├── .github └── workflows │ ├── ci.yml │ └── deps.yml ├── .gitignore ├── .tool-versions ├── LICENSE ├── README.md ├── birdie_snapshots ├── erlang@advisories_test@test_testdata_advisories_all_yaml.accepted ├── erlang@conf_test@test_testdata_gleam_basic_toml.accepted ├── erlang@conf_test@test_testdata_gleam_empty_toml.accepted ├── erlang@conf_test@test_testdata_gleam_full_toml.accepted ├── erlang@conf_test@test_testdata_gleam_indirect_new_toml.accepted ├── erlang@conf_test@test_testdata_gleam_partial_toml.accepted ├── erlang@decode_latest_stable_version_and_licenses@test_testdata_hex_empty_licenses_json.accepted ├── erlang@decode_latest_stable_version_and_licenses@test_testdata_hex_full_json.accepted ├── erlang@decode_latest_stable_version_and_licenses@test_testdata_hex_multi_license_json.accepted ├── erlang@decode_latest_stable_version_and_licenses@test_testdata_hex_no_license_json.accepted ├── erlang@decode_latest_stable_version_and_licenses@test_testdata_hex_no_meta_json.accepted ├── erlang@decode_latest_stable_version_and_licenses@test_testdata_hex_no_version_json.accepted ├── erlang@decode_latest_stable_version_and_licenses@test_testdata_hex_version_null_json.accepted ├── erlang@manifest_test@test_testdata_manifest_a_toml.accepted ├── erlang@manifest_test@test_testdata_manifest_b_toml.accepted ├── erlang@manifest_test@test_testdata_manifest_dos_toml.accepted ├── erlang@manifest_test@test_testdata_manifest_empty_toml.accepted ├── erlang@manifest_test@test_testdata_manifest_git_toml.accepted ├── erlang@manifest_test@test_testdata_manifest_local_toml.accepted ├── erlang@spin_up_test@empty.accepted ├── erlang@spin_up_test@fake.accepted ├── erlang@spin_up_test@force.accepted ├── erlang@spin_up_test@format=detailed.accepted ├── erlang@spin_up_test@format=json.accepted ├── erlang@spin_up_test@format=minimal.accepted ├── erlang@spin_up_test@ignore_indirect.accepted ├── erlang@spin_up_test@outdated.accepted ├── erlang@spin_up_test@verbose.accepted ├── erlang@warning@adv_to_warning.accepted ├── erlang@warning@outdated_to_warning.accepted ├── erlang@warning@rejected_license_to_warning.accepted ├── erlang@warning@retired_to_warning_deprecated.accepted ├── erlang@warning@retired_to_warning_deprecated_none.accepted ├── erlang@warning@retired_to_warning_invalid.accepted ├── erlang@warning@retired_to_warning_invalid_none.accepted ├── erlang@warning@retired_to_warning_other.accepted ├── erlang@warning@retired_to_warning_other_none.accepted ├── erlang@warning@retired_to_warning_renamed.accepted ├── erlang@warning@retired_to_warning_renamed_none.accepted ├── erlang@warning@retired_to_warning_security.accepted ├── erlang@warning@retired_to_warning_security_none.accepted ├── erlang@warning_format_as_json@adv_to_warning.accepted ├── erlang@warning_format_as_json@outdated_to_warning.accepted ├── erlang@warning_format_as_json@rejected_license_to_warning.accepted ├── erlang@warning_format_as_json@retired_to_warning_deprecated.accepted ├── erlang@warning_format_as_json@retired_to_warning_deprecated_none.accepted ├── erlang@warning_format_as_json@retired_to_warning_invalid.accepted ├── erlang@warning_format_as_json@retired_to_warning_invalid_none.accepted ├── erlang@warning_format_as_json@retired_to_warning_other.accepted ├── erlang@warning_format_as_json@retired_to_warning_other_none.accepted ├── erlang@warning_format_as_json@retired_to_warning_renamed.accepted ├── erlang@warning_format_as_json@retired_to_warning_renamed_none.accepted ├── erlang@warning_format_as_json@retired_to_warning_security.accepted ├── erlang@warning_format_as_json@retired_to_warning_security_none.accepted ├── erlang@warning_format_as_string@adv_to_warning.accepted ├── erlang@warning_format_as_string@outdated_to_warning.accepted ├── erlang@warning_format_as_string@rejected_license_to_warning.accepted ├── erlang@warning_format_as_string@retired_to_warning_deprecated.accepted ├── erlang@warning_format_as_string@retired_to_warning_deprecated_none.accepted ├── erlang@warning_format_as_string@retired_to_warning_invalid.accepted ├── erlang@warning_format_as_string@retired_to_warning_invalid_none.accepted ├── erlang@warning_format_as_string@retired_to_warning_other.accepted ├── erlang@warning_format_as_string@retired_to_warning_other_none.accepted ├── erlang@warning_format_as_string@retired_to_warning_renamed.accepted ├── erlang@warning_format_as_string@retired_to_warning_renamed_none.accepted ├── erlang@warning_format_as_string@retired_to_warning_security.accepted ├── erlang@warning_format_as_string@retired_to_warning_security_none.accepted ├── erlang@warning_format_as_string_minimal@adv_to_warning.accepted ├── erlang@warning_format_as_string_minimal@outdated_to_warning.accepted ├── erlang@warning_format_as_string_minimal@rejected_license_to_warning.accepted ├── erlang@warning_format_as_string_minimal@retired_to_warning_deprecated.accepted ├── erlang@warning_format_as_string_minimal@retired_to_warning_deprecated_none.accepted ├── erlang@warning_format_as_string_minimal@retired_to_warning_invalid.accepted ├── erlang@warning_format_as_string_minimal@retired_to_warning_invalid_none.accepted ├── erlang@warning_format_as_string_minimal@retired_to_warning_other.accepted ├── erlang@warning_format_as_string_minimal@retired_to_warning_other_none.accepted ├── erlang@warning_format_as_string_minimal@retired_to_warning_renamed.accepted ├── erlang@warning_format_as_string_minimal@retired_to_warning_renamed_none.accepted ├── erlang@warning_format_as_string_minimal@retired_to_warning_security.accepted ├── erlang@warning_format_as_string_minimal@retired_to_warning_security_none.accepted ├── javascript@advisories_test@test_testdata_advisories_all_yaml.accepted ├── javascript@conf_test@test_testdata_gleam_basic_toml.accepted ├── javascript@conf_test@test_testdata_gleam_empty_toml.accepted ├── javascript@conf_test@test_testdata_gleam_full_toml.accepted ├── javascript@conf_test@test_testdata_gleam_indirect_new_toml.accepted ├── javascript@conf_test@test_testdata_gleam_partial_toml.accepted ├── javascript@decode_latest_stable_version_and_licenses@test_testdata_hex_empty_licenses_json.accepted ├── javascript@decode_latest_stable_version_and_licenses@test_testdata_hex_full_json.accepted ├── javascript@decode_latest_stable_version_and_licenses@test_testdata_hex_multi_license_json.accepted ├── javascript@decode_latest_stable_version_and_licenses@test_testdata_hex_no_license_json.accepted ├── javascript@decode_latest_stable_version_and_licenses@test_testdata_hex_no_meta_json.accepted ├── javascript@decode_latest_stable_version_and_licenses@test_testdata_hex_no_version_json.accepted ├── javascript@decode_latest_stable_version_and_licenses@test_testdata_hex_version_null_json.accepted ├── javascript@manifest_test@test_testdata_manifest_a_toml.accepted ├── javascript@manifest_test@test_testdata_manifest_b_toml.accepted ├── javascript@manifest_test@test_testdata_manifest_dos_toml.accepted ├── javascript@manifest_test@test_testdata_manifest_empty_toml.accepted ├── javascript@manifest_test@test_testdata_manifest_git_toml.accepted ├── javascript@manifest_test@test_testdata_manifest_local_toml.accepted ├── javascript@spin_up_test@empty.accepted ├── javascript@spin_up_test@fake.accepted ├── javascript@spin_up_test@force.accepted ├── javascript@spin_up_test@format=detailed.accepted ├── javascript@spin_up_test@format=json.accepted ├── javascript@spin_up_test@format=minimal.accepted ├── javascript@spin_up_test@ignore_indirect.accepted ├── javascript@spin_up_test@outdated.accepted ├── javascript@spin_up_test@verbose.accepted ├── javascript@warning@adv_to_warning.accepted ├── javascript@warning@outdated_to_warning.accepted ├── javascript@warning@rejected_license_to_warning.accepted ├── javascript@warning@retired_to_warning_deprecated.accepted ├── javascript@warning@retired_to_warning_deprecated_none.accepted ├── javascript@warning@retired_to_warning_invalid.accepted ├── javascript@warning@retired_to_warning_invalid_none.accepted ├── javascript@warning@retired_to_warning_other.accepted ├── javascript@warning@retired_to_warning_other_none.accepted ├── javascript@warning@retired_to_warning_renamed.accepted ├── javascript@warning@retired_to_warning_renamed_none.accepted ├── javascript@warning@retired_to_warning_security.accepted ├── javascript@warning@retired_to_warning_security_none.accepted ├── javascript@warning_format_as_json@adv_to_warning.accepted ├── javascript@warning_format_as_json@outdated_to_warning.accepted ├── javascript@warning_format_as_json@rejected_license_to_warning.accepted ├── javascript@warning_format_as_json@retired_to_warning_deprecated.accepted ├── javascript@warning_format_as_json@retired_to_warning_deprecated_none.accepted ├── javascript@warning_format_as_json@retired_to_warning_invalid.accepted ├── javascript@warning_format_as_json@retired_to_warning_invalid_none.accepted ├── javascript@warning_format_as_json@retired_to_warning_other.accepted ├── javascript@warning_format_as_json@retired_to_warning_other_none.accepted ├── javascript@warning_format_as_json@retired_to_warning_renamed.accepted ├── javascript@warning_format_as_json@retired_to_warning_renamed_none.accepted ├── javascript@warning_format_as_json@retired_to_warning_security.accepted ├── javascript@warning_format_as_json@retired_to_warning_security_none.accepted ├── javascript@warning_format_as_string@adv_to_warning.accepted ├── javascript@warning_format_as_string@outdated_to_warning.accepted ├── javascript@warning_format_as_string@rejected_license_to_warning.accepted ├── javascript@warning_format_as_string@retired_to_warning_deprecated.accepted ├── javascript@warning_format_as_string@retired_to_warning_deprecated_none.accepted ├── javascript@warning_format_as_string@retired_to_warning_invalid.accepted ├── javascript@warning_format_as_string@retired_to_warning_invalid_none.accepted ├── javascript@warning_format_as_string@retired_to_warning_other.accepted ├── javascript@warning_format_as_string@retired_to_warning_other_none.accepted ├── javascript@warning_format_as_string@retired_to_warning_renamed.accepted ├── javascript@warning_format_as_string@retired_to_warning_renamed_none.accepted ├── javascript@warning_format_as_string@retired_to_warning_security.accepted ├── javascript@warning_format_as_string@retired_to_warning_security_none.accepted ├── javascript@warning_format_as_string_minimal@adv_to_warning.accepted ├── javascript@warning_format_as_string_minimal@outdated_to_warning.accepted ├── javascript@warning_format_as_string_minimal@rejected_license_to_warning.accepted ├── javascript@warning_format_as_string_minimal@retired_to_warning_deprecated.accepted ├── javascript@warning_format_as_string_minimal@retired_to_warning_deprecated_none.accepted ├── javascript@warning_format_as_string_minimal@retired_to_warning_invalid.accepted ├── javascript@warning_format_as_string_minimal@retired_to_warning_invalid_none.accepted ├── javascript@warning_format_as_string_minimal@retired_to_warning_other.accepted ├── javascript@warning_format_as_string_minimal@retired_to_warning_other_none.accepted ├── javascript@warning_format_as_string_minimal@retired_to_warning_renamed.accepted ├── javascript@warning_format_as_string_minimal@retired_to_warning_renamed_none.accepted ├── javascript@warning_format_as_string_minimal@retired_to_warning_security.accepted └── javascript@warning_format_as_string_minimal@retired_to_warning_security_none.accepted ├── deno.lock ├── dev └── go_over_dev.gleam ├── gleam.toml ├── images ├── demo.gif └── demo.tape ├── manifest.toml ├── package-lock.json ├── package.json ├── scripts ├── format.sh ├── publish.sh ├── target_test.sh ├── test.sh └── update.sh ├── src ├── go_over.gleam ├── go_over │ ├── advisories │ │ ├── advisories.gleam │ │ └── comparisons.gleam │ ├── config.gleam │ ├── hex │ │ ├── core.gleam │ │ ├── hex.gleam │ │ ├── puller.gleam │ │ └── retired.gleam │ ├── packages.gleam │ ├── sources.gleam │ ├── util │ │ ├── cache.gleam │ │ ├── constants.gleam │ │ ├── print.gleam │ │ ├── spinner.gleam │ │ └── util.gleam │ └── warning.gleam ├── go_over_ffi.erl └── go_over_ffi.mjs └── test ├── advisories_test.gleam ├── comparisons_test.gleam ├── config_test.gleam ├── go_over_test.gleam ├── hex_test.gleam ├── manifest_test.gleam ├── sources_test.gleam ├── test_ffi.mjs ├── testdata ├── advisories │ ├── all.yaml │ ├── blank.yaml │ ├── missing_id.yaml │ ├── missing_package.yaml │ ├── missing_severity.yaml │ ├── missing_title.yaml │ ├── missing_versions.yaml │ ├── non_list_versions.yaml │ ├── not-even-yaml.txt │ ├── not_string_id.yaml │ ├── not_string_package.yaml │ ├── not_string_severity.yaml │ ├── not_string_title.yaml │ └── not_string_versions.yaml ├── gleam │ ├── basic.toml │ ├── empty.toml │ ├── full.toml │ ├── indirect_new.toml │ └── partial.toml ├── hex │ ├── empty_licenses.json │ ├── full.json │ ├── multi_license.json │ ├── no_license.json │ ├── no_meta.json │ ├── no_version.json │ ├── outdated │ │ ├── outdated.json │ │ └── up_to_date.json │ ├── rejected_licenses │ │ ├── bad_license.json │ │ └── good_license.json │ ├── retired │ │ ├── not_retired.json │ │ └── retired.json │ └── version_null.json └── manifest │ ├── a.toml │ ├── b.toml │ ├── dos.toml │ ├── empty.toml │ ├── git.toml │ ├── known_vulnerable.toml │ └── local.toml └── warning_test.gleam /.github/workflows/ci.yml: -------------------------------------------------------------------------------- 1 | name: ci 2 | 3 | on: 4 | push: 5 | branches: 6 | - main 7 | pull_request: 8 | 9 | env: 10 | otp: "28.0" 11 | gleam: "1.12.0" 12 | rebar: "3" 13 | nodelts: 22.x 14 | 15 | jobs: 16 | build: 17 | runs-on: ubuntu-latest 18 | steps: 19 | - uses: actions/checkout@v4 20 | - uses: erlef/setup-beam@v1 21 | with: 22 | otp-version: ${{ env.otp }} 23 | gleam-version: ${{ env.gleam }} 24 | rebar3-version: ${{ env.rebar }} 25 | - run: gleam format --check src test 26 | 27 | erlang: 28 | runs-on: ubuntu-latest 29 | steps: 30 | - uses: actions/checkout@v4 31 | - uses: erlef/setup-beam@v1 32 | with: 33 | otp-version: ${{ env.otp }} 34 | gleam-version: ${{ env.gleam }} 35 | rebar3-version: ${{ env.rebar }} 36 | - run: gleam test --target erlang 37 | - run: gleam run --target erlang -- --puller wget 38 | - run: gleam run --target erlang -- --outdated 39 | 40 | windows-erlang: 41 | runs-on: windows-latest 42 | steps: 43 | - uses: actions/checkout@v4 44 | - uses: erlef/setup-beam@v1 45 | with: 46 | otp-version: ${{ env.otp }} 47 | gleam-version: ${{ env.gleam }} 48 | rebar3-version: ${{ env.rebar }} 49 | - run: gleam run --target erlang -- --outdated 50 | 51 | windows-node: 52 | runs-on: windows-latest 53 | steps: 54 | - uses: actions/checkout@v4 55 | - uses: erlef/setup-beam@v1 56 | with: 57 | otp-version: ${{ env.otp }} 58 | gleam-version: ${{ env.gleam }} 59 | rebar3-version: ${{ env.rebar }} 60 | - uses: actions/setup-node@v4 61 | with: 62 | node-version: ${{ env.nodelts }} 63 | cache: "npm" 64 | - run: npm install 65 | - run: gleam run --target javascript --runtime nodejs -- --outdated --puller curl 66 | 67 | node: 68 | runs-on: ubuntu-latest 69 | strategy: 70 | matrix: 71 | node-version: [22.x, 24.x] 72 | puller: [curl, wget] 73 | steps: 74 | - uses: actions/checkout@v4 75 | - uses: erlef/setup-beam@v1 76 | with: 77 | otp-version: ${{ env.otp }} 78 | gleam-version: ${{ env.gleam }} 79 | rebar3-version: ${{ env.rebar }} 80 | - name: Use Node.js ${{ matrix.node-version }} 81 | uses: actions/setup-node@v4 82 | with: 83 | node-version: ${{ matrix.node-version }} 84 | cache: "npm" 85 | - run: npm install 86 | - run: gleam test --target javascript --runtime nodejs 87 | - run: gleam run --target javascript --runtime nodejs -- --outdated --puller ${{ matrix.puller }} 88 | 89 | bun: 90 | runs-on: ubuntu-latest 91 | steps: 92 | - uses: actions/checkout@v4 93 | - uses: erlef/setup-beam@v1 94 | with: 95 | otp-version: ${{ env.otp }} 96 | gleam-version: ${{ env.gleam }} 97 | rebar3-version: ${{ env.rebar }} 98 | - uses: oven-sh/setup-bun@v2 99 | with: 100 | bun-version: latest 101 | - run: bun install 102 | - run: gleam test --target javascript --runtime bun 103 | - run: gleam run --target javascript --runtime bun -- --puller wget 104 | - run: gleam run --target javascript --runtime bun -- --outdated 105 | 106 | deno: 107 | runs-on: ubuntu-latest 108 | steps: 109 | - uses: actions/checkout@v4 110 | - uses: erlef/setup-beam@v1 111 | with: 112 | otp-version: ${{ env.otp }} 113 | gleam-version: ${{ env.gleam }} 114 | rebar3-version: ${{ env.rebar }} 115 | - uses: denoland/setup-deno@v2 116 | with: 117 | deno-version: v2.x # Run with latest stable Deno. 118 | - run: deno install 119 | - run: gleam test --target javascript --runtime deno 120 | - run: gleam run --target javascript --runtime deno -- --puller wget 121 | - run: gleam run --target javascript --runtime deno -- --outdated 122 | -------------------------------------------------------------------------------- /.github/workflows/deps.yml: -------------------------------------------------------------------------------- 1 | name: Dependency Check 2 | 3 | on: 4 | schedule: 5 | # run every friday at 9am UTC 6 | - cron: "0 9 * * 6" 7 | push: 8 | branches: 9 | - main 10 | pull_request: 11 | 12 | env: 13 | otp: "28.0" 14 | gleam: "1.12.0" 15 | rebar: "3" 16 | 17 | jobs: 18 | check-deps: 19 | runs-on: ubuntu-latest 20 | steps: 21 | - uses: actions/checkout@v4 22 | - uses: erlef/setup-beam@v1 23 | with: 24 | otp-version: ${{ env.otp }} 25 | gleam-version: ${{ env.gleam }} 26 | rebar3-version: ${{ env.rebar }} 27 | - run: gleam build 28 | - run: gleam run -m go_over -- --outdated 29 | # create an issue in the repo if there are 30 | # outdated or vulnerable dependencies 31 | - uses: jayqi/failed-build-issue-action@v1 32 | if: failure() 33 | with: 34 | github-token: ${{ secrets.GITHUB_TOKEN }} 35 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.beam 2 | *.ez 3 | /build 4 | erl_crash.dump 5 | .go-over/ 6 | node_modules/ 7 | .vscode 8 | key._ -------------------------------------------------------------------------------- /.tool-versions: -------------------------------------------------------------------------------- 1 | gleam 1.12.0 2 | erlang 28.0.2 3 | nodejs 22.17.1 4 | deno 2.4.2 5 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2024 Benjamin Wireman 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # 🕵️‍♂️ go_over 2 | 3 | [![Package Version](https://img.shields.io/hexpm/v/go_over)](https://hex.pm/packages/go_over) 4 | [![Hex Docs](https://img.shields.io/badge/hex-docs-ffaff3)](https://hexdocs.pm/go_over/) 5 | [![mit](https://img.shields.io/github/license/bwireman/go-over?color=brightgreen)](https://github.com/bwireman/over/blob/main/LICENSE) 6 | [![gleam js](https://img.shields.io/badge/%20gleam%20%E2%9C%A8-js%20%F0%9F%8C%B8-yellow)](https://gleam.run/news/v0.16-gleam-compiles-to-javascript/) 7 | [![gleam erlang](https://img.shields.io/badge/erlang%20%E2%98%8E%EF%B8%8F-red?style=flat&label=gleam%20%E2%9C%A8)](https://gleam.run) 8 | 9 | A tool to audit Erlang & Elixir dependencies, to make sure your ✨ gleam 10 | projects really sparkle! 11 | 12 | 🚨 _**NOTE**_: security advisories are _NOT_ currently monitored for gleam 13 | dependencies. The language, while excellent, is far too new and niche. 14 | 15 | ⚠️ Dependencies sourced directly from git or locally have limited support, only 16 | checking for security advisories and not retirements or outdated versions 17 | 18 | # 🔽 Install 19 | 20 | ```sh 21 | gleam add --dev go_over 22 | ``` 23 | 24 | ## 📣 Also! 25 | 26 | - add `.go-over/` to your `.gitignore` 27 | - make sure `git` is installed. (If not running via the BEAM you need `curl`, 28 | `wget` _or_ `httpie` installed as well) 29 | 30 | #### 🌸 Javascript 31 | 32 | If running with Javascript install 33 | 34 | ```json 35 | { 36 | "devDependencies": { 37 | "yaml": "^2.4.3" 38 | } 39 | } 40 | ``` 41 | 42 | Bun, Deno & Nodejs are _all_ supported! 43 | 44 | # ▶️ Usage 45 | 46 | ```sh 47 | gleam run -m go_over 48 | ``` 49 | 50 | ### 🎥 Obligatory VHS 51 | 52 | ![demo](https://raw.githubusercontent.com/bwireman/go-over/main/images/demo.gif) 53 | 54 | ### 🏴 Flags 55 | 56 | - `--format` Specify the output format of any warnings, [minimal, verbose, json] 57 | (default: None) 58 | - `--puller` Specify the tool used to reach out to hex.pm, [native, curl, wget, 59 | httpie] (default: None) 60 | - `--force`: Force pulling new data even if the cached data is still valid 61 | - `--outdated`: Additionally check if newer versions of dependencies exist 62 | - `--ignore-indirect`: Ignore all warnings for indirect dependencies 63 | - `--verbose`: Print progress as packages are checked 64 | - `--help,-h`: Print help 65 | 66 | Flags override config values if set 67 | 68 | ### ⚙️ Config 69 | 70 | Optional settings that can be added to your project's `gleam.toml` 71 | 72 | ```toml 73 | [go-over] 74 | # disables caching if false 75 | # default: true 76 | cache = true 77 | # if true all cached data will be stored in user's home directory 78 | # allowing cache to be shared between projects 79 | # default: true 80 | global = true 81 | # sets output format for warnings ["minimal", "detailed", "json"] 82 | # default: "minimal" 83 | format = "minimal" 84 | # will additionally check if newer versions of dependencies exist 85 | # default: true 86 | outdated = true 87 | # tool used to pull information from hex.pm ["native", "curl", "wget", "httpie"] 88 | # default: "curl" for JS and "native" for Erlang 89 | puller = "curl" 90 | # licenses dependencies are allowed to use. If left empty then all licenses are allowed 91 | # default: [] 92 | allowed_licenses = [] 93 | 94 | [go-over.ignore] 95 | # will ignore all warnings for indirect dependencies 96 | # default: false 97 | indirect = false 98 | # will ignore all warnings for dev-dependencies. Note: to ignore indirect dependencies regardless of source see go-over.ignore.indirect 99 | # default: false 100 | dev_dependencies = false 101 | # list of package names to skip when auditing dependencies 102 | # default: [] 103 | packages = ["example_package"] 104 | # list of warning severities to skip when auditing dependencies 105 | # default: [] 106 | # (case insensitive) 107 | severity = ["example_moderate"] 108 | # list of advisory IDs to skip when auditing dependencies 109 | # default: [] 110 | ids = ["GHSA-xxxx-yyyy-zzzz"] 111 | ``` 112 | 113 | ### ⌛ Caching 114 | 115 | - Security advisory data is cached for **_six_** hours 116 | - hex.pm retired package data is cached for **_one_** hour 117 | 118 | ## 🪝 pre-commit hooks 119 | 120 | You can add go_over to you're pre-commit hooks by installing 121 | [🌵cactus](https://hex.pm/packages/cactus) & then adding this to your 122 | `gleam.toml` 123 | 124 | ```toml 125 | [cactus.pre-commit] 126 | actions = [ 127 | { command = "go_over" }, 128 | ] 129 | ``` 130 | 131 | ## ⚙️ CI 132 | 133 | You can also schedule daily runs to keep your deps up to date and open issues 134 | when necessary! 135 | [Example ▶️](https://github.com/bwireman/go-over/blob/main/.github/workflows/deps.yml) 136 | 137 | # 🖌️ Other Art 138 | 139 | - As I'm sure is no surprise this tool is inspired by (and all around worse 140 | than) [mirego/mix_audit](https://github.com/mirego/mix_audit). Please check it 141 | out! 142 | - It also draws inspiration from 143 | [mix hex.audit](https://hexdocs.pm/hex/Mix.Tasks.Hex.Audit.html) 144 | 145 | # ⚖️ License 146 | 147 | - This tool uses 148 | [mirego/elixir-security-advisories](https://github.com/mirego/elixir-security-advisories) 149 | which is it self licensed with 150 | 151 | - `BSD-3-Clause license` 152 | - `CC-BY 4.0 open source license`. 153 | - See their 154 | [#license section](https://github.com/mirego/elixir-security-advisories?tab=readme-ov-file#license) 155 | 156 | - Code original to this repo is Licensed under `MIT` 157 | -------------------------------------------------------------------------------- /birdie_snapshots/erlang@advisories_test@test_testdata_advisories_all_yaml.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.2.6 3 | title: Erlang@advisories_test@test/testdata/advisories/all.yaml 4 | --- 5 | #( 6 | "id: id 7 | package: package 8 | severity: severity 9 | title: title 10 | vulnerable_version_ranges: 11 | - ">= 0.1.0, <= 1.0.0" 12 | - "= 2.0.0" 13 | - "= 2.0" 14 | - "= 2" 15 | - "<= 3.0.0" 16 | ", 17 | #( 18 | "id", 19 | "package", 20 | "severity", 21 | "title", 22 | [ 23 | ">= 0.1.0, <= 1.0.0", 24 | "= 2.0.0", 25 | "= 2.0", 26 | "= 2", 27 | "<= 3.0.0", 28 | ], 29 | ), 30 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@conf_test@test_testdata_gleam_basic_toml.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@conf_test@test/testdata/gleam/basic.toml 4 | --- 5 | Config( 6 | [], 7 | False, 8 | True, 9 | True, 10 | Detailed, 11 | False, 12 | True, 13 | HTTPIE, 14 | [], 15 | ["a"], 16 | ["b"], 17 | ["c"], 18 | False, 19 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@conf_test@test_testdata_gleam_empty_toml.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@conf_test@test/testdata/gleam/empty.toml 4 | --- 5 | Config( 6 | [], 7 | False, 8 | False, 9 | False, 10 | Minimal, 11 | False, 12 | True, 13 | Native, 14 | [], 15 | [], 16 | [], 17 | [], 18 | False, 19 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@conf_test@test_testdata_gleam_full_toml.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@conf_test@test/testdata/gleam/full.toml 4 | --- 5 | Config( 6 | ["c"], 7 | False, 8 | False, 9 | False, 10 | Minimal, 11 | False, 12 | True, 13 | Native, 14 | [], 15 | ["a", "b"], 16 | ["critical", "high"], 17 | ["a", "b"], 18 | True, 19 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@conf_test@test_testdata_gleam_indirect_new_toml.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@conf_test@test/testdata/gleam/indirect_new.toml 4 | --- 5 | Config( 6 | [], 7 | False, 8 | True, 9 | False, 10 | Minimal, 11 | False, 12 | True, 13 | Native, 14 | [], 15 | [], 16 | [], 17 | [], 18 | False, 19 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@conf_test@test_testdata_gleam_partial_toml.