npm - trochilus - Versions diffs - 0.1.0 - Mend

trochilus 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2024 Victor Sidorov
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md ADDED Viewed

@@ -0,0 +1,24 @@
+# Trochilus
+CLI tool to check various issues in JavaScript project dependencies.
+Specifically made for end projects, to ensure all dependencies are up-to-date, correctly installed and actively
+maintained.
+## Usage
+```
+npx trochilus <path-to-project-root-folder>
+```
+### Options
+| Option | Description           |
+|--------|-----------------------|
+| -v     | Enable verbose output |
+| -h     | Print help            |
+## Current checks
+- [X] Correct type of dependencies (e.g. `dependencies` and `devDependencies`)
+- [X] Stale dependencies with archived source code repository
+- [X] New minor and patch versions of dependencies

package/dist/index.js ADDED Viewed

@@ -0,0 +1,354 @@
+#!/usr/bin/env node
+import process$1 from 'node:process';
+import fs from 'node:fs/promises';
+import path from 'node:path';
+import { createCommand } from 'commander';
+import pc from 'picocolors';
+import fetch from 'node-fetch';
+import semver from 'semver';
+function parsePackageJson(content) {
+  try {
+    return JSON.parse(content);
+  } catch {
+    return void 0;
+  }
+}
+var LogLevel = /* @__PURE__ */ ((LogLevel2) => {
+  LogLevel2[LogLevel2["FATAL"] = 0] = "FATAL";
+  LogLevel2[LogLevel2["ERROR"] = 1] = "ERROR";
+  LogLevel2[LogLevel2["WARN"] = 2] = "WARN";
+  LogLevel2[LogLevel2["INFO"] = 3] = "INFO";
+  LogLevel2[LogLevel2["DEBUG"] = 4] = "DEBUG";
+  LogLevel2[LogLevel2["TRACE"] = 5] = "TRACE";
+  return LogLevel2;
+})(LogLevel || {});
+let logLevel = 3 /* INFO */;
+function setLogLevel(level) {
+  logLevel = level;
+}
+const logger = {
+  fatal(...args) {
+    if (0 /* FATAL */ <= logLevel) {
+      console.error(pc.red("FATAL	"), ...args);
+    }
+  },
+  error(...args) {
+    if (1 /* ERROR */ <= logLevel) {
+      console.error(pc.red("ERROR	"), ...args);
+    }
+  },
+  warn(...args) {
+    if (2 /* WARN */ <= logLevel) {
+      console.warn(pc.yellow("WARN	"), ...args);
+    }
+  },
+  info(...args) {
+    if (3 /* INFO */ <= logLevel) {
+      console.info(...args);
+    }
+  },
+  debug(...args) {
+    if (4 /* DEBUG */ <= logLevel) {
+      console.debug(pc.blue("DEBUG	"), ...args);
+    }
+  },
+  trace(...args) {
+    if (5 /* TRACE */ <= logLevel) {
+      console.trace(pc.gray("TRACE	"), ...args);
+    }
+  }
+};
+function isError(arg) {
+  return typeof arg === "object" && arg != null && "error" in arg && typeof arg.error === "string";
+}
+const cache = /* @__PURE__ */ new Map();
+function resolvePackageMetadata(name) {
+  if (cache.has(name)) {
+    logger.debug(`Package metadata for "${name}" resolved from cache`);
+    return cache.get(name);
+  }
+  const promise = fetch(`https://registry.npmjs.org/${name}`).then((r) => r.json()).then((data) => isError(data) ? void 0 : data);
+  cache.set(name, promise);
+  logger.debug(`Fetching package metadata for "${name}"`);
+  return promise;
+}
+var IssueCode = /* @__PURE__ */ ((IssueCode2) => {
+  IssueCode2[IssueCode2["WRONG_DEPENDENCY_TYPE"] = 0] = "WRONG_DEPENDENCY_TYPE";
+  IssueCode2[IssueCode2["ABANDONED"] = 1] = "ABANDONED";
+  IssueCode2[IssueCode2["OUTDATED"] = 2] = "OUTDATED";
+  return IssueCode2;
+})(IssueCode || {});
+function stringifyIssue(issue) {
+  switch (issue.code) {
+    case 0 /* WRONG_DEPENDENCY_TYPE */: {
+      return `Marked as a wrong dependency type, expected ${issue.expected}, got ${issue.got}`;
+    }
+    case 1 /* ABANDONED */: {
+      return `Project is no longer supported: ${issue.reason}`;
+    }
+    case 2 /* OUTDATED */: {
+      return `New version available: ${issue.max}, current version ${issue.current}`;
+    }
+  }
+}
+class Reporter {
+  issues = [];
+  addIssue(issue) {
+    this.issues.push(issue);
+  }
+}
+function groupIssues(issues) {
+  return issues.reduce((acc, cur) => {
+    let path;
+    if (acc.has(cur.path)) {
+      path = acc.get(cur.path);
+    } else {
+      path = /* @__PURE__ */ new Map();
+      acc.set(cur.path, path);
+    }
+    let pkg;
+    if (path.has(cur.packageName)) {
+      pkg = path.get(cur.packageName);
+    } else {
+      pkg = [];
+      path.set(cur.packageName, pkg);
+    }
+    pkg.push(cur);
+    return acc;
+  }, /* @__PURE__ */ new Map());
+}
+function isGitHub(url) {
+  return url.includes("github.com");
+}
+function getOwnerAndRepo(url) {
+  if (!isGitHub(url)) {
+    return;
+  }
+  const matches = url.match(/github.com\/([a-zA-Z0-9-]+)\/([a-zA-Z0-9-]+)/);
+  if (matches && matches.length === 3) {
+    return {
+      owner: matches[1],
+      repo: matches[2]
+    };
+  }
+}
+async function isArchived(repo) {
+  if (!process.env.GITHUB_TOKEN) {
+    logger.warn("GITHUB_TOKEN env variable is missing, without it you will be rate-limited too fast");
+    logger.warn("Create your access token here https://github.com/settings/tokens and retry");
+    return false;
+  }
+  const response = await fetch(`https://api.github.com/repos/${repo.owner}/${repo.repo}`, {
+    headers: {
+      authorization: `Bearer ${process.env.GITHUB_TOKEN}`
+    }
+  });
+  if (!response.ok) {
+    logger.error((await response.json()).message);
+    return false;
+  }
+  const repositoryInfo = await response.json();
+  if (typeof repositoryInfo === "object" && repositoryInfo != null && "archived" in repositoryInfo) {
+    return repositoryInfo.archived === true;
+  }
+  return false;
+}
+const archived = {
+  name: "archived",
+  async run(path, pkg, reporter) {
