Add multiple uv.lock file support

Changed uv_lock_path from an option to an argument list and updated pre-commit hooks to pass all uv.lock files.

.pre-commit-hooks.yaml

@@ -3,4 +3,4 @@
   description: "Run 'uv-secure' to check uv.lock dependencies for known vulnerabilities"
   entry: uv-secure
   language: python
-  pass_filenames: false
+  files: (^|[/\\])uv\.lock$

README.md

@@ -29,12 +29,14 @@ After installation you can run uv-secure --help to see the options.
 ```text
 >> uv-secure --help
 
- Usage: uv-secure [OPTIONS]
+ Usage: run.py [OPTIONS] [UV_LOCK_PATHS]...
 
- Parse a uv.lock file, check vulnerabilities, and display summary.
+ Parse uv.lock files, check vulnerabilities, and display summary.
 
+╭─ Arguments ──────────────────────────────────────────────────────────────────────────╮
+│   uv_lock_paths      [UV_LOCK_PATHS]...  Paths to the uv.lock files [default: None]  │
+╰──────────────────────────────────────────────────────────────────────────────────────╯
 ╭─ Options ────────────────────────────────────────────────────────────────────────────╮
-│ --uv-lock-path        -p      PATH  Path to the uv.lock file [default: uv.lock]      │
 │ --ignore              -i      TEXT  Comma-separated list of vulnerability IDs to     │
 │                                     ignore, e.g. VULN-123,VULN-456                   │
 │ --version                           Show the application's version                   │

src/uv_secure/run.py

@@ -93,14 +93,15 @@ async def check_all_vulnerabilities(
 def check_dependencies(uv_lock_path: Path, ignore_ids: list[str]) -> int:
     """Checks dependencies for vulnerabilities and summarizes the results."""
     console = Console()
-    inf = inflect.engine()
 
     if not uv_lock_path.exists():
         console.print(f"[bold red]Error:[/] File {uv_lock_path} does not exist.")
         raise typer.Exit(1)
 
     dependencies = parse_uv_lock_file(uv_lock_path)
-    console.print("[bold cyan]Checking dependencies for vulnerabilities...[/]")
+    console.print(
+        f"[bold cyan]Checking {uv_lock_path} dependencies for vulnerabilities...[/]"
+    )
 
     results = asyncio.run(check_all_vulnerabilities(dependencies))
 
@@ -168,9 +169,7 @@ def version_callback(value: bool) -> None:
         raise typer.Exit()
 
 
-_uv_lock_path_option = typer.Option(
-    Path("./uv.lock"), "--uv-lock-path", "-p", help="Path to the uv.lock file"
-)
+_uv_lock_path_args = typer.Argument(None, help="Paths to the uv.lock files")
 
 
 _ignore_option = typer.Option(
@@ -191,15 +190,19 @@ def version_callback(value: bool) -> None:
 
 @app.command()
 def main(
-    uv_lock_path: Path = _uv_lock_path_option,
+    uv_lock_paths: Optional[list[Path]] = _uv_lock_path_args,
     ignore: str = _ignore_option,
     version: bool = _version_option,
 ) -> None:
-    """Parse a uv.lock file, check vulnerabilities, and display summary."""
+    """Parse uv.lock files, check vulnerabilities, and display summary."""
+    if not uv_lock_paths:
+        uv_lock_paths = [Path("./uv.lock")]
     ignore_ids = [vuln_id.strip() for vuln_id in ignore.split(",") if vuln_id.strip()]
-    status = check_dependencies(uv_lock_path, ignore_ids)
-    if status != 0:
-        raise typer.Exit(code=status)
+
+    for uv_lock_path in uv_lock_paths:
+        status = check_dependencies(uv_lock_path, ignore_ids)
+        if status != 0:
+            raise typer.Exit(code=status)
 
 
 if __name__ == "__main__":

tests/uv_secure/test_run.py

@@ -38,7 +38,7 @@ def test_app_no_vulnerabilities(temp_uv_lock_file: Path, httpx_mock: HTTPXMock)
         json={"vulnerabilities": []},
     )
 
-    result = runner.invoke(app, ("--uv-lock-path", temp_uv_lock_file))
+    result = runner.invoke(app, [str(temp_uv_lock_file)])
 
     # Assertions
     assert result.exit_code == 0
@@ -66,7 +66,7 @@ def test_check_dependencies_with_vulnerability(
         },
     )
 
-    result = runner.invoke(app, ("--uv-lock-path", temp_uv_lock_file))
+    result = runner.invoke(app, [str(temp_uv_lock_file)])
 
     # Assertions
     assert result.exit_code == 1