devcompass 2.1.0 → 2.3.0

package/bin/devcompass.js

@@ -30,6 +30,9 @@ program
   .command('analyze')
   .description('Analyze your project dependencies')
   .option('-p, --path <path>', 'Project path', process.cwd())
+  .option('--json', 'Output results as JSON')
+  .option('--ci', 'CI mode - exit with error code if score below threshold')
+  .option('--silent', 'Silent mode - no output')
   .action(analyze);
 
 program
@@ -40,3 +43,4 @@ program
   .action(fix);
 
 program.parse();
+

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "devcompass",
-  "version": "2.1.0",
+  "version": "2.3.0",
   "description": "Dependency health checker with ecosystem intelligence for JavaScript/TypeScript projects",
   "main": "src/index.js",
   "bin": {
@@ -29,7 +29,14 @@
     "dependency-analysis",
     "security",
     "ecosystem",
-    "alerts"
+    "alerts",
+    "ci-cd",
+    "automation",
+    "caching",
+    "json-output",
+    "npm-audit",
+    "bundle-size",
+    "license-checker"
   ],
   "author": "Ajay Thorat <ajaythorat988@gmail.com>",
   "license": "MIT",

package/src/alerts/formatter.js

@@ -1,3 +1,4 @@
+// src/alerts/formatter.js
 const chalk = require('chalk');
 
 /**

package/src/alerts/index.js

@@ -1,3 +1,4 @@
+// src/alerts/index.js
 const { matchIssues } = require('./matcher');
 const { formatAlerts } = require('./formatter');
 const { resolveInstalledVersions } = require('./resolver');

package/src/alerts/matcher.js

@@ -1,3 +1,4 @@
+// src/alerts/matcher.js
 const semver = require('semver');
 
 /**

package/src/alerts/predictive.js

@@ -0,0 +1,54 @@
+// src/alerts/predictive.js
+
+/**
+ * Analyze package health trends
+ * NOTE: This is a simplified version without GitHub API
+ * For production, integrate with GitHub Issues API
+ */
+async function analyzeTrends(packageName) {
+  // Placeholder for future GitHub API integration
+  // For now, return basic analysis
+  
+  return {
+    package: packageName,
+    recentIssues: 0,
+    trend: 'stable',
+    recommendation: null
+  };
+}
+
+/**
+ * Calculate risk score based on trends
+ */
+function calculateRiskScore(trends) {
+  let risk = 0;
+  
+  // High issue activity = higher risk
+  if (trends.recentIssues > 20) {
+    risk += 3;
+  } else if (trends.recentIssues > 10) {
+    risk += 2;
+  } else if (trends.recentIssues > 5) {
+    risk += 1;
+  }
+  
+  return risk;
+}
+
+/**
+ * Generate predictive warnings
+ */
+function generatePredictiveWarnings(packages) {
+  const warnings = [];
+  
+  // This is a placeholder
+  // In production, this would analyze GitHub activity
+  
+  return warnings;
+}
+
+module.exports = {
+  analyzeTrends,
+  calculateRiskScore,
+  generatePredictiveWarnings
+};

package/src/alerts/resolver.js

@@ -1,3 +1,4 @@
+// src/alerts/resolver.js
 const path = require('path');
 const fs = require('fs');
 

