@vyuhlabs/dxkit 2.4.5 → 2.4.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +137 -0
- package/README.md +31 -21
- package/dist/analyzers/tests/index.d.ts.map +1 -1
- package/dist/analyzers/tests/index.js +2 -0
- package/dist/analyzers/tests/index.js.map +1 -1
- package/dist/analyzers/tools/coverage.d.ts +1 -1
- package/dist/analyzers/tools/coverage.d.ts.map +1 -1
- package/dist/analyzers/tools/coverage.js.map +1 -1
- package/dist/analyzers/tools/osv-scanner-deps.d.ts +47 -0
- package/dist/analyzers/tools/osv-scanner-deps.d.ts.map +1 -0
- package/dist/analyzers/tools/{osv-scanner-maven.js → osv-scanner-deps.js} +49 -35
- package/dist/analyzers/tools/osv-scanner-deps.js.map +1 -0
- package/dist/analyzers/tools/tool-registry.d.ts +10 -0
- package/dist/analyzers/tools/tool-registry.d.ts.map +1 -1
- package/dist/analyzers/tools/tool-registry.js +109 -0
- package/dist/analyzers/tools/tool-registry.js.map +1 -1
- package/dist/constants.d.ts +1 -0
- package/dist/constants.d.ts.map +1 -1
- package/dist/languages/index.d.ts.map +1 -1
- package/dist/languages/index.js +2 -0
- package/dist/languages/index.js.map +1 -1
- package/dist/languages/java.d.ts.map +1 -1
- package/dist/languages/java.js +8 -6
- package/dist/languages/java.js.map +1 -1
- package/dist/languages/kotlin.d.ts.map +1 -1
- package/dist/languages/kotlin.js +8 -6
- package/dist/languages/kotlin.js.map +1 -1
- package/dist/languages/ruby.d.ts +77 -0
- package/dist/languages/ruby.d.ts.map +1 -0
- package/dist/languages/ruby.js +531 -0
- package/dist/languages/ruby.js.map +1 -0
- package/dist/types.d.ts +1 -1
- package/dist/types.d.ts.map +1 -1
- package/package.json +1 -1
- package/templates/.claude/rules/ruby.md +11 -0
- package/templates/configs/ruby/README.md +6 -0
- package/dist/analyzers/tools/osv-scanner-maven.d.ts +0 -42
- package/dist/analyzers/tools/osv-scanner-maven.d.ts.map +0 -1
- package/dist/analyzers/tools/osv-scanner-maven.js.map +0 -1
package/CHANGELOG.md
CHANGED
|
@@ -7,6 +7,143 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
7
7
|
|
|
8
8
|
## [Unreleased]
|
|
9
9
|
|
|
10
|
+
## [2.4.6] - 2026-05-07
|
|
11
|
+
|
|
12
|
+
### Added — Ruby language pack (Phase 10k.2)
|
|
13
|
+
|
|
14
|
+
8th language pack, fully dynamic outside the JVM family. Stress-tests
|
|
15
|
+
the LP-recipe (v3) on a paradigm distinct from Java/Kotlin. Detection
|
|
16
|
+
is source-presence-driven (G9 — requires `.rb` files within depth 5,
|
|
17
|
+
not bare `Gemfile`).
|
|
18
|
+
|
|
19
|
+
All 5 capabilities wired:
|
|
20
|
+
|
|
21
|
+
- **imports** — `require` / `require_relative` / `autoload :Sym, 'path'`
|
|
22
|
+
extraction. File-level resolver no-op (Ruby's `$LOAD_PATH` + Zeitwerk
|
|
23
|
+
+ metaprogramming make resolution fundamentally best-effort; mirrors
|
|
24
|
+
rust/kotlin/csharp/java pattern). Best-effort contract documented
|
|
25
|
+
in pack source.
|
|
26
|
+
- **testFramework** — Gemfile / Gemfile.lock substring scan with
|
|
27
|
+
precedence rspec → minitest → test-unit. Glob-count fallback
|
|
28
|
+
(`*_spec.rb` vs `*_test.rb` / `test_*.rb`) when no Gemfile exists.
|
|
29
|
+
- **coverage** — SimpleCov via `coverage/.resultset.json` (canonical)
|
|
30
|
+
→ `coverage/coverage.json` (simplecov-json formatter) → null.
|
|
31
|
+
Multi-suite resultset handled via per-line max-union (matches
|
|
32
|
+
SimpleCov's own merge semantics).
|
|
33
|
+
- **lint** — RuboCop `--format json`. Severity map: fatal→critical,
|
|
34
|
+
error→high, warning→medium, convention/refactor→low.
|
|
35
|
+
- **depVulns** — osv-scanner against Gemfile.lock with `RubyGems`
|
|
36
|
+
ecosystem filter. Routes through the cross-pack SSOT (see
|
|
37
|
+
Architecture below). bundler-audit deliberately not used — its JSON
|
|
38
|
+
is unstable upstream.
|
|
39
|
+
|
|
40
|
+
`licenses` deliberately omitted — no canonical pure-CLI license tool
|
|
41
|
+
for RubyGems analogous to pip-licenses.
|
|
42
|
+
|
|
43
|
+
Cross-ecosystem matrix wired with the standard 4 benchmark fixtures
|
|
44
|
+
(Secrets/BadLint/Duplications/UntestedModule — G4-scaffolded). New
|
|
45
|
+
`Ruby > osv-scanner surfaces nokogiri@1.10.0 advisories from
|
|
46
|
+
Gemfile.lock` benchmark added with a pinned-vulnerable Gemfile.lock
|
|
47
|
+
(nokogiri 1.10.0 + rack 2.0.1 + loofah 2.2.0). CI gains
|
|
48
|
+
`ruby/setup-ruby@v1` + `gem install rubocop`.
|
|
49
|
+
|
|
50
|
+
### Architecture
|
|
51
|
+
|
|
52
|
+
- **`gemPackage` registry probe field** — extends `ToolDefinition`
|
|
53
|
+
for library-only Ruby gems (mirrors the existing `nodePackage`
|
|
54
|
+
field). Probes via `gem list -i <name>`; used by SimpleCov which
|
|
55
|
+
is required from `spec_helper.rb` rather than invoked as a CLI
|
|
56
|
+
command. Future ecosystems with library-only tools follow the same
|
|
57
|
+
pattern. Surfaced when `tools install simplecov` falsely reported
|
|
58
|
+
"already installed" because the prior `binaries: ['ruby']`
|
|
59
|
+
workaround couldn't distinguish "ruby present" from "simplecov
|
|
60
|
+
gem installed."
|
|
61
|
+
- **`findInGemBin` registry probe step** — discovers Ruby gem bin
|
|
62
|
+
directories dynamically via `gem env executable_directory` +
|
|
63
|
+
`Gem.user_dir + "/bin"`. Memoized once per process (~150ms one-time
|
|
64
|
+
cost). Handles ruby version differences (3.2.0 vs 3.3.0), install
|
|
65
|
+
modes (system vs `--user-install`), and package managers (apt vs
|
|
66
|
+
brew vs rbenv) with no static probePaths needed.
|
|
67
|
+
- **`osv-scanner-deps.ts` SSOT generalization** (renamed from
|
|
68
|
+
`osv-scanner-maven.ts`). `parseOsvScannerFindings(raw, ecosystem)`
|
|
69
|
+
and `gatherOsvScannerDepVulnsResult(cwd, source, ecosystem,
|
|
70
|
+
manifestCandidates)` now take ecosystem + manifest candidates as
|
|
71
|
+
parameters. Kotlin/Java pass `'Maven'` + Maven manifests; Ruby
|
|
72
|
+
passes `'RubyGems'` + `['Gemfile.lock']`. CLAUDE.md rule #2 —
|
|
73
|
+
fork-and-edit avoided. Same dedup semantics, same CVSS resolution
|
|
74
|
+
path.
