package-audit 0.5.0 → 0.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (16) hide show
  1. checksums.yaml +4 -4
  2. data/lib/package/audit/cli.rb +3 -3
  3. data/lib/package/audit/enum/{environment.rb → group.rb} +2 -2
  4. data/lib/package/audit/enum/option.rb +1 -1
  5. data/lib/package/audit/models/package.rb +1 -1
  6. data/lib/package/audit/npm/yarn_lock_parser.rb +3 -3
  7. data/lib/package/audit/services/command_parser.rb +2 -13
  8. data/lib/package/audit/services/package_finder.rb +10 -7
  9. data/lib/package/audit/services/risk_calculator.rb +2 -2
  10. data/lib/package/audit/util/summary_printer.rb +1 -1
  11. data/lib/package/audit/version.rb +1 -1
  12. data/sig/package/audit/enum/{environment.rbs → group.rbs} +1 -1
  13. data/sig/package/audit/enum/option.rbs +1 -1
  14. data/sig/package/audit/services/command_parser.rbs +1 -3
  15. data/sig/package/audit/services/package_finder.rbs +2 -2
  16. metadata +5 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4c2f009e294663828a3055ac8b8facb3106251875a240f9abf74754747102cef
4
- data.tar.gz: 0a11812a839205caa7793c5b34baf31006438b020e9f535ffe1fd5b3ee0333ab
3
+ metadata.gz: 3987dbcffb0bef510d5897ad47ec79aa5ba65572c62d1a78003496a44264ca7e
4
+ data.tar.gz: f2608608cee05dde5a409e9dc6a4c885b208ee7d52cc7d6e745e0d3ccf37d7b7
5
5
  SHA512:
6
- metadata.gz: 7e7a294008ddcb510e8335193ac013447c38b27a71f440325ae2221f5bd0dea29bf714a88e6089b451d50c64f24964da04215c5e54c74c0729fa37a3f277d44b
7
- data.tar.gz: 29bb2f4dbef1bb9a6c38eb7d4b17c9aa299f943916765d05a02b14b8f48a0e8ce212bc834e4657285b99d9ba0eb33c80df479e907b673f13fa6834c098e8649e
6
+ metadata.gz: baa304f965258c639f7e4bee858da18ddd74bfb83926a66d95ce43367ac5bfcf363e4847dd56c98ed649cda9d7143cbb44bb2015d1c7dc263b73f8942538011e
7
+ data.tar.gz: a5adfb16e863dacea34dc1d1ca8e4962e76ab984f766d86073f2a5bcfceea9923d2c048ae11487e8a0644d9420025a6dba61f57dede9b6faaf74cd82954f5f52
data/lib/package/audit/cli.rb CHANGED
@@ -15,9 +15,9 @@ module Package
15
15
  class_option Enum::Option::CONFIG,
16
16
  aliases: '-c', banner: 'FILE',
17
17
  desc: "Path to a custom configuration file, default: #{Const::File::CONFIG})"
18
- class_option Enum::Option::ENVIRONMENT,
19
- aliases: '-e', repeatable: true,
20
- desc: 'Environment to be audited (repeat this flag for each environment)'
18
+ class_option Enum::Option::GROUP,
19
+ aliases: '-g', repeatable: true,
20
+ desc: 'Group to be audited (repeat this flag for each group)'
21
21
  class_option Enum::Option::TECHNOLOGY,
22
22
  aliases: '-t', repeatable: true,
23
23
  desc: 'Technology to be audited (repeat this flag for each technology)'
data/lib/package/audit/enum/{environment.rb → group.rb} RENAMED
@@ -1,7 +1,7 @@
1
1
  module Package
2
2
  module Audit
3
3
  module Enum
4
- module Environment
4
+ module Group
5
5
  DEV = 'development'
6
6
  TEST = 'test'
7
7
  STAGING = 'staging'
@@ -9,7 +9,7 @@ module Package
9
9
  DEFAULT = 'default'
10
10
 
11
11
  def self.all
12
- constants.map { |key| Enum::Environment.const_get(key) }.sort
12
+ constants.map { |key| Enum::Group.const_get(key) }.sort
13
13
  end
14
14
  end
15
15
  end
data/lib/package/audit/enum/option.rb CHANGED
@@ -5,7 +5,7 @@ module Package
5
5
  CONFIG = 'config'
6
6
  CSV = 'csv'
7
7
  CSV_EXCLUDE_HEADERS = 'exclude-headers'
8
- ENVIRONMENT = 'environment'
8
+ GROUP = 'group'
9
9
  INCLUDE_IGNORED = 'include-ignored'
10
10
  TECHNOLOGY = 'technology'
11
11
  end
data/lib/package/audit/models/package.rb CHANGED
@@ -1,4 +1,4 @@
1
- require_relative '../enum/environment'
1
+ require_relative '../enum/group'
2
2
  require_relative '../enum/risk_explanation'
3
3
  require_relative '../enum/risk_type'
4
4
  require_relative '../services/risk_calculator'
data/lib/package/audit/npm/yarn_lock_parser.rb CHANGED
@@ -1,4 +1,4 @@
1
- require_relative '../enum/environment'
1
+ require_relative '../enum/group'
2
2
 
