varlock 0.4.2 → 0.6.0

package/dist/runtime/init-server.cjs

@@ -0,0 +1,370 @@
+'use strict';
+
+var zlib = require('zlib');
+var http = require('http');
+
+function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
+
+var zlib__default = /*#__PURE__*/_interopDefault(zlib);
+
+// src/runtime/lib/redaction.ts
+function redactString(valStr, modeOrOpts, hideLength = true) {
+  if (!valStr) return valStr;
+  let mode;
+  {
+    mode = modeOrOpts;
+  }
+  const hiddenLength = hideLength ? 5 : valStr.length - 2;
+  const hiddenStr = "\u2592".repeat(hiddenLength);
+  if (mode === "show_last_2") {
+    return `${hiddenStr}${valStr.substring(valStr.length - 2, valStr.length)}`;
+  } else if (mode === "show_first_last") {
+    return `${valStr.substring(0, 1)}${hiddenStr}${valStr.substring(valStr.length - 1, valStr.length)}`;
+  } else {
+    return `${valStr.substring(0, 2)}${hiddenStr}`;
+  }
+}
+
+// src/lib/detect-runtime.ts
+var versionsStr = "versions";
+var processVersions = typeof process !== "undefined" && process[versionsStr];
+processVersions && processVersions.node != null;
+typeof window !== "undefined" && window.name === "nodejs" || typeof navigator !== "undefined" && "userAgent" in navigator && typeof navigator.userAgent === "string" && (navigator.userAgent.includes("Node.js") || navigator.userAgent.includes("jsdom"));
+typeof Deno !== "undefined" && typeof Deno.version !== "undefined" && typeof Deno.version.deno !== "undefined";
+processVersions && processVersions.bun != null;
+var isBrowser = typeof window !== "undefined" && typeof window.document !== "undefined" && typeof window.document.createElement === "function" && typeof navigator !== "undefined" && typeof navigator.userAgent === "string";
+
+// src/runtime/lib/debug.ts
+function debug(...args) {
+  if (!globalThis.process?.env.DEBUG_VARLOCK) return;
+  console.log(...args);
+}
+
+// src/runtime/env.ts
+function isString(s) {
+  return Object.prototype.toString.call(s) === "[object String]";
+}
+var UNMASK_STR = "\u{1F441}";
+var REDACTION_STATE_KEY = "__varlockRedactionState";
+function getRedactionState() {
+  if (!globalThis[REDACTION_STATE_KEY]) {
+    globalThis[REDACTION_STATE_KEY] = {
+      sensitiveSecretsMap: {},
+      redactorFindReplace: void 0
+    };
+  }
+  return globalThis[REDACTION_STATE_KEY];
+}
+function resetRedactionMap(graph) {
+  const state = getRedactionState();
+  state.sensitiveSecretsMap = {};
+  for (const itemKey in graph.config) {
+    const item = graph.config[itemKey];
+    if (item.isSensitive && item.value && isString(item.value)) {
+      const redacted = redactString(item.value);
+      if (redacted) state.sensitiveSecretsMap[item.value] = { key: itemKey, redacted };
+    }
+  }
+  if (!Object.keys(state.sensitiveSecretsMap).length) {
+    state.redactorFindReplace = void 0;
+    return;
+  }
+  const findRegex = new RegExp(
+    [
+      `(${UNMASK_STR} )?`,
+      "(",
+      Object.keys(state.sensitiveSecretsMap).map((s) => s.replace(/[()[\]{}*+?^$|#.,/\\\s-]/g, "\\$&")).sort((a, b) => b.length - a.length).join("|"),
+      ")",
+      `( ${UNMASK_STR})?`
+    ].join(""),
+    "g"
+  );
+  const replaceFn = (match, pre, val, post) => {
+    if (pre && post) return match;
+    return state.sensitiveSecretsMap[val].redacted;
+  };
+  state.redactorFindReplace = { find: findRegex, replace: replaceFn };
+}
+function redactSensitiveConfig(o) {
+  const { redactorFindReplace } = getRedactionState();
+  if (!redactorFindReplace) return o;
+  if (!o) return o;
+  if (Array.isArray(o)) {
+    return o.map(redactSensitiveConfig);
+  }
+  if (o && typeof o === "object" && Object.getPrototypeOf(o) === Object.prototype) {
+    try {
+      return JSON.parse(redactSensitiveConfig(JSON.stringify(o)));
+    } catch (err) {
+      return o;
+    }
+  }
+  const type = typeof o;
+  if (type === "string" || type === "object" && Object.prototype.toString.call(o) === "[object String]") {
+    return o.replaceAll(redactorFindReplace.find, redactorFindReplace.replace);
+  }
+  return o;
+}
+function revealSensitiveConfig(secretStr) {
+  if (!globalThis._varlockOrigWriteToConsoleFn) return secretStr;
+  return `${UNMASK_STR} ${secretStr} ${UNMASK_STR}`;
+}
+function scanForLeaks(toScan, meta) {
+  debug("\u26A1\uFE0F varlock scanning for leaks");
+  if (!toScan) return toScan;
+  function scanStrForLeaks(strToScan) {
+    const { sensitiveSecretsMap } = getRedactionState();
+    for (const sensitiveValue in sensitiveSecretsMap) {
+      if (strToScan.includes(sensitiveValue)) {
+        const itemKey = sensitiveSecretsMap[sensitiveValue].key;
