superjs-core 0.1.0 → 0.3.0

package/dist/index.js

@@ -1365,15 +1365,451 @@ function getType2(value) {
   if (value instanceof Promise) return "promise";
   return "object";
 }
+
+// src/dep-exray/scanner/index.ts
+import { readFileSync, readdirSync, existsSync } from "fs";
+import { join as join2, basename as basename2 } from "path";
+
+// src/dep-exray/known-mappings.ts
+var KNOWN_MAPPINGS = [
+  {
+    name: "lodash",
+    size: "4.2 MB",
+    replacement: "jscore-core",
+    confidence: "high",
+    autoPrReady: true,
+    reason: "Most lodash functions have direct replacements in jscore-core with 99% API compatibility",
+    detectionPattern: `from ['"]lodash['"]|require\\(['"]lodash['"]\\)`
+  },
+  {
+    name: "moment",
+    size: "2.5 MB",
+    replacement: "jscore-core/date",
+    confidence: "high",
+    autoPrReady: true,
+    reason: "date utilities in jscore-core cover 95% of common moment use cases",
+    detectionPattern: `from ['"]moment['"]|require\\(['"]moment['"]\\)`
+  },
+  {
+    name: "date-fns",
+    size: "1.2 MB (tree-shaked ~50KB)",
+    replacement: "jscore-core/date",
+    confidence: "medium",
+    autoPrReady: false,
+    reason: "Partially overlapping \u2014 jscore-core covers basic date ops but not all locale support",
+    detectionPattern: `from ['"]date-fns['"]|require\\(['"]date-fns['"]\\)`
+  },
+  {
+    name: "axios",
+    size: "1.6 MB",
+    replacement: "native fetch + jscore-core/async/retry",
+    confidence: "medium",
+    autoPrReady: false,
+    reason: "Native fetch covers most use cases; needs manual review for interceptors",
+    detectionPattern: `from ['"]axios['"]|require\\(['"]axios['"]\\)`
+  },
+  {
+    name: "uuid",
+    size: "30 KB",
+    replacement: "crypto.randomUUID() (native)",
+    confidence: "high",
+    autoPrReady: true,
+    reason: "crypto.randomUUID() is available in all modern Node.js and browsers",
+    detectionPattern: `from ['"]uuid['"]|require\\(['"]uuid['"]\\)`
+  },
+  {
+    name: "deepmerge",
+    size: "15 KB",
+    replacement: "jscore-core",
+    confidence: "high",
+    autoPrReady: true,
+    reason: "jscore-core provides deepMerge out of the box",
+    detectionPattern: `from ['"]deepmerge['"]|require\\(['"]deepmerge['"]\\)`
+  },
+  {
+    name: "lodash.merge",
+    size: "25 KB",
+    replacement: "jscore-core",
+    confidence: "high",
+    autoPrReady: true,
+    reason: "jscore-core provides deepMerge out of the box",
+    detectionPattern: `from ['"]lodash\\.(merge|clone|pick|omit|get|set)['"]`
+  },
+  {
+    name: "chalk",
+    size: "45 KB",
+    replacement: "picocolors",
+    confidence: "medium",
+    autoPrReady: false,
+    reason: "picocolors is 3KB vs chalk's 45KB with same API",
+    detectionPattern: `from ['"]chalk['"]|require\\(['"]chalk['"]\\)`
+  },
+  {
+    name: "nanoid",
+    size: "8 KB",
+    replacement: "jscore-core/string (nanoid)",
+    confidence: "high",
+    autoPrReady: true,
+    reason: "jscore-core provides nanoid with same API",
+    detectionPattern: `from ['"]nanoid['"]|require\\(['"]nanoid['"]\\)`
+  },
+  {
+    name: "dayjs",
+    size: "50 KB",
+    replacement: "jscore-core/date",
+    confidence: "medium",
+    autoPrReady: false,
+    reason: "Partially overlapping \u2014 covers basics but not all plugins",
+    detectionPattern: `from ['"]dayjs['"]|require\\(['"]dayjs['"]\\)`
+  },
+  {
+    name: "clsx",
+    size: "5 KB",
+    replacement: "native template literals",