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@conf_test@test/testdata/gleam/partial.toml 4 | --- 5 | Config( 6 | [], 7 | False, 8 | False, 9 | False, 10 | Minimal, 11 | False, 12 | True, 13 | WGET, 14 | [], 15 | ["a", "b", "c"], 16 | [], 17 | [], 18 | False, 19 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@decode_latest_stable_version_and_licenses@test_testdata_hex_empty_licenses_json.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.2.6 3 | title: Erlang@decode_latest_stable_version_and_licenses@test/testdata/hex/empty_licenses.json 4 | --- 5 | #( 6 | "{ 7 | "meta": { 8 | "licenses": [] 9 | }, 10 | "latest_stable_version": "2.1.0" 11 | } 12 | ", 13 | Ok(HexInfo(Some("2.1.0"), [])), 14 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@decode_latest_stable_version_and_licenses@test_testdata_hex_full_json.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.2.6 3 | title: Erlang@decode_latest_stable_version_and_licenses@test/testdata/hex/full.json 4 | --- 5 | #( 6 | "{ 7 | "meta": { 8 | "licenses": ["MIT"] 9 | }, 10 | "latest_stable_version": "2.1.0" 11 | } 12 | ", 13 | Ok(HexInfo(Some("2.1.0"), ["MIT"])), 14 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@decode_latest_stable_version_and_licenses@test_testdata_hex_multi_license_json.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.2.6 3 | title: Erlang@decode_latest_stable_version_and_licenses@test/testdata/hex/multi_license.json 4 | --- 5 | #( 6 | "{ 7 | "meta": { 8 | "licenses": ["foo", "BAR", "baz"] 9 | }, 10 | "latest_stable_version": "2.1.0" 11 | } 12 | ", 13 | Ok(HexInfo( 14 | Some("2.1.0"), 15 | ["foo", "BAR", "baz"], 16 | )), 17 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@decode_latest_stable_version_and_licenses@test_testdata_hex_no_license_json.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.0 3 | title: Erlang@decode_latest_stable_version_and_licenses@test/testdata/hex/no_license.json 4 | --- 5 | #( 6 | "{ 7 | "meta": { 8 | }, 9 | "latest_stable_version": "2.1.0" 10 | } 11 | ", 12 | Error(UnableToDecode([ 13 | DecodeError( 14 | "Field", 15 | "Nothing", 16 | ["meta", "licenses"], 17 | ), 18 | ])), 19 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@decode_latest_stable_version_and_licenses@test_testdata_hex_no_meta_json.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.0 3 | title: Erlang@decode_latest_stable_version_and_licenses@test/testdata/hex/no_meta.json 4 | --- 5 | #( 6 | "{ 7 | "latest_stable_version": "2.1.0" 8 | } 9 | ", 10 | Error(UnableToDecode([ 11 | DecodeError( 12 | "Field", 13 | "Nothing", 14 | ["meta"], 15 | ), 16 | ])), 17 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@decode_latest_stable_version_and_licenses@test_testdata_hex_no_version_json.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.0 3 | title: Erlang@decode_latest_stable_version_and_licenses@test/testdata/hex/no_version.json 4 | --- 5 | #( 6 | "{ 7 | "meta": { 8 | "licenses": ["bin"] 9 | } 10 | } 11 | ", 12 | Error(UnableToDecode([ 13 | DecodeError( 14 | "Field", 15 | "Nothing", 16 | ["latest_stable_version"], 17 | ), 18 | ])), 19 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@decode_latest_stable_version_and_licenses@test_testdata_hex_version_null_json.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.2.6 3 | title: Erlang@decode_latest_stable_version_and_licenses@test/testdata/hex/version_null.json 4 | --- 5 | #( 6 | "{ 7 | "meta": { 8 | "licenses": ["bin"] 9 | }, 10 | "latest_stable_version": null 11 | } 12 | ", 13 | Ok(HexInfo(None, ["bin"])), 14 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@manifest_test@test_testdata_manifest_a_toml.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@manifest_test@test/testdata/manifest/a.toml 4 | --- 5 | [ 6 | Package( 7 | "a", 8 | SemVer(0, 8, 1, "", ""), 9 | "0.8.1", 10 | True, 11 | PackageSourceHex, 12 | ), 13 | ] -------------------------------------------------------------------------------- /birdie_snapshots/erlang@manifest_test@test_testdata_manifest_b_toml.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@manifest_test@test/testdata/manifest/b.toml 4 | --- 5 | [ 6 | Package( 7 | "a", 8 | SemVer(0, 8, 1, "", ""), 9 | "0.8.1", 10 | True, 11 | PackageSourceHex, 12 | ), 13 | Package( 14 | "b", 15 | SemVer(2, 2, 123, "", ""), 16 | "2.2.123", 17 | False, 18 | PackageSourceHex, 19 | ), 20 | ] -------------------------------------------------------------------------------- /birdie_snapshots/erlang@manifest_test@test_testdata_manifest_dos_toml.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@manifest_test@test/testdata/manifest/dos.toml 4 | --- 5 | [ 6 | Package( 7 | "a", 8 | SemVer(0, 8, 1, "", ""), 9 | "0.8.1", 10 | True, 11 | PackageSourceHex, 12 | ), 13 | Package( 14 | "dos", 15 | SemVer(2, 2, 123, "", ""), 16 | "2.2.123", 17 | False, 18 | PackageSourceHex, 19 | ), 20 | ] -------------------------------------------------------------------------------- /birdie_snapshots/erlang@manifest_test@test_testdata_manifest_empty_toml.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.2.6 3 | title: Erlang@manifest_test@test/testdata/manifest/empty.toml 4 | --- 5 | [] -------------------------------------------------------------------------------- /birdie_snapshots/erlang@manifest_test@test_testdata_manifest_git_toml.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@manifest_test@test/testdata/manifest/git.toml 4 | --- 5 | [ 6 | Package( 7 | "a", 8 | SemVer(0, 8, 1, "", ""), 9 | "0.8.1", 10 | True, 11 | PackageSourceHex, 12 | ), 13 | Package( 14 | "b", 15 | SemVer(2, 2, 123, "", ""), 16 | "2.2.123", 17 | False, 18 | PackageSourceHex, 19 | ), 20 | Package( 21 | "c", 22 | SemVer(0, 1, 0, "", ""), 23 | "0.1.0", 24 | False, 25 | PackageSourceGit, 26 | ), 27 | ] -------------------------------------------------------------------------------- /birdie_snapshots/erlang@manifest_test@test_testdata_manifest_local_toml.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@manifest_test@test/testdata/manifest/local.toml 4 | --- 5 | [ 6 | Package( 7 | "a", 8 | SemVer(0, 8, 1, "", ""), 9 | "0.8.1", 10 | True, 11 | PackageSourceHex, 12 | ), 13 | Package( 14 | "b", 15 | SemVer(2, 2, 123, "", ""), 16 | "2.2.123", 17 | False, 18 | PackageSourceHex, 19 | ), 20 | Package( 21 | "c", 22 | SemVer(0, 1, 0, "", ""), 23 | "0.1.0", 24 | False, 25 | PackageSourceLocal, 26 | ), 27 | ] -------------------------------------------------------------------------------- /birdie_snapshots/erlang@spin_up_test@empty.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@spin_up_test@empty 4 | --- 5 | #( 6 | [], 7 | Config( 8 | [], 9 | False, 10 | False, 11 | False, 12 | Minimal, 13 | False, 14 | True, 15 | Native, 16 | [], 17 | [], 18 | [], 19 | [], 20 | False, 21 | ), 22 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@spin_up_test@fake.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.0 3 | title: Erlang@spin_up_test@fake 4 | --- 5 | #( 6 | ["--fake"], 7 | Config( 8 | [], 9 | False, 10 | False, 11 | False, 12 | True, 13 | Minimal, 14 | False, 15 | True, 16 | CURL, 17 | [], 18 | [], 19 | [], 20 | [], 21 | False, 22 | ), 23 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@spin_up_test@force.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@spin_up_test@force 4 | --- 5 | #( 6 | ["--force"], 7 | Config( 8 | [], 9 | False, 10 | False, 11 | True, 12 | Minimal, 13 | False, 14 | True, 15 | Native, 16 | [], 17 | [], 18 | [], 19 | [], 20 | False, 21 | ), 22 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@spin_up_test@format=detailed.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@spin_up_test@format=detailed 4 | --- 5 | #( 6 | ["--format", "detailed"], 7 | Config( 8 | [], 9 | False, 10 | False, 11 | False, 12 | Detailed, 13 | False, 14 | True, 15 | Native, 16 | [], 17 | [], 18 | [], 19 | [], 20 | False, 21 | ), 22 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@spin_up_test@format=json.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@spin_up_test@format=json 4 | --- 5 | #( 6 | ["--format", "json"], 7 | Config( 8 | [], 9 | False, 10 | False, 11 | False, 12 | JSON, 13 | False, 14 | True, 15 | Native, 16 | [], 17 | [], 18 | [], 19 | [], 20 | False, 21 | ), 22 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@spin_up_test@format=minimal.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@spin_up_test@format=minimal 4 | --- 5 | #( 6 | ["--format", "minimal"], 7 | Config( 8 | [], 9 | False, 10 | False, 11 | False, 12 | Minimal, 13 | False, 14 | True, 15 | Native, 16 | [], 17 | [], 18 | [], 19 | [], 20 | False, 21 | ), 22 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@spin_up_test@ignore_indirect.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@spin_up_test@ignore_indirect 4 | --- 5 | #( 6 | ["--ignore-indirect"], 7 | Config( 8 | [], 9 | False, 10 | True, 11 | False, 12 | Minimal, 13 | False, 14 | True, 15 | Native, 16 | [], 17 | [], 18 | [], 19 | [], 20 | False, 21 | ), 22 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@spin_up_test@outdated.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@spin_up_test@outdated 4 | --- 5 | #( 6 | ["--outdated"], 7 | Config( 8 | [], 9 | True, 10 | False, 11 | False, 12 | Minimal, 13 | False, 14 | True, 15 | Native, 16 | [], 17 | [], 18 | [], 19 | [], 20 | False, 21 | ), 22 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@spin_up_test@verbose.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@spin_up_test@verbose 4 | --- 5 | #( 6 | ["--verbose"], 7 | Config( 8 | [], 9 | False, 10 | False, 11 | False, 12 | Minimal, 13 | True, 14 | True, 15 | Native, 16 | [], 17 | [], 18 | [], 19 | [], 20 | False, 21 | ), 22 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@warning@adv_to_warning.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@warning@adv_to_warning 4 | --- 5 | #( 6 | #( 7 | Package( 8 | "package for warning tests", 9 | SemVer(1, 2, 3, "pre", "build"), 10 | "pre1.2.3-build", 11 | True, 12 | PackageSourceHex, 13 | ), 14 | Advisory( 15 | "ghsa-example", 16 | "example-advisory", 17 | "example", 18 | ["1.1.1", "2.2.2"], 19 | "it's like bad", 20 | ), 21 | ), 22 | Warning( 23 | Some("ghsa-example"), 24 | "package for warning tests", 25 | Some("pre1.2.3-build"), 26 | "it's like bad", 27 | WarningReasonVulnerable, 28 | SeverityUnknown("example"), 29 | DirectDep, 30 | ), 31 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@warning@outdated_to_warning.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@warning@outdated_to_warning 4 | --- 5 | #( 6 | #( 7 | Package( 8 | "package for warning tests", 9 | SemVer(1, 2, 3, "pre", "build"), 10 | "pre1.2.3-build", 11 | True, 12 | PackageSourceHex, 13 | ), 14 | "1.2.3", 15 | ), 16 | Warning( 17 | None, 18 | "package for warning tests", 19 | Some("pre1.2.3-build"), 20 | "New Version: '1.2.3' exists", 21 | WarningReasonOutdated, 22 | SeverityPackageOutdated, 23 | DirectDep, 24 | ), 25 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@warning@rejected_license_to_warning.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@warning@rejected_license_to_warning 4 | --- 5 | #( 6 | #( 7 | Package( 8 | "package for warning tests", 9 | SemVer(1, 2, 3, "pre", "build"), 10 | "pre1.2.3-build", 11 | True, 12 | PackageSourceHex, 13 | ), 14 | "closed-source-crap", 15 | ), 16 | Warning( 17 | None, 18 | "package for warning tests", 19 | None, 20 | "Rejected License found: closed-source-crap", 21 | WarningReasonRejectedLicense("closed-source-crap"), 22 | SeverityRejectedLicense, 23 | DirectDep, 24 | ), 25 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@warning@retired_to_warning_deprecated.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@warning@retired_to_warning_deprecated 4 | --- 5 | #( 6 | #( 7 | Package( 8 | "package for warning tests", 9 | SemVer(1, 2, 3, "pre", "build"), 10 | "pre1.2.3-build", 11 | True, 12 | PackageSourceHex, 13 | ), 14 | ReleaseRetirement( 15 | Deprecated, 16 | Some("It's an example man"), 17 | ), 18 | ), 19 | Warning( 20 | None, 21 | "package for warning tests", 22 | Some("pre1.2.3-build"), 23 | "deprecated: It's an example man", 24 | WarningReasonRetired, 25 | SeverityPackageRetiredDeprecated, 26 | DirectDep, 27 | ), 28 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@warning@retired_to_warning_deprecated_none.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@warning@retired_to_warning_deprecated_none 4 | --- 5 | #( 6 | #( 7 | Package( 8 | "package for warning tests", 9 | SemVer(1, 2, 3, "pre", "build"), 10 | "pre1.2.3-build", 11 | True, 12 | PackageSourceHex, 13 | ), 14 | ReleaseRetirement(Deprecated, None), 15 | ), 16 | Warning( 17 | None, 18 | "package for warning tests", 19 | Some("pre1.2.3-build"), 20 | "deprecated", 21 | WarningReasonRetired, 22 | SeverityPackageRetiredDeprecated, 23 | DirectDep, 24 | ), 25 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@warning@retired_to_warning_invalid.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@warning@retired_to_warning_invalid 4 | --- 5 | #( 6 | #( 7 | Package( 8 | "package for warning tests", 9 | SemVer(1, 2, 3, "pre", "build"), 10 | "pre1.2.3-build", 11 | True, 12 | PackageSourceHex, 13 | ), 14 | ReleaseRetirement( 15 | Invalid, 16 | Some("It's an example man"), 17 | ), 18 | ), 19 | Warning( 20 | None, 21 | "package for warning tests", 22 | Some("pre1.2.3-build"), 23 | "invalid: It's an example man", 24 | WarningReasonRetired, 25 | SeverityPackageRetiredInvalid, 26 | DirectDep, 27 | ), 28 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@warning@retired_to_warning_invalid_none.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@warning@retired_to_warning_invalid_none 4 | --- 5 | #( 6 | #( 7 | Package( 8 | "package for warning tests", 9 | SemVer(1, 2, 3, "pre", "build"), 10 | "pre1.2.3-build", 11 | True, 12 | PackageSourceHex, 13 | ), 14 | ReleaseRetirement(Invalid, None), 15 | ), 16 | Warning( 17 | None, 18 | "package for warning tests", 19 | Some("pre1.2.3-build"), 20 | "invalid", 21 | WarningReasonRetired, 22 | SeverityPackageRetiredInvalid, 23 | DirectDep, 24 | ), 25 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@warning@retired_to_warning_other.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@warning@retired_to_warning_other 4 | --- 5 | #( 6 | #( 7 | Package( 8 | "package for warning tests", 9 | SemVer(1, 2, 3, "pre", "build"), 10 | "pre1.2.3-build", 11 | True, 12 | PackageSourceHex, 13 | ), 14 | ReleaseRetirement( 15 | OtherReason, 16 | Some("It's an example man"), 17 | ), 18 | ), 19 | Warning( 20 | None, 21 | "package for warning tests", 22 | Some("pre1.2.3-build"), 23 | "other: It's an example man", 24 | WarningReasonRetired, 25 | SeverityPackageRetiredOtherReason("It's an example man"), 26 | DirectDep, 27 | ), 28 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@warning@retired_to_warning_other_none.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@warning@retired_to_warning_other_none 4 | --- 5 | #( 6 | #( 7 | Package( 8 | "package for warning tests", 9 | SemVer(1, 2, 3, "pre", "build"), 10 | "pre1.2.3-build", 11 | True, 12 | PackageSourceHex, 13 | ), 14 | ReleaseRetirement(OtherReason, None), 15 | ), 16 | Warning( 17 | None, 18 | "package for warning tests", 19 | Some("pre1.2.3-build"), 20 | "other", 21 | WarningReasonRetired, 22 | SeverityPackageRetiredOtherReason("Unknown"), 23 | DirectDep, 24 | ), 25 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@warning@retired_to_warning_renamed.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@warning@retired_to_warning_renamed 4 | --- 5 | #( 6 | #( 7 | Package( 8 | "package for warning tests", 9 | SemVer(1, 2, 3, "pre", "build"), 10 | "pre1.2.3-build", 11 | True, 12 | PackageSourceHex, 13 | ), 14 | ReleaseRetirement( 15 | Renamed, 16 | Some("It's an example man"), 17 | ), 18 | ), 19 | Warning( 20 | None, 21 | "package for warning tests", 22 | Some("pre1.2.3-build"), 23 | "renamed: It's an example man", 24 | WarningReasonRetired, 25 | SeverityPackageRetiredRenamed, 26 | DirectDep, 27 | ), 28 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@warning@retired_to_warning_renamed_none.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@warning@retired_to_warning_renamed_none 4 | --- 5 | #( 6 | #( 7 | Package( 8 | "package for warning tests", 9 | SemVer(1, 2, 3, "pre", "build"), 10 | "pre1.2.3-build", 11 | True, 12 | PackageSourceHex, 13 | ), 14 | ReleaseRetirement(Renamed, None), 15 | ), 16 | Warning( 17 | None, 18 | "package for warning tests", 19 | Some("pre1.2.3-build"), 20 | "renamed", 21 | WarningReasonRetired, 22 | SeverityPackageRetiredRenamed, 23 | DirectDep, 24 | ), 25 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@warning@retired_to_warning_security.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@warning@retired_to_warning_security 4 | --- 5 | #( 6 | #( 7 | Package( 8 | "package for warning tests", 9 | SemVer(1, 2, 3, "pre", "build"), 10 | "pre1.2.3-build", 11 | True, 12 | PackageSourceHex, 13 | ), 14 | ReleaseRetirement( 15 | Security, 16 | Some("It's an example man"), 17 | ), 18 | ), 19 | Warning( 20 | None, 21 | "package for warning tests", 22 | Some("pre1.2.3-build"), 23 | "security: It's an example man", 24 | WarningReasonRetired, 25 | SeverityPackageRetiredSecurity, 26 | DirectDep, 27 | ), 28 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@warning@retired_to_warning_security_none.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@warning@retired_to_warning_security_none 4 | --- 5 | #( 6 | #( 7 | Package( 8 | "package for warning tests", 9 | SemVer(1, 2, 3, "pre", "build"), 10 | "pre1.2.3-build", 11 | True, 12 | PackageSourceHex, 13 | ), 14 | ReleaseRetirement(Security, None), 15 | ), 16 | Warning( 17 | None, 18 | "package for warning tests", 19 | Some("pre1.2.3-build"), 20 | "security", 21 | WarningReasonRetired, 22 | SeverityPackageRetiredSecurity, 23 | DirectDep, 24 | ), 25 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@warning_format_as_json@adv_to_warning.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@warning_format_as_json@adv_to_warning 4 | --- 5 | #( 6 | #( 7 | Package( 8 | "package for warning tests", 9 | SemVer(1, 2, 3, "pre", "build"), 10 | "pre1.2.3-build", 11 | True, 12 | PackageSourceHex, 13 | ), 14 | Advisory( 15 | "ghsa-example", 16 | "example-advisory", 17 | "example", 18 | ["1.1.1", "2.2.2"], 19 | "it's like bad", 20 | ), 21 | ), 22 | " 23 | { 24 | "id": "ghsa-example", 25 | "package": "package for warning tests", 26 | "version": "pre1.2.3-build", 27 | "warning_reason": "Vulnerable", 28 | "dependency_type": "Direct", 29 | "severity": "unknown-example", 30 | "reason": "it's like bad" 31 | } 32 | ", 33 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@warning_format_as_json@outdated_to_warning.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@warning_format_as_json@outdated_to_warning 4 | --- 5 | #( 6 | #( 7 | Package( 8 | "package for warning tests", 9 | SemVer(1, 2, 3, "pre", "build"), 10 | "pre1.2.3-build", 11 | True, 12 | PackageSourceHex, 13 | ), 14 | "1.2.3", 15 | ), 16 | " 17 | { 18 | "id": null, 19 | "package": "package for warning tests", 20 | "version": "pre1.2.3-build", 21 | "warning_reason": "Outdated", 22 | "dependency_type": "Direct", 23 | "severity": "package-outdated", 24 | "reason": "New Version: '1.2.3' exists" 25 | } 26 | ", 27 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@warning_format_as_json@rejected_license_to_warning.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@warning_format_as_json@rejected_license_to_warning 4 | --- 5 | #( 6 | #( 7 | Package( 8 | "package for warning tests", 9 | SemVer(1, 2, 3, "pre", "build"), 10 | "pre1.2.3-build", 11 | True, 12 | PackageSourceHex, 13 | ), 14 | "closed-source-crap", 15 | ), 16 | " 17 | { 18 | "id": null, 19 | "package": "package for warning tests", 20 | "version": null, 21 | "warning_reason": "Rejected License (closed-source-crap)", 22 | "dependency_type": "Direct", 23 | "severity": "rejected-license", 24 | "reason": "Rejected License found: closed-source-crap" 25 | } 26 | ", 27 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@warning_format_as_json@retired_to_warning_deprecated.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@warning_format_as_json@retired_to_warning_deprecated 4 | --- 5 | #( 6 | #( 7 | Package( 8 | "package for warning tests", 9 | SemVer(1, 2, 3, "pre", "build"), 10 | "pre1.2.3-build", 11 | True, 12 | PackageSourceHex, 13 | ), 14 | ReleaseRetirement( 15 | Deprecated, 16 | Some("It's an example man"), 17 | ), 18 | ), 19 | " 20 | { 21 | "id": null, 22 | "package": "package for warning tests", 23 | "version": "pre1.2.3-build", 24 | "warning_reason": "Retired", 25 | "dependency_type": "Direct", 26 | "severity": "package-retired:deprecated", 27 | "reason": "deprecated: It's an example man" 28 | } 29 | ", 30 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@warning_format_as_json@retired_to_warning_deprecated_none.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@warning_format_as_json@retired_to_warning_deprecated_none 4 | --- 5 | #( 6 | #( 7 | Package( 8 | "package for warning tests", 9 | SemVer(1, 2, 3, "pre", "build"), 10 | "pre1.2.3-build", 11 | True, 12 | PackageSourceHex, 13 | ), 14 | ReleaseRetirement(Deprecated, None), 15 | ), 16 | " 17 | { 18 | "id": null, 19 | "package": "package for warning tests", 20 | "version": "pre1.2.3-build", 21 | "warning_reason": "Retired", 22 | "dependency_type": "Direct", 23 | "severity": "package-retired:deprecated", 24 | "reason": "deprecated" 25 | } 26 | ", 27 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@warning_format_as_json@retired_to_warning_invalid.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@warning_format_as_json@retired_to_warning_invalid 4 | --- 5 | #( 6 | #( 7 | Package( 8 | "package for warning tests", 9 | SemVer(1, 2, 3, "pre", "build"), 10 | "pre1.2.3-build", 11 | True, 12 | PackageSourceHex, 13 | ), 14 | ReleaseRetirement( 15 | Invalid, 16 | Some("It's an example man"), 17 | ), 18 | ), 19 | " 20 | { 21 | "id": null, 22 | "package": "package for warning tests", 23 | "version": "pre1.2.3-build", 24 | "warning_reason": "Retired", 25 | "dependency_type": "Direct", 26 | "severity": "package-retired:invalid", 27 | "reason": "invalid: It's an example man" 28 | } 29 | ", 30 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@warning_format_as_json@retired_to_warning_invalid_none.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@warning_format_as_json@retired_to_warning_invalid_none 4 | --- 5 | #( 6 | #( 7 | Package( 8 | "package for warning tests", 9 | SemVer(1, 2, 3, "pre", "build"), 10 | "pre1.2.3-build", 11 | True, 12 | PackageSourceHex, 13 | ), 14 | ReleaseRetirement(Invalid, None), 15 | ), 16 | " 17 | { 18 | "id": null, 19 | "package": "package for warning tests", 20 | "version": "pre1.2.3-build", 21 | "warning_reason": "Retired", 22 | "dependency_type": "Direct", 23 | "severity": "package-retired:invalid", 24 | "reason": "invalid" 25 | } 26 | ", 27 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@warning_format_as_json@retired_to_warning_other.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@warning_format_as_json@retired_to_warning_other 4 | --- 5 | #( 6 | #( 7 | Package( 8 | "package for warning tests", 9 | SemVer(1, 2, 3, "pre", "build"), 10 | "pre1.2.3-build", 11 | True, 12 | PackageSourceHex, 13 | ), 14 | ReleaseRetirement( 15 | OtherReason, 16 | Some("It's an example man"), 17 | ), 18 | ), 19 | " 20 | { 21 | "id": null, 22 | "package": "package for warning tests", 23 | "version": "pre1.2.3-build", 24 | "warning_reason": "Retired", 25 | "dependency_type": "Direct", 26 | "severity": "package-retired:it's an example man", 27 | "reason": "other: It's an example man" 28 | } 29 | ", 30 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@warning_format_as_json@retired_to_warning_other_none.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@warning_format_as_json@retired_to_warning_other_none 4 | --- 5 | #( 6 | #( 7 | Package( 8 | "package for warning tests", 9 | SemVer(1, 2, 3, "pre", "build"), 10 | "pre1.2.3-build", 11 | True, 12 | PackageSourceHex, 13 | ), 14 | ReleaseRetirement(OtherReason, None), 15 | ), 16 | " 17 | { 18 | "id": null, 19 | "package": "package for warning tests", 20 | "version": "pre1.2.3-build", 21 | "warning_reason": "Retired", 22 | "dependency_type": "Direct", 23 | "severity": "package-retired:unknown", 24 | "reason": "other" 25 | } 26 | ", 27 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@warning_format_as_json@retired_to_warning_renamed.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@warning_format_as_json@retired_to_warning_renamed 4 | --- 5 | #( 6 | #( 7 | Package( 8 | "package for warning tests", 9 | SemVer(1, 2, 3, "pre", "build"), 10 | "pre1.2.3-build", 11 | True, 12 | PackageSourceHex, 13 | ), 14 | ReleaseRetirement( 15 | Renamed, 16 | Some("It's an example man"), 17 | ), 18 | ), 19 | " 20 | { 21 | "id": null, 22 | "package": "package for warning tests", 23 | "version": "pre1.2.3-build", 24 | "warning_reason": "Retired", 25 | "dependency_type": "Direct", 26 | "severity": "package-retired:renamed", 27 | "reason": "renamed: It's an example man" 28 | } 29 | ", 30 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@warning_format_as_json@retired_to_warning_renamed_none.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@warning_format_as_json@retired_to_warning_renamed_none 4 | --- 5 | #( 6 | #( 7 | Package( 8 | "package for warning tests", 9 | SemVer(1, 2, 3, "pre", "build"), 10 | "pre1.2.3-build", 11 | True, 12 | PackageSourceHex, 13 | ), 14 | ReleaseRetirement(Renamed, None), 15 | ), 16 | " 17 | { 18 | "id": null, 19 | "package": "package for warning tests", 20 | "version": "pre1.2.3-build", 21 | "warning_reason": "Retired", 22 | "dependency_type": "Direct", 23 | "severity": "package-retired:renamed", 24 | "reason": "renamed" 25 | } 26 | ", 27 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@warning_format_as_json@retired_to_warning_security.