+    const dependencies = [
+      ...Object.keys(pkg.dependencies ?? {}),
+      ...Object.keys(pkg.devDependencies ?? {})
+    ];
+    for (const dependency of dependencies) {
+      logger.debug(`Getting package metadata from npm for ${dependency}`);
+      const data = await resolvePackageMetadata(dependency);
+      if (!data) {
+        logger.warn(`Failed to resolve ${dependency} from npm registry`);
+        continue;
+      }
+      const repo = getOwnerAndRepo(data.repository?.url ?? "");
+      if (repo) {
+        logger.debug(`Detected GitHub repo for ${dependency}`, repo);
+        if (await isArchived(repo)) {
+          reporter.addIssue({
+            path,
+            packageName: dependency,
+            code: IssueCode.ABANDONED,
+            reason: `GitHub repository is archived at https://github.com/${repo.owner}/${repo.repo}`
+          });
+        }
+      }
+    }
+  }
+};
+class PackageGroup {
+  rules = [];
+  add(rule, description) {
+    this.rules.push({
+      value: rule,
+      description: description ?? ""
+    });
+  }
+  test(name) {
+    return this.rules.some((rule) => {
+      if (typeof rule.value === "string") {
+        return rule.value === name;
+      }
+      if (Array.isArray(rule.value)) {
+        return rule.value.includes(name);
+      }
+      return rule.value.test(name);
+    });
+  }
+}
+const ts = new PackageGroup();
+ts.add("typescript", "TypeScript compiler");
+ts.add(/^@types\//, "TypeScript definitions");
+ts.add([
+  "ts-node",
+  "tsx",
+  "@swc/register",
+  "@swc-node/register",
+  "esbuild-runner",
+  "jiti",
+  "sucrase",
+  "tsm"
+], "TypeScript runtimes for Node.js");
+const typescript = {
+  name: "typescript",
+  async run(path, pkg, reporter) {
+    for (const dependency of Object.keys(pkg.dependencies ?? {})) {
+      if (ts.test(dependency)) {
+        reporter.addIssue({
+          path,
+          packageName: dependency,
+          code: IssueCode.WRONG_DEPENDENCY_TYPE,
+          expected: "development",
+          got: "production"
+        });
+      }
+    }
+    return Promise.resolve();
+  }
+};
+const webpack = new PackageGroup();
+webpack.add("webpack", "Webpack bundler");
+webpack.add(/^webpack-/, "Webpack loaders and plugins");
+const vite = new PackageGroup();
+vite.add("vite", "Vite bundler");
+vite.add(/^@vitejs\//, "Vite plugins");
+const bundler = {
+  name: "bundler",
+  run(path, pkg, reporter) {
+    for (const dependency of Object.keys(pkg.dependencies ?? {})) {
+      if (webpack.test(dependency) || vite.test(dependency)) {
+        reporter.addIssue({
+          path,
+          packageName: dependency,
+          code: IssueCode.WRONG_DEPENDENCY_TYPE,
+          expected: "development",
+          got: "production"
+        });
+      }
+    }
+    return Promise.resolve();
+  }
+};
+const updates = {
+  name: "updates",
+  async run(projectPath, pkg, reporter) {
+    const dependencies = [
+      ...Object.keys(pkg.dependencies ?? {}),
+      ...Object.keys(pkg.devDependencies ?? {})
+    ];
+    for (const dep of dependencies) {
+      const dependency = await resolvePackageMetadata(dep);
+      if (!dependency) {
+        logger.warn(`Failed to resolve ${dep} from npm registry`);
+        continue;
+      }
+      const versions = Object.keys(dependency.versions);
+      const currentVersion = pkg.dependencies?.[dep] ?? pkg.devDependencies?.[dep];
+      if (!currentVersion) {
+        continue;
+      }
+      const maxSemver = semver.maxSatisfying(versions, currentVersion);
+      const curSemver = semver.minVersion(currentVersion);
+      if (!semver.eq(maxSemver, curSemver)) {
+        reporter.addIssue({
+          code: IssueCode.OUTDATED,
+          path: projectPath,
+          packageName: dep,
+          max: maxSemver,
+          current: curSemver.toString()
+        });
+      }
+    }
+  }
+};
+const checks = [
+  archived,
+  typescript,
+  bundler,
+  updates
+];
+const program = createCommand("trochilus");
+program.option("-v, --verbose", "Verbose messages", false).argument("[path]", "Path to project directory", "").action(async (projectPath, opts) => {
+  setLogLevel(opts?.verbose ? LogLevel.DEBUG : LogLevel.INFO);
+  const root = path.resolve(projectPath ? path.resolve(process$1.cwd(), projectPath) : process$1.cwd());
+  logger.debug(`Root folder set to ${root}`);
+  const packageFile = path.join(root, "package.json");
+  try {
+    const stat = await fs.stat(packageFile);
+    if (!stat.isFile()) {
+      logger.error(`${packageFile} is not a file`);
+      process$1.exit(1);
+    }
+  } catch (e) {
+    if (e.code === "ENOENT") {
+      logger.error(`File ${packageFile} not found`);
+      process$1.exit(1);
+    }
+    throw e;
+  }
+  const content = await fs.readFile(packageFile, "utf-8");
+  const pkg = parsePackageJson(content);
+  if (!pkg) {
+    logger.error(`Failed to parse ${packageFile}, file is not a valid JSON file`);
+    return;
+  }
+  const reporter = new Reporter();
+  for (const check of checks) {
+    logger.debug(`Starting ${check.name} check`);
+    await check.run(root, pkg, reporter);
+    logger.debug(`Finished ${check.name} check`);
+  }
+  if (reporter.issues.length === 0) {
+    process$1.exit(0);
+  }
+  const result = groupIssues(reporter.issues);
+  for (const group of result) {
+    logger.info(pc.underline(group[0]));
+    for (const group1 of group[1]) {
+      logger.info(`	${group1[0]}:`);
+      for (const issue of group1[1]) {
+        logger.info(`		${stringifyIssue(issue)}`);
+      }
+      logger.info("");
+    }
+  }
+  process$1.exit(1);
+});
+program.parse();

