feat: Show number of updates, deprecations and vulnerabilities

Author: Samir Boulema

Diff for: .github/workflows/workflow.yml

@@ -7,7 +7,7 @@ on:
       - 'feature/**'
 
 env:
-  version: '1.0.${{ github.run_number }}'
+  version: '1.1.${{ github.run_number }}'
   repoUrl: ${{ github.server_url }}/${{ github.repository }}
 
 jobs:

Diff for: README.md

@@ -25,11 +25,13 @@ A big thanks goes to [AnushaG2201](https://github.com/AnushaG2201)!
 
 I was playing with the idea for this extension for quite a while but never figured out how I would create this extension. 
 
-That is until I saw the [Nuget-updates-notifier](https://marketplace.visualstudio.com/items?itemName=Anusha.NugetPackageUpdateNotifier) ([Github](https://github.com/AnushaG2201/Nuget-updates-notifier)) which gave mt the remaining puzzle pieces, so that I could create my own version.
+That is until I saw the [Nuget-updates-notifier](https://marketplace.visualstudio.com/items?itemName=Anusha.NugetPackageUpdateNotifier) ([Github](https://github.com/AnushaG2201/Nuget-updates-notifier)) which gave me the remaining puzzle pieces, so that I could create my own version.
 
 ## Links
 [NuGet Client SDK / NuGet.Protocol](https://learn.microsoft.com/en-us/nuget/reference/nuget-client-sdk)
 
 [Visual Studio Extensibility Cookbook - Notifications](https://www.vsixcookbook.com/recipes/notifications.html)
 
-[Invoke the Manage NuGet Packages dialog programmatically](https://devblogs.microsoft.com/nuget/invoke-manage-nuget-packages-dialog-programmatically/)
+[Invoke the Manage NuGet Packages dialog programmatically](https://devblogs.microsoft.com/nuget/invoke-manage-nuget-packages-dialog-programmatically/)
+
+[UpdatR packages](https://github.com/OskarKlintrot/UpdatR)

Diff for: src/Models/PackageReference.cs

@@ -1,11 +1,24 @@
-using System;
+using NuGet.Packaging.Core;
+using NuGet.Versioning;
+using System.Xml.Linq;
 
 namespace NuGetMonitor.Models
 {
     public class PackageReference
     {
-        public string Include { get; set; } = string.Empty;
+        public PackageReference(XElement packageReference)
+        {
+            PackageIdentity = new PackageIdentity(
+                packageReference.Attribute("Include").Value,
+                new NuGetVersion(packageReference.Attribute("Version").Value));
+        }
 
-        public Version Version { get; set; }
+        public PackageIdentity PackageIdentity { get; set; }
+
+        public bool IsVulnerable { get; set; }
+
+        public bool IsDeprecated { get; set; }
+
+        public bool IsOutdated { get; set; }
     }
 }

Diff for: src/NuGetMonitorPackage.cs

@@ -11,7 +11,7 @@ namespace NuGetMonitor
 {
     [Guid(PackageGuidString)]
     [PackageRegistration(UseManagedResourcesOnly = true, AllowsBackgroundLoading = true)]
-    [ProvideAutoLoad(VSConstants.UICONTEXT.NoSolution_string, PackageAutoLoadFlags.BackgroundLoad)]
+    [ProvideAutoLoad(VSConstants.UICONTEXT.SolutionExistsAndFullyLoaded_string, PackageAutoLoadFlags.BackgroundLoad)]
     public sealed class NuGetMonitorPackage : ToolkitPackage
     {
         public const string PackageGuidString = "38279e01-6b27-4a29-9221-c4ea8748f16e";
@@ -21,6 +21,8 @@ protected override async Task InitializeAsync(CancellationToken cancellationToke
             await JoinableTaskFactory.SwitchToMainThreadAsync(cancellationToken);
 
             MonitorService.RegisterEventHandler();
+
+            MonitorService.CheckForUpdates().FireAndForget();
         }
     }
 }

