package-audit 0.5.1 → 0.6.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (62) hide show
  1. checksums.yaml +4 -4
  2. data/lib/package/audit/cli.rb +11 -9
  3. data/lib/package/audit/const/cmd.rb +2 -2
  4. data/lib/package/audit/enum/format.rb +14 -0
  5. data/lib/package/audit/enum/option.rb +1 -1
  6. data/lib/package/audit/enum/technology.rb +1 -1
  7. data/lib/package/audit/models/package.rb +2 -2
  8. data/lib/package/audit/npm/node_collection.rb +17 -0
  9. data/lib/package/audit/npm/npm_meta_data.rb +24 -2
  10. data/lib/package/audit/npm/vulnerability_finder.rb +7 -1
  11. data/lib/package/audit/ruby/bundler_specs.rb +16 -1
  12. data/lib/package/audit/services/command_parser.rb +56 -15
  13. data/lib/package/audit/services/config_cleaner.rb +221 -0
  14. data/lib/package/audit/services/package_filter.rb +24 -4
  15. data/lib/package/audit/services/package_finder.rb +1 -1
  16. data/lib/package/audit/services/package_printer.rb +65 -56
  17. data/lib/package/audit/technology/validator.rb +7 -14
  18. data/lib/package/audit/util/risk_legend.rb +49 -0
  19. data/lib/package/audit/util/spinner.rb +1 -1
  20. data/lib/package/audit/util/summary_printer.rb +58 -45
  21. data/lib/package/audit/version.rb +1 -1
  22. metadata +12 -52
  23. data/sig/package/audit/cli.rbs +0 -33
  24. data/sig/package/audit/const/cmd.rbs +0 -14
  25. data/sig/package/audit/const/fields.rbs +0 -11
  26. data/sig/package/audit/const/file.rbs +0 -14
  27. data/sig/package/audit/const/time.rbs +0 -11
  28. data/sig/package/audit/const/yaml.rbs +0 -13
  29. data/sig/package/audit/enum/group.rbs +0 -15
  30. data/sig/package/audit/enum/option.rbs +0 -14
  31. data/sig/package/audit/enum/report.rbs +0 -12
  32. data/sig/package/audit/enum/risk_explanation.rbs +0 -12
  33. data/sig/package/audit/enum/risk_type.rbs +0 -12
  34. data/sig/package/audit/enum/technology.rbs +0 -12
  35. data/sig/package/audit/enum/vulnerability_type.rbs +0 -15
  36. data/sig/package/audit/formatter/base.rbs +0 -9
  37. data/sig/package/audit/formatter/risk_printer.rbs +0 -13
  38. data/sig/package/audit/formatter/version_date.rbs +0 -13
  39. data/sig/package/audit/formatter/version_printer.rbs +0 -14
  40. data/sig/package/audit/formatter/vulnerability.rbs +0 -13
  41. data/sig/package/audit/models/package.rbs +0 -47
  42. data/sig/package/audit/models/risk.rbs +0 -12
  43. data/sig/package/audit/npm/node_collection.rbs +0 -28
  44. data/sig/package/audit/npm/npm_meta_data.rbs +0 -19
  45. data/sig/package/audit/npm/vulnerability_finder.rbs +0 -21
  46. data/sig/package/audit/npm/yarn_lock_parser.rbs +0 -22
  47. data/sig/package/audit/ruby/bundler_specs.rbs +0 -11
  48. data/sig/package/audit/ruby/gem_collection.rbs +0 -22
  49. data/sig/package/audit/ruby/gem_meta_data.rbs +0 -23
  50. data/sig/package/audit/ruby/vulnerability_finder.rbs +0 -18
  51. data/sig/package/audit/services/command_parser.rbs +0 -31
  52. data/sig/package/audit/services/duplicate_package_merger.rbs +0 -11
  53. data/sig/package/audit/services/package_filter.rbs +0 -19
  54. data/sig/package/audit/services/package_finder.rbs +0 -26
  55. data/sig/package/audit/services/package_printer.rbs +0 -24
  56. data/sig/package/audit/services/risk_calculator.rbs +0 -21
  57. data/sig/package/audit/technology/detector.rbs +0 -19
  58. data/sig/package/audit/technology/validator.rbs +0 -19
  59. data/sig/package/audit/util/bash_color.rbs +0 -21
  60. data/sig/package/audit/util/spinner.rbs +0 -24
  61. data/sig/package/audit/util/summary_printer.rbs +0 -19
  62. data/sig/package/audit/version.rbs +0 -5
data/lib/package/audit/services/package_finder.rb CHANGED
@@ -48,7 +48,7 @@ module Package
48
48
  end
49
49
 
