@herodevs/cli 1.0.0-beta.2 → 1.1.0-beta.1

package/README.md

@@ -16,7 +16,7 @@ $ npm install -g @herodevs/cli
 $ hd COMMAND
 running command...
 $ hd (--version)
-@herodevs/cli/1.0.0-beta.2 linux-x64 node-v22.14.0
+@herodevs/cli/1.1.0-beta.1 linux-x64 node-v22.14.0
 $ hd --help [COMMAND]
 USAGE
   $ hd COMMAND
@@ -357,13 +357,12 @@ Generate report of committers to a git repository
 
 ```
 USAGE
-  $ hd report committers [--json] [-m <value>] [-o text|json|csv] [-s]
+  $ hd report committers [--json] [-m <value>] [-c] [-s]
 
 FLAGS
-  -m, --months=<value>   [default: 12] The number of months of git history to review
-  -o, --output=<option>  [default: text] Output format: text, json, or csv
-                         <options: text|json|csv>
-  -s, --save             Save the committers report as nes.committers.<output>
+  -c, --csv             Output in CSV format
+  -m, --months=<value>  [default: 12] The number of months of git history to review
+  -s, --save            Save the committers report as nes.committers.<output>
 
 GLOBAL FLAGS
   --json  Format output as json.
@@ -374,14 +373,14 @@ DESCRIPTION
 EXAMPLES
   $ hd report committers
 
-  $ hd report committers -o csv -s
+  $ hd report committers --csv -s
 
-  $ hd report committers --output=json
+  $ hd report committers --json
 
-  $ hd report committers --output=csv
+  $ hd report committers --csv
 ```
 
-_See code: [src/commands/report/committers.ts](https://github.com/herodevs/cli/blob/v1.0.0-beta.2/src/commands/report/committers.ts)_
+_See code: [src/commands/report/committers.ts](https://github.com/herodevs/cli/blob/v1.1.0-beta.1/src/commands/report/committers.ts)_
 
 ## `hd report purls`
 
@@ -389,14 +388,13 @@ Generate a list of purls from a sbom
 
 ```
 USAGE
-  $ hd report purls [--json] [-f <value>] [-d <value>] [-s] [-o json|csv]
+  $ hd report purls [--json] [-f <value>] [-d <value>] [-s] [-c]
 
 FLAGS
-  -d, --dir=<value>      The directory to scan in order to create a cyclonedx sbom
-  -f, --file=<value>     The file path of an existing cyclonedx sbom to scan for EOL
-  -o, --output=<option>  [default: json] The format of the saved file (when using --save)
-                         <options: json|csv>
-  -s, --save             Save the list of purls as nes.purls.<output>
+  -c, --csv           Save output in CSV format (only applies when using --save)
+  -d, --dir=<value>   The directory to scan in order to create a cyclonedx sbom
+  -f, --file=<value>  The file path of an existing cyclonedx sbom to scan for EOL
+  -s, --save          Save the list of purls as nes.purls.<output>
 
 GLOBAL FLAGS
   --json  Format output as json.
