Renamed to depgate

apiiro · cognitivegears · Nov 19, 2024 · Nov 19, 2024 · Nov 19, 2024 · Nov 19, 2024
commit da2cf7ca5b0abdb9dbda1ccf4e49f393878bd9c2
diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md
@@ -1,7 +1,10 @@
 # Contributors
 
-## Organizations
-- [APIIRO](https://github.com/apiiro) - Project sponsor and maintainer
+## Current Maintainers
+- cognitivegears — DepGate hard fork maintainer
+
+## Original Project
+- [APIIRO](https://github.com/apiiro) — Original project sponsor and maintainer of Dependency Combobulator
 
 
 ## Individual Contributors
@@ -24,4 +27,4 @@ Contributions are welcome! The project is designed to be extensible for:
 - Improving documentation and examples
 
 ## License
-This project is licensed under the Apache License 2.0 - see the [LICENSE](LICENSE) file for details.
+This project is licensed under the Apache License 2.0 — see the [LICENSE](LICENSE) and [NOTICE](NOTICE) files for details and attribution.
diff --git a/NOTICE b/NOTICE
@@ -0,0 +1,17 @@
+DepGate
+Copyright (c) 2025 cognitivegears
+
+This product includes software originally developed by Apiiro and
+contributors as "Dependency Combobulator" (https://github.com/apiiro/combobulator).
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
diff --git a/README.md b/README.md
@@ -1,7 +1,7 @@
-# Dependency Combobulator
+# DepGate (hard fork of Dependency Combobulator)
 ![BHEU BADGE](docs/bheu21.svg) ![python](https://img.shields.io/badge/Python-14354C) ![maintained](https://img.shields.io/badge/Maintained%3F-yes-green.svg)
 
-Dependency Combobulator is an Open-Source, modular and extensible framework to detect and prevent dependency confusion leakage and potential attacks. This facilitates a holistic approach for ensuring secure application releases that can be evaluated against different sources (e.g., GitHub Packages, JFrog Artifactory) and many package management schemes (e.g., npm, maven).
+DepGate is an open-source, modular and extensible framework to detect and prevent dependency confusion and related supply‑chain risks. It supports multiple sources (e.g., GitHub Packages, JFrog Artifactory) and package managers (e.g., npm, maven, PyPI).
 
 ### Intended Audiences
 
@@ -21,7 +21,7 @@ The project is putting practicionar's ability to extend and fit the toolkit to h
 
 ## Installation
 
-Dependency Combobulator is ready to work with as it is — just `git clone` or download the package from https://github.com/apiiro/combobulator
+Clone this repository and install dependencies with uv:
 
 Use uv to create a local environment and install dependencies:
 
@@ -52,7 +52,7 @@ uv sync
   -q, --quiet           Suppress console output
   --error-on-warning    Exit with error code if warnings are found
 
