@herodevs/cli 1.5.0-beta.3 → 2.0.0-beta.0

package/README.md

@@ -10,6 +10,10 @@ The HeroDevs CLI
 * [@herodevs/cli](#herodevscli)
 <!-- tocstop -->
 
+## TERMS
+
+Use of this CLI is governed by the [HeroDevs End of Life Dataset Terms of Service and Data Policy](https://docs.herodevs.com/legal/end-of-life-dataset-terms).
+
 ## Scanning Behavior
 
 The CLI's scanning commands (`hd scan eol` and `hd scan sbom`) are designed to be non-invasive:
@@ -26,7 +30,7 @@ $ npm install -g @herodevs/cli
 $ hd COMMAND
 running command...
 $ hd (--version)
-@herodevs/cli/1.5.0-beta.3 linux-x64 node-v22.14.0
+@herodevs/cli/2.0.0-beta.0 linux-x64 node-v22.15.0
 $ hd --help [COMMAND]
 USAGE
   $ hd COMMAND
@@ -60,7 +64,7 @@ DESCRIPTION
   Display help for hd.
 ```
 
-_See code: [@oclif/plugin-help](https://github.com/oclif/plugin-help/blob/v6.2.27/src/commands/help.ts)_
+_See code: [@oclif/plugin-help](https://github.com/oclif/plugin-help/blob/v6.2.28/src/commands/help.ts)_
 
 ## `hd report committers`
 
@@ -91,7 +95,7 @@ EXAMPLES
   $ hd report committers --csv
 ```
 
-_See code: [src/commands/report/committers.ts](https://github.com/herodevs/cli/blob/v1.5.0-beta.3/src/commands/report/committers.ts)_
+_See code: [src/commands/report/committers.ts](https://github.com/herodevs/cli/blob/v2.0.0-beta.0/src/commands/report/committers.ts)_
 
 ## `hd report purls`
 
@@ -125,7 +129,7 @@ EXAMPLES
   $ hd report purls --save --csv
 ```
 
-_See code: [src/commands/report/purls.ts](https://github.com/herodevs/cli/blob/v1.5.0-beta.3/src/commands/report/purls.ts)_
+_See code: [src/commands/report/purls.ts](https://github.com/herodevs/cli/blob/v2.0.0-beta.0/src/commands/report/purls.ts)_
 
 ## `hd scan eol`
 
@@ -159,7 +163,7 @@ EXAMPLES
   $ hd scan eol -a --dir=./my-project
 ```
 
-_See code: [src/commands/scan/eol.ts](https://github.com/herodevs/cli/blob/v1.5.0-beta.3/src/commands/scan/eol.ts)_
+_See code: [src/commands/scan/eol.ts](https://github.com/herodevs/cli/blob/v2.0.0-beta.0/src/commands/scan/eol.ts)_
 
 ## `hd scan sbom`
 
@@ -187,7 +191,7 @@ EXAMPLES
   $ hd scan sbom --file=path/to/sbom.json
 ```
 
-_See code: [src/commands/scan/sbom.ts](https://github.com/herodevs/cli/blob/v1.5.0-beta.3/src/commands/scan/sbom.ts)_
+_See code: [src/commands/scan/sbom.ts](https://github.com/herodevs/cli/blob/v2.0.0-beta.0/src/commands/scan/sbom.ts)_
 
 ## `hd update [CHANNEL]`
 
@@ -225,5 +229,5 @@ EXAMPLES
     $ hd update --available
 ```
 
-_See code: [@oclif/plugin-update](https://github.com/oclif/plugin-update/blob/v4.6.38/src/commands/update.ts)_
+_See code: [@oclif/plugin-update](https://github.com/oclif/plugin-update/blob/v4.6.39/src/commands/update.ts)_
 <!-- commandsstop -->

package/bin/dev.js

@@ -1,14 +1,12 @@
 #!/usr/bin/env node
 
-import { execute } from '@oclif/core';
-
-// Localhost
-// process.env.GRAPHQL_HOST = 'http://localhost:3000';
-
-// Dev
 process.env.GRAPHQL_HOST = 'https://api.dev.nes.herodevs.com';
+process.env.EOL_REPORT_URL = 'https://eol-report-card.stage.apps.herodevs.io/reports';
 
