devcompass 2.1.0 → 2.3.0

package/src/commands/analyze.js

@@ -1,3 +1,4 @@
+// src/commands/analyze.js
 const chalk = require('chalk');
 const ora = require('ora');
 const path = require('path');
@@ -7,6 +8,9 @@ const { findUnusedDeps } = require('../analyzers/unused-deps');
 const { findOutdatedDeps } = require('../analyzers/outdated');
 const { calculateScore } = require('../analyzers/scoring');
 const { checkEcosystemAlerts } = require('../alerts');
+const { checkSecurity, calculateSecurityPenalty } = require('../analyzers/security');
+const { analyzeBundleSizes, findHeavyPackages } = require('../analyzers/bundle-size');
+const { checkLicenses, findProblematicLicenses } = require('../analyzers/licenses');
 const { 
   formatAlerts, 
   getSeverityDisplay, 
@@ -18,18 +22,40 @@ const {
   logDivider,
   getScoreColor 
 } = require('../utils/logger');
+const { loadConfig, filterAlerts } = require('../config/loader');
+const { getCached, setCache } = require('../cache/manager');
+const { formatAsJson } = require('../utils/json-formatter');
+const { handleCiMode } = require('../utils/ci-handler');
 const packageJson = require('../../package.json');
 
 async function analyze(options) {
   const projectPath = options.path || process.cwd();
   
-  console.log('\n');
-  log(chalk.cyan.bold(`🔍 DevCompass v${packageJson.version}`) + ' - Analyzing your project...\n');
+  // Load config
+  const config = loadConfig(projectPath);
   
-  const spinner = ora({
-    text: 'Loading project...',
-    color: 'cyan'
-  }).start();
+  // Handle output modes
+  const outputMode = options.json ? 'json' : (options.ci ? 'ci' : (options.silent ? 'silent' : 'normal'));
+  
+  // Only show header for normal and CI modes
+  if (outputMode !== 'silent' && outputMode !== 'json') {
+    console.log('\n');
+    log(chalk.cyan.bold(`🔍 DevCompass v${packageJson.version}`) + ' - Analyzing your project...\n');
+  }
+  
+  // Create spinner (disabled for json/silent modes to prevent EPIPE errors)
+  const spinner = (outputMode === 'json' || outputMode === 'silent')
+    ? { 
+        start: function() { return this; },
+        succeed: function() {},
+        fail: function(msg) { if (msg) console.error(msg); },
+        text: '',
+        set text(val) {}
+      }
+    : ora({
+        text: 'Loading project...',
+        color: 'cyan'
+      }).start();
   
   try {
     const packageJsonPath = path.join(projectPath, 'package.json');
@@ -63,46 +89,168 @@ async function analyze(options) {
       process.exit(0);
     }
     
-    // Check for ecosystem alerts
+    // Check for ecosystem alerts (with cache)
     spinner.text = 'Checking ecosystem alerts...';
     let alerts = [];
-    try {
-      alerts = await checkEcosystemAlerts(projectPath, dependencies);
-    } catch (error) {
-      console.log(chalk.yellow('\n⚠️  Could not check ecosystem alerts'));
-      console.log(chalk.gray(`   Error: ${error.message}\n`));
+    
+    if (config.cache) {
+      alerts = getCached(projectPath, 'alerts');
     }
     
+    if (!alerts) {
+      try {
+        alerts = await checkEcosystemAlerts(projectPath, dependencies);
+        if (config.cache) {
+          setCache(projectPath, 'alerts', alerts);
+        }
+      } catch (error) {
+        if (outputMode !== 'silent') {
+          console.log(chalk.yellow('\n⚠️  Could not check ecosystem alerts'));
+          console.log(chalk.gray(`   Error: ${error.message}\n`));
+        }
+        alerts = [];
+      }
+    }
+    
+    // Filter alerts based on config
+    alerts = filterAlerts(alerts, config);
+    
+    // Unused dependencies
     spinner.text = 'Detecting unused dependencies...';
     let unusedDeps = [];
-    try {
-      unusedDeps = await findUnusedDeps(projectPath, dependencies);
-    } catch (error) {
-      console.log(chalk.yellow('\n⚠️  Could not detect unused dependencies'));
-      console.log(chalk.gray(`   Error: ${error.message}\n`));
+    
+    if (config.cache) {
+      unusedDeps = getCached(projectPath, 'unused');
+    }
+    
+    if (!unusedDeps) {
+      try {
+        unusedDeps = await findUnusedDeps(projectPath, dependencies);
+        if (config.cache) {
+          setCache(projectPath, 'unused', unusedDeps);
+        }
+      } catch (error) {
+        if (outputMode !== 'silent') {
+          console.log(chalk.yellow('\n⚠️  Could not detect unused dependencies'));
+          console.log(chalk.gray(`   Error: ${error.message}\n`));
+        }
+        unusedDeps = [];
+      }
     }
     