package/src/analyzers/bundle-size.js

@@ -0,0 +1,85 @@
+// src/analyzers/bundle-size.js
+const path = require('path');
+const fs = require('fs');
+
+/**
+ * Get package sizes from node_modules
+ */
+async function analyzeBundleSizes(projectPath, dependencies) {
+  const sizes = [];
+  
+  for (const packageName of Object.keys(dependencies)) {
+    try {
+      const packagePath = path.join(projectPath, 'node_modules', packageName);
+      
+      if (!fs.existsSync(packagePath)) {
+        continue;
+      }
+      
+      const size = await getDirectorySize(packagePath);
+      const sizeInKB = Math.round(size / 1024);
+      
+      sizes.push({
+        name: packageName,
+        size: sizeInKB,
+        sizeFormatted: formatSize(sizeInKB)
+      });
+      
+    } catch (error) {
+      // Skip packages we can't measure
+      continue;
+    }
+  }
+  
+  // Sort by size (largest first)
+  sizes.sort((a, b) => b.size - a.size);
+  
+  return sizes;
+}
+
+/**
+ * Get total size of directory recursively
+ */
+function getDirectorySize(dirPath) {
+  let totalSize = 0;
+  
+  const items = fs.readdirSync(dirPath);
+  
+  for (const item of items) {
+    const itemPath = path.join(dirPath, item);
+    const stats = fs.statSync(itemPath);
+    
+    if (stats.isFile()) {
+      totalSize += stats.size;
+    } else if (stats.isDirectory()) {
+      totalSize += getDirectorySize(itemPath);
+    }
+  }
+  
+  return totalSize;
+}
+
+/**
+ * Format size in human-readable format
+ */
+function formatSize(kb) {
+  if (kb < 1024) {
+    return `${kb} KB`;
+  } else {
+    const mb = (kb / 1024).toFixed(1);
+    return `${mb} MB`;
+  }
+}
+
+/**
+ * Identify heavy packages (> 1MB)
+ */
+function findHeavyPackages(sizes) {
+  return sizes.filter(pkg => pkg.size > 1024); // > 1MB
+}
+
+module.exports = { 
+  analyzeBundleSizes,
+  findHeavyPackages,
+  formatSize
+};

package/src/analyzers/licenses.js

@@ -0,0 +1,107 @@
+// src/analyzers/licenses.js
+const path = require('path');
+const fs = require('fs');
+
+// Restrictive licenses that might cause issues
+const RESTRICTIVE_LICENSES = [
+  'GPL',
+  'GPL-2.0',
+  'GPL-3.0',
+  'AGPL',
+  'AGPL-3.0',
+  'LGPL',
+  'LGPL-2.1',
+  'LGPL-3.0'
+];
+
+// Permissive licenses (usually safe)
+const PERMISSIVE_LICENSES = [
+  'MIT',
+  'Apache-2.0',
+  'BSD-2-Clause',
+  'BSD-3-Clause',
+  'ISC',
+  'CC0-1.0',
+  'Unlicense'
+];
+
+/**
+ * Check licenses of all dependencies
+ */
+async function checkLicenses(projectPath, dependencies) {
+  const licenses = [];
+  
+  for (const [packageName, version] of Object.entries(dependencies)) {
+    try {
+      const packageJsonPath = path.join(
+        projectPath,
+        'node_modules',
+        packageName,
+        'package.json'
+      );
+      
+      if (!fs.existsSync(packageJsonPath)) {
+        continue;
+      }
+      
+      const packageJson = JSON.parse(fs.readFileSync(packageJsonPath, 'utf8'));
+      const license = packageJson.license || 'UNKNOWN';
+      
+      licenses.push({
+        package: packageName,
+        license: license,
+        type: getLicenseType(license)
+      });
+      
+    } catch (error) {
+      // Skip packages we can't read
+      continue;
+    }
+  }
+  
+  return licenses;
+}
+
+/**
+ * Determine license type
+ */
+function getLicenseType(license) {
+  const licenseStr = String(license).toUpperCase();
+  
+  // Check for restrictive licenses
+  for (const restrictive of RESTRICTIVE_LICENSES) {
+    if (licenseStr.includes(restrictive)) {
+      return 'restrictive';
+    }
+  }
+  
+  // Check for permissive licenses
+  for (const permissive of PERMISSIVE_LICENSES) {
+    if (licenseStr.includes(permissive)) {
+      return 'permissive';
+    }
+  }
+  
+  // Unknown or custom license
+  if (licenseStr === 'UNKNOWN' || licenseStr === 'UNLICENSED') {
+    return 'unknown';
+  }
+  
+  return 'other';
+}
+
+/**
+ * Find problematic licenses
+ */
+function findProblematicLicenses(licenses) {
+  return licenses.filter(pkg => 
+    pkg.type === 'restrictive' || pkg.type === 'unknown'
+  );
+}
+
+module.exports = {
+  checkLicenses,
+  findProblematicLicenses,
+  RESTRICTIVE_LICENSES,
+  PERMISSIVE_LICENSES
+};

package/src/analyzers/outdated.js

@@ -1,3 +1,5 @@
+// src/analyzers/outdated.js
+
 const ncu = require('npm-check-updates');
 const path = require('path');
 

