@herodevs/cli 0.3.1 → 1.0.0-beta.1

package/dist/commands/scan/eol.js

@@ -0,0 +1,71 @@
+import { Command, Flags, ux } from '@oclif/core';
+import { prepareRows, scanForEol } from "../../service/eol/eol.svc.js";
+import { promptComponentDetails } from "../../ui/eol.ui.js";
+import SbomScan from "./sbom.js";
+export default class ScanEol extends Command {
+    static description = 'Scan a given sbom for EOL data';
+    static enableJsonFlag = true;
+    static examples = [
+        '<%= config.bin %> <%= command.id %> --dir=./my-project',
+        '<%= config.bin %> <%= command.id %> --file=path/to/sbom.json',
+    ];
+    static flags = {
+        file: Flags.string({
+            char: 'f',
+            description: 'The file path of an existing cyclonedx sbom to scan for EOL',
+        }),
+        dir: Flags.string({
+            char: 'd',
+            description: 'The directory to scan in order to create a cyclonedx sbom',
+        }),
+        save: Flags.boolean({
+            char: 's',
+            default: false,
+            description: 'Save the generated SBOM as nes.sbom.json in the scanned directory',
+        }),
+    };
+    async run() {
+        this.checkEolScanDisabled();
+        const { flags } = await this.parse(ScanEol);
+        const { dir: _dirFlag, file: _fileFlag } = flags;
+        // Load the SBOM: Only pass the file, dir, and save flags to SbomScan
+        const sbomArgs = SbomScan.getSbomArgs(flags);
+        const sbomCommand = new SbomScan(sbomArgs, this.config);
+        const sbom = await sbomCommand.run();
+        // Scan the SBOM for EOL information
+        const { purls, scan } = await scanForEol(sbom);
+        ux.action.stop('Scan completed');
+        if (!scan?.components) {
+            if (_fileFlag) {
+                throw new Error(`Scan failed to generate for file path: ${_fileFlag}`);
+            }
+            if (_dirFlag) {
+                throw new Error(`Scan failed to generate for dir: ${_dirFlag}`);
+            }
+            throw new Error('Scan failed to generate components.');
+        }
+        const lines = await prepareRows(purls, scan);
+        if (lines?.length === 0) {
+            this.log('No dependencies found');
+            return { components: [] };
+        }
+        const r = await promptComponentDetails(lines);
+        this.log('What now %o', r);
+        return scan;
+    }
+    checkEolScanDisabled(override = true) {
+        // Check if running in beta version or pre v1.0.0
+        const version = this.config.version;
+        const [major] = version.split('.').map(Number);
+        if (version.includes('beta') || major < 1) {
+            this.log(`VERSION=${version}`);
+            throw new Error('The EOL scan feature is not available in beta releases. Please wait for the stable release.');
+        }
+        // Just in case the beta check fails
+        if (override) {
+            this.log(`VERSION=${version}`);
+            this.log('EOL scan is disabled');
+            return { components: [] };
+        }
+    }
+}

package/dist/commands/scan/sbom.d.ts

@@ -0,0 +1,18 @@
+import { Command } from '@oclif/core';
+import type { Sbom } from '../../service/eol/cdx.svc.ts';
+export default class ScanSbom extends Command {
+    static description: string;
+    static enableJsonFlag: boolean;
+    static examples: string[];
+    static flags: {
+        file: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        dir: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        save: import("@oclif/core/interfaces").BooleanFlag<boolean>;
+    };
+    static getSbomArgs(flags: Record<string, string>): string[];
+    getScanOptions(): {};
+    run(): Promise<Sbom>;
+    private _getSbomFromScan;
+    private _getSbomFromFile;
+    private _saveSbom;
+}