|
|
75
|
+
|
|
76
|
+
### Recipe v3 (final installment) — closed
|
|
77
|
+
|
|
78
|
+
- **G4** — scaffolder writes templated benchmark fixtures with
|
|
79
|
+
per-language syntax tokens (PascalCase vs snake_case filenames,
|
|
80
|
+
comment markers, AKIA constant placement). Saves ~30 min per new
|
|
81
|
+
pack. Languages without a profile fall back to TODO stubs.
|
|
82
|
+
- **G6** — scaffolder appends `[Unreleased]` CHANGELOG stub on
|
|
83
|
+
`npm run new-lang`. Idempotent. Forces release-notes thinking at
|
|
84
|
+
scaffold time, not ship-tag day.
|
|
85
|
+
- **G1** — class-wide gate parser robustness audit. Auto-derived
|
|
86
|
+
language lists in `check-architecture.sh` (LP-A1/A2/A3 patterns no
|
|
87
|
+
longer drift as new packs land). Self-test pattern documented:
|
|
88
|
+
every gate parsing TS declarations exits 1 with explicit failure
|
|
89
|
+
when its parser produces an empty list. Surfaced its own bug —
|
|
90
|
+
the scaffolder's `LANGUAGES` registry update produced a double
|
|
91
|
+
comma under Prettier multi-line shape; fixed in the same series.
|
|
92
|
+
|
|
93
|
+
Three deferred items carried forward to v4 with explicit trigger
|
|
94
|
+
conditions: G2-Opt2 typed-null capability (Swift consumer), G3
|
|
95
|
+
BENCHMARK_LANGUAGES auto-edit (matrix > 8 packs), G7 pre-commit hook
|
|
96
|
+
polish (multi-gate diagnosis cost).
|
|
97
|
+
|
|
98
|
+
### Recipe v4 (working doc opened)
|
|
99
|
+
|
|
100
|
+
`tmp/recipe-v4-working-doc.md` (gitignored, ephemeral). Surfaced
|
|
101
|
+
during 10k.2:
|
|
102
|
+
|
|
103
|
+
- **G_v4_1** — scaffolder TEST_TEMPLATE conflates source-text vs
|
|
104
|
+
tool-output parsers. Future contributors must re-derive the
|
|
105
|
+
convention by reading existing packs.
|
|
106
|
+
- **G_v4_2** — TOOL_DEFS probe assumed CLI binary; library-only gems
|
|
107
|
+
lacked detection. **DELIVERED in 10k.2.4** via the new `gemPackage`
|
|
108
|
+
field.
|
|
109
|
+
- **G_v4_3** — SimpleCov HTML-only state currently indistinguishable
|
|
110
|
+
from "tool didn't run." Outcome enum extension proposed.
|
|
111
|
+
|
|
112
|
+
Recipe-v4 is paying for itself: G_v4_2 surfaced and shipped in the
|
|
113
|
+
same session; G_v4_1 caught in a meta-conversation about test
|
|
114
|
+
discipline.
|
|
115
|
+
|
|
116
|
+
### Defects
|
|
117
|
+
|
|
118
|
+
- **D002** (Python subprocess fallback) — Ruby pack has no analog
|
|
119
|
+
(osv-scanner reads Gemfile.lock directly, no `bundle env`/`bundle
|
|
120
|
+
show` introspection ladder). Stays accepted-deferred.
|
|
121
|
+
- **D017** (NEW) — `dxkit bom <large-project> > file.json` produces
|
|
122
|
+
0-byte output intermittently on vyuhlabs-platform (1700+ deps).
|
|
123
|
+
EXIT=0, no error. Workaround: pipe through `cat`. Hypothesis:
|
|
124
|
+
Node stdout buffer doesn't drain before process exit when output
|
|
125
|
+
is large + stdout is a regular file. NOT a 2.4.6 ship blocker —
|
|
126
|
+
workaround exists, intermittent, doesn't affect interactive use.
|
|
127
|
+
Investigate in a follow-up commit.
|
|
128
|
+
|
|
129
|
+
### Pre-ship regression — clean
|
|
130
|
+
|
|
131
|
+
Sequential dxkit reports captured against dxkit-on-dxkit and
|
|
132
|
+
vyuhlabs-platform; 12 reports each diffed against the 2.4.5-fixed
|
|
133
|
+
baseline. Zero code regressions detected. All deltas explained:
|
|
134
|
+
|
|
135
|
+
- dxkit/test-gaps 16 → 32 — better data (Istanbul vs import-graph
|
|
136
|
+
fallback in baseline).
|
|
137
|
+
- dxkit/vulnerabilities +3 gitleaks — expected (G4 AKIA placeholder
|
|
138
|
+
strings in scaffolder source).
|
|
139
|
+
- platform/vulnerabilities -3 — platform-side refactor of
|
|
140
|
+
user.controller.ts (not dxkit).
|
|
141
|
+
- BoM advisory deltas — OSV.dev upstream churn (8 days since 2.4.5
|
|
142
|
+
ship).
|
|
143
|
+
|
|
144
|
+
Confidence: high. 1025 tests passing, full suite + all gates green
|
|
145
|
+
at every commit in the 10-commit branch.
|
|
146
|
+
|
|
10
147
|
## [2.4.5] - 2026-04-29
|
|
11
148
|
|
|
12
149
|
### Fixed (high-severity, discovered during 2.4.5 pre-ship regression)
|
package/README.md
CHANGED
|
@@ -32,6 +32,14 @@ npx @vyuhlabs/dxkit init --full --yes # everything: DX + quality + hooks
|
|
|
32
32
|
|
|
33
33
|
The two modes are complementary. The analyzers run anywhere; the scaffolder writes `.claude/` so Claude Code and other agents have project-specific context and slash commands that delegate to the same analyzers.
|
|
34
34
|
|
|
35
|
+
> **Already installed dxkit globally? Upgrade explicitly.** `npx @vyuhlabs/dxkit@<version>` resolves the `vyuh-dxkit` binary off PATH first — if you previously ran `npm install -g @vyuhlabs/dxkit`, npx silently uses that older global binary regardless of the `@<version>` you specified. This is npx behavior, not a dxkit bug. To pick up the latest fixes (e.g. the 2.4.5 osv-scanner-fix data-mutation fix), run:
|
|
36
|
+
>
|
|
37
|
+
> ```bash
|
|
38
|
+
> npm install -g @vyuhlabs/dxkit@latest
|
|
39
|
+
> # or, if you don't need a global install, remove the old one and rely on npx:
|
|
40
|
+
> npm uninstall -g @vyuhlabs/dxkit
|
|
41
|
+
> ```
|
|
42
|
+
|
|
35
43
|
---
|
|
36
44
|
|
|
37
45
|
## Analyzer CLI (`vyuh-dxkit <command>`)
|
|
@@ -97,16 +105,17 @@ vyuh-dxkit tools install # interactive: prompts per tool
|
|
|
97
105
|
|
|
98
106
|
### Tools integrated
|
|
99
107
|
|
|
100
|
-
| Layer | Tools
|
|
101
|
-
| --------- |
|
|
102
|
-
| Universal | `cloc`, `gitleaks`, `semgrep`, `jscpd`, `graphify` (AST)
|
|
103
|
-
| Node / TS | `eslint`, `npm audit`, `osv-scanner` (fix planner), `@vitest/coverage-v8`
|
|
104
|
-
| Python | `ruff`, `pip-audit`, `coverage` (coverage.py)
|
|
105
|
-
| Go | `golangci-lint`, `govulncheck`
|
|
106
|
-
| Rust | `clippy`, `cargo-audit`, `cargo-llvm-cov`
|
|
107
|
-
| C# | `dotnet-format` (via SDK — formatter, not a linter)
|
|
108
|
-
| Kotlin | `detekt` (Checkstyle XML), `osv-scanner` (Maven), JaCoCo XML
|
|
109
|
-
| Java | `pmd` (PMD 7.x JSON), `osv-scanner` (Maven), JaCoCo XML reuse
|
|
108
|
+
| Layer | Tools |
|
|
109
|
+
| --------- | -------------------------------------------------------------------------- |
|
|
110
|
+
| Universal | `cloc`, `gitleaks`, `semgrep`, `jscpd`, `graphify` (AST) |
|
|
111
|
+
| Node / TS | `eslint`, `npm audit`, `osv-scanner` (fix planner), `@vitest/coverage-v8` |
|
|
112
|
+
| Python | `ruff`, `pip-audit`, `coverage` (coverage.py) |
|
|
113
|
+
| Go | `golangci-lint`, `govulncheck` |
|
|
114
|
+
| Rust | `clippy`, `cargo-audit`, `cargo-llvm-cov` |
|
|
115
|
+
| C# | `dotnet-format` (via SDK — formatter, not a linter) |
|
|
116
|
+
| Kotlin | `detekt` (Checkstyle XML), `osv-scanner` (Maven), JaCoCo XML |
|
|
117
|
+
| Java | `pmd` (PMD 7.x JSON), `osv-scanner` (Maven), JaCoCo XML reuse |
|
|
118
|
+
| Ruby | `rubocop` (JSON), `bundler-audit`, `osv-scanner` (Gemfile.lock), SimpleCov |
|
|
110
119
|
|
|
111
120
|
Install commands are platform-aware (brew on macOS, user-local install on Linux, winget/scoop on Windows). Tools install into `~/.local/bin` or similar user paths — no `sudo` required.
