 0;
+  }
+}
 
 // src/ecosystems/javascript/index.ts
 var SUPPORTED_LOCKFILES2 = [
@@ -376,7 +428,15 @@ function parseTomlPackages(content) {
     const packages = {};
     for (const pkg of [...data.package ?? [], ...data.packages ?? []]) {
       if (typeof pkg.name === "string" && typeof pkg.version === "string") {
-        packages[pkg.name] = pkg.version;
+        const entry = { version: pkg.version };
+        const sourceUrl = typeof pkg.source?.registry === "string" ? pkg.source.registry : typeof pkg.source?.url === "string" ? pkg.source.url : void 0;
+        if (sourceUrl !== void 0) {
+          try {
+            entry.registryUrl = new URL(sourceUrl).origin;
+          } catch {
+          }
+        }
+        packages[pkg.name] = entry;
       }
     }
     return packages;
@@ -391,7 +451,17 @@ function parseTomlPackagesRegex(content) {
     const nameMatch = block.match(/\nname\s*=\s*"([^"]+)"/);
     const versionMatch = block.match(/\nversion\s*=\s*"([^"]+)"/);
     if (nameMatch && versionMatch) {
-      packages[nameMatch[1]] = versionMatch[1];
+      const entry = { version: versionMatch[1] };
+      const sourceRegistryMatch = block.match(/source\s*=\s*\{[^}]*registry\s*=\s*"([^"]+)"/);
+      const sourceUrlMatch = block.match(/\nurl\s*=\s*"([^"]+)"/);
+      const sourceUrl = sourceRegistryMatch?.[1] ?? sourceUrlMatch?.[1];
+      if (sourceUrl !== void 0) {
+        try {
+          entry.registryUrl = new URL(sourceUrl).origin;
+        } catch {
+        }
+      }
+      packages[nameMatch[1]] = entry;
     }
   }
   return packages;
@@ -542,18 +612,23 @@ function diffPackages(oldPkgs, newPkgs, directDeps, normalizeName) {
   for (const name of [...allNames].sort()) {
     const inOld = name in oldPkgs;
     const inNew = name in newPkgs;
-    if (inOld && inNew && oldPkgs[name] === newPkgs[name]) continue;
+    if (inOld && inNew && oldPkgs[name].version === newPkgs[name].version) continue;
     const normalized = normalizeName(name);
     const isProd = directDeps.prod.has(normalized);
     const isDev = directDeps.dev.has(normalized) && !isProd;
-    changes.push({
+    const change = {
       name,
       change_type: !inOld ? "added" : !inNew ? "removed" : "updated",
-      old_version: inOld ? oldPkgs[name] : null,
-      new_version: inNew ? newPkgs[name] : null,
+      old_version: inOld ? oldPkgs[name].version : null,
+      new_version: inNew ? newPkgs[name].version : null,
       is_direct: isProd || isDev,
       is_dev: isDev
-    });
+    };
+    const oldRegistryUrl = inOld ? oldPkgs[name].registryUrl : void 0;
+    const newRegistryUrl = inNew ? newPkgs[name].registryUrl : void 0;
+    if (oldRegistryUrl !== void 0) change.old_registry_url = oldRegistryUrl;
+    if (newRegistryUrl !== void 0) change.new_registry_url = newRegistryUrl;
+    changes.push(change);
   }
   return changes;
 }
@@ -796,14 +871,29 @@ function gitLsTree(ref) {
 // src/sources/github.ts
 import { execFileSync as execFileSync2 } from "child_process";
 var API_BASE = "https://api.github.com";
-function token() {
-  const t = process.env.GITHUB_TOKEN;
-  if (!t) throw new Error("GITHUB_TOKEN is required for GitHub API access");
-  return t;
+var cachedToken;
+function resolveToken() {
+  if (cachedToken) return cachedToken;
+  if (process.env.GITHUB_TOKEN) {
+    cachedToken = process.env.GITHUB_TOKEN;
+    return cachedToken;
+  }
+  try {
+    const t = execFileSync2("gh", ["auth", "token"], {
+      encoding: "utf-8",
+      stdio: ["pipe", "pipe", "pipe"]
+    }).trim();
+    if (t) {
+      cachedToken = t;
+      return cachedToken;
+    }
+  } catch {
+  }
+  throw new Error("No GitHub token found. Set GITHUB_TOKEN or run `gh auth login`.");
 }
 function headers(accept = "application/vnd.github+json") {
   return {
-    Authorization: `Bearer ${token()}`,
+    Authorization: `Bearer ${resolveToken()}`,
     Accept: accept,
     "X-GitHub-Api-Version": "2022-11-28"
   };
@@ -847,6 +937,16 @@ function detectRepo() {
   throw new Error("Could not detect GitHub repo \u2014 set GITHUB_REPOSITORY or pass --repo");
 }
 
+// src/sources/local.ts
+import { readFileSync } from "fs";
+function readLocalFile(path) {
+  try {
+    return readFileSync(path, "utf-8");
+  } catch {
+    return null;
+  }
+}
+
 // src/index.ts
 async function resolveApiShas(options) {
   if (options.baseSha && options.headSha) {
@@ -868,15 +968,8 @@ async function run(options = {}) {
   if (options.oldFile && options.newFile) {
     const oldPath = options.oldFile;
     const newPath = options.newFile;
-    const readLocal = (filePath) => {
-      try {
-        return readFileSync(filePath, "utf-8");
-      } catch {
-        return null;
-      }
-    };
-    const getBase2 = (path) => Promise.resolve(path === oldPath ? readLocal(oldPath) : null);
-    const getHead2 = (path) => Promise.resolve(path === newPath ? readLocal(newPath) : null);
+    const getBase2 = (path) => Promise.resolve(path === oldPath ? readLocalFile(oldPath) : null);
+    const getHead2 = (path) => Promise.resolve(path === newPath ? readLocalFile(newPath) : null);
     const lockfiles2 = await collectLockfileEntries({
       getBase: getBase2,
       getHead: getHead2,