50
50
  def filter_pkgs_based_on_config(pkgs)
51
- package_filter = PackageFilter.new(@config)
51
+ package_filter = PackageFilter.new(@report, @config)
52
52
  ignored_pkgs = []
53
53
 
54
54
  pkgs.each do |pkg|
data/lib/package/audit/services/package_printer.rb CHANGED
@@ -21,8 +21,11 @@ module Package
21
21
  check_fields(fields)
22
22
  return if @pkgs.empty?
23
23
 
24
- if @options[Enum::Option::CSV]
24
+ case @options[Enum::Option::FORMAT]
25
+ when Enum::Format::CSV
25
26
  csv(fields, exclude_headers: @options[Enum::Option::CSV_EXCLUDE_HEADERS])
27
+ when Enum::Format::MARKDOWN
28
+ markdown(fields)
26
29
  else
27
30
  pretty(fields)
28
31
  end
@@ -39,72 +42,78 @@ module Package
39
42
  "Available fields names are: #{Const::Fields::DEFAULT}."
40
43
  end
41
44
 
42
- def pretty(fields = Const::Fields::DEFAULT) # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity
43
- # find the maximum length of each field across all the packages so we know how many
44
- # characters of horizontal space to allocate for each field when printing
45
- fields.each do |key|
46
- instance_variable_set "@max_#{key}", Const::Fields::HEADERS[key].length
47
- @pkgs.each do |gem|
48
- curr_field_length = case key
49
- when :vulnerabilities
50
- gem.vulnerabilities_grouped.length
51
- when :groups
52
- gem.group_list.length
53
- else
54
- gem.send(key)&.gsub(BASH_FORMATTING_REGEX, '')&.length || 0
55
- end
56
- max_field_length = instance_variable_get "@max_#{key}"
57
- instance_variable_set "@max_#{key}", [curr_field_length, max_field_length].max
58
- end
59
- end
60
-
61
- line_length = fields.sum { |key| instance_variable_get "@max_#{key}" } +
62
- (COLUMN_GAP * (fields.length - 1))
45
+ def pretty(fields = Const::Fields::DEFAULT) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
46
+ max_widths = get_field_max_widths(fields)
47
+ header = fields.map.with_index do |field, index|
48
+ Const::Fields::HEADERS[field].gsub(BASH_FORMATTING_REGEX, '').ljust(max_widths[index])
49
+ end.join(' ' * COLUMN_GAP)
50
+ separator = max_widths.map { |width| '=' * width }.join('=' * COLUMN_GAP)
63
51
 
64
- puts '=' * line_length
65
- puts fields.map { |key|
66
- Const::Fields::HEADERS[key].gsub(BASH_FORMATTING_REGEX, '').ljust(instance_variable_get("@max_#{key}"))
67
- }.join(' ' * COLUMN_GAP)
68
- puts '=' * line_length
52
+ puts separator
53
+ puts header
54
+ puts separator
69
55
 
70
56
  @pkgs.each do |pkg|
71
- puts fields.map { |key|
72
- val = pkg.send(key) || ''
73
- val = case key
74
- when :groups
75
- pkg.group_list
76
- when :risk_type
77
- Formatter::Risk.new(pkg.risk_type).format
78
- when :version
79
- Formatter::Version.new(pkg.version, pkg.latest_version).format
80
- when :vulnerabilities
81
- Formatter::Vulnerability.new(pkg.vulnerabilities).format
82
- when :latest_version_date
83
- Formatter::VersionDate.new(pkg.latest_version_date).format
84
- else
85
- val
86
- end
87
-
57
+ puts fields.map.with_index { |key, index|
58
+ val = get_field_value(pkg, key)
88
59
  formatting_length = val.length - val.gsub(BASH_FORMATTING_REGEX, '').length
89
- val.ljust(instance_variable_get("@max_#{key}") + formatting_length)
60
+ val.ljust(max_widths[index] + formatting_length)
90
61
  }.join(' ' * COLUMN_GAP)
91
62
  end
92
63
  end
93
64
 