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@warning_format_as_json@retired_to_warning_security 4 | --- 5 | #( 6 | #( 7 | Package( 8 | "package for warning tests", 9 | SemVer(1, 2, 3, "pre", "build"), 10 | "pre1.2.3-build", 11 | True, 12 | PackageSourceHex, 13 | ), 14 | ReleaseRetirement( 15 | Security, 16 | Some("It's an example man"), 17 | ), 18 | ), 19 | " 20 | { 21 | "id": null, 22 | "package": "package for warning tests", 23 | "version": "pre1.2.3-build", 24 | "warning_reason": "Retired", 25 | "dependency_type": "Direct", 26 | "severity": "package-retired:security", 27 | "reason": "security: It's an example man" 28 | } 29 | ", 30 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@warning_format_as_json@retired_to_warning_security_none.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@warning_format_as_json@retired_to_warning_security_none 4 | --- 5 | #( 6 | #( 7 | Package( 8 | "package for warning tests", 9 | SemVer(1, 2, 3, "pre", "build"), 10 | "pre1.2.3-build", 11 | True, 12 | PackageSourceHex, 13 | ), 14 | ReleaseRetirement(Security, None), 15 | ), 16 | " 17 | { 18 | "id": null, 19 | "package": "package for warning tests", 20 | "version": "pre1.2.3-build", 21 | "warning_reason": "Retired", 22 | "dependency_type": "Direct", 23 | "severity": "package-retired:security", 24 | "reason": "security" 25 | } 26 | ", 27 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@warning_format_as_string@adv_to_warning.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@warning_format_as_string@adv_to_warning 4 | --- 5 | #( 6 | #( 7 | Package( 8 | "package for warning tests", 9 | SemVer(1, 2, 3, "pre", "build"), 10 | "pre1.2.3-build", 11 | True, 12 | PackageSourceHex, 13 | ), 14 | Advisory( 15 | "ghsa-example", 16 | "example-advisory", 17 | "example", 18 | ["1.1.1", "2.2.2"], 19 | "it's like bad", 20 | ), 21 | ), 22 | "ID: ghsa-example 23 | Package: package for warning tests 24 | Version: pre1.2.3-build 25 | WarningReason: Vulnerable 26 | Dependency Type: Direct 27 | Severity: unknown-example 28 | Reason: it's like bad 29 | ", 30 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@warning_format_as_string@outdated_to_warning.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@warning_format_as_string@outdated_to_warning 4 | --- 5 | #( 6 | #( 7 | Package( 8 | "package for warning tests", 9 | SemVer(1, 2, 3, "pre", "build"), 10 | "pre1.2.3-build", 11 | True, 12 | PackageSourceHex, 13 | ), 14 | "1.2.3", 15 | ), 16 | "ID: null 17 | Package: package for warning tests 18 | Version: pre1.2.3-build 19 | WarningReason: Outdated 20 | Dependency Type: Direct 21 | Severity: package-outdated 22 | Reason: New Version: '1.2.3' exists 23 | ", 24 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@warning_format_as_string@rejected_license_to_warning.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@warning_format_as_string@rejected_license_to_warning 4 | --- 5 | #( 6 | #( 7 | Package( 8 | "package for warning tests", 9 | SemVer(1, 2, 3, "pre", "build"), 10 | "pre1.2.3-build", 11 | True, 12 | PackageSourceHex, 13 | ), 14 | "closed-source-crap", 15 | ), 16 | "ID: null 17 | Package: package for warning tests 18 | Version: null 19 | WarningReason: Rejected License (closed-source-crap) 20 | Dependency Type: Direct 21 | Severity: rejected-license 22 | Reason: Rejected License found: closed-source-crap 23 | ", 24 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@warning_format_as_string@retired_to_warning_deprecated.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@warning_format_as_string@retired_to_warning_deprecated 4 | --- 5 | #( 6 | #( 7 | Package( 8 | "package for warning tests", 9 | SemVer(1, 2, 3, "pre", "build"), 10 | "pre1.2.3-build", 11 | True, 12 | PackageSourceHex, 13 | ), 14 | ReleaseRetirement( 15 | Deprecated, 16 | Some("It's an example man"), 17 | ), 18 | ), 19 | "ID: null 20 | Package: package for warning tests 21 | Version: pre1.2.3-build 22 | WarningReason: Retired 23 | Dependency Type: Direct 24 | Severity: package-retired:deprecated 25 | Reason: deprecated: It's an example man 26 | ", 27 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@warning_format_as_string@retired_to_warning_deprecated_none.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@warning_format_as_string@retired_to_warning_deprecated_none 4 | --- 5 | #( 6 | #( 7 | Package( 8 | "package for warning tests", 9 | SemVer(1, 2, 3, "pre", "build"), 10 | "pre1.2.3-build", 11 | True, 12 | PackageSourceHex, 13 | ), 14 | ReleaseRetirement(Deprecated, None), 15 | ), 16 | "ID: null 17 | Package: package for warning tests 18 | Version: pre1.2.3-build 19 | WarningReason: Retired 20 | Dependency Type: Direct 21 | Severity: package-retired:deprecated 22 | Reason: deprecated 23 | ", 24 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@warning_format_as_string@retired_to_warning_invalid.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@warning_format_as_string@retired_to_warning_invalid 4 | --- 5 | #( 6 | #( 7 | Package( 8 | "package for warning tests", 9 | SemVer(1, 2, 3, "pre", "build"), 10 | "pre1.2.3-build", 11 | True, 12 | PackageSourceHex, 13 | ), 14 | ReleaseRetirement( 15 | Invalid, 16 | Some("It's an example man"), 17 | ), 18 | ), 19 | "ID: null 20 | Package: package for warning tests 21 | Version: pre1.2.3-build 22 | WarningReason: Retired 23 | Dependency Type: Direct 24 | Severity: package-retired:invalid 25 | Reason: invalid: It's an example man 26 | ", 27 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@warning_format_as_string@retired_to_warning_invalid_none.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@warning_format_as_string@retired_to_warning_invalid_none 4 | --- 5 | #( 6 | #( 7 | Package( 8 | "package for warning tests", 9 | SemVer(1, 2, 3, "pre", "build"), 10 | "pre1.2.3-build", 11 | True, 12 | PackageSourceHex, 13 | ), 14 | ReleaseRetirement(Invalid, None), 15 | ), 16 | "ID: null 17 | Package: package for warning tests 18 | Version: pre1.2.3-build 19 | WarningReason: Retired 20 | Dependency Type: Direct 21 | Severity: package-retired:invalid 22 | Reason: invalid 23 | ", 24 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@warning_format_as_string@retired_to_warning_other.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@warning_format_as_string@retired_to_warning_other 4 | --- 5 | #( 6 | #( 7 | Package( 8 | "package for warning tests", 9 | SemVer(1, 2, 3, "pre", "build"), 10 | "pre1.2.3-build", 11 | True, 12 | PackageSourceHex, 13 | ), 14 | ReleaseRetirement( 15 | OtherReason, 16 | Some("It's an example man"), 17 | ), 18 | ), 19 | "ID: null 20 | Package: package for warning tests 21 | Version: pre1.2.3-build 22 | WarningReason: Retired 23 | Dependency Type: Direct 24 | Severity: package-retired:it's an example man 25 | Reason: other: It's an example man 26 | ", 27 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@warning_format_as_string@retired_to_warning_other_none.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@warning_format_as_string@retired_to_warning_other_none 4 | --- 5 | #( 6 | #( 7 | Package( 8 | "package for warning tests", 9 | SemVer(1, 2, 3, "pre", "build"), 10 | "pre1.2.3-build", 11 | True, 12 | PackageSourceHex, 13 | ), 14 | ReleaseRetirement(OtherReason, None), 15 | ), 16 | "ID: null 17 | Package: package for warning tests 18 | Version: pre1.2.3-build 19 | WarningReason: Retired 20 | Dependency Type: Direct 21 | Severity: package-retired:unknown 22 | Reason: other 23 | ", 24 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@warning_format_as_string@retired_to_warning_renamed.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@warning_format_as_string@retired_to_warning_renamed 4 | --- 5 | #( 6 | #( 7 | Package( 8 | "package for warning tests", 9 | SemVer(1, 2, 3, "pre", "build"), 10 | "pre1.2.3-build", 11 | True, 12 | PackageSourceHex, 13 | ), 14 | ReleaseRetirement( 15 | Renamed, 16 | Some("It's an example man"), 17 | ), 18 | ), 19 | "ID: null 20 | Package: package for warning tests 21 | Version: pre1.2.3-build 22 | WarningReason: Retired 23 | Dependency Type: Direct 24 | Severity: package-retired:renamed 25 | Reason: renamed: It's an example man 26 | ", 27 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@warning_format_as_string@retired_to_warning_renamed_none.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@warning_format_as_string@retired_to_warning_renamed_none 4 | --- 5 | #( 6 | #( 7 | Package( 8 | "package for warning tests", 9 | SemVer(1, 2, 3, "pre", "build"), 10 | "pre1.2.3-build", 11 | True, 12 | PackageSourceHex, 13 | ), 14 | ReleaseRetirement(Renamed, None), 15 | ), 16 | "ID: null 17 | Package: package for warning tests 18 | Version: pre1.2.3-build 19 | WarningReason: Retired 20 | Dependency Type: Direct 21 | Severity: package-retired:renamed 22 | Reason: renamed 23 | ", 24 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@warning_format_as_string@retired_to_warning_security.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@warning_format_as_string@retired_to_warning_security 4 | --- 5 | #( 6 | #( 7 | Package( 8 | "package for warning tests", 9 | SemVer(1, 2, 3, "pre", "build"), 10 | "pre1.2.3-build", 11 | True, 12 | PackageSourceHex, 13 | ), 14 | ReleaseRetirement( 15 | Security, 16 | Some("It's an example man"), 17 | ), 18 | ), 19 | "ID: null 20 | Package: package for warning tests 21 | Version: pre1.2.3-build 22 | WarningReason: Retired 23 | Dependency Type: Direct 24 | Severity: package-retired:security 25 | Reason: security: It's an example man 26 | ", 27 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@warning_format_as_string@retired_to_warning_security_none.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@warning_format_as_string@retired_to_warning_security_none 4 | --- 5 | #( 6 | #( 7 | Package( 8 | "package for warning tests", 9 | SemVer(1, 2, 3, "pre", "build"), 10 | "pre1.2.3-build", 11 | True, 12 | PackageSourceHex, 13 | ), 14 | ReleaseRetirement(Security, None), 15 | ), 16 | "ID: null 17 | Package: package for warning tests 18 | Version: pre1.2.3-build 19 | WarningReason: Retired 20 | Dependency Type: Direct 21 | Severity: package-retired:security 22 | Reason: security 23 | ", 24 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@warning_format_as_string_minimal@adv_to_warning.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@warning_format_as_string_minimal@adv_to_warning 4 | --- 5 | #( 6 | #( 7 | Package( 8 | "package for warning tests", 9 | SemVer(1, 2, 3, "pre", "build"), 10 | "pre1.2.3-build", 11 | True, 12 | PackageSourceHex, 13 | ), 14 | Advisory( 15 | "ghsa-example", 16 | "example-advisory", 17 | "example", 18 | ["1.1.1", "2.2.2"], 19 | "it's like bad", 20 | ), 21 | ), 22 | "package for warning tests-pre1.2.3-build: unknown-example 23 | ", 24 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@warning_format_as_string_minimal@outdated_to_warning.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@warning_format_as_string_minimal@outdated_to_warning 4 | --- 5 | #( 6 | #( 7 | Package( 8 | "package for warning tests", 9 | SemVer(1, 2, 3, "pre", "build"), 10 | "pre1.2.3-build", 11 | True, 12 | PackageSourceHex, 13 | ), 14 | "1.2.3", 15 | ), 16 | "package for warning tests-pre1.2.3-build: package-outdated 17 | ", 18 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@warning_format_as_string_minimal@rejected_license_to_warning.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@warning_format_as_string_minimal@rejected_license_to_warning 4 | --- 5 | #( 6 | #( 7 | Package( 8 | "package for warning tests", 9 | SemVer(1, 2, 3, "pre", "build"), 10 | "pre1.2.3-build", 11 | True, 12 | PackageSourceHex, 13 | ), 14 | "closed-source-crap", 15 | ), 16 | "package for warning tests: rejected-license 17 | ", 18 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@warning_format_as_string_minimal@retired_to_warning_deprecated.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@warning_format_as_string_minimal@retired_to_warning_deprecated 4 | --- 5 | #( 6 | #( 7 | Package( 8 | "package for warning tests", 9 | SemVer(1, 2, 3, "pre", "build"), 10 | "pre1.2.3-build", 11 | True, 12 | PackageSourceHex, 13 | ), 14 | ReleaseRetirement( 15 | Deprecated, 16 | Some("It's an example man"), 17 | ), 18 | ), 19 | "package for warning tests-pre1.2.3-build: package-retired:deprecated 20 | ", 21 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@warning_format_as_string_minimal@retired_to_warning_deprecated_none.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@warning_format_as_string_minimal@retired_to_warning_deprecated_none 4 | --- 5 | #( 6 | #( 7 | Package( 8 | "package for warning tests", 9 | SemVer(1, 2, 3, "pre", "build"), 10 | "pre1.2.3-build", 11 | True, 12 | PackageSourceHex, 13 | ), 14 | ReleaseRetirement(Deprecated, None), 15 | ), 16 | "package for warning tests-pre1.2.3-build: package-retired:deprecated 17 | ", 18 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@warning_format_as_string_minimal@retired_to_warning_invalid.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@warning_format_as_string_minimal@retired_to_warning_invalid 4 | --- 5 | #( 6 | #( 7 | Package( 8 | "package for warning tests", 9 | SemVer(1, 2, 3, "pre", "build"), 10 | "pre1.2.3-build", 11 | True, 12 | PackageSourceHex, 13 | ), 14 | ReleaseRetirement( 15 | Invalid, 16 | Some("It's an example man"), 17 | ), 18 | ), 19 | "package for warning tests-pre1.2.3-build: package-retired:invalid 20 | ", 21 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@warning_format_as_string_minimal@retired_to_warning_invalid_none.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@warning_format_as_string_minimal@retired_to_warning_invalid_none 4 | --- 5 | #( 6 | #( 7 | Package( 8 | "package for warning tests", 9 | SemVer(1, 2, 3, "pre", "build"), 10 | "pre1.2.3-build", 11 | True, 12 | PackageSourceHex, 13 | ), 14 | ReleaseRetirement(Invalid, None), 15 | ), 16 | "package for warning tests-pre1.2.3-build: package-retired:invalid 17 | ", 18 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@warning_format_as_string_minimal@retired_to_warning_other.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@warning_format_as_string_minimal@retired_to_warning_other 4 | --- 5 | #( 6 | #( 7 | Package( 8 | "package for warning tests", 9 | SemVer(1, 2, 3, "pre", "build"), 10 | "pre1.2.3-build", 11 | True, 12 | PackageSourceHex, 13 | ), 14 | ReleaseRetirement( 15 | OtherReason, 16 | Some("It's an example man"), 17 | ), 18 | ), 19 | "package for warning tests-pre1.2.3-build: package-retired:it's an example man 20 | ", 21 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@warning_format_as_string_minimal@retired_to_warning_other_none.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@warning_format_as_string_minimal@retired_to_warning_other_none 4 | --- 5 | #( 6 | #( 7 | Package( 8 | "package for warning tests", 9 | SemVer(1, 2, 3, "pre", "build"), 10 | "pre1.2.3-build", 11 | True, 12 | PackageSourceHex, 13 | ), 14 | ReleaseRetirement(OtherReason, None), 15 | ), 16 | "package for warning tests-pre1.2.3-build: package-retired:unknown 17 | ", 18 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@warning_format_as_string_minimal@retired_to_warning_renamed.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@warning_format_as_string_minimal@retired_to_warning_renamed 4 | --- 5 | #( 6 | #( 7 | Package( 8 | "package for warning tests", 9 | SemVer(1, 2, 3, "pre", "build"), 10 | "pre1.2.3-build", 11 | True, 12 | PackageSourceHex, 13 | ), 14 | ReleaseRetirement( 15 | Renamed, 16 | Some("It's an example man"), 17 | ), 18 | ), 19 | "package for warning tests-pre1.2.3-build: package-retired:renamed 20 | ", 21 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@warning_format_as_string_minimal@retired_to_warning_renamed_none.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@warning_format_as_string_minimal@retired_to_warning_renamed_none 4 | --- 5 | #( 6 | #( 7 | Package( 8 | "package for warning tests", 9 | SemVer(1, 2, 3, "pre", "build"), 10 | "pre1.2.3-build", 11 | True, 12 | PackageSourceHex, 13 | ), 14 | ReleaseRetirement(Renamed, None), 15 | ), 16 | "package for warning tests-pre1.2.3-build: package-retired:renamed 17 | ", 18 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@warning_format_as_string_minimal@retired_to_warning_security.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@warning_format_as_string_minimal@retired_to_warning_security 4 | --- 5 | #( 6 | #( 7 | Package( 8 | "package for warning tests", 9 | SemVer(1, 2, 3, "pre", "build"), 10 | "pre1.2.3-build", 11 | True, 12 | PackageSourceHex, 13 | ), 14 | ReleaseRetirement( 15 | Security, 16 | Some("It's an example man"), 17 | ), 18 | ), 19 | "package for warning tests-pre1.2.3-build: package-retired:security 20 | ", 21 | ) -------------------------------------------------------------------------------- /birdie_snapshots/erlang@warning_format_as_string_minimal@retired_to_warning_security_none.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Erlang@warning_format_as_string_minimal@retired_to_warning_security_none 4 | --- 5 | #( 6 | #( 7 | Package( 8 | "package for warning tests", 9 | SemVer(1, 2, 3, "pre", "build"), 10 | "pre1.2.3-build", 11 | True, 12 | PackageSourceHex, 13 | ), 14 | ReleaseRetirement(Security, None), 15 | ), 16 | "package for warning tests-pre1.2.3-build: package-retired:security 17 | ", 18 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@advisories_test@test_testdata_advisories_all_yaml.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.2.6 3 | title: Javascript@advisories_test@test/testdata/advisories/all.yaml 4 | --- 5 | #( 6 | "id: id 7 | package: package 8 | severity: severity 9 | title: title 10 | vulnerable_version_ranges: 11 | - ">= 0.1.0, <= 1.0.0" 12 | - "= 2.0.0" 13 | - "= 2.0" 14 | - "= 2" 15 | - "<= 3.0.0" 16 | ", 17 | #( 18 | "id", 19 | "package", 20 | "severity", 21 | "title", 22 | [ 23 | ">= 0.1.0, <= 1.0.0", 24 | "= 2.0.0", 25 | "= 2.0", 26 | "= 2", 27 | "<= 3.0.0", 28 | ], 29 | ), 30 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@conf_test@test_testdata_gleam_basic_toml.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@conf_test@test/testdata/gleam/basic.toml 4 | --- 5 | Config( 6 | dev_deps: [], 7 | outdated: False, 8 | ignore_indirect: True, 9 | force: True, 10 | format: Detailed, 11 | verbose: False, 12 | global: True, 13 | puller: HTTPIE, 14 | allowed_licenses: [], 15 | ignore_packages: ["a"], 16 | ignore_severity: ["b"], 17 | ignore_ids: ["c"], 18 | ignore_dev_dependencies: False, 19 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@conf_test@test_testdata_gleam_empty_toml.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@conf_test@test/testdata/gleam/empty.toml 4 | --- 5 | Config( 6 | dev_deps: [], 7 | outdated: False, 8 | ignore_indirect: False, 9 | force: False, 10 | format: Minimal, 11 | verbose: False, 12 | global: True, 13 | puller: CURL, 14 | allowed_licenses: [], 15 | ignore_packages: [], 16 | ignore_severity: [], 17 | ignore_ids: [], 18 | ignore_dev_dependencies: False, 19 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@conf_test@test_testdata_gleam_full_toml.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@conf_test@test/testdata/gleam/full.toml 4 | --- 5 | Config( 6 | dev_deps: ["c"], 7 | outdated: False, 8 | ignore_indirect: False, 9 | force: False, 10 | format: Minimal, 11 | verbose: False, 12 | global: True, 13 | puller: CURL, 14 | allowed_licenses: [], 15 | ignore_packages: ["a", "b"], 16 | ignore_severity: ["critical", "high"], 17 | ignore_ids: ["a", "b"], 18 | ignore_dev_dependencies: True, 19 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@conf_test@test_testdata_gleam_indirect_new_toml.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@conf_test@test/testdata/gleam/indirect_new.toml 4 | --- 5 | Config( 6 | dev_deps: [], 7 | outdated: False, 8 | ignore_indirect: True, 9 | force: False, 10 | format: Minimal, 11 | verbose: False, 12 | global: True, 13 | puller: CURL, 14 | allowed_licenses: [], 15 | ignore_packages: [], 16 | ignore_severity: [], 17 | ignore_ids: [], 18 | ignore_dev_dependencies: False, 19 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@conf_test@test_testdata_gleam_partial_toml.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@conf_test@test/testdata/gleam/partial.toml 4 | --- 5 | Config( 6 | dev_deps: [], 7 | outdated: False, 8 | ignore_indirect: False, 9 | force: False, 10 | format: Minimal, 11 | verbose: False, 12 | global: True, 13 | puller: WGET, 14 | allowed_licenses: [], 15 | ignore_packages: ["a", "b", "c"], 16 | ignore_severity: [], 17 | ignore_ids: [], 18 | ignore_dev_dependencies: False, 19 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@decode_latest_stable_version_and_licenses@test_testdata_hex_empty_licenses_json.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.2.6 3 | title: Javascript@decode_latest_stable_version_and_licenses@test/testdata/hex/empty_licenses.json 4 | --- 5 | #( 6 | "{ 7 | "meta": { 8 | "licenses": [] 9 | }, 10 | "latest_stable_version": "2.1.0" 11 | } 12 | ", 13 | Ok(HexInfo( 14 | latest_stable_version: Some("2.1.0"), 15 | licenses: [], 16 | )), 17 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@decode_latest_stable_version_and_licenses@test_testdata_hex_full_json.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.2.6 3 | title: Javascript@decode_latest_stable_version_and_licenses@test/testdata/hex/full.json 4 | --- 5 | #( 6 | "{ 7 | "meta": { 8 | "licenses": ["MIT"] 9 | }, 10 | "latest_stable_version": "2.1.0" 11 | } 12 | ", 13 | Ok(HexInfo( 14 | latest_stable_version: Some("2.1.0"), 15 | licenses: ["MIT"], 16 | )), 17 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@decode_latest_stable_version_and_licenses@test_testdata_hex_multi_license_json.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.2.6 3 | title: Javascript@decode_latest_stable_version_and_licenses@test/testdata/hex/multi_license.json 4 | --- 5 | #( 6 | "{ 7 | "meta": { 8 | "licenses": ["foo", "BAR", "baz"] 9 | }, 10 | "latest_stable_version": "2.1.0" 11 | } 12 | ", 13 | Ok(HexInfo( 14 | latest_stable_version: Some("2.1.0"), 15 | licenses: ["foo", "BAR", "baz"], 16 | )), 17 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@decode_latest_stable_version_and_licenses@test_testdata_hex_no_license_json.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.0 3 | title: Javascript@decode_latest_stable_version_and_licenses@test/testdata/hex/no_license.json 4 | --- 5 | #( 6 | "{ 7 | "meta": { 8 | }, 9 | "latest_stable_version": "2.1.0" 10 | } 11 | ", 12 | Error(UnableToDecode([ 13 | DecodeError( 14 | expected: "Field", 15 | found: "Nothing", 16 | path: ["meta", "licenses"], 17 | ), 18 | ])), 19 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@decode_latest_stable_version_and_licenses@test_testdata_hex_no_meta_json.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.0 3 | title: Javascript@decode_latest_stable_version_and_licenses@test/testdata/hex/no_meta.json 4 | --- 5 | #( 6 | "{ 7 | "latest_stable_version": "2.1.0" 8 | } 9 | ", 10 | Error(UnableToDecode([ 11 | DecodeError( 12 | expected: "Field", 13 | found: "Nothing", 14 | path: ["meta"], 15 | ), 16 | ])), 17 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@decode_latest_stable_version_and_licenses@test_testdata_hex_no_version_json.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.0 3 | title: Javascript@decode_latest_stable_version_and_licenses@test/testdata/hex/no_version.json 4 | --- 5 | #( 6 | "{ 7 | "meta": { 8 | "licenses": ["bin"] 9 | } 10 | } 11 | ", 12 | Error(UnableToDecode([ 13 | DecodeError( 14 | expected: "Field", 15 | found: "Nothing", 16 | path: ["latest_stable_version"], 17 | ), 18 | ])), 19 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@decode_latest_stable_version_and_licenses@test_testdata_hex_version_null_json.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.2.6 3 | title: Javascript@decode_latest_stable_version_and_licenses@test/testdata/hex/version_null.json 4 | --- 5 | #( 6 | "{ 7 | "meta": { 8 | "licenses": ["bin"] 9 | }, 10 | "latest_stable_version": null 11 | } 12 | ", 13 | Ok(HexInfo( 14 | latest_stable_version: None, 15 | licenses: ["bin"], 16 | )), 17 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@manifest_test@test_testdata_manifest_a_toml.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@manifest_test@test/testdata/manifest/a.toml 4 | --- 5 | [ 6 | Package( 7 | name: "a", 8 | version: SemVer( 9 | major: 0, 10 | minor: 8, 11 | patch: 1, 12 | pre: "", 13 | build: "", 14 | ), 15 | version_raw: "0.8.1", 16 | direct: True, 17 | source: PackageSourceHex, 18 | ), 19 | ] -------------------------------------------------------------------------------- /birdie_snapshots/javascript@manifest_test@test_testdata_manifest_b_toml.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@manifest_test@test/testdata/manifest/b.toml 4 | --- 5 | [ 6 | Package( 7 | name: "a", 8 | version: SemVer( 9 | major: 0, 10 | minor: 8, 11 | patch: 1, 12 | pre: "", 13 | build: "", 14 | ), 15 | version_raw: "0.8.1", 16 | direct: True, 17 | source: PackageSourceHex, 18 | ), 19 | Package( 20 | name: "b", 21 | version: SemVer( 22 | major: 2, 23 | minor: 2, 24 | patch: 123, 25 | pre: "", 26 | build: "", 27 | ), 28 | version_raw: "2.2.123", 29 | direct: False, 30 | source: PackageSourceHex, 31 | ), 32 | ] -------------------------------------------------------------------------------- /birdie_snapshots/javascript@manifest_test@test_testdata_manifest_dos_toml.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@manifest_test@test/testdata/manifest/dos.toml 4 | --- 5 | [ 6 | Package( 7 | name: "a", 8 | version: SemVer( 9 | major: 0, 10 | minor: 8, 11 | patch: 1, 12 | pre: "", 13 | build: "", 14 | ), 15 | version_raw: "0.8.1", 16 | direct: True, 17 | source: PackageSourceHex, 18 | ), 19 | Package( 20 | name: "dos", 21 | version: SemVer( 22 | major: 2, 23 | minor: 2, 24 | patch: 123, 25 | pre: "", 26 | build: "", 27 | ), 28 | version_raw: "2.2.123", 29 | direct: False, 30 | source: PackageSourceHex, 31 | ), 32 | ] -------------------------------------------------------------------------------- /birdie_snapshots/javascript@manifest_test@test_testdata_manifest_empty_toml.