postgresai 0.15.0-dev.6 → 0.15.0-rc.0

package/README.md

@@ -173,7 +173,7 @@ postgresai mon local-install --api-key your_key --db-url postgresql://user:pass@
 This will:
 - Configure API key for automated report uploads (if provided)
 - Add PostgreSQL instance to monitor (if provided)
-- Generate secure Grafana password
+- Generate secure Grafana and replication passwords
 - Start all monitoring services
 - Open Grafana at http://localhost:3000
 
@@ -205,6 +205,8 @@ postgresai mon health [--wait <sec>]  # Check monitoring services health
 - `--db-url <url>` - PostgreSQL connection URL to monitor (format: `postgresql://user:pass@host:port/db`)
 - `-y, --yes` - Accept all defaults and skip interactive prompts
 
+`local-install` writes `.env` in the monitoring directory. It preserves existing `REPLICATOR_PASSWORD` and `VM_AUTH_*` values or generates new random ones when missing; `VM_AUTH_USERNAME` defaults to `vmauth` when absent. The replication password is used by the demo PostgreSQL standby replication user, and the VM auth credentials are required before Docker Compose can provision Grafana datasources. If you run `docker compose` directly or maintain `.env` yourself, set both VM auth values before upgrading. For rotation, run `VM_AUTH_PASSWORD="$(openssl rand -base64 18)" ./scripts/rotate-vm-auth.sh` from the monitoring directory so `.env`, `sink-prometheus`, and `grafana` update together.
+
 #### Monitoring target databases (`mon targets` subgroup)
 ```bash
 postgresai mon targets list                       # List databases to monitor

package/bin/postgres-ai.ts

@@ -15,7 +15,7 @@ import { fetchIssues, fetchIssueComments, createIssueComment, fetchIssue, create
 import { fetchReports, fetchAllReports, fetchReportFiles, fetchReportFileData, renderMarkdownForTerminal, parseFlexibleDate } from "../lib/reports";
 import { resolveBaseUrls } from "../lib/util";
 import { uploadFile, downloadFile, buildMarkdownLink } from "../lib/storage";
-import { applyInitPlan, applyUninitPlan, buildInitPlan, buildUninitPlan, connectWithSslFallback, DEFAULT_MONITORING_USER, KNOWN_PROVIDERS, redactPasswordsInSql, resolveAdminConnection, resolveMonitoringPassword, validateProvider, verifyInitSetup } from "../lib/init";
+import { applyInitPlan, applyUninitPlan, buildInitPlan, buildUninitPlan, checkCurrentUserPermissions, connectWithSslFallback, DEFAULT_MONITORING_USER, formatPermissionCheckMessages, KNOWN_PROVIDERS, redactPasswordsInSql, resolveAdminConnection, resolveMonitoringPassword, validateProvider, verifyInitSetup } from "../lib/init";
 import { SupabaseClient, resolveSupabaseConfig, extractProjectRefFromUrl, applyInitPlanViaSupabase, verifyInitSetupViaSupabase, fetchPoolerDatabaseUrl, type PgCompatibleError } from "../lib/supabase";
 import * as pkce from "../lib/pkce";
 import * as authServer from "../lib/auth-server";
@@ -54,21 +54,16 @@ function closeReadline() {
   }
 }
 
-// Helper functions for spawning processes - use Node.js child_process for compatibility
-async function execPromise(command: string): Promise<{ stdout: string; stderr: string }> {
-  return new Promise((resolve, reject) => {
-    childProcess.exec(command, (error, stdout, stderr) => {
-      if (error) {
-        const err = error as Error & { code: number };
-        err.code = typeof error.code === "number" ? error.code : 1;
-        reject(err);
-      } else {
-        resolve({ stdout, stderr });
-      }
-    });
-  });
+function stripMatchingQuotes(value: string): string {
+  const trimmed = value.trim();
+  const quote = trimmed[0];
+  if (trimmed.length >= 2 && (quote === '"' || quote === "'") && trimmed.endsWith(quote)) {
+    return trimmed.slice(1, -1);
+  }
+  return trimmed;
 }
 
+// Helper functions for spawning processes - use Node.js child_process for compatibility
 async function execFilePromise(file: string, args: string[]): Promise<{ stdout: string; stderr: string }> {
   return new Promise((resolve, reject) => {
     childProcess.execFile(file, args, (error, stdout, stderr) => {
@@ -506,7 +501,7 @@ async function ensureDefaultMonitoringProject(): Promise<PathResolution> {
 
   // Ensure instances.yml exists as a FILE (avoid Docker creating a directory).