+        console.error([
+          "",
+          `\u{1F6A8} ${"DETECTED LEAKED SENSITIVE CONFIG"} \u{1F6A8}`,
+          `> Config item key: ${itemKey}`,
+          ...meta?.method ? [`> Scan method: ${meta.method}`] : [],
+          ...meta?.file ? [`> File: ${meta.file}`] : [],
+          ""
+        ].join("\n"));
+        throw new Error(`\u{1F6A8} DETECTED LEAKED SENSITIVE CONFIG - ${itemKey}`);
+      }
+    }
+  }
+  if (isString(toScan)) {
+    scanStrForLeaks(toScan);
+    return toScan;
+  } else if (typeof Buffer !== "undefined" && toScan instanceof Buffer) {
+    scanStrForLeaks(toScan.toString());
+    return toScan;
+  } else if (toScan instanceof ReadableStream) {
+    if (toScan.locked) {
+      return toScan;
+    }
+    const chunkDecoder = new TextDecoder();
+    return toScan.pipeThrough(
+      new TransformStream({
+        transform(chunk, controller) {
+          const chunkStr = chunkDecoder.decode(chunk);
+          scanStrForLeaks(chunkStr);
+          controller.enqueue(chunk);
+        }
+      })
+    );
+  }
+  return toScan;
+}
+var initializedEnv = false;
+var envValues = {};
+var varlockSettings = {};
+var processExists = !!globalThis.process;
+var originalProcessEnv = { ...processExists && process.env };
+var varlockInjectedProcessEnvKeys;
+function initVarlockEnv(opts) {
+  debug("\u26A1\uFE0F INIT VARLOCK ENV!", initializedEnv, !!globalThis.__varlockLoadedEnv, !!globalThis.process?.env.__VARLOCK_ENV);
+  if (isBrowser && !globalThis.process?.env.__VARLOCK_ENV) {
+    initializedEnv = true;
+    return;
+  }
+  let serializedEnvData;
+  if (globalThis.__varlockLoadedEnv) {
+    serializedEnvData = globalThis.__varlockLoadedEnv;
+  } else if (processExists && process.env.__VARLOCK_ENV) {
+    serializedEnvData = JSON.parse(process.env.__VARLOCK_ENV);
+  } else {
+    if (opts?.allowFail) return;
+    console.error([
+      "",
+      "\u{1F6A8} initVarlockEnv failed  \u{1F6A8}",
+      "try rerunning your command via `varlock run`",
+      ""
+    ].join("\n"));
+    throw new Error("initVarlockEnv failed");
+  }
+  Object.assign(varlockSettings, serializedEnvData.settings);
+  resetRedactionMap(serializedEnvData);
+  const setProcessEnv = processExists;
+  if (setProcessEnv) {
+    if (varlockInjectedProcessEnvKeys) {
+      for (const key of varlockInjectedProcessEnvKeys) delete process.env[key];
+      for (const key of Object.keys(originalProcessEnv)) process.env[key] = originalProcessEnv[key];
+    }
+    varlockInjectedProcessEnvKeys = [];
+  }
+  for (const itemKey in serializedEnvData.config) {
+    const itemValue = serializedEnvData.config[itemKey].value;
+    envValues[itemKey] = itemValue;
+    if (setProcessEnv) {
+      varlockInjectedProcessEnvKeys?.push(itemKey);
+      process.env[itemKey] = itemValue === void 0 ? "" : String(itemValue);
+    }
+  }
+  initializedEnv = true;
+}
+try {
+  if (!initializedEnv) {
+    initVarlockEnv({ allowFail: true });
+  }
+} catch (err) {
+}
+var IGNORED_PROXY_KEYS = [
+  // vue - see https://github.com/vuejs/core/blob/70773d00985135a50556c61fb9855ed6b930cb82/packages/reactivity/src/ref.ts#L101
+  "__v_isRef"
+];
+var EnvProxy = new Proxy({}, {
+  get(target, prop) {
+    if (typeof prop === "symbol") return;
+    if (IGNORED_PROXY_KEYS.includes(prop)) return;
+    if (!initializedEnv) {
+      throw new Error("varlock ENV not initialized");
+    }
+    if (prop in envValues) return envValues[prop];
+    if (globalThis.__varlockThrowOnMissingKeys) {
+      if (globalThis.__varlockValidKeys && globalThis.__varlockValidKeys.includes(prop)) {
+        throw new Error(`\`ENV.${prop}\` exists, but is not available in this environment`);
+      } else {
+        throw new Error(`\`ENV.${prop}\` does not exist`);
+      }
+    }
+    return void 0;
+  }
+});
+var ENV = EnvProxy;
+
+// src/runtime/patch-console.ts
+function patchGlobalConsole() {
+  debug("\u26A1\uFE0F PATCHING global console methods");
+  if (console.log._varlockPatchedFn) {
+    debug("> already patched");
+    return;
+  }
+  if (varlockSettings.redactLogs === false) {
+    debug("> disabled by settings");
+    return;
+  }
+  const kWriteToConsoleSymbol = Object.getOwnPropertySymbols(globalThis.console).find((s) => s.description === "kWriteToConsole");
+  globalThis._varlockOrigWriteToConsoleFn ||= globalThis.console[kWriteToConsoleSymbol];
+  globalThis.console[kWriteToConsoleSymbol] = function() {
+    globalThis._varlockOrigWriteToConsoleFn.apply(this, [
+      arguments[0],
+      redactSensitiveConfig(arguments[1]),
+      arguments[2]
+    ]);
+  };