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.2.6 3 | title: Javascript@manifest_test@test/testdata/manifest/empty.toml 4 | --- 5 | [] -------------------------------------------------------------------------------- /birdie_snapshots/javascript@manifest_test@test_testdata_manifest_git_toml.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@manifest_test@test/testdata/manifest/git.toml 4 | --- 5 | [ 6 | Package( 7 | name: "a", 8 | version: SemVer( 9 | major: 0, 10 | minor: 8, 11 | patch: 1, 12 | pre: "", 13 | build: "", 14 | ), 15 | version_raw: "0.8.1", 16 | direct: True, 17 | source: PackageSourceHex, 18 | ), 19 | Package( 20 | name: "b", 21 | version: SemVer( 22 | major: 2, 23 | minor: 2, 24 | patch: 123, 25 | pre: "", 26 | build: "", 27 | ), 28 | version_raw: "2.2.123", 29 | direct: False, 30 | source: PackageSourceHex, 31 | ), 32 | Package( 33 | name: "c", 34 | version: SemVer( 35 | major: 0, 36 | minor: 1, 37 | patch: 0, 38 | pre: "", 39 | build: "", 40 | ), 41 | version_raw: "0.1.0", 42 | direct: False, 43 | source: PackageSourceGit, 44 | ), 45 | ] -------------------------------------------------------------------------------- /birdie_snapshots/javascript@manifest_test@test_testdata_manifest_local_toml.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@manifest_test@test/testdata/manifest/local.toml 4 | --- 5 | [ 6 | Package( 7 | name: "a", 8 | version: SemVer( 9 | major: 0, 10 | minor: 8, 11 | patch: 1, 12 | pre: "", 13 | build: "", 14 | ), 15 | version_raw: "0.8.1", 16 | direct: True, 17 | source: PackageSourceHex, 18 | ), 19 | Package( 20 | name: "b", 21 | version: SemVer( 22 | major: 2, 23 | minor: 2, 24 | patch: 123, 25 | pre: "", 26 | build: "", 27 | ), 28 | version_raw: "2.2.123", 29 | direct: False, 30 | source: PackageSourceHex, 31 | ), 32 | Package( 33 | name: "c", 34 | version: SemVer( 35 | major: 0, 36 | minor: 1, 37 | patch: 0, 38 | pre: "", 39 | build: "", 40 | ), 41 | version_raw: "0.1.0", 42 | direct: False, 43 | source: PackageSourceLocal, 44 | ), 45 | ] -------------------------------------------------------------------------------- /birdie_snapshots/javascript@spin_up_test@empty.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@spin_up_test@empty 4 | --- 5 | #( 6 | [], 7 | Config( 8 | dev_deps: [], 9 | outdated: False, 10 | ignore_indirect: False, 11 | force: False, 12 | format: Minimal, 13 | verbose: False, 14 | global: True, 15 | puller: CURL, 16 | allowed_licenses: [], 17 | ignore_packages: [], 18 | ignore_severity: [], 19 | ignore_ids: [], 20 | ignore_dev_dependencies: False, 21 | ), 22 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@spin_up_test@fake.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.2.6 3 | title: Javascript@spin_up_test@fake 4 | --- 5 | #( 6 | ["--fake"], 7 | Config( 8 | dev_deps: [], 9 | outdated: False, 10 | ignore_indirect: False, 11 | force: False, 12 | fake: True, 13 | format: Minimal, 14 | verbose: False, 15 | global: True, 16 | puller: CURL, 17 | allowed_licenses: [], 18 | ignore_packages: [], 19 | ignore_severity: [], 20 | ignore_ids: [], 21 | ignore_dev_dependencies: False, 22 | ), 23 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@spin_up_test@force.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@spin_up_test@force 4 | --- 5 | #( 6 | ["--force"], 7 | Config( 8 | dev_deps: [], 9 | outdated: False, 10 | ignore_indirect: False, 11 | force: True, 12 | format: Minimal, 13 | verbose: False, 14 | global: True, 15 | puller: CURL, 16 | allowed_licenses: [], 17 | ignore_packages: [], 18 | ignore_severity: [], 19 | ignore_ids: [], 20 | ignore_dev_dependencies: False, 21 | ), 22 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@spin_up_test@format=detailed.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@spin_up_test@format=detailed 4 | --- 5 | #( 6 | ["--format", "detailed"], 7 | Config( 8 | dev_deps: [], 9 | outdated: False, 10 | ignore_indirect: False, 11 | force: False, 12 | format: Detailed, 13 | verbose: False, 14 | global: True, 15 | puller: CURL, 16 | allowed_licenses: [], 17 | ignore_packages: [], 18 | ignore_severity: [], 19 | ignore_ids: [], 20 | ignore_dev_dependencies: False, 21 | ), 22 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@spin_up_test@format=json.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@spin_up_test@format=json 4 | --- 5 | #( 6 | ["--format", "json"], 7 | Config( 8 | dev_deps: [], 9 | outdated: False, 10 | ignore_indirect: False, 11 | force: False, 12 | format: JSON, 13 | verbose: False, 14 | global: True, 15 | puller: CURL, 16 | allowed_licenses: [], 17 | ignore_packages: [], 18 | ignore_severity: [], 19 | ignore_ids: [], 20 | ignore_dev_dependencies: False, 21 | ), 22 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@spin_up_test@format=minimal.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@spin_up_test@format=minimal 4 | --- 5 | #( 6 | ["--format", "minimal"], 7 | Config( 8 | dev_deps: [], 9 | outdated: False, 10 | ignore_indirect: False, 11 | force: False, 12 | format: Minimal, 13 | verbose: False, 14 | global: True, 15 | puller: CURL, 16 | allowed_licenses: [], 17 | ignore_packages: [], 18 | ignore_severity: [], 19 | ignore_ids: [], 20 | ignore_dev_dependencies: False, 21 | ), 22 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@spin_up_test@ignore_indirect.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@spin_up_test@ignore_indirect 4 | --- 5 | #( 6 | ["--ignore-indirect"], 7 | Config( 8 | dev_deps: [], 9 | outdated: False, 10 | ignore_indirect: True, 11 | force: False, 12 | format: Minimal, 13 | verbose: False, 14 | global: True, 15 | puller: CURL, 16 | allowed_licenses: [], 17 | ignore_packages: [], 18 | ignore_severity: [], 19 | ignore_ids: [], 20 | ignore_dev_dependencies: False, 21 | ), 22 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@spin_up_test@outdated.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@spin_up_test@outdated 4 | --- 5 | #( 6 | ["--outdated"], 7 | Config( 8 | dev_deps: [], 9 | outdated: True, 10 | ignore_indirect: False, 11 | force: False, 12 | format: Minimal, 13 | verbose: False, 14 | global: True, 15 | puller: CURL, 16 | allowed_licenses: [], 17 | ignore_packages: [], 18 | ignore_severity: [], 19 | ignore_ids: [], 20 | ignore_dev_dependencies: False, 21 | ), 22 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@spin_up_test@verbose.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@spin_up_test@verbose 4 | --- 5 | #( 6 | ["--verbose"], 7 | Config( 8 | dev_deps: [], 9 | outdated: False, 10 | ignore_indirect: False, 11 | force: False, 12 | format: Minimal, 13 | verbose: True, 14 | global: True, 15 | puller: CURL, 16 | allowed_licenses: [], 17 | ignore_packages: [], 18 | ignore_severity: [], 19 | ignore_ids: [], 20 | ignore_dev_dependencies: False, 21 | ), 22 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@warning@adv_to_warning.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@warning@adv_to_warning 4 | --- 5 | #( 6 | #( 7 | Package( 8 | name: "package for warning tests", 9 | version: SemVer( 10 | major: 1, 11 | minor: 2, 12 | patch: 3, 13 | pre: "pre", 14 | build: "build", 15 | ), 16 | version_raw: "pre1.2.3-build", 17 | direct: True, 18 | source: PackageSourceHex, 19 | ), 20 | Advisory( 21 | id: "ghsa-example", 22 | name: "example-advisory", 23 | severity: "example", 24 | vulnerable_version_ranges: [ 25 | "1.1.1", 26 | "2.2.2", 27 | ], 28 | description: "it's like bad", 29 | ), 30 | ), 31 | Warning( 32 | advisory_id: Some("ghsa-example"), 33 | package: "package for warning tests", 34 | version: Some("pre1.2.3-build"), 35 | reason: "it's like bad", 36 | warning_reason_code: WarningReasonVulnerable, 37 | severity: SeverityUnknown(info: "example"), 38 | dep: DirectDep, 39 | ), 40 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@warning@outdated_to_warning.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@warning@outdated_to_warning 4 | --- 5 | #( 6 | #( 7 | Package( 8 | name: "package for warning tests", 9 | version: SemVer( 10 | major: 1, 11 | minor: 2, 12 | patch: 3, 13 | pre: "pre", 14 | build: "build", 15 | ), 16 | version_raw: "pre1.2.3-build", 17 | direct: True, 18 | source: PackageSourceHex, 19 | ), 20 | "1.2.3", 21 | ), 22 | Warning( 23 | advisory_id: None, 24 | package: "package for warning tests", 25 | version: Some("pre1.2.3-build"), 26 | reason: "New Version: '1.2.3' exists", 27 | warning_reason_code: WarningReasonOutdated, 28 | severity: SeverityPackageOutdated, 29 | dep: DirectDep, 30 | ), 31 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@warning@rejected_license_to_warning.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@warning@rejected_license_to_warning 4 | --- 5 | #( 6 | #( 7 | Package( 8 | name: "package for warning tests", 9 | version: SemVer( 10 | major: 1, 11 | minor: 2, 12 | patch: 3, 13 | pre: "pre", 14 | build: "build", 15 | ), 16 | version_raw: "pre1.2.3-build", 17 | direct: True, 18 | source: PackageSourceHex, 19 | ), 20 | "closed-source-crap", 21 | ), 22 | Warning( 23 | advisory_id: None, 24 | package: "package for warning tests", 25 | version: None, 26 | reason: "Rejected License found: closed-source-crap", 27 | warning_reason_code: WarningReasonRejectedLicense(name: "closed-source-crap"), 28 | severity: SeverityRejectedLicense, 29 | dep: DirectDep, 30 | ), 31 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@warning@retired_to_warning_deprecated.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@warning@retired_to_warning_deprecated 4 | --- 5 | #( 6 | #( 7 | Package( 8 | name: "package for warning tests", 9 | version: SemVer( 10 | major: 1, 11 | minor: 2, 12 | patch: 3, 13 | pre: "pre", 14 | build: "build", 15 | ), 16 | version_raw: "pre1.2.3-build", 17 | direct: True, 18 | source: PackageSourceHex, 19 | ), 20 | ReleaseRetirement( 21 | reason: Deprecated, 22 | message: Some("It's an example man"), 23 | ), 24 | ), 25 | Warning( 26 | advisory_id: None, 27 | package: "package for warning tests", 28 | version: Some("pre1.2.3-build"), 29 | reason: "deprecated: It's an example man", 30 | warning_reason_code: WarningReasonRetired, 31 | severity: SeverityPackageRetiredDeprecated, 32 | dep: DirectDep, 33 | ), 34 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@warning@retired_to_warning_deprecated_none.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@warning@retired_to_warning_deprecated_none 4 | --- 5 | #( 6 | #( 7 | Package( 8 | name: "package for warning tests", 9 | version: SemVer( 10 | major: 1, 11 | minor: 2, 12 | patch: 3, 13 | pre: "pre", 14 | build: "build", 15 | ), 16 | version_raw: "pre1.2.3-build", 17 | direct: True, 18 | source: PackageSourceHex, 19 | ), 20 | ReleaseRetirement( 21 | reason: Deprecated, 22 | message: None, 23 | ), 24 | ), 25 | Warning( 26 | advisory_id: None, 27 | package: "package for warning tests", 28 | version: Some("pre1.2.3-build"), 29 | reason: "deprecated", 30 | warning_reason_code: WarningReasonRetired, 31 | severity: SeverityPackageRetiredDeprecated, 32 | dep: DirectDep, 33 | ), 34 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@warning@retired_to_warning_invalid.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@warning@retired_to_warning_invalid 4 | --- 5 | #( 6 | #( 7 | Package( 8 | name: "package for warning tests", 9 | version: SemVer( 10 | major: 1, 11 | minor: 2, 12 | patch: 3, 13 | pre: "pre", 14 | build: "build", 15 | ), 16 | version_raw: "pre1.2.3-build", 17 | direct: True, 18 | source: PackageSourceHex, 19 | ), 20 | ReleaseRetirement( 21 | reason: Invalid, 22 | message: Some("It's an example man"), 23 | ), 24 | ), 25 | Warning( 26 | advisory_id: None, 27 | package: "package for warning tests", 28 | version: Some("pre1.2.3-build"), 29 | reason: "invalid: It's an example man", 30 | warning_reason_code: WarningReasonRetired, 31 | severity: SeverityPackageRetiredInvalid, 32 | dep: DirectDep, 33 | ), 34 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@warning@retired_to_warning_invalid_none.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@warning@retired_to_warning_invalid_none 4 | --- 5 | #( 6 | #( 7 | Package( 8 | name: "package for warning tests", 9 | version: SemVer( 10 | major: 1, 11 | minor: 2, 12 | patch: 3, 13 | pre: "pre", 14 | build: "build", 15 | ), 16 | version_raw: "pre1.2.3-build", 17 | direct: True, 18 | source: PackageSourceHex, 19 | ), 20 | ReleaseRetirement( 21 | reason: Invalid, 22 | message: None, 23 | ), 24 | ), 25 | Warning( 26 | advisory_id: None, 27 | package: "package for warning tests", 28 | version: Some("pre1.2.3-build"), 29 | reason: "invalid", 30 | warning_reason_code: WarningReasonRetired, 31 | severity: SeverityPackageRetiredInvalid, 32 | dep: DirectDep, 33 | ), 34 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@warning@retired_to_warning_other.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@warning@retired_to_warning_other 4 | --- 5 | #( 6 | #( 7 | Package( 8 | name: "package for warning tests", 9 | version: SemVer( 10 | major: 1, 11 | minor: 2, 12 | patch: 3, 13 | pre: "pre", 14 | build: "build", 15 | ), 16 | version_raw: "pre1.2.3-build", 17 | direct: True, 18 | source: PackageSourceHex, 19 | ), 20 | ReleaseRetirement( 21 | reason: OtherReason, 22 | message: Some("It's an example man"), 23 | ), 24 | ), 25 | Warning( 26 | advisory_id: None, 27 | package: "package for warning tests", 28 | version: Some("pre1.2.3-build"), 29 | reason: "other: It's an example man", 30 | warning_reason_code: WarningReasonRetired, 31 | severity: SeverityPackageRetiredOtherReason(reason: "It's an example man"), 32 | dep: DirectDep, 33 | ), 34 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@warning@retired_to_warning_other_none.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@warning@retired_to_warning_other_none 4 | --- 5 | #( 6 | #( 7 | Package( 8 | name: "package for warning tests", 9 | version: SemVer( 10 | major: 1, 11 | minor: 2, 12 | patch: 3, 13 | pre: "pre", 14 | build: "build", 15 | ), 16 | version_raw: "pre1.2.3-build", 17 | direct: True, 18 | source: PackageSourceHex, 19 | ), 20 | ReleaseRetirement( 21 | reason: OtherReason, 22 | message: None, 23 | ), 24 | ), 25 | Warning( 26 | advisory_id: None, 27 | package: "package for warning tests", 28 | version: Some("pre1.2.3-build"), 29 | reason: "other", 30 | warning_reason_code: WarningReasonRetired, 31 | severity: SeverityPackageRetiredOtherReason(reason: "Unknown"), 32 | dep: DirectDep, 33 | ), 34 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@warning@retired_to_warning_renamed.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@warning@retired_to_warning_renamed 4 | --- 5 | #( 6 | #( 7 | Package( 8 | name: "package for warning tests", 9 | version: SemVer( 10 | major: 1, 11 | minor: 2, 12 | patch: 3, 13 | pre: "pre", 14 | build: "build", 15 | ), 16 | version_raw: "pre1.2.3-build", 17 | direct: True, 18 | source: PackageSourceHex, 19 | ), 20 | ReleaseRetirement( 21 | reason: Renamed, 22 | message: Some("It's an example man"), 23 | ), 24 | ), 25 | Warning( 26 | advisory_id: None, 27 | package: "package for warning tests", 28 | version: Some("pre1.2.3-build"), 29 | reason: "renamed: It's an example man", 30 | warning_reason_code: WarningReasonRetired, 31 | severity: SeverityPackageRetiredRenamed, 32 | dep: DirectDep, 33 | ), 34 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@warning@retired_to_warning_renamed_none.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@warning@retired_to_warning_renamed_none 4 | --- 5 | #( 6 | #( 7 | Package( 8 | name: "package for warning tests", 9 | version: SemVer( 10 | major: 1, 11 | minor: 2, 12 | patch: 3, 13 | pre: "pre", 14 | build: "build", 15 | ), 16 | version_raw: "pre1.2.3-build", 17 | direct: True, 18 | source: PackageSourceHex, 19 | ), 20 | ReleaseRetirement( 21 | reason: Renamed, 22 | message: None, 23 | ), 24 | ), 25 | Warning( 26 | advisory_id: None, 27 | package: "package for warning tests", 28 | version: Some("pre1.2.3-build"), 29 | reason: "renamed", 30 | warning_reason_code: WarningReasonRetired, 31 | severity: SeverityPackageRetiredRenamed, 32 | dep: DirectDep, 33 | ), 34 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@warning@retired_to_warning_security.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@warning@retired_to_warning_security 4 | --- 5 | #( 6 | #( 7 | Package( 8 | name: "package for warning tests", 9 | version: SemVer( 10 | major: 1, 11 | minor: 2, 12 | patch: 3, 13 | pre: "pre", 14 | build: "build", 15 | ), 16 | version_raw: "pre1.2.3-build", 17 | direct: True, 18 | source: PackageSourceHex, 19 | ), 20 | ReleaseRetirement( 21 | reason: Security, 22 | message: Some("It's an example man"), 23 | ), 24 | ), 25 | Warning( 26 | advisory_id: None, 27 | package: "package for warning tests", 28 | version: Some("pre1.2.3-build"), 29 | reason: "security: It's an example man", 30 | warning_reason_code: WarningReasonRetired, 31 | severity: SeverityPackageRetiredSecurity, 32 | dep: DirectDep, 33 | ), 34 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@warning@retired_to_warning_security_none.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@warning@retired_to_warning_security_none 4 | --- 5 | #( 6 | #( 7 | Package( 8 | name: "package for warning tests", 9 | version: SemVer( 10 | major: 1, 11 | minor: 2, 12 | patch: 3, 13 | pre: "pre", 14 | build: "build", 15 | ), 16 | version_raw: "pre1.2.3-build", 17 | direct: True, 18 | source: PackageSourceHex, 19 | ), 20 | ReleaseRetirement( 21 | reason: Security, 22 | message: None, 23 | ), 24 | ), 25 | Warning( 26 | advisory_id: None, 27 | package: "package for warning tests", 28 | version: Some("pre1.2.3-build"), 29 | reason: "security", 30 | warning_reason_code: WarningReasonRetired, 31 | severity: SeverityPackageRetiredSecurity, 32 | dep: DirectDep, 33 | ), 34 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@warning_format_as_json@adv_to_warning.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@warning_format_as_json@adv_to_warning 4 | --- 5 | #( 6 | #( 7 | Package( 8 | name: "package for warning tests", 9 | version: SemVer( 10 | major: 1, 11 | minor: 2, 12 | patch: 3, 13 | pre: "pre", 14 | build: "build", 15 | ), 16 | version_raw: "pre1.2.3-build", 17 | direct: True, 18 | source: PackageSourceHex, 19 | ), 20 | Advisory( 21 | id: "ghsa-example", 22 | name: "example-advisory", 23 | severity: "example", 24 | vulnerable_version_ranges: [ 25 | "1.1.1", 26 | "2.2.2", 27 | ], 28 | description: "it's like bad", 29 | ), 30 | ), 31 | "{ 32 | "id": "ghsa-example", 33 | "package": "package for warning tests", 34 | "version": "pre1.2.3-build", 35 | "warning_reason": "Vulnerable", 36 | "dependency_type": "Direct", 37 | "severity": "unknown-example", 38 | "reason": "it's like bad" 39 | }", 40 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@warning_format_as_json@outdated_to_warning.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@warning_format_as_json@outdated_to_warning 4 | --- 5 | #( 6 | #( 7 | Package( 8 | name: "package for warning tests", 9 | version: SemVer( 10 | major: 1, 11 | minor: 2, 12 | patch: 3, 13 | pre: "pre", 14 | build: "build", 15 | ), 16 | version_raw: "pre1.2.3-build", 17 | direct: True, 18 | source: PackageSourceHex, 19 | ), 20 | "1.2.3", 21 | ), 22 | "{ 23 | "id": null, 24 | "package": "package for warning tests", 25 | "version": "pre1.2.3-build", 26 | "warning_reason": "Outdated", 27 | "dependency_type": "Direct", 28 | "severity": "package-outdated", 29 | "reason": "New Version: '1.2.3' exists" 30 | }", 31 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@warning_format_as_json@rejected_license_to_warning.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@warning_format_as_json@rejected_license_to_warning 4 | --- 5 | #( 6 | #( 7 | Package( 8 | name: "package for warning tests", 9 | version: SemVer( 10 | major: 1, 11 | minor: 2, 12 | patch: 3, 13 | pre: "pre", 14 | build: "build", 15 | ), 16 | version_raw: "pre1.2.3-build", 17 | direct: True, 18 | source: PackageSourceHex, 19 | ), 20 | "closed-source-crap", 21 | ), 22 | "{ 23 | "id": null, 24 | "package": "package for warning tests", 25 | "version": null, 26 | "warning_reason": "Rejected License (closed-source-crap)", 27 | "dependency_type": "Direct", 28 | "severity": "rejected-license", 29 | "reason": "Rejected License found: closed-source-crap" 30 | }", 31 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@warning_format_as_json@retired_to_warning_deprecated.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@warning_format_as_json@retired_to_warning_deprecated 4 | --- 5 | #( 6 | #( 7 | Package( 8 | name: "package for warning tests", 9 | version: SemVer( 10 | major: 1, 11 | minor: 2, 12 | patch: 3, 13 | pre: "pre", 14 | build: "build", 15 | ), 16 | version_raw: "pre1.2.3-build", 17 | direct: True, 18 | source: PackageSourceHex, 19 | ), 20 | ReleaseRetirement( 21 | reason: Deprecated, 22 | message: Some("It's an example man"), 23 | ), 24 | ), 25 | "{ 26 | "id": null, 27 | "package": "package for warning tests", 28 | "version": "pre1.2.3-build", 29 | "warning_reason": "Retired", 30 | "dependency_type": "Direct", 31 | "severity": "package-retired:deprecated", 32 | "reason": "deprecated: It's an example man" 33 | }", 34 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@warning_format_as_json@retired_to_warning_deprecated_none.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@warning_format_as_json@retired_to_warning_deprecated_none 4 | --- 5 | #( 6 | #( 7 | Package( 8 | name: "package for warning tests", 9 | version: SemVer( 10 | major: 1, 11 | minor: 2, 12 | patch: 3, 13 | pre: "pre", 14 | build: "build", 15 | ), 16 | version_raw: "pre1.2.3-build", 17 | direct: True, 18 | source: PackageSourceHex, 19 | ), 20 | ReleaseRetirement( 21 | reason: Deprecated, 22 | message: None, 23 | ), 24 | ), 25 | "{ 26 | "id": null, 27 | "package": "package for warning tests", 28 | "version": "pre1.2.3-build", 29 | "warning_reason": "Retired", 30 | "dependency_type": "Direct", 31 | "severity": "package-retired:deprecated", 32 | "reason": "deprecated" 33 | }", 34 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@warning_format_as_json@retired_to_warning_invalid.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@warning_format_as_json@retired_to_warning_invalid 4 | --- 5 | #( 6 | #( 7 | Package( 8 | name: "package for warning tests", 9 | version: SemVer( 10 | major: 1, 11 | minor: 2, 12 | patch: 3, 13 | pre: "pre", 14 | build: "build", 15 | ), 16 | version_raw: "pre1.2.3-build", 17 | direct: True, 18 | source: PackageSourceHex, 19 | ), 20 | ReleaseRetirement( 21 | reason: Invalid, 22 | message: Some("It's an example man"), 23 | ), 24 | ), 25 | "{ 26 | "id": null, 27 | "package": "package for warning tests", 28 | "version": "pre1.2.3-build", 29 | "warning_reason": "Retired", 30 | "dependency_type": "Direct", 31 | "severity": "package-retired:invalid", 32 | "reason": "invalid: It's an example man" 33 | }", 34 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@warning_format_as_json@retired_to_warning_invalid_none.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@warning_format_as_json@retired_to_warning_invalid_none 4 | --- 5 | #( 6 | #( 7 | Package( 8 | name: "package for warning tests", 9 | version: SemVer( 10 | major: 1, 11 | minor: 2, 12 | patch: 3, 13 | pre: "pre", 14 | build: "build", 15 | ), 16 | version_raw: "pre1.2.3-build", 17 | direct: True, 18 | source: PackageSourceHex, 19 | ), 20 | ReleaseRetirement( 21 | reason: Invalid, 22 | message: None, 23 | ), 24 | ), 25 | "{ 26 | "id": null, 27 | "package": "package for warning tests", 28 | "version": "pre1.2.3-build", 29 | "warning_reason": "Retired", 30 | "dependency_type": "Direct", 31 | "severity": "package-retired:invalid", 32 | "reason": "invalid" 33 | }", 34 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@warning_format_as_json@retired_to_warning_other.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@warning_format_as_json@retired_to_warning_other 4 | --- 5 | #( 6 | #( 7 | Package( 8 | name: "package for warning tests", 9 | version: SemVer( 10 | major: 1, 11 | minor: 2, 12 | patch: 3, 13 | pre: "pre", 14 | build: "build", 15 | ), 16 | version_raw: "pre1.2.3-build", 17 | direct: True, 18 | source: PackageSourceHex, 19 | ), 20 | ReleaseRetirement( 21 | reason: OtherReason, 22 | message: Some("It's an example man"), 23 | ), 24 | ), 25 | "{ 26 | "id": null, 27 | "package": "package for warning tests", 28 | "version": "pre1.2.3-build", 29 | "warning_reason": "Retired", 30 | "dependency_type": "Direct", 31 | "severity": "package-retired:it's an example man", 32 | "reason": "other: It's an example man" 33 | }", 34 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@warning_format_as_json@retired_to_warning_other_none.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@warning_format_as_json@retired_to_warning_other_none 4 | --- 5 | #( 6 | #( 7 | Package( 8 | name: "package for warning tests", 9 | version: SemVer( 10 | major: 1, 11 | minor: 2, 12 | patch: 3, 13 | pre: "pre", 14 | build: "build", 15 | ), 16 | version_raw: "pre1.2.3-build", 17 | direct: True, 18 | source: PackageSourceHex, 19 | ), 20 | ReleaseRetirement( 21 | reason: OtherReason, 22 | message: None, 23 | ), 24 | ), 25 | "{ 26 | "id": null, 27 | "package": "package for warning tests", 28 | "version": "pre1.2.3-build", 29 | "warning_reason": "Retired", 30 | "dependency_type": "Direct", 31 | "severity": "package-retired:unknown", 32 | "reason": "other" 33 | }", 34 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@warning_format_as_json@retired_to_warning_renamed.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@warning_format_as_json@retired_to_warning_renamed 4 | --- 5 | #( 6 | #( 7 | Package( 8 | name: "package for warning tests", 9 | version: SemVer( 10 | major: 1, 11 | minor: 2, 12 | patch: 3, 13 | pre: "pre", 14 | build: "build", 15 | ), 16 | version_raw: "pre1.2.3-build", 17 | direct: True, 18 | source: PackageSourceHex, 19 | ), 20 | ReleaseRetirement( 21 | reason: Renamed, 22 | message: Some("It's an example man"), 23 | ), 24 | ), 25 | "{ 26 | "id": null, 27 | "package": "package for warning tests", 28 | "version": "pre1.2.3-build", 29 | "warning_reason": "Retired", 30 | "dependency_type": "Direct", 31 | "severity": "package-retired:renamed", 32 | "reason": "renamed: It's an example man" 33 | }", 34 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@warning_format_as_json@retired_to_warning_renamed_none.