94
- def csv(fields, exclude_headers: false)
95
- value_fields = fields.map do |field|
96
- case field
97
- when :groups
98
- :group_list
99
- when :vulnerabilities
100
- :vulnerabilities_grouped
101
- else
102
- field
65
+ def csv(fields = Const::Fields::DEFAULT, exclude_headers: false)
66
+ puts fields.join(',') unless exclude_headers
67
+ @pkgs.map do |pkg|
68
+ puts fields.map { |field| get_field_value(pkg, field) }.join(',').gsub(BASH_FORMATTING_REGEX, '')
69
+ end
70
+ end
71
+
72
+ def markdown(fields = Const::Fields::DEFAULT) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
73
+ max_widths = get_field_max_widths(fields)
74
+ header = fields.map.with_index do |field, index|
75
+ Const::Fields::HEADERS[field].gsub(BASH_FORMATTING_REGEX, '').ljust(max_widths[index])
76
+ end.join(' | ')
77
+ separator = max_widths.map { |width| ":#{'-' * width}" }.join('-|')
78
+
79
+ puts "| #{header} |"
80
+ puts "|#{separator}-|"
81
+
82
+ @pkgs.each do |pkg|
83
+ row = fields.map.with_index do |key, index|
84
+ val = get_field_value(pkg, key)
85
+ formatting_length = val.length - val.gsub(BASH_FORMATTING_REGEX, '').length
86
+ val.ljust(max_widths[index] + formatting_length)
103
87
  end
88
+ puts "| #{row.join(' | ')} |"
104
89
  end
90
+ end
105
91
 
106
- puts fields.join(',') unless exclude_headers
107
- @pkgs.map { |gem| puts gem.to_csv(value_fields) }
92
+ def get_field_max_widths(fields)
93
+ # Calculate the maximum width for each column, including header titles and content
94
+ fields.map do |field|
95
+ [@pkgs.map do |pkg|
96
+ value = get_field_value(pkg, field).to_s.gsub(BASH_FORMATTING_REGEX, '').length
97
+ value
98
+ end.max, Const::Fields::HEADERS[field].gsub(BASH_FORMATTING_REGEX, '').length].max
99
+ end
100
+ end
101
+
102
+ def get_field_value(pkg, field) # rubocop:disable Metrics/MethodLength
103
+ case field
104
+ when :groups
105
+ pkg.group_list
106
+ when :risk_type
107
+ Formatter::Risk.new(pkg.risk_type).format
108
+ when :version
109
+ Formatter::Version.new(pkg.version, pkg.latest_version).format
110
+ when :vulnerabilities
111
+ Formatter::Vulnerability.new(pkg.vulnerabilities).format
112
+ when :latest_version_date
113
+ Formatter::VersionDate.new(pkg.latest_version_date).format
114
+ else
115
+ pkg.send(field) || ''
116
+ end
108
117
  end
109
118
  end
110
119
  end
data/lib/package/audit/technology/validator.rb CHANGED
@@ -28,27 +28,20 @@ module Package
28
28
  package_lock_json_present = File.exist?("#{@dir}/#{Const::File::PACKAGE_LOCK_JSON}")
29
29
  yarn_lock_present = File.exist?("#{@dir}/#{Const::File::YARN_LOCK}")
30
30
 
31
- unless package_json_present
32
- puts Util::BashColor.red("\"#{Const::File::PACKAGE_JSON}\" was not found in #{@dir}")
33
- end
34
- unless package_lock_json_present || yarn_lock_present
35
- puts Util::BashColor.red("\"#{Const::File::PACKAGE_LOCK_JSON}\" or \"#{Const::File::YARN_LOCK}\" " \
36
- "was not found in #{@dir}")
37
- end
31
+ raise "\"#{Const::File::PACKAGE_JSON}\" was not found in #{@dir}" unless package_json_present
32
+
33
+ return if package_lock_json_present || yarn_lock_present
38
34
 
39
- exit 1 unless package_json_present && (package_lock_json_present || yarn_lock_present)
35
+ raise "\"#{Const::File::PACKAGE_LOCK_JSON}\" or \"#{Const::File::YARN_LOCK}\" " \
36
+ "was not found in #{@dir}"
40
37
  end
41
38
 
42
39
  def validate_ruby!
43
40
  gemfile_present = File.exist?("#{@dir}/#{Const::File::GEMFILE}")
44
41
  gemfile_lock_present = File.exist?("#{@dir}/#{Const::File::GEMFILE_LOCK}")
45
42
 
