lockfile-subset 1.1.0 → 1.2.0

package/dist/index.mjs

@@ -146,17 +146,216 @@ async function extractPnpmSubset({ projectPath, packageNames, includeOptional =
 	};
 }
 //#endregion
+//#region src/extract-yarn.ts
+const { parse: parseYarnLockV1, stringify: stringifyYarnLockV1 } = createRequire(import.meta.url)("@yarnpkg/lockfile");
+function detectYarnVersion(content) {
+	return content.includes("# yarn lockfile v1") ? 1 : 2;
+}
+function extractV1({ projectPath, packageNames, includeOptional, lockfileContent }) {
+	const parsed = parseYarnLockV1(lockfileContent);
+	if (parsed.type !== "success") throw new Error(`Failed to parse yarn.lock: ${parsed.type}`);
+	const lockfile = parsed.object;
+	const pkgJsonPath = join(projectPath, "package.json");
+	const pkgJson = JSON.parse(readFileSync(pkgJsonPath, "utf8"));
+	const allDeps = {
+		...pkgJson.dependencies,
+		...pkgJson.optionalDependencies
+	};
+	const keepKeys = /* @__PURE__ */ new Set();
+	const collected = [];
+	for (const name of packageNames) {
+		const range = allDeps[name];
+		if (!range) throw new Error(`Package "${name}" not found in yarn.lock`);
+		const queue = [`${name}@${range}`];
+		while (queue.length > 0) {
+			const key = queue.shift();
+			if (keepKeys.has(key)) continue;
+			const entry = lockfile[key];
+			if (!entry) continue;
+			keepKeys.add(key);
+			collected.push({
+				name: key.slice(0, key.lastIndexOf("@")),
+				version: entry.version
+			});
+			if (entry.dependencies) for (const [depName, depRange] of Object.entries(entry.dependencies)) {
+				const depKey = `${depName}@${depRange}`;
+				if (!keepKeys.has(depKey)) queue.push(depKey);
+			}
+			if (includeOptional && entry.optionalDependencies) for (const [depName, depRange] of Object.entries(entry.optionalDependencies)) {
+				const depKey = `${depName}@${depRange}`;
+				if (!keepKeys.has(depKey)) queue.push(depKey);
+			}
+		}
+	}
+	const subset = {};
+	for (const key of keepKeys) subset[key] = lockfile[key];
+	const dependencies = {};
+	for (const name of packageNames) dependencies[name] = lockfile[`${name}@${allDeps[name]}`].version;
+	const seen = /* @__PURE__ */ new Set();
+	const deduped = collected.filter((c) => {
+		const key = `${c.name}@${c.version}`;
+		if (seen.has(key)) return false;
+		seen.add(key);
+		return true;
+	});
+	return {
+		type: "yarn",
+		yarnVersion: 1,
+		packageJson: {
+			name: "lockfile-subset-output",
+			version: "1.0.0",
+			dependencies
+		},
+		lockfileContent: stringifyYarnLockV1(subset),
+		collected: deduped
+	};
+}
+function extractBerry({ projectPath, packageNames, includeOptional, lockfileContent }) {
+	const lockfile = yaml.load(lockfileContent);
+	const descriptorMap = /* @__PURE__ */ new Map();
+	for (const [compoundKey, entry] of Object.entries(lockfile)) {
+		if (compoundKey === "__metadata") continue;
+		const descriptors = compoundKey.split(", ");
+		for (const descriptor of descriptors) descriptorMap.set(descriptor, {
+			entry,
+			originalKey: compoundKey
+		});
+	}
+	const pkgJsonPath = join(projectPath, "package.json");
+	const pkgJson = JSON.parse(readFileSync(pkgJsonPath, "utf8"));
+	const allDeps = {
+		...pkgJson.dependencies,
+		...pkgJson.optionalDependencies
+	};
+	const keepOriginalKeys = /* @__PURE__ */ new Set();
+	const visited = /* @__PURE__ */ new Set();
+	const collected = [];
+	for (const name of packageNames) {
+		const range = allDeps[name];
+		if (!range) throw new Error(`Package "${name}" not found in yarn.lock`);
+		const queue = [`${name}@npm:${range}`];
+		while (queue.length > 0) {
+			const desc = queue.shift();
+			if (visited.has(desc)) continue;
+			visited.add(desc);
+			const match = descriptorMap.get(desc);
+			if (!match) continue;
+			keepOriginalKeys.add(match.originalKey);
+			collected.push({
+				name: parseDescriptorName(desc),
+				version: match.entry.version
+			});
+			if (match.entry.dependencies) for (const [depName, depRange] of Object.entries(match.entry.dependencies)) {
+				const depDesc = `${depName}@${depRange}`;
+				if (!visited.has(depDesc)) queue.push(depDesc);
+			}
+			if (includeOptional && match.entry.optionalDependencies) for (const [depName, depRange] of Object.entries(match.entry.optionalDependencies)) {
+				const depDesc = `${depName}@${depRange}`;
+				if (!visited.has(depDesc)) queue.push(depDesc);
+			}
+		}
+	}
+	const dependencies = {};
+	for (const name of packageNames) {
+		const descriptor = `${name}@npm:${allDeps[name]}`;
+		dependencies[name] = descriptorMap.get(descriptor).entry.version;
+	}
+	const lines = [];
+	lines.push("# This file is generated by running \"yarn install\" inside your project.");
+	lines.push("# Manual changes might be lost - proceed with caution!");
+	lines.push("");
+	const metadata = lockfile.__metadata;
+	if (metadata) {
+		lines.push("__metadata:");
