bundler-integrity 1.0.1 → 1.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/bin/bundler-integrity +7 -1
  3. metadata +5 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 56043f72f95a5cb20c2a59e7e474a8d13dd535291468a87afc7ee4bdde800d12
4
- data.tar.gz: 65aae4ede8e596a4f0d41ee0d4e94a64102e83cd2748d40ee7c464969c811b1b
3
+ metadata.gz: 0caecea308edf5906a927983e7e771331a0c75f14c8ffe84dcb916b63b5aa041
4
+ data.tar.gz: e6ace90d311cfff228e49c78b42184b88fb70345cd1a90a8d63cc08e903b66ef
5
5
  SHA512:
6
- metadata.gz: c072ac10c9ea9179e6d6829446d29e6c8413a3f4d632d36c859065da3a16bdcbec521358fa25cc66d8f36659e22d58a11cdd47ca1f7c9bdf8f7e6d1a290f62d6
7
- data.tar.gz: af4ff12cc1b7d1fc9ec184c699c658afa6463bdfdf67848c22dc125f5fc91ba159d04302dc8ac3c71b722817011374aedb177cf65589daa68a07ff994334fa89
6
+ metadata.gz: ea3e4892a86d6348f411c9e0265e8f42d72735f0b250d6b988410c326d4f96f7d4d6beb54b5a122cfe725d35499c2c8003fe6f08ca6c9ea2aac0e401c7eaafa9
7
+ data.tar.gz: 1217c607fcef3ff45d64aed80e1e49821d73354d36203b7008a7c92e08c574dbb291628f55ba89e7f34e176d13ed0515a321bed97a6ce86a8eb928c19963888c
@@ -25,6 +25,9 @@ deps = ::Bundler::Definition
25
25
 
26
26
 
27
27
  deps.specs.each do |spec|
28
+ # Ignore git based, etc
29
+ next unless spec.source.is_a?(Bundler::Source::Rubygems)
30
+
28
31
  intel_path = "api/v1/versions/#{spec.name}.json"
29
32
 
30
33
  full_name = if spec.platform.to_s == 'ruby'
@@ -35,7 +38,10 @@ deps.specs.each do |spec|
35
38
 
36
39
  details = URI.parse("https://rubygems.org/#{intel_path}").read
37
40
 
38
- raise 'Invalid RubyGems API response' if details.empty?
41
+ if details.empty?
42
+ puts "\033[0;33m[WARN]\033[0m #{full_name} was not found in RubyGems. Maybe external source?"
43
+ next
44
+ end
39
45
 
40
46
  version = JSON.parse(details).find do |version|
41
47
  version.fetch('number') == spec.version.to_s &&
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: bundler-integrity
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.1
4
+ version: 1.0.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Maciej Mensfeld
@@ -10,7 +10,9 @@ bindir: bin
10
10
  cert_chain: []
11
11
  date: 2022-05-11 00:00:00.000000000 Z
12
12
  dependencies: []
13
- description: Gem to verify integrity of packages installed via Bundler
13
+ description: "Gem to verify integrity of packages installed via Bundler.\n\n It allows
14
+ to detect packages that were tampered with or replaced via cache poison or replaced.\n\n
15
+ \ Add it to your Gemfile and run bundle exec bundler-integrity.\n\n "
14
16
  email:
15
17
  - maciej@mensfeld.pl
16
18
  executables:
@@ -23,7 +25,7 @@ homepage: https://whitesourcesoftware.com
23
25
  licenses:
24
26
  - MIT
25
27
  metadata:
26
- source_code_uri: https://github.com/diffend/bundler-integrity
28
+ source_code_uri: https://github.com/diffend-io/bundler-integrity
27
29
  rubygems_mfa_required: 'true'
28
30
  post_install_message:
29
31
  rdoc_options: []