gemxray 0.1.0

data/lib/gemxray/gemfile_source_parser.rb

@@ -0,0 +1,151 @@
+# frozen_string_literal: true
+
+require "ripper"
+
+module GemXray
+  class GemfileSourceParser
+    Metadata = Struct.new(
+      :name,
+      :version,
+      :groups,
+      :options,
+      :line_number,
+      :end_line,
+      :source_line,
+      :statement,
+      keyword_init: true
+    )
+
+    def initialize(gemfile_path)
+      @gemfile_path = gemfile_path
+    end
+
+    def parse
+      lines = File.readlines(gemfile_path, chomp: false)
+      entries = []
+      block_stack = []
+      index = 0
+
+      while index < lines.length
+        stripped = lines[index].strip
+
+        if group_block_start?(stripped)
+          block_stack << { type: :group, groups: parse_group_names(stripped) }
+          index += 1
+          next
+        end
+
+        if generic_block_start?(stripped)
+          block_stack << { type: :block, groups: [] }
+          index += 1
+          next
+        end
+
+        if stripped == "end"
+          block_stack.pop
+          index += 1
+          next
+        end
+
+        unless gem_statement_start?(lines[index])
+          index += 1
+          next
+        end
+
+        start_index = index
+        statement_lines = [lines[index]]
+        until syntax_complete?(statement_lines.join)
+          index += 1
+          break if index >= lines.length
+
+          statement_lines << lines[index]
+        end
+
+        metadata = parse_statement(statement_lines.join, start_index + 1, current_groups(block_stack))
+        entries << metadata if metadata
+        index += 1
+      end
+
+      entries
+    end
+
+    private
+
+    attr_reader :gemfile_path
+
+    def gem_statement_start?(line)
+      stripped = line.lstrip
+      return false if stripped.start_with?("#")
+
+      stripped.match?(/\Agem(?:\s|\()/)
+    end
+
+    def syntax_complete?(statement)
+      !Ripper.sexp("begin\n#{statement}\nend\n").nil?
+    end
+
+    def parse_statement(statement, start_line, groups)
+      recorder = GemInvocationRecorder.new
+      recorder.instance_eval(statement, gemfile_path, start_line)
+      invocation = recorder.invocation
+      return nil unless invocation
+
+      Metadata.new(
+        name: invocation.fetch(:name),
+        version: invocation[:version],
+        groups: groups,
+        options: invocation[:options],
+        line_number: start_line,
+        end_line: start_line + statement.lines.size - 1,
+        source_line: statement.lines.first&.chomp,
+        statement: statement
+      )
+    rescue StandardError
+      nil
+    end
+
+    class GemInvocationRecorder
+      attr_reader :invocation
+
+      def gem(name, *args)
+        options = args.last.is_a?(Hash) ? args.pop.dup : {}
+        @invocation = {
+          name: name.to_s,
+          version: args.find { |value| value.is_a?(String) || value.is_a?(Gem::Requirement) }&.to_s,
+          options: symbolize_keys(options)
+        }
+      end
+
+      private
+
+      def symbolize_keys(hash)
+        hash.each_with_object({}) do |(key, value), result|
+          result[key.to_sym] = value
+        end
+      end
+    end
+
+    def group_block_start?(line)
+      line.match?(/\Agroup\s+.+\s+do\s*\z/)
+    end
+
+    def generic_block_start?(line)
+      return false if line.start_with?("#")
+      return false if group_block_start?(line)
+
+      line.match?(/\bdo\b\s*(\|.*\|)?\s*\z/)
+    end
+
+    def parse_group_names(line)
+      line
+        .sub(/\Agroup\s+/, "")
+        .sub(/\s+do\s*\z/, "")
+        .split(",")
+        .map { |item| item.strip.delete_prefix(":").delete_prefix('"').delete_suffix('"').delete_prefix("'").delete_suffix("'").to_sym }
+    end
+
+    def current_groups(block_stack)
+      block_stack.flat_map { |entry| entry[:groups] }.uniq
+    end
+  end
+end

