package-audit 0.6.0 → 0.6.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f9f4f23e752d513ff8a35a325296edf1d2d0a99b200d3e64ae92ce00ce145ac1
-  data.tar.gz: 043a77af2e0a46688ba0964e6d595bfe3a50fecc59f73f4957c24ca0ad4c9cbe
+  metadata.gz: c4f817af73ba4616da54a934f0f6c4120d921e6026226c20a02c592c6b55e064
+  data.tar.gz: 818282a8f489ba8afd7b9675b78db96c3e2b9b18731415085ff44c25eaf07a77
 SHA512:
-  metadata.gz: 3ebd17673929a378540502f8757397bd37c1a86121fa99f691fb94b537b53f9eec5f7698be6076af0cc0aa7c163458eede4875316e6755a1a05e4a7b8e33e83b
-  data.tar.gz: 190255842a47fbf044d75703cf8263b177a91ed5a282c7d610cb99f27ad3fe194170b73ba09575afb6fc181b26f2d797fa11f4e9f481cb8f1619af581bd61f86
+  metadata.gz: 46267de0e991aaf0e1fdeb4f8c778cc2a59abf49f7d7a0849ae9731c9fb633ae8c958ac1865bf17aa98d50cd359e8e30d16975031f4dfd4fc1a7c2aacf6868fc
+  data.tar.gz: 65c6acb5e9e224f6736781f1db26eee0ec7772f220c87b8e8da1f2cecc872cfb667f78336314ad4b670000f849c60051087cdc9cda1b9e69ad11d896b717c471

data/lib/package/audit/npm/node_collection.rb

@@ -58,9 +58,26 @@ module Package
           package_json = JSON.parse(File.read("#{@dir}/#{Const::File::PACKAGE_JSON}"), symbolize_names: true)
           default_deps = package_json[:dependencies] || {}
           dev_deps = package_json[:devDependencies] || {}
+
+          # Filter out local dependencies before processing
+          default_deps = filter_local_dependencies(default_deps)
+          dev_deps = filter_local_dependencies(dev_deps)
+
           [default_deps, dev_deps]
         end
 
+        def filter_local_dependencies(dependencies)
+          dependencies.reject { |_name, version| local_dependency?(version) }
+        end
+
+        def local_dependency?(version)
+          # Check for local file paths
+          version.to_s.start_with?('file:', 'link:', './', '../') ||
+            version.to_s.include?('file:') ||
+            # Check for git repositories with local paths
+            (version.to_s.start_with?('git+') && version.to_s.include?('file:'))
+        end
+
         def fetch_from_lock_file
           default_deps, dev_deps = fetch_from_package_json
           if File.exist?("#{@dir}/#{Const::File::YARN_LOCK}")

data/lib/package/audit/npm/npm_meta_data.rb

@@ -1,5 +1,6 @@
 require 'json'
 require 'net/http'
+require 'socket'
 
 module Package
   module Audit
@@ -11,7 +12,7 @@ module Package
           @packages = packages
         end
 
-        def fetch # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
+        def fetch # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength
           threads = @packages.map do |package|
             Thread.new do
               response = Net::HTTP.get_response(URI.parse("#{REGISTRY_URL}/#{package.name}"))
@@ -20,14 +21,35 @@ module Package
 
               json_package = JSON.parse(response.body, symbolize_names: true)
               update_meta_data(package, json_package)
+            rescue Net::TimeoutError, Net::OpenTimeout, Net::ReadTimeout => e
+              warn "Warning: Network timeout while fetching metadata for #{package.name}: #{e.message}"
+              Thread.current[:exception] = e
+            rescue SocketError, Errno::ECONNREFUSED, Errno::EHOSTUNREACH => e
+              warn "Warning: Network error while fetching metadata for #{package.name}: #{e.message}"
+              Thread.current[:exception] = e
             rescue StandardError => e
               Thread.current[:exception] = e
             end
           end
+
+          network_errors = []
           threads.each do |thread|
             thread.join
-            raise thread[:exception] if thread[:exception]
+            next unless thread[:exception]
+
+            case thread[:exception]
+            when Net::TimeoutError, Net::OpenTimeout, Net::ReadTimeout, SocketError, Errno::ECONNREFUSED, Errno::EHOSTUNREACH # rubocop:disable Layout/LineLength
+              network_errors << thread[:exception]
+            else
+              raise thread[:exception]
+            end
+          end
+
+          unless network_errors.empty?
+            warn "Warning: #{network_errors.size} network error(s) occurred while fetching package metadata."
+            warn 'Some packages may not show complete version information.'
           end
+
           @packages
         end
 

data/lib/package/audit/npm/vulnerability_finder.rb

@@ -1,3 +1,5 @@
+require 'open3'
+
 require_relative '../const/cmd'
 require_relative '../enum/vulnerability_type'
 
