@expressots/cli 3.0.0 → 4.0.0-preview.3

package/bin/profile/analyzers/dockerfile-analyzer.d.ts

@@ -0,0 +1,27 @@
+export interface DockerfileAnalysis {
+    baseImage?: string;
+    nodeVersion?: string;
+    layers: number;
+    hasMultiStage: boolean;
+    hasHealthCheck: boolean;
+    hasNonRootUser: boolean;
+    hasDockerignore: boolean;
+    hasNpmInstallWithoutCi: boolean;
+    hasCurlOrWgetWithoutCleanup: boolean;
+    instructions: DockerInstruction[];
+    stages: string[];
+}
+export interface DockerInstruction {
+    line: number;
+    instruction: string;
+    arguments: string;
+    raw: string;
+}
+/**
+ * Analyze a Dockerfile for issues and metrics
+ */
+export declare function analyzeDockerfile(dockerfilePath: string): Promise<DockerfileAnalysis>;
+/**
+ * Parse a specific Dockerfile instruction
+ */
+export declare function parseInstruction(line: string): DockerInstruction | null;

package/bin/profile/analyzers/dockerfile-analyzer.js

@@ -0,0 +1,122 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.parseInstruction = exports.analyzeDockerfile = void 0;
+const fs_1 = __importDefault(require("fs"));
+const path_1 = __importDefault(require("path"));
+/**
+ * Analyze a Dockerfile for issues and metrics
+ */
+async function analyzeDockerfile(dockerfilePath) {
+    const content = fs_1.default.readFileSync(dockerfilePath, "utf-8");
+    const lines = content.split("\n");
+    const instructions = [];
+    const stages = [];
+    let hasMultiStage = false;
+    let hasHealthCheck = false;
+    let hasNonRootUser = false;
+    let hasNpmInstallWithoutCi = false;
+    let hasCurlOrWgetWithoutCleanup = false;
+    let baseImage;
+    let nodeVersion;
+    let runLayerCount = 0;
+    // Parse Dockerfile
+    let currentLine = 0;
+    for (const line of lines) {
+        currentLine++;
+        const trimmed = line.trim();
+        // Skip comments and empty lines
+        if (!trimmed || trimmed.startsWith("#")) {
+            continue;
+        }
+        // Parse instruction
+        const match = trimmed.match(/^(\w+)\s*(.*)/);
+        if (!match)
+            continue;
+        const instruction = match[1].toUpperCase();
+        const args = match[2];
+        instructions.push({
+            line: currentLine,
+            instruction,
+            arguments: args,
+            raw: trimmed,
+        });
+        // Analyze instruction
+        switch (instruction) {
+            case "FROM":
+                if (stages.length > 0) {
+                    hasMultiStage = true;
+                }
+                stages.push(args);
+                // Extract base image info
+                if (!baseImage) {
+                    baseImage = args.split(/\s+/)[0];
+                    // Try to extract Node version
+                    const nodeMatch = baseImage.match(/node:(\d+)/);
+                    if (nodeMatch) {
+                        nodeVersion = nodeMatch[1];
+                    }
+                }
+                break;
+            case "HEALTHCHECK":
+                hasHealthCheck = true;
+                break;
+            case "USER":
+                // Check if non-root user
+                if (args && args !== "root" && args !== "0") {
+                    hasNonRootUser = true;
+                }
+                break;
+            case "RUN":
+                runLayerCount++;
+                // Check for npm install vs npm ci
+                if (args.includes("npm install") && !args.includes("npm ci")) {
+                    hasNpmInstallWithoutCi = true;
+                }
+                // Check for curl/wget without cleanup
+                if ((args.includes("curl") || args.includes("wget")) &&
+                    !args.includes("rm ")) {
+                    hasCurlOrWgetWithoutCleanup = true;
+                }
+                break;
+        }
+    }
+    // Check for .dockerignore
+    const dockerignorePath = path_1.default.join(path_1.default.dirname(dockerfilePath), ".dockerignore");
+    const hasDockerignore = fs_1.default.existsSync(dockerignorePath);
+    return {
+        baseImage,
+        nodeVersion,
+        layers: runLayerCount,
+        hasMultiStage,
+        hasHealthCheck,
+        hasNonRootUser,
+        hasDockerignore,
+        hasNpmInstallWithoutCi,
+        hasCurlOrWgetWithoutCleanup,
+        instructions,
+        stages,
+    };
+}
+exports.analyzeDockerfile = analyzeDockerfile;
+/**
+ * Parse a specific Dockerfile instruction
+ */
+function parseInstruction(line) {
+    const trimmed = line.trim();
+    if (!trimmed || trimmed.startsWith("#")) {
+        return null;
+    }
+    const match = trimmed.match(/^(\w+)\s*(.*)/);
+    if (!match)
+        return null;
+    return {
+        line: 0,
+        instruction: match[1].toUpperCase(),
+        arguments: match[2],
+        raw: trimmed,
+    };
+}
+exports.parseInstruction = parseInstruction;

