This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import { StateGraph, START, END } from "@langchain/langgraph"; | |
import { dependencyScanner } from "./nodes/dependencyScanner"; | |
import { vulnerabilityAnalyzer } from "./nodes/vulnerabilityAnalyzer"; | |
import { secureAlternatives } from "./nodes/secureAlternatives"; | |
import { reportGenerator } from "./nodes/reportGenerator"; | |
import { DependencyRiskAnnotation, routingFunction } from "./agent"; | |
import * as dotenv from 'dotenv'; | |
dotenv.config(); | |
async function main() { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import { writeFile } from "fs/promises"; | |
import { DependencyRiskAnnotation } from "../agent"; | |
export async function reportGenerator(state: typeof DependencyRiskAnnotation.State): Promise<{ reportPath: string }> { | |
console.log(`Running reportGenerator`); | |
let reportContent = `# Dependency Security Report`; | |
reportContent += `\n## Vulnerabilities:\n ${state.vulnerabilities.map((v) => `- ${v}`).join("\n")}`; | |
reportContent += `\n## Secure Alternatives:\n ${state.alternatives.map((a) => `- ${a}`).join("\n")}`; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import { ChatOpenAI } from "@langchain/openai"; | |
import { DependencyRiskAnnotation } from '../agent'; | |
export async function secureAlternatives(state: typeof DependencyRiskAnnotation.State): Promise<{ alternatives: string[] }> { | |
console.log(`Running secureAlternatives`); | |
const llm = new ChatOpenAI({ model: "gpt-4o-mini", apiKey: process.env.OPENAI_API_KEY }); | |
const alternatives: string[] = []; | |
for (const [dependency, version] of Object.entries(state.dependencies)) { | |
try { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import { HumanMessage } from '@langchain/core/messages'; | |
import { ChatGoogleGenerativeAI } from "@langchain/google-genai"; | |
import { DependencyRiskAnnotation } from '../agent'; | |
export async function vulnerabilityAnalyzer(state: typeof DependencyRiskAnnotation.State): | |
Promise<{ vulnerabilities: string[] }> { | |
console.log(`Running vulnerabilityAnalyzer`); | |
const llm = new ChatGoogleGenerativeAI( | |
{ | |
model: 'gemini-1.5-flash', |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import { readFileSync } from 'fs'; | |
import { DependencyRiskAnnotation } from '../agent'; | |
export function dependencyScanner(state: typeof DependencyRiskAnnotation.State): Record<string, string> { | |
try { | |
console.log(`Running dependencyScanner`); | |
const packageJson = JSON.parse(readFileSync(state.filePath, 'utf-8')); | |
const dependencies = packageJson.dependencies || {}; | |
return { dependencies }; | |
} catch (error: any) { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import { Annotation, END } from "@langchain/langgraph"; | |
// Define the structure of the state object that will be passed between nodes in the LangGraph workflow. | |
// Each property represents a key piece of data used by the agents during execution. | |
export const DependencyRiskAnnotation = Annotation.Root({ | |
// Path to the file being analyzed, typically a package.json file. | |
filePath: Annotation<string>, | |
// A record object containing dependencies and their versions extracted from the file. | |
dependencies: Annotation<Record<string, string>>, |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
npm run build && npm run start |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import { Request, Response } from "express"; | |
import { GoogleGenerativeAI } from '@google/generative-ai'; | |
import dotenv from "dotenv"; | |
dotenv.config(); | |
// GoogleGenerativeAI required config | |
const configuration = new GoogleGenerativeAI(process.env.API_KEY); | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
npm install express body-parser @google/generative-ai dotenv @types/node @types/express @types/body-parser |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
mkdir gemini-nodejs | |
cd gemini-nodejs |
NewerOlder