From 89a633b3f6991eb4da1ff4249a0dd98d11076823 Mon Sep 17 00:00:00 2001
From: James Garbutt <43081j@users.noreply.github.com>
Date: Fri, 26 Sep 2025 16:01:40 +0100
Subject: [PATCH 1/2] feat: use tables instead of lists

---
 main.js     | 30 ++++++++++++++++--------------
 src/main.ts | 32 ++++++++++++++++++--------------
 2 files changed, 34 insertions(+), 28 deletions(-)

diff --git a/main.js b/main.js
index 4e62efe..d40e3f8 100644
--- a/main.js
+++ b/main.js
@@ -24475,16 +24475,16 @@ async function run() {
 This PR adds ${depIncrease} new dependencies (${baseDepCount} \u2192 ${currentDepCount}), which exceeds the threshold of ${dependencyThreshold}.`
       );
     }
-    const duplicateWarnings = [];
+    const duplicateRows = [];
     for (const [packageName, currentVersionSet] of currentDeps) {
       if (currentVersionSet.size > duplicateThreshold) {
         const versions = Array.from(currentVersionSet).sort();
-        duplicateWarnings.push(
-          `\u{1F4E6} **${packageName}**: ${currentVersionSet.size} versions (${versions.join(", ")})`
+        duplicateRows.push(
+          `| ${packageName} | ${currentVersionSet.size} versions | ${versions.join(", ")} |`
         );
       }
     }
-    if (duplicateWarnings.length > 0) {
+    if (duplicateRows.length > 0) {
       const exampleCommand = getLsCommand(lockfilePath, "example-package");
       const helpMessage = exampleCommand ? `
 
@@ -24492,7 +24492,9 @@ This PR adds ${depIncrease} new dependencies (${baseDepCount} \u2192 ${currentDe
       messages.push(
         `## \u26A0\uFE0F Duplicate Dependencies (threshold: ${duplicateThreshold})
 
-${duplicateWarnings.join("\n")}${helpMessage}`
+| Package | Version Count | Versions |
+| --- | --- | --- |
+${duplicateRows.join("\n")}${helpMessage}`
       );
     }
     const newVersions = [];
@@ -24520,7 +24522,7 @@ ${duplicateWarnings.join("\n")}${helpMessage}`
 This PR adds ${formatBytes(sizeData.totalSize)} of new dependencies, which exceeds the threshold of ${formatBytes(sizeThreshold)}.
 
 | Package | Size |
-|---------|------|
+| --- | --- |
 ${packageRows}`
           );
         }
@@ -24528,7 +24530,7 @@ ${packageRows}`
         core4.info(`Failed to calculate total dependency size increase: ${err}`);
       }
     }
-    const provenanceWarnings = [];
+    const provenanceRows = [];
     for (const [packageName, currentVersionSet] of currentDeps) {
       const baseVersionSet = baseDeps.get(packageName);
       if (!baseVersionSet || baseVersionSet.size === 0) {
@@ -24552,24 +24554,24 @@ ${packageRows}`
         const minBaseTrust = getMinTrustLevel(baseProvenances.values());
         const minCurrentTrust = getMinTrustLevel(currentProvenances.values());
         if (minCurrentTrust.level < minBaseTrust.level) {
-          provenanceWarnings.push(
-            `\u{1F512} **${packageName}**: trust level decreased (${minBaseTrust.status} \u2192 ${minCurrentTrust.status})`
+          provenanceRows.push(
+            `| ${packageName} | ${minBaseTrust.status} | ${minCurrentTrust.status} |`
           );
         }
       } catch (err) {
         core4.info(`Failed to check provenance for ${packageName}: ${err}`);
       }
     }
-    if (provenanceWarnings.length > 0) {
+    if (provenanceRows.length > 0) {
       messages.push(
         `## \u26A0\uFE0F Package Trust Level Decreased
 
 > [!CAUTION]
 > Decreased trust levels may indicate a higher risk of supply chain attacks. Please review these changes carefully.
 