|
|
112
121
|
|
|
@@ -169,17 +178,18 @@ npm run new-lang kotlin "Kotlin (Android)"
|
|
|
169
178
|
|
|
170
179
|
This scaffolds the 7 recipe files (pack module, test stub, fixture skeleton, Claude rule file, template-config dir, plus `LanguageId` union extension and `LANGUAGES` registration). See [CONTRIBUTING.md](./CONTRIBUTING.md) for the full walkthrough. Recipe enforcement (architecture greps + contract tests + synthetic 6th-pack playbook) runs in pre-commit so packs that miss required metadata fail CI.
|
|
171
180
|
|
|
172
|
-
| Language | Detection | Coverage import | Import-graph
|
|
173
|
-
| -------- | ------------------------------------- | ------------------- |
|
|
174
|
-
| TS / JS | `package.json` | ✅ Istanbul | ✅ import/require/re-export
|
|
175
|
-
| Python | `pyproject.toml`, `setup.py`, `*.py` | ✅ coverage.py | ✅ import/from
|
|
176
|
-
| Go | `go.mod` | ✅ coverprofile | ✅ import blocks
|
|
177
|
-
| Rust | `Cargo.toml` | ✅ lcov + cobertura | ⚠️ use statements, extracted only¹
|
|
178
|
-
| C# | `*.csproj`, `*.sln` | ✅ cobertura XML | ⚠️ using declarations, extracted only¹
|
|
179
|
-
| Kotlin | gradle/`*.gradle{.kts,}`, `*.kt` | ✅ JaCoCo XML | ⚠️ import statements, extracted only¹
|
|
180
|
-
| Java | `pom.xml`, `src/main/java/`, `*.java` | ✅ JaCoCo XML | ⚠️ import statements, extracted only¹
|
|
181
|
-
|
|
182
|
-
|
|
181
|
+
| Language | Detection | Coverage import | Import-graph | Native tools | Lint severity tiers | Vuln severity tiers |
|
|
182
|
+
| -------- | ------------------------------------- | ------------------- | -------------------------------------------- | ----------------------------------- | ---------------------- | --------------------------------------------- |
|
|
183
|
+
| TS / JS | `package.json` | ✅ Istanbul | ✅ import/require/re-export | eslint, npm audit, vitest-coverage | ✅ ESLint rule ID | ✅ npm audit native |
|
|
184
|
+
| Python | `pyproject.toml`, `setup.py`, `*.py` | ✅ coverage.py | ✅ import/from | ruff, pip-audit, coverage | ✅ ruff code prefix | ✅ pip-audit + OSV.dev (CVSS v3+v4) |
|
|
185
|
+
| Go | `go.mod` | ✅ coverprofile | ✅ import blocks | golangci-lint, govulncheck | ✅ `FromLinter` family | ✅ govulncheck embedded + OSV.dev |
|
|
186
|
+
| Rust | `Cargo.toml` | ✅ lcov + cobertura | ⚠️ use statements, extracted only¹ | clippy, cargo-audit, cargo-llvm-cov | ✅ clippy group | ✅ cargo-audit native |
|
|
187
|
+
| C# | `*.csproj`, `*.sln` | ✅ cobertura XML | ⚠️ using declarations, extracted only¹ | dotnet-format (formatter) | ❌ (no linter yet) | ✅ dotnet list --vulnerable |
|
|
188
|
+
| Kotlin | gradle/`*.gradle{.kts,}`, `*.kt` | ✅ JaCoCo XML | ⚠️ import statements, extracted only¹ | detekt, osv-scanner (Maven) | ✅ detekt severity | ✅ osv-scanner + OSV.dev (Maven) |
|
|
189
|
+
| Java | `pom.xml`, `src/main/java/`, `*.java` | ✅ JaCoCo XML | ⚠️ import statements, extracted only¹ | PMD, osv-scanner (Maven) | ✅ PMD priority tiers | ✅ osv-scanner + OSV.dev (Maven) |
|
|
190
|
+
| Ruby | `*.rb` | ✅ SimpleCov JSON | ⚠️ require/require_relative, extracted only¹ | rubocop, bundler-audit, osv-scanner | ✅ rubocop severity | ✅ bundler-audit + osv-scanner (Gemfile.lock) |
|
|
191
|
+
|
|
192
|
+
¹ Rust, C#, Kotlin, Java, and Ruby packs populate `imports.extracted` but the file-level resolver is a no-op — Rust's `use` paths, C#'s `using` namespaces, Kotlin's and Java's `import` package paths, and Ruby's dynamic `require` semantics don't map 1:1 to source files. Downstream analyses that need an edge graph (reachability for dep-vulns, import-graph credit for test-gaps) degrade to conservative defaults for these five languages. Resolvers are planned; see Phase 10i-L.2 in the roadmap.
|
|
183
193
|
|
|
184
194
|
✅ full support. Multi-language repos fully supported — every detected language's tools run, and dep-vuln counts aggregate across all language packs via the `depVulns` capability (pip-audit findings don't silently replace npm-audit ones).
