diff --git a/README.md b/README.md index 4e72919f..d627bbb3 100644 --- a/README.md +++ b/README.md @@ -26,9 +26,16 @@ Use of this CLI is governed by the [HeroDevs End of Life Dataset Terms of Servic The CLI is designed to be non-invasive: -* It does not install dependencies or modify package manager files (package-lock.json, yarn.lock, etc.) +* It does **not** install dependencies or modify package manager files (package-lock.json, yarn.lock, etc.) * It analyzes the project in its current state -* If you need dependencies installed for accurate scanning, please install them manually before running the scan + +## Installing Dependencies Before Use + +Some projects and ecosystems require projects to have dependencies installed already, to achieve an accurate scan result. It is **highly** recommended that you install all dependencies of your project to your working directory, before running a scan on your project, to ensure scan accuracy. + +### Java Users + +Maven and Gradle projects should run an install and build before scanning ## Usage @@ -157,7 +164,7 @@ _See code: [@oclif/plugin-update](https://github.com/oclif/plugin-update/blob/v4 You can use `@herodevs/cli` in your CI/CD pipelines to automate EOL scanning. -### Using the Docker Image (recommended) +### Using the Docker Image (Recommended) We provide a Docker image that's pre-configured to run EOL scans. Based on [`cdxgen`](https://github.com/CycloneDX/cdxgen), it contains build tools for most project types and will provide best results when generating an SBOM. Use these templates to generate a report and save it to your CI job artifact for analysis and processing after your scan runs. @@ -207,9 +214,9 @@ eol-scan: - herodevs.report.json ``` -### Using `npx` +### Using `npx` in CI -You can use `npx` to run the CLI just like you'd run it locally. +You can use `npx` to run the CLI in your CI pipeline, just like you would run it locally. > [!NOTE] > The development environment is expected to be ready to run the app. For best results, diff --git a/bin/dev.js b/bin/dev.js index 2874bd45..d6534be8 100755 --- a/bin/dev.js +++ b/bin/dev.js @@ -4,6 +4,6 @@ import main from './main.js'; try { await main(false); -} catch (error) { +} catch { process.exit(1); } diff --git a/bin/main.js b/bin/main.js index 41f2580b..899ea2b4 100644 --- a/bin/main.js +++ b/bin/main.js @@ -21,7 +21,7 @@ async function main(isProduction = false) { development: !isProduction, dir: new URL('./dev.js', import.meta.url), }); - } catch (error) { + } catch { process.exit(1); } } diff --git a/bin/run.js b/bin/run.js index 0273cafe..3c6fb96c 100755 --- a/bin/run.js +++ b/bin/run.js @@ -4,6 +4,6 @@ import main from './main.js'; try { await main(true); -} catch (error) { +} catch { process.exit(1); } diff --git a/src/hooks/init/00_npm-update-notifier.ts b/src/hooks/init/00_npm-update-notifier.ts index e24442f1..dcdbe5b8 100644 --- a/src/hooks/init/00_npm-update-notifier.ts +++ b/src/hooks/init/00_npm-update-notifier.ts @@ -3,7 +3,7 @@ import updateNotifier, { type UpdateInfo } from 'update-notifier'; import pkg from '../../../package.json' with { type: 'json' }; import { debugLogger } from '../../service/log.svc.ts'; -const updateNotifierHook: Hook.Init = async (options) => { +const updateNotifierHook: Hook.Init = async () => { debugLogger('pkg.version', pkg.version); const distTag = getDistTag(pkg.version); diff --git a/src/service/display.svc.ts b/src/service/display.svc.ts index a3bbbaa7..4a76838b 100644 --- a/src/service/display.svc.ts +++ b/src/service/display.svc.ts @@ -76,8 +76,8 @@ export function formatScanResults(report: EolReport): string[] { ux.colorize('bold', `${report.components.length.toLocaleString()} total packages scanned`), getStatusRowText.EOL(`${EOL.toLocaleString().padEnd(5)} End-of-Life (EOL)`), getStatusRowText.EOL_UPCOMING(`${EOL_UPCOMING.toLocaleString().padEnd(5)} EOL Upcoming`), - getStatusRowText.OK(`${OK.toLocaleString().padEnd(5)} Not End-of-Life`), - getStatusRowText.UNKNOWN(`${UNKNOWN.toLocaleString().padEnd(5)} Unknown Status`), + getStatusRowText.OK(`${OK.toLocaleString().padEnd(5)} Not End-of-Life (EOL)`), + getStatusRowText.UNKNOWN(`${UNKNOWN.toLocaleString().padEnd(5)} Unknown EOL Status`), getStatusRowText.UNKNOWN( `${NES_AVAILABLE.toLocaleString().padEnd(5)} HeroDevs NES Remediation${NES_AVAILABLE !== 1 ? 's' : ''} Available`, ),