RubyGems - rubion - Versions diffs - 0.3.10 → 0.3.12 - Mend

rubion 0.3.10 → 0.3.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4c4e3c0ca5fe5a8dcb5e1283bee4f507cd40cce64796bfff6fb261cabc944bc7
-  data.tar.gz: 37b74184805f031a5cb839ab5e0fec28079d3735009db697523b0d90639d01bf
+  metadata.gz: 7dc1bfbae3334e5454a9cc24e15284f6ea266e6ae39c0d897e834cdbd4a060b2
+  data.tar.gz: 99397bc977a084f856a850dbc32401a72d302ce3f55243b4a09f9660224168fd
 SHA512:
-  metadata.gz: e1547c0bcb405af894e41fbe47607045349ceff8359592c02bef854b2ec7f2d5314ac6f4d3334312cc85196a3bd02633696bda509045f5f17c6369093100a9be
-  data.tar.gz: 57cecf15af4f037567c43d4ae38ef6c5c383b7e4ad33bc59ef65515609d1bc45ee376f413097fa8df050aae29177b9a0079c9d4c5a6f3820efac1dd872e0eb15
+  metadata.gz: 78c7ccc9ac63d82a38d704d47f626e3ec1ba08976d10e3efbfe6ef35f5fb15d5424c61219d00034d11cee5e25f77b5a7b971406400e6744e5e005e9e9e9cf87a
+  data.tar.gz: ebda62b7ec502a9e834a41b45953996363289b5c63f3ce3b6da380beaf96dfd47f5476e56f65babca314c3cd01624a5601cf607c4e1bd4884ef704d1be270e99

data/README.md CHANGED Viewed

@@ -1,8 +1,8 @@
-#  Rubion
+# Rubion
 **Rubion** is a security and version scanner for Ruby and JavaScript projects. It helps you identify vulnerabilities and outdated dependencies in your Ruby gems and NPM/JavaScript packages.
-<img width="1237" height="671" alt="Screenshot 2025-11-14 at 10 48 12 am" src="https://github.com/user-attachments/assets/a3d93452-c442-416a-9697-de59746e16ad" />
+<img width="1237" height="671" alt="Screenshot 2025-11-14 at 10 48 12 am" src="https://github.com/user-attachments/assets/a3d93452-c442-416a-9697-de59746e16ad" />
 ## Features
@@ -10,15 +10,19 @@
 - 📦 **Gem Versions**: Identifies outdated Ruby gems with release dates and version counts
 - 📛 **Package Vulnerabilities**: Scans for known security vulnerabilities in NPM/JavaScript packages using `npm audit` or `yarn audit`
 - 📦 **Package Versions**: Identifies outdated NPM/JavaScript packages with release dates and version counts
+- 🎯 **Direct Dependencies**: Highlights direct dependencies (from `Gemfile`/`package.json`) in bold text
+- 🔍 **Filtering**: Option to show only direct dependencies with `--exclude-dependencies` flag
+- 📊 **Sorting**: Sort results by any column (Name, Current, Date, Latest, Behind By(Time), Behind By(Versions))
 - 📊 **Beautiful Reports**: Organized table output with severity icons (🔴 Critical, 🟠 High, 🟡 Medium, 🟢 Low, ⚪ Unknown)
 - 🚀 **Fast & Efficient**: Parallel API processing (10 concurrent threads) for quick results
 - ⚡ **Incremental Output**: Shows gem results immediately, then scans packages
 - 📅 **Release Dates**: Fetches actual release dates from RubyGems.org and NPM registry
 - 🔢 **Version Analysis**: Shows how many versions behind and time difference
+- 📦 **Multi-Package Manager**: Supports both npm and yarn with automatic detection
 ## Installation
-### Install from RubyGems (when published)
+### Install from RubyGems
 ```bash
 gem install rubion
@@ -27,7 +31,7 @@ gem install rubion
 ### Install from source
 ```bash
-git clone https://github.com/yourusername/rubion.git
+git clone https://github.com/bipashant/rubion.git
 cd rubion
 bundle install
 rake install_local
@@ -35,7 +39,7 @@ rake install_local
 ## Usage
-### Scan your project
+### Basic Scan
 Navigate to your project directory and run:
@@ -49,7 +53,7 @@ This will scan your project for:
 - NPM/JavaScript package vulnerabilities (if `package.json` exists)
 - Outdated NPM/JavaScript packages with release dates
-### Scan options
+### Scan Options
 ```bash
 # Scan only Ruby gems (skip NPM packages)
@@ -66,13 +70,57 @@ rubion scan -p
 rubion scan
 ```
-### View help
+### Sorting Options
+```bash
+# Sort by column name (default: "Behind By(Time)" in descending order)
+rubion scan --sort-by Name
+rubion scan --sort-by Current
+rubion scan --sort-by "Current version released on"
+rubion scan --sort-by Latest
+rubion scan --sort-by "Latest version released on"
+rubion scan --sort-by "Behind By(Time)"
+rubion scan --sort-by "Behind By(Versions)"
+# Short form
+rubion scan -s Name
+# Sort in ascending order
+rubion scan --sort-by Name --asc
+rubion scan --sort-by Name --ascending
+# Sort in descending order (default)
+rubion scan --sort-by Name --desc
+rubion scan --sort-by Name --descending
+```
+**Available columns for sorting:**
+- `Name` - Package/gem name
+- `Current` - Current version
+- `Current version released on` or `Date` - Release date of current version
+- `Latest` - Latest version
+- `Latest version released on` or `Date` - Release date of latest version
+- `Behind By(Time)` - Time difference (default sort, descending)
+- `Behind By(Versions)` - Number of versions behind
+### Filtering Options
+```bash
+# Show only direct dependencies (from Gemfile/package.json)
+rubion scan --exclude-dependencies
+```
+Direct dependencies are automatically highlighted in **bold text** in the output.
