@herodevs/cli 2.0.0-beta.7 → 2.0.0-beta.8

package/README.md

@@ -26,9 +26,16 @@ Use of this CLI is governed by the [HeroDevs End of Life Dataset Terms of Servic
 
 The CLI is designed to be non-invasive:
 
-* It does not install dependencies or modify package manager files (package-lock.json, yarn.lock, etc.)
+* It does **not** install dependencies or modify package manager files (package-lock.json, yarn.lock, etc.)
 * It analyzes the project in its current state
-* If you need dependencies installed for accurate scanning, please install them manually before running the scan
+
+## Installing Dependencies Before Use
+
+Some projects and ecosystems require projects to have dependencies installed already, to achieve an accurate scan result. It is **highly** recommended that you install all dependencies of your project to your working directory, before running a scan on your project, to ensure scan accuracy.
+
+### Java Users
+
+Maven and Gradle projects should run an install and build before scanning
 
 ## Usage
 <!-- usage -->
@@ -37,7 +44,7 @@ $ npm install -g @herodevs/cli@beta
 $ hd COMMAND
 running command...
 $ hd (--version)
-@herodevs/cli/2.0.0-beta.7 darwin-arm64 node-v22.18.0
+@herodevs/cli/2.0.0-beta.8 darwin-arm64 node-v22.18.0
 $ hd --help [COMMAND]
 USAGE
   $ hd COMMAND
@@ -49,6 +56,7 @@ USAGE
 * [`hd help [COMMAND]`](#hd-help-command)
 * [`hd scan eol`](#hd-scan-eol)
 * [`hd update [CHANNEL]`](#hd-update-channel)
+  * Only applies to tarball installation. For NPM users, please update using `npm install`
 
 ## `hd help [COMMAND]`
 
@@ -76,13 +84,14 @@ Scan a given SBOM for EOL data
 
 ```
 USAGE
-  $ hd scan eol [--json] [-f <value> | -d <value>] [-s] [--saveSbom]
+  $ hd scan eol [--json] [-f <value> | -d <value>] [-s] [--saveSbom] [--version]
 
 FLAGS
   -d, --dir=<value>   [default: <current directory>] The directory to scan in order to create a cyclonedx SBOM
   -f, --file=<value>  The file path of an existing cyclonedx SBOM to scan for EOL
   -s, --save          Save the generated report as herodevs.report.json in the scanned directory
       --saveSbom      Save the generated SBOM as herodevs.sbom.json in the scanned directory
+      --version       Show CLI version.
 
 GLOBAL FLAGS
   --json  Format output as json.
@@ -112,11 +121,12 @@ EXAMPLES
     $ hd scan eol --json
 ```
 
-_See code: [src/commands/scan/eol.ts](https://github.com/herodevs/cli/blob/v2.0.0-beta.7/src/commands/scan/eol.ts)_
+_See code: [src/commands/scan/eol.ts](https://github.com/herodevs/cli/blob/v2.0.0-beta.8/src/commands/scan/eol.ts)_
 
 ## `hd update [CHANNEL]`
 
 update the hd CLI
+**NOTE:** Only applies to binary installation method. NPM users should use `npm install` to update to the latest version.
 
 ```
 USAGE
@@ -157,7 +167,7 @@ _See code: [@oclif/plugin-update](https://github.com/oclif/plugin-update/blob/v4
 
 You can use `@herodevs/cli` in your CI/CD pipelines to automate EOL scanning.
 
-### Using the Docker Image (recommended)
+### Using the Docker Image (Recommended)
 
 We provide a Docker image that's pre-configured to run EOL scans. Based on [`cdxgen`](https://github.com/CycloneDX/cdxgen),
 it contains build tools for most project types and will provide best results when generating an SBOM. Use these templates to generate a report and save it to your CI job artifact for analysis and processing after your scan runs.
@@ -207,9 +217,9 @@ eol-scan:
       - herodevs.report.json
 ```
 
-### Using `npx`
+### Using `npx` in CI
 
-You can use `npx` to run the CLI just like you'd run it locally.
+You can use `npx` to run the CLI in your CI pipeline, just like you would run it locally.
 
 > [!NOTE]
 > The development environment is expected to be ready to run the app. For best results,

package/bin/dev.js

@@ -4,6 +4,6 @@ import main from './main.js';
 
 try {
   await main(false);
-} catch (error) {
+} catch {
   process.exit(1);
 }

package/bin/main.js

@@ -21,7 +21,7 @@ async function main(isProduction = false) {
       development: !isProduction,
       dir: new URL('./dev.js', import.meta.url),
     });
-  } catch (error) {
+  } catch {
     process.exit(1);
   }
 }

package/bin/run.js

@@ -4,6 +4,6 @@ import main from './main.js';
 
 try {
   await main(true);
-} catch (error) {
+} catch {
   process.exit(1);
 }

package/dist/commands/scan/eol.d.ts

@@ -12,6 +12,7 @@ export default class ScanEol extends Command {
         dir: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
         save: import("@oclif/core/interfaces").BooleanFlag<boolean>;
         saveSbom: import("@oclif/core/interfaces").BooleanFlag<boolean>;
+        version: import("@oclif/core/interfaces").BooleanFlag<void>;
     };
     run(): Promise<EolReport | undefined>;
     private loadSbom;

package/dist/commands/scan/eol.js

@@ -50,6 +50,7 @@ export default class ScanEol extends Command {
             default: false,
             description: `Save the generated SBOM as ${filenamePrefix}.sbom.json in the scanned directory`,
         }),
+        version: Flags.version(),
     };
     async run() {
         const { flags } = await this.parse(ScanEol);