+    confidence: "high",
+    autoPrReady: true,
+    reason: "Can be replaced with simple template literal conditional pattern",
+    detectionPattern: `from ['"]clsx['"]|require\\(['"]clsx['"]\\)`
+  }
+];
+var KNOWN_CVES = {
+  "ansi-regex": [
+    { cve: "CVE-2021-3807", severity: "high", fix: "Update to ansi-regex@6.0.1 or later" }
+  ],
+  "semver": [
+    { cve: "CVE-2022-25883", severity: "medium", fix: "Update to semver@7.5.2 or later" }
+  ],
+  "json5": [
+    { cve: "CVE-2022-46175", severity: "high", fix: "Update to json5@2.2.3 or later" }
+  ],
+  "lodash": [
+    { cve: "CVE-2020-28502", severity: "high", fix: "Update to lodash@4.17.21 or later" },
+    { cve: "CVE-2020-8203", severity: "medium", fix: "Update to lodash@4.17.21 or later" }
+  ]
+};
+
+// src/dep-exray/scanner/index.ts
+function parsePackageJson(path) {
+  const raw = readFileSync(path, "utf-8");
+  const json = JSON.parse(raw);
+  return {
+    name: json.name ?? basename2(join2(path, "..")),
+    dependencies: json.dependencies ?? {},
+    devDependencies: json.devDependencies ?? {}
+  };
+}
+function parseLockfile(projectPath) {
+  const lockPath = join2(projectPath, "package-lock.json");
+  if (!existsSync(lockPath)) return null;
+  try {
+    const raw = readFileSync(lockPath, "utf-8");
+    const json = JSON.parse(raw);
+    const packages = {};
+    if (json.packages) {
+      for (const [key, val] of Object.entries(json.packages)) {
+        if (key) {
+          packages[key] = val;
+        }
+      }
+    }
+    if (json.dependencies && Object.keys(packages).length === 0) {
+      for (const [key, val] of Object.entries(json.dependencies)) {
+        packages[key] = { version: val.version, dependencies: val.requires };
+      }
+    }
+    return { packages };
+  } catch {
+    return null;
+  }
+}
+function detectImportInFile(filePath, regex) {
+  try {
+    const content = readFileSync(filePath, "utf-8");
+    return regex.test(content);
+  } catch {
+    return false;
+  }
+}
+function detectImportsInSrc(projectPath, mapping) {
+  const regex = new RegExp(mapping.detectionPattern);
+  const srcDir = join2(projectPath, "src");
+  if (!existsSync(srcDir)) return false;
+  try {
+    const files = collectSourceFiles(srcDir);
+    for (const file of files) {
+      if (detectImportInFile(file, regex)) return true;
+    }
+  } catch {
+    return false;
+  }
+  return false;
+}
+function collectSourceFiles(dir) {
+  const results = [];
+  try {
+    const entries = readdirSync(dir, { withFileTypes: true });
+    for (const entry of entries) {
+      if (entry.name === "node_modules" || entry.name === "dist" || entry.name === ".git" || entry.name === "coverage" || entry.name === ".tsup") {
+        continue;
+      }
+      const full = join2(dir, entry.name);
+      if (entry.isDirectory()) {
+        results.push(...collectSourceFiles(full));
+      } else if (entry.isFile()) {
+        const ext = entry.name.split(".").pop();
+        if (ext === "ts" || ext === "tsx" || ext === "js" || ext === "jsx" || ext === "mjs" || ext === "cjs") {
+          results.push(full);
+        }
+      }
+    }
+  } catch {
+  }
+  return results;
+}
+function estimateTransitiveCount(lockfile, directNames) {
+  if (!lockfile) return 0;
+  let count = 0;
+  for (const key of Object.keys(lockfile.packages)) {
+    if (!key || key === "") continue;
+    const name = key.startsWith("node_modules/") ? key.slice("node_modules/".length) : key;
