@herodevs/cli 2.0.0-beta.7 → 2.0.0-beta.9

package/README.md

@@ -10,13 +10,40 @@ The HeroDevs CLI
 * [@herodevs/cli](#herodevscli)
 <!-- tocstop -->
 
-## Installation Instructions
+### Prerequisites
 
-1. Install node v20 or higher: [Download Node](https://nodejs.org/en/download)
-1. Install the CLI using one of the following methods:
-   * Globally: Refer to the [Usage](#usage) instructions on installing the CLI globally
-   * npx: `npx @herodevs/cli@beta`
-1. Refer to the [Commands](#commands) section for a list of commands
+- Install node v20 or higher: [Download Node](https://nodejs.org/en/download)
+- The HeroDevs CLI expects that you have all required technology installed for the project that you are running the CLI against
+  - For example, if you are running the CLI against a Gradle project, the CLI expects you to have Java installed.
+
+
+### Installation methods
+
+#### Node Package Execute (NPX)
+
+With Node installed, you can run the CLI directly from the npm registry without installing it globally or locally on your system
+
+```sh
+npx @herodevs/cli@beta
+```
+
+#### Global NPM Installation
+
+```sh
+npm install -g @herodevs/cli@beta
+```
+
+#### Binary Installation
+
+HeroDevs CLI is available as a binary installation, without requiring `npm`. To do that, you may either download and run the script manually, or use the following cURL or Wget command:
+
+```sh
+curl -o- https://raw.githubusercontent.com/herodevs/cli/v2.0.0-beta.9/scripts/install.sh | bash
+```
+
+```sh
+wget -qO- https://raw.githubusercontent.com/herodevs/cli/v2.0.0-beta.9/scripts/install.sh | bash
+```
 
 ## TERMS
 
@@ -26,9 +53,16 @@ Use of this CLI is governed by the [HeroDevs End of Life Dataset Terms of Servic
 
 The CLI is designed to be non-invasive:
 
-* It does not install dependencies or modify package manager files (package-lock.json, yarn.lock, etc.)
+* It does **not** install dependencies or modify package manager files (package-lock.json, yarn.lock, etc.)
 * It analyzes the project in its current state
-* If you need dependencies installed for accurate scanning, please install them manually before running the scan
+
+## Installing Dependencies Before Use
+
+Some projects and ecosystems require projects to have dependencies installed already, to achieve an accurate scan result. It is **highly** recommended that you install all dependencies of your project to your working directory, before running a scan on your project, to ensure scan accuracy.
+
+### Java Users
+
+Maven and Gradle projects should run an install and build before scanning
 
 ## Usage
 <!-- usage -->
@@ -37,7 +71,7 @@ $ npm install -g @herodevs/cli@beta
 $ hd COMMAND
 running command...
 $ hd (--version)
-@herodevs/cli/2.0.0-beta.7 darwin-arm64 node-v22.18.0
+@herodevs/cli/2.0.0-beta.9 darwin-arm64 node-v22.18.0
 $ hd --help [COMMAND]
 USAGE
   $ hd COMMAND
@@ -49,6 +83,7 @@ USAGE
 * [`hd help [COMMAND]`](#hd-help-command)
 * [`hd scan eol`](#hd-scan-eol)
 * [`hd update [CHANNEL]`](#hd-update-channel)
+  * **NOTE:** Only applies to [binary installation method](#binary-installation). NPM users should use [`npm install`](#global-npm-installation) to update to the latest version.
 