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@warning_format_as_json@retired_to_warning_renamed_none 4 | --- 5 | #( 6 | #( 7 | Package( 8 | name: "package for warning tests", 9 | version: SemVer( 10 | major: 1, 11 | minor: 2, 12 | patch: 3, 13 | pre: "pre", 14 | build: "build", 15 | ), 16 | version_raw: "pre1.2.3-build", 17 | direct: True, 18 | source: PackageSourceHex, 19 | ), 20 | ReleaseRetirement( 21 | reason: Renamed, 22 | message: None, 23 | ), 24 | ), 25 | "{ 26 | "id": null, 27 | "package": "package for warning tests", 28 | "version": "pre1.2.3-build", 29 | "warning_reason": "Retired", 30 | "dependency_type": "Direct", 31 | "severity": "package-retired:renamed", 32 | "reason": "renamed" 33 | }", 34 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@warning_format_as_json@retired_to_warning_security.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@warning_format_as_json@retired_to_warning_security 4 | --- 5 | #( 6 | #( 7 | Package( 8 | name: "package for warning tests", 9 | version: SemVer( 10 | major: 1, 11 | minor: 2, 12 | patch: 3, 13 | pre: "pre", 14 | build: "build", 15 | ), 16 | version_raw: "pre1.2.3-build", 17 | direct: True, 18 | source: PackageSourceHex, 19 | ), 20 | ReleaseRetirement( 21 | reason: Security, 22 | message: Some("It's an example man"), 23 | ), 24 | ), 25 | "{ 26 | "id": null, 27 | "package": "package for warning tests", 28 | "version": "pre1.2.3-build", 29 | "warning_reason": "Retired", 30 | "dependency_type": "Direct", 31 | "severity": "package-retired:security", 32 | "reason": "security: It's an example man" 33 | }", 34 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@warning_format_as_json@retired_to_warning_security_none.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@warning_format_as_json@retired_to_warning_security_none 4 | --- 5 | #( 6 | #( 7 | Package( 8 | name: "package for warning tests", 9 | version: SemVer( 10 | major: 1, 11 | minor: 2, 12 | patch: 3, 13 | pre: "pre", 14 | build: "build", 15 | ), 16 | version_raw: "pre1.2.3-build", 17 | direct: True, 18 | source: PackageSourceHex, 19 | ), 20 | ReleaseRetirement( 21 | reason: Security, 22 | message: None, 23 | ), 24 | ), 25 | "{ 26 | "id": null, 27 | "package": "package for warning tests", 28 | "version": "pre1.2.3-build", 29 | "warning_reason": "Retired", 30 | "dependency_type": "Direct", 31 | "severity": "package-retired:security", 32 | "reason": "security" 33 | }", 34 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@warning_format_as_string@adv_to_warning.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@warning_format_as_string@adv_to_warning 4 | --- 5 | #( 6 | #( 7 | Package( 8 | name: "package for warning tests", 9 | version: SemVer( 10 | major: 1, 11 | minor: 2, 12 | patch: 3, 13 | pre: "pre", 14 | build: "build", 15 | ), 16 | version_raw: "pre1.2.3-build", 17 | direct: True, 18 | source: PackageSourceHex, 19 | ), 20 | Advisory( 21 | id: "ghsa-example", 22 | name: "example-advisory", 23 | severity: "example", 24 | vulnerable_version_ranges: [ 25 | "1.1.1", 26 | "2.2.2", 27 | ], 28 | description: "it's like bad", 29 | ), 30 | ), 31 | "ID: ghsa-example 32 | Package: package for warning tests 33 | Version: pre1.2.3-build 34 | WarningReason: Vulnerable 35 | Dependency Type: Direct 36 | Severity: unknown-example 37 | Reason: it's like bad 38 | ", 39 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@warning_format_as_string@outdated_to_warning.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@warning_format_as_string@outdated_to_warning 4 | --- 5 | #( 6 | #( 7 | Package( 8 | name: "package for warning tests", 9 | version: SemVer( 10 | major: 1, 11 | minor: 2, 12 | patch: 3, 13 | pre: "pre", 14 | build: "build", 15 | ), 16 | version_raw: "pre1.2.3-build", 17 | direct: True, 18 | source: PackageSourceHex, 19 | ), 20 | "1.2.3", 21 | ), 22 | "ID: null 23 | Package: package for warning tests 24 | Version: pre1.2.3-build 25 | WarningReason: Outdated 26 | Dependency Type: Direct 27 | Severity: package-outdated 28 | Reason: New Version: '1.2.3' exists 29 | ", 30 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@warning_format_as_string@rejected_license_to_warning.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@warning_format_as_string@rejected_license_to_warning 4 | --- 5 | #( 6 | #( 7 | Package( 8 | name: "package for warning tests", 9 | version: SemVer( 10 | major: 1, 11 | minor: 2, 12 | patch: 3, 13 | pre: "pre", 14 | build: "build", 15 | ), 16 | version_raw: "pre1.2.3-build", 17 | direct: True, 18 | source: PackageSourceHex, 19 | ), 20 | "closed-source-crap", 21 | ), 22 | "ID: null 23 | Package: package for warning tests 24 | Version: null 25 | WarningReason: Rejected License (closed-source-crap) 26 | Dependency Type: Direct 27 | Severity: rejected-license 28 | Reason: Rejected License found: closed-source-crap 29 | ", 30 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@warning_format_as_string@retired_to_warning_deprecated.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@warning_format_as_string@retired_to_warning_deprecated 4 | --- 5 | #( 6 | #( 7 | Package( 8 | name: "package for warning tests", 9 | version: SemVer( 10 | major: 1, 11 | minor: 2, 12 | patch: 3, 13 | pre: "pre", 14 | build: "build", 15 | ), 16 | version_raw: "pre1.2.3-build", 17 | direct: True, 18 | source: PackageSourceHex, 19 | ), 20 | ReleaseRetirement( 21 | reason: Deprecated, 22 | message: Some("It's an example man"), 23 | ), 24 | ), 25 | "ID: null 26 | Package: package for warning tests 27 | Version: pre1.2.3-build 28 | WarningReason: Retired 29 | Dependency Type: Direct 30 | Severity: package-retired:deprecated 31 | Reason: deprecated: It's an example man 32 | ", 33 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@warning_format_as_string@retired_to_warning_deprecated_none.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@warning_format_as_string@retired_to_warning_deprecated_none 4 | --- 5 | #( 6 | #( 7 | Package( 8 | name: "package for warning tests", 9 | version: SemVer( 10 | major: 1, 11 | minor: 2, 12 | patch: 3, 13 | pre: "pre", 14 | build: "build", 15 | ), 16 | version_raw: "pre1.2.3-build", 17 | direct: True, 18 | source: PackageSourceHex, 19 | ), 20 | ReleaseRetirement( 21 | reason: Deprecated, 22 | message: None, 23 | ), 24 | ), 25 | "ID: null 26 | Package: package for warning tests 27 | Version: pre1.2.3-build 28 | WarningReason: Retired 29 | Dependency Type: Direct 30 | Severity: package-retired:deprecated 31 | Reason: deprecated 32 | ", 33 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@warning_format_as_string@retired_to_warning_invalid.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@warning_format_as_string@retired_to_warning_invalid 4 | --- 5 | #( 6 | #( 7 | Package( 8 | name: "package for warning tests", 9 | version: SemVer( 10 | major: 1, 11 | minor: 2, 12 | patch: 3, 13 | pre: "pre", 14 | build: "build", 15 | ), 16 | version_raw: "pre1.2.3-build", 17 | direct: True, 18 | source: PackageSourceHex, 19 | ), 20 | ReleaseRetirement( 21 | reason: Invalid, 22 | message: Some("It's an example man"), 23 | ), 24 | ), 25 | "ID: null 26 | Package: package for warning tests 27 | Version: pre1.2.3-build 28 | WarningReason: Retired 29 | Dependency Type: Direct 30 | Severity: package-retired:invalid 31 | Reason: invalid: It's an example man 32 | ", 33 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@warning_format_as_string@retired_to_warning_invalid_none.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@warning_format_as_string@retired_to_warning_invalid_none 4 | --- 5 | #( 6 | #( 7 | Package( 8 | name: "package for warning tests", 9 | version: SemVer( 10 | major: 1, 11 | minor: 2, 12 | patch: 3, 13 | pre: "pre", 14 | build: "build", 15 | ), 16 | version_raw: "pre1.2.3-build", 17 | direct: True, 18 | source: PackageSourceHex, 19 | ), 20 | ReleaseRetirement( 21 | reason: Invalid, 22 | message: None, 23 | ), 24 | ), 25 | "ID: null 26 | Package: package for warning tests 27 | Version: pre1.2.3-build 28 | WarningReason: Retired 29 | Dependency Type: Direct 30 | Severity: package-retired:invalid 31 | Reason: invalid 32 | ", 33 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@warning_format_as_string@retired_to_warning_other.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@warning_format_as_string@retired_to_warning_other 4 | --- 5 | #( 6 | #( 7 | Package( 8 | name: "package for warning tests", 9 | version: SemVer( 10 | major: 1, 11 | minor: 2, 12 | patch: 3, 13 | pre: "pre", 14 | build: "build", 15 | ), 16 | version_raw: "pre1.2.3-build", 17 | direct: True, 18 | source: PackageSourceHex, 19 | ), 20 | ReleaseRetirement( 21 | reason: OtherReason, 22 | message: Some("It's an example man"), 23 | ), 24 | ), 25 | "ID: null 26 | Package: package for warning tests 27 | Version: pre1.2.3-build 28 | WarningReason: Retired 29 | Dependency Type: Direct 30 | Severity: package-retired:it's an example man 31 | Reason: other: It's an example man 32 | ", 33 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@warning_format_as_string@retired_to_warning_other_none.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@warning_format_as_string@retired_to_warning_other_none 4 | --- 5 | #( 6 | #( 7 | Package( 8 | name: "package for warning tests", 9 | version: SemVer( 10 | major: 1, 11 | minor: 2, 12 | patch: 3, 13 | pre: "pre", 14 | build: "build", 15 | ), 16 | version_raw: "pre1.2.3-build", 17 | direct: True, 18 | source: PackageSourceHex, 19 | ), 20 | ReleaseRetirement( 21 | reason: OtherReason, 22 | message: None, 23 | ), 24 | ), 25 | "ID: null 26 | Package: package for warning tests 27 | Version: pre1.2.3-build 28 | WarningReason: Retired 29 | Dependency Type: Direct 30 | Severity: package-retired:unknown 31 | Reason: other 32 | ", 33 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@warning_format_as_string@retired_to_warning_renamed.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@warning_format_as_string@retired_to_warning_renamed 4 | --- 5 | #( 6 | #( 7 | Package( 8 | name: "package for warning tests", 9 | version: SemVer( 10 | major: 1, 11 | minor: 2, 12 | patch: 3, 13 | pre: "pre", 14 | build: "build", 15 | ), 16 | version_raw: "pre1.2.3-build", 17 | direct: True, 18 | source: PackageSourceHex, 19 | ), 20 | ReleaseRetirement( 21 | reason: Renamed, 22 | message: Some("It's an example man"), 23 | ), 24 | ), 25 | "ID: null 26 | Package: package for warning tests 27 | Version: pre1.2.3-build 28 | WarningReason: Retired 29 | Dependency Type: Direct 30 | Severity: package-retired:renamed 31 | Reason: renamed: It's an example man 32 | ", 33 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@warning_format_as_string@retired_to_warning_renamed_none.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@warning_format_as_string@retired_to_warning_renamed_none 4 | --- 5 | #( 6 | #( 7 | Package( 8 | name: "package for warning tests", 9 | version: SemVer( 10 | major: 1, 11 | minor: 2, 12 | patch: 3, 13 | pre: "pre", 14 | build: "build", 15 | ), 16 | version_raw: "pre1.2.3-build", 17 | direct: True, 18 | source: PackageSourceHex, 19 | ), 20 | ReleaseRetirement( 21 | reason: Renamed, 22 | message: None, 23 | ), 24 | ), 25 | "ID: null 26 | Package: package for warning tests 27 | Version: pre1.2.3-build 28 | WarningReason: Retired 29 | Dependency Type: Direct 30 | Severity: package-retired:renamed 31 | Reason: renamed 32 | ", 33 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@warning_format_as_string@retired_to_warning_security.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@warning_format_as_string@retired_to_warning_security 4 | --- 5 | #( 6 | #( 7 | Package( 8 | name: "package for warning tests", 9 | version: SemVer( 10 | major: 1, 11 | minor: 2, 12 | patch: 3, 13 | pre: "pre", 14 | build: "build", 15 | ), 16 | version_raw: "pre1.2.3-build", 17 | direct: True, 18 | source: PackageSourceHex, 19 | ), 20 | ReleaseRetirement( 21 | reason: Security, 22 | message: Some("It's an example man"), 23 | ), 24 | ), 25 | "ID: null 26 | Package: package for warning tests 27 | Version: pre1.2.3-build 28 | WarningReason: Retired 29 | Dependency Type: Direct 30 | Severity: package-retired:security 31 | Reason: security: It's an example man 32 | ", 33 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@warning_format_as_string@retired_to_warning_security_none.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@warning_format_as_string@retired_to_warning_security_none 4 | --- 5 | #( 6 | #( 7 | Package( 8 | name: "package for warning tests", 9 | version: SemVer( 10 | major: 1, 11 | minor: 2, 12 | patch: 3, 13 | pre: "pre", 14 | build: "build", 15 | ), 16 | version_raw: "pre1.2.3-build", 17 | direct: True, 18 | source: PackageSourceHex, 19 | ), 20 | ReleaseRetirement( 21 | reason: Security, 22 | message: None, 23 | ), 24 | ), 25 | "ID: null 26 | Package: package for warning tests 27 | Version: pre1.2.3-build 28 | WarningReason: Retired 29 | Dependency Type: Direct 30 | Severity: package-retired:security 31 | Reason: security 32 | ", 33 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@warning_format_as_string_minimal@adv_to_warning.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@warning_format_as_string_minimal@adv_to_warning 4 | --- 5 | #( 6 | #( 7 | Package( 8 | name: "package for warning tests", 9 | version: SemVer( 10 | major: 1, 11 | minor: 2, 12 | patch: 3, 13 | pre: "pre", 14 | build: "build", 15 | ), 16 | version_raw: "pre1.2.3-build", 17 | direct: True, 18 | source: PackageSourceHex, 19 | ), 20 | Advisory( 21 | id: "ghsa-example", 22 | name: "example-advisory", 23 | severity: "example", 24 | vulnerable_version_ranges: [ 25 | "1.1.1", 26 | "2.2.2", 27 | ], 28 | description: "it's like bad", 29 | ), 30 | ), 31 | "package for warning tests-pre1.2.3-build: unknown-example 32 | ", 33 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@warning_format_as_string_minimal@outdated_to_warning.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@warning_format_as_string_minimal@outdated_to_warning 4 | --- 5 | #( 6 | #( 7 | Package( 8 | name: "package for warning tests", 9 | version: SemVer( 10 | major: 1, 11 | minor: 2, 12 | patch: 3, 13 | pre: "pre", 14 | build: "build", 15 | ), 16 | version_raw: "pre1.2.3-build", 17 | direct: True, 18 | source: PackageSourceHex, 19 | ), 20 | "1.2.3", 21 | ), 22 | "package for warning tests-pre1.2.3-build: package-outdated 23 | ", 24 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@warning_format_as_string_minimal@rejected_license_to_warning.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@warning_format_as_string_minimal@rejected_license_to_warning 4 | --- 5 | #( 6 | #( 7 | Package( 8 | name: "package for warning tests", 9 | version: SemVer( 10 | major: 1, 11 | minor: 2, 12 | patch: 3, 13 | pre: "pre", 14 | build: "build", 15 | ), 16 | version_raw: "pre1.2.3-build", 17 | direct: True, 18 | source: PackageSourceHex, 19 | ), 20 | "closed-source-crap", 21 | ), 22 | "package for warning tests: rejected-license 23 | ", 24 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@warning_format_as_string_minimal@retired_to_warning_deprecated.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@warning_format_as_string_minimal@retired_to_warning_deprecated 4 | --- 5 | #( 6 | #( 7 | Package( 8 | name: "package for warning tests", 9 | version: SemVer( 10 | major: 1, 11 | minor: 2, 12 | patch: 3, 13 | pre: "pre", 14 | build: "build", 15 | ), 16 | version_raw: "pre1.2.3-build", 17 | direct: True, 18 | source: PackageSourceHex, 19 | ), 20 | ReleaseRetirement( 21 | reason: Deprecated, 22 | message: Some("It's an example man"), 23 | ), 24 | ), 25 | "package for warning tests-pre1.2.3-build: package-retired:deprecated 26 | ", 27 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@warning_format_as_string_minimal@retired_to_warning_deprecated_none.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@warning_format_as_string_minimal@retired_to_warning_deprecated_none 4 | --- 5 | #( 6 | #( 7 | Package( 8 | name: "package for warning tests", 9 | version: SemVer( 10 | major: 1, 11 | minor: 2, 12 | patch: 3, 13 | pre: "pre", 14 | build: "build", 15 | ), 16 | version_raw: "pre1.2.3-build", 17 | direct: True, 18 | source: PackageSourceHex, 19 | ), 20 | ReleaseRetirement( 21 | reason: Deprecated, 22 | message: None, 23 | ), 24 | ), 25 | "package for warning tests-pre1.2.3-build: package-retired:deprecated 26 | ", 27 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@warning_format_as_string_minimal@retired_to_warning_invalid.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@warning_format_as_string_minimal@retired_to_warning_invalid 4 | --- 5 | #( 6 | #( 7 | Package( 8 | name: "package for warning tests", 9 | version: SemVer( 10 | major: 1, 11 | minor: 2, 12 | patch: 3, 13 | pre: "pre", 14 | build: "build", 15 | ), 16 | version_raw: "pre1.2.3-build", 17 | direct: True, 18 | source: PackageSourceHex, 19 | ), 20 | ReleaseRetirement( 21 | reason: Invalid, 22 | message: Some("It's an example man"), 23 | ), 24 | ), 25 | "package for warning tests-pre1.2.3-build: package-retired:invalid 26 | ", 27 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@warning_format_as_string_minimal@retired_to_warning_invalid_none.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@warning_format_as_string_minimal@retired_to_warning_invalid_none 4 | --- 5 | #( 6 | #( 7 | Package( 8 | name: "package for warning tests", 9 | version: SemVer( 10 | major: 1, 11 | minor: 2, 12 | patch: 3, 13 | pre: "pre", 14 | build: "build", 15 | ), 16 | version_raw: "pre1.2.3-build", 17 | direct: True, 18 | source: PackageSourceHex, 19 | ), 20 | ReleaseRetirement( 21 | reason: Invalid, 22 | message: None, 23 | ), 24 | ), 25 | "package for warning tests-pre1.2.3-build: package-retired:invalid 26 | ", 27 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@warning_format_as_string_minimal@retired_to_warning_other.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@warning_format_as_string_minimal@retired_to_warning_other 4 | --- 5 | #( 6 | #( 7 | Package( 8 | name: "package for warning tests", 9 | version: SemVer( 10 | major: 1, 11 | minor: 2, 12 | patch: 3, 13 | pre: "pre", 14 | build: "build", 15 | ), 16 | version_raw: "pre1.2.3-build", 17 | direct: True, 18 | source: PackageSourceHex, 19 | ), 20 | ReleaseRetirement( 21 | reason: OtherReason, 22 | message: Some("It's an example man"), 23 | ), 24 | ), 25 | "package for warning tests-pre1.2.3-build: package-retired:it's an example man 26 | ", 27 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@warning_format_as_string_minimal@retired_to_warning_other_none.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@warning_format_as_string_minimal@retired_to_warning_other_none 4 | --- 5 | #( 6 | #( 7 | Package( 8 | name: "package for warning tests", 9 | version: SemVer( 10 | major: 1, 11 | minor: 2, 12 | patch: 3, 13 | pre: "pre", 14 | build: "build", 15 | ), 16 | version_raw: "pre1.2.3-build", 17 | direct: True, 18 | source: PackageSourceHex, 19 | ), 20 | ReleaseRetirement( 21 | reason: OtherReason, 22 | message: None, 23 | ), 24 | ), 25 | "package for warning tests-pre1.2.3-build: package-retired:unknown 26 | ", 27 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@warning_format_as_string_minimal@retired_to_warning_renamed.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@warning_format_as_string_minimal@retired_to_warning_renamed 4 | --- 5 | #( 6 | #( 7 | Package( 8 | name: "package for warning tests", 9 | version: SemVer( 10 | major: 1, 11 | minor: 2, 12 | patch: 3, 13 | pre: "pre", 14 | build: "build", 15 | ), 16 | version_raw: "pre1.2.3-build", 17 | direct: True, 18 | source: PackageSourceHex, 19 | ), 20 | ReleaseRetirement( 21 | reason: Renamed, 22 | message: Some("It's an example man"), 23 | ), 24 | ), 25 | "package for warning tests-pre1.2.3-build: package-retired:renamed 26 | ", 27 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@warning_format_as_string_minimal@retired_to_warning_renamed_none.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@warning_format_as_string_minimal@retired_to_warning_renamed_none 4 | --- 5 | #( 6 | #( 7 | Package( 8 | name: "package for warning tests", 9 | version: SemVer( 10 | major: 1, 11 | minor: 2, 12 | patch: 3, 13 | pre: "pre", 14 | build: "build", 15 | ), 16 | version_raw: "pre1.2.3-build", 17 | direct: True, 18 | source: PackageSourceHex, 19 | ), 20 | ReleaseRetirement( 21 | reason: Renamed, 22 | message: None, 23 | ), 24 | ), 25 | "package for warning tests-pre1.2.3-build: package-retired:renamed 26 | ", 27 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@warning_format_as_string_minimal@retired_to_warning_security.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@warning_format_as_string_minimal@retired_to_warning_security 4 | --- 5 | #( 6 | #( 7 | Package( 8 | name: "package for warning tests", 9 | version: SemVer( 10 | major: 1, 11 | minor: 2, 12 | patch: 3, 13 | pre: "pre", 14 | build: "build", 15 | ), 16 | version_raw: "pre1.2.3-build", 17 | direct: True, 18 | source: PackageSourceHex, 19 | ), 20 | ReleaseRetirement( 21 | reason: Security, 22 | message: Some("It's an example man"), 23 | ), 24 | ), 25 | "package for warning tests-pre1.2.3-build: package-retired:security 26 | ", 27 | ) -------------------------------------------------------------------------------- /birdie_snapshots/javascript@warning_format_as_string_minimal@retired_to_warning_security_none.accepted: -------------------------------------------------------------------------------- 1 | --- 2 | version: 1.3.1 3 | title: Javascript@warning_format_as_string_minimal@retired_to_warning_security_none 4 | --- 5 | #( 6 | #( 7 | Package( 8 | name: "package for warning tests", 9 | version: SemVer( 10 | major: 1, 11 | minor: 2, 12 | patch: 3, 13 | pre: "pre", 14 | build: "build", 15 | ), 16 | version_raw: "pre1.2.3-build", 17 | direct: True, 18 | source: PackageSourceHex, 19 | ), 20 | ReleaseRetirement( 21 | reason: Security, 22 | message: None, 23 | ), 24 | ), 25 | "package for warning tests-pre1.2.3-build: package-retired:security 26 | ", 27 | ) -------------------------------------------------------------------------------- /deno.lock: -------------------------------------------------------------------------------- 1 | { 2 | "version": "4", 3 | "specifiers": { 4 | "npm:yaml@^2.5.0": "2.5.0" 5 | }, 6 | "npm": { 7 | "yaml@2.5.0": { 8 | "integrity": "sha512-2wWLbGbYDiSqqIKoPjar3MPgB94ErzCtrNE1FdqGuaO0pi2JGjmE8aW8TDZwzU7vuxcGRdL/4gPQwQ7hD5AMSw==" 9 | } 10 | }, 11 | "workspace": { 12 | "packageJson": { 13 | "dependencies": [ 14 | "npm:yaml@^2.5.0" 15 | ] 16 | } 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /dev/go_over_dev.gleam: -------------------------------------------------------------------------------- 1 | import gleam/option.{None, Some} 2 | import go_over 3 | import go_over/config 4 | import go_over/warning.{ 5 | DirectDep, IndirectDep, SeverityCritical, SeverityHigh, SeverityLow, 6 | SeverityModerate, SeverityPackageRetiredSecurity, SeverityRejectedLicense, 7 | Warning, WarningReasonRetired, WarningReasonVulnerable, 8 | } 9 | import gxyz/function as gfunction 10 | import shellout 11 | 12 | const example_warnings = [ 13 | Warning( 14 | None, 15 | "fake", 16 | Some("x.y.z"), 17 | "Retired", 18 | WarningReasonVulnerable, 19 | SeverityCritical, 20 | DirectDep, 21 | ), 22 | Warning( 23 | None, 24 | "another_fake", 25 | Some("1.2.3"), 26 | "Vulnerable", 27 | WarningReasonVulnerable, 28 | SeverityHigh, 29 | DirectDep, 30 | ), 31 | Warning( 32 | None, 33 | "and_another", 34 | Some("4.5.6"), 35 | "Vulnerable", 36 | WarningReasonVulnerable, 37 | SeverityModerate, 38 | DirectDep, 39 | ), 40 | Warning( 41 | None, 42 | "one_more", 43 | Some("7.8.9"), 44 | "Vulnerable", 45 | WarningReasonVulnerable, 46 | SeverityLow, 47 | IndirectDep, 48 | ), 49 | Warning( 50 | None, 51 | "this_one_was_retired", 52 | Some("10.11.12"), 53 | "Retired", 54 | WarningReasonRetired, 55 | SeverityPackageRetiredSecurity, 56 | IndirectDep, 57 | ), 58 | Warning( 59 | None, 60 | "rejected_license", 61 | None, 62 | "Retired", 63 | WarningReasonRetired, 64 | SeverityRejectedLicense, 65 | IndirectDep, 66 | ), 67 | ] 68 | 69 | pub fn main() { 70 | let assert Ok(conf) = 71 | config.spin_up(config.read_config("gleam.toml"), shellout.arguments()) 72 | 73 | gfunction.iff_nil( 74 | True, 75 | gfunction.freeze2(go_over.print_warnings, example_warnings, conf), 76 | ) 77 | } 78 | -------------------------------------------------------------------------------- /gleam.toml: -------------------------------------------------------------------------------- 1 | name = "go_over" 2 | version = "3.2.0" 3 | licences = ["MIT"] 4 | repository = { type = "github", user = "bwireman", repo = "go-over" } 5 | description = "A tool to audit Erlang & Elixir dependencies, to make sure your Gleam ✨ projects really sparkle!" 