rubion 0.3.0 → 0.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +2 -0
- data/LICENSE +2 -0
- data/README.md +11 -8
- data/bin/rubion +2 -0
- data/lib/rubion/scanner.rb +68 -7
- data/lib/rubion/version.rb +1 -1
- data/lib/rubion.rb +6 -3
- metadata +6 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c51023aed1ba275593e8bc5c783d0ee512724b48128ed96d68e433ac7df16f85
|
|
4
|
+
data.tar.gz: e31637a3c2be1e60c7e426049d37e6173e5f8a36093a81f53391807538099b4d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4ff1d29b61cac762f306b46751f67c88236575d99323e801021d776fd3b8770685e8821a001bae1c5148d53c4b1884f5dc0952ebbbfef1589b2213ef9f3cad96
|
|
7
|
+
data.tar.gz: 23b22a540c176ed00439654959e56f414ebb25fb5c2f8ec0487fad4182d63c4d07ed57be5dda1ffae786f642f277ae86fe604d741b7e7c58fbeee3cbf13bf9a7
|
data/Gemfile
CHANGED
data/LICENSE
CHANGED
data/README.md
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
# 🔒 Rubion
|
|
2
2
|
|
|
3
|
-
**Rubion** is a security and version scanner for Ruby and JavaScript projects. It helps you identify vulnerabilities and outdated dependencies in your Ruby gems and NPM packages.
|
|
3
|
+
**Rubion** is a security and version scanner for Ruby and JavaScript projects. It helps you identify vulnerabilities and outdated dependencies in your Ruby gems and NPM/JavaScript packages.
|
|
4
4
|
|
|
5
5
|
## Features
|
|
6
6
|
|
|
7
7
|
- 📛 **Gem Vulnerabilities**: Scans for known security vulnerabilities in Ruby gems using `bundle-audit`
|
|
8
8
|
- 📦 **Gem Versions**: Identifies outdated Ruby gems with release dates and version counts
|
|
9
|
-
- 📛 **Package Vulnerabilities**: Scans for known security vulnerabilities in NPM packages using `npm audit`
|
|
10
|
-
- 📦 **Package Versions**: Identifies outdated NPM packages with release dates and version counts
|
|
9
|
+
- 📛 **Package Vulnerabilities**: Scans for known security vulnerabilities in NPM/JavaScript packages using `npm audit` or `yarn audit`
|
|
10
|
+
- 📦 **Package Versions**: Identifies outdated NPM/JavaScript packages with release dates and version counts
|
|
11
11
|
- 📊 **Beautiful Reports**: Organized table output with severity icons (🔴 Critical, 🟠 High, 🟡 Medium, 🟢 Low, ⚪ Unknown)
|
|
12
12
|
- 🚀 **Fast & Efficient**: Parallel API processing (10 concurrent threads) for quick results
|
|
13
13
|
- ⚡ **Incremental Output**: Shows gem results immediately, then scans packages
|
|
@@ -44,8 +44,8 @@ rubion scan
|
|
|
44
44
|
This will scan your project for:
|
|
45
45
|
- Ruby gem vulnerabilities (if `Gemfile.lock` exists)
|
|
46
46
|
- Outdated Ruby gems with release dates
|
|
47
|
-
- NPM package vulnerabilities (if `package.json` exists)
|
|
48
|
-
- Outdated NPM packages with release dates
|
|
47
|
+
- NPM/JavaScript package vulnerabilities (if `package.json` exists)
|
|
48
|
+
- Outdated NPM/JavaScript packages with release dates
|
|
49
49
|
|
|
50
50
|
### Scan options
|
|
51
51
|
|
|
@@ -126,9 +126,11 @@ Package Versions:
|
|
|
126
126
|
|
|
127
127
|
- Ruby 2.6 or higher
|
|
128
128
|
- Bundler (for Ruby gem scanning)
|
|
129
|
-
- NPM (optional, for
|
|
129
|
+
- NPM or Yarn (optional, for JavaScript package scanning)
|
|
130
130
|
- `bundler-audit` (optional, for enhanced gem vulnerability detection)
