pomanalyzer 1.0.0 → 1.0.1

package/.github/workflows/sonarcloud.yml

@@ -0,0 +1,69 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# This workflow helps you trigger a SonarCloud analysis of your code and populates
+# GitHub Code Scanning alerts with the vulnerabilities found.
+# Free for open source project.
+
+# 1. Login to SonarCloud.io using your GitHub account
+
+# 2. Import your project on SonarCloud
+#     * Add your GitHub organization first, then add your repository as a new project.
+#     * Please note that many languages are eligible for automatic analysis,
+#       which means that the analysis will start automatically without the need to set up GitHub Actions.
+#     * This behavior can be changed in Administration > Analysis Method.
+#
+# 3. Follow the SonarCloud in-product tutorial
+#     * a. Copy/paste the Project Key and the Organization Key into the args parameter below
+#          (You'll find this information in SonarCloud. Click on "Information" at the bottom left)
+#
+#     * b. Generate a new token and add it to your Github repository's secrets using the name SONAR_TOKEN
+#          (On SonarCloud, click on your avatar on top-right > My account > Security
+#           or go directly to https://sonarcloud.io/account/security/)
+
+# Feel free to take a look at our documentation (https://docs.sonarcloud.io/getting-started/github/)
+# or reach out to our community forum if you need some help (https://community.sonarsource.com/c/help/sc/9)
+
+name: SonarCloud analysis
+
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+    branches: ["main"]
+  workflow_dispatch:
+
+permissions:
+  pull-requests: read # allows SonarCloud to decorate PRs with analysis results
+
+jobs:
+  Analysis:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Analyze with SonarCloud
+
+        # You can pin the exact commit or the version.
+        # uses: SonarSource/sonarcloud-github-action@v2.2.0
+        uses: SonarSource/sonarcloud-github-action@4006f663ecaf1f8093e8e4abb9227f6041f52216
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} # Generate a token on Sonarcloud.io, add it to the secrets of this repo with the name SONAR_TOKEN (Settings > Secrets > Actions > add new repository secret)
+        with:
+          # Additional arguments for the SonarScanner CLI
+          args:
+            # Unique keys of your project and organization. You can find them in SonarCloud > Information (bottom-left menu)
+            # mandatory
+            -Dsonar.projectKey=zackria_pomanalyzer
+            -Dsonar.organization=zackria
+            -Dsonar.cpd.exclusions=test/**/*.test.js,coverage/**
+            -Dsonar.exclusions=coverage/**
+            # Comma-separated paths to directories containing main source files.
+            #-Dsonar.sources= # optional, default is project base directory
+            # Comma-separated paths to directories containing test source files.
+            #-Dsonar.tests= # optional. For more info about Code Coverage, please refer to https://docs.sonarcloud.io/enriching/test-coverage/overview/
+            # Adds more detail to both client and server-side analysis logs, activating DEBUG mode for the scanner, and adding client-side environment variables and system properties to the server-side log of analysis report processing.
+            #-Dsonar.verbose= # optional, default is false
+          # When you need the analysis to take place in a directory other than the one from which it was launched, default is .
+          projectBaseDir: .

package/DEPENDENCY.md

@@ -0,0 +1,20 @@
+# Dependency Diagram
+
+```mermaid
+graph TD
+    A[analyzePom index.js] -->|uses| B[readPomXml dependencyService.js]
+    B -->|uses| C[readFile fileUtils.js]
+    B -->|uses| D[parseXml xmlParser.js]
+    B -->|uses| E[resolveVersion dependencyResolver.js]
+    A -->|uses| F[checkForDuplicates duplicateChecker.js]
+    A -->|uses| G[printTable outputFormatter.js]
+    A -->|uses| H[printHTMLTable printHTMLTable.js]
+    A -->|uses| I[printMarkdownTable printMarkdownTable.js]
+    H -->|uses| J[fs Node.js]
+    H -->|uses| K[path Node.js]
+    I -->|uses| J[fs Node.js]
+    I -->|uses| K[path Node.js]
+    C -->|uses| J[fs Node.js]
+    D -->|uses| L[xml2js npm]
+
+```

