dart-lang
Write information about package resolution to a file (`.dart_tool/pub/resolution_findings.json`?) for better IDE integration
I'm raising this based on discussions in https://github.com/Dart-Code/Dart-Code/issues/4256 about surfacing more info from Pub and the resolution results in IDEs.
Thinking about this now, we could perhaps surface security advisories the same way as analyzer warnings. The "outdated" ones should probably be more subtle.
Always having pub output a timestamped
.dart_tool/pub/resolution_findings.jsonsounds like a promising direction. It could contain findings from the last resolution, together with severities and locations inpubspec.yaml.
If this information was written on a JSON file, the analysis server could read it and (depending on user preferences in analysis_options.yaml) could produce diagnostics (warnings/errors/info) attached to the dependencies in pubspec.yaml (or in the case of transitive dependencies, pubspec.lock?).
@bwilkerson do you have preferences of how this could look?
I imagine something like:
{
"findings": [
{
"file": "pubspec.yaml",
"offset": 27,
"length": 15,
"severity": "info",
"message": "Newer version available",
"suggestion": "Run `pub upgrade foo`"
}
]
}
"suggestion": "Runpub upgrade foo"
It might be good if we could structure this in a way that the server can provide it as a Code Action rather than requiring the user do it, for example:
action: {
title: "Run 'pub upgrade foo'",
command: "pub",
args: ["upgrade", "foo"]
}
Or if we don't want to support arbitrary commands we could define some well-known commands for server:
action: {
title: "Run 'pub upgrade foo'",
command: "dart.pub.upgrade", // this could be something defined by server, similar to (or the same as) LSP commands
args: ["foo"]
}