6 | gleam = ">= 1.11.0" 7 | links = [ 8 | { title = "Advisories Source", href = "https://github.com/mirego/elixir-security-advisories" }, 9 | ] 10 | 11 | internal_modules = ["*"] 12 | target = "erlang" 13 | extra_applications = ["yamerl"] 14 | 15 | [javascript] 16 | typescript_declarations = false 17 | runtime = "nodejs" 18 | 19 | [javascript.deno] 20 | allow_all = true 21 | 22 | [dependencies] 23 | gleam_stdlib = ">= 0.34.0 and < 2.0.0" 24 | shellout = ">= 1.6.0 and < 2.0.0" 25 | simplifile = ">= 2.0.0 and < 3.0.0" 26 | filepath = ">= 1.0.0 and < 2.0.0" 27 | tom = ">= 2.0.0 and < 3.0.0" 28 | yamerl = ">= 0.10.0 and < 1.0.0" 29 | gleam_hexpm = ">= 3.0.0 and < 4.0.0" 30 | gleam_json = ">= 3.0.0 and < 4.0.0" 31 | gleamsver = ">= 1.0.0 and < 2.0.0" 32 | delay = ">= 1.2.0 and < 2.0.0" 33 | gxyz = ">= 0.1.0 and < 1.0.0" 34 | clip = ">= 1.0.0 and < 2.0.0" 35 | spinner = ">= 1.3.1 and < 2.0.0" 36 | directories = ">= 1.1.0 and < 2.0.0" 37 | gleam_httpc = ">= 5.0.0 and < 6.0.0" 38 | gleam_http = ">= 4.0.0 and < 5.0.0" 39 | gleam_time = ">= 1.2.0 and < 2.0.0" 40 | cactus = ">= 1.3.5 and < 2.0.0" 41 | 42 | [dev-dependencies] 43 | gleeunit = ">= 1.0.0 and < 2.0.0" 44 | birdie = ">= 1.2.3 and < 2.0.0" 45 | pprint = ">= 1.0.6 and < 2.0.0" 46 | 47 | [cactus.pre-commit] 48 | actions = [ 49 | { command = "./scripts/format.sh", kind = "binary", files = [".mjs", ".js", ".gleam"] }, 50 | { command = "./scripts/update.sh", kind = "binary" }, 51 | { command = "./scripts/target_test.sh", kind = "binary", args = ["erlang"], files = [".erl", ".gleam", "manifest.toml", "gleam.toml"] }, 52 | { command = "./scripts/target_test.sh", kind = "binary", args = ["javascript", "node"], files = [".mjs", ".js", ".gleam", "manifest.toml", "gleam.toml"] }, 53 | { command = "./scripts/target_test.sh", kind = "binary", args = ["javascript", "deno"], files = [".mjs", ".js", ".gleam", "manifest.toml", "gleam.toml"] }, 54 | { command = "./scripts/target_test.sh", kind = "binary", args = ["javascript", "bun"], files = [".mjs", ".js", ".gleam", "manifest.toml", "gleam.toml"] }, 55 | ] 56 | 57 | [go-over] 58 | cache = true 59 | global = true 60 | format = "minimal" 61 | outdated = false 62 | puller = "native" 63 | allowed_licenses = ["MIT", "Apache-2.0", "BSD 2-Clause", "WTFPL"] 64 | 65 | [go-over.ignore] 66 | indirect = false 67 | dev_dependencies = false 68 | packages = [] 69 | severity = [] 70 | ids = [] 71 | -------------------------------------------------------------------------------- /images/demo.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bwireman/go-over/6c5a5c88c4bbb6d5e01ac3d6c748f1cadc90c6c0/images/demo.gif -------------------------------------------------------------------------------- /images/demo.tape: -------------------------------------------------------------------------------- 1 | Output images/demo.gif 2 | Set FontSize 14 3 | Set PlaybackSpeed 1.35 4 | Set TypingSpeed 75ms 5 | Set FontFamily 'JetBrains Mono' 6 | Set Margin 12 7 | Set MarginFill "#ffaff3" 8 | Set BorderRadius 12 9 | 10 | # Setup 11 | Hide 12 | Type `rm -rf ~/.cache/go-over/ && clear` 13 | Enter 14 | Show 15 | 16 | Type `gleam run -m go_over -- -h` 17 | Sleep 3.5s 18 | Enter 19 | Sleep 10s 20 | 21 | Type clear 22 | Enter 23 | 24 | Type "# check for retired, vulnerable or outdated packages (and even filter their licenses)" 25 | Enter 26 | Sleep 5s 27 | Type `gleam run -m go_over -- --outdated` 28 | Enter 29 | Wait+Screen@50s /✅ No warnings found!/ 30 | Sleep 3.5s -------------------------------------------------------------------------------- /package-lock.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "go-over", 3 | "lockfileVersion": 3, 4 | "requires": true, 5 | "packages": { 6 | "": { 7 | "name": "go-over", 8 | "license": "MIT", 9 | "dependencies": { 10 | "yaml": "^2.5.0" 11 | }, 12 | "devDependencies": {} 13 | }, 14 | "node_modules/yaml": { 15 | "version": "2.8.1", 16 | "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.8.1.tgz", 17 | "integrity": "sha512-lcYcMxX2PO9XMGvAJkJ3OsNMw+/7FKes7/hgerGUYWIoWu5j/+YQqcZr5JnPZWzOsEBgMbSbiSTn/dv/69Mkpw==", 18 | "license": "ISC", 19 | "bin": { 20 | "yaml": "bin.mjs" 21 | }, 22 | "engines": { 23 | "node": ">= 14.6" 24 | } 25 | } 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "go-over", 3 | "repository": "git@github.com:bwireman/go-over.git", 4 | "license": "MIT", 5 | "type": "module", 6 | "private": true, 7 | "dependencies": { 8 | "yaml": "^2.5.0" 9 | }, 10 | "devDependencies": {} 11 | } 12 | -------------------------------------------------------------------------------- /scripts/format.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -e 3 | deno fmt 4 | gleam fix 5 | gleam format -------------------------------------------------------------------------------- /scripts/publish.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -e 3 | 4 | cd "$(dirname "$0")/.." 5 | 6 | if [ -z "$1" ]; then 7 | echo "Must set version for release" 8 | echo "Usage:" "$0" "" 9 | exit 1 10 | fi 11 | VER="v$1" 12 | 13 | BRANCH="$(git rev-parse --abbrev-ref HEAD)" 14 | if [ "$BRANCH" != "main" ]; then 15 | echo "Branch must be 'main'" 16 | exit 1 17 | fi 18 | 19 | gleam format 20 | ./scripts/update.sh 21 | ./scripts/test.sh 22 | 23 | if [ -n "$(git status --porcelain)" ]; then 24 | echo "Working dir mush be clean" 25 | exit 1 26 | fi 27 | 28 | function publish { 29 | gleam clean 30 | echo "Tagging" "$VER" 31 | git tag "$VER" 32 | git push origin "$VER" 33 | echo "Publishing to Hex" "$VER" 34 | gleam publish 35 | echo "🚀" 36 | } 37 | 38 | echo "Version set to:" "$VER" 39 | while true; do 40 | read -rp "Do you wish to publish? [Yn] " yn 41 | case $yn in 42 | [Yy]* ) publish; break;; 43 | [Nn]* ) echo "canceling..." ; exit;; 44 | * ) publish; break;; 45 | esac 46 | done 47 | -------------------------------------------------------------------------------- /scripts/target_test.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -e 3 | cd "$(dirname "$0")/.." 4 | 5 | YELLOW='\033[1;33m' 6 | NC='\033[0m' 7 | 8 | function snooze() { 9 | echo -e "${YELLOW}😴 Snooze...${NC}" 10 | sleep "$1" 11 | } 12 | 13 | if [ -z "$1" ]; then 14 | echo "Must set target" 15 | echo "Usage: $0 " 16 | exit 1 17 | fi 18 | 19 | TARGET="$1" 20 | RUNTIME="$2" 21 | PULLER="curl" 22 | if [ "$TARGET" = "erlang" ]; then 23 | CMD='--target erlang' 24 | PULLER="native" 25 | else 26 | if [ -z "$2" ]; then 27 | echo "Must set runtime" 28 | echo "Usage: $0 javascript " 29 | exit 1 30 | fi 31 | 32 | CMD="--target javascript --runtime $RUNTIME" 33 | fi 34 | 35 | # shellcheck disable=SC2086 36 | gleam run $CMD -- --force --verbose --puller $PULLER 37 | rm -rf .go-over/outdated 38 | 39 | snooze 15 40 | # shellcheck disable=SC2086 41 | gleam run $CMD -- --outdated --puller wget 42 | 43 | # shellcheck disable=SC2086 44 | gleam test $CMD 45 | -------------------------------------------------------------------------------- /scripts/test.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -e 3 | cd "$(dirname "$0")/.." 4 | 5 | GREEN='\033[0;32m' 6 | YELLOW='\033[1;33m' 7 | NC='\033[0m' 8 | 9 | function snooze() { 10 | echo -e "${YELLOW}😴 Snooze...${NC}" 11 | sleep "$1" 12 | } 13 | 14 | deno fmt 15 | gleam check 16 | gleam update 17 | gleam build 18 | gleam format 19 | 20 | snooze 15 21 | rm -rf .go-over/ 22 | echo -e "${GREEN}==> erlang${NC}" 23 | ./scripts/target_test.sh erlang 24 | 25 | snooze 30 26 | echo -e "${GREEN}==> nodejs${NC}" 27 | ./scripts/target_test.sh javascript nodejs 28 | 29 | snooze 30 30 | echo -e "${GREEN}==> deno${NC}" 31 | ./scripts/target_test.sh javascript deno 32 | 33 | snooze 30 34 | echo -e "${GREEN}==> bun${NC}" 35 | ./scripts/target_test.sh javascript bun 36 | -------------------------------------------------------------------------------- /scripts/update.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -e 3 | 4 | cd "$(dirname "$0")/.." 5 | 6 | gleam update 7 | gleam run -- --outdated 8 | npm upgrade --ignore-scripts -------------------------------------------------------------------------------- /src/go_over.gleam: -------------------------------------------------------------------------------- 1 | import gleam/function 2 | import gleam/int 3 | import gleam/io 4 | import gleam/json 5 | import gleam/list 6 | import gleam/string 7 | import go_over/config.{type Config} 8 | import go_over/packages 9 | import go_over/sources 10 | import go_over/util/constants 11 | import go_over/util/print 12 | import go_over/util/spinner 13 | import go_over/util/util 14 | import go_over/warning.{type Warning} 15 | import gxyz/function as gfunction 16 | import shellout 17 | import simplifile 18 | 19 | fn print_warnings_count(vulns: List(Warning)) -> Nil { 20 | { 21 | "⛔ " 22 | <> int.to_string(list.length(vulns)) 23 | <> " WARNING(s) FOUND!" 24 | <> constants.long_ass_dashes 25 | } 26 | |> io.print_error() 27 | } 28 | 29 | pub fn print_warnings(vulns: List(Warning), conf: Config) -> Nil { 30 | case conf.format { 31 | config.Minimal -> 32 | vulns 33 | |> function.tap(print_warnings_count) 34 | |> list.map(warning.format_as_string_minimal) 35 | |> string.join("") 36 | |> io.print_error() 37 | 38 | config.JSON -> 39 | vulns 40 | |> list.map(warning.format_as_json) 41 | |> json.preprocessed_array() 42 | |> json.to_string() 43 | |> io.print_error() 44 | 45 | _ -> 46 | vulns 47 | |> function.tap(print_warnings_count) 48 | |> list.map(warning.format_as_string) 49 | |> string.join(constants.long_ass_dashes) 50 | |> io.print_error() 51 | } 52 | shellout.exit(1) 53 | } 54 | 55 | pub fn main() { 56 | let conf = case 57 | config.spin_up(config.read_config("gleam.toml"), shellout.arguments()) 58 | { 59 | Error(e) -> { 60 | io.println_error(e) 61 | shellout.exit(0) 62 | util.do_panic() 63 | } 64 | Ok(conf) -> conf 65 | } 66 | 67 | let spinner = spinner.new_spinner("Let's do this!", conf.verbose) 68 | gfunction.ignore_result( 69 | conf.force, 70 | gfunction.freeze1(simplifile.delete, constants.go_over_path(conf.global)), 71 | ) 72 | 73 | spinner.set_text_spinner(spinner, "Reading manifest", conf.verbose) 74 | let pkgs = 75 | packages.read_manifest("manifest.toml") 76 | |> config.filter_dev_dependencies(conf, _) 77 | |> config.filter_packages(conf, _) 78 | |> config.filter_indirect(conf, _) 79 | 80 | spinner.set_text_spinner( 81 | spinner, 82 | "Checking packages: " <> print.raw("vulnerable", "red"), 83 | conf.verbose, 84 | ) 85 | let vulnerable_warnings = sources.get_vulnerable_warnings(pkgs, conf) 86 | 87 | spinner.set_text_spinner( 88 | spinner, 89 | "Checking packages: " <> print.raw("retired", "yellow"), 90 | conf.verbose, 91 | ) 92 | let retired_warnings = 93 | pkgs 94 | |> list.filter(fn(p) { p.source == packages.PackageSourceHex }) 95 | |> sources.get_retired_warnings(conf) 96 | 97 | let hex_warnings = 98 | gfunction.iff( 99 | conf.outdated || list.length(conf.allowed_licenses) > 0, 100 | fn() { 101 | let msg = case conf.outdated, list.length(conf.allowed_licenses) > 0 { 102 | True, True -> "outdated & licenses" 103 | True, False -> "outdated" 104 | False, True -> "licenses" 105 | False, False -> util.do_panic() 106 | } 107 | 108 | spinner.set_text_spinner( 109 | spinner, 110 | "Checking packages: " <> print.raw(msg, "brightmagenta"), 111 | conf.verbose, 112 | ) 113 | 114 | pkgs 115 | |> list.filter(fn(p) { p.source == packages.PackageSourceHex }) 116 | |> sources.get_hex_warnings(conf) 117 | }, 118 | [], 119 | ) 120 | 121 | spinner.set_text_spinner(spinner, "Filtering warnings", conf.verbose) 122 | let warnings = 123 | list.append(retired_warnings, vulnerable_warnings) 124 | |> list.append(hex_warnings) 125 | |> config.filter_severity(conf, _) 126 | 127 | spinner.stop_spinner(spinner) 128 | case warnings { 129 | [] -> print.success("✅ No warnings found!") 130 | vulns -> print_warnings(vulns, conf) 131 | } 132 | } 133 | -------------------------------------------------------------------------------- /src/go_over/advisories/advisories.gleam: -------------------------------------------------------------------------------- 1 | import filepath 2 | import gleam/list 3 | import gleam/option.{None, Some} 4 | import go_over/advisories/comparisons 5 | import go_over/packages.{type Package} 6 | import go_over/util/cache 7 | import go_over/util/constants.{go_over_path, six_hours} 8 | import go_over/util/print 9 | import go_over/util/util 10 | import gxyz/cli 11 | import gxyz/function 12 | import simplifile 13 | 14 | pub type Advisory { 15 | Advisory( 16 | id: String, 17 | name: String, 18 | severity: String, 19 | vulnerable_version_ranges: List(String), 20 | description: String, 21 | ) 22 | } 23 | 24 | fn path(global: Bool) -> String { 25 | go_over_path(global) 26 | |> filepath.join("mirego-elixir-security-advisories") 27 | } 28 | 29 | @external(erlang, "go_over_ffi", "parse_adv") 30 | @external(javascript, "./../../go_over_ffi.mjs", "parse_adv") 31 | pub fn read( 32 | body: String, 33 | ) -> Result(#(String, String, String, String, List(String)), Nil) 34 | 35 | fn read_adv(path: String) -> Advisory { 36 | let body = 37 | simplifile.read(path) 38 | |> cli.hard_fail_with_msg("could not read adv file at: " <> path) 39 | 40 | let #(id, name, severity, desc, versions) = 41 | read(body) 42 | |> cli.hard_fail_with_msg("could not parse advisory file: " <> path) 43 | 44 | Advisory( 45 | id: id, 46 | name: name, 47 | severity: severity, 48 | vulnerable_version_ranges: versions, 49 | description: desc, 50 | ) 51 | } 52 | 53 | fn read_all_adv(global: Bool) -> List(Advisory) { 54 | let packages_path = filepath.join(path(global), "packages") 55 | 56 | let packages = 57 | cli.hard_fail_with_msg( 58 | simplifile.read_directory(packages_path), 59 | "could not read " <> packages_path, 60 | ) 61 | 62 | list.flat_map(packages, fn(dir) { 63 | let dir_path = filepath.join(packages_path, dir) 64 | 65 | let adv_names = 66 | cli.hard_fail_with_msg( 67 | simplifile.read_directory(dir_path), 68 | "could not read " <> dir_path, 69 | ) 70 | list.map(adv_names, fn(adv_name) { 71 | read_adv(filepath.join(dir_path, adv_name)) 72 | }) 73 | }) 74 | } 75 | 76 | fn is_vulnerable( 77 | p: packages.Package, 78 | advisories: List(Advisory), 79 | ) -> List(Advisory) { 80 | list.map(advisories, fn(adv) { 81 | case adv.name == p.name { 82 | False -> option.None 83 | True -> { 84 | case 85 | { 86 | list.any(adv.vulnerable_version_ranges, fn(vuln_semver) { 87 | let comp = comparisons.get_comparator(vuln_semver) 88 | 89 | comp(p.version) 90 | }) 91 | } 92 | { 93 | False -> option.None 94 | True -> option.Some(adv) 95 | } 96 | } 97 | } 98 | }) 99 | |> option.values() 100 | } 101 | 102 | fn delete_and_clone(verbose: Bool, global: Bool) -> Nil { 103 | let p = path(global) 104 | 105 | // ? File may or may not exist 106 | let _ = simplifile.delete(p) 107 | print.progress(verbose, "Cloning: " <> constants.advisories_repo <> "...") 108 | 109 | path(global) 110 | |> simplifile.create_directory_all() 111 | |> cli.hard_fail_with_msg("could not create directory at " <> path(global)) 112 | 113 | util.retry_cmd("git", [ 114 | "clone", 115 | "https://github.com/" <> constants.advisories_repo <> ".git", 116 | path(global), 117 | ]) 118 | |> cli.hard_fail_with_msg("could not clone " <> constants.advisories_repo) 119 | 120 | [ 121 | ".git", ".gitignore", ".github", "config", "lib", ".formatter.exs", 122 | ".credo.exs", "Makefile", "mix.exs", "mix.lock", 123 | ] 124 | |> list.map(filepath.join(p, _)) 125 | |> list.each(simplifile.delete) 126 | } 127 | 128 | pub fn check_for_advisories( 129 | packages: List(packages.Package), 130 | force_pull: Bool, 131 | verbose: Bool, 132 | global: Bool, 133 | ) -> List(#(Package, List(Advisory))) { 134 | cache.pull_if_not_cached( 135 | path(global), 136 | six_hours, 137 | force_pull, 138 | verbose, 139 | function.freeze2(delete_and_clone, verbose, global), 140 | constants.advisories_repo, 141 | ) 142 | 143 | let advisories = read_all_adv(global) 144 | 145 | list.map(packages, fn(pkg) { 146 | case is_vulnerable(pkg, advisories) { 147 | [] -> None 148 | vulns -> Some(#(pkg, vulns)) 149 | } 150 | }) 151 | |> option.values() 152 | } 153 | -------------------------------------------------------------------------------- /src/go_over/advisories/comparisons.gleam: -------------------------------------------------------------------------------- 1 | import gleam/list 2 | import gleam/order 3 | import gleam/string 4 | import gleamsver.{type SemVer} 5 | import gxyz/cli 6 | 7 | type CurriedComparator = 8 | fn(SemVer) -> Bool 9 | 10 | pub fn parse(ver: String) -> SemVer { 11 | let parsed = 12 | string.split(ver, " ") 13 | |> list.last() 14 | |> cli.hard_fail_with_msg("could not parse " <> ver) 15 | 16 | gleamsver.parse(parsed) 17 | |> cli.hard_fail_with_msg("could not parse " <> parsed) 18 | } 19 | 20 | pub fn get_comparator(ver: String) -> CurriedComparator { 21 | let cleaned = 22 | ver 23 | |> string.split(",") 24 | |> list.map(string.trim) 25 | 26 | case cleaned { 27 | [] -> all_good() 28 | [v] -> do_get_comparator(v) 29 | [first, ..tail] -> { 30 | list.fold(tail, do_get_comparator(first), fn(acc, v) { 31 | fn(semver) { acc(semver) && do_get_comparator(v)(semver) } 32 | }) 33 | } 34 | } 35 | } 36 | 37 | fn do_get_comparator(ver: String) -> CurriedComparator { 38 | let op = 39 | string.split(ver, " ") 40 | |> list.first() 41 | |> cli.hard_fail_with_msg("could not parse " <> ver) 42 | 43 | let semver = parse(ver) 44 | case op { 45 | "<" -> lt(semver) 46 | "<=" -> lte(semver) 47 | ">" -> gt(semver) 48 | ">=" -> gte(semver) 49 | "==" -> eq(semver) 50 | "=" -> eq(semver) 51 | _ -> eq(semver) 52 | } 53 | } 54 | 55 | fn eq(r: SemVer) -> CurriedComparator { 56 | fn(l) { gleamsver.are_equal(r, l) } 57 | } 58 | 59 | fn lt(r: SemVer) -> CurriedComparator { 60 | fn(l: SemVer) { gleamsver.compare(l, r) == order.Lt } 61 | } 62 | 63 | fn lte(r: SemVer) -> CurriedComparator { 64 | fn(l: SemVer) { eq(r)(l) || lt(r)(l) } 65 | } 66 | 67 | fn gt(r: SemVer) -> CurriedComparator { 68 | fn(l: SemVer) { gleamsver.compare(l, r) == order.Gt } 69 | } 70 | 71 | fn gte(r: SemVer) -> CurriedComparator { 72 | fn(l: SemVer) { eq(r)(l) || gt(r)(l) } 73 | } 74 | 75 | fn all_good() -> CurriedComparator { 76 | fn(_: SemVer) { False } 77 | } 78 | -------------------------------------------------------------------------------- /src/go_over/hex/core.gleam: -------------------------------------------------------------------------------- 1 | import filepath 2 | import gleam/hexpm.{type ReleaseRetirement} 3 | import gleam/option.{Some} 4 | import go_over/hex/puller 5 | import go_over/packages.{type Package} 6 | import go_over/util/constants 7 | import gxyz/cli 8 | 9 | pub fn release_path(pkg: packages.Package, global: Bool) -> String { 10 | constants.go_over_path(global) 11 | |> filepath.join("deps") 12 | |> filepath.join(pkg.name) 13 | |> filepath.join(pkg.version_raw) 14 | } 15 | 16 | pub fn hex_info_path(pkg: packages.Package, global: Bool) -> String { 17 | constants.go_over_path(global) 18 | |> filepath.join("hex-info") 19 | |> filepath.join(pkg.name) 20 | |> filepath.join(pkg.version_raw) 21 | } 22 | 23 | pub fn pkg_pull_error(pkg: packages.Package, pkg_path: String) { 24 | "could not store hex.pm pkg info. package: " 25 | <> pkg.name 26 | <> " at path " 27 | <> pkg_path 28 | } 29 | 30 | pub fn release_filename(pkg, global: Bool) -> String { 31 | pkg 32 | |> release_path(global) 33 | |> filepath.join("resp.json") 34 | } 35 | 36 | pub fn hex_info_filename(pkg, global: Bool) -> String { 37 | pkg 38 | |> hex_info_path(global) 39 | |> filepath.join("hex-info-resp.json") 40 | } 41 | 42 | pub fn print_ret(ret: ReleaseRetirement) -> String { 43 | let reason = hexpm.retirement_reason_to_string(ret.reason) 44 | case ret.message { 45 | Some(msg) -> reason <> ": " <> msg 46 | _ -> reason 47 | } 48 | } 49 | 50 | pub fn package_url(pkg: Package) { 51 | "https://hex.pm/api/packages/" <> pkg.name 52 | } 53 | 54 | pub fn release_url(pkg: Package) { 55 | package_url(pkg) <> "/releases/" <> pkg.version_raw 56 | } 57 | 58 | pub fn do_pull_hex(pull: puller.Puller, pkg: Package, url: String) -> String { 59 | puller.run(pull, url) 60 | |> cli.custom_hard_fail([ 61 | cli.FailOptMessage( 62 | "request to hex.pm for package: " <> pkg.name <> " failed", 63 | ), 64 | cli.FailOptEcho, 65 | ]) 66 | } 67 | -------------------------------------------------------------------------------- /src/go_over/hex/hex.gleam: -------------------------------------------------------------------------------- 1 | import gleam/dynamic/decode 2 | import gleam/json 3 | import gleam/list 4 | import gleam/option.{type Option} 5 | import gleam/order 6 | import gleamsver 7 | import go_over/hex/core 8 | import go_over/hex/puller 9 | import go_over/packages.{type Package} 10 | import go_over/util/cache 11 | import go_over/util/constants 12 | import go_over/util/print 13 | import gxyz/cli 14 | import gxyz/function as gfunction 15 | import gxyz/list as glist 16 | import simplifile 17 | 18 | pub type HexInfo { 19 | HexInfo(latest_stable_version: Option(String), licenses: List(String)) 20 | } 21 | 22 | fn pull_hex_info( 23 | puller: puller.Puller, 24 | pkg: Package, 25 | verbose: Bool, 26 | global: Bool, 27 | ) -> Nil { 28 | print.progress( 29 | verbose, 30 | "Checking latest version: " <> pkg.name <> " From hex.pm", 31 | ) 32 | let pkg_path = core.hex_info_path(pkg, global) 33 | let pkg_path_fail = core.pkg_pull_error(pkg, pkg_path) 34 | 35 | let _ = simplifile.delete(pkg_path) 36 | simplifile.create_directory_all(pkg_path) 37 | |> cli.hard_fail_with_msg(pkg_path_fail) 38 | 39 | let resp = core.do_pull_hex(puller, pkg, core.package_url(pkg)) 40 | 41 | pkg 42 | |> core.hex_info_filename(global) 43 | |> simplifile.write(resp) 44 | |> cli.hard_fail_with_msg(pkg_path_fail) 45 | } 46 | 47 | pub fn decode_latest_stable_version_and_licenses( 48 | data: String, 49 | ) -> Result(HexInfo, json.DecodeError) { 50 | let decoder = { 51 | use latest_stable_version <- decode.field( 52 | "latest_stable_version", 53 | decode.optional(decode.string), 54 | ) 55 | use licenses <- decode.subfield( 56 | ["meta", "licenses"], 57 | decode.list(decode.string), 58 | ) 59 | decode.success(HexInfo(latest_stable_version:, licenses:)) 60 | } 61 | 62 | json.parse(data, decoder) 63 | } 64 | 65 | fn pull( 66 | puller: puller.Puller, 67 | pkg: Package, 68 | force_pull: Bool, 69 | verbose: Bool, 70 | global: Bool, 71 | ) { 72 | pkg 73 | |> core.hex_info_path(global) 74 | |> cache.pull_if_not_cached( 75 | constants.hour, 76 | force_pull, 77 | verbose, 78 | gfunction.freeze4(pull_hex_info, puller, pkg, verbose, global), 79 | pkg.name <> ": latest stable version", 80 | ) 81 | 82 | let cached_file_name = core.hex_info_filename(pkg, global) 83 | 84 | let resp = 85 | cached_file_name 86 | |> simplifile.read() 87 | |> cli.hard_fail_with_msg("failed to read " <> cached_file_name) 88 | 89 | cli.hard_fail_with_msg( 90 | decode_latest_stable_version_and_licenses(resp), 91 | "failed to parse " <> cached_file_name, 92 | ) 93 | } 94 | 95 | fn check_outdated( 96 | latest_version: String, 97 | pkg: Package, 98 | cached_file_name: String, 99 | ) { 100 | let latest_semver = 101 | gleamsver.parse(latest_version) 102 | |> cli.hard_fail_with_msg("failed to parse: " <> cached_file_name) 103 | 104 | case gleamsver.compare(latest_semver, pkg.version) { 105 | order.Gt -> option.Some(latest_version) 106 | _ -> option.None 107 | } 108 | } 109 | 110 | pub type HexWarningSource { 111 | RejectedLicense(name: String) 112 | Outdated(new_version: String) 113 | } 114 | 115 | pub fn get_hex_info( 116 | puller: puller.Puller, 117 | pkg: Package, 118 | force_pull: Bool, 119 | verbose: Bool, 120 | global: Bool, 121 | allowed_licenses: List(String), 122 | ) { 123 | let info = pull(puller, pkg, force_pull, verbose, global) 124 | let cached_file_name = core.hex_info_filename(pkg, global) 125 | 126 | let outdated = 127 | info.latest_stable_version 128 | |> option.map(check_outdated(_, pkg, cached_file_name)) 129 | |> option.flatten() 130 | |> option.map(Outdated) 131 | 132 | let rejected_licenses = 133 | glist.reject_contains(info.licenses, allowed_licenses) 134 | |> list.map(RejectedLicense) 135 | 136 | case outdated { 137 | option.None -> rejected_licenses 138 | option.Some(outdated) -> [outdated, ..rejected_licenses] 139 | } 140 | } 141 | -------------------------------------------------------------------------------- /src/go_over/hex/puller.gleam: -------------------------------------------------------------------------------- 1 | @target(erlang) 2 | import gleam/http/request 3 | @target(erlang) 4 | import gleam/httpc 5 | import gleam/result 6 | @target(erlang) 7 | import gleam/string 8 | import go_over/util/util 9 | import simplifile 10 | 11 | @target(erlang) 12 | pub const default = Native 13 | 14 | @target(erlang) 15 | pub const default_string = "native" 16 | 17 | @target(javascript) 18 | pub const default = CURL 19 | 20 | @target(javascript) 21 | pub const default_string = "curl" 22 | 23 | pub type Puller { 24 | Native 25 | CURL 26 | WGET 27 | HTTPIE 28 | Mock(result_filepath: String) 29 | } 30 | 31 | @target(erlang) 32 | fn native_get(url: String) -> Result(String, #(Int, String)) { 33 | url 34 | |> request.to() 35 | |> result.replace_error(httpc.InvalidUtf8Response) 36 | |> result.try(httpc.send) 37 | |> result.map(fn(resp) { resp.body }) 38 | |> result.map_error(fn(err) { #(1, string.inspect(err)) }) 39 | } 40 | 41 | @target(javascript) 42 | fn native_get(_: String) -> Result(String, #(Int, String)) { 43 | Error(#(1, "Native puller is only supported on the Erlang target")) 44 | } 45 | 46 | pub fn run(puller: Puller, url: String) -> Result(String, #(Int, String)) { 47 | case puller { 48 | Native -> native_get(url) 49 | 50 | CURL -> util.retry_cmd("curl", ["-sf", url]) 51 | 52 | WGET -> util.retry_cmd("wget", ["-qO-", url]) 53 | 54 | HTTPIE -> util.retry_cmd("https", ["--body", url]) 55 | 56 | Mock(result_filepath: result_filepath) -> 57 | simplifile.read(result_filepath) 58 | |> result.replace_error(#(1, "Mock Failure")) 59 | } 60 | } 61 | -------------------------------------------------------------------------------- /src/go_over/hex/retired.gleam: -------------------------------------------------------------------------------- 1 | import gleam/hexpm.{type ReleaseRetirement} 2 | import gleam/json 3 | import gleam/option.{type Option} 4 | import go_over/hex/core 5 | import go_over/hex/puller 6 | import go_over/packages.