46
- puts Util::BashColor.red("\"#{Const::File::GEMFILE}\" was not found in #{@dir}") unless gemfile_present
47
- unless gemfile_lock_present
48
- puts Util::BashColor.red("\"#{Const::File::GEMFILE_LOCK}\" was not found in #{@dir}")
49
- end
50
-
51
- exit 1 unless gemfile_present && gemfile_lock_present
43
+ raise "\"#{Const::File::GEMFILE}\" was not found in #{@dir}" unless gemfile_present
44
+ raise "\"#{Const::File::GEMFILE_LOCK}\" was not found in #{@dir}" unless gemfile_lock_present
52
45
  end
53
46
  end
54
47
  end
data/lib/package/audit/util/risk_legend.rb ADDED
@@ -0,0 +1,49 @@
1
+ require_relative '../const/time'
2
+ require_relative 'bash_color'
3
+
4
+ module Package
5
+ module Audit
6
+ module Util
7
+ module RiskLegend
8
+ def self.print # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
9
+ puts Util::BashColor.blue('1. Check if the package has a security vulnerability.')
10
+ puts ' If yes, the following vulnerability -> risk mapping is used:'
11
+ puts " - #{Util::BashColor.red('unknown')} vulnerability\t-> #{Util::BashColor.red('high')} risk"
12
+ puts " - #{Util::BashColor.red('critical')} vulnerability\t-> #{Util::BashColor.red('high')} risk"
13
+ puts " - #{Util::BashColor.red('high')} vulnerability\t-> #{Util::BashColor.red('high')} risk"
14
+ puts " - #{Util::BashColor.orange('medium')} vulnerability\t-> #{Util::BashColor.orange('medium')} risk"
15
+ puts " - #{Util::BashColor.orange('moderate')} vulnerability\t-> #{Util::BashColor.orange('medium')} risk" # rubocop:disable Layout/LineLength
16
+ puts " - #{Util::BashColor.yellow('low')} vulnerability\t-> #{Util::BashColor.yellow('low')} risk"
17
+
18
+ puts
19
+
20
+ puts Util::BashColor.blue('2. Check the package for potential deprecation.')
21
+ puts " If no new releases by author for at least #{Const::Time::YEARS_ELAPSED_TO_BE_OUTDATED} years:"
22
+ puts " - assign the risk to\t-> #{Util::BashColor.orange('medium')} risk"
23
+
24
+ puts
25
+
26
+ puts Util::BashColor.blue('3. Check if a newer version of the package is available.')
27
+
28
+ puts ' If yes, assign risk as follows:'
29
+ puts " - #{Util::BashColor.orange('major version')} mismatch\t-> #{Util::BashColor.orange('medium')} risk" # rubocop:disable Layout/LineLength
30
+ puts " - #{Util::BashColor.yellow('minor version')} mismatch\t-> #{Util::BashColor.yellow('low')} risk"
31
+ puts " - #{Util::BashColor.green('patch version')} mismatch\t-> #{Util::BashColor.yellow('low')} risk"
32
+ puts " - #{Util::BashColor.green('build version')} mismatch\t-> #{Util::BashColor.yellow('low')} risk"
33
+
34
+ puts
35
+
36
+ puts Util::BashColor.blue('4. Take the highest risk from the first 3 steps.')
37
+ puts ' If two risks match in severity, use the following precedence:'
38
+ puts " - #{Util::BashColor.red('vulnerability')} > #{Util::BashColor.orange('deprecation')} > #{Util::BashColor.yellow('outdatedness')}" # rubocop:disable Layout/LineLength
39
+
40
+ puts
41
+
42
+ puts Util::BashColor.blue('5. Check whether the package is used in production or not.')
43
+ puts ' If a package is limited to a non-production group:'
44
+ puts " - cap risk severity to\t -> #{Util::BashColor.yellow('low')} risk"
45
+ end
46
+ end
47
+ end
48
+ end
49
+ end
data/lib/package/audit/util/spinner.rb CHANGED
@@ -19,7 +19,7 @@ module Package
19
19
  @thread = Thread.new do
20
20
  step = 0
21
21
  while @running
22
- if @running && (ENV['RUBY_ENV'] != 'test' && ENV['RACK_ENV'] != 'test')
22
+ if @running && ENV['RUBY_ENV'] != 'test' && ENV['RACK_ENV'] != 'test'
23
23
  print "\r#{@message} #{STATES[step % STATES.length]}"
24
24
  end
25
25
  sleep ANIMATION_SPEED
data/lib/package/audit/util/summary_printer.rb CHANGED
@@ -18,74 +18,87 @@ module Package
18
18
 
19
19
  def self.vulnerable(technology, cmd)
20
20
  printf("%<info>s\n%<cmd>s\n\n",
21
- info: Util::BashColor.blue("To get more information about the #{technology} vulnerabilities run:"),
21
+ info: Util::BashColor.blue("For more information about #{technology.capitalize} vulnerabilities run:"),
22
22
  cmd: Util::BashColor.magenta(" > #{cmd}"))
23
23
  end
24
24
 