+### View Help
 ```bash
 rubion help
+# or
+rubion -h
 ```
-### Check version
+### Check Version
 ```bash
 rubion version
@@ -82,6 +130,8 @@ rubion -v
 ## Output Example
+### Complete Scan Output
 ```
 🔍 Scanning project at: /path/to/project
@@ -94,16 +144,22 @@ Gem Vulnerabilities:
 +----------+--------+---------+------------------------------------------+
 | 🔴 Critical | rexml | 3.4.1   | REXML has DoS condition when parsing... |
 | 🟠 High  | rack   | 2.0.8   | Denial of Service vulnerability         |
+| 🟡 Medium | nokogiri | 1.13.8 | XML parsing vulnerability              |
+| 🟢 Low   | json   | 2.6.1   | JSON parsing issue                      |
 +----------+--------+---------+------------------------------------------+
 Gem Versions:
-+----------+---------+-----------+---------+-----------+-----------+----------+
-| Name     | Current | Date      | Latest  | Date      | Behind By | Versions |
-+----------+---------+-----------+---------+-----------+-----------+----------+
-| sidekiq  | 7.30    | 3/5/2024  | 8.1     | 11/11/2025| 1 year    | 15       |
-| fastimage| 2.2.7   | 2/2/2025  | 2.3.2   | 9/9/2025  | 7 months  | 3        |
-+----------+---------+-----------+---------+-----------+-----------+----------+
++------------------+---------+--------------------------+---------+--------------------------+------------------+-------------------+
+| Name             | Current | Current version released on | Latest  | Latest version released on | Behind By(Time) ↓ | Behind By(Versions) |
++------------------+---------+--------------------------+---------+--------------------------+------------------+-------------------+
+| sidekiq          | 7.30    | 3/5/2024                 | 8.1     | 11/11/2025               | 1 year           | 15                |
+| rails             | 7.0.0   | 12/15/2022               | 7.1.0   | 10/4/2024                | 1 year 10 months | 8                 |
+| fastimage         | 2.2.7   | 2/2/2025                  | 2.3.2   | 9/9/2025                 | 7 months         | 3                 |
+| nokogiri          | 1.13.8 | 5/10/2023                 | 1.15.0  | 8/20/2024                | 1 year 3 months  | 12                |
+| redis             | 4.8.0  | 1/15/2023                 | 5.0.0   | 11/1/2024                | 1 year 9 months  | 20                |
+| pg                | 1.4.0  | 3/20/2023                 | 1.5.0   | 9/15/2024                | 1 year 5 months  | 6                 |
++------------------+---------+--------------------------+---------+--------------------------+------------------+-------------------+
 📦 Checking NPM packages... 45/45 ✓
@@ -112,18 +168,44 @@ Package Vulnerabilities:
 +----------+--------+---------+------------------------------------------+
 | Level    | Name   | Version | Vulnerability                            |
 +----------+--------+---------+------------------------------------------+
-| 🟠 High  | moment | 1.2.3   | Wrong timezone date calculation         |
+| 🔴 Critical | lodash | 4.17.20 | Prototype pollution vulnerability    |
+| 🟠 High  | moment | 2.29.1  | Wrong timezone date calculation         |
+| 🟡 Medium | axios  | 0.21.1  | Server-Side Request Forgery (SSRF)      |
+| 🟢 Low   | debug  | 4.3.1   | Regular Expression Denial of Service   |
 +----------+--------+---------+------------------------------------------+
 Package Versions:
-+----------+---------+-----------+---------+-----------+-----------+----------+
