package-audit 0.8.0 → 0.8.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/lib/package/audit/npm/node_collection.rb +4 -2
  3. data/lib/package/audit/ruby/gem_collection.rb +4 -2
  4. data/lib/package/audit/services/command_parser.rb +36 -6
  5. data/lib/package/audit/services/package_printer.rb +0 -3
  6. data/lib/package/audit/util/summary_printer.rb +22 -16
  7. data/lib/package/audit/version.rb +1 -1
  8. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 7305fff5b318e2831908713c3d49b984787b99baaca769115339518297dee6e4
4
- data.tar.gz: 6db0ad1ecece32ddc3b93ea89fc9366b1fba59861e925d9e6955708173f3f32d
3
+ metadata.gz: d613e9a49c48ae22ef6e156b7f6a6ba1f2ebe8172e30589cc2eabbb5530bfdc1
4
+ data.tar.gz: aad9e813b4e6d2b73f15b19626fbc70631312d8965823a27d44cceef4c5115aa
5
5
  SHA512:
6
- metadata.gz: 32b8c325d2f938ead2ab5ab8ab190ac94f4591667cbf0eaf884258b64e8ac06dc9a367ca7ecefab5a8688e1713378543ae5834ce6a8dbdab6874fdccded4b528
7
- data.tar.gz: ca7e0687952bd9bcb7708b159e2551ad6cfa84bec8636eb05e954cb5763bb714d407ef190651ef764756f2a333c83e33b694a52e07dbff633019ba2f1d5a5563
6
+ metadata.gz: e6b3406928eb792637f7fbf5de5745a83ae1ce7181febc24d95882c6e38281002bcb953b3f727e18cf983606285f4df428aa36c203ed874a9d919c47c53dad9f
7
+ data.tar.gz: c6abc41931c2c26b91443474262353b35a0c64b0d2372258fec255f4f9569c127c3e48a172a219ec1fbd5a71fb7d4e3f15a6bbd6e2f717bb8b65ae0da74ec31f
data/lib/package/audit/npm/node_collection.rb CHANGED
@@ -35,13 +35,15 @@ module Package
35
35
 
36
36
  def deprecated
37
37
  implicit_pkgs = fetch_from_lock_file
38
- pkgs = NpmMetaData.new(implicit_pkgs).fetch.filter(&:deprecated?)
38
+ vulnerable_pkgs = VulnerabilityFinder.new(@dir, implicit_pkgs).run
39
+ pkgs = NpmMetaData.new(vulnerable_pkgs + implicit_pkgs).fetch.filter(&:deprecated?)
39
40
  DuplicatePackageMerger.new(pkgs).run
40
41
  end
41
42
 
42
43
  def outdated
43
44
  implicit_pkgs = fetch_from_lock_file
44
- pkgs = NpmMetaData.new(implicit_pkgs).fetch.filter(&:outdated?)
45
+ vulnerable_pkgs = VulnerabilityFinder.new(@dir, implicit_pkgs).run
46
+ pkgs = NpmMetaData.new(vulnerable_pkgs + implicit_pkgs).fetch.filter(&:outdated?)
45
47
  DuplicatePackageMerger.new(pkgs).run
46
48
  end
47
49
 
data/lib/package/audit/ruby/gem_collection.rb CHANGED
@@ -38,14 +38,16 @@ module Package
38
38
  def deprecated
39
39
  specs = BundlerSpecs.gemfile(@dir)
40
40
  pkgs = specs.map { |spec| Package.new(spec.name, spec.version, Enum::Technology::RUBY) }
41
- pkgs = GemMetaData.new(@dir, pkgs).fetch.filter(&:deprecated?)
41
+ vulnerable_pkgs = VulnerabilityFinder.new(@dir).run
42
+ pkgs = GemMetaData.new(@dir, pkgs + vulnerable_pkgs).fetch.filter(&:deprecated?)
42
43
  DuplicatePackageMerger.new(pkgs).run
43
44
  end
44
45
 
45
46
  def outdated(include_implicit: false)
46
47
  specs = include_implicit ? BundlerSpecs.all(@dir) : BundlerSpecs.gemfile(@dir)
47
48
  pkgs = specs.map { |spec| Package.new(spec.name, spec.version, Enum::Technology::RUBY) }
48
- pkgs = GemMetaData.new(@dir, pkgs).fetch.filter(&:outdated?)
49
+ vulnerable_pkgs = VulnerabilityFinder.new(@dir).run
50
+ pkgs = GemMetaData.new(@dir, pkgs + vulnerable_pkgs).fetch.filter(&:outdated?)
49
51
  DuplicatePackageMerger.new(pkgs).run
50
52
  end
51
53
 
data/lib/package/audit/services/command_parser.rb CHANGED
@@ -47,6 +47,7 @@ module Package
47
47
  thread_index = 0
48
48
 