package/dist/commands/scan/sbom.js

@@ -0,0 +1,106 @@
+import path from 'node:path';
+import { Command, Flags, ux } from '@oclif/core';
+import fs from 'node:fs';
+import { createSbom, validateIsCycloneDxSbom } from "../../service/eol/eol.svc.js";
+export default class ScanSbom extends Command {
+    static description = 'Scan a SBOM for purls';
+    static enableJsonFlag = true;
+    static examples = [
+        '<%= config.bin %> <%= command.id %> --dir=./my-project',
+        '<%= config.bin %> <%= command.id %> --file=path/to/sbom.json',
+    ];
+    static flags = {
+        file: Flags.string({
+            char: 'f',
+            description: 'The file path of an existing cyclonedx sbom to scan for EOL',
+        }),
+        dir: Flags.string({
+            char: 'd',
+            description: 'The directory to scan in order to create a cyclonedx sbom',
+        }),
+        save: Flags.boolean({
+            char: 's',
+            default: false,
+            description: 'Save the generated SBOM as nes.sbom.json in the scanned directory',
+        }),
+    };
+    static getSbomArgs(flags) {
+        const { dir, file, save } = flags ?? {};
+        const sbomArgs = [];
+        if (file)
+            sbomArgs.push('--file', file);
+        if (dir)
+            sbomArgs.push('--dir', dir);
+        if (save)
+            sbomArgs.push('--save');
+        return sbomArgs;
+    }
+    getScanOptions() {
+        // intentionally provided for mocking
+        return {};
+    }
+    async run() {
+        const { flags } = await this.parse(ScanSbom);
+        const { dir: _dirFlag, save, file: _fileFlag } = flags;
+        // Validate that exactly one of --file or --dir is provided
+        if (_fileFlag && _dirFlag) {
+            throw new Error('Cannot specify both --file and --dir flags. Please use one or the other.');
+        }
+        let sbom;
+        if (_fileFlag) {
+            sbom = this._getSbomFromFile(_fileFlag);
+        }
+        else {
+            const _dir = _dirFlag || process.cwd();
+            sbom = await this._getSbomFromScan(_dir);
+            if (save) {
+                this._saveSbom(_dir, sbom);
+            }
+        }
+        return sbom;
+    }
+    async _getSbomFromScan(_dirFlag) {
+        const dir = path.resolve(_dirFlag);
+        if (!fs.existsSync(dir) || !fs.statSync(dir).isDirectory()) {
+            throw new Error(`Directory not found or not a directory: ${dir}`);
+        }
+        ux.action.start(`Scanning ${dir}`);
+        const options = this.getScanOptions();
+        const sbom = await createSbom(dir, options);
+        if (!sbom) {
+            throw new Error(`SBOM failed to generate for dir: ${dir}`);
+        }
+        return sbom;
+    }
+    _getSbomFromFile(_fileFlag) {
+        const file = path.resolve(_fileFlag);
+        if (!fs.existsSync(file)) {
+            throw new Error(`SBOM file not found: ${file}`);
+        }
+        ux.action.start(`Loading sbom from ${file}`);
+        try {
+            const fileContent = fs.readFileSync(file, {
+                encoding: 'utf8',
+                flag: 'r',
+            });
+            const sbom = JSON.parse(fileContent);
+            validateIsCycloneDxSbom(sbom);
+            return sbom;
+        }
+        catch (error) {
+            const errorMessage = error instanceof Error ? error.message : 'Unknown error';
+            throw new Error(`Failed to read or parse SBOM file: ${errorMessage}`);
+        }
+    }
+    _saveSbom(dir, sbom) {
+        try {
+            const outputPath = path.join(dir, 'nes.sbom.json');
+            fs.writeFileSync(outputPath, JSON.stringify(sbom, null, 2));
+            this.log(`SBOM saved to ${outputPath}`);
+        }
+        catch (error) {
+            const errorMessage = error instanceof Error ? error.message : 'Unknown error';
+            this.warn(`Failed to save SBOM: ${errorMessage}`);
+        }
+    }
+}

