package-audit 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (49) hide show
  1. checksums.yaml +4 -4
  2. data/lib/package/audit/cli.rb +14 -57
  3. data/lib/package/audit/command_service.rb +187 -0
  4. data/lib/package/audit/const/cmd.rb +16 -0
  5. data/lib/package/audit/const/fields.rb +36 -0
  6. data/lib/package/audit/const/file.rb +13 -0
  7. data/lib/package/audit/const/time.rb +11 -0
  8. data/lib/package/audit/duplicate_package_merger.rb +26 -0
  9. data/lib/package/audit/enum/environment.rb +0 -2
  10. data/lib/package/audit/enum/risk_explanation.rb +2 -2
  11. data/lib/package/audit/enum/vulnerability_type.rb +1 -0
  12. data/lib/package/audit/formatter/version.rb +6 -5
  13. data/lib/package/audit/formatter/version_date.rb +2 -2
  14. data/lib/package/audit/formatter/vulnerability.rb +1 -1
  15. data/lib/package/audit/npm/node_collection.rb +64 -0
  16. data/lib/package/audit/npm/npm_meta_data.rb +41 -0
  17. data/lib/package/audit/npm/vulnerability_finder.rb +43 -0
  18. data/lib/package/audit/npm/yarn_lock_parser.rb +42 -0
  19. data/lib/package/audit/{dependency.rb → package.rb} +38 -4
  20. data/lib/package/audit/{dependency_printer.rb → printer.rb} +29 -47
  21. data/lib/package/audit/risk_calculator.rb +49 -34
  22. data/lib/package/audit/ruby/bundler_specs.rb +1 -1
  23. data/lib/package/audit/ruby/gem_collection.rb +14 -18
  24. data/lib/package/audit/ruby/gem_meta_data.rb +11 -9
  25. data/lib/package/audit/ruby/vulnerability_finder.rb +22 -12
  26. data/lib/package/audit/util/summary_printer.rb +26 -19
  27. data/lib/package/audit/version.rb +1 -1
  28. data/sig/package/audit/command_service.rbs +29 -0
  29. data/sig/package/audit/const/cmd.rbs +14 -0
  30. data/sig/package/audit/const/fields.rbs +13 -0
  31. data/sig/package/audit/const/file.rbs +13 -0
  32. data/sig/package/audit/const/time.rbs +11 -0
  33. data/sig/package/audit/duplicate_package_merger.rbs +11 -0
  34. data/sig/package/audit/enum/vulnerability_type.rbs +1 -0
  35. data/sig/package/audit/npm/node_collection.rbs +29 -0
  36. data/sig/package/audit/npm/npm_meta_data.rbs +19 -0
  37. data/sig/package/audit/npm/vulnerability_finder.rbs +20 -0
  38. data/sig/package/audit/npm/yarn_lock_parser.rbs +19 -0
  39. data/sig/package/audit/{dependency.rbs → package.rbs} +14 -4
  40. data/sig/package/audit/printer.rbs +24 -0
  41. data/sig/package/audit/risk_calculator.rbs +6 -6
  42. data/sig/package/audit/ruby/gem_collection.rbs +4 -4
  43. data/sig/package/audit/ruby/gem_meta_data.rbs +7 -8
  44. data/sig/package/audit/ruby/vulnerability_finder.rbs +7 -1
  45. data/sig/package/audit/util/summary_printer.rbs +3 -5
  46. metadata +27 -9
  47. data/lib/package/audit/const.rb +0 -5
  48. data/sig/const.rbs +0 -5
  49. data/sig/package/audit/dependency_printer.rbs +0 -24
@@ -0,0 +1,13 @@
1
+ module Package
2
+ module Audit
3
+ module Const
4
+ module Fields
5
+ ALL: Array[Symbol]
6
+ HEADERS: Hash[Symbol, String]
7
