Add spinner for vulnerability checks and syncing processes

andrew · andrew · commit 22a13b176525 · 2026-01-10T10:18:22.000Z
diff --git a/lib/git/pkgs/commands/vulns/base.rb b/lib/git/pkgs/commands/vulns/base.rb
@@ -143,7 +143,9 @@ def sync_packages(packages)
 
           client = OsvClient.new
           results = begin
-            client.query_batch(packages.map { |p| p.slice(:ecosystem, :name, :version) })
+            Spinner.with_spinner("Checking vulnerabilities...") do
+              client.query_batch(packages.map { |p| p.slice(:ecosystem, :name, :version) })
+            end
           rescue OsvClient::ApiError => e
             error "Failed to query OSV API: #{e.message}"
           end
@@ -176,20 +178,22 @@ def ensure_vulns_synced
           return if packages_to_sync.empty?
 
           client = OsvClient.new
-          packages_to_sync.each_slice(100) do |batch|
-            queries = batch.map do |pkg|
-              osv_ecosystem = Ecosystems.to_osv(pkg.ecosystem)
-              next unless osv_ecosystem
+          Spinner.with_spinner("Syncing vulnerability data...") do
+            packages_to_sync.each_slice(100) do |batch|
+              queries = batch.map do |pkg|
+                osv_ecosystem = Ecosystems.to_osv(pkg.ecosystem)
+                next unless osv_ecosystem
 
-              { ecosystem: osv_ecosystem, name: pkg.name }
-            end.compact
+                { ecosystem: osv_ecosystem, name: pkg.name }
+              end.compact
 
-            results = client.query_batch(queries)
-            fetch_vulnerability_details(client, results)
+              results = client.query_batch(queries)
+              fetch_vulnerability_details(client, results)
 
-            batch.each do |pkg|
-              purl = Ecosystems.generate_purl(pkg.ecosystem, pkg.name)
-              mark_package_synced(purl, pkg.ecosystem, pkg.name) if purl
+              batch.each do |pkg|
+                purl = Ecosystems.generate_purl(pkg.ecosystem, pkg.name)
+                mark_package_synced(purl, pkg.ecosystem, pkg.name) if purl
+              end
             end
           end
         end
diff --git a/lib/git/pkgs/commands/vulns/sync.rb b/lib/git/pkgs/commands/vulns/sync.rb
@@ -66,36 +66,38 @@ def run
           synced = 0
           vuln_count = 0
 
-          packages_to_sync.each_slice(100) do |batch|
-            queries = batch.map do |pkg|
-              osv_ecosystem = Ecosystems.to_osv(pkg.ecosystem)
-              next unless osv_ecosystem
-
-              { ecosystem: osv_ecosystem, name: pkg.name }
-            end.compact
-
-            results = client.query_batch(queries)
-
-            # Collect all unique vuln IDs from this batch to fetch full details
-            vuln_ids = results.flatten.map { |v| v["id"] }.uniq
-
-            # Fetch full vulnerability details and create records
-            vuln_ids.each do |vuln_id|
-              existing = Models::Vulnerability.first(id: vuln_id)
-              next if existing&.vulnerability_packages&.any? && !@options[:refresh]
-
-              begin
-                full_vuln = client.get_vulnerability(vuln_id)
-                Models::Vulnerability.from_osv(full_vuln)
-                vuln_count += 1
-              rescue OsvClient::ApiError
-                # Skip vulnerabilities we can't fetch
+          Spinner.with_spinner("Fetching from OSV...") do
+            packages_to_sync.each_slice(100) do |batch|
+              queries = batch.map do |pkg|
+                osv_ecosystem = Ecosystems.to_osv(pkg.ecosystem)
+                next unless osv_ecosystem
+
+                { ecosystem: osv_ecosystem, name: pkg.name }
+              end.compact
+
+              results = client.query_batch(queries)
+
+              # Collect all unique vuln IDs from this batch to fetch full details
+              vuln_ids = results.flatten.map { |v| v["id"] }.uniq
+
+              # Fetch full vulnerability details and create records
+              vuln_ids.each do |vuln_id|
+                existing = Models::Vulnerability.first(id: vuln_id)
+                next if existing&.vulnerability_packages&.any? && !@options[:refresh]
+
+                begin
+                  full_vuln = client.get_vulnerability(vuln_id)
+                  Models::Vulnerability.from_osv(full_vuln)
+                  vuln_count += 1
+                rescue OsvClient::ApiError
+                  # Skip vulnerabilities we can't fetch
+                end
               end
-            end
 
-            batch.each do |pkg|
-              pkg.mark_vulns_synced
-              synced += 1
+              batch.each do |pkg|
+                pkg.mark_vulns_synced
+                synced += 1
+              end
             end
           end
 
