package-audit 0.1.0 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/package/audit/cli.rb +14 -57
- data/lib/package/audit/command_service.rb +187 -0
- data/lib/package/audit/const/cmd.rb +16 -0
- data/lib/package/audit/const/fields.rb +36 -0
- data/lib/package/audit/const/file.rb +13 -0
- data/lib/package/audit/const/time.rb +11 -0
- data/lib/package/audit/duplicate_package_merger.rb +26 -0
- data/lib/package/audit/enum/environment.rb +0 -2
- data/lib/package/audit/enum/risk_explanation.rb +2 -2
- data/lib/package/audit/enum/vulnerability_type.rb +1 -0
- data/lib/package/audit/formatter/version.rb +6 -5
- data/lib/package/audit/formatter/version_date.rb +2 -2
- data/lib/package/audit/formatter/vulnerability.rb +1 -1
- data/lib/package/audit/npm/node_collection.rb +64 -0
- data/lib/package/audit/npm/npm_meta_data.rb +41 -0
- data/lib/package/audit/npm/vulnerability_finder.rb +43 -0
- data/lib/package/audit/npm/yarn_lock_parser.rb +42 -0
- data/lib/package/audit/{dependency.rb → package.rb} +38 -4
- data/lib/package/audit/{dependency_printer.rb → printer.rb} +29 -47
- data/lib/package/audit/risk_calculator.rb +49 -34
- data/lib/package/audit/ruby/bundler_specs.rb +1 -1
- data/lib/package/audit/ruby/gem_collection.rb +14 -18
- data/lib/package/audit/ruby/gem_meta_data.rb +11 -9
- data/lib/package/audit/ruby/vulnerability_finder.rb +22 -12
- data/lib/package/audit/util/summary_printer.rb +26 -19
- data/lib/package/audit/version.rb +1 -1
- data/sig/package/audit/command_service.rbs +29 -0
- data/sig/package/audit/const/cmd.rbs +14 -0
- data/sig/package/audit/const/fields.rbs +13 -0
- data/sig/package/audit/const/file.rbs +13 -0
- data/sig/package/audit/const/time.rbs +11 -0
- data/sig/package/audit/duplicate_package_merger.rbs +11 -0
- data/sig/package/audit/enum/vulnerability_type.rbs +1 -0
- data/sig/package/audit/npm/node_collection.rbs +29 -0
- data/sig/package/audit/npm/npm_meta_data.rbs +19 -0
- data/sig/package/audit/npm/vulnerability_finder.rbs +20 -0
- data/sig/package/audit/npm/yarn_lock_parser.rbs +19 -0
- data/sig/package/audit/{dependency.rbs → package.rbs} +14 -4
- data/sig/package/audit/printer.rbs +24 -0
- data/sig/package/audit/risk_calculator.rbs +6 -6
- data/sig/package/audit/ruby/gem_collection.rbs +4 -4
- data/sig/package/audit/ruby/gem_meta_data.rbs +7 -8
- data/sig/package/audit/ruby/vulnerability_finder.rbs +7 -1
- data/sig/package/audit/util/summary_printer.rbs +3 -5
- metadata +27 -9
- data/lib/package/audit/const.rb +0 -5
- data/sig/const.rbs +0 -5
- data/sig/package/audit/dependency_printer.rbs +0 -24
@@ -0,0 +1,29 @@
|
|
1
|
+
module Package
|
2
|
+
module Audit
|
3
|
+
module Npm
|
4
|
+
class NodeCollection
|
5
|
+
PACKAGE_JSON: String
|
6
|
+
PACKAGE_LOCK: String
|
7
|
+
YARN_LOCK: String
|
8
|
+
|
9
|
+
@dir: String
|
10
|
+
|
11
|
+
def initialize: (String) -> void
|
12
|
+
|
13
|
+
def all: -> Array[Package]
|
14
|
+
|
15
|
+
def deprecated: -> Array[Package]
|
16
|
+
|
17
|
+
def outdated: -> Array[Package]
|
18
|
+
|
19
|
+