+  for (const logMethodName of ["trace", "debug", "info", "log", "info", "warn", "error"]) {
+    const originalLogMethod = globalThis.console[logMethodName];
+    const patchedFn = function() {
+      originalLogMethod.apply(this, Array.from(arguments).map(redactSensitiveConfig));
+    };
+    patchedFn._varlockPatchedFn = true;
+    globalThis.console[logMethodName] = patchedFn;
+  }
+}
+var patchedKey = "_patchedByVarlock";
+function patchGlobalServerResponse(opts) {
+  debug("\u26A1\uFE0F PATCHING global ServerResponse");
+  if (Object.getOwnPropertyDescriptor(http.ServerResponse.prototype, patchedKey)) {
+    debug("> already patched");
+    return;
+  }
+  if (varlockSettings.preventLeaks === false) {
+    debug("> disabled by settings");
+    return;
+  }
+  Object.defineProperty(http.ServerResponse.prototype, patchedKey, { value: true });
+  const serverResponseWrite = http.ServerResponse.prototype.write;
+  http.ServerResponse.prototype.write = function varlockPatchedServerResponseWrite(...args) {
+    const rawChunk = args[0];
+    const contentType = this.getHeader("content-type")?.toString() || "";
+    let runScan = contentType.startsWith("text/") || contentType.startsWith("application/json") || !contentType && typeof rawChunk === "string";
+    this.req.url;
+    if (!runScan) {
+      return serverResponseWrite.apply(this, args);
+    }
+    const compressionType = this.getHeader("Content-Encoding");
+    let chunkStr;
+    if (typeof rawChunk === "string") {
+      chunkStr = rawChunk;
+    } else if (!compressionType) {
+      const decoder = new TextDecoder();
+      chunkStr = decoder.decode(rawChunk);
+    } else if (compressionType === "gzip") {
+      if (!this._zlibChunks) {
+        this._zlibChunks = [rawChunk];
+      } else {
+        this._zlibChunks?.push(rawChunk);
+        try {
+          const unzippedChunk = zlib__default.default.unzipSync(Buffer.concat(this._zlibChunks || []), {
+            flush: zlib__default.default.constants.Z_SYNC_FLUSH,
+            finishFlush: zlib__default.default.constants.Z_SYNC_FLUSH
+          });
+          const fullUnzippedData = unzippedChunk.toString("utf-8");
+          chunkStr = fullUnzippedData.substring(this._lastChunkEndIndex || 0);
+          this._lastChunkEndIndex = fullUnzippedData.length;
+        } catch (err) {
+        }
+      }
+    }
+    if (chunkStr) {
+      try {
+        scanForLeaks(chunkStr, { method: "patched ServerResponse.write", file: this.req.url });
+      } catch (err) {
+        {
+          throw err;
+        }
+      }
+    }
+    return serverResponseWrite.apply(this, args);
+  };
+  const serverResponseEnd = http.ServerResponse.prototype.end;
+  http.ServerResponse.prototype.end = function patchedServerResponseEnd(...args) {
+    const endChunk = args[0];
+    if (endChunk && typeof endChunk === "string") {
+      scanForLeaks(endChunk, { method: "patched ServerResponse.end" });
+    }
+    return serverResponseEnd.apply(this, args);
+  };
+}
+
+// src/runtime/patch-response.ts
+function patchGlobalResponse() {
+  debug("\u26A1\uFE0F PATCHING global Response");
+  if (globalThis.Response._patchedByVarlock) {
+    debug("> already patched");
+    return;
+  }
+  if (varlockSettings.preventLeaks === false) {
+    debug("> disabled by settings");
+    return;
+  }
+  const _UnpatchedResponse = globalThis.Response;
+  globalThis.Response = class VarlockPatchedResponse extends _UnpatchedResponse {
+    static _patchedByVarlock = true;
+    // Make native fetch() responses (which are instances of the original Response)
+    // pass instanceof checks against the patched globalThis.Response.
+    static [Symbol.hasInstance](instance) {
+      return instance instanceof _UnpatchedResponse;
+    }
+    constructor(body, init) {
+      debug("\u26A1\uFE0F patched Response constructor");
+      super(scanForLeaks(body, { method: "patched Response constructor" }), init);
+    }
+    static json(data, init) {
+      debug("\u26A1\uFE0F patched Response.json");
+      scanForLeaks(JSON.stringify(data), { method: "patched Response.json" });
+      const r = _UnpatchedResponse.json(data, init);
+      Object.setPrototypeOf(r, Response.prototype);
+      return r;
+    }
+  };
+}
+
+// src/runtime/init-server.ts
+initVarlockEnv();
+patchGlobalConsole();
+patchGlobalServerResponse();
+patchGlobalResponse();
+globalThis.__varlockPatchConsole = patchGlobalConsole;
+
+exports.ENV = ENV;
+exports.redactSensitiveConfig = redactSensitiveConfig;
+exports.revealSensitiveConfig = revealSensitiveConfig;
+exports.scanForLeaks = scanForLeaks;