|
|
185
195
|
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/analyzers/tests/index.ts"],"names":[],"mappings":"AAUA,OAAO,EAAE,cAAc,EAA8B,MAAM,SAAS,CAAC;AAErE,YAAY,EAAE,cAAc,EAAE,UAAU,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAEpF,MAAM,WAAW,sBAAsB;IACrC,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED,wBAAsB,eAAe,CACnC,QAAQ,EAAE,MAAM,EAChB,OAAO,GAAE,sBAA2B,GACnC,OAAO,CAAC,cAAc,CAAC,CA0GzB;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/analyzers/tests/index.ts"],"names":[],"mappings":"AAUA,OAAO,EAAE,cAAc,EAA8B,MAAM,SAAS,CAAC;AAErE,YAAY,EAAE,cAAc,EAAE,UAAU,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAEpF,MAAM,WAAW,sBAAsB;IACrC,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED,wBAAsB,eAAe,CACnC,QAAQ,EAAE,MAAM,EAChB,OAAO,GAAE,sBAA2B,GACnC,OAAO,CAAC,cAAc,CAAC,CA0GzB;AA0BD,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,cAAc,EAAE,OAAO,EAAE,MAAM,GAAG,MAAM,CAqFpF"}
|
|
@@ -164,6 +164,8 @@ function coverageSourceLabel(source, file) {
|
|
|
164
164
|
return `from ${file ?? 'lcov.info'}`;
|
|
165
165
|
case 'jacoco':
|
|
166
166
|
return `from ${file ?? 'jacocoTestReport.xml'}`;
|
|
167
|
+
case 'simplecov':
|
|
168
|
+
return `from ${file ?? 'coverage/.resultset.json'}`;
|
|
167
169
|
}
|
|
168
170
|
}
|
|
169
171
|
function formatTestGapsReport(report, elapsed) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/analyzers/tests/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAkBA,0CA6GC;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/analyzers/tests/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAkBA,0CA6GC;AA0BD,oDAqFC;AA9OD;;GAEG;AACH,2CAA6B;AAC7B,yCAAsC;AACtC,4CAAsC;AACtC,4CAAoD;AACpD,gDAAiD;AACjD,iDAAgD;AAChD,qCAAkF;AAS3E,KAAK,UAAU,eAAe,CACnC,QAAgB,EAChB,UAAkC,EAAE;IAEpC,MAAM,OAAO,GAAG,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC;IAClC,MAAM,KAAK,GAAG,IAAA,eAAM,EAAC,QAAQ,CAAC,CAAC;IAC/B,MAAM,SAAS,GAAa,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;IACpD,MAAM,gBAAgB,GAAa,EAAE,CAAC;IAEtC,MAAM,SAAS,GAAG,IAAA,cAAK,EAAC,YAAY,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,IAAA,wBAAe,EAAC,QAAQ,CAAC,CAAC,CAAC;IAChF,MAAM,WAAW,GAAG,IAAA,cAAK,EAAC,cAAc,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,IAAA,0BAAiB,EAAC,QAAQ,CAAC,CAAC,CAAC;IACtF,IAAA,cAAK,EAAC,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,IAAA,2BAAkB,EAAC,SAAS,EAAE,WAAW,CAAC,CAAC,CAAC;IAE1E,4EAA4E;IAC5E,EAAE;IACF,0EAA0E;IAC1E,0EAA0E;IAC1E,qEAAqE;IACrE,yEAAyE;IACzE,qDAAqD;IACrD,2EAA2E;IAC3E,oEAAoE;IACpE,EAAE;IACF,uEAAuE;IACvE,yEAAyE;IACzE,wEAAwE;IACxE,cAAc;IACd,MAAM,QAAQ,GAAG,MAAM,IAAA,mBAAU,EAAC,UAAU,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,IAAA,uBAAY,EAAC,QAAQ,CAAC,CAAC,CAAC;IACrF,IAAI,QAAQ,EAAE,CAAC;QACb,SAAS,CAAC,IAAI,CAAC,YAAY,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;QAC9C,KAAK,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC;YAC5B,MAAM,EAAE,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YACtC,IAAI,EAAE,KAAK,SAAS,EAAE,CAAC;gBACrB,CAAC,CAAC,eAAe,GAAG,EAAE,CAAC,OAAO,GAAG,CAAC,CAAC;YACrC,CAAC;YACD,gEAAgE;QAClE,CAAC;IACH,CAAC;IAED,sEAAsE;IACtE,wEAAwE;IACxE,gEAAgE;IAChE,MAAM,eAAe,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IAC1F,MAAM,OAAO,GAAG,MAAM,IAAA,mBAAU,EAAC,cAAc,EAAE,OAAO,EAAE,GAAG,EAAE,CAC7D,IAAA,6BAAc,EAAC,eAAe,EAAE,QAAQ,CAAC,CAC1C,CAAC;IACF,MAAM,iBAAiB,GAAG,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC;IAC3C,IAAI,iBAAiB,EAAE,CAAC;QACtB,KAAK,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC;YAC5B,MAAM,kBAAkB,GAAG,QAAQ,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC;YAChE,IAAI,CAAC,kBAAkB,IAAI,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC/C,CAAC,CAAC,eAAe,GAAG,IAAI,CAAC;YAC3B,CAAC;QACH,CAAC;QACD,SAAS,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IACjC,CAAC;IAED,MAAM,WAAW,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC;IACnE,MAAM,YAAY,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,eAAe,CAAC,CAAC;IAC3E,MAAM,QAAQ,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC;IAE/D,MAAM,cAAc,GAAG,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;IACnE,KAAK,MAAM,CAAC,IAAI,QAAQ;QAAE,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC;IAEnD,IAAI,cAAc,GAAmB,gBAAgB,CAAC;IACtD,IAAI,iBAAyB,CAAC;IAC9B,IAAI,QAAQ,EAAE,CAAC;QACb,cAAc,GAAG,QAAQ,CAAC,MAAM,CAAC;QACjC,iBAAiB,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IACvD,CAAC;SAAM,CAAC;QACN,sEAAsE;QACtE,yEAAyE;QACzE,gEAAgE;QAChE,IAAI,iBAAiB;YAAE,cAAc,GAAG,cAAc,CAAC;QACvD,iBAAiB;YACf,WAAW,CAAC,MAAM,GAAG,CAAC;gBACpB,CAAC,CAAC,IAAI,CAAC,KAAK,CACR,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,MAAM,GAAG,WAAW,CAAC,MAAM,CAAC,GAAG,GAAG,CACjF;gBACH,CAAC,CAAC,CAAC,CAAC;IACV,CAAC;IAED,OAAO;QACL,IAAI,EAAE,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAClD,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACpC,SAAS,EAAE,IAAA,YAAG,EAAC,wCAAwC,EAAE,QAAQ,CAAC;QAClE,MAAM,EAAE,IAAA,YAAG,EAAC,6CAA6C,EAAE,QAAQ,CAAC;QACpE,OAAO,EAAE;YACP,SAAS,EAAE,SAAS,CAAC,MAAM;YAC3B,eAAe,EAAE,WAAW,CAAC,MAAM;YACnC,iBAAiB,EAAE,YAAY,CAAC,MAAM;YACtC,iBAAiB;YACjB,cAAc;YACd,kBAAkB,EAAE,QAAQ,EAAE,UAAU;YACxC,WAAW,EAAE,WAAW,CAAC,MAAM;YAC/B,gBAAgB,EAAE,cAAc,CAAC,QAAQ;YACzC,YAAY,EAAE,cAAc,CAAC,IAAI;YACjC,cAAc,EAAE,cAAc,CAAC,MAAM;YACrC,WAAW,EAAE,cAAc,CAAC,GAAG;SAChC;QACD,SAAS;QACT,IAAI,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;YAC3B,MAAM,CAAC,GAAG,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;YACtD,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;gBAAE,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YAC1D,OAAO,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,iCAAiC;QAC7D,CAAC,CAAC;QACF,SAAS;QACT,gBAAgB;KACjB,CAAC;AACJ,CAAC;AAED,SAAS,mBAAmB,CAAC,MAAsB,EAAE,IAAa;IAChE,QAAQ,MAAM,EAAE,CAAC;QACf,KAAK,gBAAgB;YACnB,OAAO,iEAAiE,CAAC;QAC3E,KAAK,cAAc;YACjB,OAAO,4EAA4E,CAAC;QACtF,KAAK,kBAAkB,CAAC;QACxB,KAAK,gBAAgB;YACnB,OAAO,QAAQ,IAAI,IAAI,mBAAmB,EAAE,CAAC;QAC/C,KAAK,aAAa;YAChB,OAAO,QAAQ,IAAI,IAAI,aAAa,EAAE,CAAC;QACzC,KAAK,IAAI;YACP,OAAO,QAAQ,IAAI,IAAI,iBAAiB,EAAE,CAAC;QAC7C,KAAK,WAAW;YACd,OAAO,QAAQ,IAAI,IAAI,eAAe,EAAE,CAAC;QAC3C,KAAK,MAAM;YACT,OAAO,QAAQ,IAAI,IAAI,WAAW,EAAE,CAAC;QACvC,KAAK,QAAQ;YACX,OAAO,QAAQ,IAAI,IAAI,sBAAsB,EAAE,CAAC;QAClD,KAAK,WAAW;YACd,OAAO,QAAQ,IAAI,IAAI,0BAA0B,EAAE,CAAC;IACxD,CAAC;AACH,CAAC;AAED,SAAgB,oBAAoB,CAAC,MAAsB,EAAE,OAAe;IAC1E,MAAM,CAAC,GAAa,EAAE,CAAC;IACvB,CAAC,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;IAC9B,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,aAAa,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC;IACtD,CAAC,CAAC,IAAI,CAAC,mBAAmB,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;IACzC,CAAC,CAAC,IAAI,CAAC,eAAe,MAAM,CAAC,MAAM,KAAK,MAAM,CAAC,SAAS,GAAG,CAAC,CAAC;IAC7D,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEX,oBAAoB;IACpB,MAAM,CAAC,GAAG,MAAM,CAAC,OAAO,CAAC;IACzB,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;IAC/B,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;IAC7B,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;IAC7B,CAAC,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC,SAAS,IAAI,CAAC,CAAC;IAChD,CAAC,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC,eAAe,IAAI,CAAC,CAAC;IACvD,CAAC,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC,iBAAiB,IAAI,CAAC,CAAC;IAChE,CAAC,CAAC,IAAI,CACJ,4BAA4B,CAAC,CAAC,iBAAiB,QAAQ,mBAAmB,CAAC,CAAC,CAAC,cAAc,EAAE,CAAC,CAAC,kBAAkB,CAAC,KAAK,CACxH,CAAC;IACF,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,WAAW,IAAI,CAAC,CAAC;IAC9C,CAAC,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC,gBAAgB,IAAI,CAAC,CAAC;IAC1D,CAAC,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC,YAAY,IAAI,CAAC,CAAC;IAClD,CAAC,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC,cAAc,IAAI,CAAC,CAAC;IACtD,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC,WAAW,IAAI,CAAC,CAAC;IAChD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEX,iBAAiB;IACjB,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;IAC5B,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,IAAI,MAAM,CAAC,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAClC,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;IACjC,CAAC;SAAM,CAAC;QACN,CAAC,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;QACxC,CAAC,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;QACxC,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;YACjC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,IAAI,QAAQ,CAAC,CAAC,MAAM,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC,SAAS,IAAI,GAAG,IAAI,CAAC,CAAC;QAClF,CAAC;IACH,CAAC;IACD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEX,oBAAoB;IACpB,MAAM,KAAK,GAAuD;QAChE,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,+BAA+B,EAAE;QAC5D,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,mCAAmC,EAAE;QAC5D,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,wCAAwC,EAAE;QACnE,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,wBAAwB,EAAE;KACjD,CAAC;IAEF,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;IAC3B,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEX,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,IAAI,CAAC,CAAC;QAC9D,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,SAAS;QACjC,CAAC,CAAC,IAAI,CAAC,iBAAiB,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;QACtC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC;QACzC,CAAC,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC;QACzC,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;YACnC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,IAAI,QAAQ,CAAC,CAAC,IAAI,MAAM,CAAC,CAAC,KAAK,MAAM,CAAC,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;QACjF,CAAC;QACD,IAAI,KAAK,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;YACtB,CAAC,CAAC,IAAI,CAAC,uBAAuB,KAAK,CAAC,MAAM,GAAG,EAAE,SAAS,CAAC,CAAC;QAC5D,CAAC;QACD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACb,CAAC;IAED,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,mBAAmB,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACzD,IAAI,MAAM,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvC,CAAC,CAAC,IAAI,CAAC,0BAA0B,MAAM,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACzE,CAAC;IACD,CAAC,CAAC,IAAI,CAAC,sBAAsB,OAAO,GAAG,CAAC,CAAC;IACzC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,gFAAgF,CAAC,CAAC;IACzF,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACtB,CAAC"}
|
|
@@ -19,7 +19,7 @@
|
|
|
19
19
|
* artifact exists or parsing fails; callers (tests analyzer) should
|
|
20
20
|
* treat a null return as "fall back to filename matching."
|
|
21
21
|
*/
|
|
22
|
-
export type CoverageSource = 'istanbul-summary' | 'istanbul-final' | 'coverage-py' | 'go' | 'cobertura' | 'lcov' | 'jacoco';
|
|
22
|
+
export type CoverageSource = 'istanbul-summary' | 'istanbul-final' | 'coverage-py' | 'go' | 'cobertura' | 'lcov' | 'jacoco' | 'simplecov';
|
|
23
23
|
export interface FileCoverage {
|
|
24
24
|
/** Project-relative path (normalized to forward slashes). */
|
|
25
25
|
path: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"coverage.d.ts","sourceRoot":"","sources":["../../../src/analyzers/tools/coverage.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAQH,MAAM,MAAM,cAAc,GACtB,kBAAkB,GAClB,gBAAgB,GAChB,aAAa,GACb,IAAI,GACJ,WAAW,GACX,MAAM,GACN,QAAQ,CAAC;
|
|
1
|
+
{"version":3,"file":"coverage.d.ts","sourceRoot":"","sources":["../../../src/analyzers/tools/coverage.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAQH,MAAM,MAAM,cAAc,GACtB,kBAAkB,GAClB,gBAAgB,GAChB,aAAa,GACb,IAAI,GACJ,WAAW,GACX,MAAM,GACN,QAAQ,GACR,WAAW,CAAC;AAEhB,MAAM,WAAW,YAAY;IAC3B,6DAA6D;IAC7D,IAAI,EAAE,MAAM,CAAC;IACb,mCAAmC;IACnC,OAAO,EAAE,MAAM,CAAC;IAChB,4CAA4C;IAC5C,KAAK,EAAE,MAAM,CAAC;IACd,2DAA2D;IAC3D,GAAG,EAAE,MAAM,CAAC;CACb;AAED,MAAM,WAAW,QAAQ;IACvB,8BAA8B;IAC9B,MAAM,EAAE,cAAc,CAAC;IACvB,6CAA6C;IAC7C,UAAU,EAAE,MAAM,CAAC;IACnB,2DAA2D;IAC3D,WAAW,EAAE,MAAM,CAAC;IACpB,yDAAyD;IACzD,KAAK,EAAE,GAAG,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;CAClC;AAED;;;;;;;;;GASG;AACH,wBAAsB,YAAY,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC,CAQxE;AAUD,8FAA8F;AAC9F,wBAAgB,MAAM,CAAC,CAAC,EAAE,MAAM,GAAG,MAAM,CAExC;AAED,+EAA+E;AAC/E,wBAAgB,UAAU,CAAC,CAAC,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,MAAM,CAUzD"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"coverage.js","sourceRoot":"","sources":["../../../src/analyzers/tools/coverage.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;;
|
|
1
|
+
{"version":3,"file":"coverage.js","sourceRoot":"","sources":["../../../src/analyzers/tools/coverage.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;;AAkDH,oCAQC;AAWD,wBAEC;AAGD,gCAUC;AAlFD,+CAAwD;AACxD,0EAAoE;AAGpE,8CAAkD;AAkClD;;;;;;;;;GASG;AACI,KAAK,UAAU,YAAY,CAAC,GAAW;IAC5C,MAAM,SAAS,GAAyC,EAAE,CAAC;IAC3D,KAAK,MAAM,IAAI,IAAI,IAAA,iCAAqB,EAAC,GAAG,CAAC,EAAE,CAAC;QAC9C,IAAI,IAAI,CAAC,YAAY,EAAE,QAAQ;YAAE,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;IAC9E,CAAC;IACD,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACxC,MAAM,QAAQ,GAAG,MAAM,8BAAiB,CAAC,MAAM,CAAC,GAAG,EAAE,sBAAQ,EAAE,SAAS,CAAC,CAAC;IAC1E,OAAO,QAAQ,EAAE,QAAQ,IAAI,IAAI,CAAC;AACpC,CAAC;AAED,+EAA+E;AAC/E,EAAE;AACF,8EAA8E;AAC9E,qEAAqE;AACrE,kEAAkE;AAClE,oEAAoE;AACpE,kEAAkE;AAElE,8FAA8F;AAC9F,SAAgB,MAAM,CAAC,CAAS;IAC9B,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,CAAC,GAAG,EAAE,CAAC;AACjC,CAAC;AAED,+EAA+E;AAC/E,SAAgB,UAAU,CAAC,CAAS,EAAE,GAAW;IAC/C,IAAI,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IAChC,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IACxC,IAAI,GAAG,CAAC,UAAU,CAAC,OAAO,GAAG,GAAG,CAAC,EAAE,CAAC;QAClC,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACtC,CAAC;SAAM,IAAI,GAAG,KAAK,OAAO,EAAE,CAAC;QAC3B,GAAG,GAAG,EAAE,CAAC;IACX,CAAC;IACD,IAAI,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC;QAAE,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAC7C,OAAO,GAAG,CAAC;AACb,CAAC"}
|
|
@@ -0,0 +1,47 @@
|
|
|
1
|
+
import type { DepVulnFinding, DepVulnGatherOutcome, SeverityCounts } from '../../languages/capabilities/types';
|
|
2
|
+
/**
|
|
3
|
+
* Pure parser for osv-scanner v2.x JSON output, scoped to a single
|
|
4
|
+
* ecosystem. Other ecosystems are filtered out so polyglot repos
|
|
5
|
+
* don't double-count: each pack handles its own ecosystem (typescript
|
|
6
|
+
* → npm, python → PyPI, kotlin/java → Maven, ruby → RubyGems, etc.).