@@ -14,7 +16,11 @@ module Package
         end
 
         def run
-          json_string_lines = `#{format(Const::Cmd::YARN_AUDIT_JSON, @dir)}`
+          # Suppress Node.js url.parse deprecation warnings from yarn audit command
+          command = format(Const::Cmd::YARN_AUDIT_JSON, @dir)
+          env_vars = { 'NODE_NO_WARNINGS' => '1' }
+
+          json_string_lines, = Open3.capture3(env_vars, command)
           array = json_string_lines.scan(AUDIT_ADVISORY_REGEX)
 
           vulnerability_json_array = JSON.parse("[#{array.join(',')}]", symbolize_names: true)

data/lib/package/audit/ruby/bundler_specs.rb

@@ -9,10 +9,11 @@ module Package
     module Ruby
       class BundlerSpecs
         def self.all(dir)
-          Bundler.with_unbundled_env do
+          specs = Bundler.with_unbundled_env do
             ENV['BUNDLE_GEMFILE'] = "#{dir}/Gemfile"
             Bundler.ui.silence { Bundler.definition.resolve }
           end
+          filter_local_dependencies(specs)
         end
 
         def self.gemfile(dir)
@@ -30,6 +31,19 @@ module Package
           end
           gemfile_specs
         end
+
+        def self.filter_local_dependencies(specs)
+          specs.reject { |spec| local_dependency?(spec) }
+        end
+
+        def self.local_dependency?(spec)
+          # Check if the gem has a local source (path or git with local path)
+          source = spec.source
+          return true if source.is_a?(Bundler::Source::Path)
+          return true if source.is_a?(Bundler::Source::Git) && source.uri.start_with?('file:', './', '../')
+
+          false
+        end
       end
     end
   end

data/lib/package/audit/services/command_parser.rb

@@ -6,6 +6,7 @@ require_relative '../technology/detector'
 require_relative '../technology/validator'
 require_relative '../util/spinner'
 require_relative '../util/summary_printer'
+require_relative 'config_cleaner'
 require_relative 'package_finder'
 require_relative 'package_printer'
 
@@ -13,7 +14,7 @@ require 'yaml'
 
 module Package
   module Audit
-    class CommandParser
+    class CommandParser # rubocop:disable Metrics/ClassLength
       def initialize(dir, options, report)
         @dir = dir
         @options = options
@@ -22,7 +23,7 @@ module Package
         @groups = @options[Enum::Option::GROUP]
         @technologies = parse_technologies!
         validate_format!
-        @spinner = Util::Spinner.new('Evaluating packages and their dependencies...')
+        @spinner = Util::Spinner.new("Evaluating packages and their dependencies for #{human_readable_technologies}...")
       end
 
       def run
@@ -42,6 +43,7 @@ module Package
       def process_technologies # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity
         mutex = Mutex.new
         cumulative_pkgs = []
+        all_packages_for_config = []
         thread_index = 0
 
         @spinner.start
@@ -49,11 +51,14 @@ module Package
           Thread.new do
             all_pkgs, ignored_pkgs = PackageFinder.new(@config, @dir, @report, @groups).run(technology)
             ignored_pkgs = [] if @options[Enum::Option::INCLUDE_IGNORED]
-            cumulative_pkgs += (all_pkgs || []) - (ignored_pkgs || [])
+            active_pkgs = (all_pkgs || []) - (ignored_pkgs || [])
+            cumulative_pkgs += active_pkgs
+            mutex.synchronize { all_packages_for_config += all_pkgs || [] }
+
             sleep 0.1 while technology_index != thread_index # print each technology in order
             mutex.synchronize do
               @spinner.stop
-              print_results(technology, (all_pkgs || []) - (ignored_pkgs || []), ignored_pkgs || [])
+              print_results(technology, active_pkgs, ignored_pkgs || [])
               thread_index += 1
               @spinner.start
             end
@@ -65,6 +70,10 @@ module Package
           thread.join
           raise thread[:exception] if thread[:exception]
         end
+
+        @spinner.stop # Stop spinner before cleaning config to ensure clean output
+        clean_config(all_packages_for_config)
+
         cumulative_pkgs.any? ? 1 : 0
       ensure
         @spinner.stop
@@ -73,7 +82,7 @@ module Package
       def print_results(technology, pkgs, ignored_pkgs)
         PackagePrinter.new(@options, pkgs).print(Const::Fields::DEFAULT)
         print_summary(technology, pkgs, ignored_pkgs) unless @options[Enum::Option::FORMAT] == Enum::Format::CSV
-        print_disclaimer(technology) unless @options[Enum::Option::FORMAT] == Enum::Format::CSV || pkgs.empty?
+        print_disclaimer(technology) unless @options[Enum::Option::FORMAT] || pkgs.empty?
       end
 