3
3
  module Package
4
4
  module Audit
@@ -16,9 +16,9 @@ module Package
16
16
  version = fetch_package_version(dep_name, pkg_block)
17
17
  pks = Package.new(dep_name.to_s, version, 'node')
18
18
  pks.update groups: if dev_deps.key?(dep_name)
19
- [Enum::Environment::DEV]
19
+ [Enum::Group::DEV]
20
20
  else
21
- [Enum::Environment::DEFAULT, Enum::Environment::DEV]
21
+ [Enum::Group::DEFAULT, Enum::Group::DEV]
22
22
  end
23
23
  pkgs << pks
24
24
  end
data/lib/package/audit/services/command_parser.rb CHANGED
@@ -19,7 +19,7 @@ module Package
19
19
  @options = options
20
20
  @report = report
21
21
  @config = parse_config_file
22
- @environments = parse_environments
22
+ @groups = @options[Enum::Option::GROUP]
23
23
  @technologies = parse_technologies
24
24
  @spinner = Util::Spinner.new('Evaluating packages and their dependencies...')
25
25
  end
@@ -32,7 +32,7 @@ module Package
32
32
  @spinner.start
33
33
  threads = @technologies.map.with_index do |technology, technology_index|
34
34
  Thread.new do
35
- all_pkgs, ignored_pkgs = PackageFinder.new(@config, @dir, @report, @environments).run(technology)
35
+ all_pkgs, ignored_pkgs = PackageFinder.new(@config, @dir, @report, @groups).run(technology)
36
36
  ignored_pkgs = [] if @options[Enum::Option::INCLUDE_IGNORED]
37
37
  cumulative_pkgs += all_pkgs || []
38
38
  sleep 0.1 while technology_index != thread_index # print each technology in order
@@ -101,17 +101,6 @@ module Package
101
101
  end
102
102
  end
103
103
 
104
- def parse_environments
105
- unsupported_technologies = (@options[Enum::Option::ENVIRONMENT] || []) - Enum::Environment.all
106
-
107
- if unsupported_technologies.any?
108
- raise ArgumentError, "#{unsupported_technologies} is not valid list of environments, " \
109
- "use one of #{Enum::Environment.all}"
110
- end
111
-
112
- (@options[Enum::Option::ENVIRONMENT] || Enum::Environment.all) | [Enum::Environment::DEFAULT]
113
- end
114
-
115
104
  def parse_technologies
116
105
  technology_validator = Technology::Validator.new(@dir)
117
106
  @options[Enum::Option::TECHNOLOGY]&.each { |technology| technology_validator.validate! technology }
data/lib/package/audit/services/package_finder.rb CHANGED
@@ -11,17 +11,17 @@ require 'yaml'
11
11
  module Package
12
12
  module Audit
13
13
  class PackageFinder
14
- def initialize(config, dir, report, environments)
14
+ def initialize(config, dir, report, groups)
15
15
  @config = config
16
16
  @dir = dir
17
17
  @report = report
18
- @environments = environments
18
+ @groups = groups
19
19
  end
20
20
 
21
21
  def run(technology)
22
22
  all_pkgs = find_by_technology(technology)
23
- ignored_by_environment_pkgs = filter_pkgs_based_on_environment(all_pkgs)
24
- active_pkgs = all_pkgs - ignored_by_environment_pkgs
23
+ ignored_by_group_pkgs = filter_pkgs_based_on_group(all_pkgs)
24
+ active_pkgs = all_pkgs - ignored_by_group_pkgs
25
25
  ignored_by_config_pkgs = filter_pkgs_based_on_config(active_pkgs)
26
26
  [active_pkgs, ignored_by_config_pkgs]
27
27
  end
@@ -57,12 +57,15 @@ module Package
57
57
  ignored_pkgs
58
58
  end
59
59
 
60
- def filter_pkgs_based_on_environment(pkgs)
60
+ def filter_pkgs_based_on_group(pkgs)
61
61
  ignored_pkgs = []
62
62
 
63
- pkgs.each do |pkg|
64
- ignored_pkgs << pkg unless (pkg.groups & @environments).any?
63
+ unless @groups.nil?
64
+ pkgs.each do |pkg|
65
+ ignored_pkgs << pkg unless (pkg.groups & (@groups | [Enum::Group::DEFAULT])).any?
66
+ end
65
67
  end
68
+
66
69
  ignored_pkgs
67
70
  end
68
71
  end
data/lib/package/audit/services/risk_calculator.rb CHANGED
@@ -76,8 +76,8 @@ module Package
76
76
  end
77
77
 