|
|
131
131
|
|
|
132
|
+
**Note:** If both npm and yarn are available, Rubion will prompt you to choose which one to use.
|
|
133
|
+
|
|
132
134
|
### Installing bundler-audit (recommended)
|
|
133
135
|
|
|
134
136
|
```bash
|
|
@@ -172,10 +174,11 @@ Rubion uses a modular architecture:
|
|
|
172
174
|
1. **Scanner** (`lib/rubion/scanner.rb`): Executes various commands to scan for vulnerabilities and outdated versions
|
|
173
175
|
- `bundle-audit check` for gem vulnerabilities
|
|
174
176
|
- `bundle outdated --parseable` for gem versions
|
|
175
|
-
- `npm audit --json` for package vulnerabilities
|
|
176
|
-
- `npm outdated --json` for package versions
|
|
177
|
+
- `npm audit --json` or `yarn audit --json` for package vulnerabilities (auto-detects which is available)
|
|
178
|
+
- `npm outdated --json` or `yarn outdated --json` for package versions (auto-detects which is available)
|
|
177
179
|
- Fetches release dates and version data from RubyGems.org and NPM registry APIs
|
|
178
180
|
- Uses parallel processing (10 concurrent threads) for fast API calls
|
|
181
|
+
- Prompts user to choose between npm and yarn if both are available
|
|
179
182
|
|
|
180
183
|
2. **Reporter** (`lib/rubion/reporter.rb`): Formats scan results into beautiful terminal tables using `terminal-table`
|
|
181
184
|
- Adds severity icons (🔴 🟠 🟡 🟢 ⚪)
|
data/bin/rubion
CHANGED
data/lib/rubion/scanner.rb
CHANGED
|
@@ -21,9 +21,11 @@ module Rubion
|
|
|
21
21
|
end
|
|
22
22
|
end
|
|
23
23
|
|
|
24
|
-
def initialize(project_path: Dir.pwd)
|
|
24
|
+
def initialize(project_path: Dir.pwd, package_manager: nil)
|
|
25
25
|
@project_path = project_path
|
|
26
26
|
@result = ScanResult.new
|
|
27
|
+
@package_manager = package_manager
|
|
28
|
+
@package_manager_detected = false
|
|
27
29
|
end
|
|
28
30
|
|
|
29
31
|
def scan
|
|
@@ -74,10 +76,21 @@ module Rubion
|
|
|
74
76
|
package_json = File.join(@project_path, 'package.json')
|
|
75
77
|
return unless File.exist?(package_json)
|
|
76
78
|
|
|
77
|
-
#
|
|
79
|
+
# Detect package manager if not already set
|
|
80
|
+
unless @package_manager_detected
|
|
81
|
+
@package_manager = @package_manager || detect_package_manager
|
|
82
|
+
@package_manager_detected = true
|
|
83
|
+
end
|
|
84
|
+
|
|
85
|
+
unless @package_manager
|
|
86
|
+
puts " ⚠️ Neither npm nor yarn is available. Skipping package scanning."
|
|
87
|
+
return
|
|
88
|
+
end
|
|
89
|
+
|
|
90
|
+
# Check for vulnerabilities using package manager audit
|
|
78
91
|
check_npm_vulnerabilities
|
|
79
92
|
|
|
80
|
-
# Check for outdated versions using
|
|
93
|
+
# Check for outdated versions using package manager outdated (will show progress)
|
|
81
94
|
check_npm_versions
|
|
82
95
|
end
|
|
83
96
|
|
|
@@ -113,7 +126,10 @@ module Rubion
|
|
|
113
126
|
end
|
|
114
127
|
|
|
115
128
|
def check_npm_vulnerabilities
|
|
116
|
-
|
|
129
|
+
return unless @package_manager
|
|
130
|
+
|
|
131
|
+
command = "#{@package_manager} audit --json 2>&1"
|
|
132
|
+
stdout, stderr, status = Open3.capture3(command, chdir: @project_path)
|
|
117
133
|
|
|
118
134
|
begin
|
|
119
135
|
data = JSON.parse(stdout)
|
|
@@ -122,12 +138,15 @@ module Rubion
|
|
|
122
138
|
@result.package_vulnerabilities = []
|
|
123
139
|
end
|
|
124
140
|
rescue => e
|
|
125
|
-
puts " ⚠️ Could not run
|
|
141
|
+
puts " ⚠️ Could not run #{@package_manager} audit (#{e.message}). Skipping package vulnerability check."
|
|
126
142
|
@result.package_vulnerabilities = []
|
|
127
143
|
end
|
|
128
144
|
|
|
129
145
|
def check_npm_versions
|
|
130
|
-
|
|
146
|
+
return unless @package_manager
|
|
147
|
+
|
|
148
|
+
command = "#{@package_manager} outdated --json 2>&1"
|
|
149
|
+
stdout, stderr, status = Open3.capture3(command, chdir: @project_path)
|
|
131
150
|
|
|
132
151
|
begin
|
|
133
152
|
data = JSON.parse(stdout) unless stdout.empty?
|
|
@@ -136,7 +155,7 @@ module Rubion
|
|
|
136
155
|
@result.package_versions = []
|
|
137
156
|
end
|
|
138
157
|
rescue => e
|
|
139
|
-
puts " ⚠️ Could not run
|
|
158
|
+
puts " ⚠️ Could not run #{@package_manager} outdated (#{e.message}). Skipping package version check."