package/dist/config/update.d.ts

@@ -0,0 +1,3 @@
+import type { Config } from '@oclif/core';
+export declare const updateConfig: NonNullable<Config['updateConfig']>;
+export default updateConfig;

package/dist/config/update.js

@@ -0,0 +1,7 @@
+export const updateConfig = {
+    autoupdate: {
+        debounce: 24 * 60 * 60 * 1000, // 24 hours in milliseconds
+        rollout: 100, // 100% rollout
+    },
+};
+export default updateConfig;

package/dist/hooks/init/update.d.ts

@@ -0,0 +1,2 @@
+import type { Hook } from '@oclif/core';
+export declare const initUpdate: Hook<'init'>;

package/dist/hooks/init/update.js

@@ -0,0 +1,5 @@
+import updateConfig from '../../config/update.js';
+export const initUpdate = async ({ config }) => {
+    // Apply update configuration
+    Object.assign(config, updateConfig);
+};

package/dist/hooks/prerun/CommandContextHook.d.ts

@@ -0,0 +1,3 @@
+import type { Hook } from '@oclif/core';
+declare const hook: Hook<'prerun'>;
+export default hook;

package/dist/hooks/prerun/CommandContextHook.js

@@ -0,0 +1,8 @@
+import { initOclifLog, log } from "../../service/log.svc.js";
+const hook = async (opts) => {
+    initOclifLog(opts.context.log, opts.context.log, opts.context.debug);
+    log.info = opts.context.log || log.info;
+    log.warn = opts.context.log || log.warn;
+    log.debug = opts.context.debug || log.debug;
+};
+export default hook;

package/dist/index.d.ts

@@ -0,0 +1 @@
+export { run } from '@oclif/core';

package/dist/index.js

@@ -0,0 +1 @@
+export { run } from '@oclif/core';

package/dist/service/committers.svc.d.ts

@@ -0,0 +1,70 @@
+export interface CommitEntry {
+    month: string;
+    author: string;
+}
+export interface AuthorCommitCounts {
+    [author: string]: number;
+}
+export interface MonthlyData {
+    [month: string]: AuthorCommitCounts;
+}
+export interface ReportData {
+    monthly: {
+        [month: string]: {
+            [author: string]: number;
+            total: number;
+        };
+    };
+    overall: {
+        [author: string]: number;
+        total: number;
+    };
+}
+/**
+ * Parses git log output into structured data
+ * @param output - Git log command output
+ * @returns Parsed commit entries
+ */
+export declare function parseGitLogOutput(output: string): CommitEntry[];
+/**
+ * Groups commit data by month
+ * @param entries - Commit entries
+ * @returns Object with months as keys and author commit counts as values
+ */
+export declare function groupCommitsByMonth(entries: CommitEntry[]): MonthlyData;
+/**
+ * Calculates overall commit statistics by author
+ * @param entries - Commit entries
+ * @returns Object with authors as keys and total commit counts as values
+ */
+export declare function calculateOverallStats(entries: CommitEntry[]): AuthorCommitCounts;
+/**
+ * Formats monthly report sections
+ * @param monthlyData - Grouped commit data by month
+ * @returns Formatted monthly report sections
+ */
+export declare function formatMonthlyReport(monthlyData: MonthlyData): string;
+/**
+ * Formats overall statistics section
+ * @param overallStats - Overall commit counts by author
+ * @param grandTotal - Total number of commits
+ * @returns Formatted overall statistics section
+ */
+export declare function formatOverallStats(overallStats: AuthorCommitCounts, grandTotal: number): string;
+/**
+ * Formats the report data as CSV
+ * @param data - The structured report data
+ */
+export declare function formatAsCsv(data: ReportData): string;
+/**
+ * Formats the report data as text
+ * @param data - The structured report data
+ */
+export declare function formatAsText(data: ReportData): string;
+/**
+ * Format output based on user preference
+ * @param output
+ * @param reportData
+ * @returns
+ */
+export declare function formatOutputBasedOnFlag(output: string, reportData: ReportData): string;