-These packages have decreased trust levels:
-
-${provenanceWarnings.join("\n")}`
+| Package | Before | After |
+| --- | --- | --- |
+${provenanceRows.join("\n")}`
       );
     }
     const basePackagesPattern = core4.getInput("base-packages");
@@ -24606,7 +24608,7 @@ ${provenanceWarnings.join("\n")}`
 These packages exceed the size increase threshold of ${formatBytes(packSizeThreshold)}:
 
 | Package | Base Size | Source Size | Size Change |
-|---------|-----------|-------------|-------------|
+| --- | --- | --- | --- |
 ${packRows}`
             );
           }
diff --git a/src/main.ts b/src/main.ts
index 34c6001..ea7ef4a 100644
--- a/src/main.ts
+++ b/src/main.ts
@@ -131,17 +131,17 @@ This PR adds ${depIncrease} new dependencies (${baseDepCount} → ${currentDepCo
       );
     }
 
-    const duplicateWarnings: string[] = [];
+    const duplicateRows: string[] = [];
     for (const [packageName, currentVersionSet] of currentDeps) {
       if (currentVersionSet.size > duplicateThreshold) {
         const versions = Array.from(currentVersionSet).sort();
-        duplicateWarnings.push(
-          `📦 **${packageName}**: ${currentVersionSet.size} versions (${versions.join(', ')})`
+        duplicateRows.push(
+          `| ${packageName} | ${currentVersionSet.size} versions | ${versions.join(', ')} |`
         );
       }
     }
 
-    if (duplicateWarnings.length > 0) {
+    if (duplicateRows.length > 0) {
       const exampleCommand = getLsCommand(lockfilePath, 'example-package');
       const helpMessage = exampleCommand
         ? `\n\n💡 To find out what depends on a specific package, run: \`${exampleCommand}\``
@@ -149,7 +149,9 @@ This PR adds ${depIncrease} new dependencies (${baseDepCount} → ${currentDepCo
       messages.push(
         `## ⚠️ Duplicate Dependencies (threshold: ${duplicateThreshold})
 
-${duplicateWarnings.join('\n')}${helpMessage}`
+| Package | Version Count | Versions |
+| --- | --- | --- |
+${duplicateRows.join('\n')}${helpMessage}`
       );
     }
 
@@ -191,7 +193,8 @@ ${duplicateWarnings.join('\n')}${helpMessage}`
 
 This PR adds ${formatBytes(sizeData.totalSize)} of new dependencies, which exceeds the threshold of ${formatBytes(sizeThreshold)}.
 
-| Package | Size |\n|---------|------|
+| Package | Size |
+| --- | --- |
 ${packageRows}`
           );
         }
@@ -200,7 +203,7 @@ ${packageRows}`
       }
     }
 
-    const provenanceWarnings: string[] = [];
+    const provenanceRows: string[] = [];
 
     for (const [packageName, currentVersionSet] of currentDeps) {
       const baseVersionSet = baseDeps.get(packageName);
@@ -231,8 +234,8 @@ ${packageRows}`
         const minCurrentTrust = getMinTrustLevel(currentProvenances.values());
 
         if (minCurrentTrust.level < minBaseTrust.level) {
-          provenanceWarnings.push(
-            `🔒 **${packageName}**: trust level decreased (${minBaseTrust.status} → ${minCurrentTrust.status})`
+          provenanceRows.push(
+            `| ${packageName} | ${minBaseTrust.status} | ${minCurrentTrust.status} |`
           );
         }
       } catch (err) {
@@ -240,16 +243,16 @@ ${packageRows}`
       }
     }
 
-    if (provenanceWarnings.length > 0) {
+    if (provenanceRows.length > 0) {
       messages.push(
         `## ⚠️ Package Trust Level Decreased
 
 > [!CAUTION]
 > Decreased trust levels may indicate a higher risk of supply chain attacks. Please review these changes carefully.
 