25
25
  def self.total(technology, report, pkgs, ignored_pkgs)
26
26
  if ignored_pkgs.any?
27
- puts Util::BashColor.cyan("Found a total of #{pkgs.length} #{technology} packages " \
27
+ puts Util::BashColor.cyan("Found a total of #{pkgs.length} #{technology.capitalize} packages " \
28
28
  "(#{ignored_pkgs.length} ignored).\n")
29
29
  elsif pkgs.any?
30
- puts Util::BashColor.cyan("Found a total of #{pkgs.length} #{technology} packages.\n")
30
+ puts Util::BashColor.cyan("Found a total of #{pkgs.length} #{technology.capitalize} packages.\n")
31
31
  else
32
- puts Util::BashColor.green("There are no #{report} #{technology} packages!\n")
32
+ puts Util::BashColor.green("There are no #{report} #{technology.capitalize} packages!\n")
33
33
  end
34
34
  end
35
35
 
36
- def self.statistics(technology, report, pkgs, ignored_pkgs)
37
- outdated = pkgs.count(&:outdated?)
38
- deprecated = pkgs.count(&:deprecated?)
39
- vulnerable = pkgs.count(&:vulnerable?)
36
+ def self.statistics(format, technology, report, pkgs, ignored_pkgs)
37
+ stats = calculate_statistics(pkgs, ignored_pkgs)
38
+ display_results(format, technology, report, pkgs, ignored_pkgs, stats)
39
+ end
40
+
41
+ private_class_method def self.calculate_statistics(pkgs, ignored_pkgs)
42
+ stats = {
43
+ outdated: count_status(pkgs, :outdated?),
44
+ deprecated: count_status(pkgs, :deprecated?),
45
+ vulnerable: count_status(pkgs, :vulnerable?),
46
+ outdated_ignored: count_status(ignored_pkgs, :outdated?),
47
+ deprecated_ignored: count_status(ignored_pkgs, :deprecated?),
48
+ vulnerable_ignored: count_status(ignored_pkgs, :vulnerable?)
49
+ }
50
+
51
+ stats[:vulnerabilities] = pkgs.sum { |pkg| pkg.vulnerabilities.length }
52
+ stats
53
+ end
40
54
 
41
- vulnerabilities = pkgs.sum { |pkg| pkg.vulnerabilities.length }
55
+ private_class_method def self.count_status(pkgs, status)
56
+ pkgs.count(&status)
57
+ end
42
58
 
59
+ private_class_method def self.display_results(format, technology, report, pkgs, ignored_pkgs, stats) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength, Metrics/ParameterLists
43
60
  if pkgs.any?
44
- puts Util::BashColor.cyan("#{vulnerable} vulnerable (#{vulnerabilities} vulnerabilities), " \
45
- "#{outdated} outdated, #{deprecated} deprecated.")
61
+ print status_message(stats)
62
+ print Util::BashColor.cyan(' \\') if format == Enum::Format::MARKDOWN
63
+ puts
46
64
  total(technology, report, pkgs, ignored_pkgs)
65
+ elsif ignored_pkgs.any?
66
+ print status_message(stats)
67
+ print Util::BashColor.cyan(' \\') if format == Enum::Format::MARKDOWN
68
+ puts
69
+ puts Util::BashColor.green("There are no deprecated, outdated or vulnerable #{technology.capitalize} " \
70
+ "packages (#{ignored_pkgs.length} ignored)!\n")
47
71
  else
48
- puts Util::BashColor.green("There are no deprecated, outdated or vulnerable #{technology} packages!\n")
72
+ puts Util::BashColor.green("There are no deprecated, outdated or vulnerable #{technology.capitalize} " \
73
+ "packages!\n")
49
74
  end
50
75
  end
51
76
 