package/dist/service/committers.svc.js

@@ -0,0 +1,175 @@
+/**
+ * Parses git log output into structured data
+ * @param output - Git log command output
+ * @returns Parsed commit entries
+ */
+export function parseGitLogOutput(output) {
+    return output
+        .split('\n')
+        .filter(Boolean)
+        .map((line) => {
+        // Remove surrounding double quotes if present (e.g. "March|John Doe" → March|John Doe)
+        const [month, author] = line.replace(/^"(.*)"$/, '$1').split('|');
+        return { month, author };
+    });
+}
+/**
+ * Groups commit data by month
+ * @param entries - Commit entries
+ * @returns Object with months as keys and author commit counts as values
+ */
+export function groupCommitsByMonth(entries) {
+    const result = {};
+    // Group commits by month
+    const commitsByMonth = Object.groupBy(entries, (entry) => entry.month);
+    // Process each month
+    for (const [month, commits] of Object.entries(commitsByMonth)) {
+        if (!commits) {
+            result[month] = {};
+            continue;
+        }
+        // Count commits per author for this month
+        const commitsByAuthor = Object.groupBy(commits, (entry) => entry.author);
+        const authorCounts = {};
+        for (const [author, authorCommits] of Object.entries(commitsByAuthor)) {
+            authorCounts[author] = authorCommits?.length ?? 0;
+        }
+        result[month] = authorCounts;
+    }
+    return result;
+}
+/**
+ * Calculates overall commit statistics by author
+ * @param entries - Commit entries
+ * @returns Object with authors as keys and total commit counts as values
+ */
+export function calculateOverallStats(entries) {
+    const commitsByAuthor = Object.groupBy(entries, (entry) => entry.author);
+    const result = {};
+    // Count commits for each author
+    for (const author in commitsByAuthor) {
+        result[author] = commitsByAuthor[author]?.length ?? 0;
+    }
+    return result;
+}
+/**
+ * Formats monthly report sections
+ * @param monthlyData - Grouped commit data by month
+ * @returns Formatted monthly report sections
+ */
+export function formatMonthlyReport(monthlyData) {
+    const sortedMonths = Object.keys(monthlyData).sort();
+    let report = '';
+    for (const month of sortedMonths) {
+        report += `\n## ${month}\n`;
+        const authors = Object.entries(monthlyData[month]).sort((a, b) => b[1] - a[1]);
+        for (const [author, count] of authors) {
+            report += `${count.toString().padStart(6)}  ${author}\n`;
+        }
+        const monthTotal = authors.reduce((sum, [_, count]) => sum + count, 0);
+        report += `${monthTotal.toString().padStart(6)}  TOTAL\n`;
+    }
+    return report;
+}
+/**
+ * Formats overall statistics section
+ * @param overallStats - Overall commit counts by author
+ * @param grandTotal - Total number of commits
+ * @returns Formatted overall statistics section
+ */
+export function formatOverallStats(overallStats, grandTotal) {
+    let report = '\n## Overall Statistics\n';
+    const sortedStats = Object.entries(overallStats).sort((a, b) => b[1] - a[1]);
+    for (const [author, count] of sortedStats) {
