npm - @aws-sdk/find-v2 - Versions diffs - 0.6.0 → 0.6.1 - Mend

@aws-sdk/find-v2 0.6.0 → 0.6.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/utils/constants.js +3 -0
package/dist/utils/getLambdaFunctionContents.js +15 -5
package/dist/utils/getLambdaFunctionScanOutput.js +30 -8
package/package.json +1 -1

package/dist/utils/constants.js ADDED Viewed

@@ -0,0 +1,3 @@
+export const PACKAGE_JSON = "package.json";
+export const NODE_MODULES = "node_modules";
+export const AWS_SDK = "aws-sdk";

package/dist/utils/getLambdaFunctionContents.js CHANGED Viewed

@@ -1,5 +1,6 @@
 import StreamZip from "node-stream-zip";
-const PACKAGE_JSON_FILENAME = "package.json";
+import { AWS_SDK, NODE_MODULES, PACKAGE_JSON } from "./constants.js";
+import { join } from "node:path";
 /**
  * Extracts the contents of a Lambda Function zip file.
  * Returns string contents of package.json files, if available.
@@ -11,6 +12,7 @@ const PACKAGE_JSON_FILENAME = "package.json";
 export const getLambdaFunctionContents = async (zipPath) => {
     const zip = new StreamZip.async({ file: zipPath });
     const packageJsonFiles = [];
+    const awsSdkPackageJsonMap = {};
     let zipEntries = {};
     try {
         zipEntries = await zip.entries();
@@ -20,11 +22,16 @@ export const getLambdaFunctionContents = async (zipPath) => {
         // ToDo: add warning when logging is supported in future.
     }
     for (const zipEntry of Object.values(zipEntries)) {
-        // Skip 'node_modules' directory, as it's not the customer source code.
-        if (zipEntry.name.includes("node_modules/"))
+        // Skip 'node_modules' directory, except for aws-sdk package.json file.
+        if (zipEntry.name.includes(`${NODE_MODULES}/`)) {
+            if (zipEntry.name.endsWith(join(NODE_MODULES, AWS_SDK, PACKAGE_JSON)) && zipEntry.isFile) {
+                const packageJsonContent = await zip.entryData(zipEntry.name);
+                awsSdkPackageJsonMap[zipEntry.name] = packageJsonContent.toString();
+            }
             continue;
+        }
         // Skip anything which is not 'package.json'
-        if (!zipEntry.name.endsWith(PACKAGE_JSON_FILENAME))
+        if (!zipEntry.name.endsWith(PACKAGE_JSON))
             continue;
         // Skip if 'package.json' is not a file
         if (!zipEntry.isFile)
@@ -43,7 +50,10 @@ export const getLambdaFunctionContents = async (zipPath) => {
     }
     if (packageJsonFiles.length !== 0) {
         await zip.close();
-        return { packageJsonFiles };
+        return {
+            packageJsonFiles,
+            ...(Object.keys(awsSdkPackageJsonMap).length > 0 && { awsSdkPackageJsonMap }),
+        };
     }
     for (const path of ["index.js", "index.mjs", "index.cjs"]) {
         if (!zipEntries[path])

package/dist/utils/getLambdaFunctionScanOutput.js CHANGED Viewed

@@ -1,10 +1,11 @@
-import { satisfies } from "compare-versions";
+import { satisfies, validate } from "compare-versions";
 import { downloadFile } from "./downloadFile.js";
 import { getLambdaFunctionContents, } from "./getLambdaFunctionContents.js";
 import { hasSdkV2InBundle } from "./hasSdkV2InBundle.js";
 import { rm } from "node:fs/promises";
 import { tmpdir } from "node:os";
-import { join } from "node:path";
+import { dirname, join } from "node:path";
+import { AWS_SDK, NODE_MODULES, PACKAGE_JSON } from "./constants.js";
 /**
  * Scans a Lambda function to detect AWS SDK for JavaScript v2 usage.
  *
@@ -44,16 +45,37 @@ export const getLambdaFunctionScanOutput = async (client, { functionName, region
     finally {
         await rm(zipPath, { force: true });
     }
-    const { packageJsonFiles, bundleFile } = lambdaFunctionContents;
-    // Search for "aws-sdk" in package.json dependencies if present.
+    const { packageJsonFiles, awsSdkPackageJsonMap, bundleFile } = lambdaFunctionContents;
+    // Search for JS SDK v2 in package.json dependencies if present.
     if (packageJsonFiles && packageJsonFiles.length > 0) {
         for (const { path: packageJsonPath, content: packageJsonContent } of packageJsonFiles) {
             try {
                 const packageJson = JSON.parse(packageJsonContent);
                 const dependencies = packageJson.dependencies || {};
-                if ("aws-sdk" in dependencies) {
+                if (AWS_SDK in dependencies) {
+                    const awsSdkVersionInPackageJson = dependencies[AWS_SDK];
+                    const awsSdkPackageJsonPathInNodeModules = join(NODE_MODULES, AWS_SDK, PACKAGE_JSON);
+                    // Get aws-sdk package.json from nested node_modules or root node_modules.
+                    const awsSdkPackageJson = awsSdkPackageJsonMap
+                        ? (awsSdkPackageJsonMap[join(dirname(packageJsonPath), awsSdkPackageJsonPathInNodeModules)] ?? awsSdkPackageJsonMap[awsSdkPackageJsonPathInNodeModules])
+                        : undefined;
+                    let awsSdkVersionInNodeModules;
                     try {
-                        if (!satisfies(dependencies["aws-sdk"], sdkVersionRange)) {
+                        if (awsSdkPackageJson) {
+                            awsSdkVersionInNodeModules = JSON.parse(awsSdkPackageJson).version;
+                        }
+                    }
+                    catch {
+                        // Skip if JSON can't be parsed.
+                        // ToDo: add warning when logging is supported in future.
+                    }
+                    const sdkVersionToCheck = validate(awsSdkVersionInPackageJson) || awsSdkPackageJson === undefined
+                        ? // Use version in package.json dependencies, if fixed version is defined or aws-sdk package.json is not available.
+                            awsSdkVersionInPackageJson
+                        : // Use version from aws-sdk package.json, if defined
+                            (awsSdkVersionInNodeModules ?? awsSdkVersionInPackageJson);
+                    try {
+                        if (!satisfies(sdkVersionToCheck, sdkVersionRange)) {
                             continue;
                         }
                     }
@@ -76,7 +98,7 @@ export const getLambdaFunctionScanOutput = async (client, { functionName, region
             }
         }
     }
-    // Check for code of "aws-sdk" in bundle, if not found in package.json dependencies.
+    // Check for signature of JS SDK v2 in bundle, if not found in package.json dependencies.
     if (bundleFile) {
         try {
             if (hasSdkV2InBundle(bundleFile.content, sdkVersionRange)) {
@@ -92,7 +114,7 @@ export const getLambdaFunctionScanOutput = async (client, { functionName, region
             return output;
         }
     }
-    // "aws-sdk" dependency/code not found.
+    // JS SDK v2 dependency/code not found.
     output.ContainsAwsSdkJsV2 = false;
     return output;
 };

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@aws-sdk/find-v2",
-  "version": "0.6.0",
+  "version": "0.6.1",
   "description": "CLI to find resources which call AWS using JavaScript SDK v2",
   "main": "dist/cli.js",
   "types": "dist/cli.d.ts",