package-audit 0.1.0 → 0.2.0

data/sig/package/audit/const/fields.rbs

@@ -0,0 +1,13 @@
+module Package
+  module Audit
+    module Const
+      module Fields
+        ALL: Array[Symbol]
+        HEADERS: Hash[Symbol, String]
+        OUTDATED: Array[Symbol]
+        REPORT: Array[Symbol]
+        VULNERABLE: Array[Symbol]
+      end
+    end
+  end
+end

data/sig/package/audit/const/file.rbs

@@ -0,0 +1,13 @@
+module Package
+  module Audit
+    module Const
+      module File
+        GEMFILE: String
+        GEMFILE_LOCK: String
+        PACKAGE_JSON: String
+        PACKAGE_LOCK_JSON: String
+        YARN_LOCK: String
+      end
+    end
+  end
+end

data/sig/package/audit/const/time.rbs

@@ -0,0 +1,11 @@
+module Package
+  module Audit
+    module Const
+      module Time
+        SECONDS_ELAPSED_TO_BE_OUTDATED: Integer
+        SECONDS_PER_YEAR: Integer
+        YEARS_ELAPSED_TO_BE_OUTDATED: Integer
+      end
+    end
+  end
+end

data/sig/package/audit/duplicate_package_merger.rbs

@@ -0,0 +1,11 @@
+module Package
+  module Audit
+    class DuplicatePackageMerger
+      @pkgs: Array[Package]
+
+      def initialize: (Array[Package]) -> void
+
+      def run: -> Array[Package]
+    end
+  end
+end

data/sig/package/audit/enum/vulnerability_type.rbs

@@ -6,6 +6,7 @@ module Package
         HIGH: String
         LOW: String
         MEDIUM: String
+        MODERATE: String
         NONE: String
         UNKNOWN: String
       end

data/sig/package/audit/npm/node_collection.rbs

@@ -0,0 +1,29 @@
+module Package
+  module Audit
+    module Npm
+      class NodeCollection
+        PACKAGE_JSON: String
+        PACKAGE_LOCK: String
+        YARN_LOCK: String
+
+        @dir: String
+
+        def initialize: (String) -> void
+
+        def all: -> Array[Package]
+
+        def deprecated: -> Array[Package]
+
+        def outdated: -> Array[Package]
+
+        def vulnerable: -> Array[Package]
+
+        private
+
+        def fetch_from_lock_file: -> Array[Package]
+
+        def fetch_from_package_json: -> Array[Hash[Symbol, untyped]]
+      end
+    end
+  end
+end

data/sig/package/audit/npm/npm_meta_data.rbs

@@ -0,0 +1,19 @@
+module Package
+  module Audit
+    module Npm
+      class NpmMetaData
+        REGISTRY_URL: String
+
+        @packages: Array[Package]
+
+        def initialize: (Array[Package]) -> void
+
+        def fetch: -> Array[Package]
+
+        private
+
+        def update_meta_data: (Package, Hash[Symbol, untyped]) -> void
+      end
+    end
+  end
+end

data/sig/package/audit/npm/vulnerability_finder.rbs

@@ -0,0 +1,20 @@
+module Package
+  module Audit
+    module Npm
+      class VulnerabilityFinder
+        AUDIT_ADVISORY_REGEX: Regexp
+
+        @pkg_hash: Hash[String, Package]
+        @vuln_hash: Hash[String?, Package]
+
+        def initialize: (Array[Package]) -> void
+
+        def run: -> Array[Package]
+
+        private
+
+        def update_meta_data: (Hash[Symbol, untyped])-> void
+      end
+    end
+  end
+end

data/sig/package/audit/npm/yarn_lock_parser.rbs

@@ -0,0 +1,19 @@
+module Package
+  module Audit
+    module Npm
+      class YarnLockParser
+        @yarn_lock_path: String
+
+        def initialize: (String) -> void
+
+        def fetch: (Hash[Symbol, untyped], Hash[Symbol, untyped]) -> Array[Package]
+
+        private
+
+        def fetch_package_block: (Symbol, String) -> String
+
+        def fetch_package_version: (Symbol, String) -> String
+      end
+    end
+  end
+end

data/sig/package/audit/{dependency.rbs → package.rbs}

@@ -1,8 +1,8 @@
 module Package
   module Audit
-    class Dependency
+    class Package
       @groups: Array[Symbol]
-      @risk: Risk
+      @risks: Array[Risk]
       @vulnerabilities: Array[String]
 
       attr_accessor groups: Array[Symbol]
@@ -13,14 +13,22 @@ module Package
       attr_accessor version_date: String
       attr_accessor vulnerabilities: Array[String]
 