+    const rootName = name.startsWith("@") ? `${name.split("/")[0]}/${name.split("/")[1]}` : name.split("/")[0];
+    if (rootName && !directNames.has(rootName)) {
+      count++;
+    }
+  }
+  return count;
+}
+function parseSize(value) {
+  const cleaned = value.replace(/\(.*?\)/g, "").trim();
+  const match = cleaned.match(/^([\d.]+)\s*(KB|MB)/i);
+  if (!match) return 0;
+  const num = Number.parseFloat(match[1]);
+  if (!match[2]) return 0;
+  if (match[2].toUpperCase() === "MB") return num * 1024;
+  return num;
+}
+async function scanProject(config) {
+  const projectPath = config.path ?? ".";
+  const pkgPath = join2(projectPath, "package.json");
+  if (!existsSync(pkgPath)) {
+    throw new Error(`No package.json found at ${projectPath}. Run dep-exray in a JavaScript/TypeScript project directory.`);
+  }
+  const pkg = parsePackageJson(pkgPath);
+  const lockfile = parseLockfile(projectPath);
+  const allDeps = { ...pkg.dependencies, ...pkg.devDependencies };
+  const directNames = new Set(Object.keys(allDeps));
+  const transitiveCount = estimateTransitiveCount(lockfile, directNames);
+  const highImpactReplacements = [];
+  const mediumImpactReplacements = [];
+  const securityIssues = [];
+  const sizeMap = {};
+  for (const m of KNOWN_MAPPINGS) {
+    sizeMap[m.name] = m.size;
+  }
+  for (const mapping of KNOWN_MAPPINGS) {
+    const isDirect = directNames.has(mapping.name);
+    if (!isDirect) continue;
+    const isUsed = detectImportsInSrc(projectPath, mapping);
+    if (!isUsed && !config.verbose) continue;
+    const mappingSize = parseSize(sizeMap[mapping.name] ?? "0 KB");
+    const replacementSize = mapping.replacement.startsWith("native") ? 0 : 5;
+    const reductionStr = mappingSize > 1024 ? `${(mappingSize / 1024).toFixed(1)} MB \u2192 ${replacementSize} KB` : `${mappingSize.toFixed(0)} KB \u2192 ${replacementSize} KB`;
+    const suggestion = {
+      packageName: mapping.name,
+      reason: mapping.reason,
+      replacement: mapping.replacement,
+      estimatedSizeReduction: reductionStr,
+      confidence: mapping.confidence,
+      autoPrReady: mapping.autoPrReady
+    };
+    if (mapping.confidence === "high") {
+      highImpactReplacements.push(suggestion);
+    } else {
+      mediumImpactReplacements.push(suggestion);
+    }
+  }
+  for (const [name, cves] of Object.entries(KNOWN_CVES)) {
+    if (directNames.has(name)) {
+      for (const cveItem of cves) {
+        securityIssues.push({
+          packageName: name,
+          cveId: cveItem.cve,
+          severity: cveItem.severity,
+          fix: cveItem.fix
+        });
+      }
+    }
+  }
+  let totalSizeKB = 0;
+  for (const depName of directNames) {
+    const sizeStr = sizeMap[depName];
+    if (sizeStr) {
+      totalSizeKB += parseSize(sizeStr);
+    } else {
+      totalSizeKB += 50;
+    }
+  }
+  totalSizeKB += transitiveCount * 30;
+  const totalSizeStr = totalSizeKB > 1024 ? `${(totalSizeKB / 1024).toFixed(1)} MB` : `${totalSizeKB.toFixed(0)} KB`;
+  return {
+    projectName: pkg.name,
+    directDeps: directNames.size,
+    transitiveDeps: transitiveCount,
+    totalEstimatedSize: totalSizeStr,
+    highImpactReplacements,
+    mediumImpactReplacements,
+    securityIssues
+  };
+}
+
+// src/dep-exray/reporter/index.ts
+import pc from "picocolors";
+function severityColor(severity) {
+  switch (severity) {
+    case "critical":
+      return pc.bold(pc.red(severity.toUpperCase()));
+    case "high":
+      return pc.red(severity.toUpperCase());
