expand ecosystem support

Author: mikolalysenko

.github/workflows/ci.yml

@@ -35,10 +35,10 @@ jobs:
           restore-keys: ${{ matrix.os }}-cargo-
 
       - name: Run clippy
-        run: cargo clippy --workspace -- -D warnings
+        run: cargo clippy --workspace --all-features -- -D warnings
 
       - name: Run tests
-        run: cargo test --workspace
+        run: cargo test --workspace --all-features
 
   dispatch-tests:
     runs-on: ubuntu-latest
@@ -72,6 +72,18 @@ jobs:
             suite: e2e_npm
           - os: ubuntu-latest
             suite: e2e_pypi
+          - os: ubuntu-latest
+            suite: e2e_cargo
+          - os: ubuntu-latest
+            suite: e2e_golang
+          - os: ubuntu-latest
+            suite: e2e_maven
+          - os: ubuntu-latest
+            suite: e2e_gem
+          - os: ubuntu-latest
+            suite: e2e_composer
+          - os: ubuntu-latest
+            suite: e2e_nuget
           - os: macos-latest
             suite: e2e_npm
           - os: macos-latest
@@ -109,4 +121,4 @@ jobs:
           python-version: "3.12"
 
       - name: Run e2e tests
-        run: cargo test -p socket-patch-cli --test ${{ matrix.suite }} -- --ignored
+        run: cargo test -p socket-patch-cli --all-features --test ${{ matrix.suite }} -- --ignored

README.md

@@ -1,6 +1,6 @@
 # Socket Patch CLI
 
-Apply security patches to npm, Python, and Rust dependencies without waiting for upstream fixes.
+Apply security patches to npm and Python dependencies without waiting for upstream fixes.
 
 ## Installation
 
@@ -63,6 +63,12 @@ pip install socket-patch
 cargo install socket-patch-cli
 ```
 
+By default this builds with npm and PyPI support. For additional ecosystems:
+
+```bash
+cargo install socket-patch-cli --features cargo,golang,maven,gem,composer,nuget
+```
+
 ## Quick Start
 
 You can pass a patch UUID directly to `socket-patch` as a shortcut:
@@ -143,7 +149,7 @@ socket-patch scan [options]
 |------|-------------|
 | `--org <slug>` | Organization slug |
 | `--json` | Output results as JSON |
-| `--ecosystems <list>` | Restrict to specific ecosystems (comma-separated: `npm,pypi,cargo`) |
+| `--ecosystems <list>` | Restrict to specific ecosystems (comma-separated, e.g. `npm,pypi`) |
 | `-g, --global` | Scan globally installed packages |
 | `--global-prefix <path>` | Custom path to global `node_modules` |
 | `--batch-size <n>` | Packages per API request (default: `100`) |
@@ -425,7 +431,7 @@ When stdin is not a TTY (e.g., in CI pipelines), interactive prompts auto-procee
 
 ## Manifest Format
 
-Downloaded patches (for npm, Python, and Rust packages) are stored in `.socket/manifest.json`:
+Downloaded patches are stored in `.socket/manifest.json`:
 
 ```json
 {
@@ -462,5 +468,6 @@ Patched file contents are in `.socket/blob/` (named by git SHA256 hash).
 | Platform | Architecture |
 |----------|-------------|
 | macOS | ARM64 (Apple Silicon), x86_64 (Intel) |
-| Linux | x86_64, ARM64 |
-| Windows | x86_64 |
+| Linux | x86_64, ARM64, ARMv7, i686 |
+| Windows | x86_64, ARM64, i686 |
+| Android | ARM64 |