       def print_summary(technology, pkgs, ignored_pkgs)
@@ -123,7 +132,20 @@ module Package
       def parse_technologies!
         technology_validator = Technology::Validator.new(@dir)
         @options[Enum::Option::TECHNOLOGY]&.each { |technology| technology_validator.validate! technology }
-        @options[Enum::Option::TECHNOLOGY] || Technology::Detector.new(@dir).detect
+        (@options[Enum::Option::TECHNOLOGY] || Technology::Detector.new(@dir).detect).sort
+      end
+
+      def clean_config(all_packages)
+        ConfigCleaner.new(@dir, @config, all_packages, @options).run
+      end
+
+      def human_readable_technologies
+        array = @technologies.map(&:capitalize)
+        return '' if array.nil?
+        return array.join if array.size <= 1
+        return array.join(' and ') if array.size == 2
+
+        "#{array[0..-2].join(', ')}, and #{array.last}"
       end
     end
   end

data/lib/package/audit/services/config_cleaner.rb

@@ -0,0 +1,221 @@
+require_relative '../const/file'
+require_relative '../const/yaml'
+require_relative '../enum/option'
+require_relative '../enum/technology'
+
+require 'yaml'
+require 'json'
+
+module Package
+  module Audit
+    class ConfigCleaner # rubocop:disable Metrics/ClassLength
+      def initialize(dir, config, all_packages, options)
+        @dir = dir
+        @config = config
+        @all_packages = all_packages
+        @options = options
+        @config_file_path = determine_config_file_path
+        @removed_packages = []
+      end
+
+      def run
+        return unless @config && File.exist?(@config_file_path)
+
+        cleaned_config = clean_config
+
+        return unless config_changed?(cleaned_config)
+
+        write_config_file(cleaned_config)
+        print_summary unless @options[Enum::Option::FORMAT]
+      end
+
+      attr_reader :removed_packages
+
+      private
+
+      def determine_config_file_path
+        if @options[Enum::Option::CONFIG].nil?
+          "#{@dir}/#{Const::File::CONFIG}"
+        else
+          @options[Enum::Option::CONFIG]
+        end
+      end
+
+      def clean_config
+        return {} unless @config
+
+        cleaned = {}
+
+        if @config[Const::YAML::TECHNOLOGY]
+          cleaned[Const::YAML::TECHNOLOGY] = {}
+
+          # Sort technologies alphabetically to ensure consistent ordering
+          @config[Const::YAML::TECHNOLOGY].sort.each do |technology, packages|
+            cleaned_packages = clean_packages_for_technology(technology, packages)
+            cleaned[Const::YAML::TECHNOLOGY][technology] = cleaned_packages unless cleaned_packages.empty?
+          end
+
+          # Remove the technology key if no technologies have any packages
+          cleaned.delete(Const::YAML::TECHNOLOGY) if cleaned[Const::YAML::TECHNOLOGY].empty?
+        end
+
+        cleaned
+      end
+
+      def clean_packages_for_technology(technology, packages)
+        return {} unless packages.is_a?(Hash)
+
+        current_packages = current_packages_for_technology(technology)
+        cleaned_packages = {}
+
+        packages.each do |package_name, package_config|
+          next unless package_config.is_a?(Hash)
+
+          if should_keep_package?(package_name, package_config, current_packages)
+            cleaned_packages[package_name] = sort_package_config(package_config)
+          else
+            track_removed_package(technology, package_name, package_config)
+          end
+        end
+
+        # Sort package names alphabetically
+        cleaned_packages.sort.to_h
+      end
+
+      def current_packages_for_technology(technology)
+        @all_packages.select { |pkg| pkg.technology == technology }
+                     .to_h { |pkg| [pkg.name, pkg.version] }
+      end
+
+      def should_keep_package?(package_name, package_config, current_packages)
+        config_version = package_config[Const::YAML::VERSION]
+        current_version = current_packages[package_name]
+
+        # Keep the package if it exists and the version matches
+        current_version && config_version == current_version
+      end
+
+      def sort_package_config(package_config)
+        sorted_config = {}
+
+        # Add version first if it exists
+        if package_config[Const::YAML::VERSION]