@@ -405,16 +403,18 @@ DESCRIPTION
   Generate a list of purls from a sbom
 
 EXAMPLES
+  $ hd report purls --json -s
+
   $ hd report purls --dir=./my-project
 
   $ hd report purls --file=path/to/sbom.json
 
   $ hd report purls --dir=./my-project --save
 
-  $ hd report purls --save --output=csv
+  $ hd report purls --save --csv
 ```
 
-_See code: [src/commands/report/purls.ts](https://github.com/herodevs/cli/blob/v1.0.0-beta.2/src/commands/report/purls.ts)_
+_See code: [src/commands/report/purls.ts](https://github.com/herodevs/cli/blob/v1.1.0-beta.1/src/commands/report/purls.ts)_
 
 ## `hd scan eol`
 
@@ -441,7 +441,7 @@ EXAMPLES
   $ hd scan eol --file=path/to/sbom.json
 ```
 
-_See code: [src/commands/scan/eol.ts](https://github.com/herodevs/cli/blob/v1.0.0-beta.2/src/commands/scan/eol.ts)_
+_See code: [src/commands/scan/eol.ts](https://github.com/herodevs/cli/blob/v1.1.0-beta.1/src/commands/scan/eol.ts)_
 
 ## `hd scan sbom`
 
@@ -449,9 +449,10 @@ Scan a SBOM for purls
 
 ```
 USAGE
-  $ hd scan sbom [--json] [-f <value>] [-d <value>] [-s]
+  $ hd scan sbom [--json] [-f <value>] [-d <value>] [-s] [-b]
 
 FLAGS
+  -b, --background    Run the scan in the background
   -d, --dir=<value>   The directory to scan in order to create a cyclonedx sbom
   -f, --file=<value>  The file path of an existing cyclonedx sbom to scan for EOL
   -s, --save          Save the generated SBOM as nes.sbom.json in the scanned directory
@@ -468,5 +469,5 @@ EXAMPLES
   $ hd scan sbom --file=path/to/sbom.json
 ```
 
-_See code: [src/commands/scan/sbom.ts](https://github.com/herodevs/cli/blob/v1.0.0-beta.2/src/commands/scan/sbom.ts)_
+_See code: [src/commands/scan/sbom.ts](https://github.com/herodevs/cli/blob/v1.1.0-beta.1/src/commands/scan/sbom.ts)_
 <!-- commandsstop -->

package/bin/dev.js

@@ -5,7 +5,6 @@ process.env.GRAPHQL_HOST = 'http://localhost:3000';
 async function run() {
   const oclif = await import('@oclif/core');
   await oclif.execute({ development: true, dir: import.meta.dirname });
-  console.log('\n\n\n=> OCLIF: Command complete.');
 }
 
 run();

package/dist/commands/report/committers.d.ts

@@ -1,14 +1,15 @@
 import { Command } from '@oclif/core';
+import { type ReportData } from '../../service/committers.svc.ts';
 export default class Committers extends Command {
     static description: string;
     static enableJsonFlag: boolean;
     static examples: string[];
     static flags: {
         months: import("@oclif/core/interfaces").OptionFlag<number, import("@oclif/core/interfaces").CustomOptions>;
-        output: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
+        csv: import("@oclif/core/interfaces").BooleanFlag<boolean>;
         save: import("@oclif/core/interfaces").BooleanFlag<boolean>;
     };
-    run(): Promise<void>;
+    run(): Promise<ReportData | string>;
     /**
      * Generates structured report data
      * @param entries - parsed git log output for commits

package/dist/commands/report/committers.js

@@ -2,15 +2,15 @@ import { spawnSync } from 'node:child_process';
 import { Command, Flags } from '@oclif/core';
 import fs from 'node:fs';
 import path from 'node:path';
-import { calculateOverallStats, formatOutputBasedOnFlag, groupCommitsByMonth, parseGitLogOutput, } from "../../service/committers.svc.js";
+import { calculateOverallStats, formatAsCsv, formatAsText, groupCommitsByMonth, parseGitLogOutput, } from "../../service/committers.svc.js";
 export default class Committers extends Command {
     static description = 'Generate report of committers to a git repository';
     static enableJsonFlag = true;
     static examples = [
         '<%= config.bin %> <%= command.id %>',
-        '<%= config.bin %> <%= command.id %> -o csv -s',
-        '<%= config.bin %> <%= command.id %> --output=json',
-        '<%= config.bin %> <%= command.id %> --output=csv',
+        '<%= config.bin %> <%= command.id %> --csv -s',
+        '<%= config.bin %> <%= command.id %> --json',
+        '<%= config.bin %> <%= command.id %> --csv',
     ];
     static flags = {
         months: Flags.integer({
@@ -18,11 +18,10 @@ export default class Committers extends Command {
             description: 'The number of months of git history to review',
             default: 12,
         }),
-        output: Flags.string({
-            char: 'o',
-            description: 'Output format: text, json, or csv',
-            options: ['text', 'json', 'csv'],
-            default: 'text',
+        csv: Flags.boolean({
+            char: 'c',
+            description: 'Output in CSV format',
+            default: false,
         }),
