@herodevs/cli 1.5.0-beta.2 → 1.5.0-beta.3

package/README.md

@@ -9,6 +9,16 @@ The HeroDevs CLI
 <!-- toc -->
 * [@herodevs/cli](#herodevscli)
 <!-- tocstop -->
+
+## Scanning Behavior
+
+The CLI's scanning commands (`hd scan eol` and `hd scan sbom`) are designed to be non-invasive:
+
+* They do not install dependencies or modify package manager files (package-lock.json, yarn.lock, etc.)
+* They analyze the project in its current state
+* If you need dependencies installed for accurate scanning, please install them manually before running the scan
+
+
 ## Usage
 <!-- usage -->
 ```sh-session
@@ -16,7 +26,7 @@ $ npm install -g @herodevs/cli
 $ hd COMMAND
 running command...
 $ hd (--version)
-@herodevs/cli/1.5.0-beta.2 linux-x64 node-v22.14.0
+@herodevs/cli/1.5.0-beta.3 linux-x64 node-v22.14.0
 $ hd --help [COMMAND]
 USAGE
   $ hd COMMAND
@@ -63,7 +73,7 @@ USAGE
 FLAGS
   -c, --csv             Output in CSV format
   -m, --months=<value>  [default: 12] The number of months of git history to review
-  -s, --save            Save the committers report as nes.committers.<output>
+  -s, --save            Save the committers report as eol.committers.<output>
 
 GLOBAL FLAGS
   --json  Format output as json.
@@ -81,7 +91,7 @@ EXAMPLES
   $ hd report committers --csv
 ```
 
-_See code: [src/commands/report/committers.ts](https://github.com/herodevs/cli/blob/v1.5.0-beta.2/src/commands/report/committers.ts)_
+_See code: [src/commands/report/committers.ts](https://github.com/herodevs/cli/blob/v1.5.0-beta.3/src/commands/report/committers.ts)_
 
 ## `hd report purls`
 
@@ -95,7 +105,7 @@ FLAGS
   -c, --csv           Save output in CSV format (only applies when using --save)
   -d, --dir=<value>   The directory to scan in order to create a cyclonedx sbom
   -f, --file=<value>  The file path of an existing cyclonedx sbom to scan for EOL
-  -s, --save          Save the list of purls as nes.purls.<output>
+  -s, --save          Save the list of purls as eol.purls.<output>
 
 GLOBAL FLAGS
   --json  Format output as json.
@@ -115,7 +125,7 @@ EXAMPLES
   $ hd report purls --save --csv
 ```
 
-_See code: [src/commands/report/purls.ts](https://github.com/herodevs/cli/blob/v1.5.0-beta.2/src/commands/report/purls.ts)_
+_See code: [src/commands/report/purls.ts](https://github.com/herodevs/cli/blob/v1.5.0-beta.3/src/commands/report/purls.ts)_
 
 ## `hd scan eol`
 
@@ -130,7 +140,7 @@ FLAGS
   -d, --dir=<value>    The directory to scan in order to create a cyclonedx sbom
   -f, --file=<value>   The file path of an existing cyclonedx sbom to scan for EOL
   -p, --purls=<value>  The file path of a list of purls to scan for EOL
-  -s, --save           Save the generated SBOM as nes.sbom.json in the scanned directory
+  -s, --save           Save the generated report as eol.report.json in the scanned directory
   -t, --table          Display the results in a table
 
 GLOBAL FLAGS
@@ -149,7 +159,7 @@ EXAMPLES
   $ hd scan eol -a --dir=./my-project
 ```
 
-_See code: [src/commands/scan/eol.ts](https://github.com/herodevs/cli/blob/v1.5.0-beta.2/src/commands/scan/eol.ts)_
+_See code: [src/commands/scan/eol.ts](https://github.com/herodevs/cli/blob/v1.5.0-beta.3/src/commands/scan/eol.ts)_
 