+ OUTDATED: Array[Symbol]
8
+ REPORT: Array[Symbol]
9
+ VULNERABLE: Array[Symbol]
10
+ end
11
+ end
12
+ end
13
+ end
@@ -0,0 +1,13 @@
1
+ module Package
2
+ module Audit
3
+ module Const
4
+ module File
5
+ GEMFILE: String
6
+ GEMFILE_LOCK: String
7
+ PACKAGE_JSON: String
8
+ PACKAGE_LOCK_JSON: String
9
+ YARN_LOCK: String
10
+ end
11
+ end
12
+ end
13
+ end
@@ -0,0 +1,11 @@
1
+ module Package
2
+ module Audit
3
+ module Const
4
+ module Time
5
+ SECONDS_ELAPSED_TO_BE_OUTDATED: Integer
6
+ SECONDS_PER_YEAR: Integer
7
+ YEARS_ELAPSED_TO_BE_OUTDATED: Integer
8
+ end
9
+ end
10
+ end
11
+ end
@@ -0,0 +1,11 @@
1
+ module Package
2
+ module Audit
3
+ class DuplicatePackageMerger
4
+ @pkgs: Array[Package]
5
+
6
+ def initialize: (Array[Package]) -> void
7
+
8
+ def run: -> Array[Package]
9
+ end
10
+ end
11
+ end
@@ -6,6 +6,7 @@ module Package
6
6
  HIGH: String
7
7
  LOW: String
8
8
  MEDIUM: String
9
+ MODERATE: String
9
10
  NONE: String
10
11
  UNKNOWN: String
11
12
  end
@@ -0,0 +1,29 @@
1
+ module Package
2
+ module Audit
3
+ module Npm
4
+ class NodeCollection
5
+ PACKAGE_JSON: String
6
+ PACKAGE_LOCK: String
7
+ YARN_LOCK: String
8
+
9
+ @dir: String
10
+
11
+ def initialize: (String) -> void
12
+
13
+ def all: -> Array[Package]
14
+
15
+ def deprecated: -> Array[Package]
16
+
17
+ def outdated: -> Array[Package]
18
+
19
+ def vulnerable: -> Array[Package]
20
+
21
+ private
22
+
23
+ def fetch_from_lock_file: -> Array[Package]
24
+
25
+ def fetch_from_package_json: -> Array[Hash[Symbol, untyped]]
26
+ end
27
+ end
28
+ end
29
+ end
@@ -0,0 +1,19 @@
1
+ module Package
2
+ module Audit
3
+ module Npm
4
+ class NpmMetaData
5
+ REGISTRY_URL: String
6
+
7
+ @packages: Array[Package]
8
+
9
+ def initialize: (Array[Package]) -> void
10
+
11
+ def fetch: -> Array[Package]
12
+
13
+ private
14
+
15
+ def update_meta_data: (Package, Hash[Symbol, untyped]) -> void
16
+ end
17
+ end
18
+ end
19
+ end
@@ -0,0 +1,20 @@
1
+ module Package
2
+ module Audit
3
+ module Npm
4
+ class VulnerabilityFinder
5
+ AUDIT_ADVISORY_REGEX: Regexp
6
+
7
+ @pkg_hash: Hash[String, Package]
8
+ @vuln_hash: Hash[String?, Package]
9
+
10
+ def initialize: (Array[Package]) -> void
11
+
12
+ def run: -> Array[Package]
13
+
14
+ private
15
+
16
+ def update_meta_data: (Hash[Symbol, untyped])-> void
17
+ end
18
+ end
19
+ end
20
+ end
@@ -0,0 +1,19 @@
1
+ module Package
2
+ module Audit
3
+ module Npm
4
+ class YarnLockParser
5
+ @yarn_lock_path: String
6
+
7
+ def initialize: (String) -> void
8
+
9
+ def fetch: (Hash[Symbol, untyped], Hash[Symbol, untyped]) -> Array[Package]
10
+
11
+ private
12
+
13
+ def fetch_package_block: (Symbol, String) -> String
14
+
15
+ def fetch_package_version: (Symbol, String) -> String
16
+ end
17
+ end
18
+ end
19
+ end
@@ -1,8 +1,8 @@
1
1
  module Package
2
2
  module Audit
3
- class Dependency
3
+ class Package
4
4
  @groups: Array[Symbol]
5
- @risk: Risk
5
+ @risks: Array[Risk]
6
6
  @vulnerabilities: Array[String]
7
7
 
