@anren-utils/mcp-audit 1.0.0 → 1.0.1

package/dist/utils/dirUtils.d.ts

@@ -1,11 +0,0 @@
-/**
- * @Desc: 创建工作目录
- * @return {string} 工作目录路径
- */
-export declare function createWorkDir(workDirPath?: string): Promise<string>;
-/**
- * @Desc: 删除工作目录
- * @param {string} workDir 工作目录路径
- */
-export declare function deleteWorkDir(workDir?: string): Promise<void>;
-//# sourceMappingURL=dirUtils.d.ts.map

package/dist/utils/dirUtils.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"dirUtils.d.ts","sourceRoot":"","sources":["../../src/utils/dirUtils.ts"],"names":[],"mappings":"AAcA;;;GAGG;AACH,wBAAsB,aAAa,CAAC,WAAW,SAAe,mBAI7D;AAED;;;GAGG;AACH,wBAAsB,aAAa,CAAC,OAAO,SAAe,iBAEzD"}

package/dist/utils/dirUtils.js

@@ -1,28 +0,0 @@
-import fs from "fs";
-import { join } from "path";
-import { getDirname, uniqueId } from "./index.js";
-// 获取当前文件的目录名称
-const __dirname = getDirname(import.meta.url);
-// 获取上两级目录（项目根目录）
-const basepath = join(__dirname, "../..");
-// 定义工作目录路径
-const workBasePath = join(basepath, "work");
-// 确保工作目录存在
-fs.mkdirSync(workBasePath, { recursive: true });
-/**
- * @Desc: 创建工作目录
- * @return {string} 工作目录路径
- */
-export async function createWorkDir(workDirPath = workBasePath) {
-    const workDir = join(workDirPath, uniqueId());
-    await fs.promises.mkdir(workDir, { recursive: true });
-    return workDir;
-}
-/**
- * @Desc: 删除工作目录
- * @param {string} workDir 工作目录路径
- */
-export async function deleteWorkDir(workDir = workBasePath) {
-    await fs.promises.rm(workDir, { recursive: true, force: true });
-}
-//# sourceMappingURL=dirUtils.js.map

package/dist/utils/dirUtils.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"dirUtils.js","sourceRoot":"","sources":["../../src/utils/dirUtils.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AAElD,cAAc;AACd,MAAM,SAAS,GAAG,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAE9C,iBAAiB;AACjB,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;AAC1C,WAAW;AACX,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;AAC5C,WAAW;AACX,EAAE,CAAC,SAAS,CAAC,YAAY,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;AAEhD;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,WAAW,GAAG,YAAY;IAC5D,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,EAAE,QAAQ,EAAE,CAAC,CAAC;IAC9C,MAAM,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACtD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,OAAO,GAAG,YAAY;IACxD,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;AAClE,CAAC"}

package/dist/utils/index.d.ts

@@ -1,34 +0,0 @@
-import type { RemoteProjectUrlInfo } from "../parseProject/parseRemoteProject.js";
-/**
- * @Desc: 执行shell命令
- * @return {*}
- * @param {string} cmd 命令
- * @param {string} cwd 工作目录
- */
-export declare function runCommand(cmd: string, cwd: string): Promise<string>;
-/**
- * @Desc: 生成唯一ID
- * @return {string} 唯一ID
- */
-export declare function uniqueId(): string;
-/**
- * @Desc: 获取文件名
- * @return {string} 文件名
- * @param {string} importMetaUrl 导入元URL
- */
-export declare function getFilename(importMetaUrl: string): string;
-/**
- * @Desc: 获取文件目录
- * @return {string} 文件目录
- * @param {string} importMetaUrl 导入元URL
- */
-export declare function getDirname(importMetaUrl: string): string;
-/**
- * @Desc: 根据不同的平台类型，得到获取文件内容的链接
- * @param {RemoteProjectUrlInfo} gitInfo 仓库URL信息
- * @param {string} branchName 分支名称
- * @param {string} path 文件路径
- * @return {string} 获取文件内容的链接
- */
-export declare function getReadFileUrl(gitInfo: RemoteProjectUrlInfo, branchName: string, path: string): string;
-//# sourceMappingURL=index.d.ts.map