package/bin/profile/analyzers/image-analyzer.d.ts

@@ -0,0 +1,19 @@
+export interface ImageAnalysis {
+    size: string;
+    layers: number;
+    created: string;
+    os: string;
+    architecture: string;
+    vulnerabilities: Vulnerability[];
+}
+export interface Vulnerability {
+    id: string;
+    severity: "low" | "medium" | "high" | "critical";
+    description: string;
+    package?: string;
+    fixedVersion?: string;
+}
+/**
+ * Analyze a Docker image for size, layers, and vulnerabilities
+ */
+export declare function analyzeImage(imageName: string): Promise<ImageAnalysis>;

package/bin/profile/analyzers/image-analyzer.js

@@ -0,0 +1,85 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.analyzeImage = void 0;
+const child_process_1 = require("child_process");
+/**
+ * Analyze a Docker image for size, layers, and vulnerabilities
+ */
+async function analyzeImage(imageName) {
+    // Get image inspect data
+    let size = "Unknown";
+    let layers = 0;
+    let created = "Unknown";
+    let os = "Unknown";
+    let architecture = "Unknown";
+    try {
+        // Use double quotes for cross-platform compatibility (Windows + Unix)
+        const inspectOutput = (0, child_process_1.execSync)(`docker inspect ${imageName} --format "{{.Size}} {{.Created}} {{.Os}} {{.Architecture}}"`, { encoding: "utf-8", stdio: ["pipe", "pipe", "pipe"] }).trim();
+        const parts = inspectOutput.split(" ");
+        const sizeBytes = parseInt(parts[0], 10);
+        size = formatBytes(sizeBytes);
+        created = parts[1] || "Unknown";
+        os = parts[2] || "linux";
+        architecture = parts[3] || "amd64";
+        // Get layer count - cross-platform (count lines in Node.js instead of wc -l)
+        const historyOutput = (0, child_process_1.execSync)(`docker history ${imageName} --format "{{.ID}}"`, { encoding: "utf-8", stdio: ["pipe", "pipe", "pipe"] }).trim();
+        layers = historyOutput.split("\n").filter((line) => line.trim()).length;
+    }
+    catch (error) {
+        // Docker command failed, image might not exist or Docker not running
+        throw new Error(`Failed to inspect image: ${imageName}`);
+    }
+    // Try to scan for vulnerabilities using Trivy if available
+    const vulnerabilities = [];
+    try {
+        // Check if Trivy is available
+        (0, child_process_1.execSync)("trivy --version", { stdio: ["pipe", "pipe", "pipe"] });
+        // Run Trivy scan
+        const trivyOutput = (0, child_process_1.execSync)(`trivy image --format json --severity HIGH,CRITICAL ${imageName}`, {
+            encoding: "utf-8",
+            stdio: ["pipe", "pipe", "pipe"],
+            maxBuffer: 50 * 1024 * 1024,
+        });
+        const trivyResult = JSON.parse(trivyOutput);
+        if (trivyResult.Results) {
+            for (const result of trivyResult.Results) {
+                if (result.Vulnerabilities) {
+                    for (const vuln of result.Vulnerabilities) {
+                        vulnerabilities.push({
+                            id: vuln.VulnerabilityID,
+                            severity: vuln.Severity?.toLowerCase() || "unknown",
+                            description: vuln.Title ||
+                                vuln.Description ||
+                                "No description",
+                            package: vuln.PkgName,
+                            fixedVersion: vuln.FixedVersion,
+                        });
+                    }
+                }
+            }
+        }
+    }
+    catch {
+        // Trivy not available or scan failed, skip vulnerability scanning
+    }
+    return {
+        size,
+        layers,
+        created,
+        os,
+        architecture,
+        vulnerabilities,
+    };
+}
+exports.analyzeImage = analyzeImage;
+/**
+ * Format bytes to human readable string
+ */
+function formatBytes(bytes) {
+    if (bytes === 0)
+        return "0 B";
+    const k = 1024;
+    const sizes = ["B", "KB", "MB", "GB"];
+    const i = Math.floor(Math.log(bytes) / Math.log(k));
+    return parseFloat((bytes / Math.pow(k, i)).toFixed(2)) + " " + sizes[i];
+}

