pablanco

import { StateGraph, START, END } from "@langchain/langgraph";
import { dependencyScanner } from "./nodes/dependencyScanner";
import { vulnerabilityAnalyzer } from "./nodes/vulnerabilityAnalyzer";
import { secureAlternatives } from "./nodes/secureAlternatives";
import { reportGenerator } from "./nodes/reportGenerator";
import { DependencyRiskAnnotation, routingFunction } from "./agent";
import * as dotenv from 'dotenv';
dotenv.config();

async function main() {

pablanco

import { writeFile } from "fs/promises";
import { DependencyRiskAnnotation } from "../agent";

export async function reportGenerator(state: typeof DependencyRiskAnnotation.State): Promise<{ reportPath: string }> {

    console.log(`Running reportGenerator`);
    let reportContent = `# Dependency Security Report`;
    reportContent += `\n## Vulnerabilities:\n ${state.vulnerabilities.map((v) => `- ${v}`).join("\n")}`;
    reportContent += `\n## Secure Alternatives:\n ${state.alternatives.map((a) => `- ${a}`).join("\n")}`;

pablanco

import { ChatOpenAI } from "@langchain/openai";
import { DependencyRiskAnnotation } from '../agent';

export async function secureAlternatives(state: typeof DependencyRiskAnnotation.State): Promise<{ alternatives: string[] }> {
    console.log(`Running secureAlternatives`);
    const llm = new ChatOpenAI({ model: "gpt-4o-mini", apiKey: process.env.OPENAI_API_KEY });
    const alternatives: string[] = [];

    for (const [dependency, version] of Object.entries(state.dependencies)) {
        try {

pablanco

import { HumanMessage } from '@langchain/core/messages';
import { ChatGoogleGenerativeAI } from "@langchain/google-genai";
import { DependencyRiskAnnotation } from '../agent';

export async function vulnerabilityAnalyzer(state: typeof DependencyRiskAnnotation.State):
    Promise<{ vulnerabilities: string[] }> {
    console.log(`Running vulnerabilityAnalyzer`);
    const llm = new ChatGoogleGenerativeAI(
        {
            model: 'gemini-1.5-flash',

pablanco

import { readFileSync } from 'fs';
import { DependencyRiskAnnotation } from '../agent';

export function dependencyScanner(state: typeof DependencyRiskAnnotation.State): Record<string, string> {
    try {
        console.log(`Running dependencyScanner`);
        const packageJson = JSON.parse(readFileSync(state.filePath, 'utf-8'));
        const dependencies = packageJson.dependencies || {};
        return { dependencies };
    } catch (error: any) {

pablanco

import { Annotation, END } from "@langchain/langgraph";

// Define the structure of the state object that will be passed between nodes in the LangGraph workflow.
// Each property represents a key piece of data used by the agents during execution.
export const DependencyRiskAnnotation = Annotation.Root({
    // Path to the file being analyzed, typically a package.json file.
    filePath: Annotation<string>,

    // A record object containing dependencies and their versions extracted from the file.
    dependencies: Annotation<Record<string, string>>,

pablanco

npm run build && npm run start

pablanco

import { Request, Response } from "express";
import { GoogleGenerativeAI } from '@google/generative-ai';
import dotenv from "dotenv";

dotenv.config();

// GoogleGenerativeAI required config
const configuration = new GoogleGenerativeAI(process.env.API_KEY);

pablanco

npm install express body-parser @google/generative-ai dotenv @types/node @types/express @types/body-parser

pablanco

mkdir gemini-nodejs
cd gemini-nodejs