package/package.json ADDED Viewed

@@ -0,0 +1,46 @@
+{
+  "name": "trochilus",
+  "type": "module",
+  "version": "0.1.0",
+  "description": "CLI tool to check issues in JavaScript projects",
+  "files": [
+    "dist"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/Solant/trochilus.git"
+  },
+  "bugs": {
+    "email": "https://github.com/Solant/trochilus/issues"
+  },
+  "bin": "./dist/index.js",
+  "keywords": [
+    "dependencies",
+    "update",
+    "package.json"
+  ],
+  "license": "MIT",
+  "devDependencies": {
+    "@eslint/js": "^9.8.0",
+    "@stylistic/eslint-plugin": "^2.6.1",
+    "@types/node": "^22.0.2",
+    "@types/semver": "^7.5.8",
+    "eslint": "9.x",
+    "globals": "^15.9.0",
+    "pkgroll": "^2.4.2",
+    "tsx": "^4.16.5",
+    "typescript": "^5.5.4",
+    "typescript-eslint": "^8.0.0",
+    "vitest": "^2.0.5"
+  },
+  "dependencies": {
+    "commander": "^12.1.0",
+    "node-fetch": "^3.3.2",
+    "picocolors": "^1.0.1",
+    "semver": "^7.6.3"
+  },
+  "scripts": {
+    "build": "pkgroll",
+    "test": "vitest"
+  }
+}