package/dist/utils/index.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/utils/index.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,uCAAuC,CAAC;AASlF;;;;;GAKG;AACH,wBAAsB,UAAU,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,mBAexD;AAED;;;GAGG;AACH,wBAAgB,QAAQ,WAEvB;AAED;;;;GAIG;AACH,wBAAgB,WAAW,CAAC,aAAa,EAAE,MAAM,UAEhD;AAED;;;;GAIG;AACH,wBAAgB,UAAU,CAAC,aAAa,EAAE,MAAM,UAE/C;AAED;;;;;;GAMG;AACH,wBAAgB,cAAc,CAC5B,OAAO,EAAE,oBAAoB,EAC7B,UAAU,EAAE,MAAM,EAClB,IAAI,EAAE,MAAM,UAeb"}

package/dist/utils/index.js

@@ -1,74 +0,0 @@
-import { dirname } from "path";
-import { fileURLToPath } from "url";
-import { exec } from "child_process";
-import { promisify } from "util";
-const execAsync = promisify(exec);
-/**
- * @Desc: 执行shell命令
- * @return {*}
- * @param {string} cmd 命令
- * @param {string} cwd 工作目录
- */
-export async function runCommand(cmd, cwd) {
-    try {
-        const stdout = await execAsync(cmd, {
-            cwd,
-            // stdio: ["ignore", "pipe", "pipe"],
-        });
-        // 返回 audit 的 JSON 结果
-        return stdout.stdout.toString();
-    }
-    catch (err) {
-        const error = err;
-        if (error.stdout) {
-            return error.stdout.toString();
-        }
-        throw err;
-    }
-}
-/**
- * @Desc: 生成唯一ID
- * @return {string} 唯一ID
- */
-export function uniqueId() {
-    return Math.random().toString(36).substring(2, 15) + Date.now().toString(36);
-}
-/**
- * @Desc: 获取文件名
- * @return {string} 文件名
- * @param {string} importMetaUrl 导入元URL
- */
-export function getFilename(importMetaUrl) {
-    return fileURLToPath(importMetaUrl);
-}
-/**
- * @Desc: 获取文件目录
- * @return {string} 文件目录
- * @param {string} importMetaUrl 导入元URL
- */
-export function getDirname(importMetaUrl) {
-    return dirname(getFilename(importMetaUrl));
-}
-/**
- * @Desc: 根据不同的平台类型，得到获取文件内容的链接
- * @param {RemoteProjectUrlInfo} gitInfo 仓库URL信息
- * @param {string} branchName 分支名称
- * @param {string} path 文件路径
- * @return {string} 获取文件内容的链接
- */
-export function getReadFileUrl(gitInfo, branchName, path) {
-    const { owner, repo, platform } = gitInfo;
-    switch (platform) {
-        case "github":
-            return `https://raw.githubusercontent.com/${owner}/${repo}/${branchName}/${path}`;
-        case "gitee":
-            // return `https://raw.gitee.com/${owner}/${repo}/${branchName}/${path}`;
-            return `https://gitee.com/${owner}/${repo}/raw/${branchName}/${path}`;
-        case "gitlab":
-            // return `https://rawlab.com/${owner}/${repo}/${branchName}/${path}`;
-            return `https://gitlab.com/${owner}/${repo}/-/raw/${branchName}/${path}`;
-        default:
-            throw new Error(`Unsupported platform: ${platform}`);
-    }
-}
-//# sourceMappingURL=index.js.map

package/dist/utils/index.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/utils/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AAC/B,OAAO,EAAE,aAAa,EAAE,MAAM,KAAK,CAAC;AACpC,OAAO,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AACrC,OAAO,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AAGjC,MAAM,SAAS,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;AAOlC;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,GAAW,EAAE,GAAW;IACvD,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,GAAG,EAAE;YAClC,GAAG;YACH,qCAAqC;SACtC,CAAC,CAAC;QACH,qBAAqB;QACrB,OAAO,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;IAClC,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,MAAM,KAAK,GAAG,GAAqB,CAAC;QACpC,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;YACjB,OAAO,KAAK,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;QACjC,CAAC;QACD,MAAM,GAAG,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,QAAQ;IACtB,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;AAC/E,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,WAAW,CAAC,aAAqB;IAC/C,OAAO,aAAa,CAAC,aAAa,CAAC,CAAC;AACtC,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,UAAU,CAAC,aAAqB;IAC9C,OAAO,OAAO,CAAC,WAAW,CAAC,aAAa,CAAC,CAAC,CAAC;AAC7C,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,cAAc,CAC5B,OAA6B,EAC7B,UAAkB,EAClB,IAAY;IAEZ,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC;IAC1C,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,QAAQ;YACX,OAAO,qCAAqC,KAAK,IAAI,IAAI,IAAI,UAAU,IAAI,IAAI,EAAE,CAAC;QACpF,KAAK,OAAO;YACV,yEAAyE;YACzE,OAAO,qBAAqB,KAAK,IAAI,IAAI,QAAQ,UAAU,IAAI,IAAI,EAAE,CAAC;QACxE,KAAK,QAAQ;YACX,sEAAsE;YACtE,OAAO,sBAAsB,KAAK,IAAI,IAAI,UAAU,UAAU,IAAI,IAAI,EAAE,CAAC;QAC3E;YACE,MAAM,IAAI,KAAK,CAAC,yBAAyB,QAAQ,EAAE,CAAC,CAAC;IACzD,CAAC;AACH,CAAC"}