         save: Flags.boolean({
             char: 's',
@@ -32,24 +31,50 @@ export default class Committers extends Command {
     };
     async run() {
         const { flags } = await this.parse(Committers);
-        const { months, output, save } = flags;
+        const { months, csv, save } = flags;
+        const isJson = this.jsonEnabled();
         const sinceDate = `${months} months ago`;
+        this.log('Starting committers report with flags: %O', flags);
         try {
             // Generate structured report data
             const entries = this.fetchGitCommitData(sinceDate);
+            this.log('Fetched %d commit entries', entries.length);
             const reportData = this.generateReportData(entries);
-            const formattedOutput = formatOutputBasedOnFlag(output, reportData);
-            // Output to file or stdout
+            // Handle different output scenarios
+            if (isJson) {
+                // JSON mode
+                if (save) {
+                    fs.writeFileSync(path.resolve('nes.committers.json'), JSON.stringify(reportData, null, 2));
+                    this.log('Report written to json');
+                }
+                return reportData;
+            }
+            if (csv) {
+                // CSV mode
+                const csvOutput = formatAsCsv(reportData);
+                if (save) {
+                    fs.writeFileSync(path.resolve('nes.committers.csv'), csvOutput);
+                    this.log('Report written to csv');
+                }
+                else {
+                    this.log(csvOutput);
+                }
+                return csvOutput;
+            }
+            // Text mode
+            const textOutput = formatAsText(reportData);
             if (save) {
-                fs.writeFileSync(path.resolve(`nes.committers.${output}`), formattedOutput);
-                this.log(`Report written to ${output}`);
+                fs.writeFileSync(path.resolve('nes.committers.txt'), textOutput);
+                this.log('Report written to txt');
             }
             else {
-                this.log(formattedOutput);
+                this.log(textOutput);
             }
+            return textOutput;
         }
         catch (error) {
             this.error(`Failed to generate report: ${error.message}`);
+            throw error;
         }
     }
     /**

package/dist/commands/report/purls.d.ts

@@ -7,7 +7,9 @@ export default class ReportPurls extends Command {
         file: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
         dir: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
         save: import("@oclif/core/interfaces").BooleanFlag<boolean>;
-        output: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
+        csv: import("@oclif/core/interfaces").BooleanFlag<boolean>;
     };
-    run(): Promise<string[]>;
+    run(): Promise<{
+        purls: string[];
+    }>;
 }

package/dist/commands/report/purls.js

@@ -7,10 +7,11 @@ export default class ReportPurls extends Command {
     static description = 'Generate a list of purls from a sbom';
     static enableJsonFlag = true;
     static examples = [
+        '<%= config.bin %> <%= command.id %> --json -s',
         '<%= config.bin %> <%= command.id %> --dir=./my-project',
         '<%= config.bin %> <%= command.id %> --file=path/to/sbom.json',
         '<%= config.bin %> <%= command.id %> --dir=./my-project --save',
-        '<%= config.bin %> <%= command.id %> --save --output=csv',
+        '<%= config.bin %> <%= command.id %> --save --csv',
     ];
     static flags = {
         file: Flags.string({
@@ -26,41 +27,45 @@ export default class ReportPurls extends Command {
             default: false,
             description: 'Save the list of purls as nes.purls.<output>',
         }),
-        output: Flags.string({
-            char: 'o',
-            options: ['json', 'csv'],
-            default: 'json',
-            description: 'The format of the saved file (when using --save)',
+        csv: Flags.boolean({
+            char: 'c',
+            default: false,
+            description: 'Save output in CSV format (only applies when using --save)',
         }),
     };
     async run() {
         const { flags } = await this.parse(ReportPurls);
-        const { dir: _dirFlag, file: _fileFlag, save, output } = flags;
-        // Load the SBOM: Only pass the file, dir, and save flags to SbomScan
+        const { dir: _dirFlag, file: _fileFlag, save, csv } = flags;
         const sbomArgs = SbomScan.getSbomArgs(flags);
         const sbomCommand = new SbomScan(sbomArgs, this.config);