52
- def self.risk # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
53
- puts Util::BashColor.blue('1. Check if the package has a security vulnerability.')
54
- puts ' If yes, the following vulnerability -> risk mapping is used:'
55
- puts " - #{Util::BashColor.red('unknown')} vulnerability\t-> #{Util::BashColor.red('high')} risk"
56
- puts " - #{Util::BashColor.red('critical')} vulnerability\t-> #{Util::BashColor.red('high')} risk"
57
- puts " - #{Util::BashColor.red('high')} vulnerability\t-> #{Util::BashColor.red('high')} risk"
58
- puts " - #{Util::BashColor.orange('medium')} vulnerability\t-> #{Util::BashColor.orange('medium')} risk"
59
- puts " - #{Util::BashColor.orange('moderate')} vulnerability\t-> #{Util::BashColor.orange('medium')} risk" # rubocop:disable Layout/LineLength
60
- puts " - #{Util::BashColor.yellow('low')} vulnerability\t-> #{Util::BashColor.yellow('low')} risk"
61
-
62
- puts
63
-
64
- puts Util::BashColor.blue('2. Check the package for potential deprecation.')
65
- puts " If no new releases by author for at least #{Const::Time::YEARS_ELAPSED_TO_BE_OUTDATED} years:"
66
- puts " - assign the risk to\t-> #{Util::BashColor.orange('medium')} risk"
77
+ private_class_method def self.status_message(stats)
78
+ outdated_str = "#{stats[:outdated]} outdated" + outdated_details(stats)
79
+ deprecated_str = "#{stats[:deprecated]} deprecated" + deprecated_details(stats)
80
+ vulnerable_str = "#{stats[:vulnerable]} vulnerable" + vulnerability_details(stats)
67
81
 
68
- puts
69
-
70
- puts Util::BashColor.blue('3. Check if a newer version of the package is available.')
71
-
72
- puts ' If yes, assign risk as follows:'
73
- puts " - #{Util::BashColor.orange('major version')} mismatch\t-> #{Util::BashColor.orange('medium')} risk" # rubocop:disable Layout/LineLength
74
- puts " - #{Util::BashColor.yellow('minor version')} mismatch\t-> #{Util::BashColor.yellow('low')} risk"
75
- puts " - #{Util::BashColor.green('patch version')} mismatch\t-> #{Util::BashColor.yellow('low')} risk"
76
- puts " - #{Util::BashColor.green('build version')} mismatch\t-> #{Util::BashColor.yellow('low')} risk"
77
-
78
- puts
82
+ Util::BashColor.cyan("#{vulnerable_str}, #{outdated_str}, #{deprecated_str}.")
83
+ end
79
84
 
80
- puts Util::BashColor.blue('4. Take the highest risk from the first 3 steps.')
81
- puts ' If two risks match in severity, use the following precedence:'
82
- puts " - #{Util::BashColor.red('vulnerability')} > #{Util::BashColor.orange('deprecation')} > #{Util::BashColor.yellow('outdatedness')}" # rubocop:disable Layout/LineLength
85
+ private_class_method def self.deprecated_details(stats)
86
+ details = []
87
+ details << "#{stats[:deprecated_ignored]} ignored" if stats[:deprecated_ignored].positive?
88
+ details.any? ? " (#{details.join(', ')})" : ''
89
+ end
83
90
 
84
- puts
91
+ private_class_method def self.outdated_details(stats)
92
+ details = []
93
+ details << "#{stats[:outdated_ignored]} ignored" if stats[:outdated_ignored].positive?
94
+ details.any? ? " (#{details.join(', ')})" : ''
95
+ end
85
96
 
