phylum-dev / phylum-types Goto Github PK
View Code? Open in Web Editor NEWPublic shared types for the phylum api and cli
License: MIT License
Public shared types for the phylum api and cli
License: MIT License
Currently rust, should be cargo
Builds should be checked by GitHub Actions CI to ensure that the development
branch is always in a working state.
CLI is using the Package
type defined in this repo to deserialize responses from the API. I know we recently talked about getting rid of this repo, but as of now it's still being used and Brad has requested that this data be surfaced in the CLI.
We should add the data that was added to the API in the following PRs to the Package
type in this repo:
Issues must have an id to be suppressed. This needs to be made non-optional.
effective-pom files containing a "site" section are failing when parsed via the CLI.
<site>
<id>apache.website</id>
<url>scm:svn:https://svn.apache.org/repos/asf/maven/website/components/ref/3-LATEST</url>
</site>
Attempting to analyze the file leads to the following error.
❯ phs analyze effective-pom.xml
[2022-07-13T21:52:13Z ERROR phylum] Execution failed: Unable to locate any valid package in package lockfile
Caused by:
Expected token XmlEvent::Characters(s), found StartElement({http://maven.apache.org/POM/4.0.0}id, {"": "http://maven.apache.org/POM/4.0.0", "xml": "http://www.w3.org/XML/1998/namespace", "xmlns": "http://www.w3.org/2000/xmlns/", "xsi": "http://www.w3.org/2001/XMLSchema-instance"})
❗ Error: Execution failed caused by: Unable to locate any valid package in package lockfile
The type for pub site: Option<String>,
is incorrect. Example can be found https://maven.apache.org/ref/3.8.4/maven-model/maven.html
<[site](https://maven.apache.org/ref/3.8.4/maven-model/maven.html#class_site) child.site.url.inherit.append.path=.. >
<id/>
<name/>
<url/>
</site>
#[derive(Debug, Clone, Default, Serialize, Deserialize, PartialEq)]
pub struct DistributionManagement {
pub repository: Option<Repository>,
#[serde(rename = "snapshotRepository")]
pub snapshot_repository: Option<Repository>,
pub site: Option<String>,
#[serde(rename = "downloadUrl")]
pub download_url: Option<String>,
pub relocation: Option<Relocation>,
pub status: Option<String>,
}
Example file
effective-pom.xml.zip
The license for this repository/project needs to change from the current MIT license to the GNU General Public License (GPL) v3.0 or later.
This change is directed towards all public repositories in the phylum-dev
organization (with the exception of forked repos).
pub struct PackageDescriptor {
pub name: String,
pub version: String,
#[serde(rename = "type")]
pub package_type: PackageType,
}
The current PackageDescriptor
struggles to describe dependencies that do not come from the repository specified by PackageType
(e.g., dependencies specified by URL). The current solution for this seems to be to put the URL in the version
field, but this seems like a bit of a stretch of the meaning of that field.
I'm opening this issue to start a discussion about how this could be improved in the future.
While adding support for Golang I needed to extend the PackageType
enum here and noticed that it feels a lot like the Ecosystem
enum in common. Perhaps the PackageType::language(...)
function doesn't map 100% onto the SourceFileType
enum in common, however, I think we could easily introduce a Language
enum and map between the two similar to what is done here.
I definitely don't have all the history/context for how this repo is used – but putting this out there as it seems like it would simplify things and make it easier to keep them consistent.
This is a ticket to track upcoming API v0 deprecations because we don't (yet) have a way for #[deprecated]
in API code to be recognized when compiling phylum-types.
These are changes that have been made in the API but have not yet been released to production. The current fields will continue to work for now. The same information is included in both locations.
Package
maintainers_recently_changed
becomes maintainersRecentlyChanged
is_abandonware
becomes isAbandonware
PackageReleaseData
first_release_date
becomes firstReleaseDate
last_release_date
becomes lastReleaseDate
To be consistent with PURL, the PackageType
enum should use gem
instead of rubygems
Originally posted by @kylewillmon in phylum-dev/cli#805 (comment)
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.