         const sbom = await sbomCommand.run();
-        // Extract purls from SBOM
+        if (!sbom) {
+            throw new Error('SBOM not generated');
+        }
         const purls = await extractPurls(sbom);
+        this.log('Extracted %d purls from SBOM', purls.length);
         ux.action.stop('Scan completed');
         // Print the purls
-        this.log('Found purls:');
         for (const purl of purls) {
             this.log(purl);
         }
         // Save if requested
         if (save) {
             try {
-                const outputPath = path.join(_dirFlag || process.cwd(), `nes.purls.${output}`);
-                const purlOutput = getPurlOutput(purls, output);
+                const outputFile = csv && !this.jsonEnabled() ? 'csv' : 'json';
+                const outputPath = path.join(_dirFlag || process.cwd(), `nes.purls.${outputFile}`);
+                const purlOutput = getPurlOutput(purls, outputFile);
                 fs.writeFileSync(outputPath, purlOutput);
-                this.log(`\nPurls saved to ${outputPath}`);
+                this.log('Purls saved to %s', outputPath);
             }
             catch (error) {
                 const errorMessage = error && typeof error === 'object' && 'message' in error ? error.message : 'Unknown error';
                 this.warn(`Failed to save purls: ${errorMessage}`);
             }
         }
-        return purls;
+        // Return wrapped object with metadata
+        return {
+            purls,
+        };
     }
 }

package/dist/commands/scan/eol.js

@@ -32,6 +32,9 @@ export default class ScanEol extends Command {
         const sbomArgs = SbomScan.getSbomArgs(flags);
         const sbomCommand = new SbomScan(sbomArgs, this.config);
         const sbom = await sbomCommand.run();
+        if (!sbom) {
+            throw new Error('SBOM not generated');
+        }
         // Scan the SBOM for EOL information
         const { purls, scan } = await scanForEol(sbom);
         ux.action.stop('Scan completed');

package/dist/commands/scan/sbom.d.ts

@@ -8,11 +8,13 @@ export default class ScanSbom extends Command {
         file: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
         dir: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
         save: import("@oclif/core/interfaces").BooleanFlag<boolean>;
+        background: import("@oclif/core/interfaces").BooleanFlag<boolean>;
     };
     static getSbomArgs(flags: Record<string, string>): string[];
     getScanOptions(): {};
-    run(): Promise<Sbom>;
+    run(): Promise<Sbom | undefined>;
     private _getSbomFromScan;
+    private _getSbomInBackground;
     private _getSbomFromFile;
     private _saveSbom;
 }

package/dist/commands/scan/sbom.js

@@ -1,6 +1,7 @@
-import path from 'node:path';
-import { Command, Flags, ux } from '@oclif/core';
+import { spawn } from 'node:child_process';
 import fs from 'node:fs';
+import { join, resolve } from 'node:path';
+import { Command, Flags, ux } from '@oclif/core';
 import { createSbom, validateIsCycloneDxSbom } from "../../service/eol/eol.svc.js";
 export default class ScanSbom extends Command {
     static description = 'Scan a SBOM for purls';
@@ -23,9 +24,14 @@ export default class ScanSbom extends Command {
             default: false,
             description: 'Save the generated SBOM as nes.sbom.json in the scanned directory',
         }),
+        background: Flags.boolean({
+            char: 'b',
+            default: false,
+            description: 'Run the scan in the background',
+        }),
     };
     static getSbomArgs(flags) {
-        const { dir, file, save } = flags ?? {};
+        const { dir, file, save, json, background } = flags ?? {};
         const sbomArgs = [];
         if (file)
             sbomArgs.push('--file', file);
@@ -33,6 +39,10 @@ export default class ScanSbom extends Command {
             sbomArgs.push('--dir', dir);
         if (save)
             sbomArgs.push('--save');
+        if (json)
+            sbomArgs.push('--json');
+        if (background)
+            sbomArgs.push('--background');
         return sbomArgs;
     }
     getScanOptions() {
@@ -41,26 +51,31 @@ export default class ScanSbom extends Command {
     }
     async run() {
         const { flags } = await this.parse(ScanSbom);
-        const { dir: _dirFlag, save, file: _fileFlag } = flags;
+        const { dir, save, file, background } = flags;
         // Validate that exactly one of --file or --dir is provided
-        if (_fileFlag && _dirFlag) {
+        if (file && dir) {
