hastebin/scripts/refresh-lockfile.sh

#!/bin/bash
# Refresh package-lock.json to apply npm overrides and get latest compatible versions
# This ensures security patches from overrides are actually applied
#
# Usage:
#   ./scripts/refresh-lockfile.sh          # Refresh lock file and install deps
#   ./scripts/refresh-lockfile.sh --check  # Check if refresh needed (for CI)

set -e

cd "$(dirname "$0")/.."

CHECK_MODE=false
if [ "$1" = "--check" ]; then
    CHECK_MODE=true
fi

echo "🔄 Refreshing package-lock.json..."

# Backup current lock file hash for comparison
OLD_HASH=""
if [ -f package-lock.json ]; then
    OLD_HASH=$(shasum -a 256 package-lock.json | cut -d' ' -f1)
fi

# Clean and regenerate
rm -rf node_modules package-lock.json

if [ "$CHECK_MODE" = true ]; then
    # CI mode: just generate lock file quickly
    npm install --package-lock-only
else
    # Local mode: full install
    npm install
fi

NEW_HASH=$(shasum -a 256 package-lock.json | cut -d' ' -f1)

if [ "$OLD_HASH" = "$NEW_HASH" ]; then
    echo "✅ package-lock.json is up to date"
    exit 0
else
    echo "📦 package-lock.json was updated"
    
    if [ "$CHECK_MODE" = true ]; then
        echo "⚠️  Lock file is out of date - run 'npm run refresh:lockfile' locally"
        exit 1
    fi
    
    echo "✅ Refresh complete - commit the updated package-lock.json"
    exit 0
fi