package/DOCUMENTATION.md

@@ -0,0 +1,157 @@
+# POM Analyzer Documentation
+
+This document provides an overview of the functionality of each JavaScript file in the project.
+
+---
+
+## `/src/services/dependencyService.js`
+
+### Description
+This file contains functions to read and parse Maven `pom.xml` files and extract dependencies.
+
+### Functions
+1. **`readPomXml(filePath)`**
+   - Reads and parses a Maven `pom.xml` file.
+   - **Parameters**: 
+     - `filePath` (string): Path to the `pom.xml` file.
+   - **Returns**: A promise that resolves to an array of dependencies.
+
+2. **`extractDependencies(result)`**
+   - Extracts dependencies from the parsed XML result.
+   - **Parameters**: 
+     - `result` (Object): Parsed XML result.
+   - **Returns**: An array of dependencies.
+
+---
+
+## `/cli.js`
+
+### Description
+This file serves as the command-line interface for the POM Analyzer. It uses the `commander` library to parse CLI arguments and options.
+
+### Key Features
+- Displays version and usage information.
+- Accepts options for generating HTML and Markdown reports.
+- Invokes the `analyzePom` function to analyze the provided `pom.xml` file.
+
+---
+
+## `/src/index.js`
+
+### Description
+This file contains the main logic for analyzing Maven `pom.xml` files. It integrates various services and utilities to process dependencies and generate reports.
+
+### Functions
+1. **`analyzePom(pomXmlPath, options)`**
+   - Analyzes the provided `pom.xml` file.
+   - **Parameters**:
+     - `pomXmlPath` (string): Path to the `pom.xml` file.
+     - `options` (Object): Options for generating reports (HTML, Markdown, etc.).
+   - **Behavior**:
+     - Reads dependencies using `readPomXml`.
+     - Checks for duplicate dependencies.
+     - Generates reports based on the provided options.
+
+---
+
+## `/src/utils/xmlParser.js`
+
+### Description
+This file provides a utility function to parse XML content into a JavaScript object using the `xml2js` library.
+
+### Functions
+1. **`parseXml(xmlContent)`**
+   - Parses XML content and returns a JavaScript object.
+   - **Parameters**:
+     - `xmlContent` (string): XML content to parse.
+   - **Returns**: A promise that resolves to the parsed object.
+
+---
+
+## `/src/utils/printMarkdownTable.js`
+
+### Description
+This file contains a function to generate and save a Markdown report for dependencies and duplicate dependencies.
+
+### Functions
+1. **`printMarkdownTable(dependencies, duplicateDependencies, title, folderPath)`**
+   - Generates and saves a Markdown table.
+   - **Parameters**:
+     - `dependencies` (Array): List of dependencies.
+     - `duplicateDependencies` (Array): List of duplicate dependencies.
+     - `title` (string): Title of the report.
+     - `folderPath` (string): Folder path to save the Markdown file.
+
+---
+
+## `/src/utils/printHTMLTable.js`
+
+### Description
+This file contains a function to generate and save an HTML report for dependencies and duplicate dependencies.
+
+### Functions
+1. **`printHTMLTable(dependencies, duplicateDependencies, title, folderPath)`**
+   - Generates and saves an HTML table.
+   - **Parameters**:
+     - `dependencies` (Array): List of dependencies.
+     - `duplicateDependencies` (Array): List of duplicate dependencies.
+     - `title` (string): Title of the report.
+     - `folderPath` (string): Folder path to save the HTML file.
+
+---
+
+## `/src/utils/outputFormatter.js`
+
+### Description
+This file provides a utility function to print dependencies in a tabular format to the console.
+
+### Functions
+1. **`printTable(dependencies, title)`**
+   - Prints a list of dependencies in a table format.
+   - **Parameters**:
+     - `dependencies` (Array): List of dependencies.
+     - `title` (string): Title of the table.
+
+---
+
+## `/src/utils/fileUtils.js`
+
+### Description
+This file contains utility functions for file operations, such as reading files.
+
+### Functions
+1. **`readFile(filePath)`**
+   - Reads a file and returns its content.
+   - **Parameters**:
+     - `filePath` (string): Path to the file.
+   - **Returns**: A promise that resolves to the file content.
+
+---
+
+## `/src/utils/dependencyResolver.js`
+
+### Description
+This file provides a utility function to resolve Maven-style property placeholders in version strings.
+
+### Functions
+1. **`resolveVersion(version, properties)`**
+   - Resolves a Maven-style property placeholder in a version string.
+   - **Parameters**:
+     - `version` (string): Version string with a placeholder.
+     - `properties` (Object): Key-value pairs of Maven properties.
+   - **Returns**: Resolved version string or "N/A" if unresolved.
+
+---
+
+## `/src/services/duplicateChecker.js`
+
+### Description
+This file contains a function to identify duplicate dependencies based on `groupId` and `artifactId`.
+
+### Functions
+1. **`checkForDuplicates(dependencies)`**
+   - Identifies duplicate dependencies.
+   - **Parameters**:
+     - `dependencies` (Array): List of dependencies.
+   - **Returns**: List of duplicate dependencies grouped by `groupId:artifactId`.
+

