git-pkgs 0.6.1 → 0.6.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: da979135545dc93ed1b362560e7a5f9659097512603a522e6665bc2268b46466
-  data.tar.gz: 7b1a2838c823ec205761288f9126f0015597e890e7ba768c3e071ecdd14efb4b
+  metadata.gz: ec8cddb19542e0519e69be68a3f0b65424c940718ba3bd5304ed93f457078ec7
+  data.tar.gz: bce2b1006ad63c0f2269d9321948acfa9cde600e8f8e41b3e606768c8f8b6178
 SHA512:
-  metadata.gz: 801260e17dabe686670fbcc10a5c0e760ef5f39df0273029c1f3ab9ef2502f0f7ea78d6a3cfc633fb547f6df604d2d895411c5921c345365d6ea85dd12578403
-  data.tar.gz: 138cdd14d12798c7d1d2ea6c7c7cd920805c008f10ce4057c8f3c9ebf6db7b7191720d88cb228e53786e50b7c077c17c9014c73be037a1582592965ef46889f3
+  metadata.gz: 1488be447b21af773fc7aa6309d8981bb78b45134a755f56bff38f0cac3c92d861f867fb62c70201c1eec9c1f4b40f042a6804f416f64c952bc008678c756831
+  data.tar.gz: 998ca9734325cef27dcd3e09a1c7e68acf212a6974f0bd61adb3257322d92881e1c1cb8995be3935b32253f02a94b15f3e531bc40bf4cd1111933b24cc863275

data/CHANGELOG.md

@@ -1,5 +1,13 @@
 ## [Unreleased]
 
+## [0.6.2] - 2026-01-06
+
+- `--format=json` support for `diff`, `tree`, `stale`, and `why` commands
+- Ignore go.sum (checksums only), treat go.mod as lockfile
+- Update ecosystems-bibliothecary to ~> 15.1
+- `--manifest` filter for `list` command to filter by manifest path
+- Stateless parsing API for forge integration (`Git::Pkgs.parse_file`, `parse_files`, `diff_file`)
+
 ## [0.6.1] - 2026-01-05
 
 - Fix `stats` command crash on most changed dependencies query

data/README.md

@@ -95,6 +95,7 @@ Snapshot Coverage
 git pkgs list
 git pkgs list --commit=abc123
 git pkgs list --ecosystem=rubygems
+git pkgs list --manifest=Gemfile
 ```
 
 Example output:
@@ -416,7 +417,7 @@ git config --add pkgs.ignoredFiles test/fixtures/package.json
 
 ## Performance
 
-Benchmarked on an M1 MacBook Pro analyzing [octobox](https://github.com/octobox/octobox) (5191 commits, 8 years of history): init takes about 18 seconds at roughly 300 commits/sec, producing an 8.3 MB database. About half the commits (2531) had dependency changes.
+Benchmarked on an M1 MacBook Pro analyzing [octobox](https://github.com/octobox/octobox) (5193 commits, 8 years of history): init takes about 5 seconds at roughly 1000 commits/sec, producing a 4.8 MB database. About half the commits (2439) had dependency changes.
 
 Optimizations:
 - Bulk inserts with transaction batching (500 commits per transaction)
@@ -433,6 +434,37 @@ Actions, BentoML, Bower, Cargo, Carthage, Clojars, CocoaPods, Cog, Conda, CPAN,
 
 SBOM formats (CycloneDX, SPDX) are not supported as they duplicate information from the actual lockfiles.
 
+## Ruby API
+
+For embedding in other tools (like forges), git-pkgs provides a stateless parsing API that doesn't require initializing a database:
+
+```ruby
+require "git/pkgs"
+
+# Parse a single manifest file
+result = Git::Pkgs.parse_file("Gemfile", content)
+# => { platform: "rubygems", kind: "manifest", dependencies: [...] }
+
+# Parse multiple files at once
+results = Git::Pkgs.parse_files({
+  "Gemfile" => gemfile_content,
+  "package.json" => package_json_content
+})
+
+# Diff two versions of a manifest
+diff = Git::Pkgs.diff_file("Gemfile", old_content, new_content)
+# => { path: "Gemfile", platform: "rubygems", added: [...], modified: [...], removed: [...] }
+```
+
+The diff_file method returns modified dependencies with a `previous_requirement` field showing the old version.