             throw new Error('Cannot specify both --file and --dir flags. Please use one or the other.');
         }
         let sbom;
-        if (_fileFlag) {
-            sbom = this._getSbomFromFile(_fileFlag);
+        const path = dir || process.cwd();
+        if (file) {
+            sbom = this._getSbomFromFile(file);
+        }
+        else if (background) {
+            this._getSbomInBackground(path);
+            this.log(`The scan is running in the background. The file will be saved at ${path}/nes.sbom.json`);
+            return;
         }
         else {
-            const _dir = _dirFlag || process.cwd();
-            sbom = await this._getSbomFromScan(_dir);
+            sbom = await this._getSbomFromScan(path);
             if (save) {
-                this._saveSbom(_dir, sbom);
+                this._saveSbom(path, sbom);
             }
         }
         return sbom;
     }
     async _getSbomFromScan(_dirFlag) {
-        const dir = path.resolve(_dirFlag);
+        const dir = resolve(_dirFlag);
         if (!fs.existsSync(dir) || !fs.statSync(dir).isDirectory()) {
             throw new Error(`Directory not found or not a directory: ${dir}`);
         }
@@ -72,8 +87,23 @@ export default class ScanSbom extends Command {
         }
         return sbom;
     }
+    _getSbomInBackground(path) {
+        const opts = this.getScanOptions();
+        const args = [
+            JSON.stringify({
+                opts,
+                path,
+            }),
+        ];
+        const workerProcess = spawn('node', [join(import.meta.dirname, '../../service/eol/sbom.worker.js'), ...args], {
+            stdio: 'ignore',
+            detached: true,
+            env: { ...process.env },
+        });
+        workerProcess.unref();
+    }
     _getSbomFromFile(_fileFlag) {
-        const file = path.resolve(_fileFlag);
+        const file = resolve(_fileFlag);
         if (!fs.existsSync(file)) {
             throw new Error(`SBOM file not found: ${file}`);
         }
@@ -94,9 +124,11 @@ export default class ScanSbom extends Command {
     }
     _saveSbom(dir, sbom) {
         try {
-            const outputPath = path.join(dir, 'nes.sbom.json');
+            const outputPath = join(dir, 'nes.sbom.json');
             fs.writeFileSync(outputPath, JSON.stringify(sbom, null, 2));
-            this.log(`SBOM saved to ${outputPath}`);
+            if (!this.jsonEnabled()) {
+                this.log(`SBOM saved to ${outputPath}`);
+            }
         }
         catch (error) {
             const errorMessage = error instanceof Error ? error.message : 'Unknown error';

package/dist/hooks/prerun.js

@@ -0,0 +1,8 @@
+import debug from 'debug';
+const hook = async (opts) => {
+    // If JSON flag is enabled, silence debug logging
+    if (opts.Command.prototype.jsonEnabled()) {
+        debug.disable();
+    }
+};
+export default hook;

package/dist/service/eol/cdx.svc.d.ts

@@ -9,6 +9,58 @@ export interface Sbom {
     components: SbomEntry[];
     dependencies: SbomEntry[];
 }
+export declare const SBOM_DEFAULT__OPTIONS: {
+    $0: string;
+    _: never[];
+    'auto-compositions': boolean;
+    autoCompositions: boolean;
+    'data-flow-slices-file': string;
+    dataFlowSlicesFile: string;
+    deep: boolean;
+    'deps-slices-file': string;
+    depsSlicesFile: string;
+    evidence: boolean;
+    'export-proto': boolean;
+    exportProto: boolean;
+    'fail-on-error': boolean;
+    failOnError: boolean;
+    false: boolean;
+    'include-crypto': boolean;
+    'include-formulation': boolean;
+    includeCrypto: boolean;
+    includeFormulation: boolean;
+    'install-deps': boolean;
+    installDeps: boolean;
+    'min-confidence': number;
+    minConfidence: number;
+    multiProject: boolean;
+    'no-banner': boolean;
+    noBabel: boolean;
+    noBanner: boolean;
+    o: string;
+    output: string;
+    outputFormat: string;
+    profile: string;
+    project: undefined;
+    'project-version': string;
+    projectVersion: string;
+    'proto-bin-file': string;
+    protoBinFile: string;
+    r: boolean;
+    'reachables-slices-file': string;
+    reachablesSlicesFile: string;
+    recurse: boolean;
+    requiredOnly: boolean;
+    'semantics-slices-file': string;
+    semanticsSlicesFile: string;
+    'skip-dt-tls-check': boolean;
+    skipDtTlsCheck: boolean;
+    'spec-version': number;
+    specVersion: number;
+    'usages-slices-file': string;
+    usagesSlicesFile: string;
+    validate: boolean;
+};
 /**
  * Lazy loads cdxgen (for ESM purposes), scans
  * `directory`, and returns the `bomJson` property.