 ## `hd help [COMMAND]`
 
@@ -76,13 +111,14 @@ Scan a given SBOM for EOL data
 
 ```
 USAGE
-  $ hd scan eol [--json] [-f <value> | -d <value>] [-s] [--saveSbom]
+  $ hd scan eol [--json] [-f <value> | -d <value>] [-s] [--saveSbom] [--version]
 
 FLAGS
   -d, --dir=<value>   [default: <current directory>] The directory to scan in order to create a cyclonedx SBOM
   -f, --file=<value>  The file path of an existing cyclonedx SBOM to scan for EOL
   -s, --save          Save the generated report as herodevs.report.json in the scanned directory
       --saveSbom      Save the generated SBOM as herodevs.sbom.json in the scanned directory
+      --version       Show CLI version.
 
 GLOBAL FLAGS
   --json  Format output as json.
@@ -112,12 +148,14 @@ EXAMPLES
     $ hd scan eol --json
 ```
 
-_See code: [src/commands/scan/eol.ts](https://github.com/herodevs/cli/blob/v2.0.0-beta.7/src/commands/scan/eol.ts)_
+_See code: [src/commands/scan/eol.ts](https://github.com/herodevs/cli/blob/v2.0.0-beta.9/src/commands/scan/eol.ts)_
 
 ## `hd update [CHANNEL]`
 
 update the hd CLI
 
+* **NOTE:** Only applies to [binary installation method](#binary-installation). NPM users should use [`npm install`](#global-npm-installation) to update to the latest version.
+
 ```
 USAGE
   $ hd update [CHANNEL] [--force |  | [-a | -v <value> | -i]] [-b ]
@@ -157,7 +195,7 @@ _See code: [@oclif/plugin-update](https://github.com/oclif/plugin-update/blob/v4
 
 You can use `@herodevs/cli` in your CI/CD pipelines to automate EOL scanning.
 
-### Using the Docker Image (recommended)
+### Using the Docker Image (Recommended)
 
 We provide a Docker image that's pre-configured to run EOL scans. Based on [`cdxgen`](https://github.com/CycloneDX/cdxgen),
 it contains build tools for most project types and will provide best results when generating an SBOM. Use these templates to generate a report and save it to your CI job artifact for analysis and processing after your scan runs.
@@ -207,9 +245,9 @@ eol-scan:
       - herodevs.report.json
 ```
 
-### Using `npx`
+### Using `npx` in CI
 
-You can use `npx` to run the CLI just like you'd run it locally.
+You can use `npx` to run the CLI in your CI pipeline, just like you would run it locally.
 
 > [!NOTE]
 > The development environment is expected to be ready to run the app. For best results,

package/bin/dev.js

@@ -4,6 +4,6 @@ import main from './main.js';
 
 try {
   await main(false);
-} catch (error) {
+} catch {
   process.exit(1);
 }

package/bin/main.js

@@ -21,7 +21,7 @@ async function main(isProduction = false) {
       development: !isProduction,
       dir: new URL('./dev.js', import.meta.url),
     });
-  } catch (error) {
+  } catch {
     process.exit(1);
   }
 }

package/bin/run.js

@@ -4,6 +4,6 @@ import main from './main.js';
 
 try {
   await main(true);
-} catch (error) {
+} catch {
   process.exit(1);
 }

package/dist/commands/scan/eol.d.ts

@@ -12,6 +12,7 @@ export default class ScanEol extends Command {
         dir: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
         save: import("@oclif/core/interfaces").BooleanFlag<boolean>;
         saveSbom: import("@oclif/core/interfaces").BooleanFlag<boolean>;
+        version: import("@oclif/core/interfaces").BooleanFlag<void>;
     };
     run(): Promise<EolReport | undefined>;
     private loadSbom;

package/dist/commands/scan/eol.js

@@ -50,6 +50,7 @@ export default class ScanEol extends Command {
             default: false,
             description: `Save the generated SBOM as ${filenamePrefix}.sbom.json in the scanned directory`,
         }),
+        version: Flags.version(),
     };
     async run() {
         const { flags } = await this.parse(ScanEol);
@@ -69,6 +70,15 @@ export default class ScanEol extends Command {
                 sbom_generation_time: (sbomEndTime - sbomStartTime) / 1000,
             }));
         }
+        if (flags.saveSbom && !flags.file) {
+            const sbomPath = this.saveSbom(flags.dir, sbom);
+            this.log(`SBOM saved to ${sbomPath}`);
+            track('CLI SBOM Output Saved', (context) => ({
+                command: context.command,
+                command_flags: context.command_flags,
+                sbom_output_path: sbomPath,
+            }));
+        }
         if (!sbom.components?.length) {
             track('CLI EOL Scan Ended, No Components Found', (context) => ({
                 command: context.command,
@@ -104,15 +114,6 @@ export default class ScanEol extends Command {
                 report_output_path: reportPath,
             }));
         }
-        if (flags.saveSbom && !flags.file) {
-            const sbomPath = this.saveSbom(flags.dir, sbom);
-            this.log(`SBOM saved to ${sbomPath}`);
-            track('CLI SBOM Output Saved', (context) => ({
-                command: context.command,
-                command_flags: context.command_flags,
-                sbom_output_path: sbomPath,
-            }));
-        }
         if (!this.jsonEnabled()) {
             this.displayResults(scan);
         }

