package-audit 0.5.1 → 0.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3987dbcffb0bef510d5897ad47ec79aa5ba65572c62d1a78003496a44264ca7e
-  data.tar.gz: f2608608cee05dde5a409e9dc6a4c885b208ee7d52cc7d6e745e0d3ccf37d7b7
+  metadata.gz: f9f4f23e752d513ff8a35a325296edf1d2d0a99b200d3e64ae92ce00ce145ac1
+  data.tar.gz: 043a77af2e0a46688ba0964e6d595bfe3a50fecc59f73f4957c24ca0ad4c9cbe
 SHA512:
-  metadata.gz: baa304f965258c639f7e4bee858da18ddd74bfb83926a66d95ce43367ac5bfcf363e4847dd56c98ed649cda9d7143cbb44bb2015d1c7dc263b73f8942538011e
-  data.tar.gz: a5adfb16e863dacea34dc1d1ca8e4962e76ab984f766d86073f2a5bcfceea9923d2c048ae11487e8a0644d9420025a6dba61f57dede9b6faaf74cd82954f5f52
+  metadata.gz: 3ebd17673929a378540502f8757397bd37c1a86121fa99f691fb94b537b53f9eec5f7698be6076af0cc0aa7c163458eede4875316e6755a1a05e4a7b8e33e83b
+  data.tar.gz: 190255842a47fbf044d75703cf8263b177a91ed5a282c7d610cb99f27ad3fe194170b73ba09575afb6fc181b26f2d797fa11f4e9f481cb8f1619af581bd61f86

data/lib/package/audit/cli.rb

@@ -1,7 +1,9 @@
 require_relative 'const/file'
 require_relative 'const/time'
+require_relative 'enum/format'
 require_relative 'enum/option'
 require_relative 'services/command_parser'
+require_relative 'util//risk_legend'
 require_relative 'version'
 
 require 'json'
@@ -10,7 +12,7 @@ require 'thor'
 module Package
   module Audit
     class CLI < Thor
-      default_task :report
+      default_task :default
 
       class_option Enum::Option::CONFIG,
                    aliases: '-c', banner: 'FILE',
@@ -24,18 +26,18 @@ module Package
       class_option Enum::Option::INCLUDE_IGNORED,
                    type: :boolean, default: false,
                    desc: 'Include packages ignored by a configuration file'
-      class_option Enum::Option::CSV,
-                   type: :boolean, default: false,
-                   desc: 'Output reports using comma separated values (CSV)'
+      class_option Enum::Option::FORMAT,
+                   aliases: '-f', banner: Enum::Format.all.join('|'), type: :string,
+                   desc: 'Output reports using a different format (e.g. CSV or Markdown)'
       class_option Enum::Option::CSV_EXCLUDE_HEADERS,
                    type: :boolean, default: false,
-                   desc: "Hide headers when using the --#{Enum::Option::CSV} option"
+                   desc: "Hide headers when using the #{Enum::Format::CSV} format"
 
       map '-v' => :version
       map '--version' => :version
 
-      desc 'report [DIR]', 'Show a report of potentially deprecated, outdated or vulnerable packages'
-      def report(dir = Dir.pwd)
+      desc '[DIR]', 'Show a report of potentially deprecated, outdated or vulnerable packages'
+      def default(dir = Dir.pwd)
         within_rescue_block { exit CommandParser.new(dir, options, Enum::Report::ALL).run }
       end
 
@@ -57,7 +59,7 @@ module Package
 
       desc 'risk', 'Print information on how risk is calculated'
       def risk
-        Util::SummaryPrinter.risk
+        Util::RiskLegend.print
       end
 
       desc 'version', 'Print the currently installed version of the package-audit gem'
@@ -70,7 +72,7 @@ module Package
       end
 
       def method_missing(command, *args)
-        invoke :report, [command], args
+        invoke :default, [command], args
       end
 
       def respond_to_missing?

data/lib/package/audit/const/cmd.rb

@@ -3,13 +3,13 @@ module Package
     module Const
       module Cmd
         BUNDLE_AUDIT = 'bundle-audit check --update'
-        BUNDLE_AUDIT_JSON = 'bundle-audit check --update --quiet --format json %s'
+        BUNDLE_AUDIT_JSON = 'bundle-audit check --update --quiet --format json "%s" 2>/dev/null'
 
         NPM_AUDIT = 'npm audit'
         NPM_AUDIT_JSON = 'npm audit --json'
 
