refactor: use semver instead of manual implementations (#48)

* refactor: use `semver` instead of manual implementations

* fix: compare prerelease correctly

Author: 9romise

package.json

@@ -155,6 +155,7 @@
   },
   "devDependencies": {
     "@types/node": "catalog:dev",
+    "@types/semver": "catalog:dev",
     "@types/vscode": "1.101.0",
     "@vida0905/eslint-config": "catalog:dev",
     "eslint": "catalog:dev",
@@ -167,6 +168,7 @@
     "ofetch": "catalog:inline",
     "perfect-debounce": "catalog:inline",
     "reactive-vscode": "catalog:inline",
+    "semver": "catalog:inline",
     "tsdown": "catalog:dev",
     "typescript": "catalog:dev",
     "vite-tsconfig-paths": "catalog:test",

pnpm-lock.yaml

@@ -4,6 +4,7 @@ trustPolicy: no-downgrade
 catalogs:
   dev:
     '@types/node': ^25.3.0
+    '@types/semver': ^7.7.1
     '@vida0905/eslint-config': ^2.10.1
     eslint: ^10.0.1
     husky: ^9.1.7
@@ -18,6 +19,7 @@ catalogs:
     ofetch: ^2.0.0-alpha.3
     perfect-debounce: ^2.1.0
     reactive-vscode: ^1.0.0-beta.2
+    semver: ^7.7.4
     yaml: ^2.8.2
   test:
     jest-mock-vscode: ^4.11.0

pnpm-workspace.yaml

@@ -1,7 +1,10 @@
 import type { DependencyInfo } from '#types/extractor'
 import type { ParsedVersion } from '#utils/version'
 import type { DiagnosticRule, NodeDiagnosticInfo } from '..'
-import { formatVersion, getPrereleaseId, isSupportedProtocol, lt, parseVersion } from '#utils/version'
+import { formatVersion, isSupportedProtocol, parseVersion } from '#utils/version'
+import prerelease from 'semver/functions/prerelease'
+import gtr from 'semver/ranges/gtr'
+import ltr from 'semver/ranges/ltr'
 import { DiagnosticSeverity } from 'vscode'
 
 function createUpgradeDiagnostic(dep: DependencyInfo, parsed: ParsedVersion, upgradeVersion: string): NodeDiagnosticInfo {
@@ -22,19 +25,19 @@ export const checkUpgrade: DiagnosticRule = (dep, pkg) => {
   const { semver } = parsed
   const latest = pkg.distTags.latest
 
-  if (latest && lt(semver, latest))
+  if (latest && gtr(latest, semver))
     return createUpgradeDiagnostic(dep, parsed, latest)
 
-  const currentPreId = getPrereleaseId(semver)
-  if (!currentPreId)
+  const currentPreId = prerelease(semver)?.[0]
+  if (currentPreId == null)
     return
 
   for (const [tag, tagVersion] of Object.entries(pkg.distTags)) {
     if (tag === 'latest')
       continue
-    if (getPrereleaseId(tagVersion) !== currentPreId)
+    if (prerelease(tagVersion)?.[0] !== currentPreId)
       continue
-    if (!lt(semver, tagVersion))
+    if (ltr(tagVersion, semver))
       continue
 
     return createUpgradeDiagnostic(dep, parsed, tagVersion)

src/providers/diagnostics/rules/upgrade.ts

@@ -2,7 +2,8 @@ import type { OsvSeverityLevel, PackageVulnerabilityInfo } from '#utils/api/vuln
 import type { DiagnosticRule } from '..'
 import { getVulnerability, SEVERITY_LEVELS } from '#utils/api/vulnerability'
 import { npmxPackageUrl } from '#utils/links'
-import { formatVersion, isSupportedProtocol, lt, parseVersion } from '#utils/version'
+import { formatVersion, isSupportedProtocol, parseVersion } from '#utils/version'
+import lt from 'semver/functions/lt'
 import { DiagnosticSeverity, Uri } from 'vscode'
 
 const DIAGNOSTIC_MAPPING: Record<Exclude<OsvSeverityLevel, 'unknown'>, DiagnosticSeverity> = {

src/providers/diagnostics/rules/vulnerability.ts

@@ -48,56 +48,3 @@ export function parseVersion(rawVersion: string): ParsedVersion | null {
 