package/eslint.config.js

@@ -1,38 +0,0 @@
-import js from "@eslint/js";
-import tseslint from "@typescript-eslint/eslint-plugin";
-import tsparser from "@typescript-eslint/parser";
-import globals from "globals";
-
-export default [
-  js.configs.recommended,
-  {
-    files: ["**/*.ts"],
-    languageOptions: {
-      parser: tsparser,
-      parserOptions: {
-        ecmaVersion: "latest",
-        sourceType: "module",
-      },
-      globals: {
-        ...globals.node,
-        console: "readonly",
-        process: "readonly",
-        Buffer: "readonly",
-        __dirname: "readonly",
-        __filename: "readonly",
-      },
-    },
-    plugins: {
-      "@typescript-eslint": tseslint,
-    },
-    rules: {
-      ...tseslint.configs.recommended.rules,
-      "@typescript-eslint/no-unused-vars": "warn",
-      "@typescript-eslint/no-explicit-any": "warn",
-      "no-console": "off",
-    },
-  },
-  {
-    ignores: ["node_modules/**", "dist/**"],
-  },
-];

package/src/audit/auditUtils.ts

@@ -1,24 +0,0 @@
-import type { AuditResult } from "../types.js";
-import { runCommand } from "../utils/index.js";
-
-/**
- * @Desc: 执行npm audit命令，返回审计结果
- * @param {string} workDir
- */
-export async function npmAudit(workDir: string) {
-  const cmd = `npm audit --json`;
-  const jsonResult = await runCommand(cmd, workDir); // 在工作目录中执行命令
-  const auditData = JSON.parse(jsonResult) as AuditResult;
-  return auditData;
-}
-
-/**
- * @Desc: 执行pnpm audit命令，返回审计结果
- * @param {string} workDir
- */
-export async function pnpmAudit(workDir: string) {
-  const cmd = `pnpm audit --json`;
-  const jsonResult = await runCommand(cmd, workDir); // 在工作目录中执行命令
-  const auditData = JSON.parse(jsonResult) as AuditResult;
-  return auditData;
-}

