chore: remove accidentally committed add.log
A dependency health diagnostic tool for the MoonBit ecosystem.
MoonBit Depsight analyzes your moon.mod and recursively inspects the entire transitive dependency tree to surface risks before they become problems.
moon.mod
depsight tree
CYCLE-001
^
~
~>
>=
>
<=
<
=
@deprecated
fn
let
const
struct
enum
trait
.depsight.toml [scoring]
depsight audit
npm audit
depsight report --html
depsight audit --json
depsight audit --sarif
depsight audit --markdown
--depth
--fail-on-score <n>
--fail-on-critical
--baseline auto
.depsight-baseline.json
--offline
--cache-dir <path>
--quiet
depsight outdated
depsight why <package>
depsight check
.depsight.toml
ignore
[severity]
LICENSE-001 = "warning"
baseline = "auto"
git clone https://github.com/Tino-hue/moonmark.git cd moonmark moon build --target js
moon add Tino-hue/depsight
# 查看依赖树(ASCII 格式) node _build/js/debug/build/depsight.js tree [package] node _build/js/debug/build/depsight.js tree --depth 3 # 运行依赖审计(终端彩色输出) node _build/js/debug/build/depsight.js audit # JSON 格式输出(供 CI 消费) node _build/js/debug/build/depsight.js audit --json # 生成完整报告 node _build/js/debug/build/depsight.js report node _build/js/debug/build/depsight.js report --html -o report.html node _build/js/debug/build/depsight.js report --json -o report.json # 检查可更新的依赖包 node _build/js/debug/build/depsight.js outdated # 追溯谁依赖了某个包 node _build/js/debug/build/depsight.js why moonbitlang/core # 快速健康检查(CI 一行输出) node _build/js/debug/build/depsight.js check # SARIF 格式输出(GitHub Code Scanning) node _build/js/debug/build/depsight.js audit --sarif
# 健康分低于 80 时返回 exit code 1 node _build/js/debug/build/depsight.js audit --fail-on-score 80 # 发现 critical 问题时返回 exit code 1 node _build/js/debug/build/depsight.js audit --fail-on-critical # 离线模式(仅使用本地缓存) node _build/js/debug/build/depsight.js audit --offline --cache-dir ./cache
- name: Dependency Health Audit run: node depsight.js audit --html -o depsight-report.html - uses: actions/upload-artifact@v4 with: name: depsight-report path: depsight-report.html
Tested on Windows 11, Node.js v22.x, MoonBit JS debug mode
For detailed usage guide, see docs/USAGE.md.
For detailed benchmark methodology and bottleneck analysis, see docs/benchmark.md.
# 构建 JS 产物 moon build --target js # 运行测试(267 个,秒级完成) moon test --target js # 运行所有测试(含 8 个性能测试,约 30-60 秒) moon test --target js --no-skip # 格式化检查 moon fmt --check # 运行 linter(JS target only;wasm-gc 不支持 JS FFI) moon check --target js
├── parse/ # moon.mod parser & Module data structure ├── fetch/ # Registry abstraction & GitHub raw content fetcher ├── graph/ # Dependency graph, builder, topological sort, cycle detection ├── analyze/ # Core analysis engine (semver, license, deprecated, health score, size) ├── report/ # Diagnostic data structure (Critical/Warning/Info) ├── cli/ # CLI argument parsing & command dispatch └── main.mbt # Entry point
For detailed architecture design, see docs/architecture.md.
Apache-2.0
MoonBit Depsight does not use a traditional dependency lock file. To ensure reproducible builds:
MOONBIT_INSTALL_VERSION=latest
.github/workflows/
.mooncakes/
moon update
To match the CI environment exactly, install the same MoonBit CLI version via the Chinese mirror:
# 国内镜像(GitHub Actions 默认使用,避免 403) MOONBIT_INSTALL_VERSION=latest curl -fsSL https://cli.moonbitlang.cn/install/unix.sh | bash
MoonBit Depsight — 依赖健康诊断器。分析 MoonBit 项目依赖树,检测废弃 API、许可证风险、体积膨胀,并生成健康评分报告。
版权所有:中国计算机学会技术支持:开源发展技术委员会 京ICP备13000930号-9 京公网安备 11010802047560号
MoonBit Depsight
A dependency health diagnostic tool for the MoonBit ecosystem.
Overview
MoonBit Depsight analyzes your
moon.modand recursively inspects the entire transitive dependency tree to surface risks before they become problems.Features
Dependency Resolution & Visualization
depsight tree)CYCLE-001)Diagnostic Engine
^,~,~>,>=,>,<=,<,=, bare version)@deprecatedannotations from doc comments onfn/let/const/struct/enum/trait.depsight.toml [scoring]sectionReport Output
depsight audit): Color-coded audit output grouped by Critical/Warning/Info, similar tonpm auditdepsight report --html): Interactive single-file report with collapsible dependency tree, dashboard, and diagnosticsdepsight audit --json): Structured data for CI/CD integrationdepsight audit --sarif): Standard v2.1.0 format for GitHub Code Scanningdepsight audit --markdown): GitHub README / PR compatible formatdepsight tree): ASCII tree with--depthcontrol and inline diagnostic badgesCI/CD Integration
--fail-on-score <n>: Exit with error when health score is below threshold--fail-on-critical: Exit with error when critical issues found--baseline auto: Diff against previous run (auto-saved to.depsight-baseline.json)--offline: Use local cache only--cache-dir <path>: Specify cache directory--quiet: Suppress non-essential output (CI-friendly)Quick Commands
depsight outdated: Check for outdated dependencies with breaking change detectiondepsight why <package>: Trace who depends on a specific packagedepsight check: One-line health check output (PASS/WARN/FAIL) for CI pipelinesConfiguration (
.depsight.toml)ignore: Comma-separated list of diagnostic codes to suppress[severity]: Override default diagnostic levels per code (e.g.LICENSE-001 = "warning")baseline = "auto": Enable automatic baseline comparison by defaultInstallation
从源码构建
作为 MoonBit 包依赖
Usage
命令概览
CI 集成
GitHub Actions 示例
Performance
Tested on Windows 11, Node.js v22.x, MoonBit JS debug mode
For detailed usage guide, see docs/USAGE.md.
For detailed benchmark methodology and bottleneck analysis, see docs/benchmark.md.
Development
Project Structure
For detailed architecture design, see docs/architecture.md.
License
Apache-2.0
Reproducible Builds
MoonBit Depsight does not use a traditional dependency lock file. To ensure reproducible builds:
MOONBIT_INSTALL_VERSION=latest(see.github/workflows/).mooncakes/(gitignored)moon updateto refresh the local cache to the latest registry stateTo match the CI environment exactly, install the same MoonBit CLI version via the Chinese mirror: