@dockerforge/core 0.1.0 → 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -1,14 +1,18 @@
1
1
  # @dockerforge/core
2
2
 
3
- The engine behind DockerForge. Give it a path to a local project and it analyses the stack and
4
- returns a Dockerfile, a `.dockerignore`, and a Compose file, along with a confidence score and a
5
- list of suggested improvements. It also lints existing Dockerfiles.
3
+ The engine behind DockerForge. Generate and lint production-grade Dockerfiles from Node. Offline.
6
4
 
7
- Everything runs offline. The package makes no network calls. It only reads the local filesystem
8
- under the path you give it.
5
+ [![npm](https://img.shields.io/npm/v/@dockerforge/core)](https://www.npmjs.com/package/@dockerforge/core)
6
+ [![license](https://img.shields.io/npm/l/@dockerforge/core)](https://github.com/Mo-ASayed/DockerForge/blob/main/LICENSE)
7
+ [![node](https://img.shields.io/node/v/@dockerforge/core)](https://nodejs.org)
9
8
 
10
- This is the open-source core that [`@dockerforge/cli`](https://www.npmjs.com/package/@dockerforge/cli)
11
- and the DockerForge cloud both build on. Licensed under Apache-2.0.
9
+ Give it a path to a local project and it analyses the stack and returns a Dockerfile, a
10
+ `.dockerignore`, and a Compose file, along with a confidence score and suggested improvements. It
11
+ also lints existing Dockerfiles. The package makes no network calls; it only reads the local
12
+ filesystem under the path you give it.
13
+
14
+ Most people should use the [`@dockerforge/cli`](https://www.npmjs.com/package/@dockerforge/cli)
15
+ command line tool. Use this package when you want to call the engine from your own Node code.
12
16
 
13
17
  ## Install
14
18
 
@@ -40,8 +44,8 @@ console.log(result.improvements); // suggested changes
40
44
  | `optimise` | Set to `false` to skip the optimisation pass. |
41
45
  | `security` | Set to `false` to skip the security pass. |
42
46
 
43
- `projectPath` is required because this package is offline. Ingesting a remote git URL or a zip
44
- lives in the DockerForge cloud, not here.
47
+ `projectPath` is required because this package is offline. Ingesting a remote git URL or a zip is
48
+ part of the hosted product, not this package.
45
49
 
