libyear-rb 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 780ffd231f0123d3d93b819886b7ec1bf90100c93a53b9a87eb3ff9028178392
+  data.tar.gz: 7b4405cfbde73ffa056506087378ff45b794fe93c102933ccb202209e087c7db
+SHA512:
+  metadata.gz: 282f83a4874582c3d835cc8d9c5fb89eb7ac6e27c122fc4f8e82e9e10da007970e9806de21ca8e64d7ae1766cca222356f4f68737923845a940c0def7a9fb6df
+  data.tar.gz: d3da23dc71125df5adeb55769624d82ead4642b97ac23c1931c355c264b4c803066758c625666c6a8b68f364d827a6029c2912508e45819ef3b6b575f0d2397a

data/.github/CODEOWNERS

@@ -0,0 +1 @@
+* @Thomascountz @bquorning

data/.github/workflows/ci.yml

@@ -0,0 +1,24 @@
+name: CI
+on:
+  push:
+    branches: [main]
+  pull_request:
+jobs:
+  testing:
+    name: Testing
+    runs-on: ubuntu-24.04-arm
+    steps:
+      - uses: actions/checkout@v6
+      - uses: ruby/setup-ruby@v1
+        with:
+          bundler-cache: true
+      - run: bundle exec rake test
+  linting:
+    name: Linting
+    runs-on: ubuntu-24.04-arm
+    steps:
+      - uses: actions/checkout@v6
+      - uses: ruby/setup-ruby@v1
+        with:
+          bundler-cache: true
+      - run: bundle exec rake rubocop

data/.github/workflows/release.yml

@@ -0,0 +1,24 @@
+name: Release Gem
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+jobs:
+  release:
+    name: Release gem to RubyGems.org
+    runs-on: ubuntu-24.04-arm
+
+    permissions:
+      id-token: write
+      contents: write
+
+    steps:
+      - uses: actions/checkout@v6
+      - uses: ruby/setup-ruby@v1
+        with:
+          bundler-cache: true
+      - run: bundle exec rake test
+      - run: bundle exec rake rubocop
+      - uses: rubygems/release-gem@v1

data/.rubocop.yml

@@ -0,0 +1,34 @@
+require:
+  - standard
+
+plugins:
+  - rubocop-minitest
+  - rubocop-performance
+  - rubocop-rake
+  - standard-custom
+  - standard-performance
+
+inherit_gem:
+  standard: config/base.yml
+  standard-custom: config/base.yml
+  standard-performance: config/base.yml
+
+AllCops:
+  NewCops: enable
+
+Layout/LineLength:
+  Enabled: true
+  Max: 140 # TODO: Reduce to 120
+
+Lint/NoReturnInBeginEndBlocks:
+  Enabled: true
+
+Style/FormatString:
+  Enabled: true
+  EnforcedStyle: percent
+
+Style/RedundantInitialize:
+  Enabled: true
+
+Style/Documentation:
+  Enabled: false # TODO: Enable

data/.ruby-version

@@ -0,0 +1 @@
+4.0

data/CHANGELOG.md

@@ -0,0 +1,14 @@
+# Changelog
+
+## [Unreleased]
+
+## [0.1.0] - 2025-01-09
+
+### Added
+
+- Initial release of libyear-rb
+- Analyze Gemfile.lock to measure dependency freshness in libyears
+- Report versions behind (release count) and days/years behind for each dependency
+- Support for any RubyGems.org-compatible gem server (private gem servers, mirrors, etc.)
+- Historical analysis with `--as-of` flag to analyze dependencies as of a specific date
+- Caching of gem metadata to minimize network requests (24-hour TTL)