def vulnerable: -> Array[Package]
|
20
|
+
|
21
|
+
private
|
22
|
+
|
23
|
+
def fetch_from_lock_file: -> Array[Package]
|
24
|
+
|
25
|
+
def fetch_from_package_json: -> Array[Hash[Symbol, untyped]]
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
@@ -0,0 +1,19 @@
|
|
1
|
+
module Package
|
2
|
+
module Audit
|
3
|
+
module Npm
|
4
|
+
class NpmMetaData
|
5
|
+
REGISTRY_URL: String
|
6
|
+
|
7
|
+
@packages: Array[Package]
|
8
|
+
|
9
|
+
def initialize: (Array[Package]) -> void
|
10
|
+
|
11
|
+
def fetch: -> Array[Package]
|
12
|
+
|
13
|
+
private
|
14
|
+
|
15
|
+
def update_meta_data: (Package, Hash[Symbol, untyped]) -> void
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
@@ -0,0 +1,20 @@
|
|
1
|
+
module Package
|
2
|
+
module Audit
|
3
|
+
module Npm
|
4
|
+
class VulnerabilityFinder
|
5
|
+
AUDIT_ADVISORY_REGEX: Regexp
|
6
|
+
|
7
|
+
@pkg_hash: Hash[String, Package]
|
8
|
+
@vuln_hash: Hash[String?, Package]
|
9
|
+
|
10
|
+
def initialize: (Array[Package]) -> void
|
11
|
+
|
12
|
+
def run: -> Array[Package]
|
13
|
+
|
14
|
+
private
|
15
|
+
|
16
|
+
def update_meta_data: (Hash[Symbol, untyped])-> void
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
@@ -0,0 +1,19 @@
|
|
1
|
+
module Package
|
2
|
+
module Audit
|
3
|
+
module Npm
|
4
|
+
class YarnLockParser
|
5
|
+
@yarn_lock_path: String
|
6
|
+
|
7
|
+
def initialize: (String) -> void
|
8
|
+
|
9
|
+
def fetch: (Hash[Symbol, untyped], Hash[Symbol, untyped]) -> Array[Package]
|
10
|
+
|
11
|
+
private
|
12
|
+
|
13
|
+
def fetch_package_block: (Symbol, String) -> String
|
14
|
+
|
15
|
+
def fetch_package_version: (Symbol, String) -> String
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
@@ -1,8 +1,8 @@
|
|
1
1
|
module Package
|
2
2
|
module Audit
|
3
|
-
class
|
3
|
+
class Package
|
4
4
|
@groups: Array[Symbol]
|
5
|
-
@
|
5
|
+
@risks: Array[Risk]
|
6
6
|
@vulnerabilities: Array[String]
|
7
7
|
|
8
8
|
attr_accessor groups: Array[Symbol]
|
@@ -13,14 +13,22 @@ module Package
|
|
13
13
|
attr_accessor version_date: String
|
14
14
|
attr_accessor vulnerabilities: Array[String]
|
15
15
|
|
16
|
-
def initialize: (String, String) -> void
|
16
|
+
def initialize: (String, String, **untyped) -> void
|
17
|
+
|
18
|
+
def deprecated?: -> bool
|
19
|
+
|
20
|
+
def full_name: -> String
|
17
21
|
|
18
22
|
def group_list: -> String
|
19
23
|
|
20
|
-
def
|
24
|
+
def outdated?: -> bool
|
21
25
|
|
22
26
|
def risk: -> Risk
|
23
27
|
|
28
|
+
def risk?: -> bool
|
29
|
+
|
30
|
+
def risks: -> Array[Risk]
|
31
|
+
|
24
32
|
def risk_explanation: -> String?
|
25
33
|
|
26
34
|
def risk_type: -> String
|
@@ -30,6 +38,8 @@ module Package
|
|
30
38
|
def update: (**untyped) -> void
|
31
39
|
|
32
40
|
def vulnerabilities_grouped: -> String
|
41
|
+
|
42
|
+
def vulnerable?: -> bool
|
33
43
|
end
|
34
44
|
end
|
35
45
|
end
|
@@ -0,0 +1,24 @@
|
|
1
|
+
module Package
|
2
|
+
module Audit
|
3
|
+
class Printer
|
4
|
+
BASH_FORMATTING_REGEX: Regexp
|
5
|
+
COLUMN_GAP: Integer
|
6
|
+
CSV_HEADERS: Hash[Symbol, String]
