nestjs-openapi-parser 0.0.1

package/dist/validate.d.ts

@@ -0,0 +1,13 @@
+import type { OpenApiDocument } from './types/openapi';
+export interface ValidationResult {
+    valid: boolean;
+    /** Flattened, human-readable validation messages (empty when `valid`). */
+    errors: string[];
+}
+/**
+ * Validate a generated document against the OpenAPI 3.x JSON Schema using
+ * `@seriousme/openapi-schema-validator`. Returns validity plus flattened error
+ * messages. The validator dependency is imported lazily, so callers that never
+ * validate don't load it.
+ */
+export declare function validateDocument(document: OpenApiDocument): Promise<ValidationResult>;

package/dist/validate.js

@@ -0,0 +1,30 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.validateDocument = validateDocument;
+// `@seriousme/openapi-schema-validator` is ESM-only. Under `module: commonjs`,
+// `tsc` would downlevel a plain `import()` to `require()`, which throws on an
+// ESM-only package (Node < 22). Routing the import through `Function` keeps a
+// *native* dynamic import so it loads on every supported Node version.
+const importEsm = new Function('specifier', 'return import(specifier)');
+/**
+ * Validate a generated document against the OpenAPI 3.x JSON Schema using
+ * `@seriousme/openapi-schema-validator`. Returns validity plus flattened error
+ * messages. The validator dependency is imported lazily, so callers that never
+ * validate don't load it.
+ */
+async function validateDocument(document) {
+    const { Validator } = (await importEsm('@seriousme/openapi-schema-validator'));
+    const result = await new Validator().validate(document);
+    return result.valid
+        ? { valid: true, errors: [] }
+        : { valid: false, errors: formatErrors(result) };
+}
+function formatErrors(result) {
+    const { errors } = result;
+    if (!errors)
+        return ['Document failed OpenAPI schema validation.'];
+    if (typeof errors === 'string')
+        return [errors];
+    return errors.map((e) => `${e.instancePath || '(root)'}: ${e.message ?? 'invalid'}`);
+}
+//# sourceMappingURL=validate.js.map

package/dist/validate.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"validate.js","sourceRoot":"","sources":["../src/validate.ts"],"names":[],"mappings":";;AAiCA,4CAMC;AA/BD,+EAA+E;AAC/E,8EAA8E;AAC9E,8EAA8E;AAC9E,uEAAuE;AACvE,MAAM,SAAS,GAAG,IAAI,QAAQ,CAAC,WAAW,EAAE,0BAA0B,CAEjD,CAAC;AAatB;;;;;GAKG;AACI,KAAK,UAAU,gBAAgB,CAAC,QAAyB;IAC9D,MAAM,EAAE,SAAS,EAAE,GAAG,CAAC,MAAM,SAAS,CAAC,qCAAqC,CAAC,CAAoB,CAAC;IAClG,MAAM,MAAM,GAAG,MAAM,IAAI,SAAS,EAAE,CAAC,QAAQ,CAAC,QAA8C,CAAC,CAAC;IAC9F,OAAO,MAAM,CAAC,KAAK;QACjB,CAAC,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE;QAC7B,CAAC,CAAC,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,YAAY,CAAC,MAAM,CAAC,EAAE,CAAC;AACrD,CAAC;AAED,SAAS,YAAY,CAAC,MAAuB;IAC3C,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,CAAC;IAC1B,IAAI,CAAC,MAAM;QAAE,OAAO,CAAC,4CAA4C,CAAC,CAAC;IACnE,IAAI,OAAO,MAAM,KAAK,QAAQ;QAAE,OAAO,CAAC,MAAM,CAAC,CAAC;IAChD,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,YAAY,IAAI,QAAQ,KAAK,CAAC,CAAC,OAAO,IAAI,SAAS,EAAE,CAAC,CAAC;AACvF,CAAC"}

