enrichment

package
v0.3.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 2, 2026 License: GPL-3.0 Imports: 11 Imported by: 0

Documentation

Overview

Package enrichment provides package metadata enrichment using external data sources. It fetches license information, vulnerability data, and version information from package registries and vulnerability databases.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type EnrichmentResult 

type EnrichmentResult struct {
	Package         *PackageInfo
	Version         *VersionInfo
	Vulnerabilities []VulnInfo
	IsOutdated      bool
	LicenseCategory LicenseCategory
}

EnrichmentResult contains all enrichment data for a package version.

type LicenseCategory 

type LicenseCategory string

LicenseCategory represents the category of a license. 

const (
	LicensePermissive LicenseCategory = "permissive"
	LicenseCopyleft   LicenseCategory = "copyleft"
	LicenseUnknown    LicenseCategory = "unknown"
)

type PackageInfo 

type PackageInfo struct {
	Ecosystem     string
	Name          string
	LatestVersion string
	License       string
	Description   string
	Homepage      string
	Repository    string
	RegistryURL   string
}

PackageInfo contains enriched package metadata.

type Service 

type Service struct {
	// contains filtered or unexported fields
}

Service provides package enrichment capabilities.

func New 

func New(logger *slog.Logger) *Service

New creates a new enrichment service.

func (*Service) BulkCheckVulnerabilities 

func (s *Service) BulkCheckVulnerabilities(ctx context.Context, packages []struct{ Ecosystem, Name, Version string }) (map[string][]VulnInfo, error)

BulkCheckVulnerabilities queries vulnerabilities for multiple package versions.

func (*Service) BulkEnrichPackages 

func (s *Service) BulkEnrichPackages(ctx context.Context, packages []struct{ Ecosystem, Name string }) map[string]*PackageInfo

BulkEnrichPackages fetches metadata for multiple packages in parallel.

func (*Service) CategorizeLicense 

func (s *Service) CategorizeLicense(license string) LicenseCategory

CategorizeLicense returns the category of a license.

func (*Service) CheckVulnerabilities 

func (s *Service) CheckVulnerabilities(ctx context.Context, ecosystem, name, version string) ([]VulnInfo, error)

CheckVulnerabilities queries for vulnerabilities affecting a package version.

func (*Service) EnrichFull 

func (s *Service) EnrichFull(ctx context.Context, ecosystem, name, version string) (*EnrichmentResult, error)

EnrichFull performs full enrichment for a package version.

func (*Service) EnrichPackage 

func (s *Service) EnrichPackage(ctx context.Context, ecosystem, name string) (*PackageInfo, error)

EnrichPackage fetches metadata for a package from registry APIs.

func (*Service) EnrichVersion 

func (s *Service) EnrichVersion(ctx context.Context, ecosystem, name, version string) (*VersionInfo, error)

EnrichVersion fetches metadata for a specific package version.

func (*Service) GetLatestVersion 

func (s *Service) GetLatestVersion(ctx context.Context, ecosystem, name string) (string, error)

GetLatestVersion fetches the latest version for a package.

func (*Service) IsOutdated 

func (s *Service) IsOutdated(currentVersion, latestVersion string) bool

IsOutdated checks if a version is older than the latest version.

func (*Service) NormalizeLicense 

func (s *Service) NormalizeLicense(license string) string

NormalizeLicense normalizes a license string to SPDX format.

type VersionInfo 

type VersionInfo struct {
	Number      string
	License     string
	PublishedAt time.Time
	Integrity   string
	Yanked      bool
}

VersionInfo contains enriched version metadata.

type VulnInfo 

type VulnInfo struct {
	ID           string
	Summary      string
	Severity     string
	CVSSScore    float64
	FixedVersion string
	References   []string
}

VulnInfo contains vulnerability information for a package version.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.