chore: update dependency update script

jdalton · jdalton · commit 3b41fd59aeb7 · 2025-11-03T00:20:31.000-05:00
- Replace old update script with improved version from socket-cli
- Add taze integration for automatic dependency updates
- Use logger methods with built-in emojis
- Add Socket package updates (@socketsecurity/*, @socketregistry/*)
diff --git a/scripts/update.mjs b/scripts/update.mjs
@@ -1,89 +1,128 @@
 /**
- * @fileoverview Update script for the SDK.
- * Updates dependencies and regenerates lockfile.
+ * @fileoverview Monorepo-aware dependency update script - checks and updates dependencies.
+ * Uses taze to check for updates across all packages in the monorepo.
  *
  * Usage:
- *   node scripts/update.mjs
+ *   node scripts/update.mjs [options]
+ *
+ * Options:
+ *   --quiet    Suppress progress output
+ *   --verbose  Show detailed output
+ *   --apply    Apply updates (default is check-only)
  */
 
-import { getDefaultLogger } from '@socketsecurity/lib/logger'
-import { printFooter, printHeader } from '@socketsecurity/lib/stdio/header'
-
-import { runCommand, runCommandQuiet } from './utils/run-command.mjs'
+import { isQuiet, isVerbose } from '@socketsecurity/lib/argv/flags'
+import loggerPkg from '@socketsecurity/lib/logger'
+import platformPkg from '@socketsecurity/lib/constants/platform'
+import spawnPkg from '@socketsecurity/lib/spawn'
 
-// Initialize logger
-const logger = getDefaultLogger()
+const { getDefaultLogger } = loggerPkg
+const { WIN32 } = platformPkg
+const { spawn } = spawnPkg
 
 async function main() {
+  const quiet = isQuiet()
+  const verbose = isVerbose()
+  const apply = process.argv.includes('--apply')
+  const logger = getDefaultLogger()
+
   try {
-    printHeader('Updating Dependencies')
+    if (!quiet) {
+      logger.log('\n🔨 Monorepo Dependency Update\n')
+    }
 
-    // Update lockfile.
-    logger.progress('Updating pnpm-lock.yaml...')
-    const lockResult = await runCommandQuiet('pnpm', ['install'], {
-      cwd: process.cwd(),
-    })
+    // Build taze command with appropriate flags for monorepo.
+    const tazeArgs = ['exec', 'taze', '-r']
 
-    if (lockResult.exitCode !== 0) {
-      logger.clearLine().error('Failed to update lockfile')
-      if (lockResult.stderr) {
-        console.error(lockResult.stderr)
+    if (apply) {
+      tazeArgs.push('-w')
+      if (!quiet) {
+        logger.progress('Updating dependencies across monorepo...')
+      }
+    } else {
+      if (!quiet) {
+        logger.progress('Checking for updates across monorepo...')
       }
-      process.exitCode = 1
-      return
     }
-    logger.clearLine().done('Updated pnpm-lock.yaml')
 
-    // Update Socket packages.
-    logger.progress('Updating Socket packages...')
-    const socketResult = await runCommand(
-      'pnpm',
-      [
-        'update',
-        '@socketsecurity/*',
-        '@socketregistry/*',
-        '--latest',
-        '--no-workspace',
-      ],
-      {
-        cwd: process.cwd(),
-        stdio: 'pipe',
-      },
-    )
+    // Run taze at root level (recursive flag will check all packages).
+    const result = await spawn('pnpm', tazeArgs, {
+      shell: WIN32,
+      stdio: quiet ? 'pipe' : 'inherit',
+    })
 
-    if (socketResult !== 0) {
-      logger.clearLine().error('Failed to update Socket packages')
-      process.exitCode = 1
-      return
+    // Clear progress line.
+    if (!quiet) {
+      process.stdout.write('\r\x1b[K')
     }
-    logger.clearLine().done('Updated Socket packages')
 
-    // Update dependencies.
-    logger.progress('Checking for outdated dependencies...')
-    const outdatedResult = await runCommandQuiet('pnpm', ['outdated'], {
-      cwd: process.cwd(),
-    })
+    // If applying updates, also update Socket packages.
+    if (apply && result.code === 0) {
+      if (!quiet) {
+        logger.progress('Updating Socket packages...')
+      }
 
-    if (outdatedResult.stdout?.trim()) {
-      logger.clearLine()
-      console.log('\nOutdated dependencies:')
-      console.log(outdatedResult.stdout)
-      console.log('\nRun "pnpm run taze" to update them.')
-    } else {
-      logger.clearLine().done('All dependencies are up to date')
+      const socketResult = await spawn(
+        'pnpm',
+        [
+          'update',
+          '@socketsecurity/*',
+          '@socketregistry/*',
+          '--latest',
+          '-r',
+        ],
+        {
+          shell: WIN32,
+          stdio: quiet ? 'pipe' : 'inherit',
+        },
+      )
+
+      // Clear progress line.
+      if (!quiet) {
+        process.stdout.write('\r\x1b[K')
+      }
+
+      if (socketResult.code !== 0) {
+        if (!quiet) {
+          logger.fail('Failed to update Socket packages')
+        }
+        process.exitCode = 1
+        return
+      }
     }
 
-    logger.log('')
-    logger.success('Update complete')
-    printFooter()
+    if (result.code !== 0) {
+      if (!quiet) {
+        if (apply) {
+          logger.fail('Failed to update dependencies')
+        } else {
+          logger.info('Updates available. Run with --apply to update')
+        }
+      }
+      process.exitCode = apply ? 1 : 0
+    } else {
+      if (!quiet) {
+        if (apply) {
+          logger.success('Dependencies updated across all packages')
+        } else {
+          logger.success('All packages up to date')
+        }
+        logger.log('')
+      }
+    }
   } catch (error) {
-    logger.log('')
-    logger.error(`Update failed: ${error.message}`)
+    if (!quiet) {
+      logger.fail(`Update failed: ${error.message}`)
+    }
+    if (verbose) {
+      logger.error(error)
+    }
     process.exitCode = 1
   }
 }
 
 main().catch(e => {
+  const logger = getDefaultLogger()
   logger.error(e)
   process.exitCode = 1
 })
