Expand description
Core library for Jhol: cache, install, doctor, registry, lockfile, backend, audit. Used by the CLI binary; can be reused by other tools (e.g. LSP, server).
Re-exports§
pub use audit::generate_sbom;pub use audit::run_audit;pub use audit::run_audit_fix;pub use audit::run_audit_gate;pub use audit::run_audit_raw;pub use audit::SbomFormat;pub use backend::bun_available;pub use backend::resolve_backend;pub use backend::Backend;pub use config::load_config;pub use config::Config;pub use doctor::check_dependencies;pub use doctor::fix_dependencies;pub use install::install_lockfile_only;pub use install::install_package;pub use install::resolve_install_from_package_json;pub use install::InstallOptions;pub use prefetch::prefetch_from_lockfile;pub use lockfile::detect_lockfile;pub use lockfile::lockfile_integrity_complete;pub use lockfile::read_resolved_from_dir;pub use lockfile::LockfileKind;pub use run::get_script_command;pub use run::run_script;pub use exec::exec_binary;pub use exec::find_binary_in_node_modules;pub use cdn::esm_sh_url;pub use cdn::fetch_esm_to_file;pub use workspaces::list_workspace_roots;pub use utils::cache_clean;pub use utils::cache_export;pub use utils::cache_import;pub use utils::cache_prune;pub use utils::cache_size_bytes;pub use utils::get_cache_dir;pub use utils::init_cache;pub use utils::list_cached_packages;pub use utils::lockfile_content_hash;pub use utils::log;pub use utils::log_error;pub use ux::uninstall;pub use ux::update_packages;pub use ux::why_package;
Modules§
- audit
- Audit (vulnerabilities) and SBOM generation.
- backend
- Backend abstraction: Bun or npm. Install, doctor, and audit are now native by default. Backend is only used when the user passes –fallback-backend (install) or similar opt-in.
- cdn
- Optional CDN / ESM-style fetch: produce esm.sh URLs for packages (no full install). Does not replace the main install path; no native addons or full npm semantics.
- config
- Optional config from .jholrc or ~/.jholrc (JSON). Merged with env and CLI.
- doctor
- exec
- Native exec: run a binary from node_modules/.bin without npx/npm exec.
- http_
client - Bounded HTTP client: connection reuse via a single Agent, capped concurrency.
- install
- lockfile
- Read package-lock.json and bun.lock for resolved versions (deterministic installs).
- lockfile_
write - Native lockfile writing: resolve dependency tree and emit package-lock.json.
- osv
- OSV (Open Source Vulnerabilities) API client for native audit.
- prefetch
- Prefetch: fill the store from lockfile without writing node_modules.
- registry
- Native npm registry client: fetch metadata and tarballs via HTTP.
- run
- Native script runner: run package.json scripts without npm or Bun.
- utils
- ux
- UX parity helpers: uninstall/update/why.
- workspaces
- Workspace detection and listing (package.json “workspaces” field).