Fix failure in package subcommand (#1513)

This fixes some compatibility issues between our current API and the
CLI's own internal data structures.

Closes #1514.
Closes #1512.

Author: cd-work

CHANGELOG.md

@@ -12,6 +12,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
 - Use `suppression_reason` instead of deprecated `suppressed` field
 
+### Fixed
+
+- Package subcommand failing to parse API responses
+
 ## 7.1.0 - 2024-09-24
 
 ### Added

cli/src/types.rs

@@ -132,6 +132,14 @@ pub struct RevokeTokenRequest<'a> {
     pub name: &'a str,
 }
 
+#[derive(Serialize, Deserialize)]
+pub struct PackageSpecifier {
+    #[serde(alias = "type")]
+    pub registry: String,
+    pub name: String,
+    pub version: String,
+}
+
 /// Response body for `/data/packages/submit`.
 #[derive(Serialize, Deserialize)]
 #[serde(tag = "status", content = "data")]
@@ -156,33 +164,19 @@ pub struct Package {
     pub versions: Vec<ScoredVersion>,
     pub description: Option<String>,
     pub license: Option<String>,
-    pub dep_specs: Vec<PackageSpecifier>,
     pub dependencies: Option<Vec<Package>>,
-    pub download_count: u32,
     pub risk_scores: RiskScores,
-    pub total_risk_score_dynamics: Option<Vec<ScoreDynamicsPoint>>,
     pub issues: Vec<Issue>,
-    pub authors: Vec<Author>,
-    pub developer_responsiveness: Option<DeveloperResponsiveness>,
     pub complete: bool,
     pub release_data: Option<PackageReleaseData>,
     pub repo_url: Option<String>,
-    pub maintainers_recently_changed: Option<bool>,
-    pub is_abandonware: Option<bool>,
-}
-
-#[derive(Serialize, Deserialize)]
-pub struct PackageSpecifier {
-    #[serde(alias = "type")]
-    pub registry: String,
-    pub name: String,
-    pub version: String,
 }
 
 #[derive(Serialize, Deserialize)]
 pub struct ScoredVersion {
     pub version: String,
     pub total_risk_score: Option<f32>,
+    pub published_date: Option<String>,
 }
 
 /// Package risk scores, broken down by domain.
@@ -235,7 +229,7 @@ pub struct VulnDetails {
     /// The CVSS score assigned to this vuln.
     pub cvss: f32,
     /// The CVSS vector string assigned to this vuln.
-    pub cvss_vector: String,
+    pub cvss_vector: Option<String>,
 }
 
 /// The user-specified reason for an issue to be ignored.
@@ -277,6 +271,7 @@ pub struct DeveloperResponsiveness {
 pub struct PackageReleaseData {
     pub first_release_date: String,
     pub last_release_date: String,
+    pub total_releases: u32,
 }
 
 #[derive(Serialize, Deserialize, PartialEq, Eq, Copy, Clone, Debug, Hash)]

extensions/CHANGELOG.md

@@ -8,6 +8,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
 ## Unreleased
 
+### Changed
+
+- Return type fields of `PhylumApi::getPackageDetails`
+
 ## 7.0.0 - 2024-09-17
 
 ### Added

extensions/phylum.d.ts

@@ -335,9 +335,7 @@ declare namespace Phylum {
    *   ],
    *   description: "TypeScript is a language for application scale JavaScript development",
    *   license: "Apache-2.0",
-   *   depSpecs: [],
    *   dependencies: [],
-   *   downloadCount: 134637844,
    *   riskScores: {
    *     total: 1,
    *     vulnerability: 1,
@@ -346,18 +344,8 @@ declare namespace Phylum {
    *     engineering: 1,
    *     license: 1
    *   },
-   *   totalRiskScoreDynamics: null,
    *   issuesDetails: [],
    *   issues: [],
-   *   authors: [],
-   *   developerResponsiveness: {
-   *     open_issue_count: 0,
-   *     total_issue_count: 0,
-   *     open_issue_avg_duration: null,
-   *     open_pull_request_count: 0,
-   *     total_pull_request_count: 0,
-   *     open_pull_request_avg_duration: null
-   *   },
    *   complete: true
    * }
    * ```