dependency-timeline-audit 0.0.0 → 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 2e4a44a4760b883532f6bf9640b0df6f791e8a8518e8747e3078b0d17a39f540
4
- data.tar.gz: c2656213c2c3e337f3ad974a2488815a1c61040d62f84072d74b4f1cfbe427eb
3
+ metadata.gz: 3b9e17ee55c32c28cf3b8217bbf7ddab45ceafbc611046361ab649b5ede37d42
4
+ data.tar.gz: 0a9e935a6e14de9350d1cf9036774da6d5a0e2a8d71967c3d57f581ab3c22bf1
5
5
  SHA512:
6
- metadata.gz: a8b74f3e417d9460bebbaa784253b8579e3074c10e5910ff3642b25e49745f068c2b557079c0f3b9b74545a9d825fdaddd58b4bafaaef838ddf2a9f5bf213ba8
7
- data.tar.gz: 0e56d272cbc09eddd6cb043fa5659f265538e1f61f8ee7708ac1e237b5417f071a1ce7387e77e48517c298be10d5865e2797de7e78a6d569b1cd56e2ca8b3794
6
+ metadata.gz: fe745f2316cd6df1ec6022898fd5a6ccb45baf22bfe1f088430a330bd40f58e73b5656515b150ebec40c12423cf829b18b3a9ef8181eec0ddbc592fa9b161f3d
7
+ data.tar.gz: f2e7b8e9524a8e9caac06d708e25bdc07c3d90a625a45be93bd0c79d8d3c5446614814a53247c7da6b63628dd7fbc9296033e7753120999b50fdb866c1933839
@@ -0,0 +1,5 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ require 'dependency-timeline-audit'
4
+
5
+ DependencyTimelineAudit::Check.check
@@ -0,0 +1,93 @@
1
+ require 'date'
2
+ require 'active_support/all'
3
+
4
+ module DependencyTimelineAudit
5
+ class Check
6
+ # TODO: activesupport is kinda hefty for just grabbing 1.year.ago, remove
7
+ def self.outdated_threshold
8
+ 1.year.ago
9
+ end
10
+
11
+ def self.check(lockfile = 'Gemfile.lock')
12
+ outdated_versions = []
13
+ locked_gems.each do |gem|
14
+ lock_released_at = GemInfo.version_created_at(gem[:name], gem[:locked_version])
15
+ latest_version = GemInfo.latest_version(gem[:name])
16
+ outdated_versions.push(gem[:name]) if gem_outdated?(lock_released_at)
17
+ print_info(gem, lock_released_at, latest_version)
18
+ end
19
+
20
+ if outdated_versions.any?
21
+ set_text_color_red
22
+ puts "\nOutdated gems detected!"
23
+ puts " - #{outdated_versions.join(', ')}"
24
+
25
+ exit(1) # Failure
26
+ else
27
+ reset_text_style
28
+ puts "\nAll gems are within the accepted threshold!"
29
+
30
+ exit(0) # Success
31
+ end
32
+ end
33
+
34
+ private
35
+
36
+ def self.gem_outdated?(released_at)
37
+ released_at <= outdated_threshold
38
+ end
39
+
40
+ def self.print_info(gem, lock_released_at, latest_version)
41
+ puts "Gem: \e[1m#{gem[:name]}\e[0m"
42
+ set_text_color(lock_released_at, gem[:locked_version] == latest_version[:version])
43
+ puts " - Locked to: #{gem[:locked_version]} (Released: #{format_date(lock_released_at)})"
44
+ set_text_color(latest_version[:created_at])
45
+ puts " - Latest: #{latest_version[:version]} (Released: #{format_date(latest_version[:created_at])})"
46
+ reset_text_style
47
+ end
48
+
49
+ def self.set_text_color(released_at, using_latest = true)
50
+ if gem_outdated?(released_at)
51
+ set_text_color_red
52
+ else
53
+ if using_latest
54
+ set_text_color_green
55
+ else
56
+ set_text_color_yellow
57
+ end
58
+ end
59
+ end
60
+
61
+ def self.set_text_bold
62
+ print "\e[1m"
63
+ end
64
+
65
+ def self.set_text_color_red
66
+ print "\e[31m"
67
+ end
68
+
69
+ def self.set_text_color_green
70
+ print "\e[32m"
71
+ end
72
+
73
+ def self.set_text_color_yellow
74
+ print "\e[33m"
75
+ end
76
+
77
+ def self.reset_text_style
78
+ print "\e[0m"
79
+ end
80
+
81
+ def self.locked_gems
82
+ lockfile = Bundler::LockfileParser.new(File.read('Gemfile.lock'))
83
+ lockfile.specs.map do |gem|
84
+ { name: gem.name, locked_version: gem.version.to_s }
85
+ end
86
+ end
87
+
88
+ def self.format_date(date_string)
89
+ date = Date.parse(date_string)
90
+ date.strftime("%Y-%m-%d")
91
+ end
92
+ end
93
+ end
@@ -0,0 +1,41 @@
1
+ require 'net/http'
2
+ require 'json'
3
+
4
+ module DependencyTimelineAudit
5
+ # Define a class for interacting with the RubyGems API
6
+ class GemInfo
7