crates/socket-patch-cli/tests/e2e_composer.rs

@@ -0,0 +1,125 @@
+#![cfg(feature = "composer")]
+//! End-to-end tests for the Composer/PHP package patching lifecycle.
+//!
+//! These tests exercise crawling against a temporary directory with a fake
+//! Composer vendor layout.  They do **not** require network access or a real
+//! PHP/Composer installation.
+//!
+//! # Running
+//! ```sh
+//! cargo test -p socket-patch-cli --features composer --test e2e_composer
+//! ```
+
+use std::path::PathBuf;
+use std::process::{Command, Output};
+
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+
+fn binary() -> PathBuf {
+    env!("CARGO_BIN_EXE_socket-patch").into()
+}
+
+fn run(args: &[&str], cwd: &std::path::Path) -> Output {
+    Command::new(binary())
+        .args(args)
+        .current_dir(cwd)
+        .output()
+        .expect("Failed to run socket-patch binary")
+}
+
+// ---------------------------------------------------------------------------
+// Tests
+// ---------------------------------------------------------------------------
+
+/// Verify that `socket-patch scan` discovers packages via Composer 2 installed.json.
+#[test]
+fn scan_discovers_composer2_packages() {
+    let dir = tempfile::tempdir().unwrap();
+    let project_dir = dir.path().join("project");
+    std::fs::create_dir_all(&project_dir).unwrap();
+
+    // Create composer.json so local mode activates
+    std::fs::write(
+        project_dir.join("composer.json"),
+        r#"{"require": {"monolog/monolog": "^3.0"}}"#,
+    )
+    .unwrap();
+
+    // Set up vendor directory with installed.json (Composer 2 format)
+    let vendor_dir = project_dir.join("vendor");
+    let composer_dir = vendor_dir.join("composer");
+    std::fs::create_dir_all(&composer_dir).unwrap();
+
+    // Create Composer 2 installed.json with packages array
+    std::fs::write(
+        composer_dir.join("installed.json"),
+        r#"{"packages": [
+            {"name": "monolog/monolog", "version": "3.5.0"},
+            {"name": "symfony/console", "version": "6.4.1"}
+        ]}"#,
+    )
+    .unwrap();
+
+    // Create the actual vendor directories for the packages
+    std::fs::create_dir_all(vendor_dir.join("monolog").join("monolog")).unwrap();
+    std::fs::create_dir_all(vendor_dir.join("symfony").join("console")).unwrap();
+
+    let output = run(
+        &["scan", "--cwd", project_dir.to_str().unwrap()],
+        &project_dir,
+    );
+    let stderr = String::from_utf8_lossy(&output.stderr);
+    let stdout = String::from_utf8_lossy(&output.stdout);
+    let combined = format!("{stdout}{stderr}");
+
+    assert!(
+        combined.contains("Found") || combined.contains("packages"),
+        "Expected scan to discover Composer packages, got:\n{combined}"
+    );
+}
+
+/// Verify that `socket-patch scan` discovers packages via Composer 1 installed.json (flat array).
+#[test]
+fn scan_discovers_composer1_packages() {
+    let dir = tempfile::tempdir().unwrap();
+    let project_dir = dir.path().join("project");
+    std::fs::create_dir_all(&project_dir).unwrap();
+
+    // Create composer.lock so local mode activates
+    std::fs::write(
+        project_dir.join("composer.lock"),
+        r#"{"packages": []}"#,
+    )
+    .unwrap();
+
+    // Set up vendor directory with Composer 1 installed.json (flat array)
+    let vendor_dir = project_dir.join("vendor");
+    let composer_dir = vendor_dir.join("composer");
+    std::fs::create_dir_all(&composer_dir).unwrap();
+
+    std::fs::write(
+        composer_dir.join("installed.json"),
+        r#"[
+            {"name": "guzzlehttp/guzzle", "version": "7.8.1"}
+        ]"#,
+    )
+    .unwrap();
+
+    // Create the actual vendor directory for the package
+    std::fs::create_dir_all(vendor_dir.join("guzzlehttp").join("guzzle")).unwrap();
+
+    let output = run(
+        &["scan", "--json", "--cwd", project_dir.to_str().unwrap()],
+        &project_dir,
+    );
+    let stdout = String::from_utf8_lossy(&output.stdout);
+    let stderr = String::from_utf8_lossy(&output.stderr);
+    let combined = format!("{stdout}{stderr}");
+
+    assert!(
+        combined.contains("scannedPackages") || combined.contains("Found"),
+        "Expected scan output, got:\n{combined}"
+    );
+}

