package-audit 0.1.0 → 0.2.0

data/lib/package/audit/npm/yarn_lock_parser.rb

@@ -0,0 +1,42 @@
+module Package
+  module Audit
+    module Npm
+      class YarnLockParser
+        def initialize(yarn_lock_path)
+          @yarn_lock_path = File.read(yarn_lock_path)
+        end
+
+        def fetch(default_deps, dev_deps)
+          pkgs = []
+          default_deps.merge(dev_deps).each do |dep_name, expected_version|
+            pkg_block = fetch_package_block(dep_name, expected_version)
+            version = fetch_package_version(dep_name, pkg_block)
+            pks = Package.new(dep_name.to_s, version)
+            pks.update groups: dev_deps.key?(dep_name) ? %i[development] : %i[default development]
+            pkgs << pks
+          end
+          pkgs
+        end
+
+        private
+
+        def fetch_package_block(dep_name, expected_version)
+          regex = /#{Regexp.escape(dep_name)}@#{Regexp.escape(expected_version)}.*?:.*?(\n\n|\z)/m
+          blocks = @yarn_lock_path.match(regex)
+          if blocks.nil? || blocks[0].nil?
+            raise NoMatchingPatternError, "Unable to find #{dep_name} in #{@yarn_lock_path}"
+          end
+
+          blocks[0] || ''
+        end
+
+        def fetch_package_version(dep_name, pkg_block)
+          version = pkg_block.match(/version "(.*?)"/)&.[](1)
+          raise NoMatchingPatternError, "Unable to find #{dep_name} version in #{@yarn_lock_path}" if version.nil?
+
+          version || '0.0.0.0'
+        end
+      end
+    end
+  end
+end

data/lib/package/audit/{dependency.rb → package.rb}

@@ -6,15 +6,21 @@ require_relative './enum/risk_explanation'
 
 module Package
   module Audit
-    class Dependency
+    class Package
       attr_reader :name, :version
       attr_accessor :groups, :version_date, :latest_version, :latest_version_date, :vulnerabilities
 
-      def initialize(name, version)
+      def initialize(name, version, **attr)
         @name = name.to_s
         @version = version.to_s
         @groups = []
         @vulnerabilities = []
+        @risks = []
+        update(**attr)
+      end
+
+      def full_name
+        "#{name}@#{version}"
       end
 
       def update(**attr)
@@ -22,11 +28,15 @@ module Package
       end
 
       def risk
-        @risk ||= RiskCalculator.new(self).find || Risk.new(Enum::RiskType::NONE)
+        risks.max || Risk.new(Enum::RiskType::NONE)
+      end
+
+      def risks
+        RiskCalculator.new(self).find
       end
 
       def risk?
-        risk.type != Enum::RiskType::NONE
+        risks.any?
       end
 
       def group_list
@@ -45,6 +55,30 @@ module Package
         risk.explanation
       end
 
+      def deprecated?
+        risks.each do |risk|
+          return true if risk.explanation == Enum::RiskExplanation::POTENTIAL_DEPRECATION
+        end
+        false
+      end
+
+      def outdated?
+        risks.each do |risk|
+          return true if [
+            Enum::RiskExplanation::OUTDATED,
+            Enum::RiskExplanation::OUTDATED_BY_MAJOR_VERSION
+          ].include?(risk.explanation || '')
+        end
+        false
+      end
+
+      def vulnerable?
+        risks.each do |risk|
+          return true if risk.explanation == Enum::RiskExplanation::VULNERABILITY
+        end
+        false
+      end
+
       def to_csv(fields)
         fields.map { |field| send(field) }.join(',')
       end

data/lib/package/audit/{dependency_printer.rb → printer.rb}

@@ -1,3 +1,4 @@
+require_relative './const/fields'
 require_relative './formatter/risk'
 require_relative './formatter/version'
 require_relative './formatter/version_date'
@@ -5,61 +6,44 @@ require_relative './formatter/vulnerability'
 
 module Package
   module Audit
-    class DependencyPrinter
+    class Printer
       BASH_FORMATTING_REGEX = /\e\[\d+(?:;\d+)*m/
 