         YARN_AUDIT = 'yarn audit'
-        YARN_AUDIT_JSON = 'yarn audit --json --cwd %s'
+        YARN_AUDIT_JSON = 'yarn audit --json --cwd "%s"'
       end
     end
   end

data/lib/package/audit/enum/format.rb

@@ -0,0 +1,14 @@
+module Package
+  module Audit
+    module Enum
+      module Format
+        CSV = 'csv'
+        MARKDOWN = 'md'
+
+        def self.all
+          constants.map { |key| const_get(key) }.sort
+        end
+      end
+    end
+  end
+end

data/lib/package/audit/enum/option.rb

@@ -3,7 +3,7 @@ module Package
     module Enum
       module Option
         CONFIG = 'config'
-        CSV = 'csv'
+        FORMAT = 'format'
         CSV_EXCLUDE_HEADERS = 'exclude-headers'
         GROUP = 'group'
         INCLUDE_IGNORED = 'include-ignored'

data/lib/package/audit/enum/technology.rb

@@ -6,7 +6,7 @@ module Package
         RUBY = 'ruby'
 
         def self.all
-          constants.map { |key| Enum::Technology.const_get(key) }.sort
+          constants.map { |key| const_get(key) }.sort
         end
       end
     end

data/lib/package/audit/models/package.rb

@@ -25,7 +25,7 @@ module Package
       end
 
       def update(**attr)
-        attr.each { |key, value| instance_variable_set("@#{key}", value) }
+        attr.each { |key, value| instance_variable_set(:"@#{key}", value) }
       end
 
       def risk
@@ -41,7 +41,7 @@ module Package
       end
 
       def group_list
-        @groups.join('|')
+        @groups.join(' ')
       end
 
       def vulnerabilities_grouped

data/lib/package/audit/ruby/bundler_specs.rb

@@ -18,6 +18,7 @@ module Package
         def self.gemfile(dir)
           current_dependencies = Bundler.with_unbundled_env do
             ENV['BUNDLE_GEMFILE'] = "#{dir}/Gemfile"
+            Bundler.ui.level = 'error'
             Bundler.reset!
             Bundler.ui.silence do
               Bundler.load.dependencies.to_h { |dep| [dep.name, dep] }

data/lib/package/audit/services/command_parser.rb

@@ -18,13 +18,28 @@ module Package
         @dir = dir
         @options = options
         @report = report
-        @config = parse_config_file
+        @config = parse_config_file!
         @groups = @options[Enum::Option::GROUP]
-        @technologies = parse_technologies
+        @technologies = parse_technologies!
+        validate_format!
         @spinner = Util::Spinner.new('Evaluating packages and their dependencies...')
       end
 
-      def run # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity
+      def run
+        if File.file? @dir.to_s
+          raise "\"#{@dir}\" is a file instead of directory"
+        elsif !File.directory? @dir.to_s
+          raise "\"#{@dir}\" is not a valid directory"
+        elsif @technologies.empty?
+          raise 'No supported technologies found in this directory'
+        else
+          process_technologies
+        end
+      end
+
+      private
+
+      def process_technologies # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity
         mutex = Mutex.new
         cumulative_pkgs = []
         thread_index = 0
@@ -34,7 +49,7 @@ module Package
           Thread.new do
             all_pkgs, ignored_pkgs = PackageFinder.new(@config, @dir, @report, @groups).run(technology)
             ignored_pkgs = [] if @options[Enum::Option::INCLUDE_IGNORED]
-            cumulative_pkgs += all_pkgs || []
+            cumulative_pkgs += (all_pkgs || []) - (ignored_pkgs || [])
             sleep 0.1 while technology_index != thread_index # print each technology in order
             mutex.synchronize do
               @spinner.stop
@@ -55,17 +70,15 @@ module Package
         @spinner.stop
       end
 
-      private
-
       def print_results(technology, pkgs, ignored_pkgs)
         PackagePrinter.new(@options, pkgs).print(Const::Fields::DEFAULT)
-        print_summary(technology, pkgs, ignored_pkgs) unless @options[Enum::Option::CSV]
-        print_disclaimer(technology) unless @options[Enum::Option::CSV] || pkgs.empty?
+        print_summary(technology, pkgs, ignored_pkgs) unless @options[Enum::Option::FORMAT] == Enum::Format::CSV
+        print_disclaimer(technology) unless @options[Enum::Option::FORMAT] == Enum::Format::CSV || pkgs.empty?
       end
 
       def print_summary(technology, pkgs, ignored_pkgs)
         if @report == Enum::Report::ALL
-          Util::SummaryPrinter.statistics(technology, @report, pkgs, ignored_pkgs)
+          Util::SummaryPrinter.statistics(@options[Enum::Option::FORMAT], technology, @report, pkgs, ignored_pkgs)
         else
           Util::SummaryPrinter.total(technology, @report, pkgs, ignored_pkgs)
         end
@@ -91,7 +104,7 @@ module Package
         end
       end
 
