@rnx-kit/align-deps - npm Package Compare versions

Comparing version 2.1.4 to 2.2.0

lib/capabilities.d.ts

@@ -15,2 +15,3 @@ import type { Capability } from "@rnx-kit/config";
 export declare function capabilitiesFor({ dependencies, devDependencies, peerDependencies, }: PackageManifest, preset: Preset): Capability[];
+export declare function capabilityProvidedBy(pkg: MetaPackage | Package): string | undefined;
 export declare function isMetaPackage(pkg: MetaPackage | Package): pkg is MetaPackage;
@@ -17,0 +18,0 @@ /**

lib/commands/check.d.ts

@@ -24,5 +24,10 @@ import type { Command, ErrorCode, Options } from "../types";
  * @param inputConfig Configuration in the package manifest
+ * @param logError Function for outputting changes
  * @returns `success` when everything is in order; an {@link ErrorCode} otherwise
  */
-export declare function checkPackageManifest(manifestPath: string, options: Options, inputConfig?: import("../types").AlignDepsConfig | ErrorCode | import("../types").LegacyCheckConfig): ErrorCode;
+export declare function checkPackageManifest(manifestPath: string, options: Options, inputConfig?: import("../types").AlignDepsConfig | ErrorCode | import("../types").LegacyCheckConfig, logError?: {
+    (...data: any[]): void;
+    (message?: any, ...optionalParams: any[]): void;
+    (message?: any, ...optionalParams: any[]): void;
+}): ErrorCode;
 /**
@@ -29,0 +34,0 @@ * Creates the check command. This is the default command no other flags are

lib/commands/vigilant.d.ts

 import type { PackageManifest } from "@rnx-kit/tools-node/package";
-import type { AlignDepsConfig, ErrorCode, ManifestProfile, Options } from "../types";
-type Change = {
-    name: string;
-    from: string;
-    to: string;
-    section: string;
+import type { AlignDepsConfig, Changes, ErrorCode, ManifestProfile, Options } from "../types";
+type Report = {
+    changes: Changes;
+    changesCount: number;
+    unmanagedDependencies: [string, string][];
 };
@@ -28,3 +27,3 @@ /**
  */
-export declare function inspect(manifest: PackageManifest, profile: ManifestProfile, write: boolean): Change[];
+export declare function inspect(manifest: PackageManifest, profile: ManifestProfile, write: boolean): Report;
 /**
@@ -40,6 +39,11 @@ * Checks the specified package manifest for misaligned dependencies in place.
  * @param config Configuration from `package.json` or "generated" from command line flags
+ * @param logError Function for outputting changes
  * @returns Whether the package needs changes
  */
-export declare function checkPackageManifestUnconfigured(manifestPath: string, { excludePackages, write }: Options, config: AlignDepsConfig): ErrorCode;
+export declare function checkPackageManifestUnconfigured(manifestPath: string, { excludePackages, write }: Options, config: AlignDepsConfig, logError?: {
+    (...data: any[]): void;
+    (message?: any, ...optionalParams: any[]): void;
+    (message?: any, ...optionalParams: any[]): void;
+}): ErrorCode;
 export {};
 //# sourceMappingURL=vigilant.d.ts.map

lib/types.d.ts

@@ -8,2 +8,20 @@ import type { Capability, KitConfig, KitType } from "@rnx-kit/config";
 };
+export type Change = {
+    type: "added";
+    dependency: string;
+    target: string;
+} | {
+    type: "changed";
+    dependency: string;
+    target: string;
+    current: string;
+} | {
+    type: "removed";
+    dependency: string;
+};
+export type Changes = {
+    dependencies: Change[];
+    peerDependencies: Change[];
+    devDependencies: Change[];
+};
 export type Options = {
@@ -30,3 +48,2 @@ presets: string[];
 export type Command = (manifest: string) => ErrorCode;
-export type ManifestProfile = Pick<Required<PackageManifest>, "dependencies" | "devDependencies" | "peerDependencies">;
 export type MetaPackage = {
@@ -36,2 +53,3 @@ name: "#meta";
     devOnly?: boolean;
+    [key: symbol]: string;
 };
@@ -43,2 +61,3 @@ export type Package = {
     devOnly?: boolean;
+    [key: symbol]: string;
 };
@@ -50,2 +69,5 @@ export type Profile = Readonly<Record<Capability, MetaPackage | Package>>;
 };
+export type ManifestProfile = Pick<Required<PackageManifest>, "dependencies" | "devDependencies" | "peerDependencies"> & {
+    unmanagedCapabilities: Record<string, string | undefined>;
+};
 export type LegacyCheckConfig = {
@@ -52,0 +74,0 @@ kitType: KitType;

package.json

 {
   "name": "@rnx-kit/align-deps",
-  "version": "2.1.4",
+  "version": "2.2.0",
   "description": "Manage dependencies within a repository and across many repositories",
@@ -46,3 +46,2 @@ "homepage": "https://github.com/microsoft/rnx-kit/tree/main/packages/align-deps#readme",
     "jest": "^27.0.0",
-    "jest-diff": "^27.0.0",
     "lodash": "^4.17.21",
@@ -49,0 +48,0 @@ "markdown-table": "^3.0.0",

New alerts

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 5 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 2 instances in 1 package

Improved metrics

Dev dependency count

23

decreased by-4.17%

Number of package files

34

increased by3.03%

Worsened metrics

Total package byte prevSize

1068095

decreased by-10.23%

Lines of code

29084

decreased by-10.47%

Number of low supply chain risk alerts

40

increased byInfinity%

Number of medium supply chain risk alerts

1

increased byInfinity%

No dependency changes