{type Package} 7 | import go_over/util/cache 8 | import go_over/util/constants 9 | import go_over/util/print 10 | import gxyz/cli 11 | import gxyz/function 12 | import simplifile 13 | 14 | fn pull_retired( 15 | pull: puller.Puller, 16 | pkg: Package, 17 | verbose: Bool, 18 | global: Bool, 19 | ) -> Nil { 20 | print.progress(verbose, "Checking: " <> pkg.name <> " From hex.pm") 21 | let pkg_path = core.release_path(pkg, global) 22 | let pkg_path_fail = core.pkg_pull_error(pkg, pkg_path) 23 | 24 | let _ = simplifile.delete(pkg_path) 25 | simplifile.create_directory_all(pkg_path) 26 | |> cli.hard_fail_with_msg(pkg_path_fail) 27 | 28 | let resp = core.do_pull_hex(pull, pkg, core.release_url(pkg)) 29 | 30 | pkg 31 | |> core.release_filename(global) 32 | |> simplifile.write(resp) 33 | |> cli.hard_fail_with_msg(pkg_path_fail) 34 | } 35 | 36 | pub fn check_retired( 37 | pull: puller.Puller, 38 | pkg: Package, 39 | force_pull: Bool, 40 | verbose: Bool, 41 | global: Bool, 42 | ) -> Option(ReleaseRetirement) { 43 | pkg 44 | |> core.release_path(global) 45 | |> cache.pull_if_not_cached( 46 | constants.hour, 47 | force_pull, 48 | verbose, 49 | function.freeze4(pull_retired, pull, pkg, verbose, global), 50 | pkg.name <> ":" <> pkg.version_raw, 51 | ) 52 | 53 | let cached_file_name = core.release_filename(pkg, global) 54 | let resp = 55 | cached_file_name 56 | |> simplifile.read() 57 | |> cli.hard_fail_with_msg("failed to read " <> cached_file_name) 58 | 59 | let release = 60 | json.parse(resp, hexpm.release_decoder()) 61 | |> cli.hard_fail_with_msg("failed to parse " <> cached_file_name) 62 | 63 | release.retirement 64 | } 65 | -------------------------------------------------------------------------------- /src/go_over/packages.gleam: -------------------------------------------------------------------------------- 1 | import gleam/dict 2 | import gleam/list 3 | import gleam/option.{Some} 4 | import gleam/string 5 | import gleamsver.{type SemVer} 6 | import go_over/util/print.{warning} 7 | import go_over/util/util 8 | import gxyz/cli 9 | import shellout 10 | import simplifile 11 | import tom 12 | 13 | pub type PackageSource { 14 | PackageSourceHex 15 | PackageSourceGit 16 | PackageSourceLocal 17 | } 18 | 19 | pub type Package { 20 | Package( 21 | name: String, 22 | version: SemVer, 23 | version_raw: String, 24 | direct: Bool, 25 | source: PackageSource, 26 | ) 27 | } 28 | 29 | pub fn read_manifest(path: String) -> List(Package) { 30 | let manifest = 31 | simplifile.read(path) 32 | |> cli.hard_fail_with_msg("could not parse " <> path) 33 | |> string.replace("\r\n", "\n") 34 | |> tom.parse() 35 | |> cli.hard_fail_with_msg("could not parse " <> path) 36 | 37 | let packages = 38 | tom.get_array(manifest, ["packages"]) 39 | |> cli.hard_fail_with_msg("could not parse " <> path <> " value: packages") 40 | let required_packages = 41 | tom.get_table(manifest, ["requirements"]) 42 | |> cli.hard_fail_with_msg( 43 | "could not parse " <> path <> " value: requirements", 44 | ) 45 | |> dict.keys() 46 | 47 | list.map(packages, fn(p) { 48 | case p { 49 | tom.InlineTable(t) -> { 50 | let name = 51 | tom.get_string(t, ["name"]) 52 | |> cli.hard_fail_with_msg( 53 | "could not parse package: " <> string.inspect(t), 54 | ) 55 | let ver = 56 | tom.get_string(t, ["version"]) 57 | |> cli.hard_fail_with_msg( 58 | "could not parse package: " <> string.inspect(t), 59 | ) 60 | let semver = 61 | gleamsver.parse(ver) 62 | |> cli.hard_fail_with_msg("could not parse package version: " <> ver) 63 | 64 | let source_raw = 65 | tom.get_string(t, ["source"]) 66 | |> cli.hard_fail_with_msg( 67 | "could not parse package: " <> string.inspect(t), 68 | ) 69 | 70 | let source = case source_raw { 71 | "git" -> PackageSourceGit 72 | "hex" -> PackageSourceHex 73 | "local" -> PackageSourceLocal 74 | _ -> util.do_panic() 75 | } 76 | 77 | Some(Package( 78 | name, 79 | semver, 80 | ver, 81 | list.contains(required_packages, name), 82 | source, 83 | )) 84 | } 85 | 86 | _ -> { 87 | warning("could not parse packages: incorrect type") 88 | shellout.exit(1) 89 | util.do_panic() 90 | } 91 | } 92 | }) 93 | |> option.values() 94 | } 95 | -------------------------------------------------------------------------------- /src/go_over/sources.gleam: -------------------------------------------------------------------------------- 1 | import gleam/list 2 | import gleam/option.{None, Some} 3 | import gleam/pair 4 | import go_over/advisories/advisories 5 | import go_over/config.{type Config} 6 | import go_over/hex/hex 7 | import go_over/hex/retired 8 | import go_over/packages.{type Package} 9 | import go_over/warning.{type Warning} 10 | import gxyz/list as glist 11 | import gxyz/tuple 12 | 13 | pub fn get_vulnerable_warnings( 14 | pkgs: List(Package), 15 | conf: Config, 16 | ) -> List(Warning) { 17 | advisories.check_for_advisories(pkgs, conf.force, conf.verbose, conf.global) 18 | |> list.map(fn(p) { tuple.map2_1(p, config.filter_advisory_ids(conf, _)) }) 19 | |> glist.filter_tap(pair.second, list.is_empty) 20 | |> list.flat_map(tuple.apply_from2(_, warning.adv_to_warning)) 21 | } 22 | 23 | pub fn get_retired_warnings(pkgs: List(Package), conf: Config) -> List(Warning) { 24 | pkgs 25 | |> list.map(fn(pkg) { 26 | retired.check_retired( 27 | conf.puller, 28 | pkg, 29 | conf.force, 30 | conf.verbose, 31 | conf.global, 32 | ) 33 | |> option.map(pair.new(pkg, _)) 34 | }) 35 | |> option.values() 36 | |> list.map(tuple.apply_from2(_, warning.retired_to_warning)) 37 | } 38 | 39 | pub fn get_hex_warnings(pkgs: List(Package), conf: Config) -> List(Warning) { 40 | let check_licenses = list.length(conf.allowed_licenses) > 0 41 | let outdated = conf.outdated 42 | let force = conf.force 43 | let verbose = conf.verbose 44 | let global = conf.global 45 | let allowed_licenses = conf.allowed_licenses 46 | 47 | list.flat_map(pkgs, fn(pkg) { 48 | let sources = 49 | hex.get_hex_info( 50 | conf.puller, 51 | pkg, 52 | force, 53 | verbose, 54 | global, 55 | allowed_licenses, 56 | ) 57 | 58 | list.map(sources, fn(source) { 59 | case source, outdated, check_licenses { 60 | hex.Outdated(new_version), True, _ -> 61 | Some(warning.outdated_to_warning(pkg, new_version)) 62 | 63 | hex.RejectedLicense(name), _, True -> 64 | Some(warning.rejected_license_to_warning(pkg, name)) 65 | 66 | _, _, _ -> None 67 | } 68 | }) 69 | }) 70 | |> option.values() 71 | } 72 | -------------------------------------------------------------------------------- /src/go_over/util/cache.gleam: -------------------------------------------------------------------------------- 1 | import filepath 2 | import gleam/order 3 | import gleam/result 4 | import gleam/time/calendar 5 | import gleam/time/duration 6 | import gleam/time/timestamp 7 | import go_over/util/constants 8 | import go_over/util/print 9 | import gxyz/cli 10 | import simplifile 11 | 12 | fn cache_name(path: String) -> String { 13 | filepath.join(path, ".go-over-cache") 14 | } 15 | 16 | fn version_name(path: String) -> String { 17 | filepath.join(path, ".go-over-version") 18 | } 19 | 20 | fn file_cached(path: String, max_age_seconds: Int) -> Result(Bool, Nil) { 21 | path 22 | |> cache_name() 23 | |> simplifile.read() 24 | |> result.replace_error(Nil) 25 | |> result.try(timestamp.parse_rfc3339) 26 | |> result.map(fn(v) { 27 | let cutoff = timestamp.add(v, duration.seconds(max_age_seconds)) 28 | 29 | case timestamp.compare(timestamp.system_time(), cutoff) { 30 | order.Lt | order.Eq -> True 31 | _ -> False 32 | } 33 | }) 34 | } 35 | 36 | pub fn pull_if_not_cached( 37 | path: String, 38 | max_age: Int, 39 | force_pull: Bool, 40 | verbose: Bool, 41 | pull_fn: fn() -> Nil, 42 | cache_message: String, 43 | ) -> Nil { 44 | case force_pull, file_cached(path, max_age) { 45 | False, Ok(True) -> { 46 | print.progress(verbose, "Cached: " <> cache_message) 47 | 48 | Nil 49 | } 50 | 51 | _, _ -> { 52 | pull_fn() 53 | 54 | let now = 55 | timestamp.system_time() 56 | |> timestamp.to_rfc3339(calendar.utc_offset) 57 | 58 | simplifile.create_directory_all(path) 59 | |> cli.hard_fail_with_msg("could not write cache file for " <> path) 60 | 61 | path 62 | |> cache_name() 63 | |> simplifile.write(now) 64 | |> cli.hard_fail_with_msg("could not write cache file for " <> path) 65 | 66 | path 67 | |> version_name() 68 | |> simplifile.write(constants.version) 69 | |> cli.hard_fail_with_msg("could not write cache file for " <> path) 70 | 71 | Nil 72 | } 73 | } 74 | } 75 | -------------------------------------------------------------------------------- /src/go_over/util/constants.gleam: -------------------------------------------------------------------------------- 1 | import directories 2 | import filepath 3 | import gxyz/cli 4 | import simplifile 5 | 6 | pub const hour = 3600 7 | 8 | pub const six_hours = 21_600 9 | 10 | pub const version = "3.1.0" 11 | 12 | pub const advisories_repo = "mirego/elixir-security-advisories" 13 | 14 | pub const long_ass_dashes = "\n-----------------------------------------------\n" 15 | 16 | pub fn go_over_path(global: Bool) -> String { 17 | let #(path, name) = case global { 18 | True -> #( 19 | directories.cache_dir() 20 | |> cli.hard_fail_with_msg("could not get cache directory"), 21 | "go-over", 22 | ) 23 | False -> #( 24 | simplifile.current_directory() 25 | |> cli.hard_fail_with_msg("could not get current directory"), 26 | ".go-over", 27 | ) 28 | } 29 | 30 | filepath.join(path, name) 31 | } 32 | -------------------------------------------------------------------------------- /src/go_over/util/print.gleam: -------------------------------------------------------------------------------- 1 | import gleam/io 2 | import gxyz/function 3 | import shellout 4 | 5 | pub fn raw(msg: String, color: String) { 6 | shellout.style(msg, with: shellout.color([color]), custom: []) 7 | } 8 | 9 | pub fn progress(verbose: Bool, msg: String) { 10 | function.iff_nil(verbose, fn() { 11 | shellout.style(msg, with: shellout.color(["brightmagenta"]), custom: []) 12 | |> io.println() 13 | }) 14 | } 15 | 16 | pub fn format_warning(msg: String) { 17 | shellout.style(msg <> "\n", with: shellout.color(["red"]), custom: []) 18 | } 19 | 20 | pub fn format_critical(msg: String) { 21 | format_warning(msg) 22 | } 23 | 24 | pub fn format_high(msg: String) { 25 | shellout.style(msg <> "\n", with: shellout.color(["yellow"]), custom: []) 26 | } 27 | 28 | pub fn format_moderate(msg: String) { 29 | shellout.style(msg <> "\n", with: shellout.color(["blue"]), custom: []) 30 | } 31 | 32 | pub fn format_low(msg: String) { 33 | shellout.style(msg <> "\n", with: shellout.color(["cyan"]), custom: []) 34 | } 35 | 36 | pub fn warning(msg: String) { 37 | msg 38 | |> format_warning() 39 | |> io.println() 40 | } 41 | 42 | pub fn high(msg: String) { 43 | msg 44 | |> format_high() 45 | |> io.println() 46 | } 47 | 48 | pub fn success(msg: String) { 49 | shellout.style(msg, with: shellout.color(["brightgreen"]), custom: []) 50 | |> io.println() 51 | } 52 | -------------------------------------------------------------------------------- /src/go_over/util/spinner.gleam: -------------------------------------------------------------------------------- 1 | @target(javascript) 2 | import gleam/io 3 | @target(erlang) 4 | import gleam/list 5 | import gleam/option 6 | import gxyz/function 7 | import spinner 8 | 9 | // --- SPINNER --- 10 | fn little_guy(msg: String) { 11 | "🕵️ " <> msg 12 | } 13 | 14 | @target(erlang) 15 | pub fn new_spinner(msg: String, verbose: Bool) { 16 | function.iff( 17 | !verbose, 18 | fn() { 19 | spinner.new(little_guy(msg)) 20 | |> spinner.with_frames(list.reverse(spinner.negative_dots_frames)) 21 | |> spinner.start() 22 | |> option.Some() 23 | }, 24 | option.None, 25 | ) 26 | } 27 | 28 | @target(javascript) 29 | pub fn new_spinner(msg: String, verbose: Bool) { 30 | function.iff_nil(!verbose, fn() { 31 | little_guy(msg) 32 | |> io.println() 33 | }) 34 | option.None 35 | } 36 | 37 | @target(erlang) 38 | pub fn set_text_spinner( 39 | spinner: option.Option(spinner.Spinner), 40 | msg: String, 41 | _: Bool, 42 | ) { 43 | option.map(spinner, spinner.set_text(_, little_guy(msg))) 44 | Nil 45 | } 46 | 47 | @target(javascript) 48 | pub fn set_text_spinner( 49 | _: option.Option(spinner.Spinner), 50 | msg: String, 51 | verbose: Bool, 52 | ) { 53 | function.iff_nil(!verbose, fn() { 54 | little_guy(msg) 55 | |> io.println() 56 | }) 57 | } 58 | 59 | pub fn stop_spinner(spinner: option.Option(spinner.Spinner)) { 60 | option.map(spinner, spinner.stop) 61 | } 62 | -------------------------------------------------------------------------------- /src/go_over/util/util.gleam: -------------------------------------------------------------------------------- 1 | import delay 2 | import shellout 3 | 4 | pub fn retry_cmd( 5 | cmd: String, 6 | args: List(String), 7 | ) -> Result(String, #(Int, String)) { 8 | delay.delay_effect(fn() { 9 | shellout.command(run: cmd, with: args, in: ".", opt: []) 10 | }) 11 | |> delay.retry_with_backoff(3) 12 | |> delay.run() 13 | } 14 | 15 | pub fn do_panic() { 16 | panic as "Unreachable, please create an issue in https://github.com/bwireman/go-over if you see this" 17 | } 18 | -------------------------------------------------------------------------------- /src/go_over/warning.gleam: -------------------------------------------------------------------------------- 1 | import gleam/hexpm.{type ReleaseRetirement} 2 | import gleam/json.{type Json, object, string} 3 | import gleam/list 4 | import gleam/option.{type Option, None, Some} 5 | import gleam/string 6 | import go_over/advisories/advisories.{type Advisory} 7 | import go_over/hex/core 8 | import go_over/packages.{type Package} 9 | import go_over/util/print 10 | 11 | pub type WarningReasonCode { 12 | WarningReasonRetired 13 | WarningReasonVulnerable 14 | WarningReasonOutdated 15 | WarningReasonRejectedLicense(name: String) 16 | } 17 | 18 | fn warning_reason_code_as_string(w: WarningReasonCode) -> String { 19 | case w { 20 | WarningReasonRetired -> "Retired" 21 | WarningReasonVulnerable -> "Vulnerable" 22 | WarningReasonOutdated -> "Outdated" 23 | WarningReasonRejectedLicense(name) -> "Rejected License (" <> name <> ")" 24 | } 25 | } 26 | 27 | pub type Severity { 28 | SeverityPackageRetiredInvalid 29 | SeverityPackageRetiredSecurity 30 | SeverityPackageRetiredDeprecated 31 | SeverityPackageRetiredRenamed 32 | SeverityPackageRetiredOtherReason(reason: String) 33 | SeverityPackageOutdated 34 | SeverityRejectedLicense 35 | SeverityCritical 36 | SeverityHigh 37 | SeverityLow 38 | SeverityModerate 39 | SeverityUnknown(info: String) 40 | } 41 | 42 | pub fn severity_as_string(s: Severity) -> String { 43 | case s { 44 | SeverityPackageRetiredInvalid -> "package-retired:invalid" 45 | SeverityPackageRetiredSecurity -> "package-retired:security" 46 | SeverityPackageRetiredDeprecated -> "package-retired:deprecated" 47 | SeverityPackageRetiredRenamed -> "package-retired:renamed" 48 | SeverityPackageRetiredOtherReason(reason) -> 49 | "package-retired:" <> string.lowercase(reason) 50 | SeverityPackageOutdated -> "package-outdated" 51 | SeverityRejectedLicense -> "rejected-license" 52 | SeverityCritical -> "critical" 53 | SeverityHigh -> "high" 54 | SeverityLow -> "low" 55 | SeverityModerate -> "moderate" 56 | SeverityUnknown(value) -> 57 | string.join(["unknown", string.lowercase(value)], "-") 58 | } 59 | } 60 | 61 | pub fn string_to_severity(s: String) -> Severity { 62 | case string.lowercase(s) { 63 | "package-retired:invalid" -> SeverityPackageRetiredInvalid 64 | "package-retired:security" -> SeverityPackageRetiredSecurity 65 | "package-retired:deprecated" -> SeverityPackageRetiredDeprecated 66 | "package-retired:renamed" -> SeverityPackageRetiredRenamed 67 | "package-retired:" <> v -> SeverityPackageRetiredOtherReason(v) 68 | "package-outdated" -> SeverityPackageOutdated 69 | "rejected-license" -> SeverityRejectedLicense 70 | "critical" -> SeverityCritical 71 | "high" -> SeverityHigh 72 | "low" -> SeverityLow 73 | "moderate" -> SeverityModerate 74 | "unknown-" <> v -> SeverityUnknown(v) 75 | v -> SeverityUnknown(v) 76 | } 77 | } 78 | 79 | pub type Dep { 80 | DirectDep 81 | IndirectDep 82 | } 83 | 84 | fn dep_code_as_string(d: Dep) -> String { 85 | case d { 86 | DirectDep -> "Direct" 87 | IndirectDep -> "Indirect" 88 | } 89 | } 90 | 91 | fn dep_code_from_bool(d: Bool) -> Dep { 92 | case d { 93 | True -> DirectDep 94 | False -> IndirectDep 95 | } 96 | } 97 | 98 | pub type Warning { 99 | Warning( 100 | advisory_id: Option(String), 101 | package: String, 102 | version: Option(String), 103 | reason: String, 104 | warning_reason_code: WarningReasonCode, 105 | severity: Severity, 106 | dep: Dep, 107 | ) 108 | } 109 | 110 | pub fn adv_to_warning(pkg: Package, advisories: List(Advisory)) -> List(Warning) { 111 | list.map(advisories, fn(adv) { 112 | Warning( 113 | Some(adv.id), 114 | pkg.name, 115 | Some(pkg.version_raw), 116 | adv.description, 117 | WarningReasonVulnerable, 118 | string_to_severity(adv.severity), 119 | dep_code_from_bool(pkg.direct), 120 | ) 121 | }) 122 | } 123 | 124 | pub fn retired_to_warning(pkg: Package, ret: ReleaseRetirement) -> Warning { 125 | let sev = case ret.reason { 126 | hexpm.Deprecated -> SeverityPackageRetiredDeprecated 127 | hexpm.Invalid -> SeverityPackageRetiredInvalid 128 | hexpm.Renamed -> SeverityPackageRetiredRenamed 129 | hexpm.Security -> SeverityPackageRetiredSecurity 130 | hexpm.OtherReason -> 131 | SeverityPackageRetiredOtherReason(option.unwrap(ret.message, "Unknown")) 132 | } 133 | 134 | Warning( 135 | None, 136 | pkg.name, 137 | Some(pkg.version_raw), 138 | core.print_ret(ret), 139 | WarningReasonRetired, 140 | sev, 141 | dep_code_from_bool(pkg.direct), 142 | ) 143 | } 144 | 145 | pub fn outdated_to_warning(pkg: Package, new_version: String) -> Warning { 146 | Warning( 147 | None, 148 | pkg.name, 149 | Some(pkg.version_raw), 150 | "New Version: '" <> new_version <> "' exists", 151 | WarningReasonOutdated, 152 | SeverityPackageOutdated, 153 | dep_code_from_bool(pkg.direct), 154 | ) 155 | } 156 | 157 | pub fn rejected_license_to_warning(pkg: Package, license: String) -> Warning { 158 | Warning( 159 | None, 160 | pkg.name, 161 | None, 162 | "Rejected License found: " <> license, 163 | WarningReasonRejectedLicense(license), 164 | SeverityRejectedLicense, 165 | dep_code_from_bool(pkg.direct), 166 | ) 167 | } 168 | 169 | pub fn format_as_string(w: Warning) -> String { 170 | [ 171 | "ID: " <> option.unwrap(w.advisory_id, "null"), 172 | "Package: " <> w.package, 173 | "Version: " <> option.unwrap(w.version, "null"), 174 | "WarningReason: " <> warning_reason_code_as_string(w.warning_reason_code), 175 | "Dependency Type: " <> dep_code_as_string(w.dep), 176 | "Severity: " <> severity_as_string(w.severity), 177 | "Reason: " <> w.reason, 178 | ] 179 | |> string.join("\n") 180 | |> color(w, _) 181 | } 182 | 183 | pub fn format_as_string_minimal(w: Warning) -> String { 184 | case w.version { 185 | option.Some(version) -> 186 | color( 187 | w, 188 | w.package <> "-" <> version <> ": " <> severity_as_string(w.severity), 189 | ) 190 | 191 | option.None -> color(w, w.package <> ": " <> severity_as_string(w.severity)) 192 | } 193 | } 194 | 195 | pub fn format_as_json(w: Warning) -> Json { 196 | object([ 197 | #("id", json.nullable(w.advisory_id, string)), 198 | #("package", string(w.package)), 199 | #("version", json.nullable(w.version, string)), 200 | #( 201 | "warning_reason", 202 | string(warning_reason_code_as_string(w.warning_reason_code)), 203 | ), 204 | #("dependency_type", string(dep_code_as_string(w.dep))), 205 | #("severity", string(severity_as_string(w.severity))), 206 | #("reason", string(w.reason)), 207 | ]) 208 | } 209 | 210 | fn color(w: Warning, str: String) { 211 | case w.severity { 212 | SeverityCritical | SeverityPackageRetiredSecurity -> 213 | print.format_critical(str) 214 | SeverityHigh | SeverityRejectedLicense -> print.format_high(str) 215 | SeverityModerate 216 | | SeverityPackageRetiredRenamed 217 | | SeverityPackageRetiredDeprecated 218 | | SeverityPackageOutdated -> print.format_moderate(str) 219 | SeverityLow | SeverityPackageRetiredInvalid -> print.format_low(str) 220 | SeverityUnknown(_) | SeverityPackageRetiredOtherReason(_) -> 221 | print.format_warning(str) 222 | } 223 | } 224 | -------------------------------------------------------------------------------- /src/go_over_ffi.erl: -------------------------------------------------------------------------------- 1 | -module(go_over_ffi). 2 | 3 | -export([ 4 | parse_adv/1 5 | ]). 6 | 7 | % Parses mirego/elixir-security-advisories advisory yaml 8 | % files and returns these fields in an array 9 | % - id: binary() 10 | % - package: binary() 11 | % - severity: binary() 12 | % - title: binary() 13 | % - vulnerable_version_ranges: list(binary()) 14 | % 15 | % @param {binary()} content 16 | % @returns {ok, {binary(), binary(), binary(), binary(), list(binary())}} 17 | parse_adv(Raw) -> 18 | try do_parse_adv(Raw) of 19 | Res -> Res 20 | catch 21 | _:_ -> {error, nil} 22 | end. 23 | 24 | do_parse_adv(Raw) -> 25 | maybe 26 | [Content] ?= yamerl:decode(Raw), 27 | 28 | {_, ID_raw} ?= lists:keyfind("id", 1, Content), 29 | ID ?= unicode:characters_to_binary(ID_raw), 30 | true ?= is_binary(ID), 31 | 32 | {_, Name_raw} ?= lists:keyfind("package", 1, Content), 33 | Name ?= unicode:characters_to_binary(Name_raw), 34 | true ?= is_binary(Name), 35 | 36 | {_, Severity_raw} ?= lists:keyfind("severity", 1, Content), 37 | Severity ?= unicode:characters_to_binary(Severity_raw), 38 | true ?= is_binary(Severity), 39 | 40 | {_, Title_raw} ?= lists:keyfind("title", 1, Content), 41 | Title ?= unicode:characters_to_binary(Title_raw), 42 | true ?= is_binary(Title), 43 | 44 | {_, Vulnerable_version_ranges_raw} ?= lists:keyfind("vulnerable_version_ranges", 1, Content), 45 | Vulnerable_version_ranges ?= lists:map( 46 | fun unicode:characters_to_binary/1, Vulnerable_version_ranges_raw 47 | ), 48 | true ?= lists:all(fun is_binary/1, Vulnerable_version_ranges), 49 | 50 | {ok, { 51 | ID, 52 | Name, 53 | Severity, 54 | Title, 55 | Vulnerable_version_ranges 56 | }} 57 | else 58 | _ -> {error, nil} 59 | end. 60 | 61 | 62 | 63 | -------------------------------------------------------------------------------- /src/go_over_ffi.mjs: -------------------------------------------------------------------------------- 1 | import { parse as parse_yaml } from "yaml"; 2 | import { Error, Ok, toList } from "../prelude.mjs"; 3 | 4 | const string_type = "string"; 5 | const err = new Error(undefined); 6 | 7 | /** 8 | * Parses mirego/elixir-security-advisories advisory yaml 9 | * files and returns these fields in an array 10 | * - id: string 11 | * - package: string 12 | * - severity: string 13 | * - title: string 14 | * - vulnerable_version_ranges: List 15 | * 16 | * @param {string} content 17 | * @returns Result>, null> 18 | */ 19 | export function parse_adv(content) { 20 | try { 21 | const { 22 | id, 23 | package: pkg, 24 | severity, 25 | title, 26 | vulnerable_version_ranges, 27 | } = parse_yaml(content); 28 | 29 | if (!id || !pkg || !severity || !title || !vulnerable_version_ranges) { 30 | return err; 31 | } 32 | 33 | if (typeof id !== string_type) { 34 | return err; 35 | } 36 | 37 | if (typeof pkg !== string_type) { 38 | return err; 39 | } 40 | 41 | if (typeof severity !== string_type) { 42 | return err; 43 | } 44 | 45 | if (typeof title !== string_type) { 46 | return err; 47 | } 48 | 49 | if (!Array.isArray(vulnerable_version_ranges)) { 50 | return err; 51 | } 52 | 53 | for (const element of vulnerable_version_ranges) { 54 | if (typeof element !== string_type) { 55 | return err; 56 | } 57 | } 58 | 59 | return new Ok([ 60 | id, 61 | pkg, 62 | severity, 63 | title, 64 | toList(vulnerable_version_ranges), 65 | ]); 66 | } catch { 67 | return err; 68 | } 69 | } 70 | -------------------------------------------------------------------------------- /test/advisories_test.gleam: -------------------------------------------------------------------------------- 1 | import go_over/advisories/advisories.{check_for_advisories, read} 2 | import go_over/packages.{read_manifest} 3 | import go_over_test 4 | import simplifile 5 | 6 | pub fn check_for_advisories_test() { 7 | let assert [#(pkg, [adv1, adv2])] = 8 | read_manifest("test/testdata/manifest/known_vulnerable.toml") 9 | |> check_for_advisories(False, False, True) 10 | 11 | assert pkg.name == "phoenix" 12 | assert adv1.name == "phoenix" 13 | assert adv2.name == "phoenix" 14 | } 15 | 16 | pub fn read_adv_test() { 17 | let assert Ok(body) = simplifile.read("test/testdata/advisories/blank.yaml") 18 | assert Error(Nil) == read(body) 19 | 20 | let assert Ok(body) = 21 | simplifile.read("test/testdata/advisories/missing_id.yaml") 22 | assert Error(Nil) == read(body) 23 | 24 | let assert Ok(body) = 25 | simplifile.read("test/testdata/advisories/missing_package.yaml") 26 | assert Error(Nil) == read(body) 27 | 28 | let assert Ok(body) = 29 | simplifile.read("test/testdata/advisories/missing_title.yaml") 30 | assert Error(Nil) == read(body) 31 | 32 | let assert Ok(body) = 33 | simplifile.read("test/testdata/advisories/missing_severity.yaml") 34 | assert Error(Nil) == read(body) 35 | 36 | let assert Ok(body) = 37 | simplifile.read("test/testdata/advisories/missing_versions.yaml") 38 | assert Error(Nil) == read(body) 39 | 40 | let assert Ok(body) = 41 | simplifile.read("test/testdata/advisories/non_list_versions.yaml") 42 | assert Error(Nil) == read(body) 43 | 44 | let assert Ok(body) = 45 | simplifile.read("test/testdata/advisories/not-even-yaml.txt") 46 | assert Error(Nil) == read(body) 47 | 48 | let assert Ok(body) = 49 | simplifile.read("test/testdata/advisories/not_string_id.yaml") 50 | assert Error(Nil) == read(body) 51 | 52 | let assert Ok(body) = 53 | simplifile.read("test/testdata/advisories/not_string_package.yaml") 54 | assert Error(Nil) == read(body) 55 | 56 | let assert Ok(body) = 57 | simplifile.read("test/testdata/advisories/not_string_severity.yaml") 58 | assert Error(Nil) == read(body) 59 | 60 | let assert Ok(body) = 61 | simplifile.read("test/testdata/advisories/not_string_title.yaml") 62 | assert Error(Nil) == read(body) 63 | 64 | let assert Ok(body) = 65 | simplifile.read("test/testdata/advisories/not_string_versions.yaml") 66 | assert Error(Nil) == read(body) 67 | 68 | let assert Ok(body) = simplifile.read("test/testdata/advisories/all.yaml") 69 | let assert Ok(parsed) = read(body) 70 | 71 | go_over_test.birdie_snap_with_input( 72 | parsed, 73 | body, 74 | "advisories_test@test/testdata/advisories/all.yaml", 75 | ) 76 | } 77 | -------------------------------------------------------------------------------- /test/comparisons_test.gleam: -------------------------------------------------------------------------------- 1 | import gleamsver.