rubion 0.3.0 → 0.3.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f3dc20ad2e0d8a10c9819577c5370327e860d1406b866fa02504e472dbb1e673
-  data.tar.gz: b7954923cc22c872f7a20520db5bf2496af0615886978d2701188357b1e3cdf2
+  metadata.gz: a34f7102afe1491a751b94e0d11e22fe854f20bb1c1f5a322473447282bd665a
+  data.tar.gz: a7dc977d51a43a5657445ee42afc730be67dd2fe6006e35b5153f47ae13fa30d
 SHA512:
-  metadata.gz: c8997bc21f73e51e7e904e8372fd779d85f5b162ff0d7b7187ce4136571343913d6362d61a2cb2839d3c8333f91b3af8724192a6b7bff9ae361c357975d8dce6
-  data.tar.gz: 8e18d1257ef3cc883c7dba88355c3c7928c60f31bb17d20135b19954ad4ac055b2aeb21338d9453156959330ad3432aa36ab2e7772c315ec9bc8bb81a9946ab2
+  metadata.gz: 13e0b27d669216a58580c02dc8f2e5d26a35a0102e9ac7537bb6d6aa6caea7d42e115b4c12ad6cecc4cdd61add4829a0e549b01578c23d150ce90da4ae859001
+  data.tar.gz: f09035851f40e23cdac6f3c594f3f99f4579438ea6421c9007295e1cde0707d689b95675e7435c8da17878defe51bec2ad8427b1ec09fc476727cb026ace9859

data/Gemfile

@@ -9,3 +9,5 @@ gem "rake", "~> 13.0"
 gem "rspec", "~> 3.0"
 gem "rubocop", "~> 1.21"
 
+
+

data/LICENSE

@@ -20,3 +20,5 @@ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
 
+
+

data/README.md

@@ -1,13 +1,15 @@
-# 🔒 Rubion
+#  Rubion
 
-**Rubion** is a security and version scanner for Ruby and JavaScript projects. It helps you identify vulnerabilities and outdated dependencies in your Ruby gems and NPM packages.
+**Rubion** is a security and version scanner for Ruby and JavaScript projects. It helps you identify vulnerabilities and outdated dependencies in your Ruby gems and NPM/JavaScript packages.
+
+<img width="1237" height="671" alt="Screenshot 2025-11-14 at 10 48 12 am" src="https://github.com/user-attachments/assets/a3d93452-c442-416a-9697-de59746e16ad" />
 
 ## Features
 
 - 📛 **Gem Vulnerabilities**: Scans for known security vulnerabilities in Ruby gems using `bundle-audit`
 - 📦 **Gem Versions**: Identifies outdated Ruby gems with release dates and version counts
-- 📛 **Package Vulnerabilities**: Scans for known security vulnerabilities in NPM packages using `npm audit`
-- 📦 **Package Versions**: Identifies outdated NPM packages with release dates and version counts
+- 📛 **Package Vulnerabilities**: Scans for known security vulnerabilities in NPM/JavaScript packages using `npm audit` or `yarn audit`
+- 📦 **Package Versions**: Identifies outdated NPM/JavaScript packages with release dates and version counts
 - 📊 **Beautiful Reports**: Organized table output with severity icons (🔴 Critical, 🟠 High, 🟡 Medium, 🟢 Low, ⚪ Unknown)
 - 🚀 **Fast & Efficient**: Parallel API processing (10 concurrent threads) for quick results
 - ⚡ **Incremental Output**: Shows gem results immediately, then scans packages
@@ -44,8 +46,8 @@ rubion scan
 This will scan your project for:
 - Ruby gem vulnerabilities (if `Gemfile.lock` exists)
 - Outdated Ruby gems with release dates
-- NPM package vulnerabilities (if `package.json` exists)
-- Outdated NPM packages with release dates
+- NPM/JavaScript package vulnerabilities (if `package.json` exists)
+- Outdated NPM/JavaScript packages with release dates
 
 ### Scan options
 
@@ -126,9 +128,11 @@ Package Versions:
 