46
50
  ## Lint
47
51
 
@@ -55,34 +59,28 @@ console.log(summary.counts); // { critical, high, medium, low, info }
55
59
  console.log(summary.worst); // the highest severity found, or null
56
60
  ```
57
61
 
58
- You can also lint a string instead of a file:
62
+ Lint a string instead of a file:
59
63
 
60
64
  ```js
61
65
  await core.lint({ dockerfile: 'FROM node\nUSER root\n' });
62
66
  ```
63
67
 
64
- Rules:
65
-
66
- | Id | Check | Severity |
67
- | --- | --- | --- |
68
- | DF001 | Base image is not pinned (no tag, or `:latest`) | high |
69
- | DF002 | Final stage runs as root | high |
70
- | DF003 | `COPY . .` copies the whole build context | high |
71
- | DF004 | `.dockerignore` is missing or does not exclude `.env` | medium |
72
- | DF005 | A secret-like value is hardcoded in `ENV` or `ARG` | critical |
73
- | DF006 | No `WORKDIR` is set in the final stage | low |
68
+ The six rules (`DF001`–`DF006`) are documented in the
69
+ [rules reference](https://github.com/Mo-ASayed/DockerForge/blob/main/docs/rules.md).
74
70
 
75
71
  ## Errors
76
72
 
77
- The package throws typed errors, each carrying a `.code`:
78
-
79
- `PathNotFoundError`, `NotADirectoryError`, `UnsupportedStackError`, `IngestError`, and the base
80
- `DockerForgeError`. They are exported from the package root:
73
+ The package throws typed errors, each carrying a `.code`: `PathNotFoundError`,
74
+ `NotADirectoryError`, `UnsupportedStackError`, `IngestError`, and the base `DockerForgeError`.
75
+ They are exported from the package root:
81
76
 
82
77
  ```js
83
78
  const { PathNotFoundError } = require('@dockerforge/core');
84
79
  ```
85
80
 
81
+ See the [programmatic API guide](https://github.com/Mo-ASayed/DockerForge/blob/main/docs/programmatic.md)
82
+ for the full surface.
83
+
86
84
  ## License
87
85
 
88
86
  Apache-2.0.
package/package.json CHANGED
@@ -1,17 +1,17 @@
1
1
  {
2
2
  "name": "@dockerforge/core",
3
- "version": "0.1.0",
4
- "description": "DockerForge engine: analyse a local project and generate production-grade Dockerfiles, .dockerignore, and Compose. Offline, no network.",
3
+ "version": "0.1.1",
4
+ "description": "DockerForge engine: analyse a local project and generate production-grade Dockerfiles, .dockerignore, and Compose, and lint Dockerfiles. Offline, no network.",
5
5
  "license": "Apache-2.0",
6
6
  "author": "Docker Forge",
7
7
  "homepage": "https://containerise.dev",
8
8
  "repository": {
9
9
  "type": "git",
10
- "url": "git+https://github.com/Mo-ASayed/Apps.git",
11
- "directory": "dockerfile-builder/packages/core"
10
+ "url": "git+https://github.com/Mo-ASayed/DockerForge.git",
11
+ "directory": "packages/core"
12
12
  },
13
13
  "bugs": {
14
- "url": "https://github.com/Mo-ASayed/Apps/issues"
14
+ "url": "https://github.com/Mo-ASayed/DockerForge/issues"
15
15
  },
16
16
  "main": "src/index.js",
17
17
  "files": [
@@ -26,15 +26,15 @@
26
26
  "access": "public"
27
27
  },
28
28
  "scripts": {
29
- "test": "node --test",
30
- "prepack": "node scripts/vendor-engine.js"
29
+ "test": "node --test"
31
30
  },
32
31
  "keywords": [
33
32
  "docker",
34
33
  "dockerfile",
35
34
  "containerize",
36
35
  "generator",
37
- "lint"
36
+ "lint",
37
+ "sarif"
38
38
  ],
39
39
  "dependencies": {
40
40
  "adm-zip": "^0.5.10",
@@ -1,9 +1,9 @@
1
- // backend/src/modules/analysis/analyser.js
1
+ // Part of the @dockerforge/core engine.
2
2
  // Walks the full project tree, finds every service root, analyses each one.
3
3
 
4
4
  const path = require('path');
5
5
  const fs = require('fs-extra');
6
- const { STACKS, DEFAULT_VERSIONS, DEFAULT_PORTS, ROOT_CONFIG_FILES } = require('../../../../shared/constants');
6
+ const { STACKS, DEFAULT_VERSIONS, DEFAULT_PORTS, ROOT_CONFIG_FILES } = require('../constants');
7
7
 
8
8
  // ── Constants ────────────────────────────────────────────────────────────────
9
9
 
@@ -1,4 +1,4 @@
1
- // shared/constants.js
1
+ // constants.js (DockerForge engine shared constants)
2
2
  // Shared between frontend and backend
3
3
 
4
4
  const STACKS = {
@@ -1,7 +1,7 @@
1
- // backend/src/modules/explanation/explainer.js
1
+ // Part of the @dockerforge/core engine.
2
2