package/dist/runtime/init-server.d.cts

@@ -0,0 +1,20 @@
+/**
+ * Redacts senstive config values from any string/array/object/etc
+ *
+ * NOTE - must be used only after varlock has loaded config
+ * */
+declare function redactSensitiveConfig(o: any): any;
+/**
+ * utility to unmask a secret/sensitive value when logging to the console
+ * currently this only works on a single secret, not objects or aggregated strings
+ * */
+declare function revealSensitiveConfig(secretStr: string): string;
+declare function scanForLeaks(toScan: string | ReadableStream | null, meta?: {
+    method?: string;
+    file?: string;
+}): string | ReadableStream<any> | null;
+interface TypedEnvSchema {
+}
+declare const ENV: TypedEnvSchema;
+
+export { ENV, redactSensitiveConfig, revealSensitiveConfig, scanForLeaks };

package/dist/runtime/patch-console.js

@@ -1,6 +1,6 @@
-export { patchGlobalConsole, unpatchGlobalConsole } from '../chunk-TYIS6T2T.js';
-import '../chunk-WAMBVZL2.js';
-import '../chunk-MIBOBKI4.js';
+export { patchGlobalConsole, unpatchGlobalConsole } from '../chunk-BC7LU4LG.js';
+import '../chunk-IMB5QAZS.js';
+import '../chunk-XLYSNOR3.js';
 import '../chunk-6PEHRAEP.js';
 //# sourceMappingURL=patch-console.js.map
 //# sourceMappingURL=patch-console.js.map

