dennisdoomen · dennisdoomen · Jun 8, 2026
diff --git a/.editorconfig b/.editorconfig
diff --git a/Build/Configuration.cs b/Build/Configuration.cs
@@ -4,8 +4,15 @@
 [TypeConverter(typeof(TypeConverter<Configuration>))]
 public class Configuration : Enumeration
 {
-    public static Configuration Debug = new() { Value = nameof(Debug) };
-    public static Configuration Release = new() { Value = nameof(Release) };
+    public static Configuration Debug = new()
+    {
+        Value = nameof(Debug)
+    };
+
+    public static Configuration Release = new()
+    {
+        Value = nameof(Release)
+    };
 
     public static implicit operator string(Configuration configuration)
     {

diff --git a/Src/PackageGuard.Core/CSharp/CSharpProjectAnalysisStrategy.cs b/Src/PackageGuard.Core/CSharp/CSharpProjectAnalysisStrategy.cs
@@ -231,7 +231,8 @@ private static Dictionary<string, string[]> BuildDependencyKeys(LockFile lockFil
                 .Select(dependency => target.Libraries.FirstOrDefault(l =>
                     string.Equals(l.Name, dependency.Id, StringComparison.OrdinalIgnoreCase)))
                 .Where(dependencyLibrary => dependencyLibrary is not null)
-                .Select(dependencyLibrary => PackageInfo.CreatePackageKey(dependencyLibrary!.Name!, dependencyLibrary.Version!.ToNormalizedString()))
+                .Select(dependencyLibrary =>
+                    PackageInfo.CreatePackageKey(dependencyLibrary!.Name!, dependencyLibrary.Version!.ToNormalizedString()))
                 .ToArray();
 
             if (library.Version is not null && !string.IsNullOrWhiteSpace(library.Name))
@@ -270,5 +271,4 @@ private static HashSet<string> FindPackagesDependingOnPreOneZeroPackages(LockFil
 
         return result;
     }
-
 }
diff --git a/Src/PackageGuard.Core/CSharp/NuGetPackageAnalyzer.cs b/Src/PackageGuard.Core/CSharp/NuGetPackageAnalyzer.cs
@@ -154,7 +154,8 @@ private void EnsureCredentialProvidersConfigured()
         {
             if (!credentialProvidersConfigured)
             {
-                DefaultCredentialServiceUtility.SetupDefaultCredentialService(NullLogger.Instance, nonInteractive: !InteractiveRestore);
+                DefaultCredentialServiceUtility.SetupDefaultCredentialService(NullLogger.Instance,
+                    nonInteractive: !InteractiveRestore);
 
                 credentialProvidersConfigured = true;
             }

diff --git a/Src/PackageGuard.Core/CiHealthRiskFactor.cs b/Src/PackageGuard.Core/CiHealthRiskFactor.cs
@@ -38,7 +38,8 @@ public RiskFactorContribution Evaluate(PackageInfo package)
         if (package.HasFlakyWorkflowPattern is true)
         {
             risk += 0.5;
-            rationale.Add(RiskEvaluationHelpers.CreateRationale("CI workflow history shows a potentially flaky failure pattern", 0.5));
+            rationale.Add(RiskEvaluationHelpers.CreateRationale("CI workflow history shows a potentially flaky failure pattern",
+                0.5));
         }
 
         if (package.HasRecentSuccessfulWorkflowRun is false)
@@ -54,11 +55,14 @@ public RiskFactorContribution Evaluate(PackageInfo package)
         if (package.RequiredStatusCheckCount is 0)
         {
             risk += 0.5;
-            rationale.Add(RiskEvaluationHelpers.CreateRationale("No required status checks were detected on the default branch", 0.5));
+            rationale.Add(RiskEvaluationHelpers.CreateRationale("No required status checks were detected on the default branch",
+                0.5));
         }
         else if (package.RequiredStatusCheckCount is > 0)
         {
-            rationale.Add(RiskEvaluationHelpers.CreateRationale($"Required status checks are configured ({package.RequiredStatusCheckCount})", 0.0));
+            rationale.Add(
+                RiskEvaluationHelpers.CreateRationale(
+                    $"Required status checks are configured ({package.RequiredStatusCheckCount})", 0.0));
         }
 
         if (package.WorkflowPlatformCount is < 2)