+        report += `${count.toString().padStart(6)}  ${author}\n`;
+    }
+    report += `${grandTotal.toString().padStart(6)}  GRAND TOTAL\n`;
+    return report;
+}
+/**
+ * Formats the report data as CSV
+ * @param data - The structured report data
+ */
+export function formatAsCsv(data) {
+    // First prepare all author names (for columns)
+    const allAuthors = new Set();
+    // Collect all unique author names
+    for (const monthData of Object.values(data.monthly)) {
+        for (const author of Object.keys(monthData)) {
+            if (author !== 'total')
+                allAuthors.add(author);
+        }
+    }
+    const authors = Array.from(allAuthors).sort();
+    // Create CSV header
+    let csv = `Month,${authors.join(',')},Total\n`;
+    // Add monthly data rows
+    const sortedMonths = Object.keys(data.monthly).sort();
+    for (const month of sortedMonths) {
+        csv += month;
+        // Add data for each author
+        for (const author of authors) {
+            const count = data.monthly[month][author] || 0;
+            csv += `,${count}`;
+        }
+        // Add monthly total
+        csv += `,${`${data.monthly[month].total}\n`}`;
+    }
+    // Add overall totals row
+    csv += 'Overall';
+    for (const author of authors) {
+        const count = data.overall[author] || 0;
+        csv += `,${count}`;
+    }
+    csv += `,${data.overall.total}\n`;
+    return csv;
+}
+/**
+ * Formats the report data as text
+ * @param data - The structured report data
+ */
+export function formatAsText(data) {
+    let report = 'Monthly Commit Report\n';
+    // Monthly sections
+    const sortedMonths = Object.keys(data.monthly).sort();
+    for (const month of sortedMonths) {
+        report += `\n## ${month}\n`;
+        const authors = Object.entries(data.monthly[month])
+            .filter(([author]) => author !== 'total')
+            .sort((a, b) => b[1] - a[1]);
+        for (const [author, count] of authors) {
+            report += `${count.toString().padStart(6)}  ${author}\n`;
+        }
+        report += `${data.monthly[month].total.toString().padStart(6)}  TOTAL\n`;
+    }
+    // Overall statistics
+    report += '\n## Overall Statistics\n';
+    const sortedEntries = Object.entries(data.overall)
+        .filter(([author]) => author !== 'total')
+        .sort((a, b) => b[1] - a[1]);
+    for (const [author, count] of sortedEntries) {
+        report += `${count.toString().padStart(6)}  ${author}\n`;
+    }
+    report += `${data.overall.total.toString().padStart(6)}  GRAND TOTAL\n`;
+    return report;
+}
+/**
+ * Format output based on user preference
+ * @param output
+ * @param reportData
+ * @returns
+ */
+export function formatOutputBasedOnFlag(output, reportData) {
+    let formattedOutput;
+    switch (output) {
+        case 'json':
+            formattedOutput = JSON.stringify(reportData, null, 2);
+            break;
+        case 'csv':
+            formattedOutput = formatAsCsv(reportData);
+            break;
+        default:
+            formattedOutput = formatAsText(reportData);
+    }
+    return formattedOutput;
+}