86
- puts Util::BashColor.blue('5. Check whether the package is used in production or not.')
87
- puts ' If a package is limited to a non-production group:'
88
- puts " - cap risk severity to\t -> #{Util::BashColor.yellow('low')} risk"
97
+ private_class_method def self.vulnerability_details(stats)
98
+ details = []
99
+ details << "#{stats[:vulnerabilities]} vulnerabilities" if stats[:vulnerabilities].positive?
100
+ details << "#{stats[:vulnerable_ignored]} ignored" if stats[:vulnerable_ignored].positive?
101
+ details.any? ? " (#{details.join(', ')})" : ''
89
102
  end
90
103
  end
91
104
  end
data/lib/package/audit/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Package
2
2
  module Audit
3
- VERSION = '0.5.1'
3
+ VERSION = '0.6.1'
4
4
  end
5
5
  end
metadata CHANGED
@@ -1,14 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: package-audit
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.5.1
4
+ version: 0.6.1
5
5
  platform: ruby
6
6
  authors:
7
- - Tactica Communications Inc.
8
- autorequire:
7
+ - Vadim Kononov
9
8
  bindir: exe
10
9
  cert_chain: []
11
- date: 2023-11-22 00:00:00.000000000 Z
10
+ date: 1980-01-02 00:00:00.000000000 Z
12
11
  dependencies:
13
12
  - !ruby/object:Gem::Dependency
14
13
  name: bundler-audit
@@ -41,7 +40,7 @@ dependencies:
41
40
  description: A useful tool for patch management and prioritization, package-audit
42
41
  produces a list of dependencies that are outdated, deprecated or have security vulnerabilities.
43
42
  email:
44
- - support@tactica.ca
43
+ - vadim@konoson.com
45
44
  executables:
46
45
  - package-audit
47
46
  extensions: []
@@ -54,6 +53,7 @@ files:
54
53
  - lib/package/audit/const/file.rb
55
54
  - lib/package/audit/const/time.rb
56
55
  - lib/package/audit/const/yaml.rb
56
+ - lib/package/audit/enum/format.rb
57
57
  - lib/package/audit/enum/group.rb
58
58
  - lib/package/audit/enum/option.rb
59
59
  - lib/package/audit/enum/report.rb
@@ -77,6 +77,7 @@ files:
77
77
  - lib/package/audit/ruby/gem_meta_data.rb
78
78
  - lib/package/audit/ruby/vulnerability_finder.rb
79
79
  - lib/package/audit/services/command_parser.rb
80
+ - lib/package/audit/services/config_cleaner.rb
80
81
  - lib/package/audit/services/duplicate_package_merger.rb
81
82
  - lib/package/audit/services/package_filter.rb
82
83
  - lib/package/audit/services/package_finder.rb
@@ -85,57 +86,17 @@ files:
85
86
  - lib/package/audit/technology/detector.rb
86
87
  - lib/package/audit/technology/validator.rb
87
88
  - lib/package/audit/util/bash_color.rb
89
+ - lib/package/audit/util/risk_legend.rb
88
90
  - lib/package/audit/util/spinner.rb
89
91
  - lib/package/audit/util/summary_printer.rb
90
92
  - lib/package/audit/version.rb
91
- - sig/package/audit/cli.rbs
92
- - sig/package/audit/const/cmd.rbs
93
- - sig/package/audit/const/fields.rbs
94
- - sig/package/audit/const/file.rbs
95
- - sig/package/audit/const/time.rbs
96
- - sig/package/audit/const/yaml.rbs
97
- - sig/package/audit/enum/group.rbs
98
- - sig/package/audit/enum/option.rbs
99
- - sig/package/audit/enum/report.rbs
100
- - sig/package/audit/enum/risk_explanation.rbs
101
- - sig/package/audit/enum/risk_type.rbs
102
- - sig/package/audit/enum/technology.rbs
103
- - sig/package/audit/enum/vulnerability_type.rbs
104
- - sig/package/audit/formatter/base.rbs
105
- - sig/package/audit/formatter/risk_printer.rbs
106
- - sig/package/audit/formatter/version_date.rbs
107
- - sig/package/audit/formatter/version_printer.rbs
108
- - sig/package/audit/formatter/vulnerability.rbs
109
- - sig/package/audit/models/package.rbs
110
- - sig/package/audit/models/risk.rbs
111
- - sig/package/audit/npm/node_collection.rbs
112
- - sig/package/audit/npm/npm_meta_data.rbs
113
- - sig/package/audit/npm/vulnerability_finder.rbs
114
- - sig/package/audit/npm/yarn_lock_parser.rbs
115
- - sig/package/audit/ruby/bundler_specs.rbs
116
- - sig/package/audit/ruby/gem_collection.rbs
117
- - sig/package/audit/ruby/gem_meta_data.rbs
118
- - sig/package/audit/ruby/vulnerability_finder.rbs
119
- - sig/package/audit/services/command_parser.rbs
120
- - sig/package/audit/services/duplicate_package_merger.rbs
121
- - sig/package/audit/services/package_filter.rbs
122
- - sig/package/audit/services/package_finder.rbs
123
- - sig/package/audit/services/package_printer.rbs
