diff --git a/package.json b/package.json index 5ec3e2c..3ff6277 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@synsoftworks/depgraph-cli", - "version": "0.2.8", + "version": "0.2.9", "description": "Graph-first dependency risk analysis for npm packages and dependency trees", "type": "module", "keywords": [ diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index c6b14d3..26551ac 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -14,9 +14,6 @@ importers: commander: specifier: ^14.0.3 version: 14.0.3 - gitrole: - specifier: ^0.7.0 - version: 0.7.0 ink: specifier: ^5.0.0 version: 5.2.1(@types/react@18.3.28)(react@18.3.1) @@ -292,11 +289,6 @@ packages: get-tsconfig@4.13.7: resolution: {integrity: sha512-7tN6rFgBlMgpBML5j8typ92BKFi2sFQvIdpAqLA2beia5avZDrMs0FLZiM5etShWq5irVyGcGMEA1jcDaK7A/Q==} - gitrole@0.7.0: - resolution: {integrity: sha512-QC9gHNzJSMrqnS8JAf/qnhwLWAzVufxRyqFIOtYJUzvcD5de5DPkGKKYk/7v79TmgEaH16O9MRqViblnhUdVHg==} - engines: {node: '>=20'} - hasBin: true - indent-string@5.0.0: resolution: {integrity: sha512-m6FAo/spmsW2Ab2fU35JTYwtOKa2yAwXSwgjSv1TJzh4Mh7mC3lzAOVLBprb72XsTrgkEIsl7YrFNAiDiRhIGg==} engines: {node: '>=12'} @@ -614,11 +606,6 @@ snapshots: dependencies: resolve-pkg-maps: 1.0.0 - gitrole@0.7.0: - dependencies: - chalk: 5.6.2 - commander: 14.0.3 - indent-string@5.0.0: {} ink@5.2.1(@types/react@18.3.28)(react@18.3.1): diff --git a/src/domain/metadata-field-state.ts b/src/domain/metadata-field-state.ts index 93bc3e6..70edee2 100644 --- a/src/domain/metadata-field-state.ts +++ b/src/domain/metadata-field-state.ts @@ -29,8 +29,9 @@ export interface MetadataFieldState { * these helpers instead of inferring meaning directly from `null` or `false`. * * This contract distinguishes between "observed absence" and "not collected yet". - * Fields that are not currently ingested MUST return `unavailable`, not - * `observed_absent`. + * Observed absence means the system actually checked the field and confirmed + * that the value is absent or clean. Fields that are not currently ingested + * MUST return `unavailable`, not `observed_absent`. * * `observed_absent` is part of the contract for fields that are explicitly * checked clean, but current advisory ingestion does not produce that state yet. @@ -54,6 +55,10 @@ export function observedPresentMetadataFieldState(value: T): MetadataFieldSta /** * Creates a state representing an observed explicit absence. * + * Use this only when DepGraph actually checked the field and confirmed the + * absence. Fields that are not ingested yet must return `unavailable`, not + * `observed_absent`. + * * @param value Field value that encodes a checked-clean or otherwise observed absence. * @returns Metadata field state marked as observed absent. */