npm - @aws-sdk/find-v2 - Versions diffs - 0.7.0 → 0.7.1 - Mend

@aws-sdk/find-v2 0.7.0 → 0.7.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/utils/getCodePathToSdkVersionMap.js +44 -0
package/dist/utils/getLambdaFunctionContents.js +14 -11
package/dist/utils/getLambdaFunctionScanOutput.js +29 -56
package/package.json +1 -1

package/dist/utils/getCodePathToSdkVersionMap.js ADDED Viewed

@@ -0,0 +1,44 @@
+import { dirname, join } from "node:path";
+import { AWS_SDK, NODE_MODULES, PACKAGE_JSON } from "./constants.js";
+const AWS_SDK_PACKAGE_JSON = join(NODE_MODULES, AWS_SDK, PACKAGE_JSON);
+const safeParse = (json) => {
+    try {
+        return JSON.parse(json);
+    }
+    catch {
+        // ToDo: add warning when logging is supported in future.
+        return {};
+    }
+};
+/**
+ * Maps code file paths to their JS SDK v2 versions.
+ *
+ * Searches up the directory tree from each code path to find package.json,
+ * then resolves SDK version from node_modules/aws-sdk or dependencies.
+ *
+ * @param codePaths - Code file paths to map.
+ * @param packageJsonMap - Map of package.json paths to contents.
+ * @param awsSdkPackageJsonMap - Map of aws-sdk package.json paths to contents.
+ * @returns Map of code paths to SDK versions (undefined if not found).
+ */
+export const getCodePathToSdkVersionMap = (codePaths, packageJsonMap = new Map(), awsSdkPackageJsonMap = new Map()) => {
+    const dirToSdkVersionMap = new Map();
+    const getSdkVersion = (dir) => {
+        if (dirToSdkVersionMap.has(dir))
+            return dirToSdkVersionMap.get(dir);
+        let version;
+        // Assign version from node_modules aws-sdk package.json, if available.
+        const awsSdkPackageJson = awsSdkPackageJsonMap.get(join(dir, AWS_SDK_PACKAGE_JSON)) ??
+            awsSdkPackageJsonMap.get(AWS_SDK_PACKAGE_JSON);
+        version ??= awsSdkPackageJson && safeParse(awsSdkPackageJson).version;
+        // Assign version from package.json dependencies, if not populated yet.
+        const pkgJson = packageJsonMap.get(join(dir, PACKAGE_JSON));
+        version ??= pkgJson && safeParse(pkgJson).dependencies?.[AWS_SDK];
+        // Assign undefined if it's rootDir, else call getSdkVersion on parent dir, if not populated yet.
+        const parentDir = dirname(dir);
+        version ??= parentDir !== dir ? getSdkVersion(parentDir) : undefined;
+        dirToSdkVersionMap.set(dir, version);
+        return version;
+    };
+    return new Map(codePaths.map((codePath) => [codePath, getSdkVersion(dirname(codePath))]));
+};

package/dist/utils/getLambdaFunctionContents.js CHANGED Viewed

@@ -3,17 +3,20 @@ import { AWS_SDK, NODE_MODULES, PACKAGE_JSON } from "./constants.js";
 import { join } from "node:path";
 /**
  * Extracts the contents of a Lambda Function zip file.
- * Returns string contents of package.json files, if available.
- * Otherwise, returns the contents of bundle file.
+ *
+ * Parses the zip and returns:
+ * - JS/TS source files (excluding node_modules)
+ * - package.json files (excluding node_modules)
+ * - aws-sdk package.json from node_modules (for version detection)
  *
  * @param zipPath - The path to the zip file of Lambda Function.
- * @returns Promise<LambdaFunctionContents> - Resolves to an object containing the extracted contents.
+ * @returns Extracted contents categorized by file type.
  */
 export const getLambdaFunctionContents = async (zipPath) => {
     const zip = new StreamZip.async({ file: zipPath });
-    const codeMap = {};
-    const packageJsonMap = {};
-    const awsSdkPackageJsonMap = {};
+    const codeMap = new Map();
+    const packageJsonMap = new Map();
+    const awsSdkPackageJsonMap = new Map();
     let zipEntries = {};
     try {
         zipEntries = await zip.entries();
@@ -27,7 +30,7 @@ export const getLambdaFunctionContents = async (zipPath) => {
         if (zipEntry.name.includes(`${NODE_MODULES}/`)) {
             if (zipEntry.name.endsWith(join(NODE_MODULES, AWS_SDK, PACKAGE_JSON)) && zipEntry.isFile) {
                 const packageJsonContent = await zip.entryData(zipEntry.name);
-                awsSdkPackageJsonMap[zipEntry.name] = packageJsonContent.toString();
+                awsSdkPackageJsonMap.set(zipEntry.name, packageJsonContent.toString());
             }
             continue;
         }
@@ -38,7 +41,7 @@ export const getLambdaFunctionContents = async (zipPath) => {
         if (zipEntry.name.endsWith(PACKAGE_JSON)) {
             try {
                 const packageJsonContent = await zip.entryData(zipEntry.name);
-                packageJsonMap[zipEntry.name] = packageJsonContent.toString();
+                packageJsonMap.set(zipEntry.name, packageJsonContent.toString());
             }
             catch {
                 // Continue without adding package.json file, if entry data can't be read.
@@ -50,7 +53,7 @@ export const getLambdaFunctionContents = async (zipPath) => {
         if (zipEntry.name.match(/\.(js|ts|mjs|cjs)$/)) {
             try {
                 const codeContent = await zip.entryData(zipEntry.name);
-                codeMap[zipEntry.name] = codeContent.toString();
+                codeMap.set(zipEntry.name, codeContent.toString());
             }
             catch {
                 // Continue without adding code, if entry data can't be read.
@@ -62,7 +65,7 @@ export const getLambdaFunctionContents = async (zipPath) => {
     await zip.close();
     return {
         codeMap,
-        ...(Object.keys(packageJsonMap).length > 0 && { packageJsonMap }),
-        ...(Object.keys(awsSdkPackageJsonMap).length > 0 && { awsSdkPackageJsonMap }),
+        ...(packageJsonMap.size > 0 && { packageJsonMap }),
+        ...(awsSdkPackageJsonMap.size > 0 && { awsSdkPackageJsonMap }),
     };
 };

package/dist/utils/getLambdaFunctionScanOutput.js CHANGED Viewed

@@ -1,5 +1,4 @@
 import { satisfies, validate } from "compare-versions";
-import { AWS_SDK, NODE_MODULES, PACKAGE_JSON } from "./constants.js";
 import { downloadFile } from "./downloadFile.js";
 import { getLambdaFunctionContents, } from "./getLambdaFunctionContents.js";
 import { getPossibleHandlerFiles } from "./getPossibleHandlerFiles.js";
@@ -7,17 +6,22 @@ import { hasSdkV2InBundle } from "./hasSdkV2InBundle.