package/src/audit/currentAudit.ts

@@ -1,116 +0,0 @@
-import type { AuditSeverity } from "../types.js";
-import { remoteAudit } from "./remoteAudit.js";
-
-/**
- * 单个漏洞问题的详细信息
- */
-interface Problem {
-  /** 漏洞 ID (Advisory ID) */
-  source: number;
-
-  /** 包名 */
-  name: string;
-
-  /** 依赖名 */
-  dependency: string;
-
-  /** 漏洞标题 */
-  title: string;
-
-  /** 漏洞详情 URL */
-  url: string;
-
-  /** 严重程度 */
-  severity: AuditSeverity;
-
-  /** CWE 列表 */
-  cwe: string[];
-
-  /** CVSS 评分数据 */
-  cvss: {
-    score: number;
-    vectorString: string;
-  };
-
-  /** 受影响的版本范围 */
-  range: string;
-}
-
-/**
- * currentAudit 函数返回的最终结果对象
- */
-interface CurrentAuditResult {
-  /** 包名 */
-  name: string;
-
-  /** 版本/范围 */
-  range: string;
-
-  /** 节点路径，当前工程通常为根目录 '.' */
-  nodes: string[];
-
-  /** 依赖链，当前工程通常为空 */
-  depChains: any[]; // 如果 depChains 有具体结构，可以替换 any
-
-  /** 检测到的所有漏洞问题列表 */
-  problems: Problem[];
-
-  /** 当前包的最高严重程度 */
-  severity: AuditSeverity;
-}
-
-const severityLevelsMap: Record<AuditSeverity, number> = {
-  info: 0,
-  low: 1,
-  moderate: 2,
-  high: 3,
-  critical: 4,
-};
-
-/**
- * @Desc: 添加当前工程的审计结果
- * @return {*}
- * @param {string} name
- * @param {string} version
- */
-export async function currentAudit(name: string, version: string) {
-  // 1. 调用 remoteAudit 函数获取审计结果
-  const auditResult = await remoteAudit(name, version);
-  // 2. 规格化审计结果
-  if (
-    !auditResult.advisories ||
-    Object.keys(auditResult.advisories).length === 0
-  ) {
-    return null;
-  }
-  const result: CurrentAuditResult = {
-    name,
-    range: version,
-    nodes: ["."],
-    depChains: [],
-    problems: [],
-    severity: "info",
-  };
-  const advisories = Object.values(auditResult.advisories);
-  let maxSeverity: AuditSeverity = "info";
-  result.problems = advisories.map((advisory) => {
-    const problem: Problem = {
-      source: advisory.id,
-      name,
-      dependency: name,
-      title: advisory.title,
-      url: advisory.url,
-      severity: advisory.severity,
-      cwe: advisory.cwe,
-      cvss: advisory.cvss,
-      range: advisory.vulnerable_versions,
-    };
-    // 更新最大严重性
-    if (severityLevelsMap[problem.severity] > severityLevelsMap[maxSeverity]) {
-      maxSeverity = problem.severity;
-    }
-    return problem;
-  });
-  result.severity = maxSeverity;
-  return result;
-}

package/src/audit/getDepChain.ts

@@ -1,71 +0,0 @@
-import type { VulnerabilityInfo } from "../types.js";
-
-/**
- * 图的伸缩算法，用于获取从给定节点出发的所有依赖链条
- * 给定图结构中的一个节点，获取从该节点的依赖节点出发一直走到终点，一共走出的所有链条
- * 注意：图结构中可能存在环，遇到环时，环所在的节点直接作为终点即可
- * @param {VulnerabilityInfo} vulnerabilityInfo - 给定的漏洞信息
- * @param {Record<string, VulnerabilityInfo>} vulnerabilities - 所有漏洞信息的映射表，键为漏洞名称，值为漏洞信息
- * @returns {Array<string[][]>} 返回所有依赖链，每个链是一个字符串数组，每个字符串是一个漏洞名称
- * 返回结果示例："depChains": [["@vue/cli-plugin-babel","@vue/cli-service","@intervolga/optimize-cssnano-plugin","postcss"],[
-            "@vue/cli-plugin-router",
-            "@vue/cli-service",
-            "@intervolga/optimize-cssnano-plugin",
-            "postcss"]]
- */
-export function getDepChains(
-  vulnerabilityInfo: VulnerabilityInfo,
-  vulnerabilities: Record<string, VulnerabilityInfo>,
-) {
-  // 存储所有找到的依赖链(存储最终结果：所有找到的完整路径)
-  const chains: string[][] = [];
-
-  // 当前DFS路径（用于检测环）(当前正在探索的路径栈（用于记录路径和检测环）)
-  const currentPath: string[] = [];
-
-  /**
-   * 深度优先搜索函数
-   * @param {VulnerabilityInfo} currentVulnerabilityInfo - 当前处理的漏洞信息
-   */
-  function dfs(currentVulnerabilityInfo?: VulnerabilityInfo) {
-    // 1. 健壮性检查
-    if (!currentVulnerabilityInfo) return;
-
-    // 2. 环检测
-    // 检查是否形成环（当前节点已在路径中）
-    // 如果当前节点的名字已经存在于当前路径中，说明我们遇到了一个环（A->B->C->A）。
-    // 将当前路径记录下来并停止该分支的搜索。
-    if (currentPath.includes(currentVulnerabilityInfo.name)) {
-      chains.push([...currentPath]); // 注意：这里并没有把重复的节点再次加入，而是截断
-      return;
-    }
-
-    // 3. 前进：将当前节点加入路径头部
-    // 使用 unshift 是为了让链条保持顺序：[起点, ..., 当前节点]
-    currentPath.unshift(currentVulnerabilityInfo.name);
-
-    // 4. 终点判断
-    // 如果没有依赖节点，说明到达终点
-    if (
-      !currentVulnerabilityInfo.effects ||
-      currentVulnerabilityInfo.effects.length === 0
-    ) {
-      chains.push([...currentPath]);
-    } else {
-      // 5. 递归遍历
-      // 遍历当前节点的所有依赖项，对每一个依赖项递归调用 dfs
-      for (const effect of currentVulnerabilityInfo.effects) {
-        dfs(vulnerabilities[effect]);
-      }
-    }
-    // 6. 回溯
-    // 当递归返回（无论是找到了终点还是遇到了环），
-    // 必须将当前节点从路径中移除，以便探索下一条可能的路径。
-    currentPath.shift();
-  }
-
-  // 从给定节点开始DFS
-  dfs(vulnerabilityInfo);
-
-  return chains;
-}

