SDK exports and stability
@nodehunter/core publishes a large programmatic surface. nodehunter classifies every export by stability tier so SDK users know what is safe to depend on — and what may move without a major-version apology.
Where to import from
| Import path | Stability | Use in your app |
|---|---|---|
@nodehunter/core | stable | Yes — primary SDK (runScan, runSize, runFind, envelopes, …) |
@nodehunter/core/shared | stable | Yes — scanner helpers, constants, shared utilities |
@nodehunter/core/advanced | advanced | Sparingly — low-level run emitters; review release notes before upgrading |
@nodehunter/core/internal | internal | No — CLI host wiring only; can change in any release |
// Recommended
import { runFind, runInspect, buildAnalysisCommandEnvelope } from '@nodehunter/core';
// Shared helpers when you compose your own walk/sizing
import { walkForNodeModules, DEFAULT_IGNORES } from '@nodehunter/core/shared';
// Avoid in application code
// import { getRunOptions } from '@nodehunter/core/internal';The root barrel currently exposes 200+ stable flat exports plus namespaces (scan, size, suggestions). Advanced and internal symbols are isolated on subpaths so they do not pollute the default import.
Stability tiers
| Tier | Meaning for SDK users |
|---|---|
| stable | Supported public contract — run* ops, host context types, JSON envelope builders, workspace query helpers used by CLI |
| advanced | Useful but lower-level — may evolve as presentation and emitter plumbing changes |
| internal | Host-only — global run options, CLI session glue; not semver-guaranteed for external apps |
| unclassified | Cannot ship — blocked by pnpm exports:validate in the repository |
Tiers are assigned via an allowlist and naming rules in the repo, with optional @sdkTier JSDoc tags on declarations. See the export governance README on GitHub for maintainer commands and tier tagging.
Why this exists
nodehunter grew a rich workspace layer (find, why, inspect, buildWorkspaceIndex, cache ports, presentation builders). Export governance keeps that power auditable:
- New symbols must be classified before release
exports:diffshows what changed between tags or local editsexports:validatefails CI if tsconfig paths drift frompackage.jsonexports or unclassified symbols appear
That discipline is what lets the CLI ship a self-contained binary while still publishing @nodehunter/core as its own package — you get a reviewed surface, not an accidental dump of every internal helper.
Reports SDK users should care about
If you pin @nodehunter/core and upgrade between nodehunter releases, these commands (run from a clone of the repository) explain API drift:
pnpm exports:inventory # tier counts for current barrel
pnpm exports:diff v0.0.1 # what changed since a tag
pnpm exports:validate # strict pass/failHow to read them
| Command | What to look for |
|---|---|
exports:inventory | stable / advanced / internal counts; use -v to list every symbol and tier |
exports:diff | Added / removed symbols when upgrading — scan for APIs you import |
exports:validate | Exit 0 = barrel rules satisfied; failures mean the release is not ready |
Diff output is the upgrade guide: if a symbol you rely on moved to internal or was removed, pin the previous version or adjust imports before deploying.
Inventory verbose (-v) shows targetSubpath — confirms whether a name lives on the root barrel or a subpath.
Full operator manual: scripts/exports/README.md (commands, cache, flags, examples).
Namespaces on the root barrel
The root package also exports grouped namespaces:
import { scan, size, suggestions } from '@nodehunter/core';These mirror sub-areas of the engine. Prefer direct named imports (runScan) unless you want a prefixed API (scan.runScan).
Before you depend on a symbol
- Import from
@nodehunter/coreor@nodehunter/core/sharedfirst. - Avoid
@nodehunter/core/internalin libraries, services, and CI jobs. - Treat
@nodehunter/core/advancedlike a power-user escape hatch — pin versions and readexports:diffon upgrade. - For JSON integrations, prefer stable envelope builders documented in JSON output.
Related
- SDK overview
- SDK examples
- Commands — CLI mapping for
find,why,inspect - Export governance README (GitHub)