package/docs/configuration.md

@@ -0,0 +1,195 @@
+# Configuration
+
+A complete `nestparser.config.ts`:
+
+```ts
+import { defineConfig } from 'nestjs-openapi-parser';
+
+export default defineConfig({
+  openapi: {
+    title: 'My API',
+    version: '1.0.0',
+    description: 'Optional API description.',
+    servers: [{ url: 'http://localhost:3000' }],
+    securitySchemes: {
+      bearerAuth: { type: 'http', scheme: 'bearer', bearerFormat: 'JWT' },
+    },
+    info: {
+      // Anything extra spliced onto `info`.
+      contact: { name: 'API team', email: 'api@example.com' },
+    },
+  },
+
+  project: {
+    tsConfigFilePath: 'tsconfig.json',
+    rootDir: 'src',
+    globalPrefix: 'v1',
+    excludeSuffixes: ['.spec.ts', '.test.ts', '.d.ts'],
+  },
+
+  conventions: {
+    excludeDecorator: 'Exclude', // class-transformer @Exclude
+    optionalDecorator: 'IsOptional', // class-validator @IsOptional
+  },
+
+  scopes: [], // see "Documentation variants" below
+  additionalModels: [], // force-include unreachable models — see docs/parser.md
+
+  hooks: {
+    // see "Hooks"
+  },
+});
+```
+
+## Documentation variants — `@Scope`
+
+Tag controllers, methods, models or fields with `@Scope` to make them appear in the spec only when the build is configured for a matching scope. Untagged items are always emitted.
+
+```ts
+/**
+ * Admin-only operations.
+ *
+ * @Scope admin
+ */
+@Controller('admin')
+export class AdminController {
+  /* ... */
+}
+
+export class User {
+  email!: string;
+
+  /** @Scope internal */
+  lastLoginIp?: string;
+
+  /** @Scope admin */
+  adminMeta?: AdminMeta;
+}
+```
+
+**Activate scopes** via the CLI or the config:
+
+```sh
+nestparser --scope internal,admin            # comma-separated
+nestparser --scope internal --scope admin    # repeatable
+```
+
+```ts
+defineConfig({
+  // ...
+  scopes: ['internal', 'admin'],
+});
+```
+
+- **Syntax.** The tag must be on its own JSDoc line. Inline mentions like `Comment with @Scope foo` are treated as description text. Multiple values can be comma-separated (`@Scope internal,admin`) or on separate lines.
+- **Precedence.** The CLI `--scope` flag overrides `config.scopes` when present.
+- **Soundness — no dangling refs.** If a visible item references a class whose scope wouldn't be emitted, the build fails fast with an error naming the offending class. Example: a `@Scope internal` method returns `Promise<AdminMeta>` where `AdminMeta` is `@Scope admin`; building with `--scope internal` alone throws. Building with `--scope internal,admin` succeeds.
+
+## Scoped description fragments
+
+Inside any JSDoc body (controller, method, model, field), you can mark text fragments that only appear under specific scopes:
+
+```ts
+/**
+ * Generic description that always appears.
+ *
+ * <internal>
+ * Extra context that only shows when scope=internal is active.
+ * </internal>
+ *
+ * <admin>Inline fragments work too.</admin>
+ */
+```
+
+- The item itself does **not** need a `@Scope` — fragments are independent of item visibility.
+- Multiple fragments can appear in the same JSDoc; **nesting is not allowed**.
+- Visibility follows the same rule as item-level `@Scope`: untagged text always appears; `<X>…</X>` appears only when `X` is in the active scopes; no active scope → all fragments are dropped.
+- **Only known scope names are treated as fragments.** `X` is a fragment delimiter only when it's a scope declared somewhere in the project via `@Scope` (on any class, method, or property) or passed as an active scope. Any other angle-bracket text — generics in prose (`Array<string>`), placeholders (`<id>`, `<token>`), inline HTML (`<b>…</b>`) — is left **verbatim** and never triggers an error.
+- Syntax errors (nesting, mismatched close, unclosed open) **throw** with the path of the offending item — but only for genuine scope fragments. A stray `<id>` in prose is not a scope, so it's ignored, not an error.
+
+Known limitation: a fragment scope used **only** in `<X>…</X>` blocks — never as a `@Scope` tag and never activated — won't be in the project's scope vocabulary, so its text passes through as literal prose instead of being hidden. Declare the scope with a `@Scope` tag (or activate it) to make such fragments filterable.
+
+## Hooks (project-specific glue)
+
+Default behavior emits "vanilla NestJS" output: the method return type is the response body, every registered security scheme applies. Four hooks let you customize:
+
+```ts
+defineConfig({
+  // ...
+  hooks: {
+    buildResponseSchema: (ctx) => {
+      /* ... */
+    },
+    resolveSecurity: (ctx) => {
+      /* ... */
+    },
+    controllerTag: (clazz) => {
+      /* ... */
+    },
+    endpointSummary: (ctx) => {
+      /* ... */
+    },
+  },
+});
+```
+
+### `buildResponseSchema(ctx)`
+
+Wrap responses in a project-specific envelope (e.g. `{ success, data }`) or special-case wrapper types (e.g. `PaginatedResponse<T>`).
+
+```ts
+buildResponseSchema: ({ returnType, returnTypeName, defaultSchema }) => {
+  if (returnTypeName === 'PaginatedResponse') {
+    return {
+      type: 'object',
+      properties: {
+        success: { type: 'boolean' },
+        data: { type: 'array', items: { type: 'object' } },
+        pagination: { type: 'object', properties: { total: { type: 'integer' } } },
+      },
+      required: ['success', 'data', 'pagination'],
+    };
+  }
+  return {
+    type: 'object',
+    properties: { success: { type: 'boolean' }, data: defaultSchema() },
+    required: ['success', 'data'],
+  };
+};
+```
+
+`ctx.defaultSchema()` lazily computes the bare return-type schema — calling it registers a `$ref` if the return type is a class. Don't call it if you're replacing the body entirely (otherwise you'll pull schemas you don't reference).
+
+### `resolveSecurity(ctx)`
+
+Read your own auth decorator (e.g. `@Public()`, `@Auth(...)`) and produce security requirements.
+
+```ts
+resolveSecurity: ({ controller, method }) => {
+  const isPublic = !!method.getDecorator('Public') || !!controller.getDecorator('Public');
+  return isPublic ? [] : [{ bearerAuth: [] }];
+};
+```
+
+Return:
+
+- `[]` — endpoint is public (emits `security: []`)
+- `[{ scheme: [] }, ...]` — explicit requirements
+- `undefined` — fall back to the default (every registered scheme applies)
+
+### `controllerTag(class)`
+
+Override the default tag derivation:
+
+- `controllerTag` — default strips the `Controller` suffix and splits PascalCase boundaries with spaces (`UserAuthController` → `"User Auth"`). For one-off overrides, prefer the `@Tag <name>` JSDoc tag on the controller (or method) — no hook needed.
+
+### `endpointSummary(ctx)`
+
+Build the `operation.summary` for each endpoint. `ctx` provides `{ controller, method, httpMethod, defaultSummary }` (`defaultSummary` is the humanized method name). Return a string to use it, or `null`/`undefined` to keep `defaultSummary`. A method-level `@Name <text>` JSDoc tag overrides both the hook and the default.
+
+```ts
+endpointSummary: ({ httpMethod, defaultSummary }) =>
+  `${httpMethod.toUpperCase()} — ${defaultSummary}`;
+```
+
+The test fixture's config at [`tests/fixtures/example-app/nestparser.config.ts`](../tests/fixtures/example-app/nestparser.config.ts) demonstrates a working setup (`{ success, message, data }` envelope, `PaginatedResponse<T>` special-casing, `@Public()`-based security).