crates/socket-patch-cli/tests/e2e_gem.rs

@@ -0,0 +1,111 @@
+#![cfg(feature = "gem")]
+//! End-to-end tests for the RubyGems package patching lifecycle.
+//!
+//! These tests exercise crawling against a temporary directory with fake
+//! gem layouts.  They do **not** require network access or a real Ruby
+//! installation.
+//!
+//! # Running
+//! ```sh
+//! cargo test -p socket-patch-cli --features gem --test e2e_gem
+//! ```
+
+use std::path::PathBuf;
+use std::process::{Command, Output};
+
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+
+fn binary() -> PathBuf {
+    env!("CARGO_BIN_EXE_socket-patch").into()
+}
+
+fn run(args: &[&str], cwd: &std::path::Path) -> Output {
+    Command::new(binary())
+        .args(args)
+        .current_dir(cwd)
+        .output()
+        .expect("Failed to run socket-patch binary")
+}
+
+// ---------------------------------------------------------------------------
+// Tests
+// ---------------------------------------------------------------------------
+
+/// Verify that `socket-patch scan` discovers gems in a vendor/bundle layout.
+#[test]
+fn scan_discovers_vendored_gems() {
+    let dir = tempfile::tempdir().unwrap();
+    let project_dir = dir.path().join("project");
+    std::fs::create_dir_all(&project_dir).unwrap();
+
+    // Create Gemfile so local mode activates
+    std::fs::write(project_dir.join("Gemfile"), "source 'https://rubygems.org'\n").unwrap();
+
+    // Set up vendor/bundle/ruby/<version>/gems/ layout
+    let gems_dir = project_dir
+        .join("vendor")
+        .join("bundle")
+        .join("ruby")
+        .join("3.2.0")
+        .join("gems");
+
+    // Create rails-7.1.0 with lib/ marker
+    let rails_dir = gems_dir.join("rails-7.1.0");
+    std::fs::create_dir_all(rails_dir.join("lib")).unwrap();
+
+    // Create nokogiri-1.15.4 with lib/ marker
+    let nokogiri_dir = gems_dir.join("nokogiri-1.15.4");
+    std::fs::create_dir_all(nokogiri_dir.join("lib")).unwrap();
+
+    let output = run(
+        &["scan", "--cwd", project_dir.to_str().unwrap()],
+        &project_dir,
+    );
+    let stderr = String::from_utf8_lossy(&output.stderr);
+    let stdout = String::from_utf8_lossy(&output.stdout);
+    let combined = format!("{stdout}{stderr}");
+
+    assert!(
+        combined.contains("Found") || combined.contains("packages"),
+        "Expected scan to discover vendored gems, got:\n{combined}"
+    );
+}
+
+/// Verify that `socket-patch scan` discovers gems with gemspec markers.
+#[test]
+fn scan_discovers_gems_with_gemspec() {
+    let dir = tempfile::tempdir().unwrap();
+    let project_dir = dir.path().join("project");
+    std::fs::create_dir_all(&project_dir).unwrap();
+
+    // Create Gemfile.lock so local mode activates
+    std::fs::write(project_dir.join("Gemfile.lock"), "GEM\n  specs:\n").unwrap();
+
+    // Set up vendor/bundle/ruby/<version>/gems/ layout
+    let gems_dir = project_dir
+        .join("vendor")
+        .join("bundle")
+        .join("ruby")
+        .join("3.1.0")
+        .join("gems");
+
+    // Create net-http-0.4.1 with .gemspec marker (no lib/)
+    let net_http_dir = gems_dir.join("net-http-0.4.1");
+    std::fs::create_dir_all(&net_http_dir).unwrap();
+    std::fs::write(net_http_dir.join("net-http.gemspec"), "# gemspec\n").unwrap();
+
+    let output = run(
+        &["scan", "--json", "--cwd", project_dir.to_str().unwrap()],
+        &project_dir,
+    );
+    let stdout = String::from_utf8_lossy(&output.stdout);
+    let stderr = String::from_utf8_lossy(&output.stderr);
+    let combined = format!("{stdout}{stderr}");
+
+    assert!(
+        combined.contains("scannedPackages") || combined.contains("Found"),
+        "Expected scan output, got:\n{combined}"
+    );
+}