+    // Outdated packages
     spinner.text = 'Checking for outdated packages...';
     let outdatedDeps = [];
-    try {
-      outdatedDeps = await findOutdatedDeps(projectPath, dependencies);
-    } catch (error) {
-      console.log(chalk.yellow('\n⚠️  Could not check for outdated packages'));
-      console.log(chalk.gray(`   Error: ${error.message}\n`));
+    
+    if (config.cache) {
+      outdatedDeps = getCached(projectPath, 'outdated');
+    }
+    
+    if (!outdatedDeps) {
+      try {
+        outdatedDeps = await findOutdatedDeps(projectPath, dependencies);
+        if (config.cache) {
+          setCache(projectPath, 'outdated', outdatedDeps);
+        }
+      } catch (error) {
+        if (outputMode !== 'silent') {
+          console.log(chalk.yellow('\n⚠️  Could not check for outdated packages'));
+          console.log(chalk.gray(`   Error: ${error.message}\n`));
+        }
+        outdatedDeps = [];
+      }
+    }
+    
+    // Check security vulnerabilities (NEW)
+    spinner.text = 'Checking security vulnerabilities...';
+    let securityData = { vulnerabilities: [], metadata: { total: 0, critical: 0, high: 0, moderate: 0, low: 0 } };
+    
+    if (config.cache) {
+      const cached = getCached(projectPath, 'security');
+      if (cached) securityData = cached;
+    }
+    
+    if (securityData.metadata.total === 0) {
+      try {
+        securityData = await checkSecurity(projectPath);
+        if (config.cache) {
+          setCache(projectPath, 'security', securityData);
+        }
+      } catch (error) {
+        if (outputMode !== 'silent') {
+          console.log(chalk.yellow('\n⚠️  Could not check security vulnerabilities'));
+          console.log(chalk.gray(`   Error: ${error.message}\n`));
+        }
+      }
+    }
+    
+    // Analyze bundle sizes (NEW)
+    spinner.text = 'Analyzing bundle sizes...';
+    let bundleSizes = [];
+    
+    if (config.cache) {
+      const cached = getCached(projectPath, 'bundleSizes');
+      if (cached) bundleSizes = cached;
+    }
+    
+    if (bundleSizes.length === 0) {
+      try {
+        bundleSizes = await analyzeBundleSizes(projectPath, dependencies);
+        if (config.cache && bundleSizes.length > 0) {
+          setCache(projectPath, 'bundleSizes', bundleSizes);
+        }
+      } catch (error) {
+        // Bundle size analysis is optional
+      }
+    }
+    
+    // Check licenses (NEW)
+    spinner.text = 'Checking licenses...';
+    let licenses = [];
+    
+    if (config.cache) {
+      const cached = getCached(projectPath, 'licenses');
+      if (cached) licenses = cached;
     }
     
+    if (licenses.length === 0) {
+      try {
+        licenses = await checkLicenses(projectPath, dependencies);
+        if (config.cache && licenses.length > 0) {
+          setCache(projectPath, 'licenses', licenses);
+        }
+      } catch (error) {
+        // License checking is optional
+      }
+    }
+    
+    // Calculate score (UPDATED)
     const alertPenalty = calculateAlertPenalty(alerts);
+    const securityPenalty = calculateSecurityPenalty(securityData.metadata);
+    
     const score = calculateScore(
       totalDeps,
       unusedDeps.length,
       outdatedDeps.length,
       alerts.length,
-      alertPenalty
+      alertPenalty,
+      securityPenalty
     );
     
     spinner.succeed(chalk.green(`Scanned ${totalDeps} dependencies in project`));
     
-    displayResults(alerts, unusedDeps, outdatedDeps, score, totalDeps);
+    // Handle different output modes
+    if (outputMode === 'json') {
+      const jsonOutput = formatAsJson(alerts, unusedDeps, outdatedDeps, score, totalDeps, securityData, bundleSizes, licenses);
+      console.log(jsonOutput);
+    } else if (outputMode === 'ci') {
+      displayResults(alerts, unusedDeps, outdatedDeps, score, totalDeps, securityData, bundleSizes, licenses);
+      handleCiMode(score, config, alerts, unusedDeps);
+    } else if (outputMode === 'silent') {
+      // Silent mode - no output
+    } else {
+      displayResults(alerts, unusedDeps, outdatedDeps, score, totalDeps, securityData, bundleSizes, licenses);
+    }
     