49
49
  @spinner.start
50
+ @any_section_printed = false
50
51
  threads = @technologies.map.with_index do |technology, technology_index|
51
52
  Thread.new do
52
53
  all_pkgs, ignored_pkgs = PackageFinder.new(@config, @dir, @report, @groups).run(technology)
@@ -56,7 +57,14 @@ module Package
56
57
  cumulative_pkgs += active_pkgs
57
58
  mutex.synchronize { all_packages_for_config += all_pkgs || [] }
58
59
 
59
- sleep 0.1 while technology_index != thread_index # print each technology in order
60
+ # Wait for our turn to print (synchronized read of thread_index)
61
+ loop do
62
+ ready = mutex.synchronize { technology_index == thread_index }
63
+ break if ready
64
+
65
+ sleep 0.05
66
+ end
67
+
60
68
  mutex.synchronize do
61
69
  @spinner.stop
62
70
  print_results(technology, active_pkgs, ignored_pkgs || [])
@@ -82,17 +90,39 @@ module Package
82
90
  @spinner.stop
83
91
  end
84
92
 
85
- def print_results(technology, pkgs, ignored_pkgs)
93
+ def print_results(technology, pkgs, ignored_pkgs) # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
94
+ format = @options[Enum::Option::FORMAT]
95
+ is_pretty = format.nil?
96
+ is_csv = format == Enum::Format::CSV
97
+ has_packages = pkgs.any?
98
+
99
+ # Pretty format: blank line before each section
100
+ # CSV/Markdown: blank line between sections (only if previous section had output)
101
+ puts if is_pretty || (@any_section_printed && has_packages)
102
+
86
103
  PackagePrinter.new(@options, pkgs).print(Const::Fields::DEFAULT)
87
- print_summary(technology, pkgs, ignored_pkgs) unless @options[Enum::Option::FORMAT] == Enum::Format::CSV
88
- print_disclaimer(technology) unless @options[Enum::Option::FORMAT] || pkgs.empty?
104
+
105
+ # Markdown: blank line between table and summary (when there's a table)
106
+ puts if !is_pretty && !is_csv && has_packages
107
+
108
+ print_summary(technology, pkgs, ignored_pkgs) unless is_csv
109
+
110
+ # Pretty format: blank line before disclaimer
111
+ puts if is_pretty && has_packages
112
+
113
+ print_disclaimer(technology) unless format || pkgs.empty?
114
+
115
+ # Track that this section produced output (for CSV/Markdown separator logic)
116
+ # Pretty and Markdown always print summary, CSV only prints if there are packages
117
+ @any_section_printed = true if has_packages || !is_csv
89
118
  end
90
119
 
91
120
  def print_summary(technology, pkgs, ignored_pkgs)
121
+ format = @options[Enum::Option::FORMAT]
92
122
  if @report == Enum::Report::ALL
93
- Util::SummaryPrinter.statistics(@options[Enum::Option::FORMAT], technology, @report, pkgs, ignored_pkgs)
123
+ Util::SummaryPrinter.statistics(format, technology, @report, pkgs, ignored_pkgs)
94
124
  else
95
- Util::SummaryPrinter.total(technology, @report, pkgs, ignored_pkgs)
125
+ Util::SummaryPrinter.total(format, technology, @report, pkgs, ignored_pkgs)
96
126
  end
97
127
  end
98
128
 
data/lib/package/audit/services/package_printer.rb CHANGED
@@ -24,10 +24,8 @@ module Package
24
24
  case @options[Enum::Option::FORMAT]
25
25
  when Enum::Format::CSV
26
26
  csv(fields, exclude_headers: @options[Enum::Option::CSV_EXCLUDE_HEADERS])
27
- puts
28
27
  when Enum::Format::MARKDOWN
29
28
  markdown(fields)
30
- puts
31
29
  else
32
30
  pretty(fields)
33
31
  end
@@ -51,7 +49,6 @@ module Package
51
49
  separator_plain = max_widths.map { |width| '─' * width }.join('─' * COLUMN_GAP)
52
50
  separator = Util::BashColor.light_green(separator_plain)
53
51
 