package/dist/hooks/finally/finally.js

@@ -0,0 +1,18 @@
+import ora, {} from 'ora';
+import { track } from "../../service/analytics.svc.js";
+const hook = async (opts) => {
+    const isHelpOrVersionCmd = opts.argv.includes('--help') || opts.argv.includes('--version');
+    let spinner;
+    if (!isHelpOrVersionCmd) {
+        spinner = ora().start('Cleaning up');
+    }
+    const event = track('CLI Session Ended', (context) => ({
+        cli_version: context.cli_version,
+        ended_at: new Date(),
+    })).promise;
+    if (!isHelpOrVersionCmd) {
+        await event;
+        spinner?.stop();
+    }
+};
+export default hook;

package/dist/hooks/{npm-update-notifier.js → init/00_npm-update-notifier.js}

@@ -1,7 +1,7 @@
 import updateNotifier, {} from 'update-notifier';
-import pkg from '../../package.json' with { type: 'json' };
-import { debugLogger } from "../service/log.svc.js";
-const updateNotifierHook = async (options) => {
+import pkg from '../../../package.json' with { type: 'json' };
+import { debugLogger } from "../../service/log.svc.js";
+const updateNotifierHook = async () => {
     debugLogger('pkg.version', pkg.version);
     const distTag = getDistTag(pkg.version);
     debugLogger('distTag', distTag);

package/dist/hooks/init/01_initialize_amplitude.d.ts

@@ -0,0 +1,3 @@
+import type { Hook } from '@oclif/core';
+declare const hook: Hook.Init;
+export default hook;

package/dist/hooks/{prerun.js → init/01_initialize_amplitude.js}

@@ -1,7 +1,6 @@
 import { parseArgs } from 'node:util';
-import debug from 'debug';
-import { initializeAnalytics, track } from "../service/analytics.svc.js";
-const hook = async (opts) => {
+import { initializeAnalytics, track } from "../../service/analytics.svc.js";
+const hook = async () => {
     const args = parseArgs({ allowPositionals: true, strict: false });
     initializeAnalytics();
     track('CLI Command Submitted', (context) => ({
@@ -12,9 +11,5 @@ const hook = async (opts) => {
         cli_version: context.cli_version,
         started_at: context.started_at,
     }));
-    // If JSON flag is enabled, silence debug logging
-    if (opts.Command.prototype.jsonEnabled()) {
-        debug.disable();
-    }
 };
 export default hook;

package/dist/hooks/prerun/prerun.js

@@ -0,0 +1,8 @@
+import debug from 'debug';
+const hook = async (opts) => {
+    // If JSON flag is enabled, silence debug logging
+    if (opts.Command.prototype.jsonEnabled()) {
+        debug.disable();
+    }
+};
+export default hook;

package/dist/service/display.svc.js

@@ -58,8 +58,8 @@ export function formatScanResults(report) {
         ux.colorize('bold', `${report.components.length.toLocaleString()} total packages scanned`),
         getStatusRowText.EOL(`${EOL.toLocaleString().padEnd(5)} End-of-Life (EOL)`),
         getStatusRowText.EOL_UPCOMING(`${EOL_UPCOMING.toLocaleString().padEnd(5)} EOL Upcoming`),
-        getStatusRowText.OK(`${OK.toLocaleString().padEnd(5)} Not End-of-Life`),
-        getStatusRowText.UNKNOWN(`${UNKNOWN.toLocaleString().padEnd(5)} Unknown Status`),
+        getStatusRowText.OK(`${OK.toLocaleString().padEnd(5)} Not End-of-Life (EOL)`),
+        getStatusRowText.UNKNOWN(`${UNKNOWN.toLocaleString().padEnd(5)} Unknown EOL Status`),
         getStatusRowText.UNKNOWN(`${NES_AVAILABLE.toLocaleString().padEnd(5)} HeroDevs NES Remediation${NES_AVAILABLE !== 1 ? 's' : ''} Available`),
     ];
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@herodevs/cli",
-  "version": "2.0.0-beta.7",
+  "version": "2.0.0-beta.8",
   "author": "HeroDevs, Inc",
   "bin": {
     "hd": "./bin/run.js"
@@ -30,7 +30,7 @@
     "test": "globstar -- node --import tsx --test --experimental-test-module-mocks \"test/**/*.test.ts\"",
     "test:e2e": "globstar -- node --import tsx --test \"e2e/**/*.test.ts\"",
     "typecheck": "tsc --noEmit",
-    "version": "oclif manifest && npm run readme"
+    "version": "oclif manifest"
   },
   "keywords": [
     "herodevs",
@@ -87,9 +87,12 @@
       "@oclif/plugin-update"
     ],
     "hooks": {
-      "init": "./dist/hooks/npm-update-notifier.js",
-      "prerun": "./dist/hooks/prerun.js",
-      "finally": "./dist/hooks/finally.js"
+      "init": [
+        "./dist/hooks/init/00_npm-update-notifier.js",
+        "./dist/hooks/init/01_initialize_amplitude.js"
+      ],
+      "prerun": "./dist/hooks/prerun/prerun.js",
+      "finally": "./dist/hooks/finally/finally.js"
     },
     "topicSeparator": " ",
     "macos": {

package/dist/hooks/finally.js

@@ -1,14 +0,0 @@
-import ora from 'ora';
-import { track } from "../service/analytics.svc.js";
-const hook = async (opts) => {
-    const spinner = ora().start('Cleaning up');
-    const event = track('CLI Session Ended', (context) => ({
-        cli_version: context.cli_version,
-        ended_at: new Date(),
-    })).promise;
-    if (!opts.argv.includes('--help')) {
-        await event;
-    }
-    spinner.stop();
-};
-export default hook;