package/dist/service/eol/cdx.svc.js

@@ -1,71 +1,66 @@
-import { log } from "../../service/log.svc.js";
+import { debugLogger } from "../../service/log.svc.js";
+export const SBOM_DEFAULT__OPTIONS = {
+    $0: 'cdxgen',
+    _: [],
+    'auto-compositions': true,
+    autoCompositions: true,
+    'data-flow-slices-file': 'data-flow.slices.json',
+    dataFlowSlicesFile: 'data-flow.slices.json',
+    deep: false, // TODO: you def want to check this out
+    'deps-slices-file': 'deps.slices.json',
+    depsSlicesFile: 'deps.slices.json',
+    evidence: false,
+    'export-proto': false,
+    exportProto: false,
+    // DON'T FAIL ON ERROR; you won't get hlepful logs
+    'fail-on-error': false,
+    failOnError: false,
+    false: true,
+    'include-crypto': false,
+    'include-formulation': false,
+    includeCrypto: false,
+    includeFormulation: false,
+    'install-deps': true,
+    installDeps: true,
+    'min-confidence': 0,
+    minConfidence: 0,
+    multiProject: true,
+    'no-banner': false,
+    noBabel: false,
+    noBanner: false,
+    o: 'bom.json',
+    output: 'bom.json',
+    outputFormat: 'json', // or "xml"
+    // author: ['OWASP Foundation'],
+    profile: 'generic',
+    project: undefined,
+    'project-version': '',
+    projectVersion: '',
+    'proto-bin-file': 'bom.cdx',
+    protoBinFile: 'bom.cdx',
+    r: false,
+    'reachables-slices-file': 'reachables.slices.json',
+    reachablesSlicesFile: 'reachables.slices.json',
+    recurse: false,
+    requiredOnly: false,
+    'semantics-slices-file': 'semantics.slices.json',
+    semanticsSlicesFile: 'semantics.slices.json',
+    'skip-dt-tls-check': true,
+    skipDtTlsCheck: true,
+    'spec-version': 1.6,
+    specVersion: 1.6,
+    'usages-slices-file': 'usages.slices.json',
+    usagesSlicesFile: 'usages.slices.json',
+    validate: true,
+};
 /**
  * Lazy loads cdxgen (for ESM purposes), scans
  * `directory`, and returns the `bomJson` property.
  */
 export async function createBomFromDir(directory, opts = {}) {
-    const options = {
-        $0: 'cdxgen',
-        _: [],
-        'auto-compositions': true,
-        autoCompositions: true,
-        'data-flow-slices-file': 'data-flow.slices.json',
-        dataFlowSlicesFile: 'data-flow.slices.json',
-        deep: false, // TODO: you def want to check this out
-        'deps-slices-file': 'deps.slices.json',
-        depsSlicesFile: 'deps.slices.json',
-        evidence: false,
-        'export-proto': false,
-        exportProto: false,
-        // DON'T FAIL ON ERROR; you won't get hlepful logs
-        'fail-on-error': false,
-        failOnError: false,
-        false: true,
-        'include-crypto': false,
-        'include-formulation': false,
-        includeCrypto: false,
-        includeFormulation: false,
-        // 'server-host': '127.0.0.1',
-        // serverHost: '127.0.0.1',
-        // 'server-port': '9090',
-        // serverPort: '9090',
-        'install-deps': true,
-        installDeps: true,
-        'min-confidence': 0,
-        minConfidence: 0,
-        multiProject: true,
-        'no-banner': false,
-        noBabel: false,
-        noBanner: false,
-        o: 'bom.json',
-        output: 'bom.json',
-        outputFormat: 'json', // or "xml"
-        // author: ['OWASP Foundation'],
-        profile: 'generic',
-        project: undefined,
-        'project-version': '',
-        projectVersion: '',
-        'proto-bin-file': 'bom.cdx',
-        protoBinFile: 'bom.cdx',
-        r: false,
-        'reachables-slices-file': 'reachables.slices.json',
-        reachablesSlicesFile: 'reachables.slices.json',
-        recurse: false,
-        requiredOnly: false,
-        'semantics-slices-file': 'semantics.slices.json',
-        semanticsSlicesFile: 'semantics.slices.json',
-        'skip-dt-tls-check': true,
-        skipDtTlsCheck: true,