diff --git a/Src/PackageGuard.Core/ContributorHealthRiskFactor.cs b/Src/PackageGuard.Core/ContributorHealthRiskFactor.cs
@@ -30,12 +30,14 @@ public RiskFactorContribution Evaluate(PackageInfo package)
         if (package.RecentMaintainerCount is < 2)
         {
             risk += 1.0;
-            rationale.Add(RiskEvaluationHelpers.CreateRationale($"Very few active maintainers in the last 6 months ({package.RecentMaintainerCount})", 1.0));
+            rationale.Add(RiskEvaluationHelpers.CreateRationale(
+                $"Very few active maintainers in the last 6 months ({package.RecentMaintainerCount})", 1.0));
         }
         else if (package.RecentMaintainerCount is < 4)
         {
             risk += 0.5;
-            rationale.Add(RiskEvaluationHelpers.CreateRationale($"Limited active maintainer pool in the last 6 months ({package.RecentMaintainerCount})", 0.5));
+            rationale.Add(RiskEvaluationHelpers.CreateRationale(
+                $"Limited active maintainer pool in the last 6 months ({package.RecentMaintainerCount})", 0.5));
         }
 
         if (package.MedianMaintainerActivityDays is > 180)

diff --git a/Src/PackageGuard.Core/DependencyHealthCountEnricher.cs b/Src/PackageGuard.Core/DependencyHealthCountEnricher.cs
@@ -20,13 +20,12 @@ internal sealed class DependencyHealthCountEnricher(IReadOnlyDictionary<string,
     public Task EnrichAsync(PackageInfo package)
     {
         var visited = new HashSet<string>(StringComparer.OrdinalIgnoreCase);
-        (int staleCount, int abandonedCount, int deprecatedCount, int unmaintainedCriticalCount) =
-            CountDependencyHealth(package, visited);
+        DependencyHealthCounts counts = CountDependencyHealth(package, visited);
 
-        package.StaleTransitiveDependencyCount = staleCount;
-        package.AbandonedTransitiveDependencyCount = abandonedCount;
-        package.DeprecatedTransitiveDependencyCount = deprecatedCount;
-        package.UnmaintainedCriticalTransitiveDependencyCount = unmaintainedCriticalCount;
+        package.StaleTransitiveDependencyCount = counts.StaleCount;
+        package.AbandonedTransitiveDependencyCount = counts.AbandonedCount;
+        package.DeprecatedTransitiveDependencyCount = counts.DeprecatedCount;
+        package.UnmaintainedCriticalTransitiveDependencyCount = counts.UnmaintainedCriticalCount;
 
         return Task.CompletedTask;
     }
@@ -35,8 +34,7 @@ public Task EnrichAsync(PackageInfo package)
     /// Recursively counts the number of unique stale, abandoned, deprecated, and unmaintained-critical
     /// transitive dependencies of <paramref name="package"/>, avoiding cycles via <paramref name="visited"/>.
     /// </summary>
-    private (int staleCount, int abandonedCount, int deprecatedCount, int unmaintainedCriticalCount) CountDependencyHealth(
-        PackageInfo package, HashSet<string> visited)
+    private DependencyHealthCounts CountDependencyHealth(PackageInfo package, HashSet<string> visited)
     {
         int staleCount = 0;
         int abandonedCount = 0;
@@ -75,15 +73,15 @@ public Task EnrichAsync(PackageInfo package)
                 unmaintainedCriticalCount++;
             }
 
-            (int nestedStale, int nestedAbandoned, int nestedDeprecated, int nestedUnmaintainedCritical) =
-                CountDependencyHealth(dependency, visited);
-            staleCount += nestedStale;
-            abandonedCount += nestedAbandoned;
-            deprecatedCount += nestedDeprecated;
-            unmaintainedCriticalCount += nestedUnmaintainedCritical;
+            DependencyHealthCounts nested = CountDependencyHealth(dependency, visited);
+
+            staleCount += nested.StaleCount;
+            abandonedCount += nested.AbandonedCount;
+            deprecatedCount += nested.DeprecatedCount;
+            unmaintainedCriticalCount += nested.UnmaintainedCriticalCount;
         }
 
-        return (staleCount, abandonedCount, deprecatedCount, unmaintainedCriticalCount);
+        return new DependencyHealthCounts(staleCount, abandonedCount, deprecatedCount, unmaintainedCriticalCount);
     }
 
     /// <summary>

diff --git a/Src/PackageGuard.Core/DependencyHealthCounts.cs b/Src/PackageGuard.Core/DependencyHealthCounts.cs
@@ -0,0 +1,10 @@
+namespace PackageGuard.Core;
+
+/// <summary>
+/// Holds the counts of transitive dependency health issues for a package.
+/// </summary>
+internal sealed record DependencyHealthCounts(
+    int StaleCount,
+    int AbandonedCount,
+    int DeprecatedCount,
+    int UnmaintainedCriticalCount);
diff --git a/Src/PackageGuard.Core/DocumentationRiskFactor.cs b/Src/PackageGuard.Core/DocumentationRiskFactor.cs
@@ -56,6 +56,7 @@ public RiskFactorContribution Evaluate(PackageInfo package)
 
         bool hasAcceptableReleaseHistory = package.HasReleaseNotes is true ||
                                            (package.HasChangelog is true && package.HasDefaultChangelog is not true);
+
         if (!hasAcceptableReleaseHistory)
         {
             risk += 0.5;