+		lines.push(`  version: ${metadata.version}`);
+		if (metadata.cacheKey) lines.push(`  cacheKey: ${metadata.cacheKey}`);
+		lines.push("");
+	}
+	for (const originalKey of keepOriginalKeys) {
+		const entry = lockfile[originalKey];
+		lines.push(`"${originalKey}":`);
+		lines.push(`  version: ${entry.version}`);
+		lines.push(`  resolution: "${entry.resolution}"`);
+		if (entry.dependencies && Object.keys(entry.dependencies).length > 0) {
+			lines.push("  dependencies:");
+			for (const [k, v] of Object.entries(entry.dependencies)) lines.push(`    ${k}: "${v}"`);
+		}
+		if (entry.optionalDependencies && Object.keys(entry.optionalDependencies).length > 0) {
+			lines.push("  optionalDependencies:");
+			for (const [k, v] of Object.entries(entry.optionalDependencies)) lines.push(`    ${k}: "${v}"`);
+		}
+		if (entry.dependenciesMeta && Object.keys(entry.dependenciesMeta).length > 0) {
+			lines.push("  dependenciesMeta:");
+			for (const [k, v] of Object.entries(entry.dependenciesMeta)) {
+				lines.push(`    ${k}:`);
+				if (v.optional !== void 0) lines.push(`      optional: ${v.optional}`);
+			}
+		}
+		if (entry.bin && Object.keys(entry.bin).length > 0) {
+			lines.push("  bin:");
+			for (const [k, v] of Object.entries(entry.bin)) lines.push(`    ${k}: ${v}`);
+		}
+		if (entry.conditions) lines.push(`  conditions: ${entry.conditions}`);
+		if (entry.checksum) lines.push(`  checksum: ${entry.checksum}`);
+		lines.push(`  languageName: ${entry.languageName || "node"}`);
+		lines.push(`  linkType: ${entry.linkType || "hard"}`);
+		lines.push("");
+	}
+	const seen = /* @__PURE__ */ new Set();
+	const deduped = collected.filter((c) => {
+		const key = `${c.name}@${c.version}`;
+		if (seen.has(key)) return false;
+		seen.add(key);
+		return true;
+	});
+	return {
+		type: "yarn",
+		yarnVersion: 2,
+		packageJson: {
+			name: "lockfile-subset-output",
+			version: "1.0.0",
+			dependencies
+		},
+		lockfileContent: lines.join("\n"),
+		collected: deduped
+	};
+}
+/** Extract package name from a descriptor like "chalk@npm:4.1.2" or "@scope/pkg@npm:^1.0.0" */
+function parseDescriptorName(descriptor) {
+	const npmIdx = descriptor.indexOf("@npm:");
+	if (npmIdx > 0) return descriptor.slice(0, npmIdx);
+	const lastAt = descriptor.lastIndexOf("@");
+	if (lastAt > 0) return descriptor.slice(0, lastAt);
+	return descriptor;
+}
+async function extractYarnSubset({ projectPath, packageNames, includeOptional = true }) {
+	const lockfileContent = readFileSync(join(projectPath, "yarn.lock"), "utf8");
+	if (detectYarnVersion(lockfileContent) === 1) return extractV1({
+		projectPath,
+		packageNames,
+		includeOptional,
+		lockfileContent
+	});
+	else return extractBerry({
+		projectPath,
+		packageNames,
+		includeOptional,
+		lockfileContent
+	});
+}
+//#endregion
 //#region src/write.ts
 function writeOutput(outputDir, result) {
 	mkdirSync(outputDir, { recursive: true });
 	writeFileSync(join(outputDir, "package.json"), JSON.stringify(result.packageJson, null, 2) + "\n");
 	if (result.type === "npm") writeFileSync(join(outputDir, "package-lock.json"), JSON.stringify(result.lockfileJson, null, 2) + "\n");
-	else writeFileSync(join(outputDir, "pnpm-lock.yaml"), yaml.dump(result.lockfileYaml, {
+	else if (result.type === "pnpm") writeFileSync(join(outputDir, "pnpm-lock.yaml"), yaml.dump(result.lockfileYaml, {
 		lineWidth: -1,
 		noCompatMode: true,
 		quotingType: "'",
 		forceQuotes: false
 	}));
+	else writeFileSync(join(outputDir, "yarn.lock"), result.lockfileContent);
 }
 //#endregion
 //#region src/index.ts
@@ -218,11 +417,15 @@ function resolveLockfile(lockfilePath) {
 			projectPath: resolve("."),
 			type: "pnpm"
 		};
+		if (existsSync(resolve("yarn.lock"))) return {
+			projectPath: resolve("."),
+			type: "yarn"
+		};
 		if (existsSync(resolve("package-lock.json"))) return {
 			projectPath: resolve("."),
 			type: "npm"
 		};
-		throw new Error("No lockfile found in current directory. Expected package-lock.json or pnpm-lock.yaml.");
+		throw new Error("No lockfile found in current directory. Expected package-lock.json, pnpm-lock.yaml, or yarn.lock.");
 	}
 	const resolved = resolve(lockfilePath);
 	const basename = resolved.split("/").pop();
@@ -230,17 +433,21 @@ function resolveLockfile(lockfilePath) {
 		projectPath: resolve(resolved, ".."),
 		type: "pnpm"
 	};
+	if (basename === "yarn.lock") return {
+		projectPath: resolve(resolved, ".."),
+		type: "yarn"
+	};
 	if (basename === "package-lock.json") return {
 		projectPath: resolve(resolved, ".."),
 		type: "npm"
 	};
-	throw new Error(`Invalid lockfile path: ${lockfilePath}. Expected a path to package-lock.json or pnpm-lock.yaml.`);
+	throw new Error(`Invalid lockfile path: ${lockfilePath}. Expected a path to package-lock.json, pnpm-lock.yaml, or yarn.lock.`);
 }
 const HELP = `
 lockfile-subset <packages...> [options]
 