-// Prod
-// process.env.GRAPHQL_HOST = 'https://api.nes.herodevs.com';
+import main from './main.js';
 
-await execute({ development: true, dir: import.meta.url });
+try {
+  await main(false);
+} catch (error) {
+  process.exit(1);
+}

package/bin/main.js

@@ -0,0 +1,29 @@
+import { parseArgs } from 'node:util';
+import { execute } from '@oclif/core';
+
+async function main(isProduction = false) {
+  const { positionals } = parseArgs({
+    allowPositionals: true,
+    strict: false, // Don't validate flags
+  });
+
+  // If no arguments at all, default to scan:eol -t
+  if (positionals.length === 0) {
+    process.argv.splice(2, 0, 'scan:eol', '-t');
+  }
+  // If only flags are provided, set scan:eol as the command for those flags
+  else if (positionals.length === 1 && positionals[0].startsWith('-')) {
+    process.argv.splice(2, 0, 'scan:eol');
+  }
+
+  try {
+    await execute({
+      development: !isProduction,
+      dir: new URL('./dev.js', import.meta.url),
+    });
+  } catch (error) {
+    process.exit(1);
+  }
+}
+
+export default main;

package/bin/run.js

@@ -1,5 +1,9 @@
 #!/usr/bin/env node
 
-import { execute } from '@oclif/core';
+import main from './main.js';
 
-await execute({ dir: import.meta.url });
+try {
+  await main(true);
+} catch (error) {
+  process.exit(1);
+}

package/dist/api/nes/nes.client.js

@@ -1,4 +1,5 @@
 import { ApolloClient } from "../../api/client.js";
+import { config } from "../../config/constants.js";
 import { debugLogger } from "../../service/log.svc.js";
 import { SbomScanner, buildScanResult } from "../../service/nes/nes.svc.js";
 import { DEFAULT_SCAN_BATCH_SIZE, DEFAULT_SCAN_INPUT_OPTIONS, } from "../types/hd-cli.types.js";
@@ -21,9 +22,8 @@ export class NesApolloClient {
  * Submit a scan for a list of purls after they've been batched by batchSubmitPurls
  */
 function submitScan(purls, options) {
-    // NOTE: GRAPHQL_HOST is set in `./bin/dev.js` or tests
-    const host = process.env.GRAPHQL_HOST || 'https://api.nes.herodevs.com';
-    const path = process.env.GRAPHQL_PATH || '/graphql';
+    const host = config.graphqlHost;
+    const path = config.graphqlPath;
     const url = host + path;
     const client = new NesApolloClient(url);
     return client.scan.purls(purls, options);
@@ -38,6 +38,7 @@ export const batchSubmitPurls = async (purls, options = DEFAULT_SCAN_INPUT_OPTIO
                 message: 'No batches to process',
                 success: true,
                 warnings: [],
+                scanId: undefined,
             };
         }
         const results = await processBatches(batches, options);

package/dist/api/types/hd-cli.types.d.ts

@@ -19,6 +19,7 @@ export interface ScanResult {
     message: string;
     success: boolean;
     warnings: ScanWarning[];
+    scanId: string | undefined;
 }
 export interface ProcessBatchOptions {
     batch: string[];

package/dist/commands/scan/eol.d.ts

@@ -17,6 +17,7 @@ export default class ScanEol extends Command {
     }>;
     private getScan;
     private getPurlsFromFile;
+    private printWebReportUrl;
     private scanSbom;
     private getFilteredComponents;
     private saveReport;

