rename to @RimuTec/node-git-info

RimuTec · Dec 31, 2023 · f7dbea3 · f7dbea3
1 parent be2c13a
commit f7dbea3
Show file tree

Hide file tree

Showing 5 changed files with 62 additions and 19 deletions.
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -1,11 +1,11 @@
 // See https://aka.ms/vscode-remote/devcontainer.json for format details.
 {
-   "name": "RimuTec ts-git-info",
+   "name": "RimuTec node-git-info",
    "dockerComposeFile": [
       "docker-compose.yml"
    ],
    // The name of the following service has to match one of the services in docker-compose.yml
-   "service": "ts-git-info-dev",
+   "service": "node-git-info-dev",
    "workspaceFolder": "/work",
    "customizations": {
       "vscode": {
@@ -29,4 +29,4 @@
    },
    "shutdownAction": "stopCompose",
    "remoteUser": "node"
-}
+}
diff --git a/.devcontainer/docker-compose.yml b/.devcontainer/docker-compose.yml
@@ -13,11 +13,11 @@ name: 'rimutec'
 services:
    # change the service name, the container name and the hostname for each dev container that connects
    # to the same virtual network. [Manfred, 29jul2022]
-   ts-git-info-dev:
-      image: ts-git-info-dev:0.1
+   node-git-info-dev:
+      image: node-git-info-dev:0.1
       build: .
-      container_name: ts-git-info-dev
-      hostname: ts-git-info-dev.local
+      container_name: node-git-info-dev
+      hostname: node-git-info-dev.local
       working_dir: /work
       # ports:
         #  - "30701:3000" # By default express.js uses port 3000

diff --git a/.github/workflows/package.yml b/.github/workflows/package.yml
@@ -1,4 +1,4 @@
-name: Build ts-git-info Package
+name: Build node-git-info Package
 
 # Github documentation for publishing packages to Github Package Registry can be found here:
 # https://docs.github.com/en/actions/publishing-packages/publishing-nodejs-packages#publishing-packages-to-github-packages

diff --git a/README.md b/README.md
@@ -1,17 +1,60 @@
-# ts-git-info
+# node-git-info
 
-Welcome! This nodejs library `ts-git-info` is a simple wrapper around the `git` command line tool. It provides a simple interface to get information about the current git repository.
+Welcome! This nodejs library `@RimuTec/node-git-info` is a simple wrapper around the `git` command line tool. It provides an interface for getting information about the current git repository.
 
-It is meant to be a TypeScript equivalent for [`node-git-info`](https://www.npmjs.com/package/node-git-info) which is written in JavaScript but hasn't been upgraded since November 2016.
+It is meant to be a replacement for [`node-git-info`](https://www.npmjs.com/package/node-git-info) which was last published in November 2016. Since then things have changed in particular in terms of dependencies. This has resulted in the following issues.
 
-Also, `node-git-info` references libraries that are no longer maintained. This library uses [`nodegit`](https://www.npmjs.com/package/nodegit) instead.
+## Vulnerabilities
 
-Furthermore, `node-git-info` references packages which in turn have subdependencies that have been deprecated:
+As of writing, the original `node-git-info` has 2 vulnerabilities, both with high severity:
+
+```bash
+$ npm audit
+┌─────────────────────┬────────────────────────────────────────────────────────┐
+│ high                │ Regular Expression Denial of Service in moment         │
+├─────────────────────┼────────────────────────────────────────────────────────┤
+│ Package             │ moment                                                 │
+├─────────────────────┼────────────────────────────────────────────────────────┤
+│ Vulnerable versions │ <2.19.3                                                │
+├─────────────────────┼────────────────────────────────────────────────────────┤
+│ Patched versions    │ >=2.19.3                                               │
+├─────────────────────┼────────────────────────────────────────────────────────┤
+│ Paths               │ . > [email protected] > [email protected]                │
+├─────────────────────┼────────────────────────────────────────────────────────┤
+│ More info           │ https://github.com/advisories/GHSA-446m-mv8f-q348      │
+└─────────────────────┴────────────────────────────────────────────────────────┘
+┌─────────────────────┬────────────────────────────────────────────────────────┐
+│ high                │ Path Traversal: 'dir/../../filename' in moment.locale  │
+├─────────────────────┼────────────────────────────────────────────────────────┤
+│ Package             │ moment                                                 │
+├─────────────────────┼────────────────────────────────────────────────────────┤
+│ Vulnerable versions │ <2.29.2                                                │
+├─────────────────────┼────────────────────────────────────────────────────────┤
+│ Patched versions    │ >=2.29.2                                               │
+├─────────────────────┼────────────────────────────────────────────────────────┤
+│ Paths               │ . > [email protected] > [email protected]                │
+├─────────────────────┼────────────────────────────────────────────────────────┤
+│ More info           │ https://github.com/advisories/GHSA-8hfj-j24r-96c4      │
+└─────────────────────┴────────────────────────────────────────────────────────┘
+2 vulnerabilities found
+Severity: 2 high
+```
+
+This is the main reason for creating this library. `@RimuTec/node-git-info` has no vulnerabilities as of writing.
+
+
+## Legacy Dependencies
+
+`moment` is a library that is considered legacay since September 2020 according to their website (see https://momentjs.com/docs/#/-project-status/). One of their recommendations is to use `luxon` instead, which is what `@RimuTec/node-git-info` uses instead.
+
+## Deprecated Dependencies
+
+Furthermore, the original `node-git-info` references packages which in turn have subdependencies that have been deprecated:
 - har-validator
+- istanbul
 - request
 - uuid
 
-Finally, `node-git-info` references a package named `istanbul` which doesn't exist anymore.
 
 ## Example Output
 

diff --git a/src/package.json b/src/package.json
@@ -1,10 +1,10 @@
 {
-   "name": "@RimuTec/ts-git-info",
+   "name": "@RimuTec/node-git-info",
    "version": "0.9.0",
    "description": "A simple package to get git information from a git repository.",
    "main": "build/index.js",
    "scripts": {
-      "tgi": "ts-git-info",
+      "tgi": "node-git-info",
       "build": "./remove-erroneous-files.sh && tsc",
       "pre-commit": "./remove-intermediate-files.sh && pnpm install && pnpm build && pnpm test:coverage",
       "test": "pnpm test:micro && pnpm test:integration",
@@ -20,15 +20,15 @@
    "license": "MIT",
    "repository": {
       "type": "git",
-      "url": "git+https://github.com/RimuTec/ts-git-info.git"
+      "url": "git+https://github.com/RimuTec/node-git-info.git"
    },
    "keywords": [
       "git",
       "properties",
       "info"
    ],
    "bin": {
-      "ts-git-info": "./build/index.js"
+      "node-git-info": "./build/index.js"
    },
    "dependencies": {
       "child-process-promise": "2.2.1",
@@ -57,4 +57,4 @@
       "tslib": "2.6.2",
       "typescript": "5.3.3"
    }
-}
+}