Diff for: src/Services/InfoBarService.cs

@@ -3,21 +3,31 @@
 using Microsoft.VisualStudio.Shell.Interop;
 using Microsoft.VisualStudio.Shell;
 using System.Threading.Tasks;
+using NuGetMonitor.Models;
+using System.Collections.Generic;
+using System.Linq;
 
 namespace NuGetMonitor.Services
 {
     public class InfoBarService
     {
-        public static async Task ShowInfoBar()
+        public static async Task ShowInfoBar(IEnumerable<PackageReference> packageReferences)
         {
+            var outdatedCount = packageReferences.Count(packageRefence => packageRefence.IsOutdated);
+            var deprecatedCount = packageReferences.Count(packageRefence => packageRefence.IsDeprecated);
+            var vulnerableCount = packageReferences.Count(packageRefence => packageRefence.IsVulnerable);
+
+            if (outdatedCount == 0 &&
+                deprecatedCount == 0 &&
+                vulnerableCount == 0)
+            {
+                return;
+            }
+
             var model = new InfoBarModel(
-                new[] {
-                    new InfoBarTextSpan("NuGet updates available. "),
-                    new InfoBarHyperlink("Manage NuGet"),
-                    new InfoBarTextSpan(".")
-                },
+                GetTextSpans(outdatedCount, deprecatedCount, vulnerableCount),
                 KnownMonikers.NuGet,
-                true);
+                isCloseButtonVisible: true);
 
             var infoBar = await VS.InfoBar.CreateAsync(ToolWindowGuids80.SolutionExplorer, model);
             infoBar.ActionItemClicked += InfoBar_ActionItemClicked;
@@ -29,10 +39,41 @@ private static void InfoBar_ActionItemClicked(object sender, InfoBarActionItemEv
         {
             ThreadHelper.ThrowIfNotOnUIThread();
 
-            if (e.ActionItem.Text == "Manage NuGet")
+            if (e.ActionItem.Text == "Manage")
             {
                 VS.Commands.ExecuteAsync("Tools.ManageNuGetPackagesForSolution").FireAndForget();
             }
+
+            (sender as InfoBar).Close();
+        }
+
+        private static List<IVsInfoBarTextSpan> GetTextSpans(int outdatedCount, int deprecatedCount, int vulnerableCount)
+        {
+            // Idea for showing counts, not sure if unicode icons in a InfoBar feel native
+            // new InfoBarTextSpan($"NuGet update: 🔼 {outdatedCount} ⚠ {deprecatedCount} 💀 {vulnerableCount}. "),
+
+            var textSpans = new List<IVsInfoBarTextSpan>();
+
+            if (outdatedCount > 0)
+            {
+                textSpans.Add(new InfoBarTextSpan($"{outdatedCount} {(outdatedCount == 1 ? "update" : "updates")} available"));
+            }
+
+            if (deprecatedCount > 0)
+            {
+                textSpans.Add(new InfoBarTextSpan($"{(textSpans.Any() ? ", " : string.Empty)}{deprecatedCount} {(deprecatedCount == 1 ? "deprecation" : "deprecations")}"));
+            }
+
+            if (vulnerableCount > 0)
+            {
+                textSpans.Add(new InfoBarTextSpan($"{(textSpans.Any() ? ", " : string.Empty)}{vulnerableCount} {(vulnerableCount == 1 ? "vulnerability" : "vulnerabilities")}"));
+            }
+
+            textSpans.Add(new InfoBarTextSpan(". "));
+            textSpans.Add(new InfoBarHyperlink("Manage"));
+            textSpans.Add(new InfoBarTextSpan(" packages."));
+
+            return textSpans;
         }
     }
 }

Diff for: src/Services/MonitorService.cs

@@ -16,38 +16,13 @@ private static void SolutionEvents_OnAfterOpenSolution(Solution solution)
             CheckForUpdates().FireAndForget();
         }
 
-        private static async Task CheckForUpdates()
+        public static async Task CheckForUpdates()
         {
-            var hasUpdates = await HasUpdates();
+            var packageReferences = await ProjectService.GetPackageReferences();
 
-            if (!hasUpdates)
-            {
-                return;
-            }
+            packageReferences = await NuGetService.CheckPackageReferences(packageReferences);
 
-            await InfoBarService.ShowInfoBar();
-        }
-
-        private static async Task<bool> HasUpdates()
-        {
-            var projectPaths = await ProjectService.GetProjectPaths();
-
-            foreach (var path in projectPaths)
-            {
-                var packageReferences = ProjectService.GetPackageReferences(path);
-
-                foreach (var packageReference in packageReferences)
-                {
-                    var latestVersion = await NuGetService.GetLatestVersion(packageReference.Include);
-
-                    if (latestVersion > packageReference.Version)
-                    {
-                        return true;
-                    }
-                }
-            }
-
-            return false;
+            await InfoBarService.ShowInfoBar(packageReferences);
         }
     }
 }

Diff for: src/Services/NuGetService.cs

@@ -1,30 +1,58 @@
 using NuGet.Common;
 using NuGet.Protocol;
 using NuGet.Protocol.Core.Types;
-using System;
+using System.Collections.Generic;
 using System.Linq;
 using System.Threading;
 using System.Threading.Tasks;
+using PackageReference = NuGetMonitor.Models.PackageReference;
 
 namespace NuGetMonitor.Services
 {
     public static class NuGetService
     {
-        public static async Task<Version> GetLatestVersion(string id)
+        public static async Task<List<PackageReference>> CheckPackageReferences(IEnumerable<PackageReference> packageReferences)
+        {
+            var result = await Task.WhenAll(
+                packageReferences
+                    .ToList()
+                    .Select(packageReference => CheckPackageReference(packageReference)));
+
+            return result.ToList();
+        }
+
+        private static async Task<PackageReference> CheckPackageReference(PackageReference packageReference)
+        {
+            var packageMetadataResource = await Repository.Factory
+                .GetCoreV3("https://api.nuget.org/v3/index.json")
+                .GetResourceAsync<PackageMetadataResource>();
+
+            var metadata = await packageMetadataResource.GetMetadataAsync(
+                packageReference.PackageIdentity,
+                new SourceCacheContext(),
+                NullLogger.Instance,
+                CancellationToken.None);
+
+            packageReference.IsVulnerable = metadata.Vulnerabilities != null;
+            packageReference.IsDeprecated = await metadata.GetDeprecationMetadataAsync() != null;
+            packageReference.IsOutdated = await IsOutdated(packageReference);
+
+            return packageReference;
+        }
+
+        private static async Task<bool> IsOutdated(PackageReference packageReference)
         {
             var packageResource = await Repository.Factory
                 .GetCoreV3("https://api.nuget.org/v3/index.json")
                 .GetResourceAsync<FindPackageByIdResource>();
 
             var versions = await packageResource.GetAllVersionsAsync(
-                id,
+                packageReference.PackageIdentity.Id,
                 new SourceCacheContext(),
                 NullLogger.Instance,
                 CancellationToken.None);
 
-            var latestVersion = versions.Max(version => version.Version);
-
-            return latestVersion;
+            return versions.Last() > packageReference.PackageIdentity.Version;
         }
     }
 }

Diff for: src/Services/ProjectService.cs

@@ -1,6 +1,5 @@
 using Community.VisualStudio.Toolkit;
 using NuGetMonitor.Models;
-using System;
 using System.Collections.Generic;
 using System.IO;
 using System.Linq;
@@ -13,26 +12,24 @@ namespace NuGetMonitor.Services
 {
     public static class ProjectService
     {
-        public static async Task<IEnumerable<string>> GetProjectPaths()
+        public static async Task<IEnumerable<PackageReference>> GetPackageReferences()
         {
             var projects = await VS.Solutions.GetAllProjectsAsync();
-            var projectPaths = projects.Select(project => project.FullPath);
 
-            return projectPaths;
+            return projects
+                .Select(project => project.FullPath)
+                .ToList()
+                .SelectMany(path => GetPackageReferences(path));
         }
 
-        public static IEnumerable<PackageReference> GetPackageReferences(string projectPath)
+        private static IEnumerable<PackageReference> GetPackageReferences(string projectPath)
         {
             var xml = File.ReadAllText(projectPath);
             var doc = XDocument.Parse(xml);
 
             var packageReferences = doc
                 .XPathSelectElements("//PackageReference")
-                .Select(packageReference => new PackageReference
-                {
-                    Include = packageReference.Attribute("Include").Value,
-                    Version = new Version(packageReference.Attribute("Version").Value)
-                });
+                .Select(packageReference => new PackageReference(packageReference));
 
             return packageReferences;
         }

Diff for: src/source.extension.vsixmanifest

@@ -3,7 +3,7 @@
     <Metadata>
         <Identity Id="NuGetMonitor.2a6fbffe-f3fd-4bf8-98cc-5ae2c833a1c7" Version="1.0" Language="en-US" Publisher="Samir Boulema" />
         <DisplayName>NuGetMonitor</DisplayName>
-        <Description xml:space="preserve">A Visual Studio extension that checks and notifies about available updates for the installed NuGet packages for the open solution.</Description>
+        <Description xml:space="preserve">Check and notify about available updates for the installed NuGet packages for the open solution.</Description>
         <MoreInfo>https://github.com/sboulema/NuGetMonitor</MoreInfo>
         <License>Resources\LICENSE</License>
         <GettingStartedGuide>https://github.com/sboulema/NuGetMonitor/blob/main/README.md</GettingStartedGuide>