package/dist/commands/scan/eol.js

@@ -2,10 +2,11 @@ import fs from 'node:fs';
 import path from 'node:path';
 import { Command, Flags, ux } from '@oclif/core';
 import { batchSubmitPurls } from "../../api/nes/nes.client.js";
+import { config } from "../../config/constants.js";
 import { getErrorMessage, isErrnoException } from "../../service/error.svc.js";
 import { extractPurls, parsePurlsFile } from "../../service/purls.svc.js";
 import { createStatusDisplay, createTableForStatus, groupComponentsByStatus } from "../../ui/eol.ui.js";
-import { INDICATORS, STATUS_COLORS } from "../../ui/shared.ui.js";
+import { INDICATORS, SCAN_ID_KEY, STATUS_COLORS } from "../../ui/shared.ui.js";
 import ScanSbom from "./sbom.js";
 export default class ScanEol extends Command {
     static description = 'Scan a given sbom for EOL data';
@@ -61,6 +62,9 @@ export default class ScanEol extends Command {
             else {
                 this.displayResults(scan, flags.all);
             }
+            if (scan.scanId) {
+                this.printWebReportUrl(scan.scanId);
+            }
         }
         return { components };
     }
@@ -82,6 +86,13 @@ export default class ScanEol extends Command {
             this.error(`Failed to read purls file. ${getErrorMessage(error)}`);
         }
     }
+    printWebReportUrl(scanId) {
+        this.logLine();
+        const id = scanId.split(SCAN_ID_KEY)[1];
+        const reportCardUrl = config.eolReportUrl;
+        const url = ux.colorize('blue', `${reportCardUrl}/${id}`);
+        this.log(`🌐 View your free EOL report at: ${ux.colorize('blue', url)}`);
+    }
     async scanSbom(sbom) {
         let scan;
         let purls;

package/dist/config/constants.d.ts

@@ -0,0 +1,8 @@
+export declare const EOL_REPORT_URL = "https://eol-report-card.apps.herodevs.com/reports";
+export declare const GRAPHQL_HOST = "https://api.nes.herodevs.com";
+export declare const GRAPHQL_PATH = "/graphql";
+export declare const config: {
+    eolReportUrl: string;
+    graphqlHost: string;
+    graphqlPath: string;
+};

package/dist/config/constants.js

@@ -0,0 +1,8 @@
+export const EOL_REPORT_URL = 'https://eol-report-card.apps.herodevs.com/reports';
+export const GRAPHQL_HOST = 'https://api.nes.herodevs.com';
+export const GRAPHQL_PATH = '/graphql';
+export const config = {
+    eolReportUrl: process.env.EOL_REPORT_URL || EOL_REPORT_URL,
+    graphqlHost: process.env.GRAPHQL_HOST || GRAPHQL_HOST,
+    graphqlPath: process.env.GRAPHQL_PATH || GRAPHQL_PATH,
+};

package/dist/hooks/npm-update-notifier.d.ts

@@ -2,6 +2,8 @@ import type { Hook } from '@oclif/core';
 import { type UpdateInfo } from 'update-notifier';
 declare const updateNotifierHook: Hook.Init;
 export default updateNotifierHook;
+type DistTag = 'latest' | 'beta' | 'alpha' | 'next';
+export declare function getDistTag(version: string): DistTag;
 export declare function handleUpdate(update: UpdateInfo, currentVersion: string): {
     message: string;
     defer: boolean;