-      def parse_config_file
+      def parse_config_file!
         if @options[Enum::Option::CONFIG].nil?
           YAML.load_file("#{@dir}/#{Const::File::CONFIG}") if File.exist? "#{@dir}/#{Const::File::CONFIG}"
         elsif File.exist? @options[Enum::Option::CONFIG]
@@ -101,7 +114,13 @@ module Package
         end
       end
 
-      def parse_technologies
+      def validate_format!
+        format = @options[Enum::Option::FORMAT]
+        raise ArgumentError, "Invalid format: #{format}, should be one of [#{Enum::Format.all.join('|')}]" unless
+          @options[Enum::Option::FORMAT].nil? || Enum::Format.all.include?(format)
+      end
+
+      def parse_technologies!
         technology_validator = Technology::Validator.new(@dir)
         @options[Enum::Option::TECHNOLOGY]&.each { |technology| technology_validator.validate! technology }
         @options[Enum::Option::TECHNOLOGY] || Technology::Detector.new(@dir).detect

data/lib/package/audit/services/package_filter.rb

@@ -9,7 +9,8 @@ require 'yaml'
 module Package
   module Audit
     class PackageFilter
-      def initialize(config)
+      def initialize(report, config)
+        @report = report
         @config = config
       end
 
@@ -30,9 +31,28 @@ module Package
       end
 
       def ignore_package?(pkg, yaml)
-        (!pkg.deprecated? || yaml&.dig(Const::YAML::DEPRECATED) == false) &&
-          (!pkg.outdated? || yaml&.dig(Const::YAML::OUTDATED) == false) &&
-          (!pkg.vulnerable? || yaml&.dig(Const::YAML::VULNERABLE) == false)
+        case @report
+        when Enum::Report::DEPRECATED
+          ignore_deprecated?(pkg, yaml)
+        when Enum::Report::OUTDATED
+          ignore_outdated?(pkg, yaml)
+        when Enum::Report::VULNERABLE
+          ignore_vulnerable?(pkg, yaml)
+        else
+          ignore_deprecated?(pkg, yaml) && ignore_outdated?(pkg, yaml) && ignore_vulnerable?(pkg, yaml)
+        end
+      end
+
+      def ignore_deprecated?(pkg, yaml)
+        !pkg.deprecated? || yaml&.dig(Const::YAML::DEPRECATED) == false
+      end
+
+      def ignore_outdated?(pkg, yaml)
+        !pkg.outdated? || yaml&.dig(Const::YAML::OUTDATED) == false
+      end
+
+      def ignore_vulnerable?(pkg, yaml)
+        !pkg.vulnerable? || yaml&.dig(Const::YAML::VULNERABLE) == false
       end
     end
   end

data/lib/package/audit/services/package_finder.rb

@@ -48,7 +48,7 @@ module Package
       end
 
       def filter_pkgs_based_on_config(pkgs)
-        package_filter = PackageFilter.new(@config)
+        package_filter = PackageFilter.new(@report, @config)
         ignored_pkgs = []
 
         pkgs.each do |pkg|

data/lib/package/audit/services/package_printer.rb

@@ -21,8 +21,11 @@ module Package
         check_fields(fields)
         return if @pkgs.empty?
 
-        if @options[Enum::Option::CSV]
+        case @options[Enum::Option::FORMAT]
+        when Enum::Format::CSV
           csv(fields, exclude_headers: @options[Enum::Option::CSV_EXCLUDE_HEADERS])
+        when Enum::Format::MARKDOWN
+          markdown(fields)
         else
           pretty(fields)
         end
@@ -39,72 +42,78 @@ module Package
               "Available fields names are: #{Const::Fields::DEFAULT}."
       end
 
-      def pretty(fields = Const::Fields::DEFAULT) # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity
-        # find the maximum length of each field across all the packages so we know how many
-        # characters of horizontal space to allocate for each field when printing
-        fields.each do |key|
-          instance_variable_set "@max_#{key}", Const::Fields::HEADERS[key].length
-          @pkgs.each do |gem|
-            curr_field_length = case key
-                                when :vulnerabilities
-                                  gem.vulnerabilities_grouped.length
-                                when :groups
-                                  gem.group_list.length
-                                else
-                                  gem.send(key)&.gsub(BASH_FORMATTING_REGEX, '')&.length || 0
-                                end
-            max_field_length = instance_variable_get "@max_#{key}"
-            instance_variable_set "@max_#{key}", [curr_field_length, max_field_length].max
-          end
-        end
-
-        line_length = fields.sum { |key| instance_variable_get "@max_#{key}" } +
-                      (COLUMN_GAP * (fields.length - 1))
+      def pretty(fields = Const::Fields::DEFAULT) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
+        max_widths = get_field_max_widths(fields)
+        header = fields.map.with_index do |field, index|
+          Const::Fields::HEADERS[field].gsub(BASH_FORMATTING_REGEX, '').ljust(max_widths[index])
+        end.join(' ' * COLUMN_GAP)
+        separator = max_widths.map { |width| '=' * width }.join('=' * COLUMN_GAP)
 