54
- puts ' '
55
52
  puts " #{separator}"
56
53
  puts " #{header}"
57
54
  puts " #{separator}"
data/lib/package/audit/util/summary_printer.rb CHANGED
@@ -15,7 +15,6 @@ module Package
15
15
  puts " #{Util::BashColor.blue('Although the packages above have no recent updates, ' \
16
16
  'they may not be deprecated.')}"
17
17
  puts " #{Util::BashColor.blue('Please contact the package author for more information about its status.')}"
18
- puts
19
18
  end
20
19
 
21
20
  def self.vulnerable(technology, cmd)
@@ -24,16 +23,22 @@ module Package
24
23
  cmd: Util::BashColor.magenta(" > #{cmd}"))
25
24
  end
26
25
 
27
- def self.total(technology, report, pkgs, ignored_pkgs)
26
+ def self.total(format, technology, report, pkgs, ignored_pkgs) # rubocop:disable Metrics/MethodLength
27
+ prefix = format.nil? ? ' ' : ''
28
28
  if ignored_pkgs.any?
29
- puts " #{Util::BashColor.cyan("Found a total of #{pkgs.length} #{technology.capitalize} packages " \
30
- "(#{ignored_pkgs.length} ignored).")}"
29
+ puts "#{prefix}#{Util::BashColor.cyan(
30
+ "Found a total of #{pkgs.length} #{technology.capitalize} packages " \
31
+ "(#{ignored_pkgs.length} ignored)."
32
+ )}"
31
33
  elsif pkgs.any?
32
- puts " #{Util::BashColor.cyan("Found a total of #{pkgs.length} #{technology.capitalize} packages.")}"
34
+ puts "#{prefix}#{Util::BashColor.cyan(
35
+ "Found a total of #{pkgs.length} #{technology.capitalize} packages."
36
+ )}"
33
37
  else
34
- puts " #{Util::BashColor.green("There are no #{report} #{technology.capitalize} packages!")}"
38
+ puts "#{prefix}#{Util::BashColor.green(
39
+ "There are no #{report} #{technology.capitalize} packages!"
40
+ )}"
35
41
  end
36
- puts
37
42
  end
38
43
 
39
44
  def self.statistics(format, technology, report, pkgs, ignored_pkgs)
@@ -60,22 +65,23 @@ module Package
60
65
  end
61
66
 
62
67
  private_class_method def self.display_results(format, technology, report, pkgs, ignored_pkgs, stats) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength, Metrics/ParameterLists
68
+ prefix = format.nil? ? ' ' : ''
63
69
  if pkgs.any?
64
- print " #{status_message(stats)}"
70
+ print "#{prefix}#{status_message(stats)}"
65
71
  print Util::BashColor.cyan(' \\') if format == Enum::Format::MARKDOWN
66
72
  puts
67
- total(technology, report, pkgs, ignored_pkgs)
73
+ total(format, technology, report, pkgs, ignored_pkgs)
68
74
  elsif ignored_pkgs.any?
69
- print " #{status_message(stats)}"
75
+ print "#{prefix}#{status_message(stats)}"
70
76
  print Util::BashColor.cyan(' \\') if format == Enum::Format::MARKDOWN
71
77
  puts
72
- puts " #{Util::BashColor.green('There are no deprecated, outdated or vulnerable ' \
73
- "#{technology.capitalize} packages (#{ignored_pkgs.length} ignored)!")}"
74
- puts
78
+ puts "#{prefix}#{Util::BashColor.green(
79
+ 'There are no deprecated, outdated or vulnerable ' \
80
+ "#{technology.capitalize} packages (#{ignored_pkgs.length} ignored)!"
81
+ )}"
75
82
  else
76
- puts " #{Util::BashColor.green('There are no deprecated, outdated or vulnerable ' \
77
- "#{technology.capitalize} packages!")}"
78
- puts
83
+ puts "#{prefix}#{Util::BashColor.green('There are no deprecated, outdated or vulnerable ' \
84
+ "#{technology.capitalize} packages!")}"
79
85
  end
80
86
  end
81
87
 
data/lib/package/audit/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Package
2
2
  module Audit
3
- VERSION = '0.8.0'
3
+ VERSION = '0.8.1'
4
4
  end
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: package-audit
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.8.0
4
+ version: 0.8.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Vadim Kononov