feat: support parsing multiple files

BREAKING CHANGE

Author: sdn4z

.github/workflows/build-test.yml

@@ -34,9 +34,15 @@ jobs:
           WHEEL_FILE=$(ls dist/*.whl | head -1)
           echo "Installing wheel: $WHEEL_FILE"
           uv pip install "$WHEEL_FILE"
+        
+      - name: Test twyn as a library
+        run: uv run python -c "import twyn; twyn.check_dependencies"
 
-      - name: Test --version flag
+      - name: Test twyn as a cli tool
         run: |
+          WHEEL_FILE=$(ls dist/*.whl | head -1)
+          echo "Installing wheel: `$WHEEL_FILE` with `cli` extra."
+          uv pip install "${WHEEL_FILE}[cli]"
           # Test that the CLI is available and --version works
           uv run twyn --version
 

.github/workflows/security.yml

@@ -39,7 +39,7 @@ jobs:
         uses: astral-sh/setup-uv@557e51de59eb14aaaba2ed9621916900a91d50c6 # v6.6.1
 
       - name: Install the project
-        run: uv sync --locked
+        run: uv sync --locked --extra cli
 
       - name: Run Twyn against our dependencies
         run: |

.github/workflows/test.yml

@@ -24,7 +24,7 @@ jobs:
         uses: astral-sh/setup-uv@557e51de59eb14aaaba2ed9621916900a91d50c6 # v6.6.1
 
       - name: Install the dependencies
-        run: uv sync --locked --group dev --python ${{ matrix.python-version }}
+        run: uv sync --locked --group dev --all-extras --python ${{ matrix.python-version }}
 
       - name: Run tests
         run: uv run pytest tests

README.md

@@ -11,19 +11,21 @@
 
 - [Overview](#overview)
 - [Quickstart](#quickstart)
-  - [Installation](#installation)
-  - [Docker](#docker)
-  - [Run](#run)
-  - [JSON Format](#json-format)
+  - [Using `Twyn` as a cli tool](#using-twyn-as-a-cli-tool)
+    - [Installation](#installation)
+    - [Docker](#docker)
+    - [Run](#run)
+    - [JSON Format](#json-format)
+  - [Using `Twyn` as a library](#using-twyn-as-a-library)
+    - [Logging level](#logging-level)
 - [Configuration](#configuration)
   - [Allowlist](#allowlist)
   - [Dependency files](#dependency-files)
   - [Check dependencies introduced through the CLI](#check-dependencies-introduced-through-the-cli)
   - [Selector method](#selector-method)
   - [Configuration file](#configuration-file)
   - [Cache](#cache)
-- [Using `Twyn` as a library](#using-twyn-as-a-library)
-  - [Logging level](#logging-level)
+
 
 ## Overview
 `Twyn` is a security tool that compares the name of your dependencies against a set of the most popular ones,
@@ -32,22 +34,23 @@ In short, `Twyn` protects you against [typosquatting attacks](https://en.wikiped
 
 It works as follows:
 
-1. Either choose to scan the dependencies in a dependencies file you specify (`--dependency-file`) or some dependencies introduced through the CLI (`--dependency`). If no option was provided, it will try to find a dependencies file in your working path.
+1. Either choose to scan the dependencies in a dependencies file you specify (`--dependency-file`) or some dependencies introduced through the CLI (`--dependency`). If no option was provided, it will try to find a dependencies file in your working path. It will try to parse all the supported dependency files that it finds. To know which files are supported head to the [Dependency files](#dependency-files) section.
 2. If the name of your package name matches with the name of one of the most well known packages, the package is accepted.
 3. If the name of your package is similar to the name of one of the most used packages, `Twyn` will prompt an error.
 4. If your package name is not in the list of the most known ones and is not similar enough to any of those to be considered misspelled, the package is accepted. `Twyn` assumes that you're using either a not so popular package (therefore it can't verify its legitimacy) or a package created by yourself, therefore unknown for the rest.
 
 ## Quickstart
 
-### Installation
+### Using twyn as a CLI tool
+#### Installation
 
 `Twyn` is available on PyPi repository, you can install it by running
 
 ```sh
-pip install twyn
+pip install twyn[cli]
 ```
 
-### Docker
+#### Docker
 
 `Twyn` provides a Docker image, which can be found [here](https://hub.docker.com/r/elementsinteractive/twyn).
 