-        puts '=' * line_length
-        puts fields.map { |key|
-          Const::Fields::HEADERS[key].gsub(BASH_FORMATTING_REGEX, '').ljust(instance_variable_get("@max_#{key}"))
-        }.join(' ' * COLUMN_GAP)
-        puts '=' * line_length
+        puts separator
+        puts header
+        puts separator
 
         @pkgs.each do |pkg|
-          puts fields.map { |key|
-            val = pkg.send(key) || ''
-            val = case key
-                  when :groups
-                    pkg.group_list
-                  when :risk_type
-                    Formatter::Risk.new(pkg.risk_type).format
-                  when :version
-                    Formatter::Version.new(pkg.version, pkg.latest_version).format
-                  when :vulnerabilities
-                    Formatter::Vulnerability.new(pkg.vulnerabilities).format
-                  when :latest_version_date
-                    Formatter::VersionDate.new(pkg.latest_version_date).format
-                  else
-                    val
-                  end
-
+          puts fields.map.with_index { |key, index|
+            val = get_field_value(pkg, key)
             formatting_length = val.length - val.gsub(BASH_FORMATTING_REGEX, '').length
-            val.ljust(instance_variable_get("@max_#{key}") + formatting_length)
+            val.ljust(max_widths[index] + formatting_length)
           }.join(' ' * COLUMN_GAP)
         end
       end
 
-      def csv(fields, exclude_headers: false)
-        value_fields = fields.map do |field|
-          case field
-          when :groups
-            :group_list
-          when :vulnerabilities
-            :vulnerabilities_grouped
-          else
-            field
+      def csv(fields = Const::Fields::DEFAULT, exclude_headers: false)
+        puts fields.join(',') unless exclude_headers
+        @pkgs.map do |pkg|
+          puts fields.map { |field| get_field_value(pkg, field) }.join(',').gsub(BASH_FORMATTING_REGEX, '')
+        end
+      end
+
+      def markdown(fields = Const::Fields::DEFAULT) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
+        max_widths = get_field_max_widths(fields)
+        header = fields.map.with_index do |field, index|
+          Const::Fields::HEADERS[field].gsub(BASH_FORMATTING_REGEX, '').ljust(max_widths[index])
+        end.join(' | ')
+        separator = max_widths.map { |width| ":#{'-' * width}" }.join('-|')
+
+        puts "| #{header} |"
+        puts "|#{separator}-|"
+
+        @pkgs.each do |pkg|
+          row = fields.map.with_index do |key, index|
+            val = get_field_value(pkg, key)
+            formatting_length = val.length - val.gsub(BASH_FORMATTING_REGEX, '').length
+            val.ljust(max_widths[index] + formatting_length)
           end
+          puts "| #{row.join(' | ')} |"
         end
+      end
 
-        puts fields.join(',') unless exclude_headers
-        @pkgs.map { |gem| puts gem.to_csv(value_fields) }
+      def get_field_max_widths(fields)
+        # Calculate the maximum width for each column, including header titles and content
+        fields.map do |field|
+          [@pkgs.map do |pkg|
+            value = get_field_value(pkg, field).to_s.gsub(BASH_FORMATTING_REGEX, '').length
+            value
+          end.max, Const::Fields::HEADERS[field].gsub(BASH_FORMATTING_REGEX, '').length].max
+        end
+      end
+
+      def get_field_value(pkg, field) # rubocop:disable Metrics/MethodLength
+        case field
+        when :groups
+          pkg.group_list
+        when :risk_type
+          Formatter::Risk.new(pkg.risk_type).format
+        when :version
+          Formatter::Version.new(pkg.version, pkg.latest_version).format
+        when :vulnerabilities
+          Formatter::Vulnerability.new(pkg.vulnerabilities).format
+        when :latest_version_date
+          Formatter::VersionDate.new(pkg.latest_version_date).format
+        else
+          pkg.send(field) || ''
+        end
       end
     end
   end

data/lib/package/audit/technology/validator.rb

@@ -28,27 +28,20 @@ module Package
           package_lock_json_present = File.exist?("#{@dir}/#{Const::File::PACKAGE_LOCK_JSON}")
           yarn_lock_present = File.exist?("#{@dir}/#{Const::File::YARN_LOCK}")
 
