Skip to content

Latest commit

 

History

History
68 lines (46 loc) · 4.86 KB

File metadata and controls

68 lines (46 loc) · 4.86 KB

Changelog

All notable changes to this project are documented here. The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

0.3.0 (2026-05-27)

debtctl now governs code patches alongside overrides. patch-package, pnpm patchedDependencies, and yarn berry's patch: protocol are all detected; the new patch-hash trigger fires when a patch file's content drifts from the recorded hash, catching the case where a developer edits a patch without updating its rationale. The sidecar schema bumps to v2; v1 sidecars auto-migrate on first read. See Patches in the README for the full story.

Features

  • update sidecar schema to v2 with auto-migration (7a7bdae)
  • add patch-hash trigger type (2d046e1)
  • add patch file content hashing helper with LF normalization (cf02728)
  • parse patch-package patches (ed35c84)
  • parse pnpm patchedDependencies (1136ebf)
  • parse yarn berry patch protocol resolutions (844aa0e)
  • include patches in init and check commands (9257d3c)
  • support --only overrides:bucket and --only patches:bucket scoping (6725dea)

Bug Fixes

  • exclude patch protocol values from yarn overrides parsers (98c38ff)

0.2.1 — 2026-05-26

Changed

  • npm run build now cleans dist/ before compiling, and the publish pipeline runs as prepack instead of prepublishOnly so npm pack also produces a fresh build. Prevents stale or removed source files from leaking into published tarballs.

Fixed

  • debtctl --version now reports the version declared in package.json. Previously the CLI hardcoded 0.1.0 and continued to report it after the 0.2.0 release.
  • Malformed package.json or .debtctl.json now fails with a descriptive Failed to parse <path>: <reason> error instead of a raw SyntaxError stack trace.

0.2.0 — 2026-05-26

Added

  • pnpm parser now reads overrides from pnpm-workspace.yaml in addition to pnpm.overrides in package.json. When the same key appears in both, the workspace YAML value wins (matches pnpm's own precedence).
  • yaml runtime dependency for parsing pnpm-workspace.yaml.
  • Dependabot configuration for automated npm and GitHub Actions dependency updates.

Changed

  • Parser dispatcher (parseOverrides) is now async and accepts cwd as a third argument. The pnpm parser signature is (packageJson, cwd) => Promise<Override[]>; other parsers retain their synchronous in-memory signatures.
  • README install instructions now recommend the per-project (dev dependency) flow, with global install documented as an alternative for ad-hoc use.

0.1.0 — 2026-05-26

Initial release.

Added

  • debtctl init — scans package.json for dependency overrides and scaffolds .debtctl.json with stub metadata (reason, owner, revisitWhen).
  • debtctl check — reports overrides that are missing metadata, incomplete (still contain TODO fields), or due for review (their trigger has fired).
  • --strict flag escalates dueForReview from a warning to a failure.
  • --json flag emits machine-readable output for CI consumers.
  • --only <bucket> flag filters output to a single category (missing, incomplete, dueForReview, or orphans).
  • Package-manager detection via packageManager field with lockfile fallback. Supports npm, pnpm, yarn-classic, and yarn-berry.
  • Trigger types: version-anchor (fires when a package's declared range drifts) and date (fires when today ≥ expires).
  • Range comparison is semver-aware via semver.subset, with string-equality fallback for non-semver ranges like latest and workspace:*.
  • Warning when multiple lockfiles are present, with the matched set surfaced in JSON output.