package/README.md

@@ -2,7 +2,7 @@
 
 pomanalyzer is a utility to analyze Apache Maven POM XML files offline. It extracts and formats dependency information, detects duplicate dependencies, and generates reports in various formats.
 
-[![NPM Package](https://img.shields.io/npm/v/pomanalyzer.svg)](https://www.npmjs.com/package/pomanalyzer)
+[![NPM Package](https://img.shields.io/npm/v/pomanalyzer.svg)](https://www.npmjs.com/package/pomanalyzer)  [![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=zackria_pomanalyzer&metric=alert_status)](https://sonarcloud.io/summary/new_code?id=zackria_pomanalyzer)
 
 
 ## Features
@@ -144,6 +144,10 @@ This package is thoroughly tested with over 90% code coverage to ensure reliabil
 
 ![Test Coverage](./screenshots/CodeCoverage.png)
 
+## Documentation
+
+For more detailed information, please check the [Documentation](DOCUMENTATION.md).
+
 ## Compatibility
 
 Developed and tested with:

package/cli.js

@@ -2,8 +2,8 @@
 
 import { program } from 'commander';
 import { analyzePom } from './src/index.js';
-import { readFileSync } from 'fs';
-import path from 'path';
+import { readFileSync } from 'node:fs';
+import path from 'node:path';
 
 // Get version from package.json
 let version = '1.0.0';
@@ -12,7 +12,9 @@ try {
   const packageJson = JSON.parse(readFileSync('./package.json', 'utf8'));
   version = packageJson.version;
 } catch (err) {
-  // Use default version if package.json can't be read
+  if (err.code !== 'ENOENT') {
+    console.error(`Error reading package.json: ${err.message}`);
+  }
 }
 
 // Check if no arguments were provided
@@ -35,7 +37,7 @@ program
     try {
       // Resolve file path
       const resolvedPath = path.resolve(pomFile);
-      
+
       // Prepare options for analysis
       const analysisOptions = {
         html: options.html,
@@ -46,7 +48,7 @@ program
 
