npm - verimu - Versions diffs - 0.0.19 → 0.0.21 - Mend

verimu 0.0.19 → 0.0.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/dist/index.d.cts CHANGED Viewed

@@ -128,6 +128,14 @@ interface UsageSnippet {
     calledSymbol?: string;
     /** Confidence score in [0, 1] */
     confidence: number;
+    /**
+     * Which lines within `code` to highlight in the UI.
+     * Both values are 0-indexed offsets into the `code` string's lines
+     * (i.e. relative to `startLine`, not to the source file).
+     * Example: if startLine=6 and the match is on source line 10,
+     * highlight = [4, 4] (single-line) or [4, 6] (multi-line range).
+     */
+    highlight: [startOffset: number, endOffset: number];
 }
 /** Usage-context outcome for one vulnerability */
 interface UsageContextVulnerabilityFinding {
@@ -261,6 +269,8 @@ interface VerimuConfig {
     skipCveCheck?: boolean;
     /** Optional context lines around usage snippets (default: 4, clamped to 0..20) */
     numContextLines?: number;
+    /** Optional group name to associate this project with others in the dashboard */
+    groupName?: string;
 }
 /** Input for the pure `generateSbom()` function */
 interface GenerateSbomInput {
@@ -402,6 +412,7 @@ interface UpsertProjectResponse {
         ecosystem: string;
         repository_url: string | null;
         platform: string | null;
+        group_name: string | null;
     };
     created: boolean;
 }
@@ -457,6 +468,7 @@ declare class VerimuApiClient {
         ecosystem: Ecosystem;
         repositoryUrl?: string;
         platform?: string;
+        groupName?: string;
     }): Promise<UpsertProjectResponse>;
     /**
      * Upload a software inventory artifact payload to a project and trigger CVE scanning.

package/dist/index.d.ts CHANGED Viewed

@@ -128,6 +128,14 @@ interface UsageSnippet {
     calledSymbol?: string;
     /** Confidence score in [0, 1] */
     confidence: number;
+    /**
+     * Which lines within `code` to highlight in the UI.
+     * Both values are 0-indexed offsets into the `code` string's lines
+     * (i.e. relative to `startLine`, not to the source file).
+     * Example: if startLine=6 and the match is on source line 10,
+     * highlight = [4, 4] (single-line) or [4, 6] (multi-line range).
+     */
+    highlight: [startOffset: number, endOffset: number];
 }
 /** Usage-context outcome for one vulnerability */
 interface UsageContextVulnerabilityFinding {
@@ -261,6 +269,8 @@ interface VerimuConfig {
     skipCveCheck?: boolean;
     /** Optional context lines around usage snippets (default: 4, clamped to 0..20) */
     numContextLines?: number;
+    /** Optional group name to associate this project with others in the dashboard */
+    groupName?: string;
 }
 /** Input for the pure `generateSbom()` function */
 interface GenerateSbomInput {
@@ -402,6 +412,7 @@ interface UpsertProjectResponse {
         ecosystem: string;
         repository_url: string | null;
         platform: string | null;
+        group_name: string | null;
     };
     created: boolean;
 }
@@ -457,6 +468,7 @@ declare class VerimuApiClient {
         ecosystem: Ecosystem;
         repositoryUrl?: string;
         platform?: string;
+        groupName?: string;
     }): Promise<UpsertProjectResponse>;
     /**
      * Upload a software inventory artifact payload to a project and trigger CVE scanning.

package/dist/index.mjs CHANGED Viewed

@@ -14426,9 +14426,10 @@ var NpmScanner = class {
     if (lockfile.packages) {
       for (const [pkgPath, pkgInfo] of Object.entries(lockfile.packages)) {
         if (pkgPath === "") continue;
+        if (!pkgPath.startsWith("node_modules/")) continue;
+        if (pkgInfo.link) continue;
         const name = this.extractPackageName(pkgPath);
         if (!name || !pkgInfo.version) continue;
-        if (pkgInfo.link) continue;
         deps.push({
           name,
           version: pkgInfo.version,
@@ -17026,7 +17027,8 @@ var VerimuApiClient = class {
         name: opts.name,
         ecosystem: this.mapEcosystem(opts.ecosystem),
         repository_url: opts.repositoryUrl ?? null,
-        platform: opts.platform ?? null
+        platform: opts.platform ?? null,
+        group_name: opts.groupName ?? null
       })
     });
     if (!res.ok) {
@@ -17178,6 +17180,8 @@ function buildSnippet(params) {
   const startLine = Math.max(1, centerLine - numContextLines);
   const endLine = Math.min(lines.length || 1, centerLine + numContextLines);
   const code = lines.slice(startLine - 1, endLine).join("\n");
+  const highlightOffset = centerLine - startLine;
+  const highlight = [highlightOffset, highlightOffset];
   return {
     filePath: relative(projectPath, filePath).split(sep).join("/"),
     startLine,
@@ -17185,7 +17189,8 @@ function buildSnippet(params) {
     code,
     matchKind,
     calledSymbol,
-    confidence
+    confidence,
+    highlight
   };
 }
 function dedupeSnippets(snippets) {
@@ -18944,7 +18949,8 @@ async function uploadToVerimu(report, config) {
   const projectName = basename(config.projectPath);
   const upsertRes = await client.upsertProject({
     name: projectName,
-    ecosystem: report.project.ecosystem
+    ecosystem: report.project.ecosystem,
+    groupName: config.groupName
   });
   const projectId = upsertRes.project.id;
   const scanRes = await client.uploadSbom(projectId, buildUploadPayload(report));