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2026 Thomas Countz
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,108 @@
+# libyear-rb
+
+A simple measure of dependency freshness for Ruby apps.
+
+```bash
+$ libyear-rb
+Gem                  Current Current Date Latest   Latest Date Versions Days Years
+.................... ....... ............ ........ ........... ........ .... .....
+addressable          2.8.7   2024-06-21   2.8.8    2025-11-25         1  522  1.43
+bigdecimal           3.3.1   2025-10-09   4.0.1    2025-12-17         4   69  0.19
+rails                7.0.0   2021-12-15   7.2.0    2024-08-10        15  968  2.65
+System is 4.27 libyears behind
+Total releases behind: 20
+```
+
+`libyear-rb` tells you how out-of-date your Gemfile.lock is, in libyears (the time between your installed version and the newest version).
+
+## Features
+
+- Analyzes Gemfile.lock to measure dependency freshness
+- Reports libyears (time behind) and version distance (releases behind)
+- Supports any RubyGems.org-compatible gem server (private gem servers, mirrors, etc.)
+- Historical analysis with `--as-of` to see what your dependencies looked like at a specific date
+- Caches API responses to minimize network requests
+
+## Installation
+
+```bash
+gem install libyear-rb
+```
+
+Or add to your Gemfile:
+
+```ruby
+gem "libyear-rb"
+```
+
+## Usage
+
+Run `libyear-rb` in a directory with a Gemfile.lock, or provide a path:
+
+```bash
+libyear-rb                      # Uses ./Gemfile.lock
+libyear-rb path/to/Gemfile.lock # Uses specified lockfile
+```
+
+### Options
+
+```
+--as-of DATE    Analyze dependencies as of the given date (YYYY-MM-DD)
+--verbose       Run with verbose logs
+--help          Show help
+--version       Show version
+```
+
+### Historical Analysis
+
+You can analyze what your dependencies looked like at a specific point in time:
+
+```bash
+libyear-rb --as-of 2024-01-01
+```
+
+## Private Gem Servers
+
+`libyear-rb` supports any gem server with a RubyGems.org-compatible API. It uses your configured gem sources from `~/.gemrc` or environment, so private gems hosted on servers like Gemfury, Artifactory, or self-hosted solutions work automatically.
+
+## Caching
+
+To reduce API requests and improve performance, `libyear-rb` caches gem version metadata for 24 hours.
+
+**Cache location:**
+- Uses `$XDG_CACHE_HOME/libyear-rb/` if `XDG_CACHE_HOME` is set
+- Otherwise defaults to `~/.cache/libyear-rb/`
+
+Cache files are organized by gem source host, so metadata from different gem servers is stored separately.
+
+**To skip the cache:**
+```bash
+SKIP_CACHE=1 libyear-rb
+```
+
+**To clear the cache:**
+```bash
+rm -rf ~/.cache/libyear-rb
+```
+
+## Alternatives
+
+Other Ruby tools for measuring dependency freshness:
+
+- [libyear-bundler](https://github.com/jaredbeck/libyear-bundler) - The original Ruby libyear implementation. Supports additional metrics like major/minor/patch version deltas and JSON output.
+- [bundler-audit](https://github.com/rubysec/bundler-audit) - Focuses on security vulnerabilities rather than freshness, but useful for dependency health.
+- [bundle outdated](https://bundler.io/man/bundle-outdated.1.html) - Built into Bundler. Shows outdated gems but doesn't calculate libyears.
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake test` to run the tests. You can also run `bin/console` for an interactive prompt.
+
+To install this gem onto your local machine, run `bundle exec rake install`.
+
+## Acknowledgements
+
+The concept of libyear comes from the technical report "Measuring Dependency Freshness in Software Systems" by J. Cox, E. Bouwers, M. van Eekelen and J. Visser (ICSE 2015).
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+require "bundler/gem_tasks"
+
+require "minitest/test_task"
+Minitest::TestTask.create
+
+require "rubocop/rake_task"
+RuboCop::RakeTask.new
+
+task default: %i[test rubocop]

data/exe/libyear-rb

@@ -0,0 +1,6 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require "libyear_rb"
+
+LibyearRb::CLI.new(ARGV).run