124
- - sig/package/audit/services/risk_calculator.rbs
125
- - sig/package/audit/technology/detector.rbs
126
- - sig/package/audit/technology/validator.rbs
127
- - sig/package/audit/util/bash_color.rbs
128
- - sig/package/audit/util/spinner.rbs
129
- - sig/package/audit/util/summary_printer.rbs
130
- - sig/package/audit/version.rbs
131
- homepage: https://github.com/tactica/package-audit
93
+ homepage: https://github.com/vkononov/package-audit
132
94
  licenses:
133
95
  - MIT
134
96
  metadata:
135
- homepage_uri: https://github.com/tactica/package-audit
136
- source_code_uri: https://github.com/tactica/package-audit
97
+ homepage_uri: https://github.com/vkononov/package-audit
98
+ source_code_uri: https://github.com/vkononov/package-audit
137
99
  rubygems_mfa_required: 'true'
138
- post_install_message:
139
100
  rdoc_options: []
140
101
  require_paths:
141
102
  - lib
@@ -143,15 +104,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
143
104
  requirements:
144
105
  - - ">="
145
106
  - !ruby/object:Gem::Version
146
- version: 2.7.0
107
+ version: 2.6.0
147
108
  required_rubygems_version: !ruby/object:Gem::Requirement
148
109
  requirements:
149
110
  - - ">="
150
111
  - !ruby/object:Gem::Version
151
112
  version: '0'
152
113
  requirements: []
153
- rubygems_version: 3.4.21
154
- signing_key:
114
+ rubygems_version: 3.6.7
155
115
  specification_version: 4
156
116
  summary: A helper tool to find outdated, deprecated and vulnerable dependencies.
157
117
  test_files: []
data/sig/package/audit/cli.rbs DELETED
@@ -1,33 +0,0 @@
1
- module Package
2
- module Audit
3
- class CLI
4
- def self.exit_on_failure?: -> bool
5
-
6
- def deprecated: (String) -> void
7
-
8
- def outdated: (String) -> void
9
-
10
- def report: (String) -> void
11
-
12
- def respond_to_missing?: -> bool
13
-
14
- def risk: -> void
15
-
16
- def version: -> void
17
-
18
- def vulnerable: (String) -> void
19
-
20
- private
21
-
22
- def exit_with_error: (String) -> void
23
-
24
- def exit_with_success: (String) -> void
25
-
26
- def print_total: (Integer) -> void
27
-
28
- def print_vulnerability_info: (String) -> void
29
-
30
- def within_rescue_block: (String) { () -> void } -> void
31
- end
32
- end
33
- end
data/sig/package/audit/const/cmd.rbs DELETED
@@ -1,14 +0,0 @@
1
- module Package
2
- module Audit
3
- module Const
4
- module Cmd
5
- BUNDLE_AUDIT: String
6
- BUNDLE_AUDIT_JSON: String
7
- NPM_AUDIT: String
8
- NPM_AUDIT_JSON: String
9
- YARN_AUDIT: String
10
- YARN_AUDIT_JSON: String
11
- end
12
- end
13
- end
14
- end
data/sig/package/audit/const/fields.rbs DELETED
@@ -1,11 +0,0 @@
1
- module Package
2
- module Audit
3
- module Const
4
- module Fields
5
- AVAILABLE: Array[Symbol]
6
- DEFAULT: Array[Symbol]
7
- HEADERS: Hash[Symbol, String]
8
- end
9
- end
10
- end
11
- end
data/sig/package/audit/const/file.rbs DELETED
@@ -1,14 +0,0 @@
1
- module Package
2
- module Audit
3
- module Const
4
- module File
5
- CONFIG: String
6
- GEMFILE: String
7
- GEMFILE_LOCK: String
8
- PACKAGE_JSON: String
9
- PACKAGE_LOCK_JSON: String
10
- YARN_LOCK: String
11
- end
12
- end
13
- end
14
- end
data/sig/package/audit/const/time.rbs DELETED
@@ -1,11 +0,0 @@
1
- module Package
2
- module Audit
3
- module Const
4
- module Time
5
- SECONDS_ELAPSED_TO_BE_OUTDATED: Integer
6
- SECONDS_PER_YEAR: Integer
7
- YEARS_ELAPSED_TO_BE_OUTDATED: Integer
8
- end
9
- end
10
- end
11
- end
data/sig/package/audit/const/yaml.rbs DELETED
@@ -1,13 +0,0 @@
1
- module Package
2
- module Audit
3
- module Const
4
- module YAML
5
- DEPRECATED: String
6
- OUTDATED: String
7
- TECHNOLOGY: String
8
- VERSION: String
9
- VULNERABLE: String
10
- end
11
- end
12
- end
13
- end
data/sig/package/audit/enum/group.rbs DELETED
@@ -1,15 +0,0 @@
1
- module Package
2
- module Audit
3
- module Enum
4
- module Group
5
- DEFAULT: String
6
- DEV: String
7
- PRODUCTION: String
8
- STAGING: String
9
- TEST: String
10
-
11
- def self.all: -> Array[String]
12
- end
13
- end
14
- end
15
- end
data/sig/package/audit/enum/option.rbs DELETED
@@ -1,14 +0,0 @@
1
- module Package
2
- module Audit
3
- module Enum
4
- module Option
5
- CONFIG: String
6
- CSV: String
7
- CSV_EXCLUDE_HEADERS: String
8
- GROUP: String
9
- INCLUDE_IGNORED: String
10
- TECHNOLOGY: String
11
- end
12
- end
13
- end
14
- end