package/dist/hooks/npm-update-notifier.js

@@ -1,23 +1,43 @@
 import updateNotifier, {} from 'update-notifier';
 import pkg from '../../package.json' with { type: 'json' };
+import { debugLogger } from "../service/log.svc.js";
 const updateNotifierHook = async (options) => {
+    debugLogger('pkg.version', pkg.version);
+    const distTag = getDistTag(pkg.version);
+    debugLogger('distTag', distTag);
+    const ONE_DAY_MS = 1000 * 60 * 60 * 24;
+    // If we're on the latest dist-tag, check for updates every time
+    const updateCheckInterval = distTag === 'latest' ? 0 : ONE_DAY_MS;
+    debugLogger('updateCheckInterval', updateCheckInterval);
     const notifier = updateNotifier({
         pkg,
-        updateCheckInterval: 1000 * 60 * 60 * 24, // Check once per day
+        distTag,
+        updateCheckInterval,
+        shouldNotifyInNpmScript: true,
     });
+    debugLogger('updateNotifierHook', { notifier });
     if (notifier.update) {
         const notification = handleUpdate(notifier.update, pkg.version);
+        debugLogger('notification', notification);
         if (notification) {
             notifier.notify(notification);
         }
     }
 };
 export default updateNotifierHook;
+export function getDistTag(version) {
+    if (version.includes('-beta'))
+        return 'beta';
+    if (version.includes('-alpha'))
+        return 'alpha';
+    if (version.includes('-next'))
+        return 'next';
+    return 'latest';
+}
 export function handleUpdate(update, currentVersion) {
-    const isPreV1 = currentVersion.startsWith('0.');
-    const isBeta = currentVersion.includes('-beta') || update.latest.includes('-beta');
-    const isAlpha = currentVersion.includes('-alpha') || update.latest.includes('-alpha');
-    const isNext = currentVersion.includes('-next') || update.latest.includes('-next');
+    const isPreV1 = currentVersion.startsWith('0.') || update.latest.startsWith('0.');
+    const currentDistTag = getDistTag(currentVersion);
+    const updateDistTag = getDistTag(update.latest);
     let message = `Update available! v${currentVersion} → v${update.latest}`;
     /**
      * Show breaking changes warning for:
@@ -28,7 +48,7 @@ export function handleUpdate(update, currentVersion) {
      * [1]https://semver.org/#spec-item-4
      * [2]https://antfu.me/posts/epoch-semver#leading-zero-major-versioning
      */
-    if (isPreV1 || isBeta || isAlpha || isNext || update.type === 'major') {
+    if (isPreV1 || currentDistTag !== 'latest' || updateDistTag !== 'latest' || update.type === 'major') {
         message += '\nThis update may contain breaking changes.';
     }
     // For all other updates (minor, patch), they should be non-breaking

package/dist/service/eol/cdx.svc.d.ts

@@ -1,4 +1,8 @@
 import type { CdxGenOptions } from './eol.svc.ts';
+export interface SbomDependency {
+    ref: string;
+    dependsOn: string[];
+}
 export interface SbomEntry {
     group: string;
     name: string;
@@ -7,7 +11,7 @@ export interface SbomEntry {
 }
 export interface Sbom {
     components: SbomEntry[];
-    dependencies: SbomEntry[];
+    dependencies: SbomDependency[];
 }
 export declare const SBOM_DEFAULT__OPTIONS: {
     $0: string;

package/dist/service/nes/nes.svc.js

@@ -10,6 +10,7 @@ export const buildScanResult = (scan) => {
         message: scan.message,
         success: true,
         warnings: scan.warnings || [],
+        scanId: scan.scanId,
     };
 };
 export const SbomScanner = (client) => async (purls, options) => {

package/dist/service/purls.svc.d.ts

@@ -12,9 +12,9 @@ export declare function formatCsvValue(value: string): string;
  */
 export declare function getPurlOutput(purls: string[], output: string): string;
 /**
- * Translate an SBOM to a list of purls for api request.
+ * Extract all PURLs from a CycloneDX SBOM, including components and dependencies
  */
-export declare function extractPurls(sbom: Sbom): Promise<string[]>;
+export declare function extractPurls(sbom: Sbom): string[];
 /**
  * Parse a purls file in either JSON or text format, including the format of
  * eol.purls.json - { purls: [ 'pkg:npm/express@4.18.2', 'pkg:npm/react@18.3.1' ] }

package/dist/service/purls.svc.js

@@ -21,11 +21,44 @@ export function getPurlOutput(purls, output) {
     }
 }
 /**
- * Translate an SBOM to a list of purls for api request.
+ * Extract PURLs from components recursively
  */
-export async function extractPurls(sbom) {
-    const { components: comps } = sbom;
-    return comps.map((c) => c.purl) ?? [];
+function extractPurlsFromComponents(components, purlSet) {
+    for (const component of components) {
+        if (component.purl) {
+            purlSet.add(component.purl);
+        }
+    }
+}
+/**
+ * Extract PURLs from dependencies
+ */
+function extractPurlsFromDependencies(dependencies, purlSet) {
+    for (const dependency of dependencies) {
+        if (dependency.ref) {
+            purlSet.add(dependency.ref);
+        }
+        if (dependency.dependsOn) {
+            for (const dep of dependency.dependsOn) {
+                purlSet.add(dep);
+            }
+        }
+    }
+}
+/**
+ * Extract all PURLs from a CycloneDX SBOM, including components and dependencies
+ */
+export function extractPurls(sbom) {
+    const purlSet = new Set();
+    // Extract from direct components
+    if (sbom.components) {
+        extractPurlsFromComponents(sbom.components, purlSet);
+    }
+    // Extract from dependencies
+    if (sbom.dependencies) {
+        extractPurlsFromDependencies(sbom.dependencies, purlSet);
+    }
+    return Array.from(purlSet);
 }
 /**
  * Parse a purls file in either JSON or text format, including the format of