data/lib/libyear_rb/cli.rb

@@ -0,0 +1,95 @@
+# frozen_string_literal: true
+
+require "optparse"
+require "date"
+require "logger"
+
+module LibyearRb
+  class CLI
+    def initialize(argv = ARGV)
+      @argv = argv.dup
+      @options = {}
+      parse_options!
+    end
+
+    def run
+      lockfile_contents = read_lockfile
+      logger = build_logger
+
+      lockfile_parser = LockfileParser.new
+      gem_info_fetcher = GemInfoFetcher.new
+      dependency_analyzer = DependencyAnalyzer.new(logger: logger)
+      reporter = PlaintextReporter.new
+
+      runner = Runner.new(
+        lockfile_parser: lockfile_parser,
+        gem_info_fetcher: gem_info_fetcher,
+        dependency_analyzer: dependency_analyzer,
+        reporter: reporter,
+        logger: logger
+      )
+
+      runner.run(lockfile_contents, as_of: @options[:as_of])
+    end
+
+    private
+
+    def build_logger
+      return nil unless @options[:verbose]
+
+      Logger.new($stderr)
+    end
+
+    def parse_options!
+      OptionParser.new do |opts|
+        opts.banner = "Usage: libyear-rb [Gemfile.lock] [options]"
+        opts.program_name = "libyear-rb"
+        opts.version = LibyearRb::VERSION
+
+        opts.on("-h", "--help", "Prints this help") do
+          puts opts
+          exit
+        end
+
+        opts.on("-v", "--version", "Show version") do
+          puts "libyear-rb #{LibyearRb::VERSION}"
+          exit
+        end
+
+        opts.on("--as-of DATE", "Analyze dependencies as of the given date (YYYY-MM-DD)") do |date|
+          @options[:as_of] = Date.parse(date)
+        rescue ArgumentError
+          warn "Invalid date format. Please use YYYY-MM-DD."
+          exit 1
+        end
+
+        opts.on("--verbose", "Run with verbose logs") do
+          @options[:verbose] = true
+        end
+
+        opts.separator ""
+        opts.separator "Environment variables:"
+        opts.separator "  SKIP_CACHE=1    Disable reading to and writing from the libyear-rb cache"
+      end.parse!(@argv)
+    end
+
+    def read_lockfile
+      lockfile_path = @argv[0] || default_lockfile_path
+
+      File.read(lockfile_path)
+    rescue Errno::ENOENT
+      warn "Lockfile not found at path: #{lockfile_path}"
+      exit 1
+    end
+
+    def default_lockfile_path
+      if ENV.key?("BUNDLE_LOCKFILE")
+        ENV["BUNDLE_LOCKFILE"]
+      elsif ENV.key?("BUNDLE_GEMFILE")
+        "#{ENV["BUNDLE_GEMFILE"]}.lock"
+      else
+        "Gemfile.lock"
+      end
+    end
+  end
+end

data/lib/libyear_rb/dependency_analyzer.rb

@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+
+module LibyearRb
+  class DependencyAnalyzer
+    def initialize(logger: nil)
+      @logger = logger
+    end
+
+    def calculate_dependency_freshness(gem_name, gem_version, versions_metadata)
+      current_version_info = versions_metadata.find { |version| version.number == gem_version }
+
+      if current_version_info.nil?
+        @logger&.warn("Skipping #{gem_name}: installed version #{gem_version} not found in metadata")
+        return
+      end
+
+      latest_version_info = if current_version_info.prerelease?
+        versions_metadata.first
+      else
+        versions_metadata.find { |version| !version.prerelease? }
+      end
+
+      latest_version = latest_version_info.number
+      current_version = current_version_info.number
+
+      if latest_version == current_version
+        return nil
+      end
+
+      latest_release_date = latest_version_info.created_at
+      current_release_date = current_version_info.created_at
+
+      version_distance = versions_metadata.index { |version| version.number == current_version }
+      libyear_in_days = [(latest_release_date - current_release_date).to_i, 0].max
+
+      Result.new(
+        name: gem_name,
+        current_version: gem_version,
+        current_version_release_date: current_release_date,
+        latest_version: latest_version,
+        latest_version_release_date: latest_release_date,
+        version_distance: version_distance,
+        libyear_in_days: libyear_in_days,
+        is_direct: true
+      )
+    end
+  end
+end

data/lib/libyear_rb/gem_info_cacher.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+require "json"
+require "fileutils"
+
+module LibyearRb
+  module GemInfoCacher
+    CACHE_EXPIRATION = 86_400 # 24 hours in seconds
+
+    def with_cache(remote_host, gem_name, &block)
+      if ENV["SKIP_CACHE"] == "1"
+        return block.call
+      end
+
+      cache_file = cache_path(remote_host, gem_name)
+      if cache_valid?(cache_file)
+        JSON.parse(File.read(cache_file))
+      else
+        block.call.tap do |data|
+          return [] unless data
+
+          FileUtils.mkdir_p(File.dirname(cache_file))
+          File.write(cache_file, JSON.dump(data))
+          File.utime(Time.now, Time.now, cache_file)
+        end
+      end
+    end
+
+    private
+
+    def cache_valid?(cache_file)
+      return false unless File.exist?(cache_file)
+
+      cache_age = Time.now - File.mtime(cache_file)
+      cache_age < CACHE_EXPIRATION
+    end
+
+    def cache_dir
+      ENV["XDG_CACHE_HOME"] || File.join(Dir.home, ".cache")
+    end
+
+    def cache_path(remote_host, gem_name)
+      host_key = remote_host.gsub(/[^a-zA-Z0-9]/, "_")
+      File.join(cache_dir, "libyear-rb", host_key, "#{gem_name}.json")
+    end
+  end
+end

