1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
## Post-1.2.0 (bundled-dep feature followups)
- [x] **v1.2.1/1.2.2 (bug): reconcile change-detection is version-aware.** 1.2.1 switched `reconcile_bundle_deps` to detect change via `_url_version` (parsed version, not raw URL string) but mis-parsed several real URL shapes; 1.2.2 completes it. `_url_version` strips the URL's own github repo name from the basename (handles digit/dash dep names like `lua-compat-5.3`, bare-tag package-rev suffixes like `1.52.1-0`, sha pins), and `_url_repo` is lowercased (fixes the `JuliaStrings/utf8proc` vs `juliastrings/utf8proc` case mismatch that had utf8proc reporting no-match + in the FYI). Report shows `name old-ver -> new-ver`. Verified against all 13 live neovim 0.12.4 deps: all match + current, no false change, real bump still detected. Tests T-BM17/22/23. Compares version strings only, not `NAME_SHA256`; add sha compare if a same-version-different-content case ever appears.
- [ ] add a `--special` flag to add a package to the bundled list, asking for a link to it's upstream deps list file
- [~] split `mkhint` into multiple files — **deferred (2026-07-08).** 1568 lines / 46 functions with clear section markers is under the threshold where a split pays off, and bash has no module system: "split" means `source lib/*.sh`, which complicates the single-binary VM deploy (`scp mkhint` → copy a dir + fixed libdir, or a concatenate build step) and means auditing shared globals (`REPO_DIR`, `VERSION`, `FORCE`, config-source order) crossing file boundaries. Revisit trigger: file grows toward ~2500+ lines, OR a change to one area starts breaking an unrelated one, OR you can't find where something lives. When that happens, extract ONLY the self-contained bundled-dep block (`# ── bundled-dep manifest handling ──` … `# ── end`, already has begin/end markers and its own T-BM tests) as a single `lib/bundle.sh` — do not do a full teardown.
- [ ] add a noDL column to `--list` similar to what we do with DelReq
- [x] **v1.2.4:** suppress `prompt_continuation_urls` for manifest-listed packages (Phase 2 already corrects those lines; avoids the double-touch during the primary bump)
- [ ] **expand nvchecker source autodetection (priority):** map more upstream hosts than github/pypi in `add_nvchecker_section` (the single global emitter, used by `--new` and `--check` populate). Forges (owner/repo): gitlab, bitbucket, gitea.com, codeberg (gitea + `host`), pagure. Registries (name from URL, fall back to PRGNAM, else PRGNAM + `# verify`): npm, gems, cratesio, cpan, hackage, packagist, cran. Unrecognised → keep the `# TODO` stub.
- [ ] `--new`/`-n` prints the nvchecker stanza it appends (always, added or already-present), so I can see whether it needs hand-editing
- [ ] `--info`/`-i program`: print the relative path `category/program` highlighted (green) on top, then the program's README, paged if it doesn't fit
- [ ] `--check --dry-run`: report what would change across all listed packages without prompting or writing (audit before acting)
- [ ] cache the manifest per run: `reconcile_bundle_deps` currently fetches it twice (report + apply); fetch once and reuse
- [ ] verify md5 against the manifest `SHA256`: cross-check the downloaded file's sha256 against the manifest entry before writing MD5SUM (integrity check)
- [ ] config validation command (e.g. `--check-config`): sanity-check nvchecker.toml sections, bundle-manifests URLs, phantom-deps file, and that configured paths exist
- [ ] batch `--check` summary report at the end: counts of updated / bundled-deps bumped / skipped, instead of only per-package interleaved output
|