 - Ruby 2.6 or higher
 - Bundler (for Ruby gem scanning)
-- NPM (optional, for NPM package scanning)
+- NPM or Yarn (optional, for JavaScript package scanning)
 - `bundler-audit` (optional, for enhanced gem vulnerability detection)
 
+**Note:** If both npm and yarn are available, Rubion will prompt you to choose which one to use.
+
 ### Installing bundler-audit (recommended)
 
 ```bash
@@ -172,10 +176,11 @@ Rubion uses a modular architecture:
 1. **Scanner** (`lib/rubion/scanner.rb`): Executes various commands to scan for vulnerabilities and outdated versions
    - `bundle-audit check` for gem vulnerabilities
    - `bundle outdated --parseable` for gem versions
-   - `npm audit --json` for package vulnerabilities
-   - `npm outdated --json` for package versions
+   - `npm audit --json` or `yarn audit --json` for package vulnerabilities (auto-detects which is available)
+   - `npm outdated --json` or `yarn outdated --json` for package versions (auto-detects which is available)
    - Fetches release dates and version data from RubyGems.org and NPM registry APIs
    - Uses parallel processing (10 concurrent threads) for fast API calls
+   - Prompts user to choose between npm and yarn if both are available
 
 2. **Reporter** (`lib/rubion/reporter.rb`): Formats scan results into beautiful terminal tables using `terminal-table`
    - Adds severity icons (🔴 🟠 🟡 🟢 ⚪)

data/bin/rubion

@@ -5,3 +5,5 @@ require_relative '../lib/rubion'
 
 Rubion::CLI.start(ARGV)
 
+
+

data/lib/rubion/reporter.rb

@@ -4,8 +4,9 @@ require 'terminal-table'
 
 module Rubion
   class Reporter
-    def initialize(scan_result)
+    def initialize(scan_result, sort_by: nil)
       @result = scan_result
+      @sort_by = sort_by
     end
 
     def report
@@ -36,31 +37,6 @@ module Rubion
 
     private
 
-    def _print_gem_vulnerabilities
-      puts "Gem Vulnerabilities:\n\n"
-
-      if @result.gem_vulnerabilities.empty?
-        puts "  ✅ No vulnerabilities found!\n\n"
-        return
-      end
-
-      table = Terminal::Table.new do |t|
-        t.headings = %w[Level Name Version Vulnerability]
-
-        @result.gem_vulnerabilities.each do |vuln|
-          t.add_row [
-            severity_with_icon(vuln[:severity]),
-            vuln[:gem],
-            vuln[:version],
-            truncate(vuln[:title], 50)
-          ]
-        end
-      end
-
-      puts table
-      puts "\n"
-    end
-
     def print_header
       # Simplified header
       puts "\n"
@@ -97,10 +73,14 @@ module Rubion
         return
       end
 
+      # Sort if sort_by is specified
+      versions = @result.gem_versions.dup
+      versions = sort_versions(versions, :gem) if @sort_by
+
       table = Terminal::Table.new do |t|
         t.headings = ['Name', 'Current', 'Date', 'Latest', 'Date', 'Behind By(Time)', 'Behind By(Versions)']
 
-        @result.gem_versions.each do |gem|
+        versions.each do |gem|
           t.add_row [
             gem[:gem],
             gem[:current],
@@ -150,10 +130,14 @@ module Rubion
         return
       end
 
+      # Sort if sort_by is specified
+      versions = @result.package_versions.dup
+      versions = sort_versions(versions, :package) if @sort_by
+
       table = Terminal::Table.new do |t|
-        t.headings = ['Name', 'Current', 'Date', 'Latest', 'Date', 'Behind By', 'Versions']
+        t.headings = ['Name', 'Current', 'Date', 'Latest', 'Date', 'Behind By(Time)', 'Behind By(Versions)']
 
-        @result.package_versions.each do |pkg|
+        versions.each do |pkg|
           t.add_row [
             pkg[:package],
             pkg[:current],
@@ -218,7 +202,7 @@ module Rubion
     def truncate(text, length = 50)
       return text if text.length <= length
 
-      "#{text[0..length - 3]}..."
+      "#{text[0..(length - 3)]}..."
     end
 
     def version_difference(current, latest)
@@ -242,5 +226,104 @@ module Rubion
     rescue StandardError
       'unknown'
     end
+
+    # Sort versions array based on the specified column
+    def sort_versions(versions, name_key)
+      return versions unless @sort_by
+
+      column = @sort_by.strip.downcase