-      def initialize: (String, String) -> void
+      def initialize: (String, String, **untyped) -> void
+
+      def deprecated?: -> bool
+
+      def full_name: -> String
 
       def group_list: -> String
 
-      def risk?: -> bool
+      def outdated?: -> bool
 
       def risk: -> Risk
 
+      def risk?: -> bool
+
+      def risks: -> Array[Risk]
+
       def risk_explanation: -> String?
 
       def risk_type: -> String
@@ -30,6 +38,8 @@ module Package
       def update: (**untyped) -> void
 
       def vulnerabilities_grouped: -> String
+
+      def vulnerable?: -> bool
     end
   end
 end

data/sig/package/audit/printer.rbs

@@ -0,0 +1,24 @@
+module Package
+  module Audit
+    class Printer
+      BASH_FORMATTING_REGEX: Regexp
+      COLUMN_GAP: Integer
+      CSV_HEADERS: Hash[Symbol, String]
+
+      @pkgs: Array[Package]
+      @options: Hash[Symbol, untyped]
+
+      def initialize: (Array[Package], Hash[Symbol, untyped]) -> void
+
+      def print: (Array[Symbol]) -> void
+
+      private
+
+      def check_fields: (Array[Symbol]) -> void
+
+      def csv: (Array[Symbol], ?exclude_headers: bool) -> void
+
+      def pretty: (?Array[Symbol]) -> void
+    end
+  end
+end

data/sig/package/audit/risk_calculator.rbs

@@ -1,19 +1,19 @@
 module Package
   module Audit
     class RiskCalculator
-      @dependency: Dependency
+      @pkg: Package
 
-      def initialize: (Dependency) -> void
+      def initialize: (Package) -> void
 
-      def find: -> Risk?
+      def find: -> Array[Risk]
 
       private
 
-      def assess_deprecation_risk: -> Risk
+      def assess_deprecation_risks: -> Array[Risk]
 
-      def assess_version_risk: -> Risk
+      def assess_version_risks: -> Array[Risk]
 
-      def assess_vulnerability_risk: -> Risk
+      def assess_vulnerability_risks: -> Array[Risk]
 
       def production_dependency?: -> bool
     end

data/sig/package/audit/ruby/gem_collection.rbs

@@ -2,13 +2,13 @@ module Package
   module Audit
     module Ruby
       class GemCollection
-        def self.all: -> Array[Dependency]
+        def self.all: -> Array[Package]
 
-        def self.deprecated: -> Array[Dependency]
+        def self.deprecated: -> Array[Package]
 
-        def self.outdated: (?include_implicit: bool) -> Array[Dependency]
+        def self.outdated: (?include_implicit: bool) -> Array[Package]
 
-        def self.vulnerable: -> Array[Dependency]
+        def self.vulnerable: -> Array[Package]
       end
     end
   end

data/sig/package/audit/ruby/gem_meta_data.rbs

@@ -2,21 +2,20 @@ module Package
   module Audit
     module Ruby
       class GemMetaData
-        @dependencies: Array[Dependency]
+        @gem_hash: Hash[String, Package]
+        @pkgs: Array[Package]
 
-        @gem_hash: Hash[String, Dependency]
+        def initialize: (Array[Package]) -> void
 
-        def initialize: (Array[Dependency]) -> void
+        def fetch: -> Array[Package]
 
-        def fetch: -> Array[Dependency]
-
-        def find: -> Array[Dependency]
+        def find: -> Array[Package]
 
         private
 
-        def assign_groups: -> Array[Dependency]
+        def assign_groups: -> Array[Package]
 
-        def find_rubygems_metadata: -> Array[Dependency]
+        def find_rubygems_metadata: -> Array[Package]
       end
     end
   end

data/sig/package/audit/ruby/vulnerability_finder.rbs

@@ -2,7 +2,13 @@ module Package
   module Audit
     module Ruby
       class VulnerabilityFinder
-        def self.run: -> Array[Dependency]
+        @vuln_hash: Hash[String?, Package]
+
+        def run: -> Array[Package]
+
+        private
+
+        def update_meta_data: (Hash[Symbol, untyped]) -> void
       end
     end
   end

data/sig/package/audit/util/summary_printer.rbs

@@ -4,17 +4,15 @@ module Package
       module SummaryPrinter
         def self.deprecated: -> void
 
-        def self.outdated: -> void
-
         def self.report: -> void
 
         def self.risk: -> void
 
-        def self.total: (Integer) -> void
+        def self.statistics: (String, Array[Package]) -> void
 
-        def self.vulnerable: -> void
+        def self.total: (String, Array[Package]) -> void
 