package/dist/service/eol/cdx.svc.d.ts

@@ -0,0 +1,22 @@
+import type { CdxCreator, CdxGenOptions } from './eol.svc.ts';
+export interface SbomEntry {
+    group: string;
+    name: string;
+    purl: string;
+    version: string;
+}
+export interface Sbom {
+    components: SbomEntry[];
+    dependencies: SbomEntry[];
+}
+/**
+ * Lazy loads cdxgen (for ESM purposes), scans
+ * `directory`, and returns the `bomJson` property.
+ */
+export declare function createBomFromDir(directory: string, opts?: CdxGenOptions): Promise<Sbom | undefined>;
+export declare const cdxgen: {
+    createBom: CdxCreator | undefined;
+};
+export declare function getCdxGen(): Promise<{
+    createBom: CdxCreator | undefined;
+}>;

package/dist/service/eol/cdx.svc.js

@@ -0,0 +1,86 @@
+import { log } from "../../service/log.svc.js";
+/**
+ * Lazy loads cdxgen (for ESM purposes), scans
+ * `directory`, and returns the `bomJson` property.
+ */
+export async function createBomFromDir(directory, opts = {}) {
+    const options = {
+        $0: 'cdxgen',
+        _: [],
+        'auto-compositions': true,
+        autoCompositions: true,
+        'data-flow-slices-file': 'data-flow.slices.json',
+        dataFlowSlicesFile: 'data-flow.slices.json',
+        deep: false, // TODO: you def want to check this out
+        'deps-slices-file': 'deps.slices.json',
+        depsSlicesFile: 'deps.slices.json',
+        evidence: false,
+        'export-proto': false,
+        exportProto: false,
+        // DON'T FAIL ON ERROR; you won't get hlepful logs
+        'fail-on-error': false,
+        failOnError: false,
+        false: true,
+        'include-crypto': false,
+        'include-formulation': false,
+        includeCrypto: false,
+        includeFormulation: false,
+        // 'server-host': '127.0.0.1',
+        // serverHost: '127.0.0.1',
+        // 'server-port': '9090',
+        // serverPort: '9090',
+        'install-deps': true,
+        installDeps: true,
+        'min-confidence': 0,
+        minConfidence: 0,
+        multiProject: true,
+        'no-banner': false,
+        noBabel: false,
+        noBanner: false,
+        o: 'bom.json',
+        output: 'bom.json',
+        outputFormat: 'json', // or "xml"
+        // author: ['OWASP Foundation'],
+        profile: 'generic',
+        project: undefined,
+        'project-version': '',
+        projectVersion: '',
+        'proto-bin-file': 'bom.cdx',
+        protoBinFile: 'bom.cdx',
+        r: false,
+        'reachables-slices-file': 'reachables.slices.json',
+        reachablesSlicesFile: 'reachables.slices.json',
+        recurse: false,
+        requiredOnly: false,
+        'semantics-slices-file': 'semantics.slices.json',
+        semanticsSlicesFile: 'semantics.slices.json',
+        'skip-dt-tls-check': true,
+        skipDtTlsCheck: true,
+        'spec-version': 1.6,
+        specVersion: 1.6,
+        'usages-slices-file': 'usages.slices.json',
+        usagesSlicesFile: 'usages.slices.json',
+        validate: true,
+        ...opts,
+    };
+    const { createBom } = await getCdxGen();
+    const sbom = await createBom?.(directory, options);
+    log.info('Successfully generated SBOM');
+    return sbom?.bomJson;
+}
+// use a value holder, for easier mocking
+export const cdxgen = { createBom: undefined };
+export async function getCdxGen() {
+    if (cdxgen.createBom) {
+        return cdxgen;
+    }
+    const ogEnv = process.env.NODE_ENV;
+    process.env.NODE_ENV = undefined;
+    try {
+        cdxgen.createBom = (await import('@cyclonedx/cdxgen')).createBom;
+    }
+    finally {
+        process.env.NODE_ENV = ogEnv;
+    }
+    return cdxgen;
+}

package/dist/service/eol/eol.svc.d.ts

@@ -0,0 +1,34 @@
+import type { ScanResult } from '../../api/types/nes.types.ts';
+import type { Line } from '../line.svc.ts';
+import { type Sbom } from './cdx.svc.ts';
+export interface CdxGenOptions {
+    projectType?: string[];
+}
+export interface ScanOptions {
+    cdxgen?: CdxGenOptions;
+}
+export type CdxCreator = (dir: string, opts: CdxGenOptions) => Promise<{
+    bomJson: Sbom;
+}>;
+export declare function createSbom(directory: string, opts?: ScanOptions): Promise<Sbom>;
+export declare function validateIsCycloneDxSbom(sbom: unknown): asserts sbom is Sbom;
+/**
+ * Main function to scan directory and collect SBOM data
+ */
+export declare function scanForEol(sbom: Sbom): Promise<{
+    purls: string[];
+    scan: ScanResult;
+}>;
+/**
+ * Uses the purls from the sbom to run the scan.
+ */
+export declare function submitScan(purls: string[]): Promise<ScanResult>;
+/**
+ * Work in progress; creates "rows" for each component
+ * based on the model + the scan result from NES.
+ *
+ * The idea being that each row can easily be used for
+ * processing and/or rendering.
+ */
+export declare function prepareRows(purls: string[], scan: ScanResult): Promise<Line[]>;
+export { cdxgen } from './cdx.svc.ts';