@@ -58,7 +61,7 @@ docker pull elementsinteractive/twyn:latest
 docker run elementsinteractive/twyn --help
 ```
 
-### Run
+#### Run
 
 To run twyn simply type:
 
@@ -72,7 +75,7 @@ For a list of all the available options as well as their expected arguments run:
 twyn run --help
 ```
 
-### JSON format
+#### JSON format
 If you want your output in JSON format, you can run `Twyn` with the following flag:
 
 ```python
@@ -84,12 +87,43 @@ This will output:
   {"errors":[{"dependency":"reqests","similars":["requests","grequests"]}]}
  ```
 
+### Using Twyn as a library
+
+
+#### Installation
+`Twyn` also supports being used as 3rd party library for you project. To install it, run:
+
+
+```sh
+pip install twyn
+```
+
+Example usage in your code:
+
+```python
+from twyn import check_dependencies
+
+typos = check_dependencies()
+
+for typo in typos.errors:
+  print(f"Dependency:{typo.dependency}")
+  print(f"Did you mean any of [{','.join(typo.similars)}]")
+  
+```
+
+#### Logging level
+By default, logging is disabled when running as a 3rd party library. To override this behaviour, you can:
+
+```python
+logging.basicConfig(level=logging.INFO)
+logging.getLogger("twyn").setLevel(logging.INFO)
+```
+
 ## Configuration
 
 ### Allowlist
 
-It can happen that a legitimate package known by the user raises an error because is too similar to one of the most trusted ones.
-You can then add this packages to the `allowlist`, so it will be skipped:
+It can happen that a legitimate package known by the user raises an error because it is too similar to one of the most trusted ones. Imagine that you are using internally a package that you developed called `reqests`. You can then add this packages to the `allowlist`, so it will not be reported as a typo:
 
 ```sh
 twyn allowlist add <package>
@@ -201,24 +235,3 @@ To clear the cache, run:
 ```
 
 
- ### Using Twyn as a library
-
-`Twyn` also supports being used as 3rd party library for you project.
-
-```python
-from twyn import check_dependencies
-
-typos = check_dependencies()
-
-for typo in typos.errors:
-  print(f"Dependency:{typo.dependency}")
-  print(f"Did you mean any of [{','.join(typo.similars)}]")
-  
-```
-### Logging level
-To override the logging level when using `Twyn` as a 3rd party library, simply override it like:
-
-```python
-logging.basicConfig(level=logging.DEBUG)
-logging.getLogger("twyn").setLevel(logging.DEBUG)
-```

justfile

@@ -16,7 +16,7 @@ help:
 venv: 
     @if ! {{ venv-exists }}; \
     then \
-    uv sync --frozen --all-groups; \
+    uv sync --frozen --all-extras --all-groups; \
     fi
 
 # Cleans all artifacts generated while running this project, including the virtualenv.

pyproject.toml

@@ -12,8 +12,6 @@ maintainers = [
 requires-python = "<4,>=3.9"
 dependencies = [
     "requests<3.0.0,>=2.32.4",
-    "click<9.0.0,>=8.1.8",
-    "rich<15.0.0,>=14.0.0",
     "rapidfuzz<4.0.0,>=2.13.7",
     "pyparsing<4.0.0,>=3.2.3",
     "tomlkit<0.14.0,>=0.11.6",
@@ -26,6 +24,13 @@ description = "Security tool against dependency typosquatting attacks"
 readme = "README.md"
 dynamic = ["version"]
 
+[project.optional-dependencies]
+cli = [
+    "click<9.0.0,>=8.1.8",
+    "rich<15.0.0,>=14.0.0",
+]
+
+
 [tool.hatch.version]
 path = "VERSION"
 pattern = "v(?P<version>[^\\s]+)"

src/twyn/base/constants.py

@@ -11,6 +11,8 @@
     from twyn.dependency_parser.parsers.abstract_parser import AbstractParser
 