package/src/analyzers/scoring.js

@@ -1,4 +1,12 @@
-function calculateScore(totalDeps, unusedCount, outdatedCount, alertsCount = 0, alertPenalty = 0) {
+// src/analyzers/scoring.js
+function calculateScore(
+  totalDeps, 
+  unusedCount, 
+  outdatedCount, 
+  alertsCount = 0, 
+  alertPenalty = 0,
+  securityPenalty = 0  // NEW
+) {
   let score = 10;
   
   if (totalDeps === 0) {
@@ -8,9 +16,11 @@ function calculateScore(totalDeps, unusedCount, outdatedCount, alertsCount = 0,
         unused: 0,
         outdated: 0,
         alerts: 0,
+        security: 0,
         unusedPenalty: 0,
         outdatedPenalty: 0,
-        alertsPenalty: 0
+        alertsPenalty: 0,
+        securityPenalty: 0
       }
     };
   }
@@ -25,9 +35,12 @@ function calculateScore(totalDeps, unusedCount, outdatedCount, alertsCount = 0,
   const outdatedPenalty = outdatedRatio * 3;
   score -= outdatedPenalty;
   
-  // Ecosystem alerts penalty (from formatter.calculateAlertPenalty)
+  // Ecosystem alerts penalty
   score -= alertPenalty;
   
+  // Security vulnerabilities penalty (NEW)
+  score -= securityPenalty;
+  
   // Ensure score is between 0 and 10
   score = Math.max(0, Math.min(10, score));
   
@@ -37,9 +50,11 @@ function calculateScore(totalDeps, unusedCount, outdatedCount, alertsCount = 0,
       unused: unusedCount,
       outdated: outdatedCount,
       alerts: alertsCount,
+      security: securityPenalty > 0 ? 1 : 0, // Binary indicator
       unusedPenalty: parseFloat(unusedPenalty.toFixed(1)),
       outdatedPenalty: parseFloat(outdatedPenalty.toFixed(1)),
-      alertsPenalty: parseFloat(alertPenalty.toFixed(1))
+      alertsPenalty: parseFloat(alertPenalty.toFixed(1)),
+      securityPenalty: parseFloat(securityPenalty.toFixed(1))
     }
   };
 }

package/src/analyzers/security.js

@@ -0,0 +1,111 @@
+// src/analyzers/security.js
+const { execSync } = require('child_process');
+
+/**
+ * Run npm audit and parse results
+ */
+async function checkSecurity(projectPath) {
+  try {
+    // Run npm audit in JSON mode
+    const auditOutput = execSync('npm audit --json', {
+      cwd: projectPath,
+      encoding: 'utf8',
+      stdio: ['pipe', 'pipe', 'pipe']
+    });
+    
+    const auditData = JSON.parse(auditOutput);
+    
+    // Extract vulnerabilities
+    const vulnerabilities = [];
+    
+    if (auditData.vulnerabilities) {
+      Object.entries(auditData.vulnerabilities).forEach(([packageName, vuln]) => {
+        vulnerabilities.push({
+          package: packageName,
+          severity: vuln.severity, // critical, high, moderate, low
+          title: vuln.via[0]?.title || 'Security vulnerability',
+          range: vuln.range,
+          fixAvailable: vuln.fixAvailable,
+          cve: vuln.via[0]?.cve || null,
+          url: vuln.via[0]?.url || null
+        });
+      });
+    }
+    
+    return {
+      vulnerabilities,
+      metadata: {
+        total: auditData.metadata?.vulnerabilities?.total || 0,
+        critical: auditData.metadata?.vulnerabilities?.critical || 0,
+        high: auditData.metadata?.vulnerabilities?.high || 0,
+        moderate: auditData.metadata?.vulnerabilities?.moderate || 0,
+        low: auditData.metadata?.vulnerabilities?.low || 0
+      }
+    };
+    
+  } catch (error) {
+    // npm audit returns non-zero exit code when vulnerabilities found
+    // Try to parse the error output
+    try {
+      const auditData = JSON.parse(error.stdout);
+      
+      const vulnerabilities = [];
+      
+      if (auditData.vulnerabilities) {
+        Object.entries(auditData.vulnerabilities).forEach(([packageName, vuln]) => {
+          vulnerabilities.push({
+            package: packageName,
+            severity: vuln.severity,
+            title: vuln.via[0]?.title || 'Security vulnerability',
+            range: vuln.range,
+            fixAvailable: vuln.fixAvailable,
+            cve: vuln.via[0]?.cve || null,
+            url: vuln.via[0]?.url || null
+          });
+        });
+      }
+      
+      return {
+        vulnerabilities,
+        metadata: {
+          total: auditData.metadata?.vulnerabilities?.total || 0,
+          critical: auditData.metadata?.vulnerabilities?.critical || 0,
+          high: auditData.metadata?.vulnerabilities?.high || 0,
+          moderate: auditData.metadata?.vulnerabilities?.moderate || 0,
+          low: auditData.metadata?.vulnerabilities?.low || 0
+        }
+      };
+    } catch (parseError) {
+      // If we can't parse, return empty
+      return {
+        vulnerabilities: [],
+        metadata: {
+          total: 0,
+          critical: 0,
+          high: 0,
+          moderate: 0,
+          low: 0
+        }
+      };
+    }
+  }
+}
+
+/**
+ * Calculate security penalty for health score
+ */
+function calculateSecurityPenalty(metadata) {
+  let penalty = 0;
+  
+  penalty += metadata.critical * 2.5;  // Critical: -2.5 points each
+  penalty += metadata.high * 1.5;      // High: -1.5 points each
+  penalty += metadata.moderate * 0.5;   // Moderate: -0.5 points each
+  penalty += metadata.low * 0.2;        // Low: -0.2 points each
+  
+  return Math.min(penalty, 5.0); // Cap at 5 points
+}
+
+module.exports = { 
+  checkSecurity,
+  calculateSecurityPenalty
+};

