Skip to content

Instantly share code, notes, and snippets.

View pablanco's full-sized avatar

Pablo Blanco pablanco

View GitHub Profile
import { StateGraph, START, END } from "@langchain/langgraph";
import { dependencyScanner } from "./nodes/dependencyScanner";
import { vulnerabilityAnalyzer } from "./nodes/vulnerabilityAnalyzer";
import { secureAlternatives } from "./nodes/secureAlternatives";
import { reportGenerator } from "./nodes/reportGenerator";
import { DependencyRiskAnnotation, routingFunction } from "./agent";
import * as dotenv from 'dotenv';
dotenv.config();
async function main() {
import { writeFile } from "fs/promises";
import { DependencyRiskAnnotation } from "../agent";
export async function reportGenerator(state: typeof DependencyRiskAnnotation.State): Promise<{ reportPath: string }> {
console.log(`Running reportGenerator`);
let reportContent = `# Dependency Security Report`;
reportContent += `\n## Vulnerabilities:\n ${state.vulnerabilities.map((v) => `- ${v}`).join("\n")}`;
reportContent += `\n## Secure Alternatives:\n ${state.alternatives.map((a) => `- ${a}`).join("\n")}`;
@pablanco
pablanco / gist:5de4a4d603dcec0c1470983de8ad2fa6
Last active January 10, 2025 18:55
secureAlternatives.ts
import { ChatOpenAI } from "@langchain/openai";
import { DependencyRiskAnnotation } from '../agent';
export async function secureAlternatives(state: typeof DependencyRiskAnnotation.State): Promise<{ alternatives: string[] }> {
console.log(`Running secureAlternatives`);
const llm = new ChatOpenAI({ model: "gpt-4o-mini", apiKey: process.env.OPENAI_API_KEY });
const alternatives: string[] = [];
for (const [dependency, version] of Object.entries(state.dependencies)) {
try {
@pablanco
pablanco / gist:9c5d2963e0f9826c6ca9b57f3723e383
Last active January 10, 2025 18:54
vulnerabilityAnalyzer.ts
import { HumanMessage } from '@langchain/core/messages';
import { ChatGoogleGenerativeAI } from "@langchain/google-genai";
import { DependencyRiskAnnotation } from '../agent';
export async function vulnerabilityAnalyzer(state: typeof DependencyRiskAnnotation.State):
Promise<{ vulnerabilities: string[] }> {
console.log(`Running vulnerabilityAnalyzer`);
const llm = new ChatGoogleGenerativeAI(
{
model: 'gemini-1.5-flash',
@pablanco
pablanco / gist:efb41cda4e3e9e3ad3f5c3f211edd355
Last active January 10, 2025 18:54
dependencyScanner.ts
import { readFileSync } from 'fs';
import { DependencyRiskAnnotation } from '../agent';
export function dependencyScanner(state: typeof DependencyRiskAnnotation.State): Record<string, string> {
try {
console.log(`Running dependencyScanner`);
const packageJson = JSON.parse(readFileSync(state.filePath, 'utf-8'));
const dependencies = packageJson.dependencies || {};
return { dependencies };
} catch (error: any) {
import { Annotation, END } from "@langchain/langgraph";
// Define the structure of the state object that will be passed between nodes in the LangGraph workflow.
// Each property represents a key piece of data used by the agents during execution.
export const DependencyRiskAnnotation = Annotation.Root({
// Path to the file being analyzed, typically a package.json file.
filePath: Annotation<string>,
// A record object containing dependencies and their versions extracted from the file.
dependencies: Annotation<Record<string, string>>,
npm run build && npm run start
import { Request, Response } from "express";
import { GoogleGenerativeAI } from '@google/generative-ai';
import dotenv from "dotenv";
dotenv.config();
// GoogleGenerativeAI required config
const configuration = new GoogleGenerativeAI(process.env.API_KEY);
npm install express body-parser @google/generative-ai dotenv @types/node @types/express @types/body-parser
mkdir gemini-nodejs
cd gemini-nodejs