 ## `hd scan sbom`
 
@@ -163,7 +173,7 @@ FLAGS
   -b, --background    Run the scan in the background
   -d, --dir=<value>   The directory to scan in order to create a cyclonedx sbom
   -f, --file=<value>  The file path of an existing cyclonedx sbom to scan for EOL
-  -s, --save          Save the generated SBOM as nes.sbom.json in the scanned directory
+  -s, --save          Save the generated SBOM as eol.sbom.json in the scanned directory
 
 GLOBAL FLAGS
   --json  Format output as json.
@@ -177,7 +187,7 @@ EXAMPLES
   $ hd scan sbom --file=path/to/sbom.json
 ```
 
-_See code: [src/commands/scan/sbom.ts](https://github.com/herodevs/cli/blob/v1.5.0-beta.2/src/commands/scan/sbom.ts)_
+_See code: [src/commands/scan/sbom.ts](https://github.com/herodevs/cli/blob/v1.5.0-beta.3/src/commands/scan/sbom.ts)_
 
 ## `hd update [CHANNEL]`
 
@@ -215,5 +225,5 @@ EXAMPLES
     $ hd update --available
 ```
 
-_See code: [@oclif/plugin-update](https://github.com/oclif/plugin-update/blob/v4.6.37/src/commands/update.ts)_
+_See code: [@oclif/plugin-update](https://github.com/oclif/plugin-update/blob/v4.6.38/src/commands/update.ts)_
 <!-- commandsstop -->

package/bin/dev.js

@@ -3,10 +3,10 @@
 import { execute } from '@oclif/core';
 
 // Localhost
-process.env.GRAPHQL_HOST = 'http://localhost:3000';
+// process.env.GRAPHQL_HOST = 'http://localhost:3000';
 
 // Dev
-// process.env.GRAPHQL_HOST = 'https://api.dev.nes.herodevs.com';
+process.env.GRAPHQL_HOST = 'https://api.dev.nes.herodevs.com';
 
 // Prod
 // process.env.GRAPHQL_HOST = 'https://api.nes.herodevs.com';

package/dist/commands/report/committers.js

@@ -26,7 +26,7 @@ export default class Committers extends Command {
         }),
         save: Flags.boolean({
             char: 's',
-            description: 'Save the committers report as nes.committers.<output>',
+            description: 'Save the committers report as eol.committers.<output>',
             default: false,
         }),
     };
@@ -46,7 +46,7 @@ export default class Committers extends Command {
                 // JSON mode
                 if (save) {
                     try {
-                        fs.writeFileSync(path.resolve('nes.committers.json'), JSON.stringify(reportData, null, 2));
+                        fs.writeFileSync(path.resolve('eol.committers.json'), JSON.stringify(reportData, null, 2));
                         this.log('Report written to json');
                     }
                     catch (error) {
@@ -61,7 +61,7 @@ export default class Committers extends Command {
                 const csvOutput = formatAsCsv(reportData);
                 if (save) {
                     try {
-                        fs.writeFileSync(path.resolve('nes.committers.csv'), csvOutput);
+                        fs.writeFileSync(path.resolve('eol.committers.csv'), csvOutput);
                         this.log('Report written to csv');
                     }
                     catch (error) {
@@ -75,7 +75,7 @@ export default class Committers extends Command {
             }
             if (save) {
                 try {
-                    fs.writeFileSync(path.resolve('nes.committers.txt'), textOutput);
+                    fs.writeFileSync(path.resolve('eol.committers.txt'), textOutput);
                     this.log('Report written to txt');
                 }
                 catch (error) {

package/dist/commands/report/purls.js

@@ -26,7 +26,7 @@ export default class ReportPurls extends Command {
         save: Flags.boolean({
             char: 's',
             default: false,
-            description: 'Save the list of purls as nes.purls.<output>',
+            description: 'Save the list of purls as eol.purls.<output>',
         }),
         csv: Flags.boolean({
             char: 'c',
@@ -50,7 +50,7 @@ export default class ReportPurls extends Command {
             if (save) {
                 try {
                     const outputFile = csv && !this.jsonEnabled() ? 'csv' : 'json';
-                    const outputPath = path.join(_dirFlag || process.cwd(), `nes.purls.${outputFile}`);
+                    const outputPath = path.join(_dirFlag || process.cwd(), `eol.purls.${outputFile}`);
                     const purlOutput = getPurlOutput(purls, outputFile);
                     fs.writeFileSync(outputPath, purlOutput);
                     this.log('Purls saved to %s', outputPath);

