pnpm-catalog-updates 1.0.2 → 1.1.0

package/src/cli/commands/securityCommand.ts

@@ -7,10 +7,14 @@
 
 import { spawnSync } from 'node:child_process'
 import * as path from 'node:path'
+import { CommandExitError, getErrorCode, logger, t, toError } from '@pcu/utils'
 import * as fs from 'fs-extra'
 import type { OutputFormat, OutputFormatter } from '../formatters/outputFormatter.js'
 import { ProgressBar } from '../formatters/progressBar.js'
-import { StyledText, ThemeManager } from '../themes/colorTheme.js'
+import { StyledText } from '../themes/colorTheme.js'
+import { cliOutput } from '../utils/cliOutput.js'
+import { handleCommandError, initializeTheme } from '../utils/commandHelpers.js'
+import { errorsOnly, validateSecurityOptions } from '../validators/index.js'
 
 export interface SecurityCommandOptions {
   workspace?: string
@@ -54,6 +58,10 @@ export interface Vulnerability {
   paths: string[]
   cwe?: string[]
   cve?: string[]
+  /** Detailed description/overview of the vulnerability */
+  overview?: string
+  /** Currently installed version of the package */
+  installedVersion?: string
 }
 
 export interface SecurityRecommendation {
@@ -65,6 +73,54 @@ export interface SecurityRecommendation {
   impact: string
 }
 
+/**
+ * pnpm/npm audit response vulnerability entry
+ */
+interface AuditVulnerability {
+  name: string
+  severity: 'low' | 'moderate' | 'high' | 'critical'
+  title?: string
+  url?: string
+  range: string
+  fixAvailable: boolean | string
+  via?: Array<{ source?: string; name?: string }>
+  cwe?: string[]
+  cve?: string[]
+}
+
+/**
+ * pnpm/npm audit response structure
+ */
+interface AuditData {
+  vulnerabilities?: Record<string, AuditVulnerability>
+}
+
+/**
+ * Snyk vulnerability entry
+ */
+interface SnykVulnerability {
+  id: string
+  packageName: string
+  severity: 'low' | 'moderate' | 'high' | 'critical'
+  title: string
+  url?: string
+  version?: string
+  semver?: { vulnerable?: string[] }
+  upgradePath?: string[]
+  fixedIn?: string[]
+  from?: string[]
+  identifiers?: { CWE?: string[]; CVE?: string[] }
+  cwe?: string[]
+  cve?: string[]
+}
+
+/**
+ * Snyk response structure
+ */
+interface SnykData {
+  vulnerabilities?: SnykVulnerability[]
+}
+
 export class SecurityCommand {
   constructor(private readonly outputFormatter: OutputFormatter) {}
 
@@ -75,30 +131,36 @@ export class SecurityCommand {
     let progressBar: ProgressBar | undefined
 
     try {
-      // Initialize theme
-      ThemeManager.setTheme('default')
+      // Initialize theme using shared helper
+      initializeTheme('default')
 
       // Show loading with progress bar
       progressBar = new ProgressBar({
-        text: 'Performing security analysis...',
+        text: t('progress.securityAnalyzing'),
       })
       progressBar.start()
 
       if (options.verbose) {
-        console.log(StyledText.iconAnalysis('Security vulnerability scanning'))
-        console.log(StyledText.muted(`Workspace: ${options.workspace || process.cwd()}`))
-        console.log(StyledText.muted(`Severity filter: ${options.severity || 'all'}`))
-        console.log('')
+        cliOutput.print(StyledText.iconAnalysis(t('command.security.scanning')))
+        cliOutput.print(
+          StyledText.muted(`${t('command.workspace.title')}: ${options.workspace || process.cwd()}`)
+        )
+        cliOutput.print(
+          StyledText.muted(
+            t('command.security.severityFilter', { severity: options.severity || 'all' })
+          )
+        )
+        cliOutput.print('')
       }
 
       // Execute security scan
       const report = await this.performSecurityScan(options)
 
-      progressBar.succeed('Security analysis completed')
+      progressBar.succeed(t('progress.securityCompleted'))
 
       // Format and display results
       const formattedOutput = this.outputFormatter.formatSecurityReport(report)
-      console.log(formattedOutput)
+      cliOutput.print(formattedOutput)
 