+          sorted_config[Const::YAML::VERSION] =
+            package_config[Const::YAML::VERSION]
+        end
+
+        # Add other keys in alphabetical order
+        other_keys = (package_config.keys - [Const::YAML::VERSION]).sort
+        other_keys.each do |key|
+          sorted_config[key] = package_config[key]
+        end
+
+        sorted_config
+      end
+
+      def track_removed_package(technology, package_name, package_config)
+        @removed_packages << {
+          technology: technology,
+          name: package_name,
+          version: package_config[Const::YAML::VERSION],
+          reason: determine_removal_reason(package_name, package_config)
+        }
+      end
+
+      def determine_removal_reason(package_name, package_config)
+        technology = find_technology_for_package(package_name)
+        return 'unknown reason' unless technology
+
+        current_packages = current_packages_for_technology(technology)
+        config_version = package_config[Const::YAML::VERSION]
+        current_version = current_packages[package_name]
+
+        determine_reason_based_on_versions(package_name, technology, config_version, current_version)
+      end
+
+      def find_technology_for_package(package_name)
+        @config[Const::YAML::TECHNOLOGY].each do |tech, packages|
+          return tech if packages.key?(package_name)
+        end
+        nil
+      end
+
+      def determine_reason_based_on_versions(package_name, technology, config_version, current_version)
+        if current_version.nil?
+          determine_reason_for_missing_package(package_name, technology)
+        elsif config_version != current_version
+          "version changed from #{config_version} to #{current_version}"
+        else
+          'unknown reason'
+        end
+      end
+
+      def determine_reason_for_missing_package(package_name, technology)
+        if package_exists_in_project_files?(package_name, technology)
+          'package version has changed'
+        else
+          'package no longer exists'
+        end
+      end
+
+      def package_exists_in_project_files?(package_name, technology)
+        case technology
+        when Enum::Technology::RUBY
+          package_exists_in_gemfile?(package_name)
+        when Enum::Technology::NODE
+          package_exists_in_package_json?(package_name)
+        else
+          false
+        end
+      end
+
+      def package_exists_in_gemfile?(package_name)
+        gemfile_path = "#{@dir}/#{Const::File::GEMFILE}"
+        return false unless File.exist?(gemfile_path)
+
+        gemfile_content = File.read(gemfile_path)
+        # Check for gem declarations with single or double quotes
+        gemfile_content.match?(/^\s*gem\s+['"]#{Regexp.escape(package_name)}['"]/)
+      end
+
+      def package_exists_in_package_json?(package_name)
+        package_json_path = "#{@dir}/#{Const::File::PACKAGE_JSON}"
+        return false unless File.exist?(package_json_path)
+
+        begin
+          package_json = JSON.parse(File.read(package_json_path))
+          dependencies = package_json['dependencies'] || {}
+          dev_dependencies = package_json['devDependencies'] || {}
+
+          dependencies.key?(package_name) || dev_dependencies.key?(package_name)
+        rescue JSON::ParserError
+          false
+        end
+      end
+
+      def config_changed?(cleaned_config)
+        # Compare YAML representations to detect key reordering
+        cleaned_config.to_yaml != @config.to_yaml
+      end
+
+      def write_config_file(cleaned_config)
+        File.write(@config_file_path, cleaned_config.to_yaml)
+      end
+
+      def print_summary
+        return if @removed_packages.empty?
+
+        puts
+        puts "Cleaned up #{@removed_packages.count} package(s) from #{File.basename(@config_file_path)}:"
+
+        # Sort by technology then by name for consistent output
+        @removed_packages.sort_by { |pkg| [pkg[:technology], pkg[:name]] }.each do |removed_package|
+          package_info = "#{removed_package[:name]}@#{removed_package[:version]}"
+          tech_info = "(#{removed_package[:technology]})"
+          reason = removed_package[:reason]
+          puts "  - #{package_info} #{tech_info}: #{reason}"
+        end
+      end
+    end
+  end
+end