data/lib/libyear_rb/gem_info_fetcher.rb

@@ -0,0 +1,80 @@
+# frozen_string_literal: true
+
+require "gems"
+require "date"
+require "rubygems"
+
+module LibyearRb
+  class GemInfoFetcher
+    include GemInfoCacher
+
+    RATE_LIMIT = 10 # https://guides.rubygems.org/rubygems-org-rate-limits/
+    RATE_LIMIT_INTERVAL = 1.0 / RATE_LIMIT
+
+    def initialize
+      @gem_source_clients = {}
+      @last_request_time = Hash.new { |hash, key| hash[key] = Time.now - RATE_LIMIT_INTERVAL }
+    end
+
+    def gem_versions_for(gem_name, remote_host)
+      client = client_for(remote_host)
+      return [] unless client
+
+      raw_versions = fetch_raw_versions(client, remote_host, gem_name)
+      build_versions(gem_name, raw_versions)
+    end
+
+    private
+
+    def fetch_raw_versions(client, remote_host, gem_name)
+      with_cache(remote_host, gem_name) do
+        wait_for_rate_limit(remote_host)
+
+        client.versions(gem_name)
+      rescue Gems::GemError, Gems::NotFound
+        []
+      end
+    end
+
+    def build_versions(gem_name, raw_versions)
+      Array(raw_versions)
+        .map do |attributes|
+          GemVersion.new(
+            name: gem_name,
+            number: Gem::Version.new(attributes["number"]),
+            created_at: Date.parse(attributes["created_at"]),
+            prerelease?: attributes["prerelease"]
+          )
+        end
+    end
+
+    def client_for(remote_host)
+      return @gem_source_clients[remote_host] if @gem_source_clients.key?(remote_host)
+
+      client = nil
+      source = sources.find { |gem_source| gem_source.uri.host == remote_host }
+
+      if source
+        uri = source.uri
+        client = Gems::Client.new(
+          host: (uri.origin + uri.request_uri),
+          username: uri.user,
+          password: uri.password
+        )
+      end
+
+      @gem_source_clients[remote_host] = client
+    end
+
+    def sources
+      @sources ||= Gem.sources.each_source.to_a
+    end
+
+    def wait_for_rate_limit(remote_host)
+      now = Time.now
+      elapsed = now - @last_request_time[remote_host]
+      sleep(RATE_LIMIT_INTERVAL - elapsed) if elapsed < RATE_LIMIT_INTERVAL
+      @last_request_time[remote_host] = Time.now
+    end
+  end
+end