-        'spec-version': 1.6,
-        specVersion: 1.6,
-        'usages-slices-file': 'usages.slices.json',
-        usagesSlicesFile: 'usages.slices.json',
-        validate: true,
-        ...opts,
-    };
     const { createBom } = await getCdxGen();
-    const sbom = await createBom?.(directory, options);
-    log.info('Successfully generated SBOM');
+    const sbom = await createBom?.(directory, { ...SBOM_DEFAULT__OPTIONS, ...opts });
+    debugLogger('Successfully generated SBOM');
     return sbom?.bomJson;
 }
 // use a value holder, for easier mocking

package/dist/service/eol/eol.svc.js

@@ -1,5 +1,5 @@
 import { NesApolloClient } from "../../api/nes/nes.client.js";
-import { log } from "../../service/log.svc.js";
+import { debugLogger } from "../../service/log.svc.js";
 import { getDaysEolFromEolAt, getStatusFromComponent } from "../line.svc.js";
 import { extractPurls } from "../purls.svc.js";
 import { createBomFromDir } from "./cdx.svc.js";
@@ -7,7 +7,7 @@ export async function createSbom(directory, opts = {}) {
     const sbom = await createBomFromDir(directory, opts.cdxgen || {});
     if (!sbom)
         throw new Error('SBOM not generated');
-    log.info('SBOM generated');
+    debugLogger('SBOM generated');
     return sbom;
 }
 export function validateIsCycloneDxSbom(sbom) {
@@ -60,7 +60,7 @@ export async function prepareRows(purls, scan) {
         if (!details) {
             // In this case, the purl string is in the generated sbom, but the NES/XEOL api has no data
             // TODO: add UNKNOWN Component Status, create new line, and create flag to show/hide unknown results
-            log.debug(`Unknown status: ${purl}.`);
+            debugLogger(`Unknown status: ${purl}.`);
             continue;
         }
         const { info } = details;

package/dist/service/eol/sbom.worker.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/service/eol/sbom.worker.js

@@ -0,0 +1,25 @@
+import { writeFileSync } from 'node:fs';
+import { join } from 'node:path';
+import { createBom } from '@cyclonedx/cdxgen';
+import { SBOM_DEFAULT__OPTIONS } from "./cdx.svc.js";
+process.on('uncaughtException', (err) => {
+    console.error('Uncaught exception:', err.message);
+    process.exit(1);
+});
+process.on('unhandledRejection', (reason) => {
+    console.error('Unhandled rejection:', reason);
+    process.exit(1);
+});
+try {
+    console.log('Sbom worker started');
+    const options = JSON.parse(process.argv[2]);
+    const { path, opts } = options;
+    const { bomJson } = await createBom(path, { ...SBOM_DEFAULT__OPTIONS, ...opts });
+    const outputPath = join(path, 'nes.sbom.json');
+    writeFileSync(outputPath, JSON.stringify(bomJson, null, 2));
+    process.exit(0);
+}
+catch (error) {
+    console.error('Error creating SBOM', error.message);
+    process.exit(1);
+}

package/dist/service/log.svc.d.ts

@@ -1,10 +1,7 @@
+import debug from 'debug';
 /**
- * A simple logging construct when you
- * don't have the command instance handy
+ * A simple debug logger for services.
+ * Services should only use debug logging for development/troubleshooting.
+ * All user-facing output should be handled by commands.
  */
-export declare const log: {
-    info: (_message?: unknown, ...args: unknown[]) => void;
-    warn: (_message?: unknown, ...args: unknown[]) => void;
-    debug: (_message?: unknown, ...args: unknown[]) => void;
-};
-export declare const initOclifLog: (info: (message?: unknown, ...args: unknown[]) => void, warn: (message?: unknown, ...args: unknown[]) => void, debug: (message?: unknown, ...args: unknown[]) => void) => void;
+export declare const debugLogger: debug.Debugger;

package/dist/service/log.svc.js

@@ -1,20 +1,7 @@
+import debug from 'debug';
 /**
- * A simple logging construct when you
- * don't have the command instance handy
+ * A simple debug logger for services.