       // Show recommendations if available
       if (report.recommendations.length > 0) {
@@ -112,21 +174,24 @@ export class SecurityCommand {
 
       // Exit with appropriate code based on findings
       const exitCode = report.summary.critical > 0 ? 1 : 0
-      process.exit(exitCode)
+      throw CommandExitError.withCode(exitCode)
     } catch (error) {
-      if (progressBar) {
-        progressBar.fail('Security analysis failed')
+      // Re-throw CommandExitError as-is
+      if (error instanceof CommandExitError) {
+        throw error
       }
 
-      console.error(StyledText.iconError('Error performing security scan:'))
-      console.error(StyledText.error(String(error)))
-
-      if (options.verbose && error instanceof Error) {
-        console.error(StyledText.muted('Stack trace:'))
-        console.error(StyledText.muted(error.stack || 'No stack trace available'))
-      }
+      // QUAL-007: Use unified error handling
+      handleCommandError(error, {
+        verbose: options.verbose,
+        progressBar,
+        errorMessage: 'Security scan failed',
+        context: { options },
+        failedProgressKey: 'progress.securityFailed',
+        errorDisplayKey: 'command.security.errorScanning',
+      })
 
-      process.exit(1)
+      throw CommandExitError.failure('Security scan failed')
     }
   }
 
@@ -141,13 +206,13 @@ export class SecurityCommand {
     // Check if package.json exists
     const packageJsonPath = path.join(workspacePath, 'package.json')
     if (!(await fs.pathExists(packageJsonPath))) {
-      throw new Error(`No package.json found in ${workspacePath}`)
+      throw new Error(t('command.security.noPackageJson', { path: workspacePath }))
     }
 
-    // Run npm audit
+    // Run pnpm audit
     if (options.audit !== false) {
-      const npmVulns = await this.runNpmAudit(workspacePath, options)
-      vulnerabilities.push(...npmVulns)
+      const auditVulns = await this.runPnpmAudit(workspacePath, options)
+      vulnerabilities.push(...auditVulns)
     }
 
     // Run snyk scan if available
@@ -172,52 +237,50 @@ export class SecurityCommand {
       recommendations: recommendations,
       metadata: {
         scanDate: new Date().toISOString(),
-        scanTools: ['npm-audit', ...(options.snyk ? ['snyk'] : [])],
+        scanTools: ['pnpm-audit', ...(options.snyk ? ['snyk'] : [])],
         workspacePath: workspacePath,
       },
     }
   }
 
   /**
-   * Run npm audit scan
+   * Run pnpm audit scan
    */
-  private async runNpmAudit(
+  private async runPnpmAudit(
     workspacePath: string,
     options: SecurityCommandOptions
   ): Promise<Vulnerability[]> {
     const auditArgs = ['audit', '--json']
 
     if (!options.includeDev) {
-      auditArgs.push('--omit=dev')
+      auditArgs.push('--prod')
     }
 
-    const result = spawnSync('npm', auditArgs, {
+    const result = spawnSync('pnpm', auditArgs, {
       cwd: workspacePath,
       encoding: 'utf8',
       stdio: ['pipe', 'pipe', 'pipe'],
     })
 
     if (result.error) {
-      throw new Error(`npm audit failed: ${result.error.message}`)
+      throw new Error(t('command.security.auditFailed', { message: result.error.message }))
     }
 
-    if (result.status === 1) {
-      // npm audit returns 1 when vulnerabilities are found
-      try {
-        const auditData = JSON.parse(result.stdout)
-        return this.parseNpmAuditResults(auditData)
-      } catch (parseError) {
-        throw new Error(`Failed to parse npm audit output: ${parseError}`)
-      }
-    } else if (result.status === 0) {
+    // pnpm audit returns non-zero when vulnerabilities are found
+    if (result.status === 0 || result.status === 1) {
       try {
         const auditData = JSON.parse(result.stdout)
-        return this.parseNpmAuditResults(auditData)
+        return this.parseAuditResults(auditData)
       } catch (parseError) {
-        throw new Error(`Failed to parse npm audit output: ${parseError}`)
+        throw new Error(t('command.security.auditParseError', { error: String(parseError) }))
       }
     } else {
-      throw new Error(`npm audit failed with status ${result.status}: ${result.stderr}`)
+      throw new Error(
+        t('command.security.auditExitError', {
+          status: result.status ?? 'unknown',
+          error: result.stderr,
+        })
+      )
     }
   }
 