|
7
|
+
|
8
|
+
@pkgs: Array[Package]
|
9
|
+
@options: Hash[Symbol, untyped]
|
10
|
+
|
11
|
+
def initialize: (Array[Package], Hash[Symbol, untyped]) -> void
|
12
|
+
|
13
|
+
def print: (Array[Symbol]) -> void
|
14
|
+
|
15
|
+
private
|
16
|
+
|
17
|
+
def check_fields: (Array[Symbol]) -> void
|
18
|
+
|
19
|
+
def csv: (Array[Symbol], ?exclude_headers: bool) -> void
|
20
|
+
|
21
|
+
def pretty: (?Array[Symbol]) -> void
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
@@ -1,19 +1,19 @@
|
|
1
1
|
module Package
|
2
2
|
module Audit
|
3
3
|
class RiskCalculator
|
4
|
-
@
|
4
|
+
@pkg: Package
|
5
5
|
|
6
|
-
def initialize: (
|
6
|
+
def initialize: (Package) -> void
|
7
7
|
|
8
|
-
def find: -> Risk
|
8
|
+
def find: -> Array[Risk]
|
9
9
|
|
10
10
|
private
|
11
11
|
|
12
|
-
def
|
12
|
+
def assess_deprecation_risks: -> Array[Risk]
|
13
13
|
|
14
|
-
def
|
14
|
+
def assess_version_risks: -> Array[Risk]
|
15
15
|
|
16
|
-
def
|
16
|
+
def assess_vulnerability_risks: -> Array[Risk]
|
17
17
|
|
18
18
|
def production_dependency?: -> bool
|
19
19
|
end
|
@@ -2,13 +2,13 @@ module Package
|
|
2
2
|
module Audit
|
3
3
|
module Ruby
|
4
4
|
class GemCollection
|
5
|
-
def self.all: -> Array[
|
5
|
+
def self.all: -> Array[Package]
|
6
6
|
|
7
|
-
def self.deprecated: -> Array[
|
7
|
+
def self.deprecated: -> Array[Package]
|
8
8
|
|
9
|
-
def self.outdated: (?include_implicit: bool) -> Array[
|
9
|
+
def self.outdated: (?include_implicit: bool) -> Array[Package]
|
10
10
|
|
11
|
-
def self.vulnerable: -> Array[
|
11
|
+
def self.vulnerable: -> Array[Package]
|
12
12
|
end
|
13
13
|
end
|
14
14
|
end
|
@@ -2,21 +2,20 @@ module Package
|
|
2
2
|
module Audit
|
3
3
|
module Ruby
|
4
4
|
class GemMetaData
|
5
|
-
@
|
5
|
+
@gem_hash: Hash[String, Package]
|
6
|
+
@pkgs: Array[Package]
|
6
7
|
|
7
|
-
|
8
|
+
def initialize: (Array[Package]) -> void
|
8
9
|
|
9
|
-
def
|
10
|
+
def fetch: -> Array[Package]
|
10
11
|
|
11
|
-
def
|
12
|
-
|
13
|
-
def find: -> Array[Dependency]
|
12
|
+
def find: -> Array[Package]
|
14
13
|
|
15
14
|
private
|
16
15
|
|
17
|
-
def assign_groups: -> Array[
|
16
|
+
def assign_groups: -> Array[Package]
|
18
17
|
|
19
|
-
def find_rubygems_metadata: -> Array[
|
18
|
+
def find_rubygems_metadata: -> Array[Package]
|
20
19
|
end
|
21
20
|
end
|
22
21
|
end
|
@@ -2,7 +2,13 @@ module Package
|
|
2
2
|
module Audit
|
3
3
|
module Ruby
|
4
4
|
class VulnerabilityFinder
|
5
|
-
|
5
|
+
@vuln_hash: Hash[String?, Package]
|
6
|
+
|
7
|
+
def run: -> Array[Package]
|
8
|
+
|
9
|
+
private
|
10
|
+
|
11
|
+
def update_meta_data: (Hash[Symbol, untyped]) -> void
|
6
12
|
end
|
7
13
|
end
|
8
14
|
end
|
@@ -4,17 +4,15 @@ module Package
|
|
4
4
|
module SummaryPrinter
|
5
5
|
def self.deprecated: -> void
|
6
6
|
|
7
|
-
def self.outdated: -> void
|
8
|
-
|
9
7
|
def self.report: -> void
|
10
8
|
|
11
9
|
def self.risk: -> void
|
12
10
|
|
13
|
-
def self.
|
11
|
+
def self.statistics: (String, Array[Package]) -> void
|
14
12
|
|
15
|
-
def self.