       // Use the centralized analyzePom function
       await analyzePom(resolvedPath, analysisOptions);
-      
+
     } catch (error) {
       console.error('Error:', error.message);
       process.exit(1);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pomanalyzer",
-  "version": "1.0.0",
+  "version": "1.0.1",
   "description": "pomanalyzer is a utility to analyze Apache Maven POM XML file",
   "keywords": [
     "pom",
@@ -26,22 +26,27 @@
   },
   "scripts": {
     "test": "jest",
-    "run": "node ./src/index.js"
+    "run": "node ./src/index.js",
+    "clean": "rm -rf node_modules coverage"
   },
   "devDependencies": {
-    "@babel/core": "^7.26.10",
-    "@babel/preset-env": "^7.26.9",
-    "babel-jest": "^29.7.0",
-    "jest": "^29.7.0",
-    "jest-environment-node": "^29.7.0"
+    "@babel/core": "^7.28.5",
+    "@babel/preset-env": "^7.28.5",
+    "babel-jest": "^30.2.0",
+    "jest": "^30.2.0",
+    "jest-environment-node": "^30.2.0"
   },
   "dependencies": {
-    "chalk": "^5.4.1",
-    "commander": "^13.1.0",
-    "js-yaml": "^4.1.0",
+    "chalk": "^5.6.2",
+    "commander": "^14.0.2",
+    "js-yaml": "^4.1.1",
     "xml2js": "^0.6.2"
   },
+  "overrides": {
+    "test-exclude": "^7.0.1",
+    "glob": "^10.5.0"
+  },
   "engines": {
     "node": ">=14.0.0"
   }
-}
+}

package/sonar-project.properties

@@ -0,0 +1,15 @@
+sonar.projectKey=zackria_pomanalyzer
+sonar.organization=zackria
+sonar.projectName=pomanalyzer
+sonar.projectVersion=1.0.0
+sonar.sources=src,cli.js
+sonar.tests=test
+sonar.language=js
+sonar.sourceEncoding=UTF-8
+sonar.javascript.lcov.reportPaths=coverage/lcov.info
+
+# Exclude coverage and specific test files from all analysis
+sonar.exclusions=coverage/**
+
+# Exclude test files from duplication check (CPD)
+sonar.cpd.exclusions=test/**/*.test.js,coverage/**

package/src/services/dependencyService.js

@@ -26,33 +26,29 @@ export async function readPomXml(filePath) {
  */
 function extractDependencies(result) {
   const dependencies = [];
-  
-  if (!result || !result.project) {
+
+  if (!result?.project) {
     return dependencies;
   }
-  
-  const properties = result.project.properties ? result.project.properties[0] : {};
 
-  if (result.project.dependencies && result.project.dependencies[0] && result.project.dependencies[0].dependency) {
+  const properties = result.project.properties?.[0] ?? {};
+
+  if (result.project.dependencies?.[0]?.dependency) {
     dependencies.push(
       ...result.project.dependencies[0].dependency.map((dep) => ({
-        groupId: dep.groupId ? dep.groupId[0] : 'unknown',
-        artifactId: dep.artifactId ? dep.artifactId[0] : 'unknown',
-        version: resolveVersion(dep.version && dep.version[0] ? dep.version[0] : 'N/A', properties),
+        groupId: dep.groupId?.[0] ?? 'unknown',
+        artifactId: dep.artifactId?.[0] ?? 'unknown',
+        version: resolveVersion(dep.version?.[0] ?? 'N/A', properties),
       }))
     );
   }
 
-  if (result.project.dependencyManagement && 
-      result.project.dependencyManagement[0] && 
-      result.project.dependencyManagement[0].dependencies && 
-      result.project.dependencyManagement[0].dependencies[0] &&
-      result.project.dependencyManagement[0].dependencies[0].dependency) {
+  if (result.project.dependencyManagement?.[0]?.dependencies?.[0]?.dependency) {
     dependencies.push(
       ...result.project.dependencyManagement[0].dependencies[0].dependency.map((dep) => ({
-        groupId: dep.groupId ? dep.groupId[0] : 'unknown',
-        artifactId: dep.artifactId ? dep.artifactId[0] : 'unknown',
-        version: resolveVersion(dep.version && dep.version[0] ? dep.version[0] : 'N/A', properties),
+        groupId: dep.groupId?.[0] ?? 'unknown',
+        artifactId: dep.artifactId?.[0] ?? 'unknown',
+        version: resolveVersion(dep.version?.[0] ?? 'N/A', properties),
       }))
     );
   }

package/src/utils/fileUtils.js

@@ -1,6 +1,6 @@
 // This file contains utility functions for file operations, such as reading files.
 