+ * Services should only use debug logging for development/troubleshooting.
+ * All user-facing output should be handled by commands.
  */
-export const log = {
-    info: (_message, ...args) => {
-        console.log('[default_log]', ...args);
-    },
-    warn: (_message, ...args) => {
-        console.warn('[default_warn]', ...args);
-    },
-    debug: (_message, ...args) => {
-        console.debug('[default_debug]', ...args);
-    },
-};
-export const initOclifLog = (info, warn, debug) => {
-    log.info = info;
-    log.warn = warn;
-    log.debug = debug;
-};
+export const debugLogger = debug('oclif:herodevs-debug');

package/dist/service/nes/nes.svc.js

@@ -1,5 +1,5 @@
 import { M_SCAN } from "../../api/queries/nes/sbom.js";
-import { log } from "../log.svc.js";
+import { debugLogger } from "../log.svc.js";
 export const buildScanResult = (scan) => {
     const components = new Map();
     for (const c of scan.components) {
@@ -16,8 +16,8 @@ export const SbomScanner = (client) => async (purls) => {
     const res = await client.mutate(M_SCAN.gql, { input });
     const scan = res.data?.insights?.scan?.eol;
     if (!scan?.success) {
-        log.info('failed scan %o', scan || {});
-        log.warn('scan failed');
+        debugLogger('failed scan %o', scan || {});
+        debugLogger('scan failed');
         throw new Error('Failed to provide scan: ');
     }
     const result = buildScanResult(scan);

package/dist/service/purls.svc.js

@@ -17,7 +17,7 @@ export function getPurlOutput(purls, output) {
         case 'csv':
             return ['purl', ...purls].map(formatCsvValue).join('\n');
         default:
-            return JSON.stringify(purls, null, 2);
+            return JSON.stringify({ purls }, null, 2);
     }
 }
 /**

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@herodevs/cli",
-  "version": "1.0.0-beta.2",
+  "version": "1.1.0-beta.1",
   "author": "HeroDevs, Inc",
   "bin": {
     "hd": "./bin/run.js"
@@ -19,6 +19,7 @@
     "clean": "shx rm -rf dist && npm run clean:files && shx rm -rf node_modules",
     "clean:files": "shx rm -f nes.**.csv nes.**.json nes.**.text",
     "dev": "npm run build && ./bin/dev.js",
+    "dev:debug": "npm run build && DEBUG=* ./bin/dev.js",
     "format": "biome format --write",
     "lint": "biome lint --write",
     "postpack": "shx rm -f oclif.manifest.json",
@@ -52,6 +53,7 @@
     "oclif": "^4",
     "shx": "^0.3.3",
     "sinon": "^19.0.2",
+    "ts-node": "^10",
     "typescript": "^5.8.0"
   },
   "engines": {
@@ -70,15 +72,12 @@
     "commands": "./dist/commands",
     "plugins": [
       "@oclif/plugin-help",
-      "@oclif/plugin-plugins",
-      "@oclif/plugin-update"
+      "@oclif/plugin-plugins"
     ],
-    "topicSeparator": " ",
-    "update": {
-      "node": {
-        "version": ">=22.0.0"
-      }
-    }
+    "hooks": {
+      "prerun": "./dist/hooks/prerun.js"
+    },
+    "topicSeparator": " "
   },
   "types": "dist/index.d.ts"
 }

package/dist/hooks/init/update.d.ts

@@ -1,2 +0,0 @@
-import type { Hook } from '@oclif/core';
-export declare const initUpdate: Hook<'init'>;

package/dist/hooks/init/update.js

@@ -1,5 +0,0 @@
-import updateConfig from '../../config/update.js';
-export const initUpdate = async ({ config }) => {
-    // Apply update configuration
-    Object.assign(config, updateConfig);
-};

package/dist/hooks/prerun/CommandContextHook.js

@@ -1,8 +0,0 @@
-import { initOclifLog, log } from "../../service/log.svc.js";
-const hook = async (opts) => {
-    initOclifLog(opts.context.log, opts.context.log, opts.context.debug);
-    log.info = opts.context.log || log.info;
-    log.warn = opts.context.log || log.warn;
-    log.debug = opts.context.debug || log.debug;
-};
-export default hook;