package/src/audit/index.ts

@@ -1,90 +0,0 @@
-import { join } from "path";
-import type { RemoteWorkspaceInfo } from "../parseProject/parseWorkspace.js";
-import type { PackageJsonInfo, PackageManager } from "../types.js";
-import { npmAudit, pnpmAudit } from "./auditUtils.js";
-import { currentAudit } from "./currentAudit.js";
-import { normalizeAuditResult } from "./normalizeAuditResult.js";
-
-interface AuditOptions {
-  workDir: string;
-  packageJson: PackageJsonInfo;
-  subPackageInfos: RemoteWorkspaceInfo | null;
-  currentPackageManager: PackageManager;
-}
-
-export async function audit(options: AuditOptions) {
-  const { subPackageInfos } = options;
-  if (subPackageInfos?.subPackageNames) {
-    return await monorepoAudit(options);
-  }
-  return await defaultAudit(options);
-}
-
-async function defaultAudit(options: AuditOptions) {
-  const { workDir, packageJson, currentPackageManager } = options;
-  const auditFn = currentPackageManager === "npm" ? npmAudit : pnpmAudit;
-  // 调用 npmAudit 获取审计结果
-  const auditResult = await auditFn(workDir);
-
-  // 规范化审计结果
-  const normalizedResult = normalizeAuditResult(auditResult);
-
-  // 添加当前工程的审计结果
-  const current = await currentAudit(packageJson.name, packageJson.version);
-  if (current) {
-    normalizedResult.vulnerabilities[current.severity].unshift(current);
-  }
-  // 添加汇总信息
-  normalizedResult.summary = {
-    total: Object.values(normalizedResult.vulnerabilities).reduce(
-      (sum, arr) => sum + arr.length,
-      0,
-    ),
-    critical: normalizedResult.vulnerabilities.critical.length,
-    high: normalizedResult.vulnerabilities.high.length,
-    moderate: normalizedResult.vulnerabilities.moderate.length,
-    low: normalizedResult.vulnerabilities.low.length,
-    info: normalizedResult.vulnerabilities.info.length,
-  };
-  return normalizedResult;
-}
-
-async function monorepoAudit(options: AuditOptions) {
-  const { workDir, packageJson, subPackageInfos, currentPackageManager } =
-    options;
-  if (!subPackageInfos) {
-    throw new Error("monorepo工程必须包含子包信息");
-  }
-  const auditFn = currentPackageManager === "npm" ? npmAudit : pnpmAudit;
-  // 调用 npmAudit 获取审计结果
-  const auditResult = await auditFn(workDir);
-  // 得到所有子包的审计结果
-  const subPackageAuditResults = await Promise.all(
-    subPackageInfos.subPackageNames.map((subPackageName) =>
-      auditFn(join(workDir, subPackageName)),
-    ),
-  );
-  const allAuditResults = [auditResult, ...subPackageAuditResults];
-
-  // 规范化审计结果
-  const normalizedResult = normalizeAuditResult(allAuditResults);
-
-  // 添加当前工程的审计结果
-  const current = await currentAudit(packageJson.name, packageJson.version);
-  if (current) {
-    normalizedResult.vulnerabilities[current.severity].unshift(current);
-  }
-  // 添加汇总信息
-  normalizedResult.summary = {
-    total: Object.values(normalizedResult.vulnerabilities).reduce(
-      (sum, arr) => sum + arr.length,
-      0,
-    ),
-    critical: normalizedResult.vulnerabilities.critical.length,
-    high: normalizedResult.vulnerabilities.high.length,
-    moderate: normalizedResult.vulnerabilities.moderate.length,
-    low: normalizedResult.vulnerabilities.low.length,
-    info: normalizedResult.vulnerabilities.info.length,
-  };
-  return normalizedResult;
-}

package/src/audit/normalizeAuditResult.ts

@@ -1,99 +0,0 @@
-import type {
-  AuditResult,
-  AuditSeverity,
-  NormalizedVulnerabilityInfo,
-  VulnerabilityInfo,
-} from "../types.js";
-import { getDepChains } from "./getDepChain.js";
-
-export interface NormalizedResult {
-  vulnerabilities: Record<AuditSeverity, NormalizedVulnerabilityInfo[]>;
-  summary?: Record<AuditSeverity | "total", number>;
-}
-
-function _normalizeVulnerabilities(auditResult: AuditResult) {
-  // 漏洞级别分类组别，用于后续统计漏洞数量
-  const result: Record<AuditSeverity, NormalizedVulnerabilityInfo[]> = {
-    critical: [],
-    high: [],
-    moderate: [],
-    low: [],
-    info: [],
-  };
-  for (const key in auditResult.vulnerabilities) {
-    // 获取当前漏洞的包信息
-    const packageInfo = auditResult.vulnerabilities[key];
-    const normalizedPackage = _normalizePackage(packageInfo);
-    if (normalizedPackage) {
-      result[normalizedPackage.severity].push(normalizedPackage);
-    }
-  }
-  return result;
-
-  function _normalizePackage(packageInfo?: VulnerabilityInfo) {
-    if (!packageInfo) {
-      return null;
-    }
-    const { via = [] } = packageInfo;
-    // 只需要记录自身有漏洞的包，而不是依赖的包
-    const validVia = via.filter((it) => typeof it === "object");
-    if (validVia.length === 0) {
-      return null;
-    }
-    // 规格化漏洞信息
-    const info: NormalizedVulnerabilityInfo = {
-      name: packageInfo.name,
-      severity: packageInfo.severity,
-      problems: validVia,
-      nodes: packageInfo.nodes || [],
-    };
-    info.depChains = getDepChains(packageInfo, auditResult.vulnerabilities);
-    // info.depChains = info.depChains.filter(
-    //   (chain) => !isInvalidChain(chain, packageInfo.name)
-    // );
-    return info;
-  }
-}
-
-/**
- * 处理 auditResult 是数组的情况，合并多个审计结果
- * @param auditResults AuditResult 数组
- * @returns 合并后的标准化结果
- */
-export function normalizeAuditResults(auditResults: AuditResult[]) {
-  // 初始化结果对象
-  const result: Record<AuditSeverity, NormalizedVulnerabilityInfo[]> = {
-    critical: [],
-    high: [],
-    moderate: [],
-    low: [],
-    info: [],
-  };
-
-  // 遍历所有审计结果
-  for (const auditResult of auditResults) {
-    const normalizedResult = _normalizeVulnerabilities(auditResult);
-
-    // 合并每个级别的漏洞
-    for (const severity in normalizedResult) {
-      const vulnerabilities = normalizedResult[severity as AuditSeverity];
-      result[severity as AuditSeverity].push(...vulnerabilities);
-    }
-  }
-
-  return {
-    vulnerabilities: result,
-  } as NormalizedResult;
-}
-
-export function normalizeAuditResult(auditResult: AuditResult | AuditResult[]) {
-  if (Array.isArray(auditResult)) {
-    return {
-      vulnerabilities: normalizeAuditResults(auditResult).vulnerabilities,
-    } as NormalizedResult;
-  }
-
-  return {
-    vulnerabilities: _normalizeVulnerabilities(auditResult),
-  } as NormalizedResult;
-}

package/src/audit/remoteAudit.ts

@@ -1,26 +0,0 @@
-import type { NpmAuditResponse } from "../types.js";
-
-const URL = "https://registry.npmjs.org/-/npm/v1/security/audits";
-
-export async function remoteAudit(packageName: string, packageVersion: string) {
-  const body = {
-    name: "example-audit", // 项目名字随便写
-    version: "1.0.0", // 项目的版本，随便写
-    requires: {
-      [packageName]: packageVersion,
-    },
-    dependencies: {
-      [packageName]: {
-        version: packageVersion,
-      },
-    },
-  };
-  const resp = await fetch(URL, {
-    method: "POST",
-    headers: {
-      "Content-Type": "application/json",
-    },
-    body: JSON.stringify(body),
-  });
-  return (await resp.json()) as NpmAuditResponse;
-}