package/dist/runtime/patch-response.js

@@ -1,6 +1,6 @@
-export { patchGlobalResponse } from '../chunk-QQDWRXNU.js';
-import '../chunk-WAMBVZL2.js';
-import '../chunk-MIBOBKI4.js';
+export { patchGlobalResponse } from '../chunk-LVZSZAKN.js';
+import '../chunk-IMB5QAZS.js';
+import '../chunk-XLYSNOR3.js';
 import '../chunk-6PEHRAEP.js';
 //# sourceMappingURL=patch-response.js.map
 //# sourceMappingURL=patch-response.js.map

package/dist/runtime/patch-server-response.js

@@ -1,6 +1,6 @@
-export { patchGlobalServerResponse } from '../chunk-ZXJ4CEDK.js';
-import '../chunk-WAMBVZL2.js';
-import '../chunk-MIBOBKI4.js';
+export { patchGlobalServerResponse } from '../chunk-MYHVSJ3X.js';
+import '../chunk-IMB5QAZS.js';
+import '../chunk-XLYSNOR3.js';
 import '../chunk-6PEHRAEP.js';
 //# sourceMappingURL=patch-server-response.js.map
 //# sourceMappingURL=patch-server-response.js.map

package/dist/scan.command-ADKVWN5T.js

@@ -0,0 +1,13 @@
+export { commandFn, commandSpec, getGitFiles, scanFileForValues, walkDirectory } from './chunk-G7FDCTNA.js';
+import './chunk-Y3ITSQA4.js';
+import './chunk-TLEEAUD7.js';
+import './chunk-NPPZVF24.js';
+import './chunk-4A54P4EM.js';
+import './chunk-EXG5VPNZ.js';
+import './chunk-J7PA7B2U.js';
+import './chunk-2AGKN64R.js';
+import './chunk-QZ6HBRJC.js';
+import './chunk-XLYSNOR3.js';
+import './chunk-6PEHRAEP.js';
+//# sourceMappingURL=scan.command-ADKVWN5T.js.map
+//# sourceMappingURL=scan.command-ADKVWN5T.js.map

package/dist/{scan.command-4J64EB4Z.js.map → scan.command-ADKVWN5T.js.map}

@@ -1 +1 @@
-{"version":3,"sources":[],"names":[],"mappings":"","file":"scan.command-4J64EB4Z.js"}
+{"version":3,"sources":[],"names":[],"mappings":"","file":"scan.command-ADKVWN5T.js"}

package/dist/telemetry.command-CQFTGXPF.js

@@ -0,0 +1,11 @@
+export { commandFn, commandSpec } from './chunk-UVWLW5KD.js';
+import './chunk-TLEEAUD7.js';
+import './chunk-NPPZVF24.js';
+import './chunk-4A54P4EM.js';
+import './chunk-J7PA7B2U.js';
+import './chunk-2AGKN64R.js';
+import './chunk-QZ6HBRJC.js';
+import './chunk-XLYSNOR3.js';
+import './chunk-6PEHRAEP.js';
+//# sourceMappingURL=telemetry.command-CQFTGXPF.js.map
+//# sourceMappingURL=telemetry.command-CQFTGXPF.js.map

package/dist/{telemetry.command-NLJFD63U.js.map → telemetry.command-CQFTGXPF.js.map}

@@ -1 +1 @@
-{"version":3,"sources":[],"names":[],"mappings":"","file":"telemetry.command-NLJFD63U.js"}
+{"version":3,"sources":[],"names":[],"mappings":"","file":"telemetry.command-CQFTGXPF.js"}

package/dist/typegen.command-A544SFYM.js

@@ -0,0 +1,12 @@
+export { commandFn, commandSpec } from './chunk-4JMFWK65.js';
+import './chunk-NPPZVF24.js';
+import './chunk-4A54P4EM.js';
+import './chunk-FYZ7LKLX.js';
+import './chunk-EXG5VPNZ.js';
+import './chunk-J7PA7B2U.js';
+import './chunk-2AGKN64R.js';
+import './chunk-QZ6HBRJC.js';
+import './chunk-XLYSNOR3.js';
+import './chunk-6PEHRAEP.js';
+//# sourceMappingURL=typegen.command-A544SFYM.js.map
+//# sourceMappingURL=typegen.command-A544SFYM.js.map