|
|
140
159
|
@result.package_versions = []
|
|
141
160
|
end
|
|
142
161
|
|
|
@@ -532,6 +551,48 @@ module Rubion
|
|
|
532
551
|
end
|
|
533
552
|
end
|
|
534
553
|
|
|
554
|
+
# Detect which package manager is available (npm or yarn)
|
|
555
|
+
def detect_package_manager
|
|
556
|
+
npm_available = check_command_available('npm')
|
|
557
|
+
yarn_available = check_command_available('yarn')
|
|
558
|
+
|
|
559
|
+
if npm_available && yarn_available
|
|
560
|
+
# Both available - prompt user
|
|
561
|
+
prompt_package_manager_choice
|
|
562
|
+
elsif npm_available
|
|
563
|
+
'npm'
|
|
564
|
+
elsif yarn_available
|
|
565
|
+
'yarn'
|
|
566
|
+
else
|
|
567
|
+
nil
|
|
568
|
+
end
|
|
569
|
+
end
|
|
570
|
+
|
|
571
|
+
# Check if a command is available in the system
|
|
572
|
+
def check_command_available(command)
|
|
573
|
+
_, _, status = Open3.capture3("which #{command} 2>&1")
|
|
574
|
+
status.success?
|
|
575
|
+
rescue
|
|
576
|
+
false
|
|
577
|
+
end
|
|
578
|
+
|
|
579
|
+
# Prompt user to choose between npm and yarn when both are available
|
|
580
|
+
def prompt_package_manager_choice
|
|
581
|
+
puts "\n Both npm and yarn are available. Which would you like to use?"
|
|
582
|
+
print " Enter 'npm' or 'yarn' (default: npm): "
|
|
583
|
+
|
|
584
|
+
choice = $stdin.gets.chomp.strip.downcase
|
|
585
|
+
|
|
586
|
+
if choice.empty? || choice == 'npm'
|
|
587
|
+
'npm'
|
|
588
|
+
elsif choice == 'yarn'
|
|
589
|
+
'yarn'
|
|
590
|
+
else
|
|
591
|
+
puts " ⚠️ Invalid choice. Using npm as default."
|
|
592
|
+
'npm'
|
|
593
|
+
end
|
|
594
|
+
end
|
|
595
|
+
|
|
535
596
|
# Fetch all NPM package version info (dates and version list) from NPM registry in one call
|
|
536
597
|
def fetch_npm_all_versions(package_name)
|
|
537
598
|
return { versions: {}, version_list: [] } if package_name.nil?
|
data/lib/rubion/version.rb
CHANGED
data/lib/rubion.rb
CHANGED
|
@@ -81,8 +81,8 @@ module Rubion
|
|
|
81
81
|
Rubion scans your project for:
|
|
82
82
|
- Ruby gem vulnerabilities (using bundler-audit)
|
|
83
83
|
- Outdated Ruby gems (using bundle outdated)
|
|
84
|
-
- NPM package vulnerabilities (using npm audit)
|
|
85
|
-
- Outdated NPM packages (using npm outdated)
|
|
84
|
+
- NPM/JavaScript package vulnerabilities (using npm audit or yarn audit)
|
|
85
|
+
- Outdated NPM/JavaScript packages (using npm outdated or yarn outdated)
|
|
86
86
|
|
|
87
87
|
OUTPUT:
|
|
88
88
|
Results are displayed in organized tables with:
|
|
@@ -107,8 +107,11 @@ module Rubion
|
|
|
107
107
|
REQUIREMENTS:
|
|
108
108
|
- Ruby 2.6+
|
|
109
109
|
- Bundler (for gem scanning)
|
|
110
|
-
- NPM (for package scanning, optional)
|
|
110
|
+
- NPM or Yarn (for package scanning, optional)
|
|
111
111
|
- bundler-audit (optional, install with: gem install bundler-audit)
|
|
112
|
+
|
|
113
|
+
NOTE:
|
|
114
|
+
If both npm and yarn are available, you will be prompted to choose which one to use.
|
|
112
115
|
|
|
113
116
|
HELP
|
|
114
117
|
end
|
metadata
CHANGED
|
@@ -1,13 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rubion
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.3.
|
|
4
|
+
version: 0.3.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- bipashant
|
|
8
|
+
autorequire:
|
|
8
9
|
bindir: bin
|
|
9
10
|
cert_chain: []
|
|
10
|
-
date:
|
|
11
|
+
date: 2025-11-14 00:00:00.000000000 Z
|
|
11
12
|
dependencies:
|
|
12
13
|
- !ruby/object:Gem::Dependency
|
|
13
14
|
name: terminal-table
|
|
@@ -92,6 +93,7 @@ metadata:
|
|
|
92
93
|
source_code_uri: https://github.com/bipashant/rubion
|
|
93
94
|
changelog_uri: https://github.com/bipashant/rubion/blob/main/CHANGELOG.md
|
|
94
95
|
bug_tracker_uri: https://github.com/bipashant/rubion/issues
|
|
96
|
+
post_install_message:
|
|
95
97
|
rdoc_options: []
|
|
96
98
|
require_paths:
|
|
97
99
|
- lib
|
|
@@ -106,7 +108,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
106
108
|
- !ruby/object:Gem::Version
|
|
107
109
|
version: '0'
|
|
108
110
|
requirements: []
|
|
109
|
-
rubygems_version: 3.
|
|
111
|
+
rubygems_version: 3.4.10
|
|
112
|
+
signing_key:
|
|
110
113
|
specification_version: 4
|
|
111
114
|
summary: Security and version scanner for Ruby and JavaScript projects
|
|
112
115
|
test_files: []
|