transcend-io · michaelfarrell76 · Sep 18, 2024 · Sep 17, 2024 · Sep 17, 2024
diff --git a/.pnp.cjs b/.pnp.cjs
diff --git a/...ypes-npm-4.84.0-a7afb5245c-3f34afac26.zip → ...ypes-npm-4.85.0-94b54d2cb7-17e0ef596b.zip b/...ypes-npm-4.84.0-a7afb5245c-3f34afac26.zip → ...ypes-npm-4.85.0-94b54d2cb7-17e0ef596b.zip
diff --git a/README.md b/README.md
@@ -760,6 +760,7 @@ Transcend can scan your codebase to inventory your code packages and dependencie
 - build.gradle
 - pubspec.yaml
 - Gemfile & .gemspec
+- composer.json
 
 The command will scan the folder you point at to look for any of these files. Once found, the build file will be parsed in search of dependencies. Those code packages and dependencies will be uploaded to [Transcend](https://app.transcend.io/code-scanning/code-packages). The only information shared with Transcend includes:
 
@@ -796,19 +797,19 @@ yarn tr-scan-packages --auth=$TRANSCEND_API_KEY
 Scan a specific directory
 
 ```sh
-yarn tr-discover-silos --auth=$TRANSCEND_API_KEY --scanPath=./examples/
+yarn tr-scan-packages --auth=$TRANSCEND_API_KEY --scanPath=./examples/
 ```
 
 Ignore certain folders
 
 ```sh
-yarn tr-discover-silos --auth=$TRANSCEND_API_KEY --ignoreDirs=./test,./build
+yarn tr-scan-packages --auth=$TRANSCEND_API_KEY --ignoreDirs=./test,./build
 ```
 
 Specify the name of the repository
 
 ```sh
-yarn tr-discover-silos --auth=$TRANSCEND_API_KEY --repositoryName="transcend-io/test"
+yarn tr-scan-packages --auth=$TRANSCEND_API_KEY --repositoryName="transcend-io/test"
 ```
 
 ### tr-discover-silos

diff --git a/examples/code-scanning/test-php/composer.json b/examples/code-scanning/test-php/composer.json
@@ -0,0 +1,44 @@
+{
+  "name": "composer/example",
+  "type": "library",
+  "description": "Example app",
+  "keywords": [
+    "package",
+    "dependency",
+    "autoload"
+  ],
+  "homepage": "https://getcomposer.org/",
+  "license": "MIT",
+  "authors": [],
+  "require": {
+    "php": "^7.2.5 || ^8.0",
+    "composer/ca-bundle": "^1.5",
+    "composer/class-map-generator": "^1.3.3",
+    "composer/metadata-minifier": "^1.0",
+    "composer/semver": "^3.3",
+    "composer/spdx-licenses": "^1.5.7",
+    "composer/xdebug-handler": "^2.0.2 || ^3.0.3",
+    "justinrainbow/json-schema": "^5.3",
+    "psr/log": "^1.0 || ^2.0 || ^3.0",
+    "seld/jsonlint": "^1.4",
+    "seld/phar-utils": "^1.2",
+    "symfony/console": "^5.4.35 || ^6.3.12 || ^7.0.3",
+    "symfony/filesystem": "^5.4.35 || ^6.3.12 || ^7.0.3",
+    "symfony/finder": "^5.4.35 || ^6.3.12 || ^7.0.3",
+    "symfony/process": "^5.4.35 || ^6.3.12 || ^7.0.3",
+    "react/promise": "^3.2",
+    "composer/pcre": "^2.2 || ^3.2",
+    "symfony/polyfill-php73": "^1.24",
+    "symfony/polyfill-php80": "^1.24",
+    "symfony/polyfill-php81": "^1.24",
+    "seld/signal-handler": "^2.0"
+  },
+  "require-dev": {
+    "symfony/phpunit-bridge": "^6.4.3 || ^7.0.1",
+    "phpstan/phpstan": "^1.11.8",
+    "phpstan/phpstan-phpunit": "^1.4.0",
+    "phpstan/phpstan-deprecation-rules": "^1.2.0",
+    "phpstan/phpstan-strict-rules": "^1.6.0",
+    "phpstan/phpstan-symfony": "^1.4.0"
+  }
+}
diff --git a/package.json b/package.json
@@ -2,7 +2,7 @@
   "author": "Transcend Inc.",
   "name": "@transcend-io/cli",
   "description": "Small package containing useful typescript utilities.",
-  "version": "6.2.3",
+  "version": "6.3.0",
   "homepage": "https://github.com/transcend-io/cli",
   "repository": {
     "type": "git",
@@ -64,7 +64,7 @@
     "@transcend-io/handlebars-utils": "^1.1.0",
     "@transcend-io/internationalization": "^1.6.0",
     "@transcend-io/persisted-state": "^1.0.4",
-    "@transcend-io/privacy-types": "^4.84.0",
+    "@transcend-io/privacy-types": "^4.85.0",
     "@transcend-io/secret-value": "^1.2.0",
     "@transcend-io/type-utils": "^1.4.2",
     "bluebird": "^3.7.2",