   // Docker bind-mounts create missing paths as directories; replace if so.
-  if (fs.existsSync(instancesFile) && fs.statSync(instancesFile).isDirectory()) {
+  if (fs.existsSync(instancesFile) && fs.lstatSync(instancesFile).isDirectory()) {
     fs.rmSync(instancesFile, { recursive: true, force: true });
   }
   if (!fs.existsSync(instancesFile)) {
@@ -1831,6 +1826,24 @@ program
       const connResult = await connectWithSslFallback(Client, adminConn);
       client = connResult.client as Client;
 
+      // Preflight: verify the connected user has sufficient permissions
+      spinner.update("Checking database permissions");
+      const permCheck = await checkCurrentUserPermissions(client);
+      const permMessages = formatPermissionCheckMessages(permCheck);
+
+      for (const w of permMessages.warnings) {
+        console.error(w);
+      }
+
+      if (permMessages.failed) {
+        spinner.stop();
+        for (const e of permMessages.errors) {
+          console.error(e);
+        }
+        process.exitCode = 1;
+        return;
+      }
+
       // Generate reports
       let reports: Record<string, any>;
       if (checkId === "ALL") {
@@ -2250,11 +2263,11 @@ async function runCompose(args: string[], grafanaPassword?: string): Promise<num
       const envContent = fs.readFileSync(envFilePath, "utf8");
       if (!env.VM_AUTH_USERNAME) {
         const m = envContent.match(/^VM_AUTH_USERNAME=([^\r\n]+)/m);
-        if (m) env.VM_AUTH_USERNAME = m[1].trim().replace(/^["']|["']$/g, '');
+        if (m) env.VM_AUTH_USERNAME = stripMatchingQuotes(m[1]);
       }
       if (!env.VM_AUTH_PASSWORD) {
         const m = envContent.match(/^VM_AUTH_PASSWORD=([^\r\n]+)/m);
-        if (m) env.VM_AUTH_PASSWORD = m[1].trim().replace(/^["']|["']$/g, '');
+        if (m) env.VM_AUTH_PASSWORD = stripMatchingQuotes(m[1]);
       }
     } catch (err) {
       if (process.env.DEBUG) {
@@ -2320,10 +2333,13 @@ mon
     // Update .env with custom tag if provided
     const envFile = path.resolve(projectDir, ".env");
 
-    // Build .env content, preserving important existing values (registry, password)
-    // Note: PGAI_TAG is intentionally NOT preserved - the CLI version should always match Docker images
+    // Build .env content, preserving important existing values.
+    // Note: PGAI_TAG is intentionally NOT preserved - the CLI version should always match Docker images.
     let existingRegistry: string | null = null;
     let existingPassword: string | null = null;
+    let existingReplicatorPassword: string | null = null;
+    let existingVmAuthUsername: string | null = null;
+    let existingVmAuthPassword: string | null = null;
 
     if (fs.existsSync(envFile)) {
       const existingEnv = fs.readFileSync(envFile, "utf8");
@@ -2332,6 +2348,12 @@ mon
       if (registryMatch) existingRegistry = registryMatch[1].trim();
       const pwdMatch = existingEnv.match(/^GF_SECURITY_ADMIN_PASSWORD=(.+)$/m);
       if (pwdMatch) existingPassword = pwdMatch[1].trim();
+      const replicatorPwdMatch = existingEnv.match(/^REPLICATOR_PASSWORD=(.+)$/m);
+      if (replicatorPwdMatch) existingReplicatorPassword = replicatorPwdMatch[1].trim();
+      const vmAuthUserMatch = existingEnv.match(/^VM_AUTH_USERNAME=(.+)$/m);
+      if (vmAuthUserMatch) existingVmAuthUsername = stripMatchingQuotes(vmAuthUserMatch[1]);
+      const vmAuthPasswordMatch = existingEnv.match(/^VM_AUTH_PASSWORD=(.+)$/m);
+      if (vmAuthPasswordMatch) existingVmAuthPassword = stripMatchingQuotes(vmAuthPasswordMatch[1]);
     }
 
     // Priority: CLI --tag flag > package version
@@ -2347,6 +2369,11 @@ mon
     if (existingPassword) {
       envLines.push(`GF_SECURITY_ADMIN_PASSWORD=${existingPassword}`);
     }
+    envLines.push(
+      `REPLICATOR_PASSWORD=${existingReplicatorPassword || crypto.randomBytes(32).toString("hex")}`,
+    );
+    envLines.push(`VM_AUTH_USERNAME=${existingVmAuthUsername || "vmauth"}`);
+    envLines.push(`VM_AUTH_PASSWORD=${existingVmAuthPassword || crypto.randomBytes(18).toString("base64")}`);
     fs.writeFileSync(envFile, envLines.join("\n") + "\n", { encoding: "utf8", mode: 0o600 });
 
     if (opts.tag) {