data/lib/gemxray/rails_knowledge.rb

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+
+require "yaml"
+
+module GemXray
+  class RailsKnowledge
+    Change = Struct.new(:gem_name, :since, :reason, :source, keyword_init: true)
+
+    def initialize(data_path: File.join(GemXray.root, "data", "rails_changes.yml"))
+      @data_path = data_path
+    end
+
+    def changes_for(rails_version)
+      return [] unless rails_version
+
+      data.fetch("versions", {}).each_with_object([]) do |(since, payload), changes|
+        next if Gem::Version.new(rails_version) < Gem::Version.new(since)
+
+        Array(payload["removals"]).each do |item|
+          changes << Change.new(
+            gem_name: item.fetch("gem"),
+            since: since,
+            reason: item.fetch("reason"),
+            source: item["source"]
+          )
+        end
+      end
+    rescue ArgumentError
+      []
+    end
+
+    def find_removal(gem_name, rails_version)
+      changes_for(rails_version).reverse.find { |change| change.gem_name == gem_name }
+    end
+
+    private
+
+    def data
+      @data ||= YAML.safe_load(File.read(@data_path))
+    end
+  end
+end

data/lib/gemxray/report.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+module GemXray
+  class Report
+    attr_reader :version, :ruby_version, :rails_version, :scanned_at, :results
+
+    def initialize(version:, ruby_version:, rails_version:, scanned_at:, results:)
+      @version = version
+      @ruby_version = ruby_version
+      @rails_version = rails_version
+      @scanned_at = scanned_at
+      @results = results
+    end
+
+    def summary
+      {
+        total: results.length,
+        danger: results.count { |result| result.severity == :danger },
+        warning: results.count { |result| result.severity == :warning },
+        info: results.count { |result| result.severity == :info }
+      }
+    end
+
+    def to_h
+      {
+        version: version,
+        ruby_version: ruby_version,
+        rails_version: rails_version,
+        scanned_at: scanned_at,
+        results: results.map(&:to_h),
+        summary: summary
+      }
+    end
+  end
+end

data/lib/gemxray/result.rb

@@ -0,0 +1,86 @@
+# frozen_string_literal: true
+
+module GemXray
+  class Result
+    SEVERITIES = { danger: 0, warning: 1, info: 2 }.freeze
+
+    Reason = Struct.new(:type, :detail, :severity, keyword_init: true) do
+      def to_h
+        { type: type.to_s, detail: detail }
+      end
+    end
+
+    attr_reader :gem_name, :gemfile_line, :gemfile_end_line, :gemfile_group, :suggestion, :reasons
+    attr_accessor :severity
+
+    def initialize(gem_name:, gemfile_line: nil, gemfile_end_line: nil, gemfile_group: nil, suggestion: nil,
+                   reasons: [], severity: nil)
+      @gem_name = gem_name
+      @gemfile_line = gemfile_line
+      @gemfile_end_line = gemfile_end_line || gemfile_line
+      @gemfile_group = gemfile_group
+      @suggestion = suggestion || "Consider removing this entry from Gemfile"
+      @reasons = reasons.dup
+      @severity = severity || infer_severity
+    end
+
+    def add_reason(type:, detail:, severity:)
+      reasons << Reason.new(type: type.to_sym, detail: detail, severity: severity.to_sym)
+      self.severity = infer_severity
+      self
+    end
+
+    def merge!(other)
+      other.reasons.each do |reason|
+        add_reason(type: reason.type, detail: reason.detail, severity: reason.severity)
+      end
+      self.gemfile_line ||= other.gemfile_line
+      self.gemfile_end_line ||= other.gemfile_end_line
+      self.gemfile_group ||= other.gemfile_group
+      self.suggestion ||= other.suggestion
+      self
+    end
+
+    def severity_order
+      SEVERITIES.fetch(severity)
+    end
+
+    def reason_types
+      reasons.map(&:type).uniq
+    end
+
+    def type_label
+      reason_types.map { |type| type.to_s.tr("_", "-") }.join(" + ")
+    end
+
+    def danger?
+      severity == :danger
+    end
+
+    def info?
+      severity == :info
+    end
+
+    def to_h
+      {
+        gem_name: gem_name,
+        severity: severity.to_s,
+        reasons: reasons.map(&:to_h),
+        gemfile_line: gemfile_line,
+        gemfile_group: gemfile_group,
+        suggestion: suggestion
+      }
+    end
+
+    protected
+
+    attr_writer :gemfile_line, :gemfile_end_line, :gemfile_group, :suggestion
+
+    private
+
+    def infer_severity
+      severities = reasons.map(&:severity)
+      severities.min_by { |value| SEVERITIES.fetch(value) } || :info
+    end
+  end
+end