|
|
7
|
+
*
|
|
8
|
+
* The ecosystem parameter is matched against the OSV record's
|
|
9
|
+
* `package.ecosystem` field verbatim — use the exact strings OSV
|
|
10
|
+
* emits (`'Maven'`, `'RubyGems'`, `'PyPI'`, `'npm'`, `'Go'`, etc.).
|
|
11
|
+
*
|
|
12
|
+
* Returns counts + findings + the raw OSV vuln records for downstream
|
|
13
|
+
* CVSS resolution. Exported for unit tests.
|
|
14
|
+
*/
|
|
15
|
+
export declare function parseOsvScannerFindings(raw: string, ecosystem: string): {
|
|
16
|
+
counts: SeverityCounts;
|
|
17
|
+
findings: DepVulnFinding[];
|
|
18
|
+
vulnsForCvss: Array<{
|
|
19
|
+
primaryId: string;
|
|
20
|
+
embeddedCvss: number | null;
|
|
21
|
+
aliases: string[];
|
|
22
|
+
}>;
|
|
23
|
+
};
|
|
24
|
+
/**
|
|
25
|
+
* Single source of truth for osv-scanner-driven dep-vuln gathering.
|
|
26
|
+
* Caller supplies:
|
|
27
|
+
* - cwd: project root
|
|
28
|
+
* - source: pack id for envelope attribution (currently reserved —
|
|
29
|
+
* see note at end of function)
|
|
30
|
+
* - ecosystem: OSV ecosystem string (`'Maven'`, `'RubyGems'`, ...)
|
|
31
|
+
* - manifestCandidates: ordered list of manifest filenames to probe.
|
|
32
|
+
* First existing one is passed via `--lockfile`. Lockfiles
|
|
33
|
+
* preferred over higher-level manifests (kotlin: gradle.lockfile
|
|
34
|
+
* before pom.xml; ruby: Gemfile.lock).
|
|
35
|
+
*
|
|
36
|
+
* `scan source --lockfile <path>` is the v2.x form. JSON output to
|
|
37
|
+
* stdout. Exit code is non-zero when findings exist — we ignore the
|
|
38
|
+
* exit code and parse the JSON regardless (run() already swallows
|
|
39
|
+
* non-zero exits cleanly via execSync's catch).
|
|
40
|
+
*
|
|
41
|
+
* CVSS alias-fallback: osv-scanner ships CVSS vectors when present,
|
|
42
|
+
* but advisory data quality varies by ecosystem — some carry only
|
|
43
|
+
* `database_specific.severity` strings. resolveCvssScores looks up
|
|
44
|
+
* via CVE alias when the primary record lacks a vector.
|
|
45
|
+
*/
|
|
46
|
+
export declare function gatherOsvScannerDepVulnsResult(cwd: string, source: string, ecosystem: string, manifestCandidates: string[]): Promise<DepVulnGatherOutcome>;
|
|
47
|
+
//# sourceMappingURL=osv-scanner-deps.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"osv-scanner-deps.d.ts","sourceRoot":"","sources":["../../../src/analyzers/tools/osv-scanner-deps.ts"],"names":[],"mappings":"AA8BA,OAAO,KAAK,EACV,cAAc,EACd,oBAAoB,EAEpB,cAAc,EACf,MAAM,oCAAoC,CAAC;AAiB5C;;;;;;;;;;;;GAYG;AACH,wBAAgB,uBAAuB,CACrC,GAAG,EAAE,MAAM,EACX,SAAS,EAAE,MAAM,GAChB;IACD,MAAM,EAAE,cAAc,CAAC;IACvB,QAAQ,EAAE,cAAc,EAAE,CAAC;IAC3B,YAAY,EAAE,KAAK,CAAC;QAAE,SAAS,EAAE,MAAM,CAAC;QAAC,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;QAAC,OAAO,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC,CAAC;CAC5F,CAiEA;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,wBAAsB,8BAA8B,CAClD,GAAG,EAAE,MAAM,EACX,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,MAAM,EACjB,kBAAkB,EAAE,MAAM,EAAE,GAC3B,OAAO,CAAC,oBAAoB,CAAC,CA4C/B"}
|
|
@@ -1,38 +1,51 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.
|
|
4
|
-
exports.
|
|
3
|
+
exports.parseOsvScannerFindings = parseOsvScannerFindings;
|
|
4
|
+
exports.gatherOsvScannerDepVulnsResult = gatherOsvScannerDepVulnsResult;
|
|
5
5
|
/**
|
|
6
|
-
* osv-scanner against
|
|
7
|
-
*
|
|
8
|
-
*
|
|
9
|
-
*
|
|
6
|
+
* osv-scanner against any OSV ecosystem — shared across language packs
|
|
7
|
+
* that use osv-scanner as their canonical depVulns source. CLAUDE.md
|
|
8
|
+
* rule #2 — the gather function lives once.
|
|
9
|
+
*
|
|
10
|
+
* History: extracted from `src/languages/kotlin.ts` in 10k.1.4 (Phase
|
|
11
|
+
* 10k.1 SSOT validation), originally Maven-only. Generalized to all
|
|
12
|
+
* OSV ecosystems in 10k.2.6a (Ruby pack work) — caller passes the
|
|
13
|
+
* ecosystem string + manifest candidate list, parser filters
|
|
14
|
+
* accordingly so polyglot repos don't double-count across packs.
|
|
15
|
+
*
|
|
16
|
+
* Current consumers:
|
|
17
|
+
* - kotlin pack — `Maven` ecosystem, gradle.lockfile + pom.xml + verification-metadata.xml
|
|
18
|
+
* - java pack — `Maven` ecosystem (same manifest set)
|
|
19
|
+
* - ruby pack — `RubyGems` ecosystem, Gemfile.lock
|
|
10
20
|
*
|
|
11
21
|
* osv-scanner is the established multi-ecosystem scanner; no Tier-1
|
|
12
|
-
* native equivalent exists for
|
|
22
|
+
* native equivalent exists for several of the ecosystems above
|
|
23
|
+
* (CLAUDE.md rule #5 — bundler-audit's JSON is unstable, so Ruby
|
|
24
|
+
* intentionally uses osv-scanner-only rather than dual-source).
|
|
13
25
|
* The typescript pack's `osv-scanner-fix.ts` uses the `fix`
|
|
14
26
|
* subcommand for upgrade planning — different mode, no shared logic.
|
|
15
27
|
*
|
|
16
|
-
* Manifest gating:
|
|
17
|
-
*
|
|
18
|
-
* `
|
|
19
|
-
* preferred. Without any of these, we return `tool-missing` (matches
|
|
20
|
-
* python/csharp's manifest-gating pattern).
|
|
28
|
+
* Manifest gating: caller supplies the candidate list. First
|
|
29
|
+
* existing candidate wins. Without any of them, returns
|
|
30
|
+
* `tool-missing` (matches python/csharp's manifest-gating pattern).