{parse} 2 | import go_over/advisories/comparisons 3 | 4 | pub fn parse_test() { 5 | comparisons.parse(" 1.1.1") 6 | comparisons.parse(" 0.1.0") 7 | comparisons.parse(" 2.1.0-beta") 8 | comparisons.parse("2.54.0") 9 | } 10 | 11 | pub fn get_comparator_test() { 12 | let assert Ok(v) = parse("1.1.1") 13 | assert comparisons.get_comparator("<= 1.1.1")(v) 14 | 15 | assert !comparisons.get_comparator("< 1.1.1")(v) 16 | 17 | assert !comparisons.get_comparator("> 1.1.1")(v) 18 | 19 | assert comparisons.get_comparator(">= 1.1.1")(v) 20 | 21 | assert comparisons.get_comparator("== 1.1.1")(v) 22 | 23 | assert comparisons.get_comparator("= 1.1.1")(v) 24 | 25 | assert comparisons.get_comparator("1.1.1")(v) 26 | 27 | assert comparisons.get_comparator("<= 1.1.1, > 1.0.0")(v) 28 | 29 | assert comparisons.get_comparator("> 1.0.0, <= 1.1.1")(v) 30 | 31 | assert !comparisons.get_comparator("< 1.1.1, > 1.0.0")(v) 32 | 33 | assert !comparisons.get_comparator("> 1.0.0, < 1.1.1")(v) 34 | 35 | assert !comparisons.get_comparator("> 1.1.1, < 1.0.0")(v) 36 | } 37 | -------------------------------------------------------------------------------- /test/go_over_test.gleam: -------------------------------------------------------------------------------- 1 | import birdie 2 | import gleeunit 3 | import pprint 4 | 5 | pub fn main() { 6 | gleeunit.main() 7 | } 8 | 9 | @target(erlang) 10 | fn runtime() { 11 | "Erlang" 12 | } 13 | 14 | @target(javascript) 15 | fn runtime() { 16 | "Javascript" 17 | } 18 | 19 | pub fn birdie_snap(value: a, name: String) -> a { 20 | value 21 | |> pprint.with_config(pprint.Config( 22 | pprint.Unstyled, 23 | pprint.BitArraysAsString, 24 | pprint.Labels, 25 | )) 26 | |> birdie.snap(runtime() <> "@" <> name) 27 | 28 | value 29 | } 30 | 31 | pub fn birdie_snap_with_input(value: a, input: b, name: String) -> a { 32 | birdie_snap(#(input, value), name) 33 | 34 | value 35 | } 36 | -------------------------------------------------------------------------------- /test/hex_test.gleam: -------------------------------------------------------------------------------- 1 | import go_over/hex/hex 2 | import go_over_test 3 | import simplifile 4 | 5 | fn parse(path: String) { 6 | let assert Ok(input) = simplifile.read(path) 7 | 8 | input 9 | |> hex.decode_latest_stable_version_and_licenses 10 | |> go_over_test.birdie_snap_with_input( 11 | input, 12 | "decode_latest_stable_version_and_licenses@" <> path, 13 | ) 14 | } 15 | 16 | pub fn decode_latest_stable_version_and_licenses_test() { 17 | let assert Ok(_) = parse("test/testdata/hex/empty_licenses.json") 18 | let assert Ok(_) = parse("test/testdata/hex/full.json") 19 | let assert Ok(_) = parse("test/testdata/hex/multi_license.json") 20 | let assert Error(_) = parse("test/testdata/hex/no_license.json") 21 | let assert Error(_) = parse("test/testdata/hex/no_meta.json") 22 | let assert Error(_) = parse("test/testdata/hex/no_version.json") 23 | let assert Ok(_) = parse("test/testdata/hex/version_null.json") 24 | } 25 | -------------------------------------------------------------------------------- /test/manifest_test.gleam: -------------------------------------------------------------------------------- 1 | import go_over/packages.{read_manifest} 2 | import go_over_test 3 | 4 | fn test_read_manifest(path: String) { 5 | path 6 | |> read_manifest() 7 | |> go_over_test.birdie_snap("manifest_test@" <> path) 8 | } 9 | 10 | pub fn read_manifest_test() { 11 | let assert [] = test_read_manifest("test/testdata/manifest/empty.toml") 12 | 13 | let assert [a] = test_read_manifest("test/testdata/manifest/a.toml") 14 | assert a.name == "a" 15 | assert a.version_raw == "0.8.1" 16 | assert a.direct 17 | assert a.source == packages.PackageSourceHex 18 | 19 | let assert [_, b] = test_read_manifest("test/testdata/manifest/b.toml") 20 | assert b.name == "b" 21 | assert b.version_raw == "2.2.123" 22 | assert !b.direct 23 | assert b.source == packages.PackageSourceHex 24 | 25 | let assert [_, dos] = test_read_manifest("test/testdata/manifest/dos.toml") 26 | assert dos.name == "dos" 27 | assert dos.version_raw == "2.2.123" 28 | assert !dos.direct 29 | assert dos.source == packages.PackageSourceHex 30 | 31 | let assert [_, _, git] = test_read_manifest("test/testdata/manifest/git.toml") 32 | assert git.name == "c" 33 | assert git.version_raw == "0.1.0" 34 | assert !git.direct 35 | assert git.source == packages.PackageSourceGit 36 | 37 | let assert [_, _, local] = 38 | test_read_manifest("test/testdata/manifest/local.toml") 39 | assert local.name == "c" 40 | assert local.version_raw == "0.1.0" 41 | assert !local.direct 42 | assert local.source == packages.PackageSourceLocal 43 | } 44 | -------------------------------------------------------------------------------- /test/sources_test.gleam: -------------------------------------------------------------------------------- 1 | import gleam/option.{None, Some} 2 | import gleamsver 3 | import go_over/config.{Config, Minimal} 4 | import go_over/hex/puller.{Mock} 5 | import go_over/packages 6 | import go_over/sources 7 | import go_over/warning.{ 8 | IndirectDep, Warning, WarningReasonOutdated, WarningReasonRejectedLicense, 9 | WarningReasonRetired, 10 | } 11 | 12 | const conf = Config( 13 | dev_deps: [], 14 | outdated: True, 15 | ignore_indirect: False, 16 | force: True, 17 | format: Minimal, 18 | verbose: True, 19 | global: False, 20 | puller: puller.CURL, 21 | allowed_licenses: ["MIT"], 22 | ignore_packages: [], 23 | ignore_severity: [], 24 | ignore_ids: [], 25 | ignore_dev_dependencies: False, 26 | ) 27 | 28 | const pkgs = [ 29 | packages.Package( 30 | "name", 31 | gleamsver.SemVer(1, 1, 1, "", ""), 32 | "1.1.1", 33 | False, 34 | packages.PackageSourceHex, 35 | ), 36 | ] 37 | 38 | pub fn get_retired_warnings_test() { 39 | assert sources.get_retired_warnings( 40 | pkgs, 41 | Config(..conf, puller: Mock("test/testdata/hex/retired/retired.json")), 42 | ) 43 | == [ 44 | Warning( 45 | None, 46 | "name", 47 | Some("1.1.1"), 48 | "security: example", 49 | WarningReasonRetired, 50 | warning.SeverityPackageRetiredSecurity, 51 | IndirectDep, 52 | ), 53 | ] 54 | 55 | assert sources.get_retired_warnings( 56 | pkgs, 57 | Config(..conf, puller: Mock("test/testdata/hex/retired/not_retired.json")), 58 | ) 59 | == [] 60 | } 61 | 62 | pub fn get_rejected_license_test() { 63 | assert sources.get_hex_warnings( 64 | pkgs, 65 | Config( 66 | ..conf, 67 | puller: Mock("test/testdata/hex/rejected_licenses/bad_license.json"), 68 | ), 69 | ) 70 | == [ 71 | Warning( 72 | None, 73 | "name", 74 | None, 75 | "Rejected License found: closed-source", 76 | WarningReasonRejectedLicense("closed-source"), 77 | warning.SeverityRejectedLicense, 78 | IndirectDep, 79 | ), 80 | ] 81 | 82 | assert sources.get_hex_warnings( 83 | pkgs, 84 | Config( 85 | ..conf, 86 | puller: Mock("test/testdata/hex/rejected_licenses/good_license.json"), 87 | ), 88 | ) 89 | == [] 90 | } 91 | 92 | pub fn get_outdated_test() { 93 | assert sources.get_hex_warnings( 94 | pkgs, 95 | Config(..conf, puller: Mock("test/testdata/hex/outdated/outdated.json")), 96 | ) 97 | == [ 98 | Warning( 99 | None, 100 | "name", 101 | Some("1.1.1"), 102 | "New Version: '1.2.3' exists", 103 | WarningReasonOutdated, 104 | warning.SeverityPackageOutdated, 105 | IndirectDep, 106 | ), 107 | ] 108 | 109 | assert sources.get_hex_warnings( 110 | pkgs, 111 | Config(..conf, puller: Mock("test/testdata/hex/outdated/up_to_date.json")), 112 | ) 113 | == [] 114 | } 115 | -------------------------------------------------------------------------------- /test/test_ffi.mjs: -------------------------------------------------------------------------------- 1 | export function pprint(s) { 2 | return JSON.stringify(JSON.parse(s), null, "\t"); 3 | } 4 | -------------------------------------------------------------------------------- /test/testdata/advisories/all.yaml: -------------------------------------------------------------------------------- 1 | id: id 2 | package: package 3 | severity: severity 4 | title: title 5 | vulnerable_version_ranges: 6 | - ">= 0.1.0, <= 1.0.0" 7 | - "= 2.0.0" 8 | - "= 2.0" 9 | - "= 2" 10 | - "<= 3.0.0" 11 | -------------------------------------------------------------------------------- /test/testdata/advisories/blank.yaml: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /test/testdata/advisories/missing_id.yaml: -------------------------------------------------------------------------------- 1 | package: package 2 | severity: severity 3 | title: title 4 | vulnerable_version_ranges: 5 | - ">= 0.1.0" 6 | -------------------------------------------------------------------------------- /test/testdata/advisories/missing_package.yaml: -------------------------------------------------------------------------------- 1 | id: id 2 | severity: severity 3 | title: title 4 | vulnerable_version_ranges: 5 | - ">= 0.1.0" 6 | -------------------------------------------------------------------------------- /test/testdata/advisories/missing_severity.yaml: -------------------------------------------------------------------------------- 1 | id: id 2 | package: package 3 | title: title 4 | vulnerable_version_ranges: 5 | - ">= 0.1.0" 6 | -------------------------------------------------------------------------------- /test/testdata/advisories/missing_title.yaml: -------------------------------------------------------------------------------- 1 | id: id 2 | package: package 3 | severity: severity 4 | vulnerable_version_ranges: 5 | - ">= 0.1.0" 6 | -------------------------------------------------------------------------------- /test/testdata/advisories/missing_versions.yaml: -------------------------------------------------------------------------------- 1 | id: id 2 | package: package 3 | severity: severity 4 | title: title 5 | -------------------------------------------------------------------------------- /test/testdata/advisories/non_list_versions.yaml: -------------------------------------------------------------------------------- 1 | id: id 2 | package: package 3 | severity: severity 4 | title: title 5 | versions: "not a list" 6 | -------------------------------------------------------------------------------- /test/testdata/advisories/not-even-yaml.txt: -------------------------------------------------------------------------------- 1 | not 2 | even 3 | yaml 4 | man -------------------------------------------------------------------------------- /test/testdata/advisories/not_string_id.yaml: -------------------------------------------------------------------------------- 1 | id: 123.123 2 | package: package 3 | severity: severity 4 | title: title 5 | versions: 6 | - ">= 0.1.0" 7 | -------------------------------------------------------------------------------- /test/testdata/advisories/not_string_package.yaml: -------------------------------------------------------------------------------- 1 | id: id 2 | package: 123 3 | severity: severity 4 | title: title 5 | versions: 6 | -------------------------------------------------------------------------------- /test/testdata/advisories/not_string_severity.yaml: -------------------------------------------------------------------------------- 1 | id: id 2 | package: package 3 | severity: 123 4 | title: title 5 | versions: 6 | - ">= 0.1.0" 7 | -------------------------------------------------------------------------------- /test/testdata/advisories/not_string_title.yaml: -------------------------------------------------------------------------------- 1 | id: id 2 | package: package 3 | severity: severity 4 | title: 123 5 | versions: 6 | - ">= 0.1.0" 7 | -------------------------------------------------------------------------------- /test/testdata/advisories/not_string_versions.yaml: -------------------------------------------------------------------------------- 1 | id: id 2 | package: package 3 | severity: severity 4 | title: title 5 | versions: 6 | - 123 7 | -------------------------------------------------------------------------------- /test/testdata/gleam/basic.toml: -------------------------------------------------------------------------------- 1 | [go-over] 2 | cache = false 3 | puller = "httpie" 4 | format = "detailed" 5 | 6 | [go-over.ignore] 7 | packages = ["a"] 8 | severity = ["b"] 9 | ids = ["c"] 10 | indirect = true -------------------------------------------------------------------------------- /test/testdata/gleam/empty.toml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bwireman/go-over/6c5a5c88c4bbb6d5e01ac3d6c748f1cadc90c6c0/test/testdata/gleam/empty.toml -------------------------------------------------------------------------------- /test/testdata/gleam/full.toml: -------------------------------------------------------------------------------- 1 | [dev-dependencies] 2 | c = "~> 1.1.1" 3 | 4 | [go-over.ignore] 5 | dev_dependencies = true 6 | packages = ["a", "b"] 7 | severity = ["critical", "high"] 8 | ids = ["a", "b"] -------------------------------------------------------------------------------- /test/testdata/gleam/indirect_new.toml: -------------------------------------------------------------------------------- 1 | [go-over.ignore] 2 | indirect = true -------------------------------------------------------------------------------- /test/testdata/gleam/partial.toml: -------------------------------------------------------------------------------- 1 | [go-over] 2 | puller = "WGET" 3 | 4 | [go-over.ignore] 5 | packages = ["a", "b", "c"] -------------------------------------------------------------------------------- /test/testdata/hex/empty_licenses.json: -------------------------------------------------------------------------------- 1 | { 2 | "meta": { 3 | "licenses": [] 4 | }, 5 | "latest_stable_version": "2.1.0" 6 | } 7 | -------------------------------------------------------------------------------- /test/testdata/hex/full.json: -------------------------------------------------------------------------------- 1 | { 2 | "meta": { 3 | "licenses": ["MIT"] 4 | }, 5 | "latest_stable_version": "2.1.0" 6 | } 7 | -------------------------------------------------------------------------------- /test/testdata/hex/multi_license.json: -------------------------------------------------------------------------------- 1 | { 2 | "meta": { 3 | "licenses": ["foo", "BAR", "baz"] 4 | }, 5 | "latest_stable_version": "2.1.0" 6 | } 7 | -------------------------------------------------------------------------------- /test/testdata/hex/no_license.json: -------------------------------------------------------------------------------- 1 | { 2 | "meta": { 3 | }, 4 | "latest_stable_version": "2.1.0" 5 | } 6 | -------------------------------------------------------------------------------- /test/testdata/hex/no_meta.json: -------------------------------------------------------------------------------- 1 | { 2 | "latest_stable_version": "2.1.0" 3 | } 4 | -------------------------------------------------------------------------------- /test/testdata/hex/no_version.json: -------------------------------------------------------------------------------- 1 | { 2 | "meta": { 3 | "licenses": ["bin"] 4 | } 5 | } 6 | -------------------------------------------------------------------------------- /test/testdata/hex/outdated/outdated.json: -------------------------------------------------------------------------------- 1 | { 2 | "meta": { 3 | "links": {}, 4 | "description": "out of date", 5 | "licenses": ["MIT"], 6 | "maintainers": [] 7 | }, 8 | "name": "outdated", 9 | "url": "outdated", 10 | "owners": [], 11 | "inserted_at": "2024-05-30T22:39:23.118433Z", 12 | "updated_at": "2025-01-20T17:52:08.078591Z", 13 | "repository": "hexpm", 14 | "releases": [], 15 | "downloads": { "all": 1, "day": 2, "recent": 3, "week": 4 }, 16 | "latest_version": "1.1.1", 17 | "docs_html_url": "outdated/", 18 | "retirements": {}, 19 | "configs": { 20 | "erlang.mk": "dep_outdated = hex 1.1.1", 21 | "mix.exs": "{:outdated, \"~> 2.4\"}", 22 | "rebar.config": "{outdated, \"1.1.1\"}" 23 | }, 24 | "html_url": "/packages/outdated", 25 | "latest_stable_version": "1.2.3" 26 | } 27 | -------------------------------------------------------------------------------- /test/testdata/hex/outdated/up_to_date.json: -------------------------------------------------------------------------------- 1 | { 2 | "meta": { 3 | "links": {}, 4 | "description": "up to date", 5 | "licenses": ["MIT"], 6 | "maintainers": [] 7 | }, 8 | "name": "up_to_date", 9 | "url": "up_to_date", 10 | "owners": [], 11 | "inserted_at": "2024-05-30T22:39:23.118433Z", 12 | "updated_at": "2025-01-20T17:52:08.078591Z", 13 | "repository": "hexpm", 14 | "releases": [], 15 | "downloads": { "all": 1, "day": 2, "recent": 3, "week": 4 }, 16 | "latest_version": "1.1.1", 17 | "docs_html_url": "up_to_date/", 18 | "retirements": {}, 19 | "configs": { 20 | "erlang.mk": "dep_up_to_date = hex 1.1.1", 21 | "mix.exs": "{:up_to_date, \"~> 2.4\"}", 22 | "rebar.config": "{up_to_date, \"1.1.1\"}" 23 | }, 24 | "html_url": "/packages/up_to_date", 25 | "latest_stable_version": "1.1.1" 26 | } 27 | -------------------------------------------------------------------------------- /test/testdata/hex/rejected_licenses/bad_license.json: -------------------------------------------------------------------------------- 1 | { 2 | "meta": { 3 | "links": {}, 4 | "description": "boo", 5 | "licenses": ["closed-source"], 6 | "maintainers": [] 7 | }, 8 | "name": "bad", 9 | "url": "bad", 10 | "owners": [], 11 | "inserted_at": "2024-05-30T22:39:23.118433Z", 12 | "updated_at": "2025-01-20T17:52:08.078591Z", 13 | "repository": "hexpm", 14 | "releases": [], 15 | "downloads": { "all": 1, "day": 2, "recent": 3, "week": 4 }, 16 | "latest_version": "1.1.1", 17 | "docs_html_url": "bad/", 18 | "retirements": {}, 19 | "configs": { 20 | "erlang.mk": "dep_bad = hex 1.1.1", 21 | "mix.exs": "{:bad, \"~> 2.4\"}", 22 | "rebar.config": "{bad, \"1.1.1\"}" 23 | }, 24 | "html_url": "/packages/bad", 25 | "latest_stable_version": "1.1.1" 26 | } 27 | -------------------------------------------------------------------------------- /test/testdata/hex/rejected_licenses/good_license.json: -------------------------------------------------------------------------------- 1 | { 2 | "meta": { 3 | "links": {}, 4 | "description": "yay MIT", 5 | "licenses": ["MIT"], 6 | "maintainers": [] 7 | }, 8 | "name": "good", 9 | "url": "good", 10 | "owners": [], 11 | "inserted_at": "2024-05-30T22:39:23.118433Z", 12 | "updated_at": "2025-01-20T17:52:08.078591Z", 13 | "repository": "hexpm", 14 | "releases": [], 15 | "downloads": { "all": 1, "day": 2, "recent": 3, "week": 4 }, 16 | "latest_version": "1.1.1", 17 | "docs_html_url": "good/", 18 | "retirements": {}, 19 | "configs": { 20 | "erlang.mk": "dep_good = hex 1.1.1", 21 | "mix.exs": "{:good, \"~> 2.4\"}", 22 | "rebar.config": "{good, \"1.1.1\"}" 23 | }, 24 | "html_url": "/packages/good", 25 | "latest_stable_version": "1.1.1" 26 | } 27 | -------------------------------------------------------------------------------- /test/testdata/hex/retired/not_retired.json: -------------------------------------------------------------------------------- 1 | { 2 | "meta": { 3 | "elixir": "~> 1.10", 4 | "app": "not_retired", 5 | "build_tools": ["mix"] 6 | }, 7 | "version": "0.1.2", 8 | "checksum": "deadbeef", 9 | "url": "not_retired/releases/0.1.2", 10 | "has_docs": true, 11 | "inserted_at": "2021-06-16T23:40:00.101920Z", 12 | "updated_at": "2021-06-18T17:01:38.829429Z", 13 | "retirement": null, 14 | "downloads": 87, 15 | "publisher": { 16 | "url": "go-over-test", 17 | "username": "go-over-test-user" 18 | }, 19 | "requirements": {}, 20 | "docs_html_url": "not_retired/0.1.2/", 21 | "package_url": "not_retired", 22 | "configs": { 23 | "erlang.mk": "dep_not_retired = hex 0.1.2", 24 | "mix.exs": "{:not_retired, \"~> 0.1.2\"}", 25 | "rebar.config": "{not_retired, \"0.1.2\"}" 26 | }, 27 | "html_url": "/packages/not_retired/0.1.2" 28 | } 29 | -------------------------------------------------------------------------------- /test/testdata/hex/retired/retired.json: -------------------------------------------------------------------------------- 1 | { 2 | "meta": { 3 | "elixir": "~> 1.10", 4 | "app": "retired", 5 | "build_tools": ["mix"] 6 | }, 7 | "version": "0.1.2", 8 | "checksum": "deadbeef", 9 | "url": "retired/releases/0.1.2", 10 | "has_docs": true, 11 | "inserted_at": "2021-06-16T23:40:00.101920Z", 12 | "updated_at": "2021-06-18T17:01:38.829429Z", 13 | "retirement": { "message": "example", "reason": "security" }, 14 | "downloads": 87, 15 | "publisher": { 16 | "url": "go-over-test", 17 | "username": "go-over-test-user" 18 | }, 19 | "requirements": {}, 20 | "docs_html_url": "retired/0.1.2/", 21 | "package_url": "retired", 22 | "configs": { 23 | "erlang.mk": "dep_retired = hex 0.1.2", 24 | "mix.exs": "{:retired, \"~> 0.1.2\"}", 25 | "rebar.config": "{retired, \"0.1.2\"}" 26 | }, 27 | "html_url": "/packages/retired/0.1.2" 28 | } 29 | -------------------------------------------------------------------------------- /test/testdata/hex/version_null.json: -------------------------------------------------------------------------------- 1 | { 2 | "meta": { 3 | "licenses": ["bin"] 4 | }, 5 | "latest_stable_version": null 6 | } 7 | -------------------------------------------------------------------------------- /test/testdata/manifest/a.toml: -------------------------------------------------------------------------------- 1 | # This file was generated by Gleam 2 | # You typically do not need to edit this file 3 | 4 | packages = [ 5 | { name = "a", version = "0.8.1", build_tools = ["gleam"], requirements = [], otp_app = "a", source = "hex", outer_checksum = "976CFF85D34D50F7775896615A71745FBE0C325E50399787088F941B539A0497" }, 6 | ] 7 | 8 | [requirements] 9 | a = { version = ">= 0.10.0 and < 1.0.0" } 10 | -------------------------------------------------------------------------------- /test/testdata/manifest/b.toml: -------------------------------------------------------------------------------- 1 | # This file was generated by Gleam 2 | # You typically do not need to edit this file 3 | 4 | packages = [ 5 | { name = "a", version = "0.8.1", build_tools = ["gleam"], requirements = ["b"], otp_app = "a", source = "hex", outer_checksum = "DEADBEEF" }, 6 | { name = "b", version = "2.2.123", build_tools = ["gleam"], requirements = [], otp_app = "b", source = "hex", outer_checksum = "DEADBEEF" }, 7 | ] 8 | 9 | [requirements] 10 | a = { version = ">= 0.10.0 and < 1.0.0" } 11 | -------------------------------------------------------------------------------- /test/testdata/manifest/dos.toml: -------------------------------------------------------------------------------- 1 | # This file was generated by Gleam 2 | # You typically do not need to edit this file 3 | 4 | packages = [ 5 | { name = "a", version = "0.8.1", build_tools = ["gleam"], requirements = ["dos"], otp_app = "a", source = "hex", outer_checksum = "DEADBEEF" }, 6 | { name = "dos", version = "2.2.123", build_tools = ["gleam"], requirements = [], otp_app = "dos", source = "hex", outer_checksum = "DEADBEEF" }, 7 | ] 8 | 9 | [requirements] 10 | a = { version = ">= 0.10.0 and < 1.0.0" } 11 | -------------------------------------------------------------------------------- /test/testdata/manifest/empty.toml: -------------------------------------------------------------------------------- 1 | # This file was generated by Gleam 2 | # You typically do not need to edit this file 3 | 4 | packages = [ 5 | ] 6 | 7 | [requirements] 8 | -------------------------------------------------------------------------------- /test/testdata/manifest/git.toml: -------------------------------------------------------------------------------- 1 | # This file was generated by Gleam 2 | # You typically do not need to edit this file 3 | 4 | packages = [ 5 | { name = "a", version = "0.8.1", build_tools = ["gleam"], requirements = ["b"], otp_app = "a", source = "hex", outer_checksum = "DEADBEEF" }, 6 | { name = "b", version = "2.2.123", build_tools = ["gleam"], requirements = [], otp_app = "b", source = "hex", outer_checksum = "DEADBEEF" }, 7 | { name = "c", version = "0.1.0", build_tools = ["gleam"], requirements = [], otp_app = "c", source = "git", outer_checksum = "DEADBEEF" }, 8 | ] 9 | 10 | [requirements] 11 | a = { version = ">= 0.10.0 and < 1.0.0" } 12 | -------------------------------------------------------------------------------- /test/testdata/manifest/known_vulnerable.toml: -------------------------------------------------------------------------------- 1 | # This file was generated by Gleam 2 | # You typically do not need to edit this file 3 | 4 | packages = [ 5 | { name = "safe", version = "0.8.1", build_tools = ["gleam"], requirements = [], otp_app = "safe", source = "hex", outer_checksum = "976CFF85D34D50F7775896615A71745FBE0C325E50399787088F941B539A0497" }, 6 | { name = "phoenix", version = "1.2.0", build_tools = ["gleam"], requirements = ["safe"], otp_app = "hex_core", source = "hex", outer_checksum = "976CFF85D34D50F7775896615A71745FBE0C325E50399787088F941B539A0497" }, 7 | ] 8 | 9 | [requirements] 10 | safe = { version = ">= 0.10.0 and < 1.0.0" } 11 | -------------------------------------------------------------------------------- /test/testdata/manifest/local.toml: -------------------------------------------------------------------------------- 1 | # This file was generated by Gleam 2 | # You typically do not need to edit this file 3 | 4 | packages = [ 5 | { name = "a", version = "0.8.1", build_tools = ["gleam"], requirements = ["b"], otp_app = "a", source = "hex", outer_checksum = "DEADBEEF" }, 6 | { name = "b", version = "2.2.123", build_tools = ["gleam"], requirements = [], otp_app = "b", source = "hex", outer_checksum = "DEADBEEF" }, 7 | { name = "c", version = "0.1.0", build_tools = ["gleam"], requirements = [], otp_app = "c", source = "local", outer_checksum = "DEADBEEF" }, 8 | ] 9 | 10 | [requirements] 11 | a = { version = ">= 0.10.0 and < 1.0.0" } 12 | --------------------------------------------------------------------------------