   } catch (error) {
     spinner.fail(chalk.red('Analysis failed'));
@@ -114,10 +262,40 @@ async function analyze(options) {
   }
 }
 
-function displayResults(alerts, unusedDeps, outdatedDeps, score, totalDeps) {
+function displayResults(alerts, unusedDeps, outdatedDeps, score, totalDeps, securityData, bundleSizes, licenses) {
   logDivider();
   
-  // ECOSYSTEM ALERTS (NEW SECTION)
+  // SECURITY VULNERABILITIES (NEW SECTION)
+  if (securityData.metadata.total > 0) {
+    const criticalCount = securityData.metadata.critical;
+    const highCount = securityData.metadata.high;
+    const moderateCount = securityData.metadata.moderate;
+    const lowCount = securityData.metadata.low;
+    
+    logSection('🔐 SECURITY VULNERABILITIES', securityData.metadata.total);
+    
+    if (criticalCount > 0) {
+      log(chalk.red.bold(`\n  🔴 CRITICAL: ${criticalCount}`));
+    }
+    if (highCount > 0) {
+      log(chalk.red(`  🟠 HIGH: ${highCount}`));
+    }
+    if (moderateCount > 0) {
+      log(chalk.yellow(`  🟡 MODERATE: ${moderateCount}`));
+    }
+    if (lowCount > 0) {
+      log(chalk.gray(`  ⚪ LOW: ${lowCount}`));
+    }
+    
+    log(chalk.cyan('\n  Run') + chalk.bold(' npm audit fix ') + chalk.cyan('to fix vulnerabilities\n'));
+  } else {
+    logSection('✅ SECURITY VULNERABILITIES');
+    log(chalk.green('  No vulnerabilities detected!\n'));
+  }
+  
+  logDivider();
+  
+  // ECOSYSTEM ALERTS
   if (alerts.length > 0) {
     logSection('🚨 ECOSYSTEM ALERTS', alerts.length);
     
@@ -198,6 +376,46 @@ function displayResults(alerts, unusedDeps, outdatedDeps, score, totalDeps) {
   
   logDivider();
   
+  // BUNDLE SIZE (NEW SECTION)
+  const heavyPackages = findHeavyPackages(bundleSizes);
+  if (heavyPackages.length > 0) {
+    logSection('📦 HEAVY PACKAGES', heavyPackages.length);
+    
+    log(chalk.gray('  Packages larger than 1MB:\n'));
+    
+    heavyPackages.slice(0, 10).forEach(pkg => {
+      const nameCol = pkg.name.padEnd(25);
+      const size = pkg.size > 5120 
+        ? chalk.red(pkg.sizeFormatted)
+        : chalk.yellow(pkg.sizeFormatted);
+      
+      log(`  ${nameCol} ${size}`);
+    });
+    
+    log('');
+    logDivider();
+  }
+  
+  // LICENSE WARNINGS (NEW SECTION - ALWAYS SHOW)
+  const problematicLicenses = findProblematicLicenses(licenses);
+  if (problematicLicenses.length > 0) {
+    logSection('⚖️  LICENSE WARNINGS', problematicLicenses.length);
+    
+    problematicLicenses.forEach(pkg => {
+      const type = pkg.type === 'restrictive' 
+        ? chalk.red('Restrictive') 
+        : chalk.yellow('Unknown');
+      log(`  ${chalk.bold(pkg.package)} - ${type} (${pkg.license})`);
+    });
+    
+    log(chalk.gray('\n  Note: Restrictive licenses may require legal review\n'));
+  } else {
+    logSection('✅ LICENSE COMPLIANCE');
+    log(chalk.green('  All licenses are permissive!\n'));
+  }
+  
+  logDivider();
+  
   // PROJECT HEALTH
   logSection('📊 PROJECT HEALTH');
   
@@ -205,6 +423,10 @@ function displayResults(alerts, unusedDeps, outdatedDeps, score, totalDeps) {
   log(`  Overall Score:              ${scoreColor(score.total + '/10')}`);
   log(`  Total Dependencies:         ${chalk.cyan(totalDeps)}`);
   
+  if (securityData.metadata.total > 0) {
+    log(`  Security Vulnerabilities:   ${chalk.red(securityData.metadata.total)}`);
+  }
+  
   if (alerts.length > 0) {
     log(`  Ecosystem Alerts:           ${chalk.red(alerts.length)}`);
   }
@@ -215,16 +437,23 @@ function displayResults(alerts, unusedDeps, outdatedDeps, score, totalDeps) {
   logDivider();
   