-These packages have decreased trust levels:
-
-${provenanceWarnings.join('\n')}`
+| Package | Before | After |
+| --- | --- | --- |
+${provenanceRows.join('\n')}`
       );
     }
 
@@ -299,7 +302,8 @@ ${provenanceWarnings.join('\n')}`
 
 These packages exceed the size increase threshold of ${formatBytes(packSizeThreshold)}:
 
-| Package | Base Size | Source Size | Size Change |\n|---------|-----------|-------------|-------------|
+| Package | Base Size | Source Size | Size Change |
+| --- | --- | --- | --- |
 ${packRows}`
             );
           }

From ac605d46c6d990ec131a20c7b8fa351471791baf Mon Sep 17 00:00:00 2001
From: James Garbutt <43081j@users.noreply.github.com>
Date: Fri, 26 Sep 2025 16:04:33 +0100
Subject: [PATCH 2/2] chore: emojis

---
 main.js     | 8 ++++----
 src/main.ts | 8 ++++----
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/main.js b/main.js
index d40e3f8..a5af07f 100644
--- a/main.js
+++ b/main.js
@@ -24492,7 +24492,7 @@ This PR adds ${depIncrease} new dependencies (${baseDepCount} \u2192 ${currentDe
       messages.push(
         `## \u26A0\uFE0F Duplicate Dependencies (threshold: ${duplicateThreshold})
 
-| Package | Version Count | Versions |
+| \u{1F4E6} Package | \u{1F522} Version Count | \u{1F4CB} Versions |
 | --- | --- | --- |
 ${duplicateRows.join("\n")}${helpMessage}`
       );
@@ -24521,7 +24521,7 @@ ${duplicateRows.join("\n")}${helpMessage}`
 
 This PR adds ${formatBytes(sizeData.totalSize)} of new dependencies, which exceeds the threshold of ${formatBytes(sizeThreshold)}.
 
-| Package | Size |
+| \u{1F4E6} Package | \u{1F4CF} Size |
 | --- | --- |
 ${packageRows}`
           );
@@ -24569,7 +24569,7 @@ ${packageRows}`
 > [!CAUTION]
 > Decreased trust levels may indicate a higher risk of supply chain attacks. Please review these changes carefully.
 
-| Package | Before | After |
+| \u{1F4E6} Package | \u{1F512} Before | \u{1F513} After |
 | --- | --- | --- |
 ${provenanceRows.join("\n")}`
       );
@@ -24607,7 +24607,7 @@ ${provenanceRows.join("\n")}`
 
 These packages exceed the size increase threshold of ${formatBytes(packSizeThreshold)}:
 
-| Package | Base Size | Source Size | Size Change |
+| \u{1F4E6} Package | \u{1F4CF} Base Size | \u{1F4CF} Source Size | \u{1F4C8} Size Change |
 | --- | --- | --- | --- |
 ${packRows}`
             );
diff --git a/src/main.ts b/src/main.ts
index ea7ef4a..28ae956 100644
--- a/src/main.ts
+++ b/src/main.ts
@@ -149,7 +149,7 @@ This PR adds ${depIncrease} new dependencies (${baseDepCount} → ${currentDepCo
       messages.push(
         `## ⚠️ Duplicate Dependencies (threshold: ${duplicateThreshold})
 
-| Package | Version Count | Versions |
+| 📦 Package | 🔢 Version Count | 📋 Versions |
 | --- | --- | --- |
 ${duplicateRows.join('\n')}${helpMessage}`
       );
@@ -193,7 +193,7 @@ ${duplicateRows.join('\n')}${helpMessage}`
 
 This PR adds ${formatBytes(sizeData.totalSize)} of new dependencies, which exceeds the threshold of ${formatBytes(sizeThreshold)}.
 
-| Package | Size |
+| 📦 Package | 📏 Size |
 | --- | --- |
 ${packageRows}`
           );
@@ -250,7 +250,7 @@ ${packageRows}`
 > [!CAUTION]
 > Decreased trust levels may indicate a higher risk of supply chain attacks. Please review these changes carefully.
 
-| Package | Before | After |
+| 📦 Package | 🔒 Before | 🔓 After |
 | --- | --- | --- |
 ${provenanceRows.join('\n')}`
       );
@@ -302,7 +302,7 @@ ${provenanceRows.join('\n')}`
 
 These packages exceed the size increase threshold of ${formatBytes(packSizeThreshold)}:
 
-| Package | Base Size | Source Size | Size Change |
+| 📦 Package | 📏 Base Size | 📏 Source Size | 📈 Size Change |
 | --- | --- | --- | --- |
 ${packRows}`
             );