+      name_key_sym = name_key # :gem or :package
+
+      # Normalize column name - default to 'name' if not recognized
+      normalized_column = case column
+                          when 'name', 'current', 'date', 'latest',
+                               'behind by(time)', 'behind by time', 'time',
+                               'behind by(versions)', 'behind by versions', 'versions'
+                            column
+                          else
+                            'name' # Default to name sorting
+                          end
+
+      versions.sort_by do |item|
+        case normalized_column
+        when 'name'
+          item[name_key_sym].to_s.downcase
+        when 'current'
+          parse_version_for_sort(item[:current])
+        when 'date'
+          # Sort by current_date (first Date column)
+          parse_date_for_sort(item[:current_date])
+        when 'latest'
+          parse_version_for_sort(item[:latest])
+        when 'behind by(time)', 'behind by time', 'time'
+          parse_time_for_sort(item[:time_diff])
+        when 'behind by(versions)', 'behind by versions', 'versions'
+          parse_version_count_for_sort(item[:version_count])
+        end
+      end
+    end
+
+    # Parse version string for sorting (handles semantic versions)
+    def parse_version_for_sort(version_str)
+      return [0, 0, 0, ''] if version_str.nil? || version_str == 'N/A' || version_str == 'unknown'
+
+      # Handle version strings like "1.2.3", "1.2.3.4", "1.2.3-beta", etc.
+      parts = version_str.to_s.split(/[.-]/)
+      major = parts[0].to_i
+      minor = parts[1].to_i
+      patch = parts[2].to_i
+      suffix = parts[3..-1].join('') if parts.length > 3
+
+      [major, minor, patch, suffix || '']
+    end
+
+    # Parse date string for sorting (handles M/D/YYYY format)
+    def parse_date_for_sort(date_str)
+      return [0, 0, 0] if date_str.nil? || date_str == 'N/A'
+
+      begin
+        parts = date_str.split('/').map(&:to_i)
+        return [parts[2] || 0, parts[0] || 0, parts[1] || 0] if parts.length == 3
+      rescue StandardError
+        # If parsing fails, return a date that sorts last
+      end
+
+      [0, 0, 0]
+    end
+
+    # Parse time difference string for sorting (e.g., "1 year", "3 months", "5 days")
+    def parse_time_for_sort(time_str)
+      return [0, 0] if time_str.nil? || time_str == 'N/A'
+
+      time_str = time_str.to_s.downcase.strip
+
+      # Extract number and unit
+      match = time_str.match(/(\d+(?:\.\d+)?)\s*(year|month|day|years|months|days)/)
+      return [0, 0] unless match
+
+      value = match[1].to_f
+      unit = match[2].to_s.downcase
+
+      # Convert to days for comparison
+      days = case unit
+             when /year/
+               value * 365
+             when /month/
+               value * 30
+             when /day/
+               value
+             else
+               0
+             end
+
+      [days.to_i, value]
+    end
+
+    # Parse version count for sorting
+    def parse_version_count_for_sort(count)
+      return 0 if count.nil? || count == 'N/A' || count == 'unknown'
+
+      count.to_i
+    end
   end
 end

data/lib/rubion/scanner.rb

@@ -21,9 +21,11 @@ module Rubion
       end
     end
 
-    def initialize(project_path: Dir.pwd)
+    def initialize(project_path: Dir.pwd, package_manager: nil)
       @project_path = project_path
       @result = ScanResult.new
+      @package_manager = package_manager
+      @package_manager_detected = false
     end
 
     def scan
@@ -35,7 +37,7 @@ module Rubion
       @result
     end
 
-    def scan_incremental(options = { gems: true, packages: true })
+    def scan_incremental(options = { gems: true, packages: true, sort_by: nil })
       puts "🔍 Scanning project at: #{@project_path}\n\n"
       
       # Scan and display Ruby gems first (if enabled)
@@ -44,7 +46,7 @@ module Rubion
         
         # Print gem results immediately
         puts "\n"
-        reporter = Reporter.new(@result)
+        reporter = Reporter.new(@result, sort_by: options[:sort_by])
         reporter.print_gem_vulnerabilities
         reporter.print_gem_versions