-          unless package_json_present
-            puts Util::BashColor.red("\"#{Const::File::PACKAGE_JSON}\" was not found in #{@dir}")
-          end
-          unless package_lock_json_present || yarn_lock_present
-            puts Util::BashColor.red("\"#{Const::File::PACKAGE_LOCK_JSON}\" or \"#{Const::File::YARN_LOCK}\" " \
-                                     "was not found in #{@dir}")
-          end
+          raise "\"#{Const::File::PACKAGE_JSON}\" was not found in #{@dir}" unless package_json_present
+
+          return if package_lock_json_present || yarn_lock_present
 
-          exit 1 unless package_json_present && (package_lock_json_present || yarn_lock_present)
+          raise "\"#{Const::File::PACKAGE_LOCK_JSON}\" or \"#{Const::File::YARN_LOCK}\" " \
+                "was not found in #{@dir}"
         end
 
         def validate_ruby!
           gemfile_present = File.exist?("#{@dir}/#{Const::File::GEMFILE}")
           gemfile_lock_present = File.exist?("#{@dir}/#{Const::File::GEMFILE_LOCK}")
 
-          puts Util::BashColor.red("\"#{Const::File::GEMFILE}\" was not found in #{@dir}") unless gemfile_present
-          unless gemfile_lock_present
-            puts Util::BashColor.red("\"#{Const::File::GEMFILE_LOCK}\" was not found in #{@dir}")
-          end
-
-          exit 1 unless gemfile_present && gemfile_lock_present
+          raise "\"#{Const::File::GEMFILE}\" was not found in #{@dir}" unless gemfile_present
+          raise "\"#{Const::File::GEMFILE_LOCK}\" was not found in #{@dir}" unless gemfile_lock_present
         end
       end
     end

data/lib/package/audit/util/risk_legend.rb

@@ -0,0 +1,49 @@
+require_relative '../const/time'
+require_relative 'bash_color'
+
+module Package
+  module Audit
+    module Util
+      module RiskLegend
+        def self.print # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
+          puts Util::BashColor.blue('1. Check if the package has a security vulnerability.')
+          puts '   If yes, the following vulnerability -> risk mapping is used:'
+          puts "      - #{Util::BashColor.red('unknown')} vulnerability\t-> #{Util::BashColor.red('high')} risk"
+          puts "      - #{Util::BashColor.red('critical')} vulnerability\t-> #{Util::BashColor.red('high')} risk"
+          puts "      - #{Util::BashColor.red('high')} vulnerability\t-> #{Util::BashColor.red('high')} risk"
+          puts "      - #{Util::BashColor.orange('medium')} vulnerability\t-> #{Util::BashColor.orange('medium')} risk"
+          puts "      - #{Util::BashColor.orange('moderate')} vulnerability\t-> #{Util::BashColor.orange('medium')} risk" # rubocop:disable Layout/LineLength
+          puts "      - #{Util::BashColor.yellow('low')} vulnerability\t-> #{Util::BashColor.yellow('low')} risk"
+
+          puts
+
+          puts Util::BashColor.blue('2. Check the package for potential deprecation.')
+          puts "   If no new releases by author for at least #{Const::Time::YEARS_ELAPSED_TO_BE_OUTDATED} years:"
+          puts "      - assign the risk to\t-> #{Util::BashColor.orange('medium')} risk"
+
+          puts
+
+          puts Util::BashColor.blue('3. Check if a newer version of the package is available.')
+
+          puts '   If yes, assign risk as follows:'
+          puts "      - #{Util::BashColor.orange('major version')} mismatch\t-> #{Util::BashColor.orange('medium')} risk" # rubocop:disable Layout/LineLength
+          puts "      - #{Util::BashColor.yellow('minor version')} mismatch\t-> #{Util::BashColor.yellow('low')} risk"
+          puts "      - #{Util::BashColor.green('patch version')} mismatch\t-> #{Util::BashColor.yellow('low')} risk"
+          puts "      - #{Util::BashColor.green('build version')} mismatch\t-> #{Util::BashColor.yellow('low')} risk"
+
+          puts
+
+          puts Util::BashColor.blue('4. Take the highest risk from the first 3 steps.')
+          puts '   If two risks match in severity, use the following precedence:'
+          puts "      - #{Util::BashColor.red('vulnerability')} > #{Util::BashColor.orange('deprecation')} > #{Util::BashColor.yellow('outdatedness')}" # rubocop:disable Layout/LineLength
+
+          puts
+
+          puts Util::BashColor.blue('5. Check whether the package is used in production or not.')
+          puts '   If a package is limited to a non-production group:'
+          puts "      - cap risk severity to\t -> #{Util::BashColor.yellow('low')} risk"
+        end
+      end
+    end
+  end
+end

