Gemnasium gem has been deprecated. Please use the Gemnasium Toolbelt instead!
This gem lets you push your dependency files to Gemnasium to track your project's dependencies and get notified about updates and security advisories.
Gemnasium app offers Github integration with fully automated synchronization but you can use this gem if you don't want to authorize access to your repositories (ie: for privacy concern).
Supported dependency files are:
Gemfile, Gemfile.lock and *.gemspecpackage.json and npm-shrinkwrap.jsonrequirements.txt, setup.py and requires.txtcomposer.json and composer.lockAdd this line to your application's Gemfile:
gem 'gemnasium'
Or in your terminal:
$ gem install gemnasium
Add configuration file in your project
$ gemnasium install
Install command supports 2 options : --rake and --git to respectively install the gemnasium rake task and a post-commit git hook.
gemnasium install will add the config/gemnasium.yml file to your .gitignore so your private API key won't be committed. If you use another versionning system, please remember to ignore this file.
Warning: your api key is dedicated to your own user account and must not be published!
Fill the values of the new config/gemnasium.yml file.
Migrate your configuration file:
$ gemnasium migrate
Convert your project name to a unique "project slug":
$ gemnasium resolve
The resolve command will update your configuration file.
There is multiple ways to use the gemnasium gem. You can choose whichever you prefer.
Using gemnasium from the command line is as simple as typing gemnasium [command] :
To create a project on Gemnasium:
$ gemnasium create
Create command will look for data in your config/gemnasium.yml configuration file to create a project.
Please note that automatic Github synchronization will be dropped once project is configured with this gem.
To push your dependency files on Gemnasium:
$ gemnasium push
Gemnasium gem comes with a rake task ready to be used. To use it, you need to install it via: gemnasium install --rake
Once installed, you'll have access to 2 tasks:
To create a project on Gemnasium:
$ rake gemnasium:create
Create command will look for data in your config/gemnasium.yml configuration file to create a project.
Please note that automatic Github synchronization will be dropped once project is configured with this gem.
To push your dependency files on Gemnasium:
$ rake gemnasium:push
We wrote for you a ready-to-use post-commit git hook.
Once installed via gemnasium install --git, the gem will push your dependency files after each commit only if they have changed.
If you need to use Gemnasium gem right into your code, you can do so just like below:
require 'gemnasium'
# To install gemnasium files
#
# options is a Hash which can contain the following keys:
# project_path (required) - [String] path to the project
# install_rake_task - [Boolean] whether or not to install the rake task
# install_git_hook - [Boolean] whether or not to install the git hook
Gemnasium.install(options)
# To create your project on gemnasium
#
# options is a Hash which can contain the following keys:
# project_path (required) - [String] path to the project
Gemnasium.create_project(options)
# To push supported dependency files to gemnasium
#
# options is a Hash which can contain the following keys:
# project_path (required) - [String] path to the project
Gemnasium.push(options)
Here is a sample config file:
api_key: "some_secret_api_key"
project_name: "vandamme"
project_slug: "40d7fafbc32fe0c9e5b84ecacd71012c"
project_branch: "master"
ignored_paths:
- spec/
- tmp/
This will handle the dependencies of the vandamme project on master branch. Gemnasium gem will also ignore the project dependency files found in spec/ and tmp/.
Gemnasium will try to display the most accurate error message when something goes wrong.
Though, if you're stil stuck with something, feel free to contact Gemnasium support.
FAQs
Unknown package
We found that gemnasium demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Create React App is officially deprecated due to React 19 issues and lack of maintenance—developers should switch to Vite or other modern alternatives.
Security News
Oracle seeks to dismiss fraud claims in the JavaScript trademark dispute, delaying the case and avoiding questions about its right to the name.
Security News
The Linux Foundation is warning open source developers that compliance with global sanctions is mandatory, highlighting legal risks and restrictions on contributions.