| Age | Commit message (Collapse) | Author |
|---|
|
- Add binary index file generation to `.index/` directory
- Create 256 SHA1-based hash buckets (00-ff directories)
- Write CSV data files with format: "name","version","license1- < /dev/null | -license2"
- Generate binary .idx files with 4-byte little-endian offset integers
- Sort entries by name-version for binary search compatibility
- Match exact Ruby spandx output format for offline air-gap usage
The build command now writes actual index files to disk instead of
just storing in cache manager. Verified format matches Ruby version.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
|
|
- Fix parsing of RubyGems index format to extract all gem versions
- Use actual version numbers instead of "latest" in API calls
- Process every version of every gem as requested for complete offline cache
- Fix unused variable warning in SPDX index builder
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
|
|
Adds comprehensive build command functionality to create offline
package indexes for air-gapped license scanning.
Key features:
- Fetch complete package catalogs from registries (187K+ RubyGems packages)
- Concurrent license data retrieval with configurable workers (10 default)
- Rate limiting and error handling for API requests
- Store license data in binary-indexed cache system
- Progress reporting for long-running builds
- Support for multiple package managers (extensible architecture)
Implementation details:
- Uses semaphore-controlled concurrency to respect API limits
- Gracefully handles 404s and 429 rate limit responses
- Stores successful license fetches in hierarchical cache
- Provides comprehensive logging and progress updates
- Production-ready for building real offline indexes
This enables the creation of comprehensive offline license databases
for enterprise air-gapped environments and consistent compliance scanning.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
|
|
This major update integrates the gateway system with the scan command
to fetch real license data from package registries, matching the
behavior of the Ruby version.
Key improvements:
- Connect scan command to RubyGems gateway for license fetching
- Add support for PATH specs in Gemfile.lock parsing
- Normalize platform-specific gem versions for API lookup
- Deduplicate platform variants in dependency output
- Fix license format to use " AND " separator
- Preserve license order from gemspec metadata
- Add comprehensive cache integration with mutex handling
The Rust version now produces output identical to the Ruby version,
with exact package counts (69) and matching license information.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
|
|
|