-| Name     | Current | Date      | Latest  | Date      | Behind By | Versions |
-+----------+---------+-----------+---------+-----------+-----------+----------+
-| jquery   | 3.7.1   | 4/5/2024  | 3.9.1   | 10/11/2025| 1 year    | 8        |
-+----------+---------+-----------+---------+-----------+-----------+----------+
++------------------+---------+--------------------------+---------+--------------------------+------------------+-------------------+
+| Name             | Current | Current version released on | Latest  | Latest version released on | Behind By(Time) ↓ | Behind By(Versions) |
++------------------+---------+--------------------------+---------+--------------------------+------------------+-------------------+
+| react             | 17.0.2 | 3/3/2021                  | 18.2.0  | 6/14/2023                | 2 years 3 months | 45                |
+| vue               | 3.2.0  | 8/5/2021                  | 3.3.0   | 5/18/2023                | 1 year 9 months  | 8                 |
+| jquery            | 3.7.1  | 4/5/2024                  | 3.9.1   | 10/11/2025               | 1 year           | 8                 |
+| express           | 4.18.0 | 4/25/2022                 | 4.18.2  | 8/15/2023                | 1 year 3 months  | 2                 |
+| webpack           | 5.70.0 | 3/1/2022                  | 5.88.0  | 6/1/2023                 | 1 year 3 months  | 18                |
+| typescript        | 4.7.0  | 5/24/2022                 | 5.1.0   | 5/25/2023                | 1 year           | 12                |
++------------------+---------+--------------------------+---------+--------------------------+------------------+-------------------+
 ```
+### Direct Dependencies Only (with --exclude-dependencies)
+When using `rubion scan --exclude-dependencies`, only direct dependencies are shown:
+```
+Gem Versions:
++----------+---------+--------------------------+---------+--------------------------+------------------+-------------------+
+| Name     | Current | Current version released on | Latest  | Latest version released on | Behind By(Time) ↓ | Behind By(Versions) |
++----------+---------+--------------------------+---------+--------------------------+------------------+-------------------+
+| **rails**| 7.0.0   | 12/15/2022               | 7.1.0   | 10/4/2024                | 1 year 10 months | 8                 |
+| **sidekiq**| 7.30  | 3/5/2024                 | 8.1     | 11/11/2025               | 1 year           | 15                |
+| **pg**   | 1.4.0  | 3/20/2023                 | 1.5.0   | 9/15/2024                | 1 year 5 months  | 6                 |
++----------+---------+--------------------------+---------+--------------------------+------------------+-------------------+
+```
+**Note:** Direct dependencies (from `Gemfile` or `package.json`) are displayed in **bold text** in the version tables. In the example above, `rails`, `sidekiq`, and `pg` are direct dependencies from the `Gemfile`.
 ## Requirements
 - Ruby 2.6 or higher
@@ -131,7 +213,7 @@ Package Versions:
 - NPM or Yarn (optional, for JavaScript package scanning)
 - `bundler-audit` (optional, for enhanced gem vulnerability detection)
-**Note:** If both npm and yarn are available, Rubion will prompt you to choose which one to use.
+**Note:** If both npm and yarn are available, Rubion will prompt you to choose which one to use. You can respond with 'y' for yarn or 'n' for npm.