       COLUMN_GAP = 2
 
-      # the names of these fields must match the instance variables in the Dependency class
-      FIELDS = %i[
-        name
-        version
-        latest_version
-        latest_version_date
-        groups
-        vulnerabilities
-        risk_type
-        risk_explanation
-      ]
-
-      HEADERS = {
-        name: 'Package',
-        version: 'Version',
-        latest_version: 'Latest',
-        latest_version_date: 'Latest Date',
-        groups: 'Groups',
-        vulnerabilities: 'Vulnerabilities',
-        risk_type: 'Risk',
-        risk_explanation: 'Risk Explanation'
-      }
-
-      def initialize(dependencies, options)
-        @dependencies = dependencies
+      def initialize(pkgs, options)
+        @pkgs = pkgs
         @options = options
       end
 
-      def print(fields = FIELDS)
-        if (fields - FIELDS).any?
-          raise ArgumentError, "#{fields - FIELDS} are not valid field names. Available fields names are: #{FIELDS}."
-        end
+      def print(fields)
+        check_fields(fields)
+        return if @pkgs.empty?
 
         if @options[:csv]
           csv(fields, exclude_headers: @options[:'exclude-headers'])
         else
           pretty(fields)
         end
+        puts
       end
 
       private
 
-      def pretty(fields) # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity
-        return if @dependencies.empty?
+      def check_fields(fields)
+        return unless (fields - Const::Fields::ALL).any?
 
-        # find the maximum length of each field across all the dependencies so we know how many
+        raise ArgumentError,
+              "#{fields - Const::Fields::ALL} are not valid field names. " \
+              "Available fields names are: #{Const::Fields::ALL}."
+      end
+
+      def pretty(fields = Const::Fields::REPORT) # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity
+        # find the maximum length of each field across all the packages so we know how many
         # characters of horizontal space to allocate for each field when printing
         fields.each do |key|
-          instance_variable_set "@max_#{key}", HEADERS[key].length
-          @dependencies.each do |gem|
+          instance_variable_set "@max_#{key}", Const::Fields::HEADERS[key].length
+          @pkgs.each do |gem|
             curr_field_length = case key
                                 when :vulnerabilities
                                   gem.vulnerabilities_grouped.length
@@ -78,24 +62,24 @@ module Package
 
         puts '=' * line_length
         puts fields.map { |key|
-          HEADERS[key].gsub(BASH_FORMATTING_REGEX, '').ljust(instance_variable_get("@max_#{key}"))
+          Const::Fields::HEADERS[key].gsub(BASH_FORMATTING_REGEX, '').ljust(instance_variable_get("@max_#{key}"))
         }.join(' ' * COLUMN_GAP)
         puts '=' * line_length
 
-        @dependencies.each do |dep|
+        @pkgs.each do |pkg|
           puts fields.map { |key|
-            val = dep.send(key) || ''
+            val = pkg.send(key) || ''
             val = case key
                   when :groups
-                    dep.group_list
+                    pkg.group_list
                   when :risk_type
-                    Formatter::Risk.new(dep.risk_type).format
+                    Formatter::Risk.new(pkg.risk_type).format
                   when :version
-                    Formatter::Version.new(dep.version, dep.latest_version).format
+                    Formatter::Version.new(pkg.version, pkg.latest_version).format
                   when :vulnerabilities
-                    Formatter::Vulnerability.new(dep.vulnerabilities).format
+                    Formatter::Vulnerability.new(pkg.vulnerabilities).format
                   when :latest_version_date
-                    Formatter::VersionDate.new(dep.latest_version_date).format
+                    Formatter::VersionDate.new(pkg.latest_version_date).format
                   else
                     val
                   end
@@ -106,9 +90,7 @@ module Package
         end
       end
 
-      def csv(fields, exclude_headers: false) # rubocop:disable Metrics/MethodLength
-        return if @dependencies.empty?
-
+      def csv(fields, exclude_headers: false)
         value_fields = fields.map do |field|
           case field
           when :groups
@@ -121,7 +103,7 @@ module Package
         end
 
         puts fields.join(',') unless exclude_headers
-        @dependencies.map { |gem| puts gem.to_csv(value_fields) }
+        @pkgs.map { |gem| puts gem.to_csv(value_fields) }
       end
     end
   end

data/lib/package/audit/risk_calculator.rb

@@ -1,64 +1,79 @@
-require_relative './const'
+require_relative './const/time'
 
 module Package
   module Audit
     class RiskCalculator
-      def initialize(dependency)
-        @dependency = dependency
+      def initialize(pkg)
+        @pkg = pkg
       end
 
       def find
-        vulnerability_risk = assess_vulnerability_risk
-        deprecation_risk = assess_vulnerability_risk
-        version_risk = assess_version_risk
+        risks = assess_vulnerability_risks + assess_deprecation_risks + assess_version_risks
 
