diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c75ae48..26e5594 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -22,7 +22,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 - name: Setup Node.js uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e diff --git a/.github/workflows/npm-publish.yml b/.github/workflows/npm-publish.yml index 89eddd3..1bba079 100644 --- a/.github/workflows/npm-publish.yml +++ b/.github/workflows/npm-publish.yml @@ -19,7 +19,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 - name: Setup Node.js uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index ce97bef..188f550 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -24,7 +24,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 - name: Setup Node.js uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e @@ -48,15 +48,15 @@ jobs: steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 - name: Initialize CodeQL - uses: github/codeql-action/init@7211b7c8077ea37d8641b6271f6a365a22a5fbfa + uses: github/codeql-action/init@87557b9c84dde89fdd9b10e88954ac2f4248e463 with: languages: javascript-typescript - name: Autobuild - uses: github/codeql-action/autobuild@7211b7c8077ea37d8641b6271f6a365a22a5fbfa + uses: github/codeql-action/autobuild@87557b9c84dde89fdd9b10e88954ac2f4248e463 - name: Perform CodeQL analysis - uses: github/codeql-action/analyze@7211b7c8077ea37d8641b6271f6a365a22a5fbfa + uses: github/codeql-action/analyze@87557b9c84dde89fdd9b10e88954ac2f4248e463 diff --git a/.github/workflows/update-homebrew-tap.yml b/.github/workflows/update-homebrew-tap.yml index b09dc32..6bd55df 100644 --- a/.github/workflows/update-homebrew-tap.yml +++ b/.github/workflows/update-homebrew-tap.yml @@ -16,7 +16,7 @@ jobs: steps: - name: Checkout pkgmap - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 with: ref: main @@ -51,7 +51,7 @@ jobs: echo "sha256=$SHA" >> $GITHUB_OUTPUT - name: Checkout homebrew-tap - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 with: repository: mulhamna/homebrew-tap token: ${{ secrets.TAP_GITHUB_TOKEN }} diff --git a/package-lock.json b/package-lock.json index 8a31242..cfada19 100644 --- a/package-lock.json +++ b/package-lock.json @@ -11,7 +11,7 @@ "dependencies": { "chalk": "^5.3.0", "cli-table3": "^0.6.3", - "commander": "^12.0.0", + "commander": "^15.0.0", "ora": "^9.3.0" }, "bin": { @@ -151,9 +151,9 @@ } }, "node_modules/@eslint/plugin-kit": { - "version": "0.7.1", - "resolved": "https://registry.npmjs.org/@eslint/plugin-kit/-/plugin-kit-0.7.1.tgz", - "integrity": "sha512-rZAP3aVgB9ds9KOeUSL+zZ21hPmo8dh6fnIFwRQj5EAZl9gzR7wxYbYXYysAM8CTqGmUGyp2S4kUdV17MnGuWQ==", + "version": "0.7.2", + "resolved": "https://registry.npmjs.org/@eslint/plugin-kit/-/plugin-kit-0.7.2.tgz", + "integrity": "sha512-+CNAzxglkrpNf/kKywqQfk74QjtceuOE7Qm+AF8miRvPF/wmmK5+OJOgVh3AVTT3RP2mH3+FOaxlE5v72owk0A==", "dev": true, "license": "Apache-2.0", "dependencies": { @@ -367,12 +367,12 @@ } }, "node_modules/commander": { - "version": "12.1.0", - "resolved": "https://registry.npmjs.org/commander/-/commander-12.1.0.tgz", - "integrity": "sha512-Vw8qHK3bZM9y/P10u3Vib8o/DdkvA2OtPtZvD871QKjy74Wj1WSKFILMPRPSdUSx5RFK1arlJzEtA4PkFgnbuA==", + "version": "15.0.0", + "resolved": "https://registry.npmjs.org/commander/-/commander-15.0.0.tgz", + "integrity": "sha512-z67u4ZhzCL/Tydu1lJARtEZYWbWaN7oYLHbsuzocr6y4N6WZAagG3RQ4FW61V1/0+jImpj293XfrcYnd1qxtPg==", "license": "MIT", "engines": { - "node": ">=18" + "node": ">=22.12.0" } }, "node_modules/cross-spawn": { @@ -435,9 +435,9 @@ } }, "node_modules/eslint": { - "version": "10.4.0", - "resolved": "https://registry.npmjs.org/eslint/-/eslint-10.4.0.tgz", - "integrity": "sha512-loXy6bWOoP3EP6JA7jo6p5jMpBJmHmsNZM5SFRHLdh1MGOPurMnNBj4ZlAbaqUAaQWbCr7jHV4P7gzAyryZWkQ==", + "version": "10.4.1", + "resolved": "https://registry.npmjs.org/eslint/-/eslint-10.4.1.tgz", + "integrity": "sha512-AyIKhnOBuOAdueD7RB3xB+YeAWScb9jHsJBgH2Hcde8InP5JYhqrRR6iTMHyTEwgENK54Cp44e4v8BwNhsuHuw==", "dev": true, "license": "MIT", "dependencies": { @@ -446,7 +446,7 @@ "@eslint/config-array": "^0.23.5", "@eslint/config-helpers": "^0.6.0", "@eslint/core": "^1.2.1", - "@eslint/plugin-kit": "^0.7.1", + "@eslint/plugin-kit": "^0.7.2", "@humanfs/node": "^0.16.6", "@humanwhocodes/module-importer": "^1.0.1", "@humanwhocodes/retry": "^0.4.2", diff --git a/package.json b/package.json index 41dd8d4..514173f 100644 --- a/package.json +++ b/package.json @@ -58,7 +58,7 @@ "dependencies": { "chalk": "^5.3.0", "cli-table3": "^0.6.3", - "commander": "^12.0.0", + "commander": "^15.0.0", "ora": "^9.3.0" }, "devDependencies": { diff --git a/src/audit.js b/src/audit.js index 073d2d8..553f069 100644 --- a/src/audit.js +++ b/src/audit.js @@ -190,7 +190,7 @@ async function auditPackages(manager, packages) { if (!ecosystem) return [] const queries = packages.map((pkg) => ({ - package: { ecosystem, name: pkg.name }, + package: { ecosystem, name: pkg.auditName || pkg.name }, version: pkg.version, })) diff --git a/src/scanners/conda.js b/src/scanners/conda.js index d9d86a5..b4464d5 100644 --- a/src/scanners/conda.js +++ b/src/scanners/conda.js @@ -20,7 +20,7 @@ export default async function scan() { type: 'library', })) - return { manager: cmd, packages } + return { manager: 'conda', packages } } catch (err) { if (err.message?.includes('EACCES') || err.message?.includes('permission')) { console.warn(`⚠ ${cmd}: permission denied.`) diff --git a/src/scanners/go.js b/src/scanners/go.js index 01ed612..e0f9d7c 100644 --- a/src/scanners/go.js +++ b/src/scanners/go.js @@ -15,12 +15,14 @@ export function parseGoBinaryMetadata(raw, binaryName) { if (!hasGoBuildMetadata) return null const modLine = lines.find((line) => line.startsWith('mod\t')) + const modulePath = modLine?.split(/\s+/)[1] || null const version = modLine?.split(/\s+/)[2] || 'installed' return { name: binaryName, version, type: 'binary', + ...(modulePath ? { auditName: modulePath } : {}), } } diff --git a/test/index.test.js b/test/index.test.js index b149e82..a5f8391 100644 --- a/test/index.test.js +++ b/test/index.test.js @@ -167,6 +167,7 @@ test('parseGoBinaryMetadata keeps only binaries with Go build metadata', () => { name: 'gopls', version: 'v0.16.2', type: 'binary', + auditName: 'golang.org/x/tools/gopls', }) assert.equal(parseGoBinaryMetadata('not a Go executable', 'random-tool'), null)