data/lib/package/audit/util/spinner.rb

@@ -19,7 +19,7 @@ module Package
           @thread = Thread.new do
             step = 0
             while @running
-              if @running && (ENV['RUBY_ENV'] != 'test' && ENV['RACK_ENV'] != 'test')
+              if @running && ENV['RUBY_ENV'] != 'test' && ENV['RACK_ENV'] != 'test'
                 print "\r#{@message} #{STATES[step % STATES.length]}"
               end
               sleep ANIMATION_SPEED

data/lib/package/audit/util/summary_printer.rb

@@ -18,18 +18,18 @@ module Package
 
         def self.vulnerable(technology, cmd)
           printf("%<info>s\n%<cmd>s\n\n",
-                 info: Util::BashColor.blue("To get more information about the #{technology} vulnerabilities run:"),
+                 info: Util::BashColor.blue("For more information about #{technology.capitalize} vulnerabilities run:"),
                  cmd: Util::BashColor.magenta(" > #{cmd}"))
         end
 
         def self.total(technology, report, pkgs, ignored_pkgs)
           if ignored_pkgs.any?
-            puts Util::BashColor.cyan("Found a total of #{pkgs.length} #{technology} packages " \
+            puts Util::BashColor.cyan("Found a total of #{pkgs.length} #{technology.capitalize} packages " \
                                       "(#{ignored_pkgs.length} ignored).\n")
           elsif pkgs.any?
-            puts Util::BashColor.cyan("Found a total of #{pkgs.length} #{technology} packages.\n")
+            puts Util::BashColor.cyan("Found a total of #{pkgs.length} #{technology.capitalize} packages.\n")
           else
-            puts Util::BashColor.green("There are no #{report} #{technology} packages!\n")
+            puts Util::BashColor.green("There are no #{report} #{technology.capitalize} packages!\n")
           end
         end
 
@@ -66,10 +66,11 @@ module Package
             print status_message(stats)
             print Util::BashColor.cyan(' \\') if format == Enum::Format::MARKDOWN
             puts
-            puts Util::BashColor.green("There are no deprecated, outdated or vulnerable #{technology} " \
+            puts Util::BashColor.green("There are no deprecated, outdated or vulnerable #{technology.capitalize} " \
                                        "packages (#{ignored_pkgs.length} ignored)!\n")
           else
-            puts Util::BashColor.green("There are no deprecated, outdated or vulnerable #{technology} packages!\n")
+            puts Util::BashColor.green("There are no deprecated, outdated or vulnerable #{technology.capitalize} " \
+                                       "packages!\n")
           end
         end
 

data/lib/package/audit/version.rb

@@ -1,5 +1,5 @@
 module Package
   module Audit
-    VERSION = '0.6.0'
+    VERSION = '0.6.1'
   end
 end