diff --git a/src/code-scanning/constants.ts b/src/code-scanning/constants.ts
@@ -4,6 +4,7 @@ import {
   gradle,
   javascriptPackageJson,
   gemfile,
+  composerJson,
   pubspec,
   pythonRequirementsTxt,
 } from './integrations';
@@ -32,4 +33,5 @@ export const CODE_SCANNING_CONFIGS: {
   [CodePackageType.RequirementsTxt]: pythonRequirementsTxt,
   [CodePackageType.Gemfile]: gemfile,
   [CodePackageType.Pubspec]: pubspec,
+  [CodePackageType.ComposerJson]: composerJson,
 };
diff --git a/src/code-scanning/integrations/composerJson.ts b/src/code-scanning/integrations/composerJson.ts
@@ -0,0 +1,42 @@
+import { readFileSync } from 'fs';
+import { CodeScanningConfig } from '../types';
+import { CodePackageSdk } from '../../codecs';
+import { dirname } from 'path';
+
+export const composerJson: CodeScanningConfig = {
+  supportedFiles: ['composer.json'],
+  ignoreDirs: ['vendor', 'node_modules', 'cache', 'build', 'dist'],
+  scanFunction: (filePath) => {
+    const file = readFileSync(filePath, 'utf-8');
+    const directory = dirname(filePath);
+    const asJson = JSON.parse(file);
+    const {
+      name,
+      description,
+      require: requireDependencies = {},
+      'require-dev': requiredDevDependencies = {},
+    } = asJson;
+    return [
+      {
+        // name of the package
+        name: name || directory.split('/').pop()!,
+        description,
+        softwareDevelopmentKits: [
+          ...Object.entries(requireDependencies).map(
+            ([name, version]): CodePackageSdk => ({
+              name,
+              version: typeof version === 'string' ? version : undefined,
+            }),
+          ),
+          ...Object.entries(requiredDevDependencies).map(
+            ([name, version]): CodePackageSdk => ({
+              name,
+              version: typeof version === 'string' ? version : undefined,
+              isDevDependency: true,
+            }),
+          ),
+        ],
+      },
+    ];
+  },
+};
diff --git a/src/code-scanning/integrations/index.ts b/src/code-scanning/integrations/index.ts
@@ -4,3 +4,4 @@ export * from './javascriptPackageJson';
 export * from './pythonRequirementsTxt';
 export * from './gemfile';
 export * from './pubspec';
+export * from './composerJson';
diff --git a/yarn.lock b/yarn.lock
@@ -515,7 +515,7 @@ __metadata:
     "@transcend-io/handlebars-utils": ^1.1.0
     "@transcend-io/internationalization": ^1.6.0
     "@transcend-io/persisted-state": ^1.0.4
-    "@transcend-io/privacy-types": ^4.84.0
+    "@transcend-io/privacy-types": ^4.85.0
     "@transcend-io/secret-value": ^1.2.0
     "@transcend-io/type-utils": ^1.4.2
     "@types/bluebird": ^3.5.38
@@ -641,14 +641,14 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@transcend-io/privacy-types@npm:^4.84.0":
-  version: 4.84.0
-  resolution: "@transcend-io/privacy-types@npm:4.84.0"
+"@transcend-io/privacy-types@npm:^4.85.0":
+  version: 4.85.0
+  resolution: "@transcend-io/privacy-types@npm:4.85.0"
   dependencies:
     "@transcend-io/type-utils": ^1.0.5
     fp-ts: ^2.16.1
     io-ts: ^2.2.21
-  checksum: 3f34afac26b253f4ddbed4be488d200373c8df6b4f29858758c462bf3613dded420971b1e1b994a826fcc2f37371b5cb678d5c2b84d3960da25c99eaca76b4f1
+  checksum: 17e0ef596ba647f6cf7645ebc20da607a8fb380daa982b5490dd69aa350574950f85bf6ddf34d479fe05dbcc0d729f499da7c6f90686c2b4acea1e5ddab0315d
   languageName: node
   linkType: hard