@@ -252,33 +315,41 @@ export class SecurityCommand {
       }
 
       if (result.status !== 0 && result.status !== 1) {
-        throw new Error(`Snyk scan failed with status ${result.status}: ${result.stderr}`)
+        throw new Error(
+          t('command.security.snykScanExitError', {
+            status: result.status ?? 'unknown',
+            error: result.stderr,
+          })
+        )
       }
 
       const snykData = JSON.parse(result.stdout)
       return this.parseSnykResults(snykData)
-    } catch (error: any) {
-      if (error.code === 'ENOENT') {
-        console.warn(StyledText.iconWarning('Snyk not found. Install with: npm install -g snyk'))
+    } catch (error) {
+      // ERR-003: Use type-safe error code extraction
+      const errorCode = getErrorCode(error)
+      if (errorCode === 'ENOENT') {
+        logger.debug('Snyk not found', { code: errorCode })
+        cliOutput.warn(StyledText.iconWarning(t('command.security.snykNotFound')))
         return []
       }
-      throw new Error(`Snyk scan failed: ${error.message}`)
+      const err = toError(error)
+      logger.error('Snyk scan failed', err, { workspacePath })
+      throw new Error(t('command.security.snykScanFailed', { message: err.message }))
     }
   }
 
   /**
-   * Parse npm audit results
+   * Parse pnpm/npm audit results
    */
-  private parseNpmAuditResults(auditData: any): Vulnerability[] {
+  private parseAuditResults(auditData: AuditData): Vulnerability[] {
     const vulnerabilities: Vulnerability[] = []
 
     if (!auditData.vulnerabilities) {
       return vulnerabilities
     }
 
-    for (const [id, vuln] of Object.entries(auditData.vulnerabilities)) {
-      const vulnerability = vuln as any
-
+    for (const [id, vulnerability] of Object.entries(auditData.vulnerabilities)) {
       vulnerabilities.push({
         id: id,
         package: vulnerability.name,
@@ -287,8 +358,9 @@ export class SecurityCommand {
         url: vulnerability.url || `https://npmjs.com/advisories/${id}`,
         range: vulnerability.range,
         fixAvailable: vulnerability.fixAvailable,
-        fixVersion: vulnerability.fixAvailable === true ? vulnerability.fixAvailable : undefined,
-        paths: vulnerability.via?.map((v: any) => v.source || v.name) || [vulnerability.name],
+        fixVersion:
+          vulnerability.fixAvailable === true ? String(vulnerability.fixAvailable) : undefined,
+        paths: vulnerability.via?.map((v) => v.source || v.name || '') || [vulnerability.name],
         cwe: vulnerability.cwe,
         cve: vulnerability.cve,
       })
@@ -300,7 +372,7 @@ export class SecurityCommand {
   /**
    * Parse snyk results
    */
-  private parseSnykResults(snykData: any): Vulnerability[] {
+  private parseSnykResults(snykData: SnykData): Vulnerability[] {
     const vulnerabilities: Vulnerability[] = []
 
     if (!snykData.vulnerabilities) {
@@ -313,9 +385,9 @@ export class SecurityCommand {
         package: vuln.packageName,
         severity: vuln.severity,
         title: vuln.title,
-        url: vuln.url,
-        range: vuln.semver?.vulnerable?.join(' || ') || vuln.version,
-        fixAvailable: vuln.fixedIn?.length > 0,
+        url: vuln.url || '',
+        range: vuln.semver?.vulnerable?.join(' || ') || vuln.version || '',
+        fixAvailable: (vuln.fixedIn?.length ?? 0) > 0,
         fixVersion: vuln.fixedIn?.[0],
         paths: vuln.from || [vuln.packageName],
         cwe: vuln.identifiers?.CWE || [],
@@ -355,8 +427,8 @@ export class SecurityCommand {
             currentVersion: currentVersion,
             recommendedVersion: recommendedVersion,
             type: 'update',
-            reason: `${criticalVulns.length} critical vulnerabilities found`,
-            impact: 'High - Security vulnerability fix',
+            reason: t('command.security.criticalVulnsFound', { count: criticalVulns.length }),
+            impact: t('command.security.highImpactFix'),
           })
         }
       }
@@ -427,56 +499,58 @@ export class SecurityCommand {
 