package/dist/hooks/finally/finally.js

@@ -0,0 +1,18 @@
+import ora, {} from 'ora';
+import { track } from "../../service/analytics.svc.js";
+const hook = async (opts) => {
+    const isHelpOrVersionCmd = opts.argv.includes('--help') || opts.argv.includes('--version');
+    let spinner;
+    if (!isHelpOrVersionCmd) {
+        spinner = ora().start('Cleaning up');
+    }
+    const event = track('CLI Session Ended', (context) => ({
+        cli_version: context.cli_version,
+        ended_at: new Date(),
+    })).promise;
+    if (!isHelpOrVersionCmd) {
+        await event;
+        spinner?.stop();
+    }
+};
+export default hook;

package/dist/hooks/{npm-update-notifier.js → init/00_npm-update-notifier.js}

@@ -1,7 +1,7 @@
 import updateNotifier, {} from 'update-notifier';
-import pkg from '../../package.json' with { type: 'json' };
-import { debugLogger } from "../service/log.svc.js";
-const updateNotifierHook = async (options) => {
+import pkg from '../../../package.json' with { type: 'json' };
+import { debugLogger } from "../../service/log.svc.js";
+const updateNotifierHook = async () => {
     debugLogger('pkg.version', pkg.version);
     const distTag = getDistTag(pkg.version);
     debugLogger('distTag', distTag);

package/dist/hooks/init/01_initialize_amplitude.d.ts

@@ -0,0 +1,3 @@
+import type { Hook } from '@oclif/core';
+declare const hook: Hook.Init;
+export default hook;

package/dist/hooks/{prerun.js → init/01_initialize_amplitude.js}

@@ -1,7 +1,6 @@
 import { parseArgs } from 'node:util';
-import debug from 'debug';
-import { initializeAnalytics, track } from "../service/analytics.svc.js";
-const hook = async (opts) => {
+import { initializeAnalytics, track } from "../../service/analytics.svc.js";
+const hook = async () => {
     const args = parseArgs({ allowPositionals: true, strict: false });
     initializeAnalytics();
     track('CLI Command Submitted', (context) => ({
@@ -12,9 +11,5 @@ const hook = async (opts) => {
         cli_version: context.cli_version,
         started_at: context.started_at,
     }));
-    // If JSON flag is enabled, silence debug logging
-    if (opts.Command.prototype.jsonEnabled()) {
-        debug.disable();
-    }
 };
 export default hook;

package/dist/hooks/prerun/prerun.js

@@ -0,0 +1,8 @@
+import debug from 'debug';
+const hook = async (opts) => {
+    // If JSON flag is enabled, silence debug logging
+    if (opts.Command.prototype.jsonEnabled()) {
+        debug.disable();
+    }
+};
+export default hook;