data/lib/package/audit/util/summary_printer.rb

@@ -33,59 +33,71 @@ module Package
           end
         end
 
-        def self.statistics(technology, report, pkgs, ignored_pkgs)
-          outdated = pkgs.count(&:outdated?)
-          deprecated = pkgs.count(&:deprecated?)
-          vulnerable = pkgs.count(&:vulnerable?)
+        def self.statistics(format, technology, report, pkgs, ignored_pkgs)
+          stats = calculate_statistics(pkgs, ignored_pkgs)
+          display_results(format, technology, report, pkgs, ignored_pkgs, stats)
+        end
+
+        private_class_method def self.calculate_statistics(pkgs, ignored_pkgs)
+          stats = {
+            outdated: count_status(pkgs, :outdated?),
+            deprecated: count_status(pkgs, :deprecated?),
+            vulnerable: count_status(pkgs, :vulnerable?),
+            outdated_ignored: count_status(ignored_pkgs, :outdated?),
+            deprecated_ignored: count_status(ignored_pkgs, :deprecated?),
+            vulnerable_ignored: count_status(ignored_pkgs, :vulnerable?)
+          }
+
+          stats[:vulnerabilities] = pkgs.sum { |pkg| pkg.vulnerabilities.length }
+          stats
+        end
 
-          vulnerabilities = pkgs.sum { |pkg| pkg.vulnerabilities.length }
+        private_class_method def self.count_status(pkgs, status)
+          pkgs.count(&status)
+        end
 
+        private_class_method def self.display_results(format, technology, report, pkgs, ignored_pkgs, stats) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength, Metrics/ParameterLists
           if pkgs.any?
-            puts Util::BashColor.cyan("#{vulnerable} vulnerable (#{vulnerabilities} vulnerabilities), " \
-                                      "#{outdated} outdated, #{deprecated} deprecated.")
+            print status_message(stats)
+            print Util::BashColor.cyan(' \\') if format == Enum::Format::MARKDOWN
+            puts
             total(technology, report, pkgs, ignored_pkgs)
+          elsif ignored_pkgs.any?
+            print status_message(stats)
+            print Util::BashColor.cyan(' \\') if format == Enum::Format::MARKDOWN
+            puts
+            puts Util::BashColor.green("There are no deprecated, outdated or vulnerable #{technology} " \
+                                       "packages (#{ignored_pkgs.length} ignored)!\n")
           else
             puts Util::BashColor.green("There are no deprecated, outdated or vulnerable #{technology} packages!\n")
           end
         end
 
-        def self.risk # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
-          puts Util::BashColor.blue('1. Check if the package has a security vulnerability.')
-          puts '   If yes, the following vulnerability -> risk mapping is used:'
-          puts "      - #{Util::BashColor.red('unknown')} vulnerability\t-> #{Util::BashColor.red('high')} risk"
-          puts "      - #{Util::BashColor.red('critical')} vulnerability\t-> #{Util::BashColor.red('high')} risk"
-          puts "      - #{Util::BashColor.red('high')} vulnerability\t-> #{Util::BashColor.red('high')} risk"
-          puts "      - #{Util::BashColor.orange('medium')} vulnerability\t-> #{Util::BashColor.orange('medium')} risk"
-          puts "      - #{Util::BashColor.orange('moderate')} vulnerability\t-> #{Util::BashColor.orange('medium')} risk" # rubocop:disable Layout/LineLength
-          puts "      - #{Util::BashColor.yellow('low')} vulnerability\t-> #{Util::BashColor.yellow('low')} risk"
-
-          puts
-
-          puts Util::BashColor.blue('2. Check the package for potential deprecation.')
-          puts "   If no new releases by author for at least #{Const::Time::YEARS_ELAPSED_TO_BE_OUTDATED} years:"
-          puts "      - assign the risk to\t-> #{Util::BashColor.orange('medium')} risk"
+        private_class_method def self.status_message(stats)
+          outdated_str = "#{stats[:outdated]} outdated" + outdated_details(stats)
+          deprecated_str = "#{stats[:deprecated]} deprecated" + deprecated_details(stats)
+          vulnerable_str = "#{stats[:vulnerable]} vulnerable" + vulnerability_details(stats)
 