-Apiiro <Heart> Community
+Hard fork of Apiiro/combobulator by cognitivegears
 ```
 Supported package types (-t, --t): npm, maven, pypi
 
@@ -61,7 +61,7 @@ Supported source dependency assessment:
 - By analyzing the appropriate repo's software bill-of-materials (e.g. package.json, pom.xml) (-d, --directory)
 - Naming a single identifier (-p, --package)
 
-Analysis level is customizable as you can build your own preferred analysis profile in seconds. Dependency Combobulator does come with several analysis levels out-of-the-box, selected by -a, --analysis
+Analysis level is customizable as you can build your own preferred analysis profile in seconds. DepGate ships with several analysis levels out-of-the-box, selected by -a, --analysis.
 
 Supported output format:
 - Screen stdout (default)
@@ -72,8 +72,8 @@ Supported output format:
 https://user-images.githubusercontent.com/90651458/140915800-c267034b-90c9-42d1-b12a-83e12f70d44e.mp4
 
 
-## Credits
+## Credits & Attribution
 
-The project is maintained and sponsored by Apiiro with 💜
+DepGate is a hard fork of "Dependency Combobulator" originally developed by Apiiro and its contributors: https://github.com/apiiro/combobulator
 
-We honor great developers & AppSec practitioners with a passion for change 🙏
+This fork is maintained by cognitivegears. The original authors and contributors are credited in CONTRIBUTORS.md. The project continues under the Apache License 2.0, preserving the original license and attribution.
diff --git a/pyproject.toml b/pyproject.toml
@@ -3,18 +3,18 @@ requires = ["setuptools>=61", "wheel"]
 build-backend = "setuptools.build_meta"
 
 [project]
-name = "combobulator-moshe-apiiro"
-version = "0.1"
-description = "Dependency Combobulator detects and prevents dependency confusion risks."
+name = "depgate"
+version = "0.1.0"
+description = "DepGate detects and prevents dependency confusion and supply-chain risks. (Hard fork of Apiiro's Dependency Combobulator)"
 readme = "README.md"
 requires-python = ">=3.8"
-license = { text = "MIT" }
+license = { text = "Apache-2.0" }
 authors = [
-  { name = "Moshe Zioni", email = "[email protected]" }
+  { name = "cognitivegears" }
 ]
 classifiers = [
   "Programming Language :: Python :: 3",
-  "License :: OSI Approved :: MIT License",
+  "License :: OSI Approved :: Apache Software License",
   "Operating System :: OS Independent",
 ]
 dependencies = [
@@ -25,15 +25,16 @@ dependencies = [
 ]
 
 [project.urls]
-Homepage = "https://github.com/apiiro/combobulator"
-"Bug Tracker" = "https://github.com/apiiro/combobulator/issues"
+Homepage = "https://github.com/cognitivegears/depgate"
+"Bug Tracker" = "https://github.com/cognitivegears/depgate/issues"
+Upstream = "https://github.com/apiiro/combobulator"
 
 [project.scripts]
-combobulator = "combobulator:main"
+depgate = "depgate:main"
 
 [tool.setuptools]
 package-dir = {"" = "src"}
-py-modules = ["combobulator", "args", "constants", "metapackage"]
+py-modules = ["depgate", "args", "constants", "metapackage"]
 
 [tool.setuptools.packages.find]
 where = ["src"]

diff --git a/src/args.py b/src/args.py
@@ -1,14 +1,14 @@
-"""Argument parsing functionality for Combobulator."""
+"""Argument parsing functionality for DepGate (hard fork)."""
 
 import argparse
 from constants import Constants
 
 def parse_args():
     """Parses the arguments passed to the program."""
     parser = argparse.ArgumentParser(
-        prog="combobulator.py",
-        description="Dependency Combobulator - Dependency Confusion Checker",
-        epilog='Apiiro <Heart> Community',
+        prog="depgate.py",
+        description="DepGate - Dependency supply-chain risk and confusion checker (hard fork of Apiiro's Dependency Combobulator)",
+        epilog='Hard fork of Apiiro/combobulator by cognitivegears',
         add_help=True)
 
     parser.add_argument("-t", "--type",
@@ -74,4 +74,4 @@ def parse_args():
                         help="Do not output to console.",
                         action="store_true")
 
-    return parser.parse_args()
+    return parser.parse_args()
diff --git a/src/combobulator_moshe_apiiro.egg-info/SOURCES.txt b/src/combobulator_moshe_apiiro.egg-info/SOURCES.txt
diff --git a/src/combobulator_moshe_apiiro.egg-info/entry_points.txt b/src/combobulator_moshe_apiiro.egg-info/entry_points.txt
diff --git a/...mbobulator_moshe_apiiro.egg-info/PKG-INFO → src/depgate.egg-info/PKG-INFO b/...mbobulator_moshe_apiiro.egg-info/PKG-INFO → src/depgate.egg-info/PKG-INFO
@@ -1,29 +1,29 @@
 Metadata-Version: 2.4
-Name: combobulator-moshe-apiiro
-Version: 0.1
-Summary: Dependency Combobulator detects and prevents dependency confusion risks.
-Home-page: https://github.com/apiiro/combobulator
-Author: Moshe Zioni
-Author-email: Moshe Zioni <[email protected]>
-License: MIT
-Project-URL: Homepage, https://github.com/apiiro/combobulator
-Project-URL: Bug Tracker, https://github.com/apiiro/combobulator/issues
+Name: depgate
+Version: 0.1.0
+Summary: DepGate detects and prevents dependency confusion and supply-chain risks. (Hard fork of Apiiro's Dependency Combobulator)
+Author: cognitivegears
+License: Apache-2.0
+Project-URL: Homepage, https://github.com/cognitivegears/depgate
+Project-URL: Bug Tracker, https://github.com/cognitivegears/depgate/issues
+Project-URL: Upstream, https://github.com/apiiro/combobulator
 Classifier: Programming Language :: Python :: 3
-Classifier: License :: OSI Approved :: MIT License
+Classifier: License :: OSI Approved :: Apache Software License
 Classifier: Operating System :: OS Independent
 Requires-Python: >=3.8
 Description-Content-Type: text/markdown
 License-File: LICENSE
+License-File: NOTICE
 Requires-Dist: requests<2.32.5,>=2.32.4
 Requires-Dist: gql>=3.5.0
 Requires-Dist: python-dotenv>=0.19.2
 Requires-Dist: requirements-parser>=0.11.0
 Dynamic: license-file
 
-# Dependency Combobulator
+# DepGate (hard fork of Dependency Combobulator)
 ![BHEU BADGE](docs/bheu21.svg) ![python](https://img.shields.io/badge/Python-14354C) ![maintained](https://img.shields.io/badge/Maintained%3F-yes-green.svg)
 
-Dependency Combobulator is an Open-Source, modular and extensible framework to detect and prevent dependency confusion leakage and potential attacks. This facilitates a holistic approach for ensuring secure application releases that can be evaluated against different sources (e.g., GitHub Packages, JFrog Artifactory) and many package management schemes (e.g., npm, maven).
+DepGate is an open-source, modular and extensible framework to detect and prevent dependency confusion and related supply‑chain risks. It supports multiple sources (e.g., GitHub Packages, JFrog Artifactory) and package managers (e.g., npm, maven, PyPI).
 
 ### Intended Audiences
 
@@ -43,11 +43,15 @@ The project is putting practicionar's ability to extend and fit the toolkit to h
 
 ## Installation
 
-Dependency Combobulator is ready to work with as it is - just `git clone` or download the package from https://github.com/apiiro/combobulator
+Clone this repository and install dependencies with uv:
 
-Make sure to install required dependencies by running:
+Use uv to create a local environment and install dependencies:
 
-`pip install -r requirements.txt`
+```
+uv venv
+source .venv/bin/activate
+uv sync
+```
 
 ## Arguments (--help)
 ```
@@ -70,7 +74,7 @@ Make sure to install required dependencies by running:
   -q, --quiet           Suppress console output
   --error-on-warning    Exit with error code if warnings are found
 
