fix: make dependency skill CI friendly

alainncls · alainncls · commit 4b2117bbd58f · 2026-04-23T23:26:49.000+02:00
diff --git a/.agents/skills/linea-dependency-maintenance/SKILL.md b/.agents/skills/linea-dependency-maintenance/SKILL.md
@@ -7,6 +7,9 @@ metadata:
 
 # Dependency Maintenance
 
+<!-- markdownlint-disable -->
+<!-- vale off -->
+
 Use this workflow to maximize safe dependency progress without changing the repository's package-manager contract or hiding remaining risk.
 
 ## Preflight
@@ -49,7 +52,7 @@ pnpm why <package> -r
 When registry-age gates matter, use the bundled helper as a reproducible first pass:
 
 ```bash
-node <skill-dir>/scripts/eligible-updates.mjs --manager auto --days 3
+node <skill-dir>/scripts/eligible-updates --manager auto --days 3
 ```
 
 Replace `<skill-dir>` with the directory containing this `SKILL.md`. Adjust `--days` or `--minutes` to match the repo policy.
@@ -117,4 +120,4 @@ Pause before contract deployments, public API breakage, package-manager migratio
 
 - For npm/package-lock repositories, read `references/npm.md`.
 - For pnpm workspace/catalog/override repositories, read `references/pnpm.md`.
-- For reproducible release-age inventory, run `scripts/eligible-updates.mjs`.
+- For reproducible release-age inventory, run `scripts/eligible-updates`.
diff --git a/.agents/skills/linea-dependency-maintenance/references/npm.md b/.agents/skills/linea-dependency-maintenance/references/npm.md
@@ -1,5 +1,8 @@
 # npm Dependency Maintenance
 
+<!-- markdownlint-disable -->
+<!-- vale off -->
+
 Use these notes only for npm repositories with `package-lock.json`, npm CI, or npm-based hosting/deploy detection.
 
 ## Rules
diff --git a/.agents/skills/linea-dependency-maintenance/references/pnpm.md b/.agents/skills/linea-dependency-maintenance/references/pnpm.md
@@ -1,5 +1,8 @@
 # pnpm Dependency Maintenance
 
+<!-- markdownlint-disable -->
+<!-- vale off -->
+
 Use these notes for pnpm repositories with `pnpm-lock.yaml`, `pnpm-workspace.yaml`, catalogs, overrides, or pnpm-specific CI.
 