package/dist/commands/scan/eol.js

@@ -32,7 +32,7 @@ export default class ScanEol extends Command {
         save: Flags.boolean({
             char: 's',
             default: false,
-            description: 'Save the generated SBOM as nes.sbom.json in the scanned directory',
+            description: 'Save the generated report as eol.report.json in the scanned directory',
         }),
         all: Flags.boolean({
             char: 'a',
@@ -107,10 +107,10 @@ export default class ScanEol extends Command {
     }
     async saveReport(components) {
         const { flags } = await this.parse(ScanEol);
-        const reportPath = path.join(flags.dir || process.cwd(), 'nes.eol.json');
+        const reportPath = path.join(flags.dir || process.cwd(), 'eol.report.json');
         try {
             fs.writeFileSync(reportPath, JSON.stringify({ components }, null, 2));
-            this.log('Report saved to nes.eol.json');
+            this.log('Report saved to eol.report.json');
         }
         catch (error) {
             if (!isErrnoException(error)) {
@@ -118,10 +118,10 @@ export default class ScanEol extends Command {
             }
             switch (error.code) {
                 case 'EACCES':
-                    this.error('Permission denied. Unable to save report to nes.eol.json');
+                    this.error('Permission denied. Unable to save report to eol.report.json');
                     break;
                 case 'ENOSPC':
-                    this.error('No space left on device. Unable to save report to nes.eol.json');
+                    this.error('No space left on device. Unable to save report to eol.report.json');
                     break;
                 default:
                     this.error(`Failed to save report: ${getErrorMessage(error)}`);

package/dist/commands/scan/sbom.js

@@ -23,7 +23,7 @@ export default class ScanSbom extends Command {
         save: Flags.boolean({
             char: 's',
             default: false,
-            description: 'Save the generated SBOM as nes.sbom.json in the scanned directory',
+            description: 'Save the generated SBOM as eol.sbom.json in the scanned directory',
         }),
         background: Flags.boolean({
             char: 'b',
@@ -72,7 +72,7 @@ export default class ScanSbom extends Command {
         }
         else if (background) {
             this._getSbomInBackground(path);
-            this.log(`The scan is running in the background. The file will be saved at ${path}/nes.sbom.json`);
+            this.log(`The scan is running in the background. The file will be saved at ${path}/eol.sbom.json`);
             return;
         }
         else {
@@ -146,7 +146,7 @@ export default class ScanSbom extends Command {
     }
     _saveSbom(dir, sbom) {
         try {
-            const outputPath = join(dir, 'nes.sbom.json');
+            const outputPath = join(dir, 'eol.sbom.json');
             fs.writeFileSync(outputPath, JSON.stringify(sbom, null, 2));
             if (!this.jsonEnabled()) {
                 this.log(`SBOM saved to ${outputPath}`);

package/dist/service/eol/cdx.svc.d.ts

@@ -29,8 +29,8 @@ export declare const SBOM_DEFAULT__OPTIONS: {
     'include-formulation': boolean;
     includeCrypto: boolean;
     includeFormulation: boolean;
-    'install-deps': boolean;
-    installDeps: boolean;
+    'no-install-deps': boolean;
+    noInstallDeps: boolean;
     'min-confidence': number;
     minConfidence: number;
     multiProject: boolean;

package/dist/service/eol/cdx.svc.js

@@ -21,8 +21,8 @@ export const SBOM_DEFAULT__OPTIONS = {
     'include-formulation': false,
     includeCrypto: false,
     includeFormulation: false,
-    'install-deps': true,
-    installDeps: true,
+    'no-install-deps': true,
+    noInstallDeps: true,
     'min-confidence': 0,
     minConfidence: 0,
     multiProject: true,