   // QUICK WINS
-  displayQuickWins(alerts, unusedDeps, outdatedDeps, score, totalDeps);
+  displayQuickWins(alerts, unusedDeps, outdatedDeps, score, totalDeps, securityData);
 }
 
-function displayQuickWins(alerts, unusedDeps, outdatedDeps, score, totalDeps) {
+function displayQuickWins(alerts, unusedDeps, outdatedDeps, score, totalDeps, securityData) {
   const hasCriticalAlerts = alerts.some(a => a.severity === 'critical' || a.severity === 'high');
+  const hasCriticalSecurity = securityData.metadata.critical > 0 || securityData.metadata.high > 0;
   
-  if (hasCriticalAlerts || unusedDeps.length > 0) {
+  if (hasCriticalSecurity || hasCriticalAlerts || unusedDeps.length > 0) {
     logSection('💡 QUICK WINS');
     
-    // Fix critical alerts first
+    // Fix security vulnerabilities first
+    if (hasCriticalSecurity) {
+      log('  🔐 Fix security vulnerabilities:\n');
+      log(chalk.cyan(`  npm audit fix\n`));
+    }
+    
+    // Fix critical alerts
     if (hasCriticalAlerts) {
       const criticalAlerts = alerts.filter(a => a.severity === 'critical' || a.severity === 'high');
       
@@ -257,13 +486,18 @@ function displayQuickWins(alerts, unusedDeps, outdatedDeps, score, totalDeps) {
       0,
       outdatedDeps.length,
       alerts.length - alerts.filter(a => a.severity === 'critical' || a.severity === 'high').length,
-      alertPenalty
+      alertPenalty,
+      0 // Assume security issues fixed
     );
     
     log('  Expected impact:');
     
+    if (hasCriticalSecurity) {
+      log(`  ${chalk.green('✓')} Resolve security vulnerabilities`);
+    }
+    
     if (hasCriticalAlerts) {
-      log(`  ${chalk.green('✓')} Resolve critical security/stability issues`);
+      log(`  ${chalk.green('✓')} Resolve critical stability issues`);
     }
     
     if (unusedDeps.length > 0) {
@@ -274,6 +508,8 @@ function displayQuickWins(alerts, unusedDeps, outdatedDeps, score, totalDeps) {
     const improvedScoreColor = getScoreColor(improvedScore.total);
     log(`  ${chalk.green('✓')} Improve health score → ${improvedScoreColor(improvedScore.total + '/10')}\n`);
     
+    log(chalk.cyan('💡 TIP: Run') + chalk.bold(' devcompass fix ') + chalk.cyan('to apply these fixes automatically!\n'));
+    
     logDivider();
   }
 }

package/src/commands/fix.js

@@ -1,3 +1,4 @@
+// src/commands/fix.js
 const chalk = require('chalk');
 const ora = require('ora');
 const { execSync } = require('child_process');

package/src/config/loader.js

@@ -1,3 +1,4 @@
+// src/config/loader.js
 const fs = require('fs');
 const path = require('path');
 
@@ -20,10 +21,52 @@ function loadConfig(projectPath) {
 function getDefaultConfig() {
   return {
     ignore: [],
-    ignoreSeverity: [],
+    ignoreSeverity: [], // e.g., ["low", "medium"]
+    minSeverity: null,  // e.g., "medium" - only show medium+ alerts
     minScore: 0,
-    cache: true
+    cache: true,
+    outputMode: 'normal' // normal, json, silent, ci
   };
 }
 
-module.exports = { loadConfig };
+/**
+ * Check if alert should be ignored based on config
+ */
+function shouldIgnoreAlert(alert, config) {
+  // Check if package is in ignore list
+  if (config.ignore.includes(alert.package)) {
+    return true;
+  }
+  
+  // Check if severity is ignored
+  if (config.ignoreSeverity.includes(alert.severity)) {
+    return true;
+  }
+  
+  // Check minimum severity level
+  if (config.minSeverity) {
+    const severityOrder = { critical: 0, high: 1, medium: 2, low: 3 };
+    const minLevel = severityOrder[config.minSeverity];
+    const alertLevel = severityOrder[alert.severity];
+    
+    if (alertLevel > minLevel) {
+      return true; // Alert is below minimum severity
+    }
+  }
+  
+  return false;
+}
+
+/**
+ * Filter alerts based on config
+ */
+function filterAlerts(alerts, config) {
+  return alerts.filter(alert => !shouldIgnoreAlert(alert, config));
+}
+
+module.exports = { 
+  loadConfig,
+  getDefaultConfig,
+  shouldIgnoreAlert,
+  filterAlerts
+};