data/lib/gemxray/scanner.rb

@@ -0,0 +1,74 @@
+# frozen_string_literal: true
+
+module GemXray
+  class Scanner
+    ANALYZERS = {
+      unused: GemXray::Analyzers::UnusedAnalyzer,
+      redundant: GemXray::Analyzers::RedundantAnalyzer,
+      version: GemXray::Analyzers::VersionAnalyzer
+    }.freeze
+
+    def initialize(config)
+      @config = config
+      @gemfile_parser = GemfileParser.new(config.gemfile_path)
+    end
+
+    def run
+      gems = gemfile_parser.parse
+      results = build_analyzers.flat_map { |analyzer| analyzer.analyze(gems) }
+      merged_results = merge_results(results)
+
+      merged_results.each do |result|
+        override = config.override_severity_for(result.gem_name)
+        result.severity = override if override
+      end
+
+      filtered = merged_results.select { |result| config.severity_in_scope?(result.severity) }
+      sorted = filtered.sort_by { |result| [result.severity_order, result.gem_name] }
+
+      Report.new(
+        version: GemXray::VERSION,
+        ruby_version: gemfile_parser.ruby_version,
+        rails_version: gemfile_parser.rails_version(gems),
+        scanned_at: Time.now.iso8601,
+        results: sorted
+      )
+    end
+
+    private
+
+    attr_reader :config, :gemfile_parser
+
+    def build_analyzers
+      selected = config.only || ANALYZERS.keys
+      code_snapshot = CodeScanner.new(config).scan if selected.include?(:unused)
+      dependency_resolver = DependencyResolver.new(gemfile_parser.dependency_tree)
+      stdgems_client = StdgemsClient.new
+      rails_knowledge = RailsKnowledge.new
+      gem_metadata_resolver = GemMetadataResolver.new
+
+      selected.map do |type|
+        ANALYZERS.fetch(type).new(
+          config: config,
+          gemfile_parser: gemfile_parser,
+          code_snapshot: code_snapshot,
+          dependency_resolver: dependency_resolver,
+          stdgems_client: stdgems_client,
+          rails_knowledge: rails_knowledge,
+          gem_metadata_resolver: gem_metadata_resolver
+        )
+      end
+    end
+
+    def merge_results(results)
+      results.each_with_object({}) do |result, merged|
+        merged[result.gem_name] =
+          if merged.key?(result.gem_name)
+            merged[result.gem_name].merge!(result)
+          else
+            result
+          end
+      end.values
+    end
+  end
+end

