feat: improve formatting with a summary of dependencies

[yrobla]

Closes: #20

[stacklokbot]

✅ No Invisible Unicode Characters Detected.

[yrobla]

This is a sample report:

🐻 Trusty Dependency Analysis Action Report

🔴 Failed Dependencies Summary

Name	Trusty Score	Malicious	Archived	Deprecated
bugsnagmw	0.00	❌	✅	✅
scriptoni	4.40	✅	❌	❌
notifyjs	5.70	✅	❌	✅

🟢 Successful Dependencies Summary

Name	Trusty Score
next	9.30
react	8.00

Detailed Information for Failed Dependencies

bugsnagmw	0.00
⚠ Malicious (This package is marked as Malicious. Proceed with extreme caution!)	❌

Trusty Score: 0.00 ❌

Category	Score	Passed
Repo activity	0.00	❌
Author activity	0.00	❌
Provenance	5.00	✅
Typosquatting	10.00	✅

Proof of origin (Provenance)

Number of versions	0
Number of Git Tags/Releases	0
Number of versions matched to Git Tags/Releases	0

Learn more about source of origin provenance

Alternative Packages 💡

Package	Score	Trusty Link
rollbar	5.70	rollbar

---

scriptoni	4.40
⚠ Deprecated (This package is marked as Deprecated. Proceed with caution!)	❌
⚠ Archived (This package is marked as Archived. Proceed with caution!)	❌

Trusty Score: 4.40 ❌

Category	Score	Passed
Repo activity	2.70	❌
Author activity	6.20	✅
Provenance	8.00	✅
Typosquatting	10.00	✅

Proof of origin (Provenance)

Number of versions	100
Number of Git Tags/Releases	96
Number of versions matched to Git Tags/Releases	90

Learn more about source of origin provenance

Alternative Packages 💡

Package	Score	Trusty Link
create-react-app	8.00	create-react-app
react-app-rewired	7.20	react-app-rewired
react-scripts	5.00	react-scripts
craco	3.50	craco

---

notifyjs	5.70
⚠ Archived (This package is marked as Archived. Proceed with caution!)	❌

Trusty Score: 5.70 ✅

Category	Score	Passed
Repo activity	5.00	✅
Author activity	6.50	✅
Provenance	8.00	✅
Typosquatting	10.00	✅

Proof of origin (Provenance)

Number of versions	16
Number of Git Tags/Releases	16
Number of versions matched to Git Tags/Releases	13

Learn more about source of origin provenance

Alternative Packages 💡

Package	Score	Trusty Link
node-notifier	7.10	node-notifier

---

Detailed Information for Successful Dependencies

next	9.30

Trusty Score: 9.30 ✅

Category	Score	Passed
Repo activity	10.00	✅
Author activity	8.60	✅
Provenance	10.00	✅
Typosquatting	10.00	✅

Proof of origin (Provenance)

Built and signed with sigstore using GitHub Actions.

Source repo	https://github.com/vercel/next.js
Github Action Workflow	.github/workflows/build_and_deploy.yml
Issuer	CN=sigstore-intermediate,O=sigstore.dev
Rekor Public Ledger	https://search.sigstore.dev/?logIndex=88381843

Learn more about source of origin provenance

Alternative Packages 💡

Package	Score	Trusty Link
http-proxy	8.00	http-proxy
react-router	8.00	react-router
vue-router	5.00	vue-router
react-router-dom	5.00	react-router-dom

---

react	8.00

Trusty Score: 8.00 ✅

Category	Score	Passed
Repo activity	10.00	✅
Author activity	8.20	✅
Provenance	8.00	✅
Typosquatting	10.00	✅

Proof of origin (Provenance)

Number of versions	1756
Number of Git Tags/Releases	136
Number of versions matched to Git Tags/Releases	69

Learn more about source of origin provenance

Alternative Packages 💡

Package	Score	Trusty Link
styled-components	8.00	styled-components
vue	8.00	vue
svelte	8.00	svelte
preact	7.80	preact
inferno	7.50	inferno

---

🌟 If you like this action, why not try out Minder, the secure supply chain platform. It has vastly more protections and is also free (as in 🍺) to opensource projects.

[stacklokbot]

✅ No Invisible Unicode Characters Detected.

[stacklokbot]

✅ No Mixed Scripts Detected.

[stacklokbot]

✅ No Invisible Unicode Characters Detected.

[stacklokbot]

✅ No Mixed Scripts Detected.

[stacklokbot]

✅ No Invisible Unicode Characters Detected.

[stacklokbot]

✅ No Mixed Scripts Detected.

[stacklokbot]

✅ No Invisible Unicode Characters Detected.

[stacklokbot]

✅ No Mixed Scripts Detected.

[stacklokbot]

✅ No Invisible Unicode Characters Detected.

[stacklokbot]

✅ No Mixed Scripts Detected.

[stacklokbot]

✅ No Invisible Unicode Characters Detected.

[stacklokbot]

✅ No Mixed Scripts Detected.

[lukehinds]

Sorry for the late review, I am of the mind we should not report successful to limit room even more. I can take a go at this.

[yrobla]

hi @lukehinds in the comments i pasted a example of the produced output. Can you comment the changes you would like to be done? shall we have some time to discuss about it?

[lukehinds]

I will close this if ok with you @yrobla ?