       end
@@ -74,10 +76,21 @@ module Rubion
       package_json = File.join(@project_path, 'package.json')
       return unless File.exist?(package_json)
       
-      # Check for vulnerabilities using npm audit
+      # Detect package manager if not already set
+      unless @package_manager_detected
+        @package_manager = @package_manager || detect_package_manager
+        @package_manager_detected = true
+      end
+      
+      unless @package_manager
+        puts "  ⚠️  Neither npm nor yarn is available. Skipping package scanning."
+        return
+      end
+      
+      # Check for vulnerabilities using package manager audit
       check_npm_vulnerabilities
       
-      # Check for outdated versions using npm outdated (will show progress)
+      # Check for outdated versions using package manager outdated (will show progress)
       check_npm_versions
     end
 
@@ -113,7 +126,10 @@ module Rubion
     end
 
     def check_npm_vulnerabilities
-      stdout, stderr, status = Open3.capture3("npm audit --json 2>&1", chdir: @project_path)
+      return unless @package_manager
+      
+      command = "#{@package_manager} audit --json 2>&1"
+      stdout, stderr, status = Open3.capture3(command, chdir: @project_path)
       
       begin
         data = JSON.parse(stdout)
@@ -122,12 +138,15 @@ module Rubion
         @result.package_vulnerabilities = []
       end
     rescue => e
-      puts "  ⚠️  Could not run npm audit (#{e.message}). Skipping package vulnerability check."
+      puts "  ⚠️  Could not run #{@package_manager} audit (#{e.message}). Skipping package vulnerability check."
       @result.package_vulnerabilities = []
     end
 
     def check_npm_versions
-      stdout, stderr, status = Open3.capture3("npm outdated --json 2>&1", chdir: @project_path)
+      return unless @package_manager
+      
+      command = "#{@package_manager} outdated --json 2>&1"
+      stdout, stderr, status = Open3.capture3(command, chdir: @project_path)
       
       begin
         data = JSON.parse(stdout) unless stdout.empty?
@@ -136,7 +155,7 @@ module Rubion
         @result.package_versions = []
       end
     rescue => e
-      puts "  ⚠️  Could not run npm outdated (#{e.message}). Skipping package version check."
+      puts "  ⚠️  Could not run #{@package_manager} outdated (#{e.message}). Skipping package version check."
       @result.package_versions = []
     end
 
@@ -532,6 +551,48 @@ module Rubion
       end
     end
 
+    # Detect which package manager is available (npm or yarn)
+    def detect_package_manager
+      npm_available = check_command_available('npm')
+      yarn_available = check_command_available('yarn')
+      
+      if npm_available && yarn_available
+        # Both available - prompt user
+        prompt_package_manager_choice
+      elsif npm_available
+        'npm'
+      elsif yarn_available
+        'yarn'
+      else
+        nil
+      end
+    end
+    
+    # Check if a command is available in the system
+    def check_command_available(command)
+      _, _, status = Open3.capture3("which #{command} 2>&1")
+      status.success?
+    rescue
+      false
+    end
+    
+    # Prompt user to choose between npm and yarn when both are available
+    def prompt_package_manager_choice
+      puts "\n  Both npm and yarn are available. Which would you like to use?"
+      print "  Enter 'npm' or 'yarn' (default: npm): "
+      
+      choice = $stdin.gets.chomp.strip.downcase
+      
+      if choice.empty? || choice == 'npm'
+        'npm'
+      elsif choice == 'yarn'
+        'yarn'
+      else
+        puts "  ⚠️  Invalid choice. Using npm as default."
+        'npm'
+      end
+    end
+
     # Fetch all NPM package version info (dates and version list) from NPM registry in one call
     def fetch_npm_all_versions(package_name)
       return { versions: {}, version_list: [] } if package_name.nil?

data/lib/rubion/version.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
 module Rubion
-  VERSION = "0.3.0"
+  VERSION = "0.3.2"
 end
 

data/lib/rubion.rb

@@ -28,7 +28,7 @@ module Rubion
     end
 