-          puts
-
-          puts Util::BashColor.blue('3. Check if a newer version of the package is available.')
-
-          puts '   If yes, assign risk as follows:'
-          puts "      - #{Util::BashColor.orange('major version')} mismatch\t-> #{Util::BashColor.orange('medium')} risk" # rubocop:disable Layout/LineLength
-          puts "      - #{Util::BashColor.yellow('minor version')} mismatch\t-> #{Util::BashColor.yellow('low')} risk"
-          puts "      - #{Util::BashColor.green('patch version')} mismatch\t-> #{Util::BashColor.yellow('low')} risk"
-          puts "      - #{Util::BashColor.green('build version')} mismatch\t-> #{Util::BashColor.yellow('low')} risk"
-
-          puts
+          Util::BashColor.cyan("#{vulnerable_str}, #{outdated_str}, #{deprecated_str}.")
+        end
 
-          puts Util::BashColor.blue('4. Take the highest risk from the first 3 steps.')
-          puts '   If two risks match in severity, use the following precedence:'
-          puts "      - #{Util::BashColor.red('vulnerability')} > #{Util::BashColor.orange('deprecation')} > #{Util::BashColor.yellow('outdatedness')}" # rubocop:disable Layout/LineLength
+        private_class_method def self.deprecated_details(stats)
+          details = []
+          details << "#{stats[:deprecated_ignored]} ignored" if stats[:deprecated_ignored].positive?
+          details.any? ? " (#{details.join(', ')})" : ''
+        end
 
-          puts
+        private_class_method def self.outdated_details(stats)
+          details = []
+          details << "#{stats[:outdated_ignored]} ignored" if stats[:outdated_ignored].positive?
+          details.any? ? " (#{details.join(', ')})" : ''
+        end
 
-          puts Util::BashColor.blue('5. Check whether the package is used in production or not.')
-          puts '   If a package is limited to a non-production group:'
-          puts "      - cap risk severity to\t -> #{Util::BashColor.yellow('low')} risk"
+        private_class_method def self.vulnerability_details(stats)
+          details = []
+          details << "#{stats[:vulnerabilities]} vulnerabilities" if stats[:vulnerabilities].positive?
+          details << "#{stats[:vulnerable_ignored]} ignored" if stats[:vulnerable_ignored].positive?
+          details.any? ? " (#{details.join(', ')})" : ''
         end
       end
     end

data/lib/package/audit/version.rb

@@ -1,5 +1,5 @@
 module Package
   module Audit
-    VERSION = '0.5.1'
+    VERSION = '0.6.0'
   end
 end

data/sig/package/audit/cli.rbs

@@ -3,6 +3,8 @@ module Package
     class CLI
       def self.exit_on_failure?: -> bool
 
+      def default: (String) -> void
+
       def deprecated: (String) -> void
 
       def outdated: (String) -> void

data/sig/package/audit/enum/format.rbs

@@ -0,0 +1,12 @@
+module Package
+  module Audit
+    module Enum
+      module Format
+        CSV: String
+        MARKDOWN: String
+
+        def self.all: -> Array[String]
+      end
+    end
+  end
+end

data/sig/package/audit/enum/option.rbs

@@ -3,7 +3,7 @@ module Package
     module Enum
       module Option
         CONFIG: String
-        CSV: String
+        FORMAT: String
         CSV_EXCLUDE_HEADERS: String
         GROUP: String
         INCLUDE_IGNORED: String

data/sig/package/audit/formatter/version_date.rbs

@@ -6,7 +6,7 @@ module Package
 
         def initialize: (String) -> void
 
-        def format: -> void
+        def format: -> String
       end
     end
   end

data/sig/package/audit/services/command_parser.rbs

@@ -17,15 +17,21 @@ module Package
 
       def learn_more_command: (String) -> String?
 
-      def parse_config_file: -> Hash[String, untyped]?
+      def parse_config_file!: -> Hash[String, untyped]?
 
       def parse_technologies: -> Array[String]
 
+      def parse_technologies!: -> Array[String]
+
       def print_disclaimer: (String) -> void
 
       def print_results: (String, Array[Package], Array[Package]) -> void
 
       def print_summary: (String, Array[Package], Array[Package]) -> void
+
+      def process_technologies: -> int
+
+      def validate_format!: -> void
     end
   end
 end

data/sig/package/audit/services/package_filter.rbs

@@ -2,15 +2,22 @@ module Package
   module Audit
     class PackageFilter
       @config: Hash[String, untyped]?
+      @report: Symbol
 
