@vendure/core
Version:
A modern, headless ecommerce framework
81 lines (80 loc) • 3.89 kB
TypeScript
import { ConfigService } from '../../config/config.service';
import { TelemetryPluginInfo } from '../telemetry.types';
/**
* Determines whether an npm package name belongs to the Vendure plugin
* ecosystem. Deliberately restricted to packages published on the public npm
* registry under the official (`@vendure/*-plugin`, plus `@vendure/core`) and
* community (`@vendure-community/*`) scopes.
*
* Arbitrary third-party or privately-named packages are intentionally NOT
* matched here, so that scanning the host `package.json` can never transmit a
* private or internal package name — preserving the guarantee that custom
* plugin names are not collected. Such third-party plugins are still detected
* by package name via require.cache when they are actually loaded under
* CommonJS.
*/
export declare function isVendurePluginPackage(name: string): boolean;
/**
* Collects information about plugins used in the Vendure installation.
* Detects npm packages by checking if the plugin originates from node_modules.
* Custom plugin names are NOT collected for privacy.
*/
export declare class PluginCollector {
private readonly configService;
constructor(configService: ConfigService);
collect(): TelemetryPluginInfo;
/**
* Reads every `package.json` found by walking up from each search directory
* and returns the names of declared Vendure plugin packages. Relies only on
* the filesystem, so it works regardless of whether plugins were loaded via
* CommonJS or native ESM.
*
* Monorepo-aware: it merges manifests up the tree (stopping at a project
* boundary) and searches from both the current working directory and the
* application entry point. This covers workspace layouts where plugin
* dependencies live in a sub-package and/or the repository root, and where
* the process is started from a different directory than the app package.
*
* Only runtime dependency sections are scanned (`dependencies` and
* `optionalDependencies`); `devDependencies` are excluded since they are
* not runtime plugins. Returns an empty array on any failure.
*/
getDeclaredVendurePackages(searchDirs?: string[]): string[];
/**
* Parses a single `package.json` and returns the Vendure ecosystem package
* names declared in its runtime dependency sections. Returns an empty array
* if the manifest cannot be read or parsed.
*/
private readVendurePackagesFromManifest;
/**
* The directories from which to search for package.json manifests: the
* current working directory (the primary signal) and, when resolvable, the
* directory of the application entry point — which in a monorepo may sit in
* a different workspace package than the cwd. Deduplicated.
*/
private getManifestSearchDirs;
/**
* Returns the paths of all `package.json` files found by walking up from
* `startDir`, stopping at a project boundary — a directory containing a
* `.git` entry (repo root) or a `node_modules` directory (install /
* workspace root). Both markers exist in real deployments, so the walk
* stays inside the project rather than reading unrelated ancestor
* manifests. Bounded to a fixed depth as a final safety net.
*/
private findPackageJsonPaths;
/**
* Finds the npm package name for a plugin.
* First checks against known Vendure plugins, then falls back to require.cache inspection.
*/
private findNpmPackage;
/**
* Searches the require cache for a plugin class.
* This is a fallback for third-party npm plugins not in our known list.
*/
private findInRequireCache;
/**
* Extracts the npm package name from a node_modules path.
* Handles both scoped (@scope/package) and unscoped packages.
*/
private extractPackageName;
}