package/dist/ui/eol.ui.js

@@ -19,10 +19,10 @@ function getDaysEolString(daysEol) {
     if (daysEol === null) {
         return '';
     }
-    if (daysEol < 0) {
-        return `${Math.abs(daysEol)} days from now`;
+    if (daysEol <= 0) {
+        return `${Math.abs(daysEol) + 1} days from now`;
     }
-    if (daysEol === 0) {
+    if (daysEol > 0) {
         return 'today';
     }
     return `${daysEol} days ago`;

package/dist/ui/shared.ui.d.ts

@@ -3,3 +3,4 @@ export declare const STATUS_COLORS: Record<ComponentStatus, string>;
 export declare const INDICATORS: Record<ComponentStatus, string>;
 export declare const MAX_PURL_LENGTH = 60;
 export declare const MAX_TABLE_COLUMN_WIDTH = 30;
+export declare const SCAN_ID_KEY = "eol-scan-v1-";

package/dist/ui/shared.ui.js

@@ -13,3 +13,4 @@ export const INDICATORS = {
 };
 export const MAX_PURL_LENGTH = 60;
 export const MAX_TABLE_COLUMN_WIDTH = 30;
+export const SCAN_ID_KEY = 'eol-scan-v1-';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@herodevs/cli",
-  "version": "1.5.0-beta.3",
+  "version": "2.0.0-beta.0",
   "author": "HeroDevs, Inc",
   "bin": {
     "hd": "./bin/run.js"
@@ -26,10 +26,6 @@
     "prepack": "oclif manifest && oclif readme",
     "pretest": "npm run lint && npm run typecheck",
     "readme": "npm run ci:fix && npm run build && npm exec oclif readme",
-    "release": "./scripts/release.sh",
-    "pre:release:publish": "npm run prepack && git add README.md",
-    "release:publish:beta": "npm run release -- --publish",
-    "release:publish:latest": "npm run release -- --latest --publish",
     "test": "globstar -- node --import tsx --test \"test/**/*.test.ts\"",
     "test:e2e": "globstar -- node --import tsx --test \"e2e/**/*.test.ts\"",
     "typecheck": "tsc --noEmit"
@@ -41,29 +37,28 @@
   ],
   "dependencies": {
     "@apollo/client": "^3.13.8",
-    "@cyclonedx/cdxgen": "^11.2.5",
+    "@cyclonedx/cdxgen": "^11.2.7",
     "@oclif/core": "^4",
     "@oclif/plugin-help": "^6",
     "@oclif/plugin-update": "^4",
     "@oclif/table": "^0.4.7",
-    "graphql": "^16.8.1",
+    "graphql": "^16.11.0",
     "packageurl-js": "^2.0.1",
     "update-notifier": "^7.3.1"
   },
   "devDependencies": {
     "@biomejs/biome": "^1.8.3",
     "@oclif/test": "^4",
-    "@types/inquirer": "^9.0.7",
+    "@types/inquirer": "^9.0.8",
     "@types/node": "^22",
     "@types/sinon": "^17.0.4",
     "@types/update-notifier": "^6.0.8",
-    "commit-and-tag-version": "^12.5.1",
     "globstar": "^1.0.0",
     "oclif": "^4",
     "shx": "^0.4.0",
     "sinon": "^20.0.0",
     "ts-node": "^10",
-    "tsx": "^4.19.3",
+    "tsx": "^4.19.4",
     "typescript": "^5.8.3"
   },
   "engines": {
@@ -86,7 +81,7 @@
       "@oclif/plugin-update"
     ],
     "hooks": {
-      "init": "./dist/hooks/npm-update-notifier",
+      "init": "./dist/hooks/npm-update-notifier.js",
       "prerun": "./dist/hooks/prerun.js"
     },
     "topicSeparator": " ",