8
8
  attr_accessor groups: Array[Symbol]
@@ -13,14 +13,22 @@ module Package
13
13
  attr_accessor version_date: String
14
14
  attr_accessor vulnerabilities: Array[String]
15
15
 
16
- def initialize: (String, String) -> void
16
+ def initialize: (String, String, **untyped) -> void
17
+
18
+ def deprecated?: -> bool
19
+
20
+ def full_name: -> String
17
21
 
18
22
  def group_list: -> String
19
23
 
20
- def risk?: -> bool
24
+ def outdated?: -> bool
21
25
 
22
26
  def risk: -> Risk
23
27
 
28
+ def risk?: -> bool
29
+
30
+ def risks: -> Array[Risk]
31
+
24
32
  def risk_explanation: -> String?
25
33
 
26
34
  def risk_type: -> String
@@ -30,6 +38,8 @@ module Package
30
38
  def update: (**untyped) -> void
31
39
 
32
40
  def vulnerabilities_grouped: -> String
41
+
42
+ def vulnerable?: -> bool
33
43
  end
34
44
  end
35
45
  end
@@ -0,0 +1,24 @@
1
+ module Package
2
+ module Audit
3
+ class Printer
4
+ BASH_FORMATTING_REGEX: Regexp
5
+ COLUMN_GAP: Integer
6
+ CSV_HEADERS: Hash[Symbol, String]
7
+
8
+ @pkgs: Array[Package]
9
+ @options: Hash[Symbol, untyped]
10
+
11
+ def initialize: (Array[Package], Hash[Symbol, untyped]) -> void
12
+
13
+ def print: (Array[Symbol]) -> void
14
+
15
+ private
16
+
17
+ def check_fields: (Array[Symbol]) -> void
18
+
19
+ def csv: (Array[Symbol], ?exclude_headers: bool) -> void
20
+
21
+ def pretty: (?Array[Symbol]) -> void
22
+ end
23
+ end
24
+ end
@@ -1,19 +1,19 @@
1
1
  module Package
2
2
  module Audit
3
3
  class RiskCalculator
4
- @dependency: Dependency
4
+ @pkg: Package
5
5
 
6
- def initialize: (Dependency) -> void
6
+ def initialize: (Package) -> void
7
7
 
8
- def find: -> Risk?
8
+ def find: -> Array[Risk]
9
9
 
10
10
  private
11
11
 
12
- def assess_deprecation_risk: -> Risk
12
+ def assess_deprecation_risks: -> Array[Risk]
13
13
 
14
- def assess_version_risk: -> Risk
14
+ def assess_version_risks: -> Array[Risk]
15
15
 
16
- def assess_vulnerability_risk: -> Risk
16
+ def assess_vulnerability_risks: -> Array[Risk]
17
17
 
18
18
  def production_dependency?: -> bool
19
19
  end
@@ -2,13 +2,13 @@ module Package
2
2
  module Audit
3
3
  module Ruby
4
4
  class GemCollection
5
- def self.all: -> Array[Dependency]
5
+ def self.all: -> Array[Package]
6
6
 
7
- def self.deprecated: -> Array[Dependency]
7
+ def self.deprecated: -> Array[Package]
8
8
 
9
- def self.outdated: (?include_implicit: bool) -> Array[Dependency]
9
+ def self.outdated: (?include_implicit: bool) -> Array[Package]
10
10
 
