feat: account for removed packages in install size

build/main.js

@@ -24237,7 +24237,7 @@ async function fetchPackageMetadata(packageName, version) {
   metaCache.set(cacheKey, result);
   return result;
 }
-async function calculateTotalDependencySizeIncrease(newVersions) {
+async function calculateTotalDependencySizeIncrease(newVersions, removedVersions) {
   let totalSize = 0;
   const processedPackages = /* @__PURE__ */ new Set();
   const packageSizes = /* @__PURE__ */ new Map();
@@ -24259,6 +24259,26 @@ async function calculateTotalDependencySizeIncrease(newVersions) {
       return null;
     }
   }
+  for (const dep of removedVersions) {
+    const packageKey = `${dep.name}@${dep.version}`;
+    if (processedPackages.has(packageKey)) {
+      continue;
+    }
+    try {
+      const metadata = await fetchPackageMetadata(dep.name, dep.version);
+      if (!metadata || metadata.dist?.unpackedSize === void 0) {
+        return null;
+      }
+      totalSize -= metadata.dist.unpackedSize;
+      packageSizes.set(packageKey, -metadata.dist.unpackedSize);
+      processedPackages.add(packageKey);
+      core2.info(
+        `Subtracted ${metadata.dist.unpackedSize} bytes for ${packageKey}`
+      );
+    } catch {
+      return null;
+    }
+  }
   return { totalSize, packageSizes };
 }
 var dependencyTypeMap = {
@@ -24541,19 +24561,54 @@ var core5 = __toESM(require_core(), 1);
 // src/common.ts
 function formatBytes(bytes) {
   if (bytes === 0) return "0 B";
+  const absBytes = Math.abs(bytes);
   const k = 1e3;
   const sizes = ["B", "kB", "MB", "GB"];
-  const i = Math.floor(Math.log(bytes) / Math.log(k));
-  return `${parseFloat((bytes / Math.pow(k, i)).toFixed(1))} ${sizes[i]}`;
+  const i = Math.floor(Math.log(absBytes) / Math.log(k));
+  const byteValue = parseFloat((absBytes / Math.pow(k, i)).toFixed(1));
+  return `${bytes < 0 ? -byteValue : byteValue} ${sizes[i]}`;
 }
 
 // src/checks/dependency-size.ts
-async function scanForDependencySize(messages, threshold, newVersions) {
-  if (newVersions.length === 0) {
+async function scanForDependencySize(messages, threshold, currentDeps, baseDeps) {
+  const newVersions = [];
+  const removedVersions = [];
+  for (const [packageName, currentVersionSet] of currentDeps) {
+    const baseVersionSet = baseDeps.get(packageName);
+    for (const version of currentVersionSet) {
+      if (!baseVersionSet || !baseVersionSet.has(version)) {
+        newVersions.push({
+          name: packageName,
+          version,
+          isNewPackage: !baseVersionSet
+        });
+      }
+    }
+  }
+  for (const [packageName, baseVersionSet] of baseDeps) {
+    const currentVersionSet = currentDeps.get(packageName);
+    for (const version of baseVersionSet) {
+      if (!currentVersionSet || !currentVersionSet.has(version)) {
+        removedVersions.push({
+          name: packageName,
+          version
+        });
+      }
+    }
+  }
+  core5.info(`Found ${newVersions.length} new package versions`);
+  core5.info(`Found ${removedVersions.length} removed package versions.`);
+  if (newVersions.length === 0 && removedVersions.length === 0) {
     return;
   }
   try {
-    const sizeData = await calculateTotalDependencySizeIncrease(newVersions);
+    const sizeData = await calculateTotalDependencySizeIncrease(
+      newVersions,
+      removedVersions
+    );
+    core5.info(
+      `Total dependency size increase: ${sizeData ? formatBytes(sizeData.totalSize) : "unknown"}`
+    );
     if (sizeData !== null && sizeData.totalSize >= threshold) {
       const packageRows = Array.from(sizeData.packageSizes.entries()).sort(([, a], [, b]) => b - a).map(([pkg, size]) => `| ${pkg} | ${formatBytes(size)} |`).join("\n");
       messages.push(
@@ -24728,21 +24783,7 @@ async function run() {
       baseDeps
     );
     scanForDuplicates(messages, duplicateThreshold, currentDeps, lockfilePath);
-    const newVersions = [];
-    for (const [packageName, currentVersionSet] of currentDeps) {
-      const baseVersionSet = baseDeps.get(packageName);
-      for (const version of currentVersionSet) {
-        if (!baseVersionSet || !baseVersionSet.has(version)) {
-          newVersions.push({
-            name: packageName,
-            version,
-            isNewPackage: !baseVersionSet
-          });
-        }
-      }
-    }
-    core7.info(`Found ${newVersions.length} new package versions`);
-    await scanForDependencySize(messages, sizeThreshold, newVersions);
+    await scanForDependencySize(messages, sizeThreshold, currentDeps, baseDeps);
     await scanForProvenance(messages, currentDeps, baseDeps);
     const basePackagesPattern = core7.getInput("base-packages");
     const sourcePackagesPattern = core7.getInput("source-packages");

src/checks/dependency-size.ts

@@ -5,13 +5,64 @@ import {formatBytes} from '../common.js';
 export async function scanForDependencySize(
   messages: string[],
   threshold: number,
-  newVersions: Array<{name: string; version: string}>
+  currentDeps: Map<string, Set<string>>,
+  baseDeps: Map<string, Set<string>>
 ): Promise<void> {
-  if (newVersions.length === 0) {
+  const newVersions: Array<{
+    name: string;
+    version: string;
+    isNewPackage: boolean;
+  }> = [];
+  const removedVersions: Array<{
+    name: string;
+    version: string;
+  }> = [];
+
+  for (const [packageName, currentVersionSet] of currentDeps) {
+    const baseVersionSet = baseDeps.get(packageName);
+
+    for (const version of currentVersionSet) {
+      if (!baseVersionSet || !baseVersionSet.has(version)) {
+        newVersions.push({
+          name: packageName,
+          version: version,
+          isNewPackage: !baseVersionSet
+        });
+      }
+    }
+  }
+
+  for (const [packageName, baseVersionSet] of baseDeps) {
+    const currentVersionSet = currentDeps.get(packageName);
+
+    for (const version of baseVersionSet) {
+      if (!currentVersionSet || !currentVersionSet.has(version)) {
+        removedVersions.push({
+          name: packageName,
+          version: version
+        });
+      }
+    }
+  }
+
+  core.info(`Found ${newVersions.length} new package versions`);
+  core.info(`Found ${removedVersions.length} removed package versions.`);
+
+  if (newVersions.length === 0 && removedVersions.length === 0) {
     return;
   }
+
   try {
-    const sizeData = await calculateTotalDependencySizeIncrease(newVersions);
+    const sizeData = await calculateTotalDependencySizeIncrease(
+      newVersions,
+      removedVersions
+    );
+
+    core.info(
+      `Total dependency size increase: ${
+        sizeData ? formatBytes(sizeData.totalSize) : 'unknown'
+      }`
+    );
 
     if (sizeData !== null && sizeData.totalSize >= threshold) {
       const packageRows = Array.from(sizeData.packageSizes.entries())

src/common.ts

@@ -1,7 +1,9 @@
 export function formatBytes(bytes: number): string {
   if (bytes === 0) return '0 B';
+  const absBytes = Math.abs(bytes);
   const k = 1000;
   const sizes = ['B', 'kB', 'MB', 'GB'];
-  const i = Math.floor(Math.log(bytes) / Math.log(k));
-  return `${parseFloat((bytes / Math.pow(k, i)).toFixed(1))} ${sizes[i]}`;
+  const i = Math.floor(Math.log(absBytes) / Math.log(k));
+  const byteValue = parseFloat((absBytes / Math.pow(k, i)).toFixed(1));
+  return `${bytes < 0 ? -byteValue : byteValue} ${sizes[i]}`;
 }

src/main.ts

@@ -105,29 +105,7 @@ async function run(): Promise<void> {
     );
     scanForDuplicates(messages, duplicateThreshold, currentDeps, lockfilePath);
 
-    const newVersions: Array<{
-      name: string;
-      version: string;
-      isNewPackage: boolean;
-    }> = [];
-
-    for (const [packageName, currentVersionSet] of currentDeps) {
-      const baseVersionSet = baseDeps.get(packageName);
-
-      for (const version of currentVersionSet) {
-        if (!baseVersionSet || !baseVersionSet.has(version)) {
-          newVersions.push({
-            name: packageName,
-            version: version,
-            isNewPackage: !baseVersionSet
-          });
-        }
-      }
-    }
-
-    core.info(`Found ${newVersions.length} new package versions`);
-
-    await scanForDependencySize(messages, sizeThreshold, newVersions);
+    await scanForDependencySize(messages, sizeThreshold, currentDeps, baseDeps);
     await scanForProvenance(messages, currentDeps, baseDeps);
 
     const basePackagesPattern = core.getInput('base-packages');

src/npm.ts

@@ -127,7 +127,8 @@ export async function fetchPackageMetadata(
 }
 
 export async function calculateTotalDependencySizeIncrease(
-  newVersions: Array<{name: string; version: string}>
+  newVersions: Array<{name: string; version: string}>,
+  removedVersions: Array<{name: string; version: string}>
 ): Promise<{totalSize: number; packageSizes: Map<string, number>} | null> {
   let totalSize = 0;
   const processedPackages = new Set<string>();
@@ -157,6 +158,32 @@ export async function calculateTotalDependencySizeIncrease(
     }
   }
 
+  for (const dep of removedVersions) {
+    const packageKey = `${dep.name}@${dep.version}`;
+
+    if (processedPackages.has(packageKey)) {
+      continue;
+    }
+
+    try {
+      const metadata = await fetchPackageMetadata(dep.name, dep.version);
+
+      if (!metadata || metadata.dist?.unpackedSize === undefined) {
+        return null;
+      }
+
+      totalSize -= metadata.dist.unpackedSize;
+      packageSizes.set(packageKey, -metadata.dist.unpackedSize);
+      processedPackages.add(packageKey);
+
+      core.info(
+        `Subtracted ${metadata.dist.unpackedSize} bytes for ${packageKey}`
+      );
+    } catch {
+      return null;
+    }
+  }
+
   return {totalSize, packageSizes};
 }