package/src/utils/ci-handler.js

@@ -0,0 +1,33 @@
+// src/utils/ci-handler.js
+const chalk = require('chalk');
+
+/**
+ * Handle CI mode - exit with error code if score below threshold
+ */
+function handleCiMode(score, config, alerts, unusedDeps) {
+  const minScore = config.minScore || 7;
+  
+  if (score.total < minScore) {
+    console.log(chalk.red(`\n❌ CI CHECK FAILED`));
+    console.log(chalk.red(`Health score ${score.total}/10 is below minimum ${minScore}/10\n`));
+    
+    // Show critical issues
+    const criticalAlerts = alerts.filter(a => a.severity === 'critical' || a.severity === 'high');
+    
+    if (criticalAlerts.length > 0) {
+      console.log(chalk.red(`Critical issues: ${criticalAlerts.length}`));
+    }
+    
+    if (unusedDeps.length > 0) {
+      console.log(chalk.yellow(`Unused dependencies: ${unusedDeps.length}`));
+    }
+    
+    process.exit(1); // Fail CI
+  } else {
+    console.log(chalk.green(`\n✅ CI CHECK PASSED`));
+    console.log(chalk.green(`Health score ${score.total}/10 meets minimum ${minScore}/10\n`));
+    process.exit(0);
+  }
+}
+
+module.exports = { handleCiMode };

package/src/utils/json-formatter.js

@@ -0,0 +1,78 @@
+// src/utils/json-formatter.js
+
+/**
+ * Format analysis results as JSON
+ */
+function formatAsJson(alerts, unusedDeps, outdatedDeps, score, totalDeps, securityData, bundleSizes, licenses) {
+  const problematicLicenses = licenses.filter(l => l.type === 'restrictive' || l.type === 'unknown');
+  const heavyPackages = bundleSizes.filter(p => p.size > 1024);
+  
+  return JSON.stringify({
+    version: require('../../package.json').version,
+    timestamp: new Date().toISOString(),
+    summary: {
+      healthScore: score.total,
+      totalDependencies: totalDeps,
+      securityVulnerabilities: securityData.metadata.total,
+      ecosystemAlerts: alerts.length,
+      unusedDependencies: unusedDeps.length,
+      outdatedPackages: outdatedDeps.length,
+      heavyPackages: heavyPackages.length,
+      licenseWarnings: problematicLicenses.length
+    },
+    security: {
+      total: securityData.metadata.total,
+      critical: securityData.metadata.critical,
+      high: securityData.metadata.high,
+      moderate: securityData.metadata.moderate,
+      low: securityData.metadata.low,
+      vulnerabilities: securityData.vulnerabilities.map(v => ({
+        package: v.package,
+        severity: v.severity,
+        title: v.title,
+        cve: v.cve,
+        fixAvailable: v.fixAvailable
+      }))
+    },
+    ecosystemAlerts: alerts.map(alert => ({
+      package: alert.package,
+      version: alert.version,
+      severity: alert.severity,
+      title: alert.title,
+      affected: alert.affected,
+      fix: alert.fix,
+      source: alert.source,
+      reported: alert.reported
+    })),
+    unusedDependencies: unusedDeps.map(dep => ({
+      name: dep.name
+    })),
+    outdatedPackages: outdatedDeps.map(dep => ({
+      name: dep.name,
+      current: dep.current,
+      latest: dep.latest,
+      updateType: dep.versionsBehind
+    })),
+    bundleAnalysis: {
+      heavyPackages: heavyPackages.map(pkg => ({
+        name: pkg.name,
+        size: pkg.sizeFormatted
+      }))
+    },
+    licenses: {
+      warnings: problematicLicenses.map(pkg => ({
+        package: pkg.package,
+        license: pkg.license,
+        type: pkg.type
+      }))
+    },
+    scoreBreakdown: {
+      unusedPenalty: score.breakdown.unusedPenalty,
+      outdatedPenalty: score.breakdown.outdatedPenalty,
+      alertsPenalty: score.breakdown.alertsPenalty,
+      securityPenalty: score.breakdown.securityPenalty
+    }
+  }, null, 2);
+}
+
+module.exports = { formatAsJson };

package/src/utils/logger.js

@@ -1,3 +1,4 @@
+// src/utils/logger.js
 const chalk = require('chalk');
 
 function log(message) {