metadata

@@ -1,14 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: package-audit
 version: !ruby/object:Gem::Version
-  version: 0.6.0
+  version: 0.6.1
 platform: ruby
 authors:
-- Tactica Communications Inc.
-autorequire:
+- Vadim Kononov
 bindir: exe
 cert_chain: []
-date: 2024-02-03 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler-audit
@@ -41,7 +40,7 @@ dependencies:
 description: A useful tool for patch management and prioritization, package-audit
   produces a list of dependencies that are outdated, deprecated or have security vulnerabilities.
 email:
-- support@tactica.ca
+- vadim@konoson.com
 executables:
 - package-audit
 extensions: []
@@ -78,6 +77,7 @@ files:
 - lib/package/audit/ruby/gem_meta_data.rb
 - lib/package/audit/ruby/vulnerability_finder.rb
 - lib/package/audit/services/command_parser.rb
+- lib/package/audit/services/config_cleaner.rb
 - lib/package/audit/services/duplicate_package_merger.rb
 - lib/package/audit/services/package_filter.rb
 - lib/package/audit/services/package_finder.rb
@@ -90,56 +90,13 @@ files:
 - lib/package/audit/util/spinner.rb
 - lib/package/audit/util/summary_printer.rb
 - lib/package/audit/version.rb
-- sig/package/audit/cli.rbs
-- sig/package/audit/const/cmd.rbs
-- sig/package/audit/const/fields.rbs
-- sig/package/audit/const/file.rbs
-- sig/package/audit/const/time.rbs
-- sig/package/audit/const/yaml.rbs
-- sig/package/audit/enum/format.rbs
-- sig/package/audit/enum/group.rbs
-- sig/package/audit/enum/option.rbs
-- sig/package/audit/enum/report.rbs
-- sig/package/audit/enum/risk_explanation.rbs
-- sig/package/audit/enum/risk_type.rbs
-- sig/package/audit/enum/technology.rbs
-- sig/package/audit/enum/vulnerability_type.rbs
-- sig/package/audit/formatter/base.rbs
-- sig/package/audit/formatter/risk_printer.rbs
-- sig/package/audit/formatter/version_date.rbs
-- sig/package/audit/formatter/version_printer.rbs
-- sig/package/audit/formatter/vulnerability.rbs
-- sig/package/audit/models/package.rbs
-- sig/package/audit/models/risk.rbs
-- sig/package/audit/npm/node_collection.rbs
-- sig/package/audit/npm/npm_meta_data.rbs
-- sig/package/audit/npm/vulnerability_finder.rbs
-- sig/package/audit/npm/yarn_lock_parser.rbs
-- sig/package/audit/ruby/bundler_specs.rbs
-- sig/package/audit/ruby/gem_collection.rbs
-- sig/package/audit/ruby/gem_meta_data.rbs
-- sig/package/audit/ruby/vulnerability_finder.rbs
-- sig/package/audit/services/command_parser.rbs
-- sig/package/audit/services/duplicate_package_merger.rbs
-- sig/package/audit/services/package_filter.rbs
-- sig/package/audit/services/package_finder.rbs
-- sig/package/audit/services/package_printer.rbs
-- sig/package/audit/services/risk_calculator.rbs
-- sig/package/audit/technology/detector.rbs
-- sig/package/audit/technology/validator.rbs
-- sig/package/audit/util/bash_color.rbs
-- sig/package/audit/util/risk_legend.rbs
-- sig/package/audit/util/spinner.rbs
-- sig/package/audit/util/summary_printer.rbs
-- sig/package/audit/version.rbs
-homepage: https://github.com/tactica/package-audit
+homepage: https://github.com/vkononov/package-audit
 licenses:
 - MIT
 metadata:
-  homepage_uri: https://github.com/tactica/package-audit
-  source_code_uri: https://github.com/tactica/package-audit
+  homepage_uri: https://github.com/vkononov/package-audit
+  source_code_uri: https://github.com/vkononov/package-audit
   rubygems_mfa_required: 'true'
-post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -154,8 +111,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.22
-signing_key:
+rubygems_version: 3.6.7
 specification_version: 4
 summary: A helper tool to find outdated, deprecated and vulnerable dependencies.
 test_files: []

data/sig/package/audit/cli.rbs

@@ -1,35 +0,0 @@
-module Package
-  module Audit
-    class CLI
-      def self.exit_on_failure?: -> bool
-
-      def default: (String) -> void
-
-      def deprecated: (String) -> void
-
-      def outdated: (String) -> void
-
-      def report: (String) -> void
-
-      def respond_to_missing?: -> bool
-
-      def risk: -> void
-
-      def version: -> void
-
-      def vulnerable: (String) -> void
-
-      private
-
-      def exit_with_error: (String) -> void
-
-      def exit_with_success: (String) -> void
-
-      def print_total: (Integer) -> void
-
-      def print_vulnerability_info: (String) -> void
-
-      def within_rescue_block: (String) { () -> void } -> void
-    end
-  end
-end

data/sig/package/audit/const/cmd.rbs

@@ -1,14 +0,0 @@
-module Package
-  module Audit
-    module Const
-      module Cmd
-        BUNDLE_AUDIT: String
-        BUNDLE_AUDIT_JSON: String
-        NPM_AUDIT: String
-        NPM_AUDIT_JSON: String
-        YARN_AUDIT: String
-        YARN_AUDIT_JSON: String
-      end
-    end
-  end
-end

data/sig/package/audit/const/fields.rbs

@@ -1,11 +0,0 @@
-module Package
-  module Audit
-    module Const
-      module Fields
-        AVAILABLE: Array[Symbol]
-        DEFAULT: Array[Symbol]
-        HEADERS: Hash[Symbol, String]
-      end
-    end
-  end
-end