-        risk = [vulnerability_risk, deprecation_risk, version_risk].max
-        risk = [risk, Risk.new(Enum::RiskType::MEDIUM, risk.explanation)].min unless risk.nil? || production_dependency?
-        risk
+        unless production_dependency?
+          risks.each_with_index do |risk, index|
+            risks[index] =
+              [risk, Risk.new(Enum::RiskType::MEDIUM, risk.explanation)].min || Risk.new(Enum::RiskType::NONE)
+          end
+        end
+        risks
       end
 
       private
 
-      def assess_vulnerability_risk # rubocop:disable Metrics/MethodLength
-        if (@dependency.vulnerabilities & [
+      def assess_vulnerability_risks # rubocop:disable Metrics/MethodLength
+        risks = []
+
+        if (@pkg.vulnerabilities & [
           Enum::VulnerabilityType::UNKNOWN,
           Enum::VulnerabilityType::CRITICAL,
           Enum::VulnerabilityType::HIGH
         ]).any?
-          Risk.new(Enum::RiskType::HIGH, Enum::RiskExplanation::VULNERABILITY)
-        elsif @dependency.vulnerabilities.include? Enum::VulnerabilityType::MEDIUM
-          Risk.new(Enum::RiskType::MEDIUM, Enum::RiskExplanation::VULNERABILITY)
-        elsif @dependency.vulnerabilities.include? Enum::VulnerabilityType::LOW
-          Risk.new(Enum::RiskType::LOW, Enum::RiskExplanation::VULNERABILITY)
-        else
-          Risk.new(Enum::RiskType::NONE)
+          risks << Risk.new(Enum::RiskType::HIGH, Enum::RiskExplanation::VULNERABILITY)
+        end
+        if (@pkg.vulnerabilities & [
+          Enum::VulnerabilityType::MEDIUM,
+          Enum::VulnerabilityType::MODERATE
+        ]).any?
+          risks << Risk.new(Enum::RiskType::MEDIUM, Enum::RiskExplanation::VULNERABILITY)
+        end
+        if @pkg.vulnerabilities.include? Enum::VulnerabilityType::LOW
+          risks << Risk.new(Enum::RiskType::LOW, Enum::RiskExplanation::VULNERABILITY)
         end
+        risks
       end
 
-      def assess_version_risk
-        if (@dependency.version.split('.').first || '') < (@dependency.latest_version.split('.').first || '')
-          Risk.new(Enum::RiskType::MEDIUM, Enum::RiskExplanation::OUTDATED_BY_MAJOR_VERSION)
-        elsif @dependency.version < @dependency.latest_version
-          Risk.new(Enum::RiskType::LOW, Enum::RiskExplanation::OUTDATED)
-        else
-          Risk.new(Enum::RiskType::NONE)
+      def assess_version_risks # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
+        risks = []
+
+        return risks if @pkg.latest_version.nil?
+
+        version_parts = @pkg.version.split('.').map(&:to_i)
+        latest_version_parts = @pkg.latest_version.split('.').map(&:to_i)
+
+        if (version_parts.first || 0) < (latest_version_parts.first || 0)
+          risks << Risk.new(Enum::RiskType::MEDIUM, Enum::RiskExplanation::OUTDATED_BY_MAJOR_VERSION)
+        end
+        if (version_parts.first || 0) == (latest_version_parts.first || 0) &&
+           (version_parts[1..] <=> latest_version_parts[1..]) == -1
+          risks << Risk.new(Enum::RiskType::LOW, Enum::RiskExplanation::OUTDATED)
         end
+        risks
       end
 
-      def assess_deprecation_risk
-        seconds_since_date = (Time.now - Time.parse(@dependency.latest_version_date)).to_i
+      def assess_deprecation_risks
+        risks = []
+        seconds_since_date = (Time.now - Time.parse(@pkg.latest_version_date)).to_i
 