   return { protocol, prefix, semver }
 }
-
-export function getPrereleaseId(version: string): string | null {
-  const idx = version.indexOf('-')
-  if (idx === -1)
-    return null
-  const pre = version.slice(idx + 1).split('.')[0]
-  return pre || null
-}
-
-/**
- * Compare two pre-release strings part by part following SemVer precedence rules.
- *
- * Numeric parts are compared as numbers, string parts are compared lexicographically.
- * A version with fewer parts is less than one with more parts when all preceding parts are equal.
- */
-function comparePrereleasePrecedence(a: string, b: string): number {
-  const partsA = a.split('.')
-  const partsB = b.split('.')
-
-  for (let i = 0; i < Math.max(partsA.length, partsB.length); i++) {
-    if (i >= partsA.length)
-      return -1
-    if (i >= partsB.length)
-      return 1
-
-    const numA = Number(partsA[i])
-    const numB = Number(partsB[i])
-    if (!Number.isNaN(numA) && !Number.isNaN(numB)) {
-      return numA - numB
-    } else if (partsA[i] !== partsB[i]) {
-      return partsA[i] < partsB[i] ? -1 : 1
-    }
-  }
-
-  return 0
-}
-
-export function lt(a: string, b: string): boolean {
-  const [coreA, preA] = a.split('-', 2)
-  const [coreB, preB] = b.split('-', 2)
-  const partsA = coreA.split('.').map(Number)
-  const partsB = coreB.split('.').map(Number)
-  for (let i = 0; i < 3; i++) {
-    const diff = (partsA[i] || 0) - (partsB[i] || 0)
-    if (diff !== 0)
-      return diff < 0
-  }
-  if (preA && !preB)
-    return true
-  if (!preA || !preB)
-    return false
-  return comparePrereleasePrecedence(preA, preB) < 0
-}

src/utils/version.ts

@@ -1,5 +1,5 @@
 import { describe, expect, it } from 'vitest'
-import { getPrereleaseId, lt, parseVersion } from '../../src/utils/version'
+import { parseVersion } from '../../src/utils/version'
 
 describe('parseVersion', () => {
   it('should parse plain version', () => {
@@ -72,58 +72,3 @@ describe('parseVersion', () => {
     expect(parseVersion('git+https://github.com/user/repo')).toBeNull()
   })
 })
-
-describe('getPrereleaseId', () => {
-  it('should return null for stable versions', () => {
-    expect(getPrereleaseId('1.0.0')).toBeNull()
-  })
-
-  it('should extract identifier', () => {
-    expect(getPrereleaseId('2.0.0-beta.1')).toBe('beta')
-  })
-
-  it('should handle prerelease without dots', () => {
-    expect(getPrereleaseId('1.0.0-canary')).toBe('canary')
-  })
-})
-
-describe('lt', () => {
-  it('should compare major versions', () => {
-    expect(lt('1.0.0', '2.0.0')).toBe(true)
-    expect(lt('2.0.0', '1.0.0')).toBe(false)
-  })
-
-  it('should compare minor versions', () => {
-    expect(lt('1.0.0', '1.1.0')).toBe(true)
-    expect(lt('1.1.0', '1.0.0')).toBe(false)
-  })
-
-  it('should compare patch versions', () => {
-    expect(lt('1.0.0', '1.0.1')).toBe(true)
-    expect(lt('1.0.1', '1.0.0')).toBe(false)
-  })
-
-  it('should return false for equal versions', () => {
-    expect(lt('1.0.0', '1.0.0')).toBe(false)
-  })
-
-  it('should treat prerelease as less than release', () => {
-    expect(lt('1.0.0-beta.1', '1.0.0')).toBe(true)
-    expect(lt('1.0.0', '1.0.0-beta.1')).toBe(false)
-  })
-
-  it('should compare prerelease versions numerically', () => {
-    expect(lt('1.0.0-beta.1', '1.0.0-beta.2')).toBe(true)
-    expect(lt('1.0.0-beta.2', '1.0.0-beta.1')).toBe(false)
-  })
-
-  it('should compare different prerelease identifiers', () => {
-    expect(lt('1.0.0-alpha.1', '1.0.0-beta.1')).toBe(true)
-    expect(lt('1.0.0-beta.1', '1.0.0-alpha.1')).toBe(false)
-  })
-
-  it('should handle prerelease with fewer segments', () => {
-    expect(lt('1.0.0-beta', '1.0.0-beta.1')).toBe(true)
-    expect(lt('1.0.0-beta.1', '1.0.0-beta')).toBe(false)
-  })
-})

tests/utils/version.test.ts

@@ -17,6 +17,7 @@ export default defineConfig({
     'ofetch',
     'perfect-debounce',
     'reactive-vscode',
+    'semver',
     'yaml',
   ],
   minify: 'dce-only',