package/docs/library-usage.md

@@ -0,0 +1,40 @@
+# Library usage
+
+```ts
+import {
+  parseNestProject,
+  loadConfig,
+  defineConfig,
+  validateDocument,
+  filterScopedComments,
+  getScopes,
+  getTags,
+  isVisible,
+  parseScopeList,
+} from 'nestjs-openapi-parser';
+
+import type {
+  NestParserConfig,
+  NestParserHooks,
+  ResponseSchemaContext,
+  SecurityContext,
+  OpenApiDocument,
+  OpenApiSchema,
+} from 'nestjs-openapi-parser';
+
+// Auto-discover + load nestparser.config.* from disk
+const { config, filePath } = await loadConfig({ projectRoot });
+
+// Or build the config inline
+const inline = defineConfig({ openapi: { title: 'X', version: '1.0' } });
+
+// Generate the document — async, and self-validates (throws on an invalid spec)
+const doc: OpenApiDocument = await parseNestProject({ projectRoot, config });
+
+// Or validate any document yourself against the OpenAPI schema
+const { valid, errors } = await validateDocument(doc);
+```
+
+Public exports live in [`src/lib.ts`](../src/lib.ts): `parseNestProject`, `loadConfig`, `defineConfig`, the scope helpers (`getTags`, `getScopes`, `isVisible`, `filterScopedComments`, `parseScopeList`), and the relevant TypeScript types.
+
+The internal builders (`AstIndex`, `SchemaBuilder`, `PathBuilder`) are also exported if you need fine-grained control, but the stable surface is `parseNestProject` + `loadConfig`.