     def self.parse_scan_options(args)
-      options = { gems: true, packages: true }
+      options = { gems: true, packages: true, sort_by: nil }
       
       # Check for --gems-only or --packages-only flags
       if args.include?('--gems-only') || args.include?('-g')
@@ -43,20 +43,28 @@ module Rubion
         options[:packages] = args.include?('--packages')
       end
       
+      # Parse --sort-by or -s option
+      sort_index = args.index('--sort-by') || args.index('-s')
+      if sort_index && args[sort_index + 1]
+        options[:sort_by] = args[sort_index + 1]
+      end
+      
       options
     end
 
-    def self.scan(options = { gems: true, packages: true })
+    def self.scan(options = { gems: true, packages: true, sort_by: nil })
       project_path = Dir.pwd
       
       scanner = Scanner.new(project_path: project_path)
       result = scanner.scan_incremental(options)
       
       # Results are already printed incrementally based on options
-      reporter = Reporter.new(result)
-      
-      # Only print package results if packages were scanned
+      # Package results are printed in scan_incremental, but we need to ensure
+      # they use the same reporter instance with sort_by
+      # Actually, scan_incremental handles gem printing, but package printing
+      # happens here, so we need a reporter for packages
       if options[:packages]
+        reporter = Reporter.new(result, sort_by: options[:sort_by])
         reporter.print_package_vulnerabilities
         reporter.print_package_versions
       end
@@ -76,13 +84,14 @@ module Rubion
           --gems, --gem, -g           Scan only Ruby gems (skip NPM packages)
           --packages, --npm, -p       Scan only NPM packages (skip Ruby gems)
           --all, -a                   Scan both gems and packages (default)
+          --sort-by COLUMN, -s COLUMN Sort results by column (Name, Current, Date, Latest, Behind By(Time), Behind By(Versions))
         
         DESCRIPTION:
           Rubion scans your project for:
             - Ruby gem vulnerabilities (using bundler-audit)
             - Outdated Ruby gems (using bundle outdated)
-            - NPM package vulnerabilities (using npm audit)
-            - Outdated NPM packages (using npm outdated)
+            - NPM/JavaScript package vulnerabilities (using npm audit or yarn audit)
+            - Outdated NPM/JavaScript packages (using npm outdated or yarn outdated)
         
         OUTPUT:
           Results are displayed in organized tables with:
@@ -101,14 +110,23 @@ module Rubion
           # Scan only NPM packages
           rubion scan --packages
           
+          # Sort by name
+          rubion scan --sort-by Name
+          
+          # Sort by versions behind
+          rubion scan -s "Behind By(Versions)"
+          
           # Get help
           rubion help
         
         REQUIREMENTS:
           - Ruby 2.6+
           - Bundler (for gem scanning)
-          - NPM (for package scanning, optional)
+          - NPM or Yarn (for package scanning, optional)
           - bundler-audit (optional, install with: gem install bundler-audit)
+          
+        NOTE:
+          If both npm and yarn are available, you will be prompted to choose which one to use.
         
       HELP
     end

metadata

@@ -1,13 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rubion
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.3.2
 platform: ruby
 authors:
 - bipashant
+autorequire:
 bindir: bin
 cert_chain: []
-date: 1980-01-02 00:00:00.000000000 Z
+date: 2025-11-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: terminal-table
@@ -92,6 +93,7 @@ metadata:
   source_code_uri: https://github.com/bipashant/rubion
   changelog_uri: https://github.com/bipashant/rubion/blob/main/CHANGELOG.md
   bug_tracker_uri: https://github.com/bipashant/rubion/issues
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -106,7 +108,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.7.2
+rubygems_version: 3.4.10
+signing_key:
 specification_version: 4
 summary: Security and version scanner for Ruby and JavaScript projects
 test_files: []