-        if @dependency.version == @dependency.latest_version &&
-           seconds_since_date >= Const::SECONDS_ELAPSED_TO_BE_OUTDATED
-          Risk.new(Enum::RiskType::MEDIUM, Enum::RiskExplanation::POTENTIAL_DEPRECATION)
-        else
-          Risk.new(Enum::RiskType::NONE)
+        if seconds_since_date >= Const::Time::SECONDS_ELAPSED_TO_BE_OUTDATED
+          risks << Risk.new(Enum::RiskType::MEDIUM, Enum::RiskExplanation::POTENTIAL_DEPRECATION)
         end
+        risks
       end
 
       def production_dependency?
-        @dependency.groups.none? || (@dependency.groups & [Enum::Environment::DEFAULT,
-                                                           Enum::Environment::PRODUCTION]).any?
+        @pkg.groups.none? || (@pkg.groups & [Enum::Environment::DEFAULT,
+                                             Enum::Environment::PRODUCTION]).any?
       end
     end
   end

data/lib/package/audit/ruby/bundler_specs.rb

@@ -1,4 +1,4 @@
-require_relative '../dependency'
+require_relative '../package'
 require_relative './gem_meta_data'
 require_relative './vulnerability_finder'
 

data/lib/package/audit/ruby/gem_collection.rb

@@ -1,5 +1,6 @@
 require_relative './bundler_specs'
 require_relative './../enum/risk_type'
+require_relative '../duplicate_package_merger'
 
 module Package
   module Audit
@@ -7,35 +8,30 @@ module Package
       class GemCollection
         def self.all
           specs = BundlerSpecs.gemfile
-          dependencies = specs.map { |spec| Dependency.new(spec.name, spec.version) }
-          vulnerable_deps = VulnerabilityFinder.run
-          GemMetaData.new(dependencies + vulnerable_deps).fetch.filter(&:risk?).sort_by(&:name).uniq(&:name)
+          pkgs = specs.map { |spec| Package.new(spec.name, spec.version) }
+          vulnerable_pkgs = VulnerabilityFinder.new.run
+          pkgs = GemMetaData.new(pkgs + vulnerable_pkgs).fetch.filter(&:risk?)
+          DuplicatePackageMerger.new(pkgs).run
         end
 
         def self.deprecated
           specs = BundlerSpecs.gemfile
-          dependencies = specs.map { |spec| Dependency.new(spec.name, spec.version) }
-
-          GemMetaData.new(dependencies).fetch.filter do |dep|
-            dep.risk.explanation == Enum::RiskExplanation::POTENTIAL_DEPRECATION
-          end.sort_by(&:name).uniq(&:name)
+          pkgs = specs.map { |spec| Package.new(spec.name, spec.version) }
+          pkgs = GemMetaData.new(pkgs).fetch.filter(&:deprecated?)
+          DuplicatePackageMerger.new(pkgs).run
         end
 
         def self.outdated(include_implicit: false)
           specs = include_implicit ? BundlerSpecs.all : BundlerSpecs.gemfile
-          dependencies = specs.map { |spec| Dependency.new(spec.name, spec.version) }
-
-          GemMetaData.new(dependencies).fetch.filter do |dep|
-            dep.version < dep.latest_version
-          end.sort_by(&:name).uniq(&:name)
+          pkgs = specs.map { |spec| Package.new(spec.name, spec.version) }
+          pkgs = GemMetaData.new(pkgs).fetch.filter(&:outdated?)
+          DuplicatePackageMerger.new(pkgs).run
         end
 
         def self.vulnerable
-          dependencies = VulnerabilityFinder.run
-
-          GemMetaData.new(dependencies).fetch.filter do |dep|
-            dep.risk.explanation == Enum::RiskExplanation::VULNERABILITY
-          end.sort_by(&:name).uniq(&:name)
+          pkgs = VulnerabilityFinder.new.run
+          pkgs = GemMetaData.new(pkgs).fetch.filter(&:vulnerable?)
+          DuplicatePackageMerger.new(pkgs).run
         end
       end
     end

data/lib/package/audit/ruby/gem_meta_data.rb

@@ -1,11 +1,11 @@
-require_relative '../dependency'
+require_relative '../package'
 
 module Package
   module Audit
     module Ruby
       class GemMetaData
-        def initialize(dependencies)
-          @dependencies = dependencies
+        def initialize(pkgs)
+          @pkgs = pkgs
           @gem_hash = {}
         end
 
@@ -20,23 +20,25 @@ module Package
         def find_rubygems_metadata # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
           fetcher = Gem::SpecFetcher.fetcher
 
-          @dependencies.each do |dep|
-            gem_dependency = Gem::Dependency.new dep.name, ">= #{dep.version}"
+          @pkgs.each do |pkg|
+            gem_dependency = Gem::Dependency.new pkg.name, ">= #{pkg.version}"
             local_version_date = Time.new(0)
             latest_version_date = Time.new(0)
-            local_version = Gem::Version.new(dep.version)
-            latest_version = Gem::Version.new('0.0.0')
+            local_version = Gem::Version.new(pkg.version)
+            latest_version = Gem::Version.new('0.0.0.0')
 
             remote_dependencies, = fetcher.spec_for_dependency gem_dependency
 
+            next unless remote_dependencies.any?
+
             remote_dependencies.each do |remote_spec, _|
               latest_version = remote_spec.version if latest_version < remote_spec.version
               latest_version_date = remote_spec.date if latest_version_date < remote_spec.date
               local_version_date = remote_spec.date if local_version == remote_spec.version
             end
 