package/src/analyzers/unused-deps.js

@@ -1,3 +1,4 @@
+// src/analyzers/unused-deps.js
 const depcheck = require('depcheck');
 
 async function findUnusedDeps(projectPath, dependencies) {

package/src/cache/manager.js

@@ -0,0 +1,90 @@
+// src/cache/manager.js
+const fs = require('fs');
+const path = require('path');
+
+const CACHE_FILE = '.devcompass-cache.json';
+const CACHE_DURATION = 3600000; // 1 hour in milliseconds
+
+/**
+ * Load cache from disk
+ */
+function loadCache(projectPath) {
+  try {
+    const cachePath = path.join(projectPath, CACHE_FILE);
+    
+    if (!fs.existsSync(cachePath)) {
+      return {};
+    }
+    
+    const cacheData = JSON.parse(fs.readFileSync(cachePath, 'utf8'));
+    return cacheData;
+  } catch (error) {
+    return {};
+  }
+}
+
+/**
+ * Save cache to disk
+ */
+function saveCache(projectPath, cacheData) {
+  try {
+    const cachePath = path.join(projectPath, CACHE_FILE);
+    fs.writeFileSync(cachePath, JSON.stringify(cacheData, null, 2), 'utf8');
+  } catch (error) {
+    // Silent fail - caching is not critical
+  }
+}
+
+/**
+ * Get cached data if still valid
+ */
+function getCached(projectPath, key) {
+  const cache = loadCache(projectPath);
+  
+  if (!cache[key]) {
+    return null;
+  }
+  
+  const cached = cache[key];
+  const age = Date.now() - cached.timestamp;
+  
+  if (age > CACHE_DURATION) {
+    return null; // Expired
+  }
+  
+  return cached.data;
+}
+
+/**
+ * Set cache entry
+ */
+function setCache(projectPath, key, data) {
+  const cache = loadCache(projectPath);
+  
+  cache[key] = {
+    timestamp: Date.now(),
+    data: data
+  };
+  
+  saveCache(projectPath, cache);
+}
+
+/**
+ * Clear all cache
+ */
+function clearCache(projectPath) {
+  try {
+    const cachePath = path.join(projectPath, CACHE_FILE);
+    if (fs.existsSync(cachePath)) {
+      fs.unlinkSync(cachePath);
+    }
+  } catch (error) {
+    // Silent fail
+  }
+}
+
+module.exports = {
+  getCached,
+  setCache,
+  clearCache
+};