package/dist/{typegen.command-7BE3K6PU.js.map → typegen.command-A544SFYM.js.map}

@@ -1 +1 @@
-{"version":3,"sources":[],"names":[],"mappings":"","file":"typegen.command-7BE3K6PU.js"}
+{"version":3,"sources":[],"names":[],"mappings":"","file":"typegen.command-A544SFYM.js"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "varlock",
-  "version": "0.4.2",
+  "version": "0.6.0",
   "description": "AI-safe .env files: Schemas for agents, Secrets for humans.",
   "main": "index.js",
   "type": "module",
@@ -84,6 +84,16 @@
       "types": "./dist/runtime/patch-server-response.d.ts",
       "default": "./dist/runtime/patch-server-response.js"
     },
+    "./init-server": {
+      "ts-src": "./src/runtime/init-server.ts",
+      "types": "./dist/runtime/init-server.d.cts",
+      "default": "./dist/runtime/init-server.cjs"
+    },
+    "./init-edge": {
+      "ts-src": "./src/runtime/init-edge.ts",
+      "types": "./dist/runtime/init-edge.d.cts",
+      "default": "./dist/runtime/init-edge.cjs"
+    },
     "./exec-sync-varlock": {
       "ts-src": "./src/lib/exec-sync-varlock.ts",
       "types": "./dist/lib/exec-sync-varlock.d.ts",
@@ -108,7 +118,7 @@
   "devDependencies": {
     "@clack/core": "^1.0.0",
     "@clack/prompts": "^1.0.0",
-    "@env-spec/parser": "0.1.1",
+    "@env-spec/parser": "0.2.0",
     "@env-spec/utils": "0.0.0",
     "@sindresorhus/is": "^7.2.0",
     "@types/node": "25.3.2",