-            @gem_hash[dep.name] = dep
-            dep.update latest_version: latest_version.to_s,
+            @gem_hash[pkg.name] = pkg
+            pkg.update latest_version: latest_version.to_s,
                        version_date: local_version_date.strftime('%Y-%m-%d'),
                        latest_version_date: latest_version_date.strftime('%Y-%m-%d')
           end

data/lib/package/audit/ruby/vulnerability_finder.rb

@@ -1,22 +1,32 @@
+require_relative '../const/cmd'
 require_relative '../enum/vulnerability_type'
 
 module Package
   module Audit
     module Ruby
       class VulnerabilityFinder
-        def self.run # rubocop:disable Metrics/AbcSize
-          gem_hash = {}
-          json_str = `bundle exec bundle-audit check --update --quiet --format json`
-          json_results = JSON.parse(json_str, symbolize_names: true)[:results]
-          json_results.each do |result|
-            gem_name = result[:gem][:name]
-            vulnerability = result[:advisory][:criticality] || Enum::VulnerabilityType::UNKNOWN
-            unless gem_hash.key? gem_name
-              gem_hash[gem_name] = Dependency.new result[:gem][:name], result[:gem][:version]
-            end
-            gem_hash[gem_name].update vulnerabilities: gem_hash[gem_name].vulnerabilities + [vulnerability]
+        def initialize
+          @vuln_hash = {}
+        end
+
+        def run
+          json_result = `#{Const::Cmd::BUNDLE_AUDIT_JSON}`
+          vulnerability_json_array = JSON.parse(json_result, symbolize_names: true)[:results]
+          vulnerability_json_array.each do |vulnerability_json|
+            update_meta_data(vulnerability_json)
           end
-          gem_hash.values
+          @vuln_hash.values
+        end
+
+        private
+
+        def update_meta_data(json)
+          name = json[:gem][:name]
+          version = json[:gem][:version]
+          full_name = "#{name}@#{version}"
+          vulnerability = json[:advisory][:criticality] || Enum::VulnerabilityType::UNKNOWN
+          @vuln_hash[full_name] = Package.new(name, version) unless @vuln_hash.key? full_name
+          @vuln_hash[full_name].update vulnerabilities: @vuln_hash[full_name].vulnerabilities + [vulnerability]
         end
       end
     end

data/lib/package/audit/util/summary_printer.rb

@@ -1,4 +1,4 @@
-require_relative '../const'
+require_relative '../const/time'
 require_relative './bash_color'
 
 module Package
@@ -12,44 +12,51 @@ module Package
         end
 
         def self.deprecated
-          puts Util::BashColor.blue("\nAlthough gems listed above have no recent updates, they may not be deprecated.")
-          puts Util::BashColor.blue("Please contact the gem author for more information about its status.\n")
+          puts Util::BashColor.blue('Although the packages above have no recent updates, they may not be deprecated.')
+          puts Util::BashColor.blue("Please contact the package author for more information about its status.\n")
         end
 
-        def self.outdated
-          printf("\n%<info>s\n%<cmd>s\n\n",
-                 info: Util::BashColor.blue('To show both Gemfile gems and their dependencies run:'),
-                 cmd: Util::BashColor.magenta(' > bundle exec package-audit outdated --include-implicit'))
+        def self.vulnerable(package_type, cmd)
+          printf("%<info>s\n%<cmd>s\n\n",
+                 info: Util::BashColor.blue("To get more information about the #{package_type} vulnerabilities run:"),
+                 cmd: Util::BashColor.magenta(" > #{cmd}"))
         end
 
-        def self.vulnerable
-          printf("\n%<info>s\n%<cmd>s\n\n",
-                 info: Util::BashColor.blue('To get more information about the vulnerabilities run:'),
-                 cmd: Util::BashColor.magenta(' > bundle exec bundle-audit check --update'))
+        def self.total(package_type, pkgs)
+          puts Util::BashColor.cyan("Found a total of #{pkgs.length} #{package_type}s.\n")
         end
 