package/docs/parser.md

@@ -0,0 +1,148 @@
+# Parser
+
+The parser walks `<projectRoot>/<rootDir>` (default `src/`), indexes every class and enum it sees, then emits paths and schemas from controllers and the types they reference.
+
+**Deterministic output.** The source tree is walked in name-sorted order (not raw `fs.readdirSync` order, which is filesystem-dependent), so the order of paths, tags and schemas is identical on every machine — the generated JSON is safe to commit and diff in CI. Fields inside a model keep their **source-declaration order**, with inherited fields first (base class → subclass) when a class `extends` another.
+
+## Routes
+
+| Source                                                | Becomes                                                                                                      |
+| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------ |
+| `@Controller('users')`                                | base path + default tag derived from the class name (see below)                                              |
+| `@Get/@Post/@Put/@Delete/@Patch('path')`              | OpenAPI operation under `paths[fullPath][httpMethod]`                                                        |
+| `@Get(['a', 'b'])` / `@Controller(['x', 'y'])` arrays | one operation per path (full prefix × route cross-product), unique operationIds                              |
+| `:id` route placeholders                              | rewritten to `{id}` in the OpenAPI path                                                                      |
+| `:id?` optional param                                 | split into two paths — without the segment and with `{id}` (params are always required)                      |
+| `:id(\d+)` regex / `*` wildcard / `:x+` modifier      | **route skipped** with a warning — no faithful OpenAPI representation                                        |
+| Method's JSDoc                                        | `operation.description`                                                                                      |
+| Controller class JSDoc                                | `tags[].description`                                                                                         |
+| Method name → `operation.summary`                     | humanized method name by default                                                                             |
+| `@Tag <name>` JSDoc tag (controller or method)        | overrides the derived tag for that controller / operation                                                    |
+| `@Scope <name>` JSDoc tag (controller or method)      | emitted only when that scope is active — see [Configuration](configuration.md#documentation-variants--scope) |
+| `@Name <text>` JSDoc tag (method)                     | overrides the operation `summary`                                                                            |
+
+```ts
+/**
+ * @Tag System Health
+ */
+@Controller('health')
+export class HealthController {
+  @Get()
+  /** @Tag Diagnostics */
+  ping() {
+    /* ... */
+  }
+}
+```
+
+Every tag in play is also declared in the document's root `tags[]`. Controller tags come first (with the description from the class JSDoc, first controller winning on a shared name), followed by any method-level `@Tag` name no controller already declared. Those method-introduced tags carry no description — a method's JSDoc is its `operation.description`, not a tag description — but they're still declared so the operation's tag isn't dangling and tools order/group it like any other.
+
+**Operation summary.** Every operation gets a `summary`. By default it's the **method name humanized** — camelCase/PascalCase split into words with the first letter capitalized (`findOne` → `"Find One"`, `remove` → `"Remove"`). Override it per-endpoint with a `@Name <text>` JSDoc tag on the method (single line, like `@Tag`), or globally with the [`endpointSummary`](configuration.md#hooks-project-specific-glue) hook. Precedence: **`@Name` > `endpointSummary` hook > default**; the hook returning `null`/`undefined` falls back to the default.
+
+```ts
+@Controller('posts')
+export class PostsController {
+  /** @Name Publish a post */
+  @Post()
+  create() {
+    // summary: "Publish a post"
+  }
+
+  @Get(':id')
+  findOne() {
+    // summary: "Publish a post"
+  }
+}
+```
+
+HTTP-method decorators (and `@Controller`, `@Body`, `@Query`, `@Param`, `@Headers`) are matched by **local identifier name**. Aliased imports like `import { Post as HttpPost }` won't be detected.
+
+## Parameters & request body
+
+| Source                        | Becomes                                                         |
+| ----------------------------- | --------------------------------------------------------------- |
+| `@Param('id')`                | path parameter (`required: true`)                               |
+| `@Param('id', ParseUUIDPipe)` | `{ type: 'string', format: 'uuid' }`                            |
+| `@Param('id', ParseIntPipe)`  | `{ type: 'integer' }`                                           |
+| `@Param('id', ParseBoolPipe)` | `{ type: 'boolean' }`                                           |
+| `@Query('q')`                 | named query parameter                                           |
+| `@Query() dto: SomeQueryDto`  | expanded into individual query parameters from the DTO          |
+| `@Body() dto: SomeBodyDto`    | `requestBody` with `application/json` schema (`required: true`) |
+| `@Headers('x-foo')`           | header parameter (`type: string`)                               |
+
+Pipe detection is **textual** — it looks for `ParseUUIDPipe` / `ParseIntPipe` / `ParseBoolPipe` in the decorator's arguments source. Custom pipes fall back to the parameter's TypeScript type.
+
+**Path parameters always match the route template.** Every `:placeholder` in the route (`@Controller`, `@Get`, the global prefix) is emitted as a `required: true` path parameter, in template order — so the document is never invalid for a missing parameter object. When a `:placeholder` has a matching `@Param('placeholder')`, its schema (incl. pipe-derived `uuid`/`integer`/`boolean`) is used; otherwise — the handler reads `@Param() all`, `@Req()`, or the names simply don't line up — it defaults to `{ type: 'string' }`. A `@Param('x')` whose name isn't in the route template is ignored (it can't be a valid path parameter).