package/dist/service/display.svc.js

@@ -58,8 +58,8 @@ export function formatScanResults(report) {
         ux.colorize('bold', `${report.components.length.toLocaleString()} total packages scanned`),
         getStatusRowText.EOL(`${EOL.toLocaleString().padEnd(5)} End-of-Life (EOL)`),
         getStatusRowText.EOL_UPCOMING(`${EOL_UPCOMING.toLocaleString().padEnd(5)} EOL Upcoming`),
-        getStatusRowText.OK(`${OK.toLocaleString().padEnd(5)} Not End-of-Life`),
-        getStatusRowText.UNKNOWN(`${UNKNOWN.toLocaleString().padEnd(5)} Unknown Status`),
+        getStatusRowText.OK(`${OK.toLocaleString().padEnd(5)} Not End-of-Life (EOL)`),
+        getStatusRowText.UNKNOWN(`${UNKNOWN.toLocaleString().padEnd(5)} Unknown EOL Status`),
         getStatusRowText.UNKNOWN(`${NES_AVAILABLE.toLocaleString().padEnd(5)} HeroDevs NES Remediation${NES_AVAILABLE !== 1 ? 's' : ''} Available`),
     ];
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@herodevs/cli",
-  "version": "2.0.0-beta.7",
+  "version": "2.0.0-beta.9",
   "author": "HeroDevs, Inc",
   "bin": {
     "hd": "./bin/run.js"
@@ -26,11 +26,12 @@
     "prepare": "shx test -d dist || npm run build",
     "prepack": "oclif manifest",
     "pretest": "npm run lint && npm run typecheck",
-    "readme": "npm run ci:fix && npm run build && npm exec oclif readme",
+    "readme": "npm run ci:fix && npm run build && oclif readme",
     "test": "globstar -- node --import tsx --test --experimental-test-module-mocks \"test/**/*.test.ts\"",
     "test:e2e": "globstar -- node --import tsx --test \"e2e/**/*.test.ts\"",
     "typecheck": "tsc --noEmit",
-    "version": "oclif manifest && npm run readme"
+    "version": "oclif manifest",
+    "postversion": "node scripts/update-install-script-version.js && git add README.md"
   },
   "keywords": [
     "herodevs",
@@ -38,11 +39,11 @@
     "herodevs cli"
   ],
   "dependencies": {
-    "@amplitude/analytics-node": "^1.5.5",
+    "@amplitude/analytics-node": "^1.5.8",
     "@apollo/client": "^3.13.8",
     "@cyclonedx/cdxgen": "~11.4.4",
     "@herodevs/eol-shared": "github:herodevs/eol-shared#v0.1.11",
-    "@oclif/core": "^4.5.2",
+    "@oclif/core": "^4.5.3",
     "@oclif/plugin-help": "^6.2.32",
     "@oclif/plugin-update": "^4.7.4",
     "graphql": "^16.11.0",
@@ -56,11 +57,11 @@
     "@biomejs/biome": "^2.2.2",
     "@oclif/test": "^4.1.13",
     "@types/inquirer": "^9.0.9",
-    "@types/node": "^24.3.0",
+    "@types/node": "^24.3.1",
     "@types/sinon": "^17.0.4",
     "@types/update-notifier": "^6.0.8",
     "globstar": "^1.0.0",
-    "oclif": "^4.22.14",
+    "oclif": "^4.22.18",
     "shx": "^0.4.0",
     "sinon": "^21.0.0",
     "ts-node": "^10.9.2",
@@ -87,9 +88,12 @@
       "@oclif/plugin-update"
     ],
     "hooks": {
-      "init": "./dist/hooks/npm-update-notifier.js",
-      "prerun": "./dist/hooks/prerun.js",
-      "finally": "./dist/hooks/finally.js"
+      "init": [
+        "./dist/hooks/init/00_npm-update-notifier.js",
+        "./dist/hooks/init/01_initialize_amplitude.js"
+      ],
+      "prerun": "./dist/hooks/prerun/prerun.js",
+      "finally": "./dist/hooks/finally/finally.js"
     },
     "topicSeparator": " ",
     "macos": {

package/dist/hooks/finally.js

@@ -1,14 +0,0 @@
-import ora from 'ora';
-import { track } from "../service/analytics.svc.js";
-const hook = async (opts) => {
-    const spinner = ora().start('Cleaning up');
-    const event = track('CLI Session Ended', (context) => ({
-        cli_version: context.cli_version,
-        ended_at: new Date(),
-    })).promise;
-    if (!opts.argv.includes('--help')) {
-        await event;
-    }
-    spinner.stop();
-};
-export default hook;