   /**
    * Show security recommendations
+   * QUAL-011: Use unified output helpers (cliOutput, StyledText)
    */
   private showRecommendations(report: SecurityReport): void {
     if (report.recommendations.length === 0) {
       return
     }
 
-    console.log(`\n${StyledText.iconInfo('Security Recommendations:')}`)
+    cliOutput.print(`\n${StyledText.iconInfo(t('command.security.recommendations'))}`)
 
     for (const rec of report.recommendations) {
-      console.log(
+      cliOutput.print(
         `  ${StyledText.iconWarning()} ${rec.package}: ${rec.currentVersion} → ${rec.recommendedVersion}`
       )
-      console.log(`    ${StyledText.muted(rec.reason)}`)
-      console.log(`    ${StyledText.muted(rec.impact)}`)
+      cliOutput.print(`    ${StyledText.muted(rec.reason)}`)
+      cliOutput.print(`    ${StyledText.muted(rec.impact)}`)
     }
 
-    console.log('')
-    console.log(StyledText.iconUpdate('Run with --fix-vulns to apply automatic fixes'))
+    cliOutput.print('')
+    cliOutput.print(StyledText.iconUpdate(t('command.security.runWithFix')))
   }
 
   /**
    * Auto-fix vulnerabilities
+   * QUAL-011: Use unified output helpers (cliOutput, StyledText)
    */
   private async autoFixVulnerabilities(
     report: SecurityReport,
     options: SecurityCommandOptions
   ): Promise<void> {
     if (report.recommendations.length === 0) {
-      console.log(StyledText.iconSuccess('No security fixes available'))
+      cliOutput.print(StyledText.iconSuccess(t('command.security.noFixesAvailable')))
       return
     }
 
-    console.log(`\n${StyledText.iconUpdate('Applying security fixes...')}`)
+    cliOutput.print(`\n${StyledText.iconUpdate(t('command.security.applyingFixes'))}`)
 
     const workspacePath = options.workspace || process.cwd()
     const fixableVulns = report.recommendations.filter((r) => r.type === 'update')
 
     if (fixableVulns.length === 0) {
-      console.log(StyledText.iconInfo('No automatic fixes available'))
+      cliOutput.print(StyledText.iconInfo(t('command.security.noAutoFixes')))
       return
     }
 
     try {
-      // Run npm audit fix
-      const fixArgs = ['audit', 'fix']
+      // Run pnpm audit --fix
+      const fixArgs = ['audit', '--fix']
       if (!options.includeDev) {
-        fixArgs.push('--omit=dev')
+        fixArgs.push('--prod')
       }
 
-      const result = spawnSync('npm', fixArgs, {
+      const result = spawnSync('pnpm', fixArgs, {
         cwd: workspacePath,
         encoding: 'utf8',
         stdio: 'inherit',
@@ -487,49 +561,40 @@ export class SecurityCommand {
       }
 
       if (result.status !== 0) {
-        throw new Error(`npm audit fix failed with status ${result.status}`)
+        throw new Error(
+          t('command.security.auditFixFailed', { status: result.status ?? 'unknown' })
+        )
       }
 
-      console.log(StyledText.iconSuccess('Security fixes applied successfully'))
+      cliOutput.print(StyledText.iconSuccess(t('command.security.fixesApplied')))
 
       // Re-run scan to verify fixes
-      console.log(StyledText.iconInfo('Re-running security scan to verify fixes...'))
+      cliOutput.print(StyledText.iconInfo(t('command.security.verifyingFixes')))
       const newReport = await this.performSecurityScan({ ...options, fixVulns: false })
 
       if (newReport.summary.critical === 0 && newReport.summary.high === 0) {
-        console.log(
-          StyledText.iconSuccess('All critical and high severity vulnerabilities have been fixed!')
-        )
+        cliOutput.print(StyledText.iconSuccess(t('command.security.allFixed')))
       } else {
-        console.log(
+        cliOutput.print(
           StyledText.iconWarning(
             `${newReport.summary.critical} critical and ${newReport.summary.high} high severity vulnerabilities remain`
           )
         )
       }
-    } catch (error: any) {
-      console.error(StyledText.iconError('Failed to apply security fixes:'))
-      console.error(StyledText.error(error.message))
+    } catch (error) {
+      const err = toError(error)
+      logger.error('Failed to apply security fixes', err, { workspacePath, options })
+      cliOutput.error(StyledText.iconError(t('command.security.fixesFailed')))
+      cliOutput.error(StyledText.error(err.message))
     }
   }
 