package/bin/profile/cli.d.ts

@@ -0,0 +1,4 @@
+import { CommandModule } from "yargs";
+type CommandModuleArgs = Record<string, never>;
+declare const profileCommand: () => CommandModule<CommandModuleArgs, any>;
+export { profileCommand };

package/bin/profile/cli.js

@@ -0,0 +1,94 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.profileCommand = void 0;
+const form_1 = require("./form");
+const cli_ui_1 = require("../utils/cli-ui");
+const profileCommand = () => {
+    return {
+        command: "profile <action> [target]",
+        describe: "Analyze and optimize container configurations.",
+        aliases: ["prof", "analyze"],
+        builder: (yargs) => {
+            yargs.positional("action", {
+                choices: ["container", "image", "optimize", "report"],
+                describe: "Action to perform",
+                type: "string",
+                demandOption: true,
+            });
+            yargs.positional("target", {
+                describe: "Target to analyze (Dockerfile path or image name)",
+                type: "string",
+            });
+            yargs.option("dockerfile", {
+                describe: "Path to Dockerfile",
+                type: "string",
+                alias: "f",
+                default: "Dockerfile",
+            });
+            yargs.option("format", {
+                choices: ["text", "json", "html"],
+                describe: "Output format",
+                type: "string",
+                default: "text",
+            });
+            yargs.option("severity", {
+                choices: ["low", "medium", "high", "critical"],
+                describe: "Minimum severity to report",
+                type: "string",
+                default: "low",
+            });
+            yargs.option("auto-fix", {
+                describe: "Automatically apply safe optimizations",
+                type: "boolean",
+                default: false,
+            });
+            yargs.option("output", {
+                describe: "Output file for report",
+                type: "string",
+                alias: "o",
+            });
+            yargs.option("include-security", {
+                describe: "Include security vulnerability scanning",
+                type: "boolean",
+                default: true,
+            });
+            yargs.option("include-size", {
+                describe: "Include size analysis",
+                type: "boolean",
+                default: true,
+            });
+            return yargs;
+        },
+        handler: async (argv) => {
+            const { action, target, dockerfile, format, severity, autoFix, output, includeSecurity, includeSize, } = argv;
+            const options = {
+                target: target,
+                dockerfile,
+                format: format,
+                severity: severity,
+                autoFix,
+                output,
+                includeSecurity,
+                includeSize,
+            };
+            switch (action) {
+                case "container":
+                    await (0, form_1.profileContainer)(options);
+                    break;
+                case "image":
+                    await (0, form_1.profileImage)(options);
+                    break;
+                case "optimize":
+                    await (0, form_1.optimizeContainer)(options);
+                    break;
+                case "report":
+                    await (0, form_1.showProfileReport)(options);
+                    break;
+                default:
+                    (0, cli_ui_1.printError)(`Unknown action: ${action}`, "profile");
+                    process.exit(1);
+            }
+        },
+    };
+};
+exports.profileCommand = profileCommand;

package/bin/profile/form.d.ts

@@ -0,0 +1,56 @@
+export interface ProfileOptions {
+    target?: string;
+    dockerfile: string;
+    format: "text" | "json" | "html";
+    severity: "low" | "medium" | "high" | "critical";
+    autoFix: boolean;
+    output?: string;
+    includeSecurity: boolean;
+    includeSize: boolean;
+}
+export interface ProfileResult {
+    score: number;
+    issues: Issue[];
+    recommendations: Recommendation[];
+    metrics: Metrics;
+}
+export interface Issue {
+    id: string;
+    severity: "low" | "medium" | "high" | "critical";
+    category: "security" | "size" | "performance" | "best-practice";
+    message: string;
+    line?: number;
+    fix?: string;
+}
+export interface Recommendation {
+    priority: "low" | "medium" | "high";
+    category: string;
+    title: string;
+    description: string;
+    impact: string;
+}
+export interface Metrics {
+    estimatedSize?: string;
+    layers?: number;
+    baseImage?: string;
+    nodeVersion?: string;
+    hasMultiStage?: boolean;
+    hasHealthCheck?: boolean;
+    hasNonRootUser?: boolean;
+}
+/**
+ * Profile a Dockerfile for issues and recommendations
+ */
+export declare function profileContainer(options: ProfileOptions): Promise<void>;
+/**
+ * Profile a built Docker image
+ */
+export declare function profileImage(options: ProfileOptions): Promise<void>;
+/**
+ * Generate and optionally apply optimizations
+ */
+export declare function optimizeContainer(options: ProfileOptions): Promise<void>;
+/**
+ * Show a comprehensive profile report
+ */
+export declare function showProfileReport(options: ProfileOptions): Promise<void>;