-Extract a subset of package-lock.json or pnpm-lock.yaml for specified packages
-and their transitive dependencies.
+Extract a subset of package-lock.json, pnpm-lock.yaml, or yarn.lock for specified
+packages and their transitive dependencies.
 
 Arguments:
   packages                  Package names to extract (one or more, space-separated)
@@ -249,7 +456,7 @@ Options:
   --lockfile, -l <path>     Path to lockfile (auto-detected from cwd by default)
   --output, -o <dir>        Output directory (default: ./lockfile-subset-output)
   --no-optional             Exclude optional dependencies
-  --install                 Run npm ci / pnpm install --frozen-lockfile after generating
+  --install                 Run npm ci / pnpm install / yarn install after generating
   --dry-run                 Print the result without writing files
   --version, -v             Show version
   --help, -h                Show this help
@@ -284,6 +491,11 @@ async function main() {
 		packageNames: args.packages,
 		includeOptional: args.includeOptional
 	});
+	else if (type === "yarn") result = await extractYarnSubset({
+		projectPath,
+		packageNames: args.packages,
+		includeOptional: args.includeOptional
+	});
 	else result = await extractSubset({
 		projectPath,
 		packageNames: args.packages,
@@ -296,13 +508,16 @@ async function main() {
 		if (result.type === "npm") {
 			console.log("\n--- package-lock.json ---");
 			console.log(JSON.stringify(result.lockfileJson, null, 2));
-		} else {
+		} else if (result.type === "pnpm") {
 			const yaml = (await import("js-yaml")).default;
 			console.log("\n--- pnpm-lock.yaml ---");
 			console.log(yaml.dump(result.lockfileYaml, {
 				lineWidth: -1,
 				noCompatMode: true
 			}));
+		} else {
+			console.log("\n--- yarn.lock ---");
+			console.log(result.lockfileContent);
 		}
 		return;
 	}
@@ -315,7 +530,20 @@ async function main() {
 				cwd: outputDir,
 				stdio: "inherit"
 			});
+		} else if (type === "yarn") if (result.type === "yarn" && result.yarnVersion === 1) {
+			console.log("Running yarn install --frozen-lockfile...");
+			execSync("yarn install --frozen-lockfile", {
+				cwd: outputDir,
+				stdio: "inherit"
+			});
 		} else {
+			console.log("Running yarn install --immutable...");
+			execSync("yarn install --immutable", {
+				cwd: outputDir,
+				stdio: "inherit"
+			});
+		}
+		else {
 			console.log("Running npm ci...");
 			execSync("npm ci", {
 				cwd: outputDir,

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "lockfile-subset",
-  "version": "1.1.0",
-  "description": "Extract a subset of package-lock.json for specified packages and their transitive dependencies",
+  "version": "1.2.0",
+  "description": "Extract a subset of package-lock.json, pnpm-lock.yaml, or yarn.lock for specified packages and their transitive dependencies",
   "type": "module",
   "bin": {
     "lockfile-subset": "./dist/index.mjs"
@@ -17,6 +17,7 @@
   "keywords": [
     "npm",
     "pnpm",
+    "yarn",
     "lockfile",
     "package-lock",
     "subset",
@@ -37,6 +38,7 @@
     "@types/js-yaml": "^4.0.9",
     "@types/node": "^25.5.0",
     "@types/npmcli__arborist": "^6.3.3",
+    "@types/yarnpkg__lockfile": "^1.1.9",
     "semantic-release": "^25.0.3",
     "tsdown": "^0.21.4",
     "typescript": "^5.9.3",
@@ -44,6 +46,7 @@
   },
   "dependencies": {
     "@npmcli/arborist": "^9.4.2",
+    "@yarnpkg/lockfile": "^1.1.0",
     "js-yaml": "^4.1.1"
   }
 }