 ### Installing bundler-audit (recommended)
@@ -141,6 +223,48 @@ gem install bundler-audit
 **Note:** Without `bundler-audit`, gem vulnerability scanning will be skipped.
+## How It Works
+Rubion uses a modular architecture:
+1. **Scanner** (`lib/rubion/scanner.rb`): Executes various commands to scan for vulnerabilities and outdated versions
+   - `bundle-audit check` for gem vulnerabilities
+   - `bundle outdated --parseable` for gem versions
+   - `npm audit --json` or `yarn audit --json` for package vulnerabilities (auto-detects which is available)
+   - `npm outdated --json` or `yarn outdated` for package versions (auto-detects which is available)
+   - Fetches release dates and version data from RubyGems.org and NPM registry APIs
+   - Uses parallel processing (10 concurrent threads) for fast API calls
+   - Prompts user to choose between npm and yarn if both are available
+   - Parses `Gemfile` and `package.json` to identify direct dependencies
+2. **Reporter** (`lib/rubion/reporter.rb`): Formats scan results into beautiful terminal tables using `terminal-table`
+   - Adds severity icons (🔴 🟠 🟡 🟢 ⚪)
+   - Formats dates, time differences, and version counts
+   - Supports incremental output (gems first, then packages)
+   - Highlights direct dependencies in bold text
+   - Supports sorting by any column with visual indicators (↑/↓)
+   - Filters results based on `--exclude-dependencies` flag
+3. **CLI** (`lib/rubion.rb`): Provides the command-line interface
+   - Parses command-line options (`--gems-only`, `--packages-only`, `--sort-by`, `--asc`, `--desc`, `--exclude-dependencies`)
+   - Coordinates scanning and reporting
+For detailed information about data collection and mapping, see [HOW_IT_WORKS.md](HOW_IT_WORKS.md).
+## Performance
+Rubion is optimized for speed:
+- **Parallel API Processing**: Uses 10 concurrent threads to fetch version data from RubyGems.org and NPM registry
+- **Single API Call Per Package**: Fetches all necessary data (dates, version list) in one request
+- **Incremental Output**: Shows gem results immediately, then scans packages (better UX)
+- **Progress Indicators**: Shows real-time progress like "Checking Ruby gems... 10/54"
+Typical scan times:
+- Gems only: ~4-5 seconds (for ~140 gems)
+- Packages only: ~3-4 seconds (for ~50 packages)
+- Both: ~7-9 seconds total
 ## Development
 After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt.
@@ -169,30 +293,6 @@ gem build rubion.gemspec
 rake install_local
 ```
-## How It Works
-Rubion uses a modular architecture:
-1. **Scanner** (`lib/rubion/scanner.rb`): Executes various commands to scan for vulnerabilities and outdated versions
-   - `bundle-audit check` for gem vulnerabilities
-   - `bundle outdated --parseable` for gem versions
-   - `npm audit --json` or `yarn audit --json` for package vulnerabilities (auto-detects which is available)
-   - `npm outdated --json` or `yarn outdated --json` for package versions (auto-detects which is available)
-   - Fetches release dates and version data from RubyGems.org and NPM registry APIs
-   - Uses parallel processing (10 concurrent threads) for fast API calls
-   - Prompts user to choose between npm and yarn if both are available
-2. **Reporter** (`lib/rubion/reporter.rb`): Formats scan results into beautiful terminal tables using `terminal-table`
-   - Adds severity icons (🔴 🟠 🟡 🟢 ⚪)
-   - Formats dates, time differences, and version counts
-   - Supports incremental output (gems first, then packages)
-3. **CLI** (`lib/rubion.rb`): Provides the command-line interface
-   - Parses command-line options (`--gems-only`, `--packages-only`)
-   - Coordinates scanning and reporting
-For detailed information about data collection and mapping, see [HOW_IT_WORKS.md](HOW_IT_WORKS.md).
 ## Extending Rubion
 Rubion is designed to be easily extensible. To add new scanners:
@@ -218,7 +318,7 @@ end
 ## Contributing
-Bug reports and pull requests are welcome on GitHub at https://github.com/yourusername/rubion.
+Bug reports and pull requests are welcome on GitHub at https://github.com/bipashant/rubion.
 1. Fork it
 2. Create your feature branch (`git checkout -b feature/my-new-feature`)
@@ -230,36 +330,16 @@ Bug reports and pull requests are welcome on GitHub at https://github.com/yourus
 The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
-## Code of Conduct
-Everyone interacting in the Rubion project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the code of conduct.
 ## Support
 If you have any questions or need help, please:
-- Open an issue on GitHub
+- Open an issue on GitHub: https://github.com/bipashant/rubion/issues
 - Check the documentation
-- Contact the maintainers
-## Performance
-Rubion is optimized for speed:
-- **Parallel API Processing**: Uses 10 concurrent threads to fetch version data from RubyGems.org and NPM registry
-- **Single API Call Per Package**: Fetches all necessary data (dates, version list) in one request
-- **Incremental Output**: Shows gem results immediately, then scans packages (better UX)
-- **Progress Indicators**: Shows real-time progress like "Checking Ruby gems... 10/54"
-Typical scan times:
-- Gems only: ~4-5 seconds (for ~140 gems)
-- Packages only: ~3-4 seconds (for ~50 packages)
-- Both: ~7-9 seconds total
+- Review the [CHANGELOG.md](CHANGELOG.md) for recent changes
 ## Roadmap
 Future features planned:
-- [ ] Sorting options (by severity, name, date, etc.)