@@ -2466,16 +2493,20 @@ mon
 
         // Test connection
         console.log("Testing connection to the added instance...");
-        try {
-          const client = new Client({ connectionString: connStr });
-          await client.connect();
-          const result = await client.query("select version();");
-          console.log("✓ Connection successful");
-          console.log(`${result.rows[0].version}\n`);
-          await client.end();
-        } catch (error) {
-          const message = error instanceof Error ? error.message : String(error);
-          console.error(`✗ Connection failed: ${message}\n`);
+        {
+          let testClient: InstanceType<typeof Client> | null = null;
+          try {
+            testClient = new Client({ connectionString: connStr, connectionTimeoutMillis: 10000 });
+            await testClient.connect();
+            const result = await testClient.query("select version();");
+            console.log("✓ Connection successful");
+            console.log(`${result.rows[0].version}\n`);
+          } catch (error) {
+            const message = error instanceof Error ? error.message : String(error);
+            console.error(`✗ Connection failed: ${message}\n`);
+          } finally {
+            if (testClient) await testClient.end();
+          }
         }
       } else if (opts.yes) {
         // Auto-yes mode without database URL - skip database setup
@@ -2510,16 +2541,20 @@ mon
 
               // Test connection
               console.log("Testing connection to the added instance...");
-              try {
-                const client = new Client({ connectionString: connStr });
-                await client.connect();
-                const result = await client.query("select version();");
-                console.log("✓ Connection successful");
-                console.log(`${result.rows[0].version}\n`);
-                await client.end();
-              } catch (error) {
-                const message = error instanceof Error ? error.message : String(error);
-                console.error(`✗ Connection failed: ${message}\n`);
+              {
+                let testClient: InstanceType<typeof Client> | null = null;
+                try {
+                  testClient = new Client({ connectionString: connStr, connectionTimeoutMillis: 10000 });
+                  await testClient.connect();
+                  const result = await testClient.query("select version();");
+                  console.log("✓ Connection successful");
+                  console.log(`${result.rows[0].version}\n`);
+                } catch (error) {
+                  const message = error instanceof Error ? error.message : String(error);
+                  console.error(`✗ Connection failed: ${message}\n`);
+                } finally {
+                  if (testClient) await testClient.end();
+                }
               }
             }
           } else {
@@ -2530,10 +2565,21 @@ mon
         }
       }
     } else {
-      // Demo mode: copy bundled instances.demo.yml → instances.yml so the demo target is active
+      // Demo mode: configure instances.yml from the bundled demo template.
+      //
+      // Side effects:
+      //   - Writes instancesPath (instances.yml next to docker-compose.yml)
+      //   - If Docker previously bind-mounted instances.yml as a directory, removes it first.
+      //
+      // Failure modes:
+      //   - Exits with code 1 if instances.demo.yml is not found in any candidate path.
+      //     This is fatal because starting without a target produces empty dashboards that
+      //     look like a bug rather than a misconfiguration.
+      //
+      // Template search order (import.meta.url is resolved at runtime, not baked in at build):
+      //   1. npm layout:  dist/bin/../../instances.demo.yml  →  package-root/instances.demo.yml
+      //   2. dev layout:  cli/bin/../../../instances.demo.yml →  repo-root/instances.demo.yml
       console.log("Step 2: Demo mode enabled - using included demo PostgreSQL database");
-      // Use import.meta.url instead of __dirname — bundlers bake in __dirname at build time.
-      // Check multiple candidate paths (npm package vs repo dev layout).
       const currentDir = path.dirname(fileURLToPath(import.meta.url));
       const demoCandidates = [
         path.resolve(currentDir, "..", "..", "instances.demo.yml"),        // npm: dist/bin -> package root
@@ -2541,14 +2587,15 @@ mon
       ];
       const demoSrc = demoCandidates.find(p => fs.existsSync(p));
       if (demoSrc) {
-        // Remove directory artifact left by Docker bind-mounts
-        if (fs.existsSync(instancesPath) && fs.statSync(instancesPath).isDirectory()) {
+        // Remove directory artifact left by Docker bind-mounts before copying
+        if (fs.existsSync(instancesPath) && fs.lstatSync(instancesPath).isDirectory()) {
           fs.rmSync(instancesPath, { recursive: true, force: true });
         }
         fs.copyFileSync(demoSrc, instancesPath);
         console.log("✓ Demo monitoring target configured\n");
       } else {
-        console.error(`⚠ instances.demo.yml not found — demo target not configured (searched: ${demoCandidates.join(", ")})\n`);
+        console.error(`Error: instances.demo.yml not found — cannot configure demo target.\nSearched: ${demoCandidates.join(", ")}\n`);
+        process.exit(1);
       }
     }
 
@@ -2582,8 +2629,8 @@ mon
 
       if (!grafanaPassword) {
         console.log("Generating secure Grafana password...");
-        const { stdout: password } = await execPromise("openssl rand -base64 12 | tr -d '\n'");
-        grafanaPassword = password.trim();
+        const { stdout: password } = await execFilePromise("openssl", ["rand", "-base64", "12"]);
+        grafanaPassword = password.trim().replace(/\n/g, "");
 
         let configContent = "";
         if (fs.existsSync(cfgPath)) {
@@ -2614,16 +2661,16 @@ mon
         const envContent = fs.readFileSync(envFile, "utf8");
         const userMatch = envContent.match(/^VM_AUTH_USERNAME=([^\r\n]+)/m);
         const passMatch = envContent.match(/^VM_AUTH_PASSWORD=([^\r\n]+)/m);
-        if (userMatch) vmAuthUsername = userMatch[1].trim().replace(/^["']|["']$/g, '');
-        if (passMatch) vmAuthPassword = passMatch[1].trim().replace(/^["']|["']$/g, '');
+        if (userMatch) vmAuthUsername = stripMatchingQuotes(userMatch[1]);
+        if (passMatch) vmAuthPassword = stripMatchingQuotes(passMatch[1]);
       }
 
       if (!vmAuthUsername || !vmAuthPassword) {
         console.log("Generating VictoriaMetrics auth credentials...");
         vmAuthUsername = vmAuthUsername || "vmauth";
         if (!vmAuthPassword) {
-          const { stdout: vmPass } = await execPromise("openssl rand -base64 12 | tr -d '\n'");
-          vmAuthPassword = vmPass.trim();
+          const { stdout: vmPass } = await execFilePromise("openssl", ["rand", "-base64", "12"]);
+          vmAuthPassword = vmPass.trim().replace(/\n/g, "");
         }
 
         // Update .env file with VM auth credentials
@@ -2904,7 +2951,7 @@ mon
     console.log(`Project Directory: ${projectDir}`);
     console.log(`Docker Compose File: ${composeFile}`);
     console.log(`Instances File: ${instancesFile}`);
-    if (fs.existsSync(instancesFile) && !fs.statSync(instancesFile).isDirectory()) {
+    if (fs.existsSync(instancesFile) && !fs.lstatSync(instancesFile).isDirectory()) {
       console.log("\nInstances configuration:\n");
       const text = fs.readFileSync(instancesFile, "utf8");
       process.stdout.write(text);
@@ -2935,16 +2982,16 @@ mon
 
       // Fetch latest changes
       console.log("Fetching latest changes...");
-      await execPromise("git fetch origin");
+      await execFilePromise("git", ["fetch", "origin"]);
 
       // Check current branch
-      const { stdout: branch } = await execPromise("git rev-parse --abbrev-ref HEAD");
+      const { stdout: branch } = await execFilePromise("git", ["rev-parse", "--abbrev-ref", "HEAD"]);
       const currentBranch = branch.trim();