+
+## Responses
+
+The default is "method return type **is** the response body" with status `201` for `POST` and `200` for everything else. `Promise<T>` is unwrapped to `T` first. Customize the body with the [`buildResponseSchema`](configuration.md#hooks-project-specific-glue) hook.
+
+**`@HttpCode(...)` overrides the status.** A handler decorated with `@HttpCode(204)` (numeric literal) or `@HttpCode(HttpStatus.NO_CONTENT)` (the `HttpStatus` member is resolved from a built-in name→code table) uses that code as the response key instead of the 201/200 default — matching NestJS's own behavior.
+
+## Schemas
+
+The schema builder accepts TypeScript classes and produces OpenAPI object schemas:
+
+| Source                                       | Becomes                                                                              |
+| -------------------------------------------- | ------------------------------------------------------------------------------------ |
+| Class instance property                      | entry in `properties`                                                                |
+| `prop?: T` **or** `@IsOptional() prop: T`    | excluded from `required` (decorator name configurable)                               |
+| `@Exclude() prop: T`                         | omitted from the schema entirely (decorator name configurable)                       |
+| `string` / `number` / `boolean` types        | OpenAPI primitive                                                                    |
+| `Date`                                       | `{ type: 'string', format: 'date-time' }`                                            |
+| `T[]`                                        | `{ type: 'array', items: schemaOf(T) }`                                              |
+| TypeScript `enum`                            | `{ type, enum: [...] }` — `type` is `string`, `integer`, or `number` by member value |
+| `"a" \| "b" \| "c"` string-literal union     | `{ type: 'string', enum: ['a','b','c'] }`                                            |
+| Union of classes                             | `{ oneOf: [...] }`                                                                   |
+| `extends PartialType(X)`                     | all properties of `X` made optional                                                  |
+| `extends PickType(X, ['a','b'])`             | subset                                                                               |
+| `extends OmitType(X, ['a','b'])`             | complement                                                                           |
+| `extends IntersectionType(A, B, ...)`        | merged                                                                               |
+| Class JSDoc                                  | `schema.description`                                                                 |
+| Property JSDoc                               | property-level `description`                                                         |
+| Property JSDoc on a **class-typed** property | `{ allOf: [{ $ref }], description }` (see below)                                     |
+
+A `$ref` is an OpenAPI 3.0 Reference Object whose sibling keys are ignored, so a class-typed property that also carries a JSDoc description is emitted as `{ allOf: [{ $ref }], description }` rather than `{ $ref, description }` — otherwise the description would be silently dropped by tooling. Class-typed properties without a description stay a bare `{ $ref }`.
+
+### `class-validator` constraints
+
+Constraint decorators on a property are translated into the matching schema keywords (unknown decorators are ignored). These compose with the type-derived schema and propagate through `PartialType`/`PickType`/`OmitType`/`IntersectionType`:
+
+| Decorator                               | Schema keyword(s)                      |
+| --------------------------------------- | -------------------------------------- |
+| `@Min(n)` / `@Max(n)`                   | `minimum` / `maximum`                  |
+| `@MinLength(n)` / `@MaxLength(n)`       | `minLength` / `maxLength`              |
+| `@Length(min, max)`                     | `minLength` + `maxLength`              |
+| `@ArrayMinSize(n)` / `@ArrayMaxSize(n)` | `minItems` / `maxItems`                |
+| `@IsEmail()`                            | `format: 'email'`                      |
+| `@IsUrl()`                              | `format: 'uri'`                        |
+| `@IsUUID()`                             | `format: 'uuid'`                       |
+| `@IsDateString()`                       | `format: 'date-time'`                  |
+| `@Matches(/re/)`                        | `pattern` (regex literal or string)    |
+| `@IsInt()`                              | narrows `number` → `integer`           |
+| `@IsPositive()` / `@IsNegative()`       | exclusive `minimum` / `maximum` of `0` |
+
+So `@IsInt() @Min(1) @Max(100) limit: number` becomes `{ type: 'integer', minimum: 1, maximum: 100 }`, and `@IsEmail() email: string` becomes `{ type: 'string', format: 'email' }`. Like everything else, decorators are matched by **local identifier name**.
+
+### Schema reachability
+
+Only classes that are **reachable from an endpoint** end up in `components.schemas`:
+
+- Controller method return types (after `Promise<T>` unwrap) and their nested class properties — transitively.
+- `@Body()` parameter types and their nested classes.
+- DTOs used as `@Query()` are **inlined** as individual query parameters, not emitted as named schemas.
+
+Classes that never reach the reference walk (orphan entities, error envelopes only used in interceptors, discriminated-union variants…) won't appear in the spec by default. Add them explicitly via `additionalModels`:
+
+```ts
+import { CommonError } from './src/common/common-error';
+import { AuditEvent } from './src/audit/audit-event';
+
+export default defineConfig({
+  // ...
+  additionalModels: [CommonError, AuditEvent],
+});
+```
+
+Pass the **class itself**, not its name — the parser resolves it via `klass.name` against the AST. Transitive references of each entry come along automatically. Build **throws** if a name isn't found in the source tree, so typos and out-of-tree classes fail loud.