|
|
21
31
|
*/
|
|
22
32
|
const osv_1 = require("./osv");
|
|
23
33
|
const runner_1 = require("./runner");
|
|
24
34
|
const tool_registry_1 = require("./tool-registry");
|
|
25
35
|
/**
|
|
26
|
-
* Pure parser for osv-scanner v2.x JSON output, scoped to
|
|
27
|
-
*
|
|
28
|
-
*
|
|
29
|
-
*
|
|
30
|
-
*
|
|
36
|
+
* Pure parser for osv-scanner v2.x JSON output, scoped to a single
|
|
37
|
+
* ecosystem. Other ecosystems are filtered out so polyglot repos
|
|
38
|
+
* don't double-count: each pack handles its own ecosystem (typescript
|
|
39
|
+
* → npm, python → PyPI, kotlin/java → Maven, ruby → RubyGems, etc.).
|
|
40
|
+
*
|
|
41
|
+
* The ecosystem parameter is matched against the OSV record's
|
|
42
|
+
* `package.ecosystem` field verbatim — use the exact strings OSV
|
|
43
|
+
* emits (`'Maven'`, `'RubyGems'`, `'PyPI'`, `'npm'`, `'Go'`, etc.).
|
|
31
44
|
*
|
|
32
45
|
* Returns counts + findings + the raw OSV vuln records for downstream
|
|
33
46
|
* CVSS resolution. Exported for unit tests.
|
|
34
47
|
*/
|
|
35
|
-
function
|
|
48
|
+
function parseOsvScannerFindings(raw, ecosystem) {
|
|
36
49
|
const counts = { critical: 0, high: 0, medium: 0, low: 0 };
|
|
37
50
|
const findings = [];
|
|
38
51
|
const vulnsForCvss = [];
|
|
@@ -49,7 +62,7 @@ function parseOsvScannerMavenFindings(raw) {
|
|
|
49
62
|
const seen = new Set();
|
|
50
63
|
for (const result of data.results ?? []) {
|
|
51
64
|
for (const pkg of result.packages ?? []) {
|
|
52
|
-
if (pkg.package?.ecosystem !==
|
|
65
|
+
if (pkg.package?.ecosystem !== ecosystem)
|
|
53
66
|
continue;
|
|
54
67
|
const pkgName = pkg.package.name ?? 'unknown';
|
|
55
68
|
const pkgVersion = pkg.package.version;
|
|
@@ -98,27 +111,28 @@ function parseOsvScannerMavenFindings(raw) {
|
|
|
98
111
|
return { counts, findings, vulnsForCvss };
|
|
99
112
|
}
|
|
100
113
|
/**
|
|
101
|
-
* Single source of truth for osv-scanner
|
|
102
|
-
*
|
|
103
|
-
*
|
|
104
|
-
*
|
|
105
|
-
*
|
|
106
|
-
*
|
|
107
|
-
*
|
|
108
|
-
*
|
|
114
|
+
* Single source of truth for osv-scanner-driven dep-vuln gathering.
|
|
115
|
+
* Caller supplies:
|
|
116
|
+
* - cwd: project root
|
|
117
|
+
* - source: pack id for envelope attribution (currently reserved —
|
|
118
|
+
* see note at end of function)
|
|
119
|
+
* - ecosystem: OSV ecosystem string (`'Maven'`, `'RubyGems'`, ...)
|
|
120
|
+
* - manifestCandidates: ordered list of manifest filenames to probe.
|
|
121
|
+
* First existing one is passed via `--lockfile`. Lockfiles
|
|
122
|
+
* preferred over higher-level manifests (kotlin: gradle.lockfile
|
|
123
|
+
* before pom.xml; ruby: Gemfile.lock).
|
|
109
124
|
*
|
|
110
125
|
* `scan source --lockfile <path>` is the v2.x form. JSON output to
|
|
111
126
|
* stdout. Exit code is non-zero when findings exist — we ignore the
|
|
112
127
|
* exit code and parse the JSON regardless (run() already swallows
|
|
113
128
|
* non-zero exits cleanly via execSync's catch).
|
|
114
129
|
*
|
|
115
|
-
* CVSS alias-fallback: osv-scanner ships CVSS vectors when present,
|
|
116
|
-
*
|
|
117
|
-
* `database_specific.severity` strings. resolveCvssScores looks up
|
|
118
|
-
* CVE alias when the primary record lacks a vector.
|
|
130
|
+
* CVSS alias-fallback: osv-scanner ships CVSS vectors when present,
|
|
131
|
+
* but advisory data quality varies by ecosystem — some carry only
|
|
132
|
+
* `database_specific.severity` strings. resolveCvssScores looks up
|
|
133
|
+
* via CVE alias when the primary record lacks a vector.
|
|
119
134
|
*/
|
|
120
|
-
async function
|
|
121
|
-
const manifestCandidates = ['gradle.lockfile', 'pom.xml', 'gradle/verification-metadata.xml'];
|
|
135
|
+
async function gatherOsvScannerDepVulnsResult(cwd, source, ecosystem, manifestCandidates) {
|
|
122
136
|
let manifest = null;
|
|
123
137
|
for (const rel of manifestCandidates) {
|
|
124
138
|
if ((0, runner_1.fileExists)(cwd, rel)) {
|
|
@@ -134,7 +148,7 @@ async function gatherOsvScannerMavenDepVulnsResult(cwd, source) {
|
|
|
134
148
|
const raw = (0, runner_1.run)(`${scanner.path} scan source --lockfile ${manifest} --format json 2>/dev/null`, cwd, 180000);
|
|
135
149
|
if (!raw)
|
|
136
150
|
return { kind: 'no-output' };
|
|
137
|
-
const { counts, findings, vulnsForCvss } =
|
|
151
|
+
const { counts, findings, vulnsForCvss } = parseOsvScannerFindings(raw, ecosystem);
|
|
138
152
|
if (findings.length > 0) {
|
|
139
153
|
const resolved = await (0, osv_1.resolveCvssScores)(vulnsForCvss);
|
|
140
154
|
for (const f of findings) {
|
|
@@ -158,4 +172,4 @@ async function gatherOsvScannerMavenDepVulnsResult(cwd, source) {
|
|
|
158
172
|
void source;
|
|
159
173
|
return { kind: 'success', envelope };
|
|
160
174
|
}
|
|
161
|
-
//# sourceMappingURL=osv-scanner-
|
|
175
|
+
//# sourceMappingURL=osv-scanner-deps.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"osv-scanner-deps.js","sourceRoot":"","sources":["../../../src/analyzers/tools/osv-scanner-deps.ts"],"names":[],"mappings":";;AAiEA,0DAwEC;AAwBD,wEAiDC;AAlND;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACH,+BAAkG;AAClG,qCAA2C;AAC3C,mDAAsD;AAuBtD;;;;;;;;;;;;GAYG;AACH,SAAgB,uBAAuB,CACrC,GAAW,EACX,SAAiB;IAMjB,MAAM,MAAM,GAAmB,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;IAC3E,MAAM,QAAQ,GAAqB,EAAE,CAAC;IACtC,MAAM,YAAY,GAIb,EAAE,CAAC;IACR,IAAI,IAAsB,CAAC;IAC3B,IAAI,CAAC;QACH,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAqB,CAAC;IAC7C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,CAAC;IAC5C,CAAC;IACD,oEAAoE;IACpE,sEAAsE;IACtE,oEAAoE;IACpE,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,OAAO,IAAI,EAAE,EAAE,CAAC;QACxC,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,QAAQ,IAAI,EAAE,EAAE,CAAC;YACxC,IAAI,GAAG,CAAC,OAAO,EAAE,SAAS,KAAK,SAAS;gBAAE,SAAS;YACnD,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,IAAI,SAAS,CAAC;YAC9C,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC;YACvC,KAAK,MAAM,IAAI,IAAI,GAAG,CAAC,eAAe,IAAI,EAAE,EAAE,CAAC;gBAC7C,IAAI,CAAC,IAAI,CAAC,EAAE;oBAAE,SAAS;gBACvB,MAAM,QAAQ,GAAG,GAAG,OAAO,KAAK,UAAU,IAAI,EAAE,KAAK,IAAI,CAAC,EAAE,EAAE,CAAC;gBAC/D,IAAI,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC;oBAAE,SAAS;gBACjC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;gBAEnB,MAAM,GAAG,GAAG,IAAA,yBAAmB,EAAC,IAAI,CAAC,CAAC;gBACtC,MAAM,IAAI,GACR,GAAG,KAAK,UAAU,IAAI,GAAG,KAAK,MAAM,IAAI,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,KAAK;oBACvE,CAAC,CAAC,GAAG;oBACL,CAAC,CAAC,QAAQ,CAAC;gBACf,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;gBAEf,MAAM,IAAI,GAAG,IAAA,yBAAmB,EAAC,IAAI,CAAC,CAAC;gBACvC,MAAM,OAAO,GAAG,CAAC,IAAI,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;gBACtE,MAAM,OAAO,GAAmB;oBAC9B,EAAE,EAAE,IAAI,CAAC,EAAE;oBACX,OAAO,EAAE,OAAO;oBAChB,gBAAgB,EAAE,UAAU;oBAC5B,IAAI,EAAE,aAAa;oBACnB,QAAQ,EAAE,IAAI;iBACf,CAAC;gBACF,IAAI,IAAI,KAAK,IAAI;oBAAE,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC;gBAC5C,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC;oBAAE,OAAO,CAAC,OAAO,GAAG,OAAO,CAAC;gBAClD,IAAI,IAAI,CAAC,OAAO;oBAAE,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC;gBACjD,8DAA8D;gBAC9D,uDAAuD;gBACvD,sBAAsB;gBACtB,MAAM,OAAO,GAAG,CAAC,IAAI,CAAC,UAAU,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC1F,OAAO,CAAC,UAAU;oBAChB,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,iCAAiC,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC;gBAC9E,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBAEvB,YAAY,CAAC,IAAI,CAAC;oBAChB,SAAS,EAAE,IAAI,CAAC,EAAE;oBAClB,YAAY,EAAE,IAAI;oBAClB,OAAO;iBACR,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,CAAC;AAC5C,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACI,KAAK,UAAU,8BAA8B,CAClD,GAAW,EACX,MAAc,EACd,SAAiB,EACjB,kBAA4B;IAE5B,IAAI,QAAQ,GAAkB,IAAI,CAAC;IACnC,KAAK,MAAM,GAAG,IAAI,kBAAkB,EAAE,CAAC;QACrC,IAAI,IAAA,mBAAU,EAAC,GAAG,EAAE,GAAG,CAAC,EAAE,CAAC;YACzB,QAAQ,GAAG,GAAG,CAAC;YACf,MAAM;QACR,CAAC;IACH,CAAC;IACD,IAAI,CAAC,QAAQ;QAAE,OAAO,EAAE,IAAI,EAAE,cAAc,EAAE,CAAC;IAE/C,MAAM,OAAO,GAAG,IAAA,wBAAQ,EAAC,yBAAS,CAAC,aAAa,CAAC,EAAE,GAAG,CAAC,CAAC;IACxD,IAAI,CAAC,OAAO,CAAC,SAAS,IAAI,CAAC,OAAO,CAAC,IAAI;QAAE,OAAO,EAAE,IAAI,EAAE,cAAc,EAAE,CAAC;IAEzE,MAAM,GAAG,GAAG,IAAA,YAAG,EACb,GAAG,OAAO,CAAC,IAAI,2BAA2B,QAAQ,4BAA4B,EAC9E,GAAG,EACH,MAAM,CACP,CAAC;IACF,IAAI,CAAC,GAAG;QAAE,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC;IAEvC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,GAAG,uBAAuB,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;IAEnF,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,MAAM,QAAQ,GAAG,MAAM,IAAA,uBAAiB,EAAC,YAAY,CAAC,CAAC;QACvD,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;YACzB,MAAM,KAAK,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YACjC,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS;gBAAE,CAAC,CAAC,SAAS,GAAG,KAAK,CAAC;QACjE,CAAC;IACH,CAAC;IAED,MAAM,QAAQ,GAAkB;QAC9B,aAAa,EAAE,CAAC;QAChB,IAAI,EAAE,aAAa;QACnB,UAAU,EAAE,SAAS;QACrB,MAAM;QACN,QAAQ;KACT,CAAC;IACF,uEAAuE;IACvE,sEAAsE;IACtE,kEAAkE;IAClE,qEAAqE;IACrE,0DAA0D;IAC1D,KAAK,MAAM,CAAC;IACZ,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC;AACvC,CAAC"}
|
|
@@ -23,6 +23,16 @@ export interface ToolDefinition extends ToolRequirement {
|
|
|
23
23
|
* instead of scanning PATH / .bin. Takes precedence over binary search.
|
|
24
24
|
*/
|
|
25
25
|
nodePackage?: string;
|
|
26
|
+
/**
|
|
27
|
+
* For tools that are Ruby gems without a CLI binary (e.g. SimpleCov,
|
|
28
|
+
* which is required from spec_helper.rb rather than invoked as a
|
|
29
|
+
* command). When set, detection runs `gem list -i <name>` instead of
|
|
30
|
+
* scanning PATH. Takes precedence over binary search. Mirrors the
|
|
31
|
+
* `nodePackage` pattern. Library-only Ruby tools that DO ship a CLI
|
|
32
|
+
* (rubocop, bundler-audit) should keep using `binaries: [...]`
|
|
33
|
+
* instead — the CLI shim is what `findTool` is meant to discover.
|
|
34
|
+
*/
|
|
35
|
+
gemPackage?: string;
|
|
26
36
|
/** Platform-specific install commands. */
|
|
27
37
|
installCommands: {
|
|
28
38
|
macos?: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tool-registry.d.ts","sourceRoot":"","sources":["../../../src/analyzers/tools/tool-registry.ts"],"names":[],"mappings":"AAoBA,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAE7D;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,UAAU,QAA2D,CAAC;AA2BnF,MAAM,WAAW,cAAe,SAAQ,eAAe;IACrD,4DAA4D;IAC5D,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,mEAAmE;IACnE,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB;;;;OAIG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,0CAA0C;IAC1C,eAAe,EAAE;QACf,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,CAAC;IACF,oEAAoE;IACpE,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,OAAO,CAAC;IACnB,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,MAAM,GAAG,OAAO,GAAG,IAAI,GAAG,OAAO,GAAG,SAAS,CAAC;IAClF,WAAW,EAAE,cAAc,CAAC;CAC7B;
|
|
1
|
+
{"version":3,"file":"tool-registry.d.ts","sourceRoot":"","sources":["../../../src/analyzers/tools/tool-registry.ts"],"names":[],"mappings":"AAoBA,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAE7D;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,UAAU,QAA2D,CAAC;AA2BnF,MAAM,WAAW,cAAe,SAAQ,eAAe;IACrD,4DAA4D;IAC5D,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,mEAAmE;IACnE,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB;;;;OAIG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB;;;;;;;;OAQG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,0CAA0C;IAC1C,eAAe,EAAE;QACf,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,CAAC;IACF,oEAAoE;IACpE,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,OAAO,CAAC;IACnB,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,MAAM,GAAG,OAAO,GAAG,IAAI,GAAG,OAAO,GAAG,SAAS,CAAC;IAClF,WAAW,EAAE,cAAc,CAAC;CAC7B;AA2KD;;;GAGG;AACH,wBAAgB,QAAQ,CAAC,GAAG,EAAE,cAAc,EAAE,GAAG,CAAC,EAAE,MAAM,GAAG,UAAU,CAqGtE;AAkBD,wDAAwD;AACxD,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,cAAc,GAAG,MAAM,CAO7D;AAMD,eAAO,MAAM,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,CAsdpD,CAAC;AAMF;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,SAAS,EAAE,aAAa,CAAC,WAAW,CAAC,GAAG,eAAe,EAAE,CA8B3F;AAED,sDAAsD;AACtD,wBAAgB,aAAa,CAAC,SAAS,EAAE,aAAa,CAAC,WAAW,CAAC,EAAE,GAAG,CAAC,EAAE,MAAM,GAAG,UAAU,EAAE,CAgB/F"}
|