       console.log(`Current branch: ${currentBranch}`);
 
       // Pull latest changes
       console.log("Pulling latest changes...");
-      const { stdout: pullOut } = await execPromise("git pull origin " + currentBranch);
+      const { stdout: pullOut } = await execFilePromise("git", ["pull", "origin", currentBranch]);
       console.log(pullOut);
 
       // Update Docker images
@@ -3120,7 +3167,7 @@ targets
   .description("list monitoring target databases")
   .action(async () => {
     const { instancesFile: instancesPath, projectDir } = await resolveOrInitPaths();
-    if (!fs.existsSync(instancesPath) || fs.statSync(instancesPath).isDirectory()) {
+    if (!fs.existsSync(instancesPath) || fs.lstatSync(instancesPath).isDirectory()) {
       console.error(`instances.yml not found in ${projectDir}`);
       process.exitCode = 1;
       return;
@@ -3186,7 +3233,7 @@ targets
 
     // Check if instance already exists
     try {
-      if (fs.existsSync(file) && !fs.statSync(file).isDirectory()) {
+      if (fs.existsSync(file) && !fs.lstatSync(file).isDirectory()) {
         const content = fs.readFileSync(file, "utf8");
         const instances = yaml.load(content) as Instance[] | null || [];
         if (Array.isArray(instances)) {
@@ -3200,9 +3247,10 @@ targets
       }
     } catch (err) {
       // If YAML parsing fails, fall back to simple check
-      const isFile = fs.existsSync(file) && !fs.statSync(file).isDirectory();
+      const isFile = fs.existsSync(file) && !fs.lstatSync(file).isDirectory();
       const content = isFile ? fs.readFileSync(file, "utf8") : "";
-      if (new RegExp(`^- name: ${instanceName}$`, "m").test(content)) {
+      const escapedName = instanceName.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+      if (new RegExp(`^- name: ${escapedName}$`, "m").test(content)) {
         console.error(`Monitoring target '${instanceName}' already exists`);
         process.exitCode = 1;
         return;
@@ -3210,7 +3258,7 @@ targets
     }
 
     // Add new instance — if instances.yml is a directory (Docker artifact), replace it with a file
-    if (fs.existsSync(file) && fs.statSync(file).isDirectory()) {
+    if (fs.existsSync(file) && fs.lstatSync(file).isDirectory()) {
       fs.rmSync(file, { recursive: true, force: true });
     }
     const body = `- name: ${instanceName}\n  conn_str: ${connStr}\n  preset_metrics: full\n  custom_metrics:\n  is_enabled: true\n  group: default\n  custom_tags:\n    env: production\n    cluster: default\n    node_name: ${instanceName}\n    sink_type: ~sink_type~\n`;
@@ -3223,7 +3271,7 @@ targets
   .description("remove monitoring target database")
   .action(async (name: string) => {
     const { instancesFile: file } = await resolveOrInitPaths();
-    if (!fs.existsSync(file) || fs.statSync(file).isDirectory()) {
+    if (!fs.existsSync(file) || fs.lstatSync(file).isDirectory()) {
       console.error("instances.yml not found");
       process.exitCode = 1;
       return;
@@ -3260,7 +3308,7 @@ targets
   .description("test monitoring target database connectivity")
   .action(async (name: string) => {
     const { instancesFile: instancesPath } = await resolveOrInitPaths();
-    if (!fs.existsSync(instancesPath) || fs.statSync(instancesPath).isDirectory()) {
+    if (!fs.existsSync(instancesPath) || fs.lstatSync(instancesPath).isDirectory()) {
       console.error("instances.yml not found");
       process.exitCode = 1;
       return;
@@ -3293,7 +3341,7 @@ targets
       console.log(`Testing connection to monitoring target '${name}'...`);
 
       // Use native pg client instead of requiring psql to be installed
-      const client = new Client({ connectionString: instance.conn_str });
+      const client = new Client({ connectionString: instance.conn_str, connectionTimeoutMillis: 10000 });
 
       try {
         await client.connect();