11
- def self.vulnerable: -> Array[Dependency]
11
+ def self.vulnerable: -> Array[Package]
12
12
  end
13
13
  end
14
14
  end
@@ -2,21 +2,20 @@ module Package
2
2
  module Audit
3
3
  module Ruby
4
4
  class GemMetaData
5
- @dependencies: Array[Dependency]
5
+ @gem_hash: Hash[String, Package]
6
+ @pkgs: Array[Package]
6
7
 
7
- @gem_hash: Hash[String, Dependency]
8
+ def initialize: (Array[Package]) -> void
8
9
 
9
- def initialize: (Array[Dependency]) -> void
10
+ def fetch: -> Array[Package]
10
11
 
11
- def fetch: -> Array[Dependency]
12
-
13
- def find: -> Array[Dependency]
12
+ def find: -> Array[Package]
14
13
 
15
14
  private
16
15
 
17
- def assign_groups: -> Array[Dependency]
16
+ def assign_groups: -> Array[Package]
18
17
 
19
- def find_rubygems_metadata: -> Array[Dependency]
18
+ def find_rubygems_metadata: -> Array[Package]
20
19
  end
21
20
  end
22
21
  end
@@ -2,7 +2,13 @@ module Package
2
2
  module Audit
3
3
  module Ruby
4
4
  class VulnerabilityFinder
5
- def self.run: -> Array[Dependency]
5
+ @vuln_hash: Hash[String?, Package]
6
+
7
+ def run: -> Array[Package]
8
+
9
+ private
10
+
11
+ def update_meta_data: (Hash[Symbol, untyped]) -> void
6
12
  end
7
13
  end
8
14
  end
@@ -4,17 +4,15 @@ module Package
4
4
  module SummaryPrinter
5
5
  def self.deprecated: -> void
6
6
 
7
- def self.outdated: -> void
8
-
9
7
  def self.report: -> void
10
8
 
11
9
  def self.risk: -> void
12
10
 
13
- def self.total: (Integer) -> void
11
+ def self.statistics: (String, Array[Package]) -> void
14
12
 
15
- def self.vulnerable: -> void
13
+ def self.total: (String, Array[Package]) -> void
16
14
 