|
13
|
+
def self.total: (String, Array[Package]) -> void
|
16
14
|
|
17
|
-
def
|
15
|
+
def self.vulnerable: (String, String) -> void
|
18
16
|
end
|
19
17
|
end
|
20
18
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: package-audit
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Vadim Kononov
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-
|
11
|
+
date: 2023-05-03 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler-audit
|
@@ -49,9 +49,12 @@ extra_rdoc_files: []
|
|
49
49
|
files:
|
50
50
|
- exe/package-audit
|
51
51
|
- lib/package/audit/cli.rb
|
52
|
-
- lib/package/audit/
|
53
|
-
- lib/package/audit/
|
54
|
-
- lib/package/audit/
|
52
|
+
- lib/package/audit/command_service.rb
|
53
|
+
- lib/package/audit/const/cmd.rb
|
54
|
+
- lib/package/audit/const/fields.rb
|
55
|
+
- lib/package/audit/const/file.rb
|
56
|
+
- lib/package/audit/const/time.rb
|
57
|
+
- lib/package/audit/duplicate_package_merger.rb
|
55
58
|
- lib/package/audit/enum/environment.rb
|
56
59
|
- lib/package/audit/enum/risk_explanation.rb
|
57
60
|
- lib/package/audit/enum/risk_type.rb
|
@@ -61,6 +64,12 @@ files:
|
|
61
64
|
- lib/package/audit/formatter/version.rb
|
62
65
|
- lib/package/audit/formatter/version_date.rb
|
63
66
|
- lib/package/audit/formatter/vulnerability.rb
|
67
|
+
- lib/package/audit/npm/node_collection.rb
|
68
|
+
- lib/package/audit/npm/npm_meta_data.rb
|
69
|
+
- lib/package/audit/npm/vulnerability_finder.rb
|
70
|
+
- lib/package/audit/npm/yarn_lock_parser.rb
|
71
|
+
- lib/package/audit/package.rb
|
72
|
+
- lib/package/audit/printer.rb
|
64
73
|
- lib/package/audit/risk.rb
|
65
74
|
- lib/package/audit/risk_calculator.rb
|
66
75
|
- lib/package/audit/ruby/bundler_specs.rb
|
@@ -70,10 +79,13 @@ files:
|
|
70
79
|
- lib/package/audit/util/bash_color.rb
|
71
80
|
- lib/package/audit/util/summary_printer.rb
|
72
81
|
- lib/package/audit/version.rb
|
73
|
-
- sig/const.rbs
|
74
82
|
- sig/package/audit/cli.rbs
|
75
|
-
- sig/package/audit/
|
76
|
-
- sig/package/audit/
|
83
|
+
- sig/package/audit/command_service.rbs
|
84
|
+
- sig/package/audit/const/cmd.rbs
|
85
|
+
- sig/package/audit/const/fields.rbs
|
86
|
+
- sig/package/audit/const/file.rbs
|
87
|
+
- sig/package/audit/const/time.rbs
|
88
|
+
- sig/package/audit/duplicate_package_merger.rbs
|
77
89
|
- sig/package/audit/enum/environment.rbs
|
78
90
|
- sig/package/audit/enum/risk_explanation.rbs
|
79
91
|
- sig/package/audit/enum/risk_type.rbs
|
@@ -83,6 +95,12 @@ files:
|
|
83
95
|
- sig/package/audit/formatter/version_date.rbs
|
84
96
|
- sig/package/audit/formatter/version_printer.rbs
|
85
97
|
- sig/package/audit/formatter/vulnerability.rbs
|
98
|
+
- sig/package/audit/npm/node_collection.rbs
|
99
|
+
- sig/package/audit/npm/npm_meta_data.rbs
|
100
|
+
- sig/package/audit/npm/vulnerability_finder.rbs
|
101
|
+
- sig/package/audit/npm/yarn_lock_parser.rbs
|
102
|
+
- sig/package/audit/package.rbs
|
103
|
+
- sig/package/audit/printer.rbs
|
86
104
|
- sig/package/audit/risk.rbs
|
87
105
|
- sig/package/audit/risk_calculator.rbs
|
88
106
|
- sig/package/audit/ruby/bundler_specs.rbs
|
@@ -114,7 +132,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
114
132
|
- !ruby/object:Gem::Version
|
115
133
|
version: '0'
|
116
134
|
requirements: []
|
117
|
-
rubygems_version: 3.4.
|
135
|
+
rubygems_version: 3.4.12
|
118
136
|
signing_key:
|
119
137
|
specification_version: 4
|
120
138
|
summary: A helper tool to find outdated, deprecated and vulnerable dependencies.
|
data/lib/package/audit/const.rb
DELETED
data/sig/const.rbs
DELETED
@@ -1,24 +0,0 @@
|
|
1
|
-
module Package
|
2
|
-
module Audit
|
3
|
-
class DependencyPrinter
|
4
|
-
BASH_FORMATTING_REGEX: Regexp
|
5
|
-
COLUMN_GAP: Integer
|
6
|
-
CSV_HEADERS: Hash[Symbol, String]
|
7
|
-
FIELDS: Array[Symbol]
|
8
|
-
HEADERS: Hash[Symbol, String]
|
9
|
-
|
10
|
-
@dependencies: Array[Dependency]
|
11
|
-
@options: Hash[Symbol, untyped]
|
12
|
-
|
13
|
-
def initialize: (Array[Dependency], Hash[Symbol, untyped]) -> void
|
14
|
-
|
15
|
-
def print: (?Array[Symbol]) -> void
|
16
|
-
|
17
|
-
private
|
18
|
-
|
19
|
-
def csv: (Array[Symbol], ?exclude_headers: bool) -> void
|
20
|
-
|
21
|
-
def pretty: (Array[Symbol]) -> void
|
22
|
-
end
|
23
|
-
end
|
24
|
-
end
|