+
+For database queries, connect to an existing database and use the Sequel models directly:
+
+```ruby
+Git::Pkgs::Database.connect(repo_git_dir)
+Git::Pkgs::Models::DependencyChange.where(name: "rails").all
+```
+
 ## Contributing
 
 Bug reports, feature requests, and pull requests are welcome. If you're unsure about a change, open an issue first to discuss it.

data/lib/git/pkgs/analyzer.rb

@@ -18,7 +18,7 @@ module Git
         pom.xml ivy.xml build.gradle build.gradle.kts gradle-dependencies-q.txt
         maven-resolved-dependencies.txt sbt-update-full.txt maven-dependency-tree.txt maven-dependency-tree.dot
         Cargo.toml Cargo.lock
-        go.mod go.sum glide.yaml glide.lock Godeps Godeps/Godeps.json
+        go.mod glide.yaml glide.lock Godeps Godeps/Godeps.json
         vendor/manifest vendor/vendor.json Gopkg.toml Gopkg.lock go-resolved-dependencies.json
         composer.json composer.lock
         Podfile Podfile.lock *.podspec *.podspec.json

data/lib/git/pkgs/commands/diff.rb

@@ -51,11 +51,20 @@ module Git
           changes_list = changes.all
 
           if changes_list.empty?
-            empty_result "No dependency changes between #{from_commit.short_sha} and #{to_commit.short_sha}"
+            if @options[:format] == "json"
+              require "json"
+              puts JSON.pretty_generate({ from: from_commit.short_sha, to: to_commit.short_sha, added: [], modified: [], removed: [] })
+            else
+              empty_result "No dependency changes between #{from_commit.short_sha} and #{to_commit.short_sha}"
+            end
             return
           end
 
-          paginate { output_text(from_commit, to_commit, changes_list) }
+          if @options[:format] == "json"
+            output_json(from_commit, to_commit, changes_list)
+          else
+            paginate { output_text(from_commit, to_commit, changes_list) }
+          end
         end
 
         def output_text(from_commit, to_commit, changes)
@@ -101,6 +110,50 @@ module Git
           puts "Summary: #{added_count} #{removed_count} #{modified_count}"
         end
 
+        def output_json(from_commit, to_commit, changes)
+          require "json"
+
+          added = changes.select { |c| c.change_type == "added" }
+          modified = changes.select { |c| c.change_type == "modified" }
+          removed = changes.select { |c| c.change_type == "removed" }
+
+          format_change = lambda do |change|
+            {
+              name: change.name,
+              ecosystem: change.ecosystem,
+              requirement: change.requirement,
+              manifest: change.manifest.path,
+              commit: change.commit.short_sha,
+              date: change.commit.committed_at.iso8601
+            }
+          end
+
+          format_modified = lambda do |first, latest|
+            {
+              name: first.name,
+              ecosystem: first.ecosystem,
+              previous_requirement: first.previous_requirement,
+              requirement: latest.requirement,
+              manifest: latest.manifest.path
+            }
+          end
+
+          data = {
+            from: from_commit.short_sha,
+            to: to_commit.short_sha,
+            added: added.group_by(&:name).map { |_name, pkg_changes| format_change.call(pkg_changes.last) },
+            modified: modified.group_by(&:name).map { |_name, pkg_changes| format_modified.call(pkg_changes.first, pkg_changes.last) },
+            removed: removed.group_by(&:name).map { |_name, pkg_changes| format_change.call(pkg_changes.last) },
+            summary: {
+              added: added.map(&:name).uniq.count,
+              modified: modified.map(&:name).uniq.count,
+              removed: removed.map(&:name).uniq.count
+            }
+          }
+
+          puts JSON.pretty_generate(data)
+        end
+
         def parse_range_argument
           return [nil, nil] if @args.empty?