17
- def risk: -> void
15
+ def self.vulnerable: (String, String) -> void
18
16
  end
19
17
  end
20
18
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: package-audit
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Vadim Kononov
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2023-04-25 00:00:00.000000000 Z
11
+ date: 2023-05-03 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler-audit
@@ -49,9 +49,12 @@ extra_rdoc_files: []
49
49
  files:
50
50
  - exe/package-audit
51
51
  - lib/package/audit/cli.rb
52
- - lib/package/audit/const.rb
53
- - lib/package/audit/dependency.rb
54
- - lib/package/audit/dependency_printer.rb
52
+ - lib/package/audit/command_service.rb
53
+ - lib/package/audit/const/cmd.rb
54
+ - lib/package/audit/const/fields.rb
55
+ - lib/package/audit/const/file.rb
56
+ - lib/package/audit/const/time.rb
57
+ - lib/package/audit/duplicate_package_merger.rb
55
58
  - lib/package/audit/enum/environment.rb
56
59
  - lib/package/audit/enum/risk_explanation.rb
57
60
  - lib/package/audit/enum/risk_type.rb
@@ -61,6 +64,12 @@ files:
61
64
  - lib/package/audit/formatter/version.rb
62
65
  - lib/package/audit/formatter/version_date.rb
63
66
  - lib/package/audit/formatter/vulnerability.rb
67
+ - lib/package/audit/npm/node_collection.rb
68
+ - lib/package/audit/npm/npm_meta_data.rb
69
+ - lib/package/audit/npm/vulnerability_finder.rb
70
+ - lib/package/audit/npm/yarn_lock_parser.rb
71
+ - lib/package/audit/package.rb
72
+ - lib/package/audit/printer.rb
64
73
  - lib/package/audit/risk.rb
65
74
  - lib/package/audit/risk_calculator.rb
66
75
  - lib/package/audit/ruby/bundler_specs.rb
@@ -70,10 +79,13 @@ files:
70
79
  - lib/package/audit/util/bash_color.rb
71
80
  - lib/package/audit/util/summary_printer.rb
72
81
  - lib/package/audit/version.rb
73
- - sig/const.rbs
74
82
  - sig/package/audit/cli.rbs
75
- - sig/package/audit/dependency.rbs
76
- - sig/package/audit/dependency_printer.rbs
83
+ - sig/package/audit/command_service.rbs
84
+ - sig/package/audit/const/cmd.rbs
85
+ - sig/package/audit/const/fields.rbs
86
+ - sig/package/audit/const/file.rbs
87
+ - sig/package/audit/const/time.rbs
88
+ - sig/package/audit/duplicate_package_merger.rbs
77
89
  - sig/package/audit/enum/environment.rbs
78
90
  - sig/package/audit/enum/risk_explanation.rbs
79
91
  - sig/package/audit/enum/risk_type.rbs
@@ -83,6 +95,12 @@ files:
83
95
  - sig/package/audit/formatter/version_date.rbs
84
96
  - sig/package/audit/formatter/version_printer.rbs
85
97
  - sig/package/audit/formatter/vulnerability.rbs
98
+ - sig/package/audit/npm/node_collection.rbs
99
+ - sig/package/audit/npm/npm_meta_data.rbs
100
+ - sig/package/audit/npm/vulnerability_finder.rbs
101
+ - sig/package/audit/npm/yarn_lock_parser.rbs
102
+ - sig/package/audit/package.rbs
103
+ - sig/package/audit/printer.rbs
86
104
  - sig/package/audit/risk.rbs
87
105
  - sig/package/audit/risk_calculator.rbs
88
106
  - sig/package/audit/ruby/bundler_specs.rbs
@@ -114,7 +132,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
114
132
  - !ruby/object:Gem::Version
115
133
  version: '0'
116
134
  requirements: []
117
- rubygems_version: 3.4.10
135
+ rubygems_version: 3.4.12
118
136
  signing_key:
119
137
  specification_version: 4
120
138
  summary: A helper tool to find outdated, deprecated and vulnerable dependencies.
@@ -1,5 +0,0 @@
1
- module Const
2
- SECONDS_PER_YEAR = 31_556_952 # length of a gregorian year (365.2425 days)
3
- YEARS_ELAPSED_TO_BE_OUTDATED = 2
4
- SECONDS_ELAPSED_TO_BE_OUTDATED = SECONDS_PER_YEAR * YEARS_ELAPSED_TO_BE_OUTDATED
5
- end
data/sig/const.rbs DELETED
@@ -1,5 +0,0 @@
1
- module Const
2
- SECONDS_ELAPSED_TO_BE_OUTDATED: Integer
3
- YEARS_ELAPSED_TO_BE_OUTDATED: Integer
4
- SECONDS_PER_YEAR: Integer
5
- end
@@ -1,24 +0,0 @@
1
- module Package
2
- module Audit
3
- class DependencyPrinter
4
- BASH_FORMATTING_REGEX: Regexp
5
- COLUMN_GAP: Integer
6
- CSV_HEADERS: Hash[Symbol, String]
7
- FIELDS: Array[Symbol]
8
- HEADERS: Hash[Symbol, String]
9
-
10
- @dependencies: Array[Dependency]
11
- @options: Hash[Symbol, untyped]
12
-
13
- def initialize: (Array[Dependency], Hash[Symbol, untyped]) -> void
14
-
15
- def print: (?Array[Symbol]) -> void
16
-
17
- private
18
-
19
- def csv: (Array[Symbol], ?exclude_headers: bool) -> void
20
-
21
- def pretty: (Array[Symbol]) -> void
22
- end
23
- end
24
- end