+    case "medium":
+      return pc.yellow(severity.toUpperCase());
+    case "low":
+      return pc.dim(severity.toUpperCase());
+  }
+}
+function confidenceIcon(confidence) {
+  switch (confidence) {
+    case "high":
+      return pc.green("\u25CF");
+    case "medium":
+      return pc.yellow("\u25CF");
+    case "low":
+      return pc.red("\u25CF");
+  }
+}
+function generateReport(result, jsonOutput) {
+  if (jsonOutput) {
+    return JSON.stringify(result, null, 2);
+  }
+  const lines = [];
+  lines.push(pc.bold(pc.cyan(`\u250C${"\u2500".repeat(58)}\u2510`)));
+  lines.push(pc.bold(pc.cyan(`\u2502${" ".repeat(18)}dep-exray Report${" ".repeat(21)}\u2502`)));
+  lines.push(pc.bold(pc.cyan(`\u251C${"\u2500".repeat(58)}\u2524`)));
+  lines.push(pc.bold(pc.cyan(`\u2502  ${pc.white("\u{1F4E6} PROJECT:")} ${pc.bold(result.projectName)}${" ".repeat(Math.max(1, 47 - result.projectName.length))}\u2502`)));
+  lines.push(pc.bold(pc.cyan(`\u2502  ${pc.white("\u{1F4CA} DEPENDENCIES:")} ${pc.bold(String(result.directDeps))} direct + ${pc.bold(String(result.transitiveDeps))} transitive${" ".repeat(Math.max(1, 27 - String(result.transitiveDeps).length))}\u2502`)));
+  lines.push(pc.bold(pc.cyan(`\u2502  ${pc.white("\u{1F4BE} TOTAL SIZE:")} ${pc.bold(result.totalEstimatedSize)}${" ".repeat(Math.max(1, 42 - result.totalEstimatedSize.length))}\u2502`)));
+  lines.push(pc.bold(pc.cyan(`\u251C${"\u2500".repeat(58)}\u2524`)));
+  if (result.highImpactReplacements.length > 0) {
+    lines.push(pc.bold(pc.cyan(`\u2502  ${pc.green("\u{1F7E2}")} ${pc.bold(pc.green("HIGH IMPACT REPLACEMENTS"))}${" ".repeat(23)}\u2502`)));
+    for (const item of result.highImpactReplacements) {
+      const autoPr = item.autoPrReady ? pc.green("\u2713 Auto-PR ready") : pc.dim("Manual review needed");
+      const confIcon = confidenceIcon(item.confidence);
+      lines.push(pc.bold(pc.cyan(`\u251C${"\u2500".repeat(58)}\u2524`)));
+      lines.push(pc.bold(pc.cyan(`\u2502  ${pc.red("\u2717")} ${pc.bold(item.packageName)} (${item.estimatedSizeReduction})${" ".repeat(Math.max(1, 38 - item.estimatedSizeReduction.length))}\u2502`)));
+      lines.push(pc.bold(pc.cyan(`\u2502  ${pc.dim("\u2192")} ${pc.cyan(item.replacement)}${" ".repeat(Math.max(1, 51 - item.replacement.length))}\u2502`)));
+      lines.push(pc.bold(pc.cyan(`\u2502  ${pc.dim("\u2514\u2500")} ${autoPr}  ${confIcon} ${item.confidence}${" ".repeat(Math.max(1, 35))}\u2502`)));
+    }
+  }
+  if (result.mediumImpactReplacements.length > 0) {
+    lines.push(pc.bold(pc.cyan(`\u251C${"\u2500".repeat(58)}\u2524`)));
+    lines.push(pc.bold(pc.cyan(`\u2502  ${pc.yellow("\u{1F7E1}")} ${pc.bold(pc.yellow("MEDIUM IMPACT REPLACEMENTS"))}${" ".repeat(20)}\u2502`)));
+    for (const item of result.mediumImpactReplacements) {
+      const autoPr = item.autoPrReady ? pc.green("\u2713 Auto-PR ready") : pc.dim("Manual review needed");
+      const confIcon = confidenceIcon(item.confidence);
+      lines.push(pc.bold(pc.cyan(`\u251C${"\u2500".repeat(58)}\u2524`)));
+      lines.push(pc.bold(pc.cyan(`\u2502  ${pc.red("\u2717")} ${pc.bold(item.packageName)} (${item.estimatedSizeReduction})${" ".repeat(Math.max(1, 38 - item.estimatedSizeReduction.length))}\u2502`)));
+      lines.push(pc.bold(pc.cyan(`\u2502  ${pc.dim("\u2192")} ${pc.cyan(item.replacement)}${" ".repeat(Math.max(1, 51 - item.replacement.length))}\u2502`)));