data/lib/libyear_rb/lockfile_parser.rb

@@ -0,0 +1,221 @@
+# frozen_string_literal: true
+
+module LibyearRb
+  class LockfileParser
+    # Section markers
+    BUNDLED_WITH = /^BUNDLED WITH$/
+    CHECKSUMS = /^CHECKSUMS$/
+    DEPENDENCIES = /^DEPENDENCIES$/
+    GEM = /^GEM$/
+    GIT = /^GIT$/
+    PATH = /^PATH$/
+    PLATFORMS = /^PLATFORMS$/
+    PLUGIN = /^PLUGIN SOURCE$/
+    RUBY = /^RUBY VERSION$/
+
+    # Entry patterns
+    REMOTE = /^  remote: (.+)$/
+    REVISION = /^  revision: (.+)$/
+    SPECS = /^  specs:$/
+    OPTION = /^  ([a-z]+): (.+)$/i
+    SPEC_ENTRY = /^    ([^ (]+)(?: \(([^)]+)\))?$/
+    DEPENDENCY_ENTRY = /^      ([^ (]+)(?: \(([^)]+)\))?$/
+    TOP_LEVEL_DEPENDENCY = /^  ([^ (]+)(?: \(([^)]+)\))?(!)?$/
+    PLATFORM_ENTRY = /^  (.+)$/
+    VERSION_LINE = /^   ?([^ ].+)$/
+    BUNDLED_VERSION = /^   ?([^ ].+)$/
+
+    def parse(lockfile_content)
+      lines = lockfile_content.lines(chomp: true)
+
+      sources = []
+      platforms = []
+      dependencies = []
+      ruby_version = nil
+      bundled_with = nil
+
+      i = 0
+      while i < lines.length
+        line = lines[i]
+
+        case line
+        when GIT, GEM, PATH, PLUGIN
+          source, next_i = parse_source(lines, i)
+          sources << source
+          i = next_i
+        when PLATFORMS
+          platforms, i = parse_platforms(lines, i + 1)
+        when DEPENDENCIES
+          dependencies, i = parse_dependencies(lines, i + 1)
+        when RUBY
+          ruby_version, i = parse_ruby_version(lines, i + 1)
+        when BUNDLED_WITH
+          bundled_with, i = parse_bundled_with(lines, i + 1)
+        when CHECKSUMS
+          i = skip_section(lines, i + 1)
+        else
+          i += 1
+        end
+      end
+
+      Lockfile.new(
+        sources: sources,
+        platforms: platforms,
+        dependencies: dependencies,
+        ruby_version: ruby_version,
+        bundled_with: bundled_with
+      )
+    end
+
+    private
+
+    def parse_source(lines, start_idx)
+      type = case lines[start_idx]
+      when GIT then :git
+      when GEM then :gem
+      when PATH then :path
+      when PLUGIN then :plugin
+      end
+
+      remote = nil
+      revision = nil
+      specs = []
+      options = {}
+
+      i = start_idx + 1
+      while i < lines.length && !section_header?(lines[i])
+        line = lines[i]
+
+        case line
+        when REMOTE
+          remote = line.match(REMOTE)[1]
+        when REVISION
+          revision = line.match(REVISION)[1]
+        when SPECS
+          specs, i = parse_specs(lines, i + 1)
+          next
+        when OPTION
+          match = line.match(OPTION)
+          options[match[1]] = match[2]
+        end
+
+        i += 1
+      end
+
+      source = Source.new(
+        type: type,
+        remote: remote,
+        revision: revision,
+        specs: specs,
+        options: options
+      )
+
+      [source, i]
+    end
+
+    def parse_specs(lines, start_idx)
+      specs = []
+      i = start_idx
+
+      while i < lines.length && lines[i].match?(SPEC_ENTRY)
+        line = lines[i]
+        match = line.match(SPEC_ENTRY)
+        name = match[1]
+        version = match[2]
+
+        dependencies = []
+        i += 1
+
+        while i < lines.length && lines[i].match?(DEPENDENCY_ENTRY)
+          dep_match = lines[i].match(DEPENDENCY_ENTRY)
+          dependencies << Dependency.new(
+            name: dep_match[1],
+            version_requirements: dep_match[2]
+          )
+          i += 1
+        end
+
+        specs << Spec.new(
+          name: name,
+          version: version,
+          dependencies: dependencies
+        )
+      end
+
+      [specs, i]
+    end
+
+    def parse_platforms(lines, start_idx)
+      platforms = []
+      i = start_idx
+
+      while i < lines.length && lines[i].match?(PLATFORM_ENTRY) && !section_header?(lines[i])
+        match = lines[i].match(PLATFORM_ENTRY)
+        platforms << Platform.new(name: match[1])
+        i += 1
+      end
+
+      [platforms, i]
+    end
+
+    def parse_dependencies(lines, start_idx)
+      dependencies = []
+      i = start_idx
+
+      while i < lines.length && lines[i].match?(TOP_LEVEL_DEPENDENCY)
+        match = lines[i].match(TOP_LEVEL_DEPENDENCY)
+        dependencies << Dependency.new(
+          name: match[1],
+          version_requirements: match[2]
+        )
+        i += 1
+      end
+
+      [dependencies, i]
+    end
+
+    def parse_ruby_version(lines, start_idx)
+      return [nil, start_idx] if start_idx >= lines.length
+
+      line = lines[start_idx]
+      return [nil, start_idx] unless line.match?(VERSION_LINE)
+
+      version_string = line.match(VERSION_LINE)[1]
+      parts = version_string.split
+
+      version, patchlevel = parts[1].split("p")
+      engine = parts[2] if parts.length > 2
+
+      ruby_version = RubyVersion.new(
+        version: version,
+        engine: engine,
+        patchlevel: patchlevel
+      )
+
+      [ruby_version, start_idx + 1]
+    end
+
+    def parse_bundled_with(lines, start_idx)
+      return [nil, start_idx] if start_idx >= lines.length
+
+      line = lines[start_idx]
+      return [nil, start_idx] unless line.match?(BUNDLED_VERSION)
+
+      version = line.match(BUNDLED_VERSION)[1]
+      [version, start_idx + 1]
+    end
+
+    def skip_section(lines, start_idx)
+      i = start_idx
+      i += 1 while i < lines.length && !section_header?(lines[i])
+      i
+    end
+
+    def section_header?(line)
+      line.match?(GEM) || line.match?(GIT) || line.match?(PATH) ||
+        line.match?(PLUGIN) || line.match?(PLATFORMS) ||
+        line.match?(DEPENDENCIES) || line.match?(RUBY) ||
+        line.match?(BUNDLED_WITH) || line.match?(CHECKSUMS)
+    end
+  end
+end