package/dist/service/eol/sbom.worker.js

@@ -15,7 +15,7 @@ try {
     const options = JSON.parse(process.argv[2]);
     const { path, opts } = options;
     const { bomJson } = await createBom(path, { ...SBOM_DEFAULT__OPTIONS, ...opts });
-    const outputPath = join(path, 'nes.sbom.json');
+    const outputPath = join(path, 'eol.sbom.json');
     writeFileSync(outputPath, JSON.stringify(bomJson, null, 2));
     process.exit(0);
 }

package/dist/service/purls.svc.d.ts

@@ -17,7 +17,7 @@ export declare function getPurlOutput(purls: string[], output: string): string;
 export declare function extractPurls(sbom: Sbom): Promise<string[]>;
 /**
  * Parse a purls file in either JSON or text format, including the format of
- * nes.purls.json - { purls: [ 'pkg:npm/express@4.18.2', 'pkg:npm/react@18.3.1' ] }
+ * eol.purls.json - { purls: [ 'pkg:npm/express@4.18.2', 'pkg:npm/react@18.3.1' ] }
  * or a text file with one purl per line.
  */
 export declare function parsePurlsFile(purlsFileString: string): string[];

package/dist/service/purls.svc.js

@@ -29,11 +29,16 @@ export async function extractPurls(sbom) {
 }
 /**
  * Parse a purls file in either JSON or text format, including the format of
- * nes.purls.json - { purls: [ 'pkg:npm/express@4.18.2', 'pkg:npm/react@18.3.1' ] }
+ * eol.purls.json - { purls: [ 'pkg:npm/express@4.18.2', 'pkg:npm/react@18.3.1' ] }
  * or a text file with one purl per line.
  */
 export function parsePurlsFile(purlsFileString) {
+    // Handle empty string
+    if (!purlsFileString.trim()) {
+        return [];
+    }
     try {
+        // Try parsing as JSON first
         const parsed = JSON.parse(purlsFileString);
         if (parsed && Array.isArray(parsed.purls)) {
             return parsed.purls;
@@ -43,10 +48,16 @@ export function parsePurlsFile(purlsFileString) {
         }
     }
     catch {
+        // If not JSON, try parsing as text file
         const lines = purlsFileString
             .split('\n')
             .map((line) => line.trim())
             .filter((line) => line.length > 0 && line.startsWith('pkg:'));
+        // Handle single purl case (no newlines)
+        if (lines.length === 0 && purlsFileString.trim().startsWith('pkg:')) {
+            return [purlsFileString.trim()];
+        }
+        // Return any valid purls found
         if (lines.length > 0) {
             return lines;
         }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@herodevs/cli",
-  "version": "1.5.0-beta.2",
+  "version": "1.5.0-beta.3",
   "author": "HeroDevs, Inc",
   "bin": {
     "hd": "./bin/run.js"
@@ -17,7 +17,7 @@
     "ci": "biome ci",
     "ci:fix": "biome check --write",
     "clean": "shx rm -rf dist && npm run clean:files && shx rm -rf node_modules",
-    "clean:files": "shx rm -f nes.**.csv nes.**.json nes.**.text",
+    "clean:files": "shx rm -f eol.**.csv eol.**.json eol.**.text",
     "dev": "npm run build && ./bin/dev.js",
     "dev:debug": "npm run build && DEBUG=oclif:* ./bin/dev.js",
     "format": "biome format --write",
@@ -41,7 +41,7 @@
   ],
   "dependencies": {
     "@apollo/client": "^3.13.8",
-    "@cyclonedx/cdxgen": "^11.2.4",
+    "@cyclonedx/cdxgen": "^11.2.5",
     "@oclif/core": "^4",
     "@oclif/plugin-help": "^6",
     "@oclif/plugin-update": "^4",