 ## Rules
diff --git a/.agents/skills/linea-dependency-maintenance/scripts/eligible-updates b/.agents/skills/linea-dependency-maintenance/scripts/eligible-updates
@@ -0,0 +1,198 @@
+#!/usr/bin/env node
+
+const { execFileSync } = require("node:child_process");
+const { existsSync, readFileSync } = require("node:fs");
+const { join } = require("node:path");
+
+const DAY_MS = 24 * 60 * 60 * 1000;
+const MINUTE_MS = 60 * 1000;
+
+function parseArgs(argv) {
+  const args = { manager: "auto", days: 3, minutes: null };
+  for (let index = 2; index < argv.length; index += 1) {
+    const arg = argv[index];
+    const next = argv[index + 1];
+    if (arg === "--manager" && next) {
+      args.manager = next;
+      index += 1;
+    } else if (arg === "--days" && next) {
+      args.days = Number(next);
+      index += 1;
+    } else if (arg === "--minutes" && next) {
+      args.minutes = Number(next);
+      index += 1;
+    } else if (arg === "--help") {
+      console.error("Usage: eligible-updates [--manager auto|npm|pnpm] [--days N | --minutes N]");
+      process.exit(0);
+    }
+  }
+  return args;
+}
+
+function detectManager() {
+  if (existsSync("pnpm-lock.yaml")) return "pnpm";
+  if (existsSync("package-lock.json")) return "npm";
+  if (existsSync("package.json")) {
+    const pkg = JSON.parse(readFileSync("package.json", "utf8"));
+    if (String(pkg.packageManager ?? "").startsWith("pnpm@")) return "pnpm";
+    if (String(pkg.packageManager ?? "").startsWith("npm@")) return "npm";
+  }
+  return "npm";
+}
+
+function runOutdated(manager) {
+  const command =
+    manager === "pnpm" ? ["pnpm", ["outdated", "-r", "--format", "json"]] : ["npm", ["outdated", "--json"]];
+
+  try {
+    return execFileSync(command[0], command[1], {
+      encoding: "utf8",
+      stdio: ["ignore", "pipe", "pipe"],
+    });
+  } catch (error) {
+    if (error.stdout) return String(error.stdout);
+    return "{}";
+  }
+}
+
+function parseVersion(version) {
+  const match = String(version ?? "")
+    .trim()
+    .replace(/^v/, "")
+    .match(/(\d+)\.(\d+)\.(\d+)(?:-([0-9A-Za-z.-]+))?/);
+  if (!match) return null;
+  return {
+    raw: `${match[1]}.${match[2]}.${match[3]}${match[4] ? `-${match[4]}` : ""}`,
+    major: Number(match[1]),
+    minor: Number(match[2]),
+    patch: Number(match[3]),
+    prerelease: match[4] ?? "",
+  };
+}
+
+function compareVersions(a, b) {
+  const parsedA = parseVersion(a);
+  const parsedB = parseVersion(b);
+  if (!parsedA || !parsedB) return 0;
+  for (const key of ["major", "minor", "patch"]) {
+    if (parsedA[key] !== parsedB[key]) return parsedA[key] - parsedB[key];
+  }
+  if (parsedA.prerelease && !parsedB.prerelease) return -1;
+  if (!parsedA.prerelease && parsedB.prerelease) return 1;
+  return parsedA.prerelease.localeCompare(parsedB.prerelease);
+}
+
+function normalizeOutdated(raw) {
+  if (!raw.trim()) return [];
+  const parsed = JSON.parse(raw);
+  const rows = [];
+
+  if (Array.isArray(parsed)) {
+    for (const item of parsed) rows.push(item);
+  } else {
+    for (const [name, details] of Object.entries(parsed)) rows.push({ name, ...details });
+  }
+
+  return rows
+    .map((row) => ({
+      name: row.name ?? row.packageName ?? row.package,
+      current: row.current,
+      wanted: row.wanted,
+      latest: row.latest,
+      type: row.dependencyType ?? row.type,
+      dependent: row.dependent ?? row.workspace ?? row.location,
+    }))
+    .filter((row) => row.name && parseVersion(row.current));
+}
+
+async function fetchMetadata(name) {
+  if (typeof fetch !== "function") {
+    throw new Error("This helper requires Node.js with global fetch support.");
+  }
+  const encoded = encodeURIComponent(name).replace("%40", "@");
+  const response = await fetch(`https://registry.npmjs.org/${encoded}`);
+  if (!response.ok) {
+    throw new Error(`Could not fetch npm metadata for ${name}: ${response.status}`);
+  }
+  return response.json();
+}
+
+function classify(current, target) {
+  const currentParsed = parseVersion(current);
+  const targetParsed = parseVersion(target);
+  if (!currentParsed || !targetParsed) return "unknown";
+  if (targetParsed.major !== currentParsed.major) return "major";
+  if (targetParsed.minor !== currentParsed.minor) return "minor";
+  if (targetParsed.patch !== currentParsed.patch) return "patch";
+  return "same";
+}
+
+async function main() {
+  const args = parseArgs(process.argv);
+  const manager = args.manager === "auto" ? detectManager() : args.manager;
+  if (!["npm", "pnpm"].includes(manager)) throw new Error("--manager must be auto, npm, or pnpm");
+
+  const windowMs = args.minutes != null ? args.minutes * MINUTE_MS : args.days * DAY_MS;
+  if (!Number.isFinite(windowMs) || windowMs < 0) {
+    throw new Error("Release-age window must be a positive number");
+  }
+
+  const now = new Date();
+  const cutoff = new Date(now.getTime() - windowMs);
+  const outdatedRows = normalizeOutdated(runOutdated(manager));
+  const rows = [];
+
+  for (const item of outdatedRows) {
+    const metadata = await fetchMetadata(item.name);
+    const times = metadata.time ?? {};
+    const current = parseVersion(item.current)?.raw;
+    const versions = Object.keys(metadata.versions ?? {})
+      .filter((version) => parseVersion(version))
+      .filter((version) => !parseVersion(version)?.prerelease)
+      .sort(compareVersions);
+
+    const newerEligible = versions
+      .filter((version) => compareVersions(version, current) > 0)
+      .filter((version) => times[version] && new Date(times[version]) <= cutoff);
+
+    const sameMajor = newerEligible.filter((version) => parseVersion(version).major === parseVersion(current).major);
+    const eligibleSameMajor = sameMajor.at(-1) ?? "";
+    const eligibleAny = newerEligible.at(-1) ?? "";
+
+    rows.push({
+      name: item.name,
+      dependent: item.dependent ?? "",
+      type: item.type ?? "",
+      current: item.current,
+      wanted: item.wanted ?? "",
+      latest: item.latest ?? metadata["dist-tags"]?.latest ?? "",
+      latestPublished: times[item.latest] ?? "",
+      eligibleSameMajor,
+      eligibleSameMajorPublished: eligibleSameMajor ? times[eligibleSameMajor] : "",
+      eligibleSameMajorType: eligibleSameMajor ? classify(current, eligibleSameMajor) : "",
+      eligibleAny,
+      eligibleAnyPublished: eligibleAny ? times[eligibleAny] : "",
+      eligibleAnyType: eligibleAny ? classify(current, eligibleAny) : "",
+      latestIsMajor: item.latest ? classify(current, item.latest) === "major" : false,
+    });
+  }
+
+  console.log(
+    JSON.stringify(
+      {
+        manager,
+        cwd: join(process.cwd()),
+        now: now.toISOString(),
+        cutoff: cutoff.toISOString(),
+        rows,
+      },
+      null,
+      2,
+    ),
+  );
+}
+
+main().catch((error) => {
+  console.error(error instanceof Error ? error.message : String(error));
+  process.exit(1);
+});
diff --git a/.agents/skills/linea-dependency-maintenance/scripts/eligible-updates.mjs b/.agents/skills/linea-dependency-maintenance/scripts/eligible-updates.mjs