data/lib/libyear_rb/models.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+module LibyearRb
+  Lockfile = Data.define(:sources, :platforms, :dependencies, :ruby_version, :bundled_with)
+  Source = Data.define(:type, :remote, :revision, :specs, :options)
+  Spec = Data.define(:name, :version, :dependencies)
+  Dependency = Data.define(:name, :version_requirements)
+  Platform = Data.define(:name)
+  RubyVersion = Data.define(:version, :engine, :patchlevel)
+  GemVersion = Data.define(:name, :number, :created_at, :prerelease?)
+
+  Result = Data.define(
+    :name,
+    :current_version,
+    :current_version_release_date,
+    :latest_version,
+    :latest_version_release_date,
+    :version_distance,
+    :is_direct,
+    :libyear_in_days
+  )
+end

data/lib/libyear_rb/reporters/plaintext_reporter.rb

@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+
+module LibyearRb
+  class PlaintextReporter < Reporter
+    UNKNOWN = "Unknown"
+    COLUMN_BUFFER = 3
+    HEADERS = ["Gem", "Current", "Current Date", "Latest", "Latest Date", "Versions", "Days", "Years"].freeze
+
+    def generate(results)
+      rows = results.sort_by(&:name).filter_map do |result|
+        row_for(result) unless result.version_distance.zero?
+      end
+
+      return if rows.empty?
+
+      widths = calculate_widths(rows)
+      @io.puts format_row(HEADERS, widths)
+      @io.puts divider(widths)
+      rows.each { |row| @io.puts format_row(row, widths) }
+
+      total_days = results.sum { |r| r.libyear_in_days || 0 }
+      total_versions = results.sum { |r| r.version_distance || 0 }
+      @io.puts "System is %.2f libyears behind" % (total_days / 365.0)
+      @io.puts "Total releases behind: #{total_versions}"
+    end
+
+    private
+
+    def row_for(result)
+      [
+        result.name.to_s,
+        result.current_version&.to_s || UNKNOWN,
+        result.current_version_release_date&.strftime("%Y-%m-%d") || UNKNOWN,
+        result.latest_version&.to_s || UNKNOWN,
+        result.latest_version_release_date&.strftime("%Y-%m-%d") || UNKNOWN,
+        result.version_distance&.to_s || UNKNOWN,
+        result.libyear_in_days&.to_s || UNKNOWN,
+        result.libyear_in_days ? "%.2f" % (result.libyear_in_days / 365.0) : UNKNOWN
+      ]
+    end
+
+    def calculate_widths(rows)
+      [HEADERS, *rows].transpose.map { |column| column.map(&:length).max + COLUMN_BUFFER }
+    end
+
+    def format_row(values, widths)
+      values.zip(widths).map { |value, width| value.rjust(width) }.join(" ")
+    end
+
+    def divider(widths)
+      widths.map { |w| "." * w }.join(" ")
+    end
+  end
+end

data/lib/libyear_rb/reporters/reporter.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module LibyearRb
+  class Reporter
+    def initialize(io: $stdout)
+      @io = io
+    end
+
+    def generate(dependency_freshness)
+      raise NotImplementedError, "Subclasses must implement the generate method"
+    end
+  end
+end