-Apiiro <Heart> Community
+Hard fork of Apiiro/combobulator by cognitivegears
 ```
 Supported package types (-t, --t): npm, maven, pypi
 
@@ -79,7 +83,7 @@ Supported source dependency assessment:
 - By analyzing the appropriate repo's software bill-of-materials (e.g. package.json, pom.xml) (-d, --directory)
 - Naming a single identifier (-p, --package)
 
-Analysis level is customizable as you can build your own preferred analysis profile in seconds. Dependency Combobulator does come with several analysis levels out-of-the-box, selected by -a, --analysis
+Analysis level is customizable as you can build your own preferred analysis profile in seconds. DepGate ships with several analysis levels out-of-the-box, selected by -a, --analysis.
 
 Supported output format:
 - Screen stdout (default)
@@ -90,8 +94,8 @@ Supported output format:
 https://user-images.githubusercontent.com/90651458/140915800-c267034b-90c9-42d1-b12a-83e12f70d44e.mp4
 
 
-## Credits
+## Credits & Attribution
 
-The project is maintained and sponsored by Apiiro with 💜
+DepGate is a hard fork of "Dependency Combobulator" originally developed by Apiiro and its contributors: https://github.com/apiiro/combobulator
 
-We honor great developers & AppSec practitioners with a passion for change 🙏
+This fork is maintained by cognitivegears. The original authors and contributors are credited in CONTRIBUTORS.md. The project continues under the Apache License 2.0, preserving the original license and attribution.
diff --git a/src/depgate.egg-info/SOURCES.txt b/src/depgate.egg-info/SOURCES.txt
@@ -0,0 +1,20 @@
+LICENSE
+NOTICE
+README.md
+pyproject.toml
+src/args.py
+src/constants.py
+src/depgate.py
+src/metapackage.py
+src/analysis/__init__.py
+src/analysis/heuristics.py
+src/depgate.egg-info/PKG-INFO
+src/depgate.egg-info/SOURCES.txt
+src/depgate.egg-info/dependency_links.txt
+src/depgate.egg-info/entry_points.txt
+src/depgate.egg-info/requires.txt
+src/depgate.egg-info/top_level.txt
+src/registry/__init__.py
+src/registry/maven.py
+src/registry/npm.py
+src/registry/pypi.py
diff --git a/...oshe_apiiro.egg-info/dependency_links.txt → src/depgate.egg-info/dependency_links.txt b/...oshe_apiiro.egg-info/dependency_links.txt → src/depgate.egg-info/dependency_links.txt
diff --git a/src/depgate.egg-info/entry_points.txt b/src/depgate.egg-info/entry_points.txt
@@ -0,0 +1,2 @@
+[console_scripts]
+depgate = depgate:main
diff --git a/...ulator_moshe_apiiro.egg-info/requires.txt → src/depgate.egg-info/requires.txt b/...ulator_moshe_apiiro.egg-info/requires.txt → src/depgate.egg-info/requires.txt
diff --git a/...lator_moshe_apiiro.egg-info/top_level.txt → src/depgate.egg-info/top_level.txt b/...lator_moshe_apiiro.egg-info/top_level.txt → src/depgate.egg-info/top_level.txt
@@ -1,6 +1,6 @@
 analysis
 args
-combobulator
 constants
+depgate
 metapackage
 registry