-import fs from 'fs';
+import fs from 'node:fs';
 
 /**
  * Reads a file and returns its content.

package/src/utils/printHTMLTable.js

@@ -1,5 +1,5 @@
-import fs from 'fs';
-import path from 'path';
+import fs from 'node:fs';
+import path from 'node:path';
 
 /**
  * Generates and saves an HTML table for the given dependencies.
@@ -18,7 +18,7 @@ export const printHTMLTable = (dependencies, duplicateDependencies, title, folde
     th { background-color: #f2f2f2; }
     .duplicate { background-color: #ffcccc; }
   </style>`;
-  
+
   // Maven Dependencies table.
   const depHeaders = Object.keys(dependencies[0] || {});
   const dependenciesTable = `
@@ -38,7 +38,7 @@ export const printHTMLTable = (dependencies, duplicateDependencies, title, folde
       </tbody>
     </table>
   `;
-  
+
   // Duplicate Dependencies table (if any).
   let duplicateTable = '';
   if (duplicateDependencies && duplicateDependencies.length > 0) {
@@ -61,9 +61,9 @@ export const printHTMLTable = (dependencies, duplicateDependencies, title, folde
       </table>
     `;
   }
-  
-  const htmlContent = `
-    <html>
+
+  const htmlContent = `<!DOCTYPE html>
+    <html lang="en">
       <head>
         <meta charset="UTF-8">
         <title>${title} Report</title>
@@ -75,9 +75,9 @@ export const printHTMLTable = (dependencies, duplicateDependencies, title, folde
       </body>
     </html>
   `;
-  
-  const filePath = path.join(folderPath, `${title.replace(/\s+/g, '_')}_report.html`);
-  
+
+  const filePath = path.join(folderPath, `${title.replaceAll(/\s+/g, '_')}_report.html`);
+
   // Ensure the folder exists
   if (!fs.existsSync(folderPath)) {
     fs.mkdirSync(folderPath, { recursive: true });

package/src/utils/printMarkdownTable.js

@@ -1,5 +1,5 @@
-import fs from 'fs';
-import path from 'path';
+import fs from 'node:fs';
+import path from 'node:path';
 
 /**
  * Generates and saves a Markdown table for the given dependencies.
@@ -17,7 +17,7 @@ export const printMarkdownTable = (dependencies, duplicateDependencies, title, f
 | ${depHeaders.map(() => '---').join(' | ')} |
 ${dependencies.map(dep => `| ${Object.values(dep).join(' | ')} |`).join('\n')}
   `;
-  
+
   let duplicateTable = '';
   if (duplicateDependencies && duplicateDependencies.length > 0) {
     const dupHeaders = Object.keys(duplicateDependencies[0] || {});
@@ -29,7 +29,7 @@ ${dependencies.map(dep => `| ${Object.values(dep).join(' | ')} |`).join('\n')}
 ${duplicateDependencies.map(dep => `| ${Object.values(dep).join(' | ')} |  <!-- duplicate row -->`).join('\n')}
     `;
   }
-  
+
   const markdownContent = `
 # Report
 
@@ -37,9 +37,9 @@ ${dependenciesTable}
 
 ${duplicateTable}
   `;
-  
-  const filePath = path.join(folderPath, `${title.replace(/\s+/g, '_')}_report.md`);
-  
+
+  const filePath = path.join(folderPath, `${title.replaceAll(/\s+/g, '_')}_report.md`);
+
   // Ensure the folder exists
   if (!fs.existsSync(folderPath)) {
     fs.mkdirSync(folderPath, { recursive: true });

package/test/fileUtils.test.js

@@ -1,7 +1,7 @@
 import { readFile } from '../src/utils/fileUtils';
-import fs from 'fs';
+import fs from 'node:fs';
 
