Merge pull request #151 from SocketDev/feat/add-ruby-gem-ecosystem

kapravel · web-flow · commit ad54b9efb7ff · 2026-03-05T10:29:48.000-05:00
Add Ruby gems and other ecosystems to depscore tool
diff --git a/index.ts b/index.ts
@@ -88,7 +88,7 @@ function createConfiguredServer (): McpServer {
       description: "Get the dependency score of packages with the `depscore` tool from Socket. Use 'unknown' for version if not known. Use this tool to scan dependencies for their quality and security on existing code or when code is generated. Stop generating code and ask the user how to proceed when any of the scores are low. When checking dependencies, make sure to also check the imports in the code, not just the manifest files (pyproject.toml, package.json, etc).",
       inputSchema: {
         packages: z.array(z.object({
-          ecosystem: z.string().describe('The package ecosystem (e.g., npm, pypi)').default('npm'),
+          ecosystem: z.string().describe('The package ecosystem (e.g., npm, pypi, gem, golang, maven, nuget, cargo)').default('npm'),
           depname: z.string().describe('The name of the dependency'),
           version: z.string().describe("The version of the dependency, use 'unknown' if not known").default('unknown'),
         })).describe('Array of packages to check'),
diff --git a/test.ts b/test.ts
@@ -45,6 +45,7 @@ test('Socket MCP Server', async (t) => {
       { depname: 'lodash', ecosystem: 'npm', version: '4.17.21' },
       { depname: 'react', ecosystem: 'npm', version: '18.2.0' },
       { depname: 'requests', ecosystem: 'pypi', version: '2.31.0' },
+      { depname: 'puma', ecosystem: 'gem', version: '6.4.0' },
       { depname: 'unknown-package', ecosystem: 'npm', version: 'unknown' }
     ]
 
@@ -61,6 +62,30 @@ test('Socket MCP Server', async (t) => {
     assert.ok(result.content.length > 0, 'Content should not be empty')
   })
 
+  await t.test('call depscore tool with gem ecosystem', async () => {
+    const gemPackages = [
+      { depname: 'puma', ecosystem: 'gem', version: '6.4.0' },
+      { depname: 'rails', ecosystem: 'gem', version: '7.1.0' },
+      { depname: 'nokogiri', ecosystem: 'gem', version: '1.16.0' }
+    ]
+
+    const result = await client.callTool({
+      name: 'depscore',
+      arguments: {
+        packages: gemPackages
+      }
+    })
+
+    assert.ok(result, 'Should get a result from depscore for gem packages')
+    assert.ok(result.content, 'Result should have content')
+    assert.ok(Array.isArray(result.content), 'Content should be an array')
+    assert.ok(result.content.length > 0, 'Content should not be empty')
+
+    const textContent = result.content[0] as { type: string; text: string }
+    assert.ok(textContent.text.includes('pkg:gem/'), 'Result should contain gem purl format')
+    assert.ok(!textContent.text.includes('No score found'), 'Gem packages should have scores')
+  })
+
   await t.test('close client', async () => {
     await client.close()
     assert.ok(true, 'Client closed successfully')