+ API_URL = 'https://rubygems.org/api/v1/versions/'
8
+ @@gem_cache = {}
9
+
10
+ # Method to fetch the gem data and cache it
11
+ def self.fetch_gem_data(gem_name)
12
+ # Check if gem info is already cached
13
+ unless @@gem_cache[gem_name]
14
+ url = URI("#{API_URL}#{gem_name}.json")
15
+ response = Net::HTTP.get(url)
16
+ @@gem_cache[gem_name] = JSON.parse(response)
17
+ end
18
+
19
+ # Return cached gem info
20
+ @@gem_cache[gem_name]
21
+ end
22
+
23
+ # Method to fetch the latest version and its created_at timestamp
24
+ def self.latest_version(gem_name)
25
+ versions = fetch_gem_data(gem_name)
26
+ latest = versions.first # The first entry is the latest version
27
+ version_number = latest['number']
28
+ created_at = latest['created_at']
29
+ { version: version_number, created_at: created_at }
30
+ end
31
+
32
+ # Method to fetch the created_at timestamp for a specific version
33
+ def self.version_created_at(gem_name, version)
34
+ versions = fetch_gem_data(gem_name)
35
+ # Find the version that matches the requested version string
36
+ version_info = versions.find { |v| v['number'] == version }
37
+
38
+ version_info['created_at']
39
+ end
40
+ end
41
+ end
@@ -2,7 +2,7 @@ module DependencyTimelineAudit
2
2
  module VERSION
3
3
  MAJOR = 0
4
4
  MINOR = 0
5
- PATCH = 0
5
+ PATCH = 1
6
6
 
7
7
  STRING = [MAJOR, MINOR, PATCH].join('.')
8
8
  end
@@ -1,4 +1,6 @@
1
1
  module DependencyTimelineAudit
2
+ autoload :Check, 'dependency-timeline-audit/check'
3
+ autoload :GemInfo, 'dependency-timeline-audit/gem_info'
2
4
  autoload :VERSION, 'dependency-timeline-audit/version'
3
5
 
4
6
  def self.gem_version
metadata CHANGED
@@ -1,22 +1,54 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependency-timeline-audit
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.0
4
+ version: 0.0.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Josh Buker
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
11
  date: 2024-09-24 00:00:00.000000000 Z
12
- dependencies: []
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: activesupport
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ">="
18
+ - !ruby/object:Gem::Version
19
+ version: '0'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - ">="
25
+ - !ruby/object:Gem::Version
26
+ version: '0'
27
+ - !ruby/object:Gem::Dependency
28
+ name: bundler
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - ">="
32
+ - !ruby/object:Gem::Version
33
+ version: '0'
34
+ type: :runtime
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - ">="
39
+ - !ruby/object:Gem::Version
40
+ version: '0'
13
41
  description: Provides a way to audit your dependencies based on release timeline.
14
42
  email: crypto@joshbuker.com
15
- executables: []
43
+ executables:
44
+ - dependency-timeline-audit
16
45
  extensions: []
17
46
  extra_rdoc_files: []
18
47
  files:
48
+ - bin/dependency-timeline-audit
19
49
  - lib/dependency-timeline-audit.rb
50
+ - lib/dependency-timeline-audit/check.rb
51
+ - lib/dependency-timeline-audit/gem_info.rb
20
52
  - lib/dependency-timeline-audit/version.rb
21
53
  homepage: https://github.com/CloudSecurityAlliance/Dependency-Timeline-Audit
22
54
  licenses:
@@ -24,7 +56,7 @@ licenses:
24
56
  metadata:
25
57
  bug_tracker_uri: https://github.com/CloudSecurityAlliance/Dependency-Timeline-Audit/issues
26
58
  rubygems_mfa_required: 'true'
27
- post_install_message:
59
+ post_install_message:
28
60
  rdoc_options: []
29
61
  require_paths:
30
62
  - lib
@@ -39,8 +71,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
39
71
  - !ruby/object:Gem::Version
40
72
  version: '0'
41
73
  requirements: []
42
- rubygems_version: 3.5.11
43
- signing_key:
74
+ rubygems_version: 3.3.5
75
+ signing_key:
44
76
  specification_version: 4
45
77
  summary: Dependency Timeline Audit Ruby Interface
46
78
  test_files: []