-- [ ] Filtering options (by severity, outdated threshold, etc.)
 - [ ] Export formats (JSON, CSV, HTML)
 - [ ] Summary statistics
 - [ ] Update command suggestions
@@ -275,4 +355,3 @@ Future features planned:
 - Built with [terminal-table](https://github.com/tj/terminal-table)
 - Inspired by tools like `bundle-audit` and `npm audit`

data/lib/rubion/version.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 module Rubion
-  VERSION = "0.3.10"
+  VERSION = "0.3.12"
 end

data/rubion.gemspec CHANGED Viewed

@@ -1,36 +1,36 @@
 # frozen_string_literal: true
-require_relative "lib/rubion/version"
+require_relative 'lib/rubion/version'
 Gem::Specification.new do |spec|
-  spec.name = "rubion"
+  spec.name = 'rubion'
   spec.version = Rubion::VERSION
-  spec.authors = ["bipashant"]
-  spec.email = ["bs_chapagain@hotmail.com"]
+  spec.authors = ['bipashant']
+  spec.email = ['bs_chapagain@hotmail.com']
-  spec.summary = "Security and version scanner for Ruby and JavaScript projects"
-  spec.description = "Rubion scans your project for Ruby gem vulnerabilities, outdated gems, NPM package vulnerabilities, and outdated packages. It provides a clean, organized report with actionable insights."
-  spec.homepage = "https://github.com/bipashant/rubion"
-  spec.license = "MIT"
-  spec.required_ruby_version = ">= 2.6.0"
+  spec.summary = 'Security and version scanner for Ruby and JavaScript projects'
+  spec.description = 'Rubion scans your project for Ruby gem vulnerabilities, outdated gems, NPM package vulnerabilities, and outdated packages. It provides a clean, organized report with actionable insights.'
+  spec.homepage = 'https://github.com/bipashant/rubion'
+  spec.license = 'MIT'
+  spec.required_ruby_version = '>= 2.6.0'
-  spec.metadata["homepage_uri"] = spec.homepage
-  spec.metadata["source_code_uri"] = "https://github.com/bipashant/rubion"
-  spec.metadata["changelog_uri"] = "https://github.com/bipashant/rubion/blob/main/CHANGELOG.md"
-  spec.metadata["bug_tracker_uri"] = "https://github.com/bipashant/rubion/issues"
+  spec.metadata['homepage_uri'] = spec.homepage
+  spec.metadata['source_code_uri'] = 'https://github.com/bipashant/rubion'
+  spec.metadata['changelog_uri'] = 'https://github.com/bipashant/rubion/blob/main/CHANGELOG.md'
+  spec.metadata['bug_tracker_uri'] = 'https://github.com/bipashant/rubion/issues'
+  spec.metadata['rubygems_mfa_required'] = 'true'
   # Specify which files should be added to the gem when it is released.
-  spec.files = Dir.glob("{bin,lib}/**/*") + %w[README.md LICENSE Gemfile rubion.gemspec]
-  spec.bindir = "bin"
-  spec.executables = ["rubion"]
-  spec.require_paths = ["lib"]
+  spec.files = Dir.glob('{bin,lib}/**/*') + %w[README.md LICENSE Gemfile rubion.gemspec]
+  spec.bindir = 'bin'
+  spec.executables = ['rubion']
+  spec.require_paths = ['lib']
   # Runtime dependencies
-  spec.add_dependency "terminal-table", "~> 3.0"
+  spec.add_dependency 'terminal-table', '~> 3.0'
   # Development dependencies
-  spec.add_development_dependency "rake", "~> 13.0"
-  spec.add_development_dependency "rspec", "~> 3.12"
-  spec.add_development_dependency "rubocop", "~> 1.21"
+  spec.add_development_dependency 'rake', '~> 13.0'
+  spec.add_development_dependency 'rspec', '~> 3.12'
+  spec.add_development_dependency 'rubocop', '~> 1.21'
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rubion
 version: !ruby/object:Gem::Version
-  version: 0.3.10
+  version: 0.3.12
 platform: ruby
 authors:
 - bipashant
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-11-14 00:00:00.000000000 Z
+date: 2025-11-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: terminal-table
@@ -93,6 +93,7 @@ metadata:
   source_code_uri: https://github.com/bipashant/rubion
   changelog_uri: https://github.com/bipashant/rubion/blob/main/CHANGELOG.md
   bug_tracker_uri: https://github.com/bipashant/rubion/issues
+  rubygems_mfa_required: 'true'
 post_install_message:
 rdoc_options: []
 require_paths: