dependencyiq 2.0.0 → 2.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (13) hide show
  1. package/README.md +374 -0
  2. package/package.json +1 -1
  3. package/src/agent.js +2 -2
  4. package/src/blastRadius.js +44 -2
  5. package/src/fleetAggregator.js +155 -155
  6. package/src/fleetDashboardGenerator.js +199 -199
  7. package/src/fleetSnapshot.js +103 -103
  8. package/src/httpRetry.js +48 -48
  9. package/src/orbitClient.js +40 -0
  10. package/src/scanners/dependencyTreeBuilder.js +39 -1
  11. package/src/scanners/ecosystemFixers.js +36 -4
  12. package/src/scanners/supplyChainTrustSignals.js +472 -472
  13. package/src/strategyGenerator.js +13 -8
package/src/strategyGenerator.js CHANGED
@@ -16,6 +16,11 @@ function generateRefactoringAnalysis(vulnerability, codeContext = {}) {
16
16
  usageExamples: [],
17
17
  ...codeContext
18
18
  };
19
+ const orbitChecked = vulnerability.riskScore?.exposureDataSource === 'orbit'
20
+ || vulnerability.exposure?.source === 'orbit';
21
+ const noFilesNote = orbitChecked
22
+ ? ' - GitLab Orbit confirmed no importers of this package in this project'
23
+ : ' - Orbit exposure data unavailable for this project — file list unknown';
19
24
 
20
25
  return `
21
26
  # Refactoring Analysis: ${vulnerability.package}
@@ -28,14 +33,14 @@ function generateRefactoringAnalysis(vulnerability, codeContext = {}) {
28
33
  - **Issue**: ${vulnerability.vulnerability}
29
34
 
30
35
  ## Code Impact
31
- - **Files affected**: ${context.affectedFiles?.length || 1}
32
- ${context.affectedFiles?.map(f => ` - ${f.path || f}`).join('\n') || ' - no Orbit exposure data available'}
33
-
36
+ - **Files affected**: ${context.affectedFiles?.length || 0}
37
+ ${context.affectedFiles?.length ? context.affectedFiles.map(f => ` - ${f.path || f}`).join('\n') : noFilesNote}
38
+ ${context.usageExamples?.[0] ? `
34
39
  ## Usage Example
35
40
  \`\`\`javascript
36
- ${context.usageExamples?.[0] || 'const merged = _.merge({}, defaults, userInput);'}
41
+ ${context.usageExamples[0]}
37
42
  \`\`\`
38
-
43
+ ` : ''}
39
44
  ## Task for GitLab Duo Chat
40
45
 
41
46
  Generate **3 upgrade strategies** ranked by safety vs speed:
@@ -155,8 +160,8 @@ ${vulnerabilities.slice(0, 3).map((v, i) => `
155
160
  - **Risk Score**: ${v.riskScore?.score}/100 (${v.riskScore?.priority})
156
161
  - **Issue**: ${v.vulnerability}
157
162
  - **Severity**: ${v.severity} (CVSS ${v.cvss})
158
- - **Files Affected**: ${v.affectedFiles?.length || 1}
159
- ${v.affectedFiles?.slice(0, 2).map(f => ` - ${f.path || f}`).join('\n') || ' - internal usage'}
163
+ - **Files Affected**: ${v.affectedFiles?.length || 0}
164
+ ${v.affectedFiles?.length ? v.affectedFiles.slice(0, 2).map(f => ` - ${f.path || f}`).join('\n') : (v.riskScore?.exposureDataSource === 'orbit' ? ' - GitLab Orbit confirmed no importers' : ' - Orbit exposure data unavailable')}
160
165
  `).join('\n')}
161
166
 
162
167
  ## Recommendation
@@ -199,7 +204,7 @@ ${icon} **${index}. ${vuln.package} → ${vuln.fixedVersion}**
199
204
  | **Issue** | ${vuln.vulnerability} |
200
205
  | **Severity** | ${vuln.severity} (CVSS ${vuln.cvss}) |
201
206
  | **Your Risk Score** | ${vuln.riskScore?.score || '?'}/100 (${vuln.riskScore?.priority}) |
202
- | **Files Affected** | ${vuln.affectedFiles?.length || 1} |
207
+ | **Files Affected** | ${vuln.affectedFiles?.length || 0} |
203
208
  | **Exposed to API?** | ${vuln.riskScore?.isInPublicAPI ? '✅ Yes' : '❌ No'} |
204
209
  | **Effort to Fix** | ${vuln.riskScore?.effortMinutes ? Math.ceil(vuln.riskScore.effortMinutes / 60) + 'h' : '?'} |
205
210
  `;