   /**
    * Validate command options
+   * QUAL-002: Uses unified validator from validators/
    */
   static validateOptions(options: SecurityCommandOptions): string[] {
-    const errors: string[] = []
-
-    // Validate format
-    if (options.format && !['table', 'json', 'yaml', 'minimal'].includes(options.format)) {
-      errors.push('Invalid format. Must be one of: table, json, yaml, minimal')
-    }
-
-    // Validate severity
-    if (options.severity && !['low', 'moderate', 'high', 'critical'].includes(options.severity)) {
-      errors.push('Invalid severity. Must be one of: low, moderate, high, critical')
-    }
-
-    return errors
+    return errorsOnly(validateSecurityOptions)(options)
   }
 
   /**
@@ -545,8 +610,8 @@ Usage:
 Options:
   --workspace <path>     Workspace directory (default: current directory)
   --format <type>        Output format: table, json, yaml, minimal (default: table)
-  --audit                Perform npm audit scan (default: true)
-  --fix-vulns            Automatically fix vulnerabilities
+  --audit                Perform pnpm audit scan (default: true)
+  --fix-vulns            Automatically fix vulnerabilities using pnpm audit --fix
   --severity <level>     Filter by severity: low, moderate, high, critical
   --include-dev          Include dev dependencies in scan
   --snyk                 Include Snyk scan (requires snyk CLI)
@@ -554,7 +619,7 @@ Options:
   --no-color             Disable colored output
 
 Examples:
-  pcu security                           # Basic security scan
+  pcu security                           # Basic security scan using pnpm audit
   pcu security --fix-vulns              # Scan and fix vulnerabilities
   pcu security --severity high          # Show only high severity issues
   pcu security --snyk                   # Include Snyk scan