data/lib/libyear_rb/runner.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+require "uri"
+
+module LibyearRb
+  class Runner
+    def initialize(lockfile_parser:, gem_info_fetcher:, dependency_analyzer:, reporter:, logger: nil)
+      @lockfile_parser = lockfile_parser
+      @gem_info_fetcher = gem_info_fetcher
+      @dependency_analyzer = dependency_analyzer
+      @reporter = reporter
+      @logger = logger
+    end
+
+    def run(lockfile_contents, as_of: nil)
+      results = []
+      lockfile = @lockfile_parser.parse(lockfile_contents)
+      lockfile.sources.each do |source|
+        unless source.type == :gem && !source.remote.nil?
+          @logger&.warn("Skipping source #{source.type}: unsupported source type or missing remote")
+          next
+        end
+
+        remote_host = URI.parse(source.remote).host
+
+        source.specs.each do |spec|
+          gem_name = spec.name
+          gem_version = spec.version
+          versions_metadata = @gem_info_fetcher.gem_versions_for(gem_name, remote_host)
+            .reject { |version| as_of && version.created_at > as_of }
+            .sort_by(&:number)
+            .reverse
+
+          if versions_metadata.empty?
+            @logger&.warn("Skipping #{gem_name}: no version metadata from #{remote_host}")
+            next
+          end
+
+          result = @dependency_analyzer.calculate_dependency_freshness(gem_name, gem_version, versions_metadata)
+          results << result if result
+        end
+      end
+      @reporter.generate(results)
+      results
+    end
+  end
+end

data/lib/libyear_rb/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module LibyearRb
+  VERSION = "0.1.0"
+end

data/lib/libyear_rb.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+require_relative "libyear_rb/version"
+require_relative "libyear_rb/models"
+require_relative "libyear_rb/lockfile_parser"
+require_relative "libyear_rb/gem_info_cacher"
+require_relative "libyear_rb/gem_info_fetcher"
+require_relative "libyear_rb/dependency_analyzer"
+require_relative "libyear_rb/reporters/reporter"
+require_relative "libyear_rb/reporters/plaintext_reporter"
+require_relative "libyear_rb/runner"
+require_relative "libyear_rb/cli"
+
+module LibyearRb
+  class Error < StandardError; end
+end

metadata

@@ -0,0 +1,99 @@
+--- !ruby/object:Gem::Specification
+name: libyear-rb
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Thomas Countz
+- Benjamin Quorning
+bindir: exe
+cert_chain: []
+date: 1980-01-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: gems
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: logger
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: libyear-rb analyzes your Gemfile.lock and tells you how out-of-date your
+  dependencies are, in libyears (the time between your installed version and the newest
+  version).
+email:
+- thomascountz@gmail.com
+- bquorning@zendesk.com
+executables:
+- libyear-rb
+extensions: []
+extra_rdoc_files: []
+files:
+- ".github/CODEOWNERS"
+- ".github/workflows/ci.yml"
+- ".github/workflows/release.yml"
+- ".rubocop.yml"
+- ".ruby-version"
+- CHANGELOG.md
+- LICENSE.txt
+- README.md
+- Rakefile
+- exe/libyear-rb
+- lib/libyear_rb.rb
+- lib/libyear_rb/cli.rb
+- lib/libyear_rb/dependency_analyzer.rb
+- lib/libyear_rb/gem_info_cacher.rb
+- lib/libyear_rb/gem_info_fetcher.rb
+- lib/libyear_rb/lockfile_parser.rb
+- lib/libyear_rb/models.rb
+- lib/libyear_rb/reporters/plaintext_reporter.rb
+- lib/libyear_rb/reporters/reporter.rb
+- lib/libyear_rb/runner.rb
+- lib/libyear_rb/version.rb
+homepage: https://github.com/thomascountz/libyear-rb
+licenses:
+- MIT
+metadata:
+  allowed_push_host: https://rubygems.org
+  homepage_uri: https://github.com/thomascountz/libyear-rb
+  source_code_uri: https://github.com/thomascountz/libyear-rb
+  changelog_uri: https://github.com/thomascountz/libyear-rb/blob/main/CHANGELOG.md
+  rubygems_mfa_required: 'true'
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 3.2.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 4.0.3
+specification_version: 4
+summary: A simple measure of dependency freshness
+test_files: []