-        def self.total(num)
-          puts Util::BashColor.cyan("\nFound a total of #{num} gems.")
+        def self.statistics(package_type, pkgs)
+          outdated = pkgs.count(&:outdated?)
+          deprecated = pkgs.count(&:deprecated?)
+          vulnerable = pkgs.count(&:vulnerable?)
+
+          vulnerabilities = pkgs.sum { |pkg| pkg.vulnerabilities.length }
+
+          puts Util::BashColor.cyan("Found a total of #{pkgs.length} #{package_type}s.\n" \
+                                    "#{vulnerable} vulnerable (#{vulnerabilities} vulnerabilities), " \
+                                    "#{outdated} outdated, #{deprecated} deprecated.\n")
         end
 
         def self.risk # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
-          puts Util::BashColor.blue('1. Check if the dependency has a security vulnerability.')
+          puts Util::BashColor.blue('1. Check if the package has a security vulnerability.')
           puts '   If yes, the following vulnerability -> risk mapping is used:'
           puts "      - #{Util::BashColor.red('unknown')} vulnerability\t-> #{Util::BashColor.red('high')} risk"
           puts "      - #{Util::BashColor.red('critical')} vulnerability\t-> #{Util::BashColor.red('high')} risk"
           puts "      - #{Util::BashColor.red('high')} vulnerability\t-> #{Util::BashColor.red('high')} risk"
           puts "      - #{Util::BashColor.orange('medium')} vulnerability\t-> #{Util::BashColor.orange('medium')} risk"
+          puts "      - #{Util::BashColor.orange('moderate')} vulnerability\t-> #{Util::BashColor.orange('medium')} risk" # rubocop:disable Layout/LineLength
           puts "      - #{Util::BashColor.yellow('low')} vulnerability\t-> #{Util::BashColor.yellow('low')} risk"
 
           puts
 
-          puts Util::BashColor.blue('2. Check the dependency for potential deprecation.')
-          puts "   If no new releases by author for at least #{Const::YEARS_ELAPSED_TO_BE_OUTDATED} years:"
+          puts Util::BashColor.blue('2. Check the package for potential deprecation.')
+          puts "   If no new releases by author for at least #{Const::Time::YEARS_ELAPSED_TO_BE_OUTDATED} years:"
           puts "      - assign the risk to\t-> #{Util::BashColor.orange('medium')} risk"
 
           puts
 
-          puts Util::BashColor.blue('3. Check if a newer version of the dependency is available.')
+          puts Util::BashColor.blue('3. Check if a newer version of the package is available.')
 
           puts '   If yes, assign risk as follows:'
           puts "      - #{Util::BashColor.orange('major version')} mismatch\t-> #{Util::BashColor.orange('medium')} risk" # rubocop:disable Layout/LineLength
@@ -65,8 +72,8 @@ module Package
 
           puts
 
-          puts Util::BashColor.blue('5. Check whether the dependency is used in production or not.')
-          puts '   If a dependency is limited to a non-production environment:'
+          puts Util::BashColor.blue('5. Check whether the package is used in production or not.')
+          puts '   If a package is limited to a non-production environment:'
           puts "      - cap risk severity to\t -> #{Util::BashColor.orange('medium')} risk"
         end
       end

data/lib/package/audit/version.rb

@@ -1,5 +1,5 @@
 module Package
   module Audit
-    VERSION = '0.1.0'
+    VERSION = '0.2.0'
   end
 end

data/sig/package/audit/command_service.rbs

@@ -0,0 +1,29 @@
+module Package
+  module Audit
+    class CommandService
+      NODE_MODULE: String
+      RUBY_GEM: String
+
+      @dir: String
+      @options: Hash[Symbol, untyped]
+
+      def initialize: (String, Hash[Symbol, untyped]) -> void
+
+      def all: -> bool
+
+      def deprecated: -> bool
+
+      def outdated: -> bool
+
+      def vulnerable: -> bool
+
+      private
+
+      def node?: -> bool?
+
+      def print_success_message: (String) -> void
+
+      def ruby?: -> bool?
+    end
+  end
+end

data/sig/package/audit/const/cmd.rbs

@@ -0,0 +1,14 @@
+module Package
+  module Audit
+    module Const
+      module Cmd
+        BUNDLE_AUDIT: String
+        BUNDLE_AUDIT_JSON: String
+        NPM_AUDIT: String
+        NPM_AUDIT_JSON: String
+        YARN_AUDIT: String
+        YARN_AUDIT_JSON: String
+      end
+    end
+  end
+end