package/src/cli/commands/themeCommand.ts

@@ -0,0 +1,148 @@
+/**
+ * Theme Command
+ *
+ * CLI command to configure color themes.
+ */
+
+import { logger, t } from '@pcu/utils'
+import { InteractivePrompts } from '../interactive/interactivePrompts.js'
+import { StyledText, ThemeManager } from '../themes/colorTheme.js'
+import { cliOutput } from '../utils/cliOutput.js'
+
+export interface ThemeCommandOptions {
+  set?: string
+  list?: boolean
+  interactive?: boolean
+}
+
+export class ThemeCommand {
+  /**
+   * Execute the theme command
+   */
+  async execute(options: ThemeCommandOptions = {}): Promise<void> {
+    if (options.list) {
+      const themes = ThemeManager.listThemes()
+      cliOutput.print(StyledText.iconInfo(t('command.theme.availableThemes')))
+      themes.forEach((theme) => {
+        cliOutput.print(`  • ${theme}`)
+      })
+      return
+    }
+
+    if (options.set) {
+      const themes = ThemeManager.listThemes()
+      if (!themes.includes(options.set)) {
+        logger.error('Invalid theme specified', undefined, {
+          theme: options.set,
+          availableThemes: themes,
+        })
+        cliOutput.error(
+          StyledText.iconError(t('command.theme.invalidTheme', { theme: options.set }))
+        )
+        cliOutput.print(
+          StyledText.muted(`${t('command.theme.availableThemes')} ${themes.join(', ')}`)
+        )
+        throw new Error(t('command.theme.invalidTheme', { theme: options.set }))
+      }
+
+      ThemeManager.setTheme(options.set as keyof typeof ThemeManager.themes)
+      cliOutput.print(StyledText.iconSuccess(t('command.theme.setTo', { theme: options.set })))
+
+      // Show a preview
+      this.showThemePreview()
+      return
+    }
+
+    if (options.interactive) {
+      const interactivePrompts = new InteractivePrompts()
+      const selectedTheme = await interactivePrompts.selectTheme()
+
+      if (selectedTheme) {
+        ThemeManager.setTheme(selectedTheme as keyof typeof ThemeManager.themes)
+        cliOutput.print(StyledText.iconSuccess(t('command.theme.setTo', { theme: selectedTheme })))
+        this.showThemePreview()
+      } else {
+        cliOutput.print(StyledText.muted(t('command.theme.cancelled')))
+      }
+      return
+    }
+
+    // Default: show current theme and list
+    const currentTheme = ThemeManager.getTheme()
+    cliOutput.print(StyledText.iconInfo(t('command.theme.currentSettings')))
+    cliOutput.print(
+      `  ${t('command.theme.themeLabel')} ${currentTheme ? t('command.theme.custom') : t('command.theme.default')}`
+    )
+    cliOutput.print(`\n${t('command.theme.availableThemes')}`)
+    ThemeManager.listThemes().forEach((theme) => {
+      cliOutput.print(`  • ${theme}`)
+    })
+    cliOutput.print(StyledText.muted(`\n${t('command.theme.useHint')}`))
+  }
+
+  /**
+   * Show a preview of the current theme with realistic examples
+   */
+  private showThemePreview(): void {
+    cliOutput.print(`\n${t('command.theme.preview')}`)
+    const theme = ThemeManager.getTheme()
+
+    // Package updates section
+    cliOutput.print(`\n  ${theme.primary(`📦 ${t('command.theme.previewPackageUpdates')}`)}`)
+    cliOutput.print(
+      `     ${theme.text('react'.padEnd(14))} ${theme.muted('18.2.0')}  →  ${theme.major('19.0.0')}   ${theme.muted(`(${t('command.theme.previewMajor')})`)}`
+    )
+    cliOutput.print(
+      `     ${theme.text('typescript'.padEnd(14))} ${theme.muted('5.3.0')}  →  ${theme.minor('5.4.0')}    ${theme.muted(`(${t('command.theme.previewMinor')})`)}`
+    )
+    cliOutput.print(
+      `     ${theme.text('lodash'.padEnd(14))} ${theme.muted('4.17.1')} →  ${theme.patch('4.17.2')}  ${theme.muted(`(${t('command.theme.previewPatch')})`)}`
+    )
+    cliOutput.print(
+      `     ${theme.text('next'.padEnd(14))} ${theme.muted('14.2.0')}  →  ${theme.prerelease('15.0.0-rc.1')} ${theme.muted(`(${t('command.theme.previewPrerelease')})`)}`
+    )
+
+    // Status messages section
+    cliOutput.print(`\n  ${theme.primary(`💬 ${t('command.theme.previewStatusMessages')}`)}`)
+    cliOutput.print(`     ${theme.success(`✓ ${t('command.theme.previewUpdateComplete')}`)}`)
+    cliOutput.print(`     ${theme.warning(`⚠ ${t('command.theme.previewPotentialIssue')}`)}`)
+    cliOutput.print(`     ${theme.error(`✗ ${t('command.theme.previewOperationFailed')}`)}`)
+    cliOutput.print(
+      `     ${theme.info(`ℹ ${t('command.theme.previewUpdatesFound', { count: 3 })}`)}`
+    )
+
+    // Progress bar section
+    cliOutput.print(`\n  ${theme.primary(`📊 ${t('command.theme.previewProgressBar')}`)}`)
+    const progressFilled = 24
+    const progressEmpty = 16
+    const progressBar =
+      theme.success('█'.repeat(progressFilled)) + theme.muted('░'.repeat(progressEmpty))
+    cliOutput.print(
+      `     [${progressBar}] ${theme.info('60%')} ${theme.muted(t('command.theme.previewCheckingDeps'))}`
+    )
+    cliOutput.print('')
+  }
+
+  /**
+   * Get command help text
+   */
+  static getHelpText(): string {
+    return `
+Configure color theme
+
+Usage:
+  pcu theme [options]
+
+Options:
+  -s, --set <theme>    Set theme: default, modern, minimal, neon
+  -l, --list           List available themes
+  -i, --interactive    Interactive theme selection
+
+Examples:
+  pcu theme                    # Show current theme and available themes
+  pcu theme --list             # List available themes
+  pcu theme --set modern       # Set theme to modern
+  pcu theme --interactive      # Interactive theme configuration
+    `
+  }
+}