-      def initialize: (Hash[String, untyped]?) -> void
+      def initialize: (Symbol, Hash[String, untyped]?) -> void
 
       def ignored?: (Package) -> bool
 
       private
 
+      def ignore_deprecated?: (Package, Hash[String, untyped]?) -> bool
+
+      def ignore_outdated?: (Package, Hash[String, untyped]?) -> bool
+
       def ignore_package?: (Package, Hash[String, untyped]?) -> bool
 
+      def ignore_vulnerable?: (Package, Hash[String, untyped]?) -> bool
+
       def pkg_version_in_config?: (Package, Hash[String, untyped]?) -> bool
 
       def pkg_yaml_from_config: (Package) -> Hash[String, untyped]?

data/sig/package/audit/services/package_printer.rbs

@@ -18,7 +18,13 @@ module Package
 
       def csv: (Array[Symbol], ?exclude_headers: bool) -> void
 
-      def pretty: (?Array[Symbol]) -> void
+      def get_field_max_widths: (Array[Symbol]) -> Array[Integer]
+
+      def get_field_value: (Package, Symbol) -> String
+
+      def markdown: (Array[Symbol]) -> void
+
+      def pretty: (Array[Symbol]) -> void
     end
   end
 end

data/sig/package/audit/util/risk_legend.rbs

@@ -0,0 +1,9 @@
+module Package
+  module Audit
+    module Util
+      module RiskLegend
+        def self.print: -> void
+      end
+    end
+  end
+end

data/sig/package/audit/util/summary_printer.rbs

@@ -4,15 +4,29 @@ module Package
       module SummaryPrinter
         def self.all: -> void
 
+        def self.calculate_statistics: (Array[Package], Array[Package]) -> Hash[Symbol, Integer]
+
+        def self.count_status: (Array[Package], Symbol) -> Integer
+
         def self.deprecated: -> void
 
-        def self.risk: -> void
+        def self.display_results: (String, String, Symbol, Array[Package], Array[Package], Hash[Symbol, Integer]) -> void
 
-        def self.statistics: (String, Symbol, Array[Package], Array[Package]) -> void
+        def self.statistics: (String, String, Symbol, Array[Package], Array[Package]) -> void
+
+        def self.status_message: (Hash[Symbol, Integer]) -> String
 
         def self.total: (String, Symbol, Array[Package], Array[Package]) -> void
 
         def self.vulnerable: (String, String?) -> void
+
+        def self.deprecated_details: (Hash[Symbol, Integer]) -> String
+
+        def self.outdated_details: (Hash[Symbol, Integer]) -> String
+
+        def self.vulnerability_details: (Hash[Symbol, Integer]) -> String
+
+        def calculate_statistics: (Array[Package], Array[Package]) -> Hash[Symbol, Integer]
       end
     end
   end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: package-audit
 version: !ruby/object:Gem::Version
-  version: 0.5.1
+  version: 0.6.0
 platform: ruby
 authors:
 - Tactica Communications Inc.
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2023-11-22 00:00:00.000000000 Z
+date: 2024-02-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler-audit
@@ -54,6 +54,7 @@ files:
 - lib/package/audit/const/file.rb
 - lib/package/audit/const/time.rb
 - lib/package/audit/const/yaml.rb
+- lib/package/audit/enum/format.rb
 - lib/package/audit/enum/group.rb
 - lib/package/audit/enum/option.rb
 - lib/package/audit/enum/report.rb
@@ -85,6 +86,7 @@ files:
 - lib/package/audit/technology/detector.rb
 - lib/package/audit/technology/validator.rb
 - lib/package/audit/util/bash_color.rb
+- lib/package/audit/util/risk_legend.rb
 - lib/package/audit/util/spinner.rb
 - lib/package/audit/util/summary_printer.rb
 - lib/package/audit/version.rb
@@ -94,6 +96,7 @@ files:
 - sig/package/audit/const/file.rbs
 - sig/package/audit/const/time.rbs
 - sig/package/audit/const/yaml.rbs
+- sig/package/audit/enum/format.rbs
 - sig/package/audit/enum/group.rbs
 - sig/package/audit/enum/option.rbs
 - sig/package/audit/enum/report.rbs
@@ -125,6 +128,7 @@ files:
 - sig/package/audit/technology/detector.rbs
 - sig/package/audit/technology/validator.rbs
 - sig/package/audit/util/bash_color.rbs
+- sig/package/audit/util/risk_legend.rbs
 - sig/package/audit/util/spinner.rbs
 - sig/package/audit/util/summary_printer.rbs
 - sig/package/audit/version.rbs
@@ -143,14 +147,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.7.0
+      version: 2.6.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.21
+rubygems_version: 3.4.22
 signing_key:
 specification_version: 4
 summary: A helper tool to find outdated, deprecated and vulnerable dependencies.