@@ -3646,10 +3694,10 @@ mon
 
     try {
       // Generate secure password using openssl
-      const { stdout: password } = await execPromise(
-        "openssl rand -base64 12 | tr -d '\n'"
+      const { stdout: password } = await execFilePromise(
+        "openssl", ["rand", "-base64", "12"]
       );
-      const newPassword = password.trim();
+      const newPassword = password.trim().replace(/\n/g, "");
 
       if (!newPassword) {
         console.error("Failed to generate password");
@@ -3736,8 +3784,8 @@ mon
       const vmPass = envContent.match(/^VM_AUTH_PASSWORD=([^\r\n]+)/m);
       if (vmUser && vmPass) {
         console.log("\nVictoriaMetrics credentials:");
-        console.log(`  Username: ${vmUser[1].trim().replace(/^["']|["']$/g, '')}`);
-        console.log(`  Password: ${vmPass[1].trim().replace(/^["']|["']$/g, '')}`);
+        console.log(`  Username: ${stripMatchingQuotes(vmUser[1])}`);
+        console.log(`  Password: ${stripMatchingQuotes(vmPass[1])}`);
       }
     }
     console.log("");
@@ -4700,7 +4748,7 @@ mcp
       // Get the path to the current pgai executable
       let pgaiPath: string;
       try {
-        const execPath = await execPromise("which pgai");
+        const execPath = await execFilePromise("which", ["pgai"]);
         pgaiPath = execPath.stdout.trim();
       } catch {
         // Fallback to just "pgai" if which fails
@@ -4712,8 +4760,8 @@ mcp
         console.log("Installing PostgresAI MCP server for Claude Code...");
 
         try {
-          const { stdout, stderr } = await execPromise(
-            `claude mcp add -s user postgresai ${pgaiPath} mcp start`
+          const { stdout, stderr } = await execFilePromise(
+            "claude", ["mcp", "add", "-s", "user", "postgresai", pgaiPath, "mcp", "start"]
           );
 
           if (stdout) console.log(stdout);

package/bun.lock

@@ -6,7 +6,7 @@
       "name": "postgresai",
       "dependencies": {
         "@modelcontextprotocol/sdk": "^1.20.2",
-        "commander": "^12.1.0",
+        "commander": "^14.0.3",
         "js-yaml": "^4.1.0",
         "pg": "^8.16.3",
       },
@@ -16,7 +16,7 @@
         "@types/pg": "^8.15.6",
         "ajv": "^8.17.1",
         "ajv-formats": "^3.0.1",
-        "typescript": "^5.9.3",
+        "typescript": "^6.0.2",
       },
     },
   },
@@ -51,7 +51,7 @@
 
     "call-bound": ["call-bound@1.0.4", "", { "dependencies": { "call-bind-apply-helpers": "^1.0.2", "get-intrinsic": "^1.3.0" } }, "sha512-+ys997U96po4Kx/ABpBCqhA9EuxJaQWDQg7295H4hBphv3IZg0boBKuwYpt4YXp6MZ5AmZQnU/tyMTlRpaSejg=="],
 
-    "commander": ["commander@12.1.0", "", {}, "sha512-Vw8qHK3bZM9y/P10u3Vib8o/DdkvA2OtPtZvD871QKjy74Wj1WSKFILMPRPSdUSx5RFK1arlJzEtA4PkFgnbuA=="],
+    "commander": ["commander@14.0.3", "", {}, "sha512-H+y0Jo/T1RZ9qPP4Eh1pkcQcLRglraJaSLoyOtHxu6AapkjWVCy2Sit1QQ4x3Dng8qDlSsZEet7g5Pq06MvTgw=="],
 
     "content-disposition": ["content-disposition@1.0.0", "", { "dependencies": { "safe-buffer": "5.2.1" } }, "sha512-Au9nRL8VNUut/XSzbQA38+M78dzP4D+eqg3gfJHMIHHYa3bg067xj1KxMUWj+VULbiZMowKngFFbKczUrNJ1mg=="],
 
@@ -233,7 +233,7 @@
 
     "type-is": ["type-is@2.0.1", "", { "dependencies": { "content-type": "^1.0.5", "media-typer": "^1.1.0", "mime-types": "^3.0.0" } }, "sha512-OZs6gsjF4vMp32qrCbiVSkrFmXtG/AZhY3t0iAMrMBiAZyV9oALtXO8hsrHbMXF9x6L3grlFuwW2oAz7cav+Gw=="],
 
-    "typescript": ["typescript@5.9.3", "", { "bin": { "tsc": "bin/tsc", "tsserver": "bin/tsserver" } }, "sha512-jl1vZzPDinLr9eUt3J/t7V6FgNEw9QjvBPdysz9KfQDD41fQrC2Y4vKQdiaUpFT4bXlb1RHhLpp8wtm6M5TgSw=="],
+    "typescript": ["typescript@6.0.3", "", { "bin": { "tsc": "bin/tsc", "tsserver": "bin/tsserver" } }, "sha512-y2TvuxSZPDyQakkFRPZHKFm+KKVqIisdg9/CZwm9ftvKXLP8NRWj38/ODjNbr43SsoXqNuAisEf1GdCxqWcdBw=="],
 
     "undici-types": ["undici-types@5.26.5", "", {}, "sha512-JlCMO+ehdEIKqlFxk6IfVoAUVmgz7cU7zD/h9XZ0qzeosSHmUJVOzSQvvYSYWXkFXC+IfLKSIffhv0sVZup6pA=="],