78
78
  def production_dependency?
79
- @pkg.groups.none? || (@pkg.groups & [Enum::Environment::DEFAULT,
80
- Enum::Environment::PRODUCTION]).any?
79
+ @pkg.groups.none? || (@pkg.groups & [Enum::Group::DEFAULT,
80
+ Enum::Group::PRODUCTION]).any?
81
81
  end
82
82
  end
83
83
  end
data/lib/package/audit/util/summary_printer.rb CHANGED
@@ -84,7 +84,7 @@ module Package
84
84
  puts
85
85
 
86
86
  puts Util::BashColor.blue('5. Check whether the package is used in production or not.')
87
- puts ' If a package is limited to a non-production environment:'
87
+ puts ' If a package is limited to a non-production group:'
88
88
  puts " - cap risk severity to\t -> #{Util::BashColor.yellow('low')} risk"
89
89
  end
90
90
  end
data/lib/package/audit/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Package
2
2
  module Audit
3
- VERSION = '0.5.0'
3
+ VERSION = '0.5.1'
4
4
  end
5
5
  end
data/sig/package/audit/enum/{environment.rbs → group.rbs} RENAMED
@@ -1,7 +1,7 @@
1
1
  module Package
2
2
  module Audit
3
3
  module Enum
4
- module Environment
4
+ module Group
5
5
  DEFAULT: String
6
6
  DEV: String
7
7
  PRODUCTION: String
data/sig/package/audit/enum/option.rbs CHANGED
@@ -5,7 +5,7 @@ module Package
5
5
  CONFIG: String
6
6
  CSV: String
7
7
  CSV_EXCLUDE_HEADERS: String
8
- ENVIRONMENT: String
8
+ GROUP: String
9
9
  INCLUDE_IGNORED: String
10
10
  TECHNOLOGY: String
11
11
  end
data/sig/package/audit/services/command_parser.rbs CHANGED
@@ -3,7 +3,7 @@ module Package
3
3
  class CommandParser
4
4
  @config: Hash[String, untyped]?
5
5
  @dir: String
6
- @environments: Array[String]
6
+ @groups: Array[String]
7
7
  @spinner: Util::Spinner
8
8
  @options: Hash[String, untyped]
9
9
  @report: Symbol
@@ -19,8 +19,6 @@ module Package
19
19
 
20
20
  def parse_config_file: -> Hash[String, untyped]?
21
21
 
22
- def parse_environments: -> Array[String]
23
-
24
22
  def parse_technologies: -> Array[String]
25
23
 
26
24
  def print_disclaimer: (String) -> void
data/sig/package/audit/services/package_finder.rbs CHANGED
@@ -4,7 +4,7 @@ module Package
4
4
  @config: Hash[String, untyped]?
5
5
  @dir: String
6
6
  @report: Symbol
7
- @environments: Array[String]
7
+ @groups: Array[String]
8
8
 
9
9
  def initialize: (Hash[String, untyped]?, String, Symbol, Array[String]) -> void
10
10
 
@@ -14,7 +14,7 @@ module Package
14
14
 
15
15
  def filter_pkgs_based_on_config: (Array[Package]) -> Array[Package]
16
16
 
17
- def filter_pkgs_based_on_environment: (Array[Package]) -> Array[Package]
17
+ def filter_pkgs_based_on_group: (Array[Package]) -> Array[Package]
18
18
 
19
19
  def find_by_technology: (String) -> Array[Package]
20
20
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: package-audit
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.5.0
4
+ version: 0.5.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tactica Communications Inc.
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2023-11-16 00:00:00.000000000 Z
11
+ date: 2023-11-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler-audit
@@ -54,7 +54,7 @@ files:
54
54
  - lib/package/audit/const/file.rb
55
55
  - lib/package/audit/const/time.rb
56
56
  - lib/package/audit/const/yaml.rb
57
- - lib/package/audit/enum/environment.rb
57
+ - lib/package/audit/enum/group.rb
58
58
  - lib/package/audit/enum/option.rb
59
59
  - lib/package/audit/enum/report.rb
60
60
  - lib/package/audit/enum/risk_explanation.rb
@@ -94,7 +94,7 @@ files:
94
94
  - sig/package/audit/const/file.rbs
95
95
  - sig/package/audit/const/time.rbs
96
96
  - sig/package/audit/const/yaml.rbs
97
- - sig/package/audit/enum/environment.rbs
97
+ - sig/package/audit/enum/group.rbs
98
98
  - sig/package/audit/enum/option.rbs
99
99
  - sig/package/audit/enum/report.rbs
100
100
  - sig/package/audit/enum/risk_explanation.rbs
@@ -150,7 +150,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
150
150
  - !ruby/object:Gem::Version
151
151
  version: '0'
152
152
  requirements: []
153
- rubygems_version: 3.4.22
153
+ rubygems_version: 3.4.21
154
154
  signing_key:
155
155
  specification_version: 4
156
156
  summary: A helper tool to find outdated, deprecated and vulnerable dependencies.