UNPKG

@vendure/core

Version:

A modern, headless ecommerce framework

81 lines (80 loc) 3.89 kB
import { ConfigService } from '../../config/config.service'; import { TelemetryPluginInfo } from '../telemetry.types'; /** * Determines whether an npm package name belongs to the Vendure plugin * ecosystem. Deliberately restricted to packages published on the public npm * registry under the official (`@vendure/*-plugin`, plus `@vendure/core`) and * community (`@vendure-community/*`) scopes. * * Arbitrary third-party or privately-named packages are intentionally NOT * matched here, so that scanning the host `package.json` can never transmit a * private or internal package name — preserving the guarantee that custom * plugin names are not collected. Such third-party plugins are still detected * by package name via require.cache when they are actually loaded under * CommonJS. */ export declare function isVendurePluginPackage(name: string): boolean; /** * Collects information about plugins used in the Vendure installation. * Detects npm packages by checking if the plugin originates from node_modules. * Custom plugin names are NOT collected for privacy. */ export declare class PluginCollector { private readonly configService; constructor(configService: ConfigService); collect(): TelemetryPluginInfo; /** * Reads every `package.json` found by walking up from each search directory * and returns the names of declared Vendure plugin packages. Relies only on * the filesystem, so it works regardless of whether plugins were loaded via * CommonJS or native ESM. * * Monorepo-aware: it merges manifests up the tree (stopping at a project * boundary) and searches from both the current working directory and the * application entry point. This covers workspace layouts where plugin * dependencies live in a sub-package and/or the repository root, and where * the process is started from a different directory than the app package. * * Only runtime dependency sections are scanned (`dependencies` and * `optionalDependencies`); `devDependencies` are excluded since they are * not runtime plugins. Returns an empty array on any failure. */ getDeclaredVendurePackages(searchDirs?: string[]): string[]; /** * Parses a single `package.json` and returns the Vendure ecosystem package * names declared in its runtime dependency sections. Returns an empty array * if the manifest cannot be read or parsed. */ private readVendurePackagesFromManifest; /** * The directories from which to search for package.json manifests: the * current working directory (the primary signal) and, when resolvable, the * directory of the application entry point — which in a monorepo may sit in * a different workspace package than the cwd. Deduplicated. */ private getManifestSearchDirs; /** * Returns the paths of all `package.json` files found by walking up from * `startDir`, stopping at a project boundary — a directory containing a * `.git` entry (repo root) or a `node_modules` directory (install / * workspace root). Both markers exist in real deployments, so the walk * stays inside the project rather than reading unrelated ancestor * manifests. Bounded to a fixed depth as a final safety net. */ private findPackageJsonPaths; /** * Finds the npm package name for a plugin. * First checks against known Vendure plugins, then falls back to require.cache inspection. */ private findNpmPackage; /** * Searches the require cache for a plugin class. * This is a fallback for third-party npm plugins not in our known list. */ private findInRequireCache; /** * Extracts the npm package name from a node_modules path. * Handles both scoped (@scope/package) and unscoped packages. */ private extractPackageName; }