-jest.mock('fs');
+jest.mock('node:fs');
 
 describe('File Utils', () => {
   const mockFilePath = 'mock/path/to/file.txt';

package/output/Maven_Dependencies_report.html

@@ -1,84 +0,0 @@
-
-    <html>
-      <head>
-        <meta charset="UTF-8">
-        <title>Maven Dependencies Report</title>
-        <style>
-    body { font-family: Arial, sans-serif; margin: 20px; }
-    h2 { color: #333; }
-    table { width: 100%; border-collapse: collapse; margin-bottom: 20px; }
-    th, td { border: 1px solid #ddd; padding: 8px; text-align: left; }
-    th { background-color: #f2f2f2; }
-    .duplicate { background-color: #ffcccc; }
-  </style>
-      </head>
-      <body>
-        
-    <h2>Maven Dependencies</h2>
-    <table>
-      <thead>
-        <tr>
-          <th>groupId</th><th>artifactId</th><th>version</th>
-        </tr>
-      </thead>
-      <tbody>
-        
-          <tr>
-            <td>org.springframework</td><td>spring-core</td><td>5.3.9</td>
-          </tr>
-        
-          <tr>
-            <td>org.springframework</td><td>spring-core</td><td>5.3.9</td>
-          </tr>
-        
-          <tr>
-            <td>org.apache.commons</td><td>commons-lang3</td><td>N/A</td>
-          </tr>
-        
-          <tr>
-            <td>org.apache.commons</td><td>commons-lang3</td><td>N/A</td>
-          </tr>
-        
-          <tr>
-            <td>junit</td><td>junit</td><td>4.13.2</td>
-          </tr>
-        
-          <tr>
-            <td>com.google.guava</td><td>guava</td><td>N/A</td>
-          </tr>
-        
-          <tr>
-            <td>com.google.guava</td><td>guava</td><td>N/A</td>
-          </tr>
-        
-      </tbody>
-    </table>
-  
-        
-      <h2>Duplicate Dependencies</h2>
-      <table>
-        <thead>
-          <tr>
-            <th>dependency</th><th>versions</th>
-          </tr>
-        </thead>
-        <tbody>
-          
-            <tr class="duplicate">
-              <td>org.springframework:spring-core</td><td>5.3.9, 5.3.9</td>
-            </tr>
-          
-            <tr class="duplicate">
-              <td>org.apache.commons:commons-lang3</td><td>N/A, N/A</td>
-            </tr>
-          
-            <tr class="duplicate">
-              <td>com.google.guava:guava</td><td>N/A, N/A</td>
-            </tr>
-          
-        </tbody>
-      </table>
-    
-      </body>
-    </html>
-  

package/output/Maven_Dependencies_report.md

@@ -1,24 +0,0 @@
-# Report
-
-
-## Maven Dependencies
-
-| groupId | artifactId | version |
-| --- | --- | --- |
-| org.springframework | spring-core | 5.3.9 |
-| org.springframework | spring-core | 5.3.9 |
-| org.apache.commons | commons-lang3 | N/A |
-| org.apache.commons | commons-lang3 | N/A |
-| junit | junit | 4.13.2 |
-| com.google.guava | guava | N/A |
-| com.google.guava | guava | N/A |
-  
-
-
-## Duplicate Dependencies
-
-| dependency | versions |
-| --- | --- |
-| org.springframework:spring-core | 5.3.9, 5.3.9 |  <!-- duplicate row -->
-| org.apache.commons:commons-lang3 | N/A, N/A |  <!-- duplicate row -->
-| com.google.guava:guava | N/A, N/A |  <!-- duplicate row -->