  // Turns analysis + result into a human-readable explanation
3
3
 
4
- const { STACKS } = require('../../../../shared/constants');
4
+ const { STACKS } = require('../constants');
5
5
 
6
6
  function buildExplanation(analysis, result, securityNotes) {
7
7
  const stackNames = {
@@ -1,4 +1,4 @@
1
- // backend/src/modules/generation/composeGenerator.js
1
+ // Part of the @dockerforge/core engine.
2
2
  // Takes the same analysisResult shape as generator.js.
3
3
  // Returns { compose: string, improvements: string[] }
4
4
  'use strict';
@@ -1,9 +1,9 @@
1
- // backend/src/modules/generation/generator.js
1
+ // Part of the @dockerforge/core engine.
2
2
  // Accepts { services, sharedDirs } from the analyser.
3
3
  // Produces one Dockerfile (multi-stage if needed) + .dockerignore.
4
4
 
5
5
  const path = require('path');
6
- const { STACKS, BASE_IMAGES } = require('../../../../shared/constants');
6
+ const { STACKS, BASE_IMAGES } = require('../constants');
7
7
  const { isSecretLikeEnvKey, isSecretLikeEnvValue } = require('../security/security');
8
8
 
9
9
  const STATIC_RUNTIME_IMAGE = 'nginx:1.27-alpine';
@@ -1,10 +1,10 @@
1
- // backend/src/modules/ingestion/ingestion.js
1
+ // Part of the @dockerforge/core engine.
2
2
  // Fetches repo file tree + key files via provider APIs — no git binary needed.
3
3
  // Works on Vercel, Railway, Render, etc.
4
4
 
5
5
  const path = require('path');
6
6
  const fs = require('fs-extra');
7
- const { IGNORED_DIRS, ROOT_CONFIG_FILES } = require('../../../../shared/constants');
7
+ const { IGNORED_DIRS, ROOT_CONFIG_FILES } = require('../constants');
8
8
 
9
9
  const IGNORED_SET = new Set(IGNORED_DIRS);
10
10
 
@@ -1,4 +1,4 @@
1
- // backend/src/modules/optimisation/optimiser.js
1
+ // Part of the @dockerforge/core engine.
2
2
  // Post-generation pass: check for obvious wins, add notes
3
3
 
4
4
  function optimise(result, analysis) {
@@ -1,4 +1,4 @@
1
- // backend/src/modules/security/security.js
1
+ // Part of the @dockerforge/core engine.
2
2
  // Checks for common Dockerfile security issues
3
3
 
4
4
  function hasTaggedImage(image) {
package/src/index.js CHANGED
@@ -1,27 +1,20 @@
1
1
  'use strict';
2
2
 
3
- // @dockerforge/core - thin facade (Chunk 0.3).
3
+ // @dockerforge/core - the offline DockerForge engine, public surface.
4
4
  //
5
- // This re-exports the CURRENT engine in backend/src/modules/* UNCHANGED. We do not move
6
- // internals yet (that happens gradually, file-by-file, behind the existing ~600 tests).
7
- // What this file fixes is the PUBLIC SURFACE: it is exactly the contract in
8
- // docs/contracts/core-contract.md. The CLI and the Cloud API code against this, not against
9
- // backend/src/modules paths.
5
+ // Given a path to a local project, it analyses the stack and generates a Dockerfile,
6
+ // a .dockerignore, and a Compose file, and it lints existing Dockerfiles. This file is the
7
+ // stable public API (see docs/contracts/core-contract.md). The engine itself lives under
8
+ // ./engine.
10
9
  //
11
10
  // No-network guarantee: this module performs zero outbound network calls. It only reads the
12
11
  // local filesystem under the resolved project path. Remote ingestion (git URL / zip URL) is
13
- // intentionally NOT exposed here - that adapter lives on the proprietary cloud side.
12
+ // intentionally NOT exposed here - that adapter lives in the proprietary cloud.
14
13
 
15
14
  const path = require('path');
16
15
  const fs = require('fs-extra');
17
16
 
18
- // Engine resolution: a published tarball vendors the engine under ./_engine (see
19
- // scripts/vendor-engine.js, run at prepack). In the monorepo (dev/test) that dir does not
20
- // exist, so we fall back to the canonical backend/ source. Same code either way.
21
- const _vendoredEngine = require('path').join(__dirname, '_engine', 'backend', 'src', 'modules', 'engine.js');
22
- const engine = require('fs').existsSync(_vendoredEngine)
23
- ? require(_vendoredEngine)
24
- : require('../../../backend/src/modules/engine');
17
+ const engine = require('./engine');
25
18
  const errors = require('./errors');
26
19
  const { lint } = require('./lint');
27
20