Index: openacs-4/packages/acs-tcl/acs-tcl.info
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/acs-tcl.info,v
diff -u -r1.95.2.70 -r1.95.2.71
--- openacs-4/packages/acs-tcl/acs-tcl.info	24 Jul 2024 13:25:40 -0000	1.95.2.70
+++ openacs-4/packages/acs-tcl/acs-tcl.info	5 Aug 2024 14:42:53 -0000	1.95.2.71
@@ -9,7 +9,7 @@
     <implements-subsite-p>f</implements-subsite-p>
     <inherit-templates-p>t</inherit-templates-p>
 
-    <version name="5.10.1b6" url="http://openacs.org/repository/download/apm/acs-tcl-5.10.1b6.apm">
+    <version name="5.10.1b7" url="http://openacs.org/repository/download/apm/acs-tcl-5.10.1b7.apm">
         <owner url="http://openacs.org">OpenACS</owner>
         <summary>The Kernel Tcl API library.</summary>
         <release-date>2023-05-15</release-date>
@@ -18,7 +18,7 @@
         <license>GPL version 2</license>
         <maturity>3</maturity>
 
-        <provides url="acs-tcl" version="5.10.1b6"/>
+        <provides url="acs-tcl" version="5.10.1b7"/>
         <requires url="acs-bootstrap-installer" version="5.10.1b1"/>
         <requires url="acs-kernel" version="5.10.1b4"/>
 
Index: openacs-4/packages/acs-tcl/lib/check-installed.adp
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/lib/check-installed.adp,v
diff -u -r1.1.2.8 -r1.1.2.9
--- openacs-4/packages/acs-tcl/lib/check-installed.adp	1 Aug 2024 12:35:08 -0000	1.1.2.8
+++ openacs-4/packages/acs-tcl/lib/check-installed.adp	5 Aug 2024 14:42:53 -0000	1.1.2.9
@@ -1,7 +1,7 @@
 <p>
 The configured version of @resource_name@ is
-<strong>@version@</strong><small> <adp:icon title="Configured via @configured_via@" name="form-info-sign"></small>
-(newest version on cdnjs: @newest_version@).
+<i>@version@</i><small> <adp:icon title="Configured via @configured_via@" name="form-info-sign"></small>
+(newest version on cdnjs: <i>@newest_version@</i>).
 <ul class="action-links ms-3">
 <if @modifyPackageParameterURL@ not nil>
 <li>You might <a title="Change the value of the package parameter @parameter_name@" href="@modifyPackageParameterURL@">modify the parameter value</a> or
@@ -18,8 +18,12 @@
 </if>
 <if @vulnerabilityCheckURL@ not nil>
   <li>You might check on Synk the
-    <if @vulnerabilityCheckVersionURL@ not nil>a
-    vulnerability status for version <a href="@vulnerabilityCheckVersionURL@">@version@</a> and
+    <if @vulnerabilityCheckVersionURL@ not nil>a vulnerability status for version
+    <a href="@vulnerabilityCheckVersionURL@" title="Check includes only direct vulnerabilities">@version@<sup>
+    <if @vulnerabilityCheckResult@ true><span class="text-danger"><adp:icon name="warn"></span></if>
+    <else><span class="text-success"><adp:icon name="radio-checked"></span></else>
+    </sup>
+    </a> and
     </if>
     for <a href="@vulnerabilityCheckURL@">all released versions</a> of @resource_name@. 
   </li>
Index: openacs-4/packages/acs-tcl/lib/check-installed.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/lib/check-installed.tcl,v
diff -u -r1.3.2.14 -r1.3.2.15
--- openacs-4/packages/acs-tcl/lib/check-installed.tcl	1 Aug 2024 12:35:08 -0000	1.3.2.14
+++ openacs-4/packages/acs-tcl/lib/check-installed.tcl	5 Aug 2024 14:42:53 -0000	1.3.2.15
@@ -106,29 +106,22 @@
     }
 }
 
-#ns_log notice "vulnerabilityCheck configured: [dict exists $resource_info vulnerabilityCheck]"
 if {[dict exists $resource_info vulnerabilityCheck]} {
     set vulnerabilityCheck [dict get $resource_info vulnerabilityCheck]
     dict with vulnerabilityCheck {
-        switch $service {
-            snyk {
-                set vulnerabilityCheckURL https://snyk.io/advisor/npm-package/$library
-                set vulnerabilityCheckVersionURL https://security.snyk.io/package/npm/$library/$version
-                set page [::util::resources::http_get_with_default \
-                              -url $vulnerabilityCheckVersionURL \
-                              -key snyk-$library/$version]
-                if {$page eq ""} {
-                    unset vulnerabilityCheckVersionURL
-                    ns_log notice "vulnerabilityCheck: request failed $vulnerabilityCheckVersionURL"
-                } else {
-                    ns_log notice "vulnerabilityCheck: keep vulnerabilityCheckVersionURL $vulnerabilityCheckVersionURL"
-                }
-            }
-            default "vulnerabilityCheck: unknown service '$service'"
+        set result [::util::resources::check_vulnerability \
+                        -service $service \
+                        -library $library \
+                        -version $version]
+        if {[dict get $result hasVulnerability] ne "?"} {
+            set vulnerabilityCheckURL [dict get $result libraryURL]
+            set vulnerabilityCheckVersionURL [dict get $result versionURL]
+            set vulnerabilityCheckResult [dict get $result hasVulnerability]
         }
     }
 }
 
+
 foreach url {versionCheckURL vulnerabilityCheck} {
     if {[dict exists $resource_info $url]} {
         set $url [dict get $resource_info $url]
Index: openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl,v
diff -u -r1.189.2.191 -r1.189.2.192
--- openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl	30 Jul 2024 17:53:44 -0000	1.189.2.191
+++ openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl	5 Aug 2024 14:42:53 -0000	1.189.2.192
@@ -4422,6 +4422,45 @@
     } {
         return https://api.cdnjs.com/libraries?search=$library&search_fields=name&fields=filename,description,version&limit=$count
     }
+
+
+    ad_proc -public ::util::resources::check_vulnerability {
+        {-service:required}
+        {-library:required}
+        {-version:required}
+    } {
+
+        Return a dict containing vulnerability info with the keys
+        "hasVulnerability", "libraryURL" and "versionURL"
+
+        @param service name of the vulnerability checking service (currently only synk)
+        @param library name of the library as named by the vulnerability service
+        @param version version of the library to be checked
+
+    } {
+        set hasVulnerability ?
+        switch $service {
+            snyk {
+                set vulnerabilityCheckURL https://security.snyk.io/package/npm/$library
+                set vulnerabilityCheckVersionURL https://security.snyk.io/package/npm/$library/$version
+                set page [::util::resources::http_get_with_default \
+                              -url $vulnerabilityCheckVersionURL \
+                              -key snyk-$library/$version]
+                if {$page eq ""} {
+                    unset vulnerabilityCheckVersionURL
+                    ns_log notice "check_vulnerability: request failed $vulnerabilityCheckVersionURL"
+                } else {
+                    set hasVulnerability [string match "*PackageVulnerabilitiesTable*" $page]
+                    #ns_log notice RESULT=$page
+                }
+            }
+            default {
+                error "check_vulnerability: unknown service '$service'"
+            }
+        }
+        ns_log notice "=== check_vulnerability for $library @$version -> $hasVulnerability"
+        return [list hasVulnerability $hasVulnerability libraryURL $vulnerabilityCheckURL versionURL $vulnerabilityCheckVersionURL]
+    }
 }
 
 ad_proc -deprecated ad_tcl_vars_to_ns_set {