data/lib/gemxray/stdgems_client.rb

@@ -0,0 +1,175 @@
+# frozen_string_literal: true
+
+require "fileutils"
+require "json"
+require "net/http"
+require "uri"
+
+module GemXray
+  class StdgemsClient
+    CACHE_TTL = 86_400
+    DEFAULT_GEMS_URI = URI("https://stdgems.org/default_gems.json")
+    BUNDLED_GEMS_URI = URI("https://stdgems.org/bundled_gems.json")
+    FALLBACK_DEFAULT_GEMS = {
+      "3.1" => %w[
+        abbrev base64 benchmark bigdecimal cgi csv date delegate did_you_mean
+        digest drb english erb error_highlight fileutils find io-console
+        irb json logger mutex_m net-http net-imap net-pop net-protocol
+        net-smtp observer open-uri open3 openssl optparse ostruct pp prettyprint
+        prime pstore psych rake rdoc readline resolv rexml rss ruby2_keywords
+        securerandom set shell socket stringio strscan tempfile time timeout
+        tmpdir tsort typeprof un uri weakref yaml zlib
+      ],
+      "3.2" => %w[
+        abbrev base64 benchmark bigdecimal cgi csv date delegate did_you_mean
+        digest drb english erb error_highlight fileutils find io-console
+        irb json logger mutex_m net-http net-imap net-pop net-protocol
+        net-smtp observer open-uri open3 openssl optparse ostruct pp prettyprint
+        prime pstore psych rake rdoc readline resolv rexml rss securerandom
+        set shell socket stringio strscan syntax_suggest tempfile time timeout
+        tmpdir tsort un uri weakref yaml zlib
+      ],
+      "3.3" => %w[
+        abbrev base64 benchmark bigdecimal cgi csv date delegate did_you_mean
+        digest drb english erb error_highlight fileutils find io-console
+        irb json logger mutex_m net-http net-imap net-pop net-protocol
+        net-smtp observer open-uri open3 openssl optparse ostruct pp prettyprint
+        prime pstore psych rake rdoc readline resolv rexml rss securerandom
+        set shell socket stringio strscan syntax_suggest tempfile time timeout
+        tmpdir tsort un uri weakref yaml zlib
+      ],
+      "4.0" => Gem::Specification.select { |spec| spec.respond_to?(:default_gem?) && spec.default_gem? }.map(&:name).sort
+    }.freeze
+    FALLBACK_BUNDLED_GEMS = {
+      "3.1" => %w[debug matrix minitest power_assert racc rake rbs rexml test-unit typeprof],
+      "3.2" => %w[debug matrix minitest power_assert racc rake rbs rexml test-unit typeprof],
+      "3.3" => %w[debug matrix minitest power_assert racc rake rbs rexml test-unit typeprof],
+      "4.0" => %w[debug matrix minitest power_assert racc rake rbs rexml test-unit typeprof]
+    }.freeze
+
+    def initialize(cache_dir: File.join(Dir.home, ".gemxray", "cache"))
+      @cache_dir = cache_dir
+    end
+
+    def default_gems_for(version)
+      version_key = normalize_version(version)
+      extracted = extract_gems(payload_for(:default), version_key, collection_keys: %w[default_gems])
+
+      return extracted if extracted && !extracted.empty?
+
+      fallback_default_gems(version_key)
+    end
+
+    def bundled_gems_for(version)
+      version_key = normalize_version(version)
+      extracted = extract_gems(payload_for(:bundled), version_key, collection_keys: %w[bundled_gems default_gems])
+
+      return extracted if extracted && !extracted.empty?
+
+      fallback_bundled_gems(version_key)
+    end
+
+    private
+
+    attr_reader :cache_dir
+
+    def cache_path(kind)
+      File.join(cache_dir, "#{kind}_gems.json")
+    end
+
+    def normalize_version(version)
+      version.to_s[/\d+\.\d+/] || RUBY_VERSION[/\d+\.\d+/]
+    end
+
+    def payload_for(kind)
+      cached_payload(kind) || fetch_and_cache_payload(kind)
+    end
+
+    def cached_payload(kind)
+      return nil unless File.exist?(cache_path(kind))
+      return nil if Time.now - File.mtime(cache_path(kind)) > CACHE_TTL
+
+      JSON.parse(File.read(cache_path(kind)))
+    rescue StandardError
+      nil
+    end
+
+    def fetch_and_cache_payload(kind)
+      response = Net::HTTP.get_response(kind == :bundled ? BUNDLED_GEMS_URI : DEFAULT_GEMS_URI)
+      return nil unless response.is_a?(Net::HTTPSuccess)
+
+      FileUtils.mkdir_p(cache_dir)
+      File.write(cache_path(kind), response.body)
+      JSON.parse(response.body)
+    rescue StandardError
+      nil
+    end
+
+    def extract_gems(payload, version_key, collection_keys:)
+      return nil unless payload
+
+      case payload
+      when Hash
+        extract_from_hash(payload, version_key, collection_keys)
+      when Array
+        extract_from_array(payload, version_key)
+      end
+    end
+
+    def extract_from_hash(payload, version_key, collection_keys)
+      candidates = [payload[version_key]]
+      collection_keys.each do |key|
+        candidates << payload.dig(key, version_key)
+        candidates << payload.dig(version_key, key)
+      end
+      candidates.compact!
+
+      return normalize_payload_list(candidates.first) unless candidates.empty?
+
+      payload.each do |key, value|
+        return normalize_payload_list(value) if key.to_s.start_with?(version_key)
+      end
+
+      nil
+    end
+
+    def extract_from_array(payload, version_key)
+      matched = payload.select do |item|
+        next false unless item.is_a?(Hash)
+
+        item_version = item["ruby_version"] || item["version"]
+        item_version.to_s.start_with?(version_key)
+      end
+
+      names = matched.filter_map { |item| item["name"] || item["gem"] }.uniq
+      names.empty? ? nil : names.sort
+    end
+
+    def normalize_payload_list(value)
+      case value
+      when Array
+        value.map do |item|
+          item.is_a?(Hash) ? (item["name"] || item["gem"]) : item
+        end.compact.map(&:to_s).sort
+      when Hash
+        value.keys.map(&:to_s).sort
+      end
+    end
+
+    def fallback_default_gems(version_key)
+      exact = FALLBACK_DEFAULT_GEMS[version_key]
+      return exact if exact
+
+      major_minor = FALLBACK_DEFAULT_GEMS.keys.sort.reverse.find { |key| key <= version_key }
+      FALLBACK_DEFAULT_GEMS[major_minor] || []
+    end
+
+    def fallback_bundled_gems(version_key)
+      exact = FALLBACK_BUNDLED_GEMS[version_key]
+      return exact if exact
+
+      major_minor = FALLBACK_BUNDLED_GEMS.keys.sort.reverse.find { |key| key <= version_key }
+      FALLBACK_BUNDLED_GEMS[major_minor] || []
+    end
+  end
+end