package/dist/chunk-6SS4YD2I.js

@@ -1,156 +0,0 @@
-import { CliExitError } from './chunk-PIOJV2A7.js';
-import { ansis_default } from './chunk-NWY5IIPW.js';
-import { pathExistsSync } from './chunk-PCRIVT4T.js';
-import { createDebug } from './chunk-QZ6HBRJC.js';
-import { __name } from './chunk-6PEHRAEP.js';
-import path from 'path';
-import fs, { existsSync } from 'fs';
-import { execSync } from 'child_process';
-
-var debug = createDebug("varlock:js-package-manager-utils");
-var JS_PACKAGE_MANAGERS = Object.freeze({
-  npm: {
-    name: "npm",
-    lockfiles: ["package-lock.json"],
-    add: "npm install",
-    // add also works
-    exec: "npm exec --",
-    dlx: "npx"
-  },
-  pnpm: {
-    name: "pnpm",
-    lockfiles: ["pnpm-lock.yaml"],
-    add: "pnpm add",
-    exec: "pnpm exec",
-    dlx: "pnpm dlx"
-  },
-  yarn: {
-    name: "yarn",
-    lockfiles: ["yarn.lock"],
-    add: "yarn add",
-    exec: "yarn exec --",
-    dlx: "yarn dlx"
-  },
-  bun: {
-    name: "bun",
-    lockfiles: ["bun.lock", "bun.lockb"],
-    add: "bun add",
-    exec: "bun run",
-    dlx: "bunx"
-  },
-  deno: {
-    //! deno not fully supported yet
-    name: "deno",
-    lockfiles: ["deno.lock"],
-    add: "deno add",
-    // TODO: don't think these are quite right...
-    exec: "deno run",
-    dlx: "deno run"
-  }
-});
-function detectJsPackageManager(opts) {
-  debug("Detecting js package manager");
-  let cwd = opts?.cwd || process.cwd();
-  let multipleLockfilesDetected;
-  do {
-    debug(`> scanning ${cwd}`);
-    const scanDir = cwd;
-    let pm;
-    let detectedPm;
-    for (pm in JS_PACKAGE_MANAGERS) {
-      const foundLockfile = JS_PACKAGE_MANAGERS[pm].lockfiles.find(
-        (lockfile) => pathExistsSync(path.join(scanDir, lockfile))
-      );
-      if (foundLockfile) {
-        if (detectedPm) {
-          debug(`> found multiple lockfiles: ${foundLockfile} and ${JS_PACKAGE_MANAGERS[detectedPm].lockfiles[0]}`);
-          multipleLockfilesDetected = [detectedPm, pm];
-          break;
-        }
-        debug(`> found ${foundLockfile}`);
-        detectedPm = pm;
-      }
-    }
-    if (detectedPm && !multipleLockfilesDetected) return JS_PACKAGE_MANAGERS[detectedPm];
-    if (multipleLockfilesDetected) break;
-    const parentDir = path.dirname(cwd);
-    if (parentDir === cwd) break;
-    cwd = parentDir;
-    if (opts?.workspaceRootPath) {
-      if (opts.workspaceRootPath === cwd) {
-        debug("> found workspace root");
-        break;
-      }
-    } else {
-      if (pathExistsSync(path.join(cwd, ".git"))) {
-        debug("> found git root");
-        break;
-      }
-    }
-  } while (cwd);
-  if (process.env.npm_config_user_agent) {
-    const pmFromAgent = process.env.npm_config_user_agent.split("/")[0];
-    if (Object.keys(JS_PACKAGE_MANAGERS).includes(pmFromAgent)) {
-      debug(`> found ${pmFromAgent} using npm_config_user_agent`);
-      return JS_PACKAGE_MANAGERS[pmFromAgent];
-    }
-  }
-  if (multipleLockfilesDetected) {
-    debug(`> using ${multipleLockfilesDetected[0]} from multiple detected lockfiles`);
-    return JS_PACKAGE_MANAGERS[multipleLockfilesDetected[0]];
-  }
-  if (opts?.exitIfNotFound) {
-    throw new CliExitError("Unable to find detect your JavaScript package manager!", {
-      suggestion: "We look for lock files (ex: package-lock.json) so you may just need to run a dependency install (ie `npm install`)",
-      forceExit: true
-    });
-  }
-}
-__name(detectJsPackageManager, "detectJsPackageManager");
-function installJsDependency(opts) {
-  const packageJsonPath = path.join(opts.packagePath || process.cwd(), "package.json");
-  if (!existsSync(packageJsonPath)) return false;
-  const packageJson = JSON.parse(fs.readFileSync(packageJsonPath, "utf8"));
-  if (packageJson.dependencies?.varlock) return false;
-  execSync([
-    // move to the correct directory if needed
-    opts.packagePath && `cd ${opts.packagePath} &&`,
-    // `add` works in all of them
-    `${opts.packageManager} add ${opts.packageName}`,
-    // tells pnpm to either install in the workspace root explicitly
-    // or to not check if we are the in the root
-    opts.packageManager === "pnpm" && (opts.isMonoRepoRoot ? "-w" : "--ignore-workspace-root-check")
-  ].filter(Boolean).join(" "));
-  return true;
-}
-__name(installJsDependency, "installJsDependency");
-
-// src/cli/helpers/pretty-format.ts
-var fmt = {
-  decorator: /* @__PURE__ */ __name((s) => ansis_default.magenta(s), "decorator"),
-  filePath: /* @__PURE__ */ __name((s) => `\u{1F4C2} ${ansis_default.cyan.italic(s)}`, "filePath"),
-  fileName: /* @__PURE__ */ __name((s) => `${ansis_default.cyan.italic(s)}`, "fileName"),
-  command: /* @__PURE__ */ __name((s, opts) => {
-    let jsPackageManager;
-    if (opts?.jsPackageManager === true) {
-      jsPackageManager = detectJsPackageManager();
-    } else if (opts?.jsPackageManager) {
-      jsPackageManager = opts.jsPackageManager;
-    }
-    if (jsPackageManager) {
-      s = `${jsPackageManager.exec} ${s}`;
-    }
-    return ansis_default.green.italic(s);
-  }, "command"),
-  packageName: /* @__PURE__ */ __name((s) => ansis_default.green.italic(s), "packageName")
-};
-var logLines = /* @__PURE__ */ __name((lines) => {
-  for (const line of lines) {
-    if (!line && line !== "") continue;
-    console.log(line);
-  }
-}, "logLines");
-
-export { detectJsPackageManager, fmt, installJsDependency, logLines };
-//# sourceMappingURL=chunk-6SS4YD2I.js.map
-//# sourceMappingURL=chunk-6SS4YD2I.js.map