 
+MANUAL_INPUT_SOURCE = "manual_input"
+
 SELECTOR_METHOD_MAPPING: dict[str, type[selectors.AbstractSelector]] = {
     "first-letter": selectors.FirstLetterExact,
     "nearby-letter": selectors.FirstLetterNearbyInKeyboard,

src/twyn/base/exceptions.py

@@ -1,8 +1,6 @@
 import logging
 from typing import IO, Any, Optional
 
-import click
-
 logger = logging.getLogger("twyn")
 
 
@@ -19,14 +17,20 @@ def __init__(self, message: str = "") -> None:
         super().__init__(message or self.message)
 
 
-class CliError(click.ClickException):
-    """Error that will populate application errors to stdout. It does not inherit from `TwynError`."""
+try:
+    import click
 
-    message = "CLI error"
+    class CliError(click.ClickException):
+        """Error that will populate application errors to stdout. It does not inherit from `TwynError`."""
 
-    def __init__(self, message: str = "") -> None:
-        super().__init__(message)
+        message = "CLI error"
+
+        def __init__(self, message: str = "") -> None:
+            super().__init__(message)
+
+        def show(self, file: Optional[IO[Any]] = None) -> None:
+            logger.debug(self.format_message(), exc_info=True)
+            logger.error(self.format_message(), exc_info=False)
 
-    def show(self, file: Optional[IO[Any]] = None) -> None:
-        logger.debug(self.format_message(), exc_info=True)
-        logger.error(self.format_message(), exc_info=False)
+except ModuleNotFoundError:
+    pass

src/twyn/cli.py

@@ -2,29 +2,38 @@
 import sys
 from typing import Optional
 
-import click
-from rich.console import Console
-from rich.logging import RichHandler
-
 from twyn.__version__ import __version__
 from twyn.base.constants import (
     DEFAULT_PROJECT_TOML_FILE,
     DEPENDENCY_FILE_MAPPING,
     SELECTOR_METHOD_MAPPING,
 )
-from twyn.base.exceptions import CliError, TwynError
+from twyn.base.exceptions import TwynError
 from twyn.config.config_handler import ConfigHandler
 from twyn.file_handler.file_handler import FileHandler
 from twyn.main import check_dependencies
 from twyn.trusted_packages.cache_handler import CacheHandler
 from twyn.trusted_packages.constants import CACHE_DIR
 
+try:
+    import click
+    from rich.console import Console
+    from rich.logging import RichHandler
+
+    from twyn.base.exceptions import CliError
+except ImportError:
+    print("Could not run twyn as a cli tool, some dependencies are missing! Run `pip install twyn[cli]`.")
+    import sys
+
+    sys.exit(1)
+
+logger = logging.getLogger("twyn")
+
 logging.basicConfig(
     format="%(message)s",
     datefmt="[%X]",
     handlers=[RichHandler(rich_tracebacks=True, show_path=False, console=Console(stderr=True))],
 )
-logger = logging.getLogger("twyn")
 
 
 @click.group()
@@ -94,7 +103,7 @@ def entry_point() -> None:
     default=False,
     help="Display the results in json format. It implies --no-track.",
 )
-def run(
+def run(  # noqa: C901
     config: str,
     dependency_file: Optional[str],
     dependency: tuple[str],
@@ -136,15 +145,16 @@ def run(
         raise CliError("Unhandled exception occured.") from e
 
     if json:
-        click.echo(possible_typos.model_dump_json())
-        sys.exit(int(bool(possible_typos.errors)))
-    elif possible_typos.errors:
-        for possible_typosquats in possible_typos.errors:
-            click.echo(
-                click.style("Possible typosquat detected: ", fg="red") + f"`{possible_typosquats.dependency}`, "
-                f"did you mean any of [{', '.join(possible_typosquats.similars)}]?",
-                color=True,
-            )
+        click.echo(possible_typos.model_dump_json() or "{}")
+        sys.exit(int(bool(possible_typos)))
+    elif possible_typos:
+        for possible_typosquats in possible_typos.results:
+            for error in possible_typosquats.errors:
+                click.echo(
+                    click.style("Possible typosquat detected: ", fg="red") + f"`{error.dependency}`, "
+                    f"did you mean any of [{', '.join(error.similars)}]?",
+                    color=True,
+                )
         sys.exit(1)
     else:
         click.echo(click.style("No typosquats detected", fg="green"), color=True)