data/lib/gemxray/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module GemXray
+  VERSION = "0.1.0"
+end

data/lib/gemxray.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+require "time"
+
+require_relative "gemxray/version"
+require_relative "gemxray/gem_entry"
+require_relative "gemxray/config"
+require_relative "gemxray/result"
+require_relative "gemxray/report"
+require_relative "gemxray/gemfile_source_parser"
+require_relative "gemxray/gemfile_parser"
+require_relative "gemxray/dependency_resolver"
+require_relative "gemxray/code_scanner"
+require_relative "gemxray/gem_metadata_resolver"
+require_relative "gemxray/stdgems_client"
+require_relative "gemxray/rails_knowledge"
+require_relative "gemxray/analyzers/base"
+require_relative "gemxray/analyzers/unused_analyzer"
+require_relative "gemxray/analyzers/redundant_analyzer"
+require_relative "gemxray/analyzers/version_analyzer"
+require_relative "gemxray/scanner"
+require_relative "gemxray/formatters/terminal"
+require_relative "gemxray/formatters/json"
+require_relative "gemxray/formatters/yaml"
+require_relative "gemxray/editors/gemfile_editor"
+require_relative "gemxray/editors/github_api_client"
+require_relative "gemxray/editors/github_pr"
+require_relative "gemxray/cli"
+
+module GemXray
+  class Error < StandardError; end
+
+  def self.root
+    File.expand_path("..", __dir__)
+  end
+end

metadata

@@ -0,0 +1,76 @@
+--- !ruby/object:Gem::Specification
+name: gemxray
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Yudai Takada
+bindir: exe
+cert_chain: []
+date: 1980-01-02 00:00:00.000000000 Z
+dependencies: []
+description: gemxray scans Gemfile, code references, and Gemfile.lock to find unused,
+  redundant, or version-redundant gems.
+email:
+- t.yudai92@gmail.com
+executables:
+- gemxray
+extensions: []
+extra_rdoc_files: []
+files:
+- CHANGELOG.md
+- LICENSE.txt
+- README.md
+- Rakefile
+- data/rails_changes.yml
+- exe/gemxray
+- lib/gemxray.rb
+- lib/gemxray/analyzers/base.rb
+- lib/gemxray/analyzers/redundant_analyzer.rb
+- lib/gemxray/analyzers/unused_analyzer.rb
+- lib/gemxray/analyzers/version_analyzer.rb
+- lib/gemxray/cli.rb
+- lib/gemxray/code_scanner.rb
+- lib/gemxray/config.rb
+- lib/gemxray/dependency_resolver.rb
+- lib/gemxray/editors/gemfile_editor.rb
+- lib/gemxray/editors/github_api_client.rb
+- lib/gemxray/editors/github_pr.rb
+- lib/gemxray/formatters/json.rb
+- lib/gemxray/formatters/terminal.rb
+- lib/gemxray/formatters/yaml.rb
+- lib/gemxray/gem_entry.rb
+- lib/gemxray/gem_metadata_resolver.rb
+- lib/gemxray/gemfile_parser.rb
+- lib/gemxray/gemfile_source_parser.rb
+- lib/gemxray/rails_knowledge.rb
+- lib/gemxray/report.rb
+- lib/gemxray/result.rb
+- lib/gemxray/scanner.rb
+- lib/gemxray/stdgems_client.rb
+- lib/gemxray/version.rb
+homepage: https://github.com/ydah/gemxray
+licenses:
+- MIT
+metadata:
+  allowed_push_host: https://rubygems.org
+  homepage_uri: https://github.com/ydah/gemxray
+  source_code_uri: https://github.com/ydah/gemxray
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 3.1.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 4.0.6
+specification_version: 4
+summary: CLI to detect removable gems in a Gemfile.
+test_files: []