package/package.json

@@ -0,0 +1,54 @@
+{
+  "name": "nestjs-openapi-parser",
+  "version": "0.0.1",
+  "description": "CLI that parses a NestJS project with ts-morph and generates an OpenAPI document.",
+  "license": "MIT",
+  "type": "commonjs",
+  "main": "dist/lib.js",
+  "types": "dist/lib.d.ts",
+  "bin": {
+    "nestparser": "dist/cli.js"
+  },
+  "files": [
+    "dist",
+    "docs",
+    "README.md"
+  ],
+  "workspaces": [
+    "tests/fixtures/*"
+  ],
+  "scripts": {
+    "build": "tsc -p tsconfig.json",
+    "dev": "tsx src/cli.ts",
+    "start": "node dist/cli.js",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "snapshot:serve": "tsx scripts/serve-snapshot.ts",
+    "lint": "eslint .",
+    "lint:fix": "eslint . --fix",
+    "format": "prettier --write .",
+    "format:check": "prettier --check .",
+    "prepublishOnly": "yarn build"
+  },
+  "engines": {
+    "node": ">=18"
+  },
+  "packageManager": "yarn@4.16.0",
+  "dependencies": {
+    "@seriousme/openapi-schema-validator": "^2.9.0",
+    "commander": "^12.1.0",
+    "ts-morph": "^23.0.0"
+  },
+  "devDependencies": {
+    "@eslint/js": "^9.0.0",
+    "@types/node": "^20.0.0",
+    "@types/prompts": "^2.4.9",
+    "eslint": "^9.0.0",
+    "prettier": "^3.0.0",
+    "prompts": "^2.4.2",
+    "tsx": "^4.0.0",
+    "typescript": "^5.0.0",
+    "typescript-eslint": "^8.0.0",
+    "vitest": "^2.0.0"
+  }
+}