-        def risk: -> void
+        def self.vulnerable: (String, String) -> void
       end
     end
   end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: package-audit
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.0
 platform: ruby
 authors:
 - Vadim Kononov
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2023-04-25 00:00:00.000000000 Z
+date: 2023-05-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler-audit
@@ -49,9 +49,12 @@ extra_rdoc_files: []
 files:
 - exe/package-audit
 - lib/package/audit/cli.rb
-- lib/package/audit/const.rb
-- lib/package/audit/dependency.rb
-- lib/package/audit/dependency_printer.rb
+- lib/package/audit/command_service.rb
+- lib/package/audit/const/cmd.rb
+- lib/package/audit/const/fields.rb
+- lib/package/audit/const/file.rb
+- lib/package/audit/const/time.rb
+- lib/package/audit/duplicate_package_merger.rb
 - lib/package/audit/enum/environment.rb
 - lib/package/audit/enum/risk_explanation.rb
 - lib/package/audit/enum/risk_type.rb
@@ -61,6 +64,12 @@ files:
 - lib/package/audit/formatter/version.rb
 - lib/package/audit/formatter/version_date.rb
 - lib/package/audit/formatter/vulnerability.rb
+- lib/package/audit/npm/node_collection.rb
+- lib/package/audit/npm/npm_meta_data.rb
+- lib/package/audit/npm/vulnerability_finder.rb
+- lib/package/audit/npm/yarn_lock_parser.rb
+- lib/package/audit/package.rb
+- lib/package/audit/printer.rb
 - lib/package/audit/risk.rb
 - lib/package/audit/risk_calculator.rb
 - lib/package/audit/ruby/bundler_specs.rb
@@ -70,10 +79,13 @@ files:
 - lib/package/audit/util/bash_color.rb
 - lib/package/audit/util/summary_printer.rb
 - lib/package/audit/version.rb
-- sig/const.rbs
 - sig/package/audit/cli.rbs
-- sig/package/audit/dependency.rbs
-- sig/package/audit/dependency_printer.rbs
+- sig/package/audit/command_service.rbs
+- sig/package/audit/const/cmd.rbs
+- sig/package/audit/const/fields.rbs
+- sig/package/audit/const/file.rbs
+- sig/package/audit/const/time.rbs
+- sig/package/audit/duplicate_package_merger.rbs
 - sig/package/audit/enum/environment.rbs
 - sig/package/audit/enum/risk_explanation.rbs
 - sig/package/audit/enum/risk_type.rbs
@@ -83,6 +95,12 @@ files:
 - sig/package/audit/formatter/version_date.rbs
 - sig/package/audit/formatter/version_printer.rbs
 - sig/package/audit/formatter/vulnerability.rbs
+- sig/package/audit/npm/node_collection.rbs
+- sig/package/audit/npm/npm_meta_data.rbs
+- sig/package/audit/npm/vulnerability_finder.rbs
+- sig/package/audit/npm/yarn_lock_parser.rbs
+- sig/package/audit/package.rbs
+- sig/package/audit/printer.rbs
 - sig/package/audit/risk.rbs
 - sig/package/audit/risk_calculator.rbs
 - sig/package/audit/ruby/bundler_specs.rbs
@@ -114,7 +132,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.10
+rubygems_version: 3.4.12
 signing_key:
 specification_version: 4
 summary: A helper tool to find outdated, deprecated and vulnerable dependencies.

data/lib/package/audit/const.rb

@@ -1,5 +0,0 @@
-module Const
-  SECONDS_PER_YEAR = 31_556_952 # length of a gregorian year (365.2425 days)
-  YEARS_ELAPSED_TO_BE_OUTDATED = 2
-  SECONDS_ELAPSED_TO_BE_OUTDATED = SECONDS_PER_YEAR * YEARS_ELAPSED_TO_BE_OUTDATED
-end

data/sig/const.rbs

@@ -1,5 +0,0 @@
-module Const
-  SECONDS_ELAPSED_TO_BE_OUTDATED: Integer
-  YEARS_ELAPSED_TO_BE_OUTDATED: Integer
-  SECONDS_PER_YEAR: Integer
-end

data/sig/package/audit/dependency_printer.rbs

@@ -1,24 +0,0 @@
-module Package
-  module Audit
-    class DependencyPrinter
-      BASH_FORMATTING_REGEX: Regexp
-      COLUMN_GAP: Integer
-      CSV_HEADERS: Hash[Symbol, String]
-      FIELDS: Array[Symbol]
-      HEADERS: Hash[Symbol, String]
-
-      @dependencies: Array[Dependency]
-      @options: Hash[Symbol, untyped]
-
-      def initialize: (Array[Dependency], Hash[Symbol, untyped]) -> void
-
-      def print: (?Array[Symbol]) -> void
-
-      private
-
-      def csv: (Array[Symbol], ?exclude_headers: bool) -> void
-
-      def pretty: (Array[Symbol]) -> void
-    end
-  end
-end