+      lines.push(pc.bold(pc.cyan(`\u2502  ${pc.dim("\u2514\u2500")} ${autoPr}  ${confIcon} ${item.confidence}${" ".repeat(Math.max(1, 35))}\u2502`)));
+    }
+  }
+  if (result.securityIssues.length > 0) {
+    lines.push(pc.bold(pc.cyan(`\u251C${"\u2500".repeat(58)}\u2524`)));
+    lines.push(pc.bold(pc.cyan(`\u2502  ${pc.red("\u{1F534}")} ${pc.bold(pc.red("SECURITY ISSUES"))}${" ".repeat(33)}\u2502`)));
+    for (const issue of result.securityIssues) {
+      lines.push(pc.bold(pc.cyan(`\u251C${"\u2500".repeat(58)}\u2524`)));
+      lines.push(pc.bold(pc.cyan(`\u2502  ${severityColor(issue.severity)} ${pc.bold(issue.cveId)} in ${issue.packageName}${" ".repeat(Math.max(1, 40 - issue.packageName.length))}\u2502`)));
+      lines.push(pc.bold(pc.cyan(`\u2502  ${pc.dim("\u2192")} ${issue.fix}${" ".repeat(Math.max(1, 52 - issue.fix.length))}\u2502`)));
+    }
+  }
+  lines.push(pc.bold(pc.cyan(`\u2514${"\u2500".repeat(58)}\u2518`)));
+  return lines.join("\n");
+}
+
+// src/dep-exray/analyzer/index.ts
+import { readFileSync as readFileSync2 } from "fs";
+import { readdirSync as readdirSync2, statSync } from "fs";
+import { join as join3, extname as extname2 } from "path";
+var SOURCE_EXTENSIONS = /* @__PURE__ */ new Set([".ts", ".tsx", ".js", ".jsx", ".mjs", ".cjs"]);
+function isSourceFile(file) {
+  return SOURCE_EXTENSIONS.has(extname2(file));
+}
+function collectSourceFiles2(dir) {
+  const results = [];
+  try {
+    const entries = readdirSync2(dir, { withFileTypes: true });
+    for (const entry of entries) {
+      const fullPath = join3(dir, entry.name);
+      if (entry.name === "node_modules" || entry.name === "dist" || entry.name === ".git" || entry.name === "coverage" || entry.name === ".tsup") {
+        continue;
+      }
+      if (entry.isDirectory()) {
+        results.push(...collectSourceFiles2(fullPath));
+      } else if (entry.isFile() && isSourceFile(entry.name)) {
+        results.push(fullPath);
+      }
+    }
+  } catch {
+  }
+  return results;
+}
+function escapeRegex(str) {
+  return str.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+}
+async function analyzeUsage(projectPath, packageName) {
+  const importLocations = [];
+  const escaped = escapeRegex(packageName);
+  const importRegex = new RegExp(
+    `(?:from\\s+['"]${escaped}(?:/['"]|['"])|require\\(\\s*['"]${escaped}(?:/|['"]))`,
+    "g"
+  );
+  const srcDir = join3(projectPath, "src");
+  let files;
+  try {
+    if (statSync(srcDir).isDirectory()) {
+      files = collectSourceFiles2(srcDir);
+    } else {
+      files = collectSourceFiles2(projectPath);
+    }
+  } catch {
+    files = collectSourceFiles2(projectPath);
+  }
+  for (const file of files) {
+    try {
+      const content = readFileSync2(file, "utf-8");
+      importRegex.lastIndex = 0;
+      if (importRegex.test(content)) {
+        importLocations.push(file);
+      }
+    } catch {
+    }
+  }
+  return {
+    isUsed: importLocations.length > 0,
+    importCount: importLocations.length,
+    importLocations
+  };
+}
 export {
   DivisionByZeroError,
   InvalidDateError,
+  KNOWN_CVES,
+  KNOWN_MAPPINGS,
   add,
   addBusinessDays,
   addDays,
   addMonths,
   addYears,
   allSettledMap,
+  analyzeUsage,
   approxEqual,
   assertDefined,
   assertType,
@@ -1413,6 +1849,7 @@ export {
   format,
   formatDate,
   generateOTP,
+  generateReport,
   generateToken,
   getType2 as getType,
   groupBy,
@@ -1476,6 +1913,7 @@ export {
   safeJsonParse,
   sample,
   sampleSize,
+  scanProject,
   shuffle,
   simpleHash,
   sleep,