 
@@ -142,6 +195,10 @@ module Git
               options[:ecosystem] = v
             end
 
+            opts.on("-f", "--format=FORMAT", "Output format (text, json)") do |v|
+              options[:format] = v
+            end
+
             opts.on("--no-pager", "Do not pipe output into a pager") do
               options[:no_pager] = true
             end

data/lib/git/pkgs/commands/diff_driver.rb

@@ -23,7 +23,7 @@ module Git
           composer.lock
           gems.locked
           glide.lock
-          go.sum
+          go.mod
           mix.lock
           npm-shrinkwrap.json
           package-lock.json

data/lib/git/pkgs/commands/list.rb

@@ -25,6 +25,10 @@ module Git
           deps = compute_dependencies_at_commit(target_commit, repo)
 
           # Apply filters
+          if @options[:manifest]
+            deps = deps.select { |d| d[:manifest_path] == @options[:manifest] }
+          end
+
           if @options[:ecosystem]
             deps = deps.select { |d| d[:ecosystem] == @options[:ecosystem] }
           end
@@ -133,6 +137,10 @@ module Git
               options[:ecosystem] = v
             end
 
+            opts.on("-m", "--manifest=PATH", "Filter by manifest path") do |v|
+              options[:manifest] = v
+            end
+
             opts.on("-t", "--type=TYPE", "Filter by dependency type") do |v|
               options[:type] = v
             end

data/lib/git/pkgs/commands/stale.rb

@@ -91,11 +91,20 @@ module Git
           end
 
           if outdated_data.empty?
-            empty_result "All dependencies have been updated recently"
+            if @options[:format] == "json"
+              require "json"
+              puts JSON.pretty_generate([])
+            else
+              empty_result "All dependencies have been updated recently"
+            end
             return
           end
 
-          paginate { output_text(outdated_data) }
+          if @options[:format] == "json"
+            output_json(outdated_data)
+          else
+            paginate { output_text(outdated_data) }
+          end
         end
 
         def output_text(outdated_data)
@@ -112,6 +121,23 @@ module Git
           end
         end
 
+        def output_json(outdated_data)
+          require "json"
+
+          data = outdated_data.map do |dep|
+            {
+              name: dep[:name],
+              ecosystem: dep[:ecosystem],
+              requirement: dep[:requirement],
+              manifest: dep[:manifest],
+              last_updated: dep[:last_updated].iso8601,
+              days_ago: dep[:days_ago]
+            }
+          end
+
+          puts JSON.pretty_generate(data)
+        end
+
         def parse_options
           options = {}
 
@@ -130,6 +156,10 @@ module Git
               options[:days] = v
             end
 
+            opts.on("-f", "--format=FORMAT", "Output format (text, json)") do |v|
+              options[:format] = v
+            end
+
             opts.on("--no-pager", "Do not pipe output into a pager") do
               options[:no_pager] = true
             end

data/lib/git/pkgs/commands/tree.rb

@@ -33,14 +33,23 @@ module Git
           snapshots_list = snapshots.all
 
           if snapshots_list.empty?
-            empty_result "No dependencies found"
+            if @options[:format] == "json"
+              require "json"
+              puts JSON.pretty_generate({ manifests: [], total: 0 })
+            else
+              empty_result "No dependencies found"
+            end
             return
           end
 
           # Group by manifest and build tree
           grouped = snapshots_list.group_by { |s| s.manifest }
 
-          paginate { output_text(grouped, snapshots_list) }
+          if @options[:format] == "json"
+            output_json(grouped, snapshots_list)
+          else
+            paginate { output_text(grouped, snapshots_list) }
+          end
         end
 
         def output_text(grouped, snapshots)
@@ -64,6 +73,35 @@ module Git
           puts "Total: #{snapshots.count} dependencies across #{grouped.keys.count} manifest(s)"
         end
 
+        def output_json(grouped, snapshots)
+          require "json"
+
+          manifests = grouped.map do |manifest, deps|
+            by_type = deps.group_by { |d| d.dependency_type || "runtime" }
+
+            {
+              path: manifest.path,
+              ecosystem: manifest.ecosystem,
+              dependencies: by_type.transform_values do |type_deps|
+                type_deps.sort_by(&:name).map do |dep|
+                  {
+                    name: dep.name,
+                    requirement: dep.requirement || "*"
+                  }
+                end
+              end
+            }
+          end
+
+          data = {
+            manifests: manifests,
+            total: snapshots.count,
+            manifest_count: grouped.keys.count
+          }
+
+          puts JSON.pretty_generate(data)
+        end
+
         def print_dependency(dep, indent)
           prefix = "  " * indent
           version = dep.requirement || "*"
@@ -111,6 +149,10 @@ module Git
               options[:branch] = v
             end
 
+            opts.on("-f", "--format=FORMAT", "Output format (text, json)") do |v|
+              options[:format] = v
+            end
+
             opts.on("--no-pager", "Do not pipe output into a pager") do
               options[:no_pager] = true
             end

data/lib/git/pkgs/commands/why.rb

@@ -35,12 +35,25 @@ module Git
           added_change = added_change.first
 
           unless added_change
-            empty_result "Package '#{package_name}' not found in dependency history"
+            if @options[:format] == "json"
+              require "json"
+              puts JSON.pretty_generate({ found: false, package: package_name })
+            else
+              empty_result "Package '#{package_name}' not found in dependency history"
+            end
             return
           end
 
           commit = added_change.commit
 
+          if @options[:format] == "json"
+            output_json(package_name, added_change, commit)
+          else
+            output_text(package_name, added_change, commit)
+          end
+        end
+
+        def output_text(package_name, added_change, commit)
           puts "#{package_name} was added in commit #{commit.short_sha}"
           puts
           puts "Date:    #{commit.committed_at.strftime("%Y-%m-%d %H:%M")}"
@@ -52,6 +65,28 @@ module Git
           puts commit.message.to_s.lines.map { |l| "  #{l}" }.join
         end
 
+        def output_json(package_name, added_change, commit)
+          require "json"
+
+          data = {
+            found: true,
+            package: package_name,
+            ecosystem: added_change.ecosystem,
+            requirement: added_change.requirement,
+            manifest: added_change.manifest.path,
+            commit: {
+              sha: commit.sha,
+              short_sha: commit.short_sha,
+              message: commit.message,
+              author_name: commit.author_name,
+              author_email: commit.author_email,
+              date: commit.committed_at.iso8601
+            }
+          }
+
+          puts JSON.pretty_generate(data)
+        end
+
         def parse_options
           options = {}
 
@@ -62,6 +97,10 @@ module Git
               options[:ecosystem] = v
             end
 
+            opts.on("-f", "--format=FORMAT", "Output format (text, json)") do |v|
+              options[:format] = v
+            end
+
             opts.on("-h", "--help", "Show this help") do
               puts opts
               exit

data/lib/git/pkgs/config.rb

@@ -5,7 +5,7 @@ require "bibliothecary"
 module Git
   module Pkgs
     module Config
-      # File patterns ignored by default (SBOM formats not supported)
+      # File patterns ignored by default (SBOM formats not supported, go.sum is checksums only)
       DEFAULT_IGNORED_FILES = %w[
         cyclonedx.xml
         cyclonedx.json
@@ -13,6 +13,7 @@ module Git
         *.cdx.json
         *.spdx
         *.spdx.json
+        go.sum
       ].freeze
 
       def self.ignored_dirs

data/lib/git/pkgs/version.rb

@@ -2,6 +2,6 @@
 
 module Git
   module Pkgs
-    VERSION = "0.6.1"
+    VERSION = "0.6.2"
   end
 end

data/lib/git/pkgs.rb

@@ -47,6 +47,77 @@ module Git
     class << self
       attr_accessor :quiet, :git_dir, :work_tree, :db_path, :batch_size, :snapshot_interval, :threads
 
+      # Parse dependencies from a single manifest or lockfile.
+      # Returns nil if the file is not recognized as a manifest.
+      #
+      # @param path [String] file path (used for format detection)
+      # @param content [String] file contents
+      # @return [Hash, nil] parsed manifest with :platform, :path, :kind, :dependencies keys
+      def parse_file(path, content)
+        Config.configure_bibliothecary
+        result = Bibliothecary.analyse_file(path, content).first
+        return nil unless result
+        return nil if Config.filter_ecosystem?(result[:platform])
+
+        result
+      end
+
+      # Parse dependencies from multiple files.
+      # Returns only files that are recognized as manifests.
+      #
+      # @param files [Hash<String, String>] hash of path => content
+      # @return [Array<Hash>] array of parsed manifests
+      def parse_files(files)
+        Config.configure_bibliothecary
+        files.filter_map do |path, content|
+          result = Bibliothecary.analyse_file(path, content).first
+          next unless result
+          next if Config.filter_ecosystem?(result[:platform])
+
+          result
+        end
+      end
+
+      # Diff dependencies between two versions of a manifest file.
+      # Returns added, modified, and removed dependencies.
+      #
+      # @param path [String] file path (used for format detection)
+      # @param old_content [String] previous file contents (empty string for new files)
+      # @param new_content [String] current file contents (empty string for deleted files)
+      # @return [Hash] with :added, :modified, :removed arrays and :platform, :path keys
+      def diff_file(path, old_content, new_content)
+        Config.configure_bibliothecary
+
+        old_result = old_content.empty? ? nil : Bibliothecary.analyse_file(path, old_content).first
+        new_result = new_content.empty? ? nil : Bibliothecary.analyse_file(path, new_content).first
+
+        platform = new_result&.dig(:platform) || old_result&.dig(:platform)
+        return nil unless platform
+        return nil if Config.filter_ecosystem?(platform)
+
+        old_deps = (old_result&.dig(:dependencies) || []).map { |d| [d[:name], d] }.to_h
+        new_deps = (new_result&.dig(:dependencies) || []).map { |d| [d[:name], d] }.to_h
+
+        added = (new_deps.keys - old_deps.keys).map { |n| new_deps[n] }
+        removed = (old_deps.keys - new_deps.keys).map { |n| old_deps[n] }
+        modified = (old_deps.keys & new_deps.keys).filter_map do |name|
+          old_dep = old_deps[name]
+          new_dep = new_deps[name]
+          next if old_dep[:requirement] == new_dep[:requirement] && old_dep[:type] == new_dep[:type]
+
+          new_dep.to_h.merge(previous_requirement: old_dep[:requirement])
+        end
+
+        {
+          path: path,
+          platform: platform,
+          kind: new_result&.dig(:kind) || old_result&.dig(:kind),
+          added: added,
+          modified: modified,
+          removed: removed
+        }
+      end
+
       def configure_from_env
         @git_dir ||= presence(ENV["GIT_DIR"])
         @work_tree ||= presence(ENV["GIT_WORK_TREE"])

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: git-pkgs
 version: !ruby/object:Gem::Version
-  version: 0.6.1
+  version: 0.6.2
 platform: ruby
 authors:
 - Andrew Nesbitt
@@ -57,14 +57,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '15.0'
+        version: '15.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '15.0'
+        version: '15.1'
 description: A git subcommand for analyzing package/dependency usage in git repositories
   over time
 email: