bundler-integrity 1.0.1 → 1.0.4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/bin/bundler-integrity +7 -1
  3. metadata +5 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 56043f72f95a5cb20c2a59e7e474a8d13dd535291468a87afc7ee4bdde800d12
4
- data.tar.gz: 65aae4ede8e596a4f0d41ee0d4e94a64102e83cd2748d40ee7c464969c811b1b
3
+ metadata.gz: 0caecea308edf5906a927983e7e771331a0c75f14c8ffe84dcb916b63b5aa041
4
+ data.tar.gz: e6ace90d311cfff228e49c78b42184b88fb70345cd1a90a8d63cc08e903b66ef
5
5
  SHA512:
6
- metadata.gz: c072ac10c9ea9179e6d6829446d29e6c8413a3f4d632d36c859065da3a16bdcbec521358fa25cc66d8f36659e22d58a11cdd47ca1f7c9bdf8f7e6d1a290f62d6
7
- data.tar.gz: af4ff12cc1b7d1fc9ec184c699c658afa6463bdfdf67848c22dc125f5fc91ba159d04302dc8ac3c71b722817011374aedb177cf65589daa68a07ff994334fa89
6
+ metadata.gz: ea3e4892a86d6348f411c9e0265e8f42d72735f0b250d6b988410c326d4f96f7d4d6beb54b5a122cfe725d35499c2c8003fe6f08ca6c9ea2aac0e401c7eaafa9
7
+ data.tar.gz: 1217c607fcef3ff45d64aed80e1e49821d73354d36203b7008a7c92e08c574dbb291628f55ba89e7f34e176d13ed0515a321bed97a6ce86a8eb928c19963888c
data/bin/bundler-integrity CHANGED
@@ -25,6 +25,9 @@ deps = ::Bundler::Definition
25
25
 
26
26
 
27
27
  deps.specs.each do |spec|
28
+ # Ignore git based, etc
29
+ next unless spec.source.is_a?(Bundler::Source::Rubygems)
30
+
28
31
  intel_path = "api/v1/versions/#{spec.name}.json"
29
32
 
30
33
  full_name = if spec.platform.to_s == 'ruby'
@@ -35,7 +38,10 @@ deps.specs.each do |spec|
35
38
 
36
39
  details = URI.parse("https://rubygems.org/#{intel_path}").read
37
40
 
38
- raise 'Invalid RubyGems API response' if details.empty?
41
+ if details.empty?
42
+ puts "\033[0;33m[WARN]\033[0m #{full_name} was not found in RubyGems. Maybe external source?"
43
+ next
44
+ end
39
45
 
40
46
  version = JSON.parse(details).find do |version|
41
47
  version.fetch('number') == spec.version.to_s &&
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: bundler-integrity
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.1
4
+ version: 1.0.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Maciej Mensfeld
@@ -10,7 +10,9 @@ bindir: bin
10
10
  cert_chain: []
11
11
  date: 2022-05-11 00:00:00.000000000 Z
12
12
  dependencies: []
13
- description: Gem to verify integrity of packages installed via Bundler
13
+ description: "Gem to verify integrity of packages installed via Bundler.\n\n It allows
14
+ to detect packages that were tampered with or replaced via cache poison or replaced.\n\n
15
+ \ Add it to your Gemfile and run bundle exec bundler-integrity.\n\n "
14
16
  email:
15
17
  - maciej@mensfeld.pl
16
18
  executables:
@@ -23,7 +25,7 @@ homepage: https://whitesourcesoftware.com
23
25
  licenses:
24
26
  - MIT
25
27
  metadata:
26
- source_code_uri: https://github.com/diffend/bundler-integrity
28
+ source_code_uri: https://github.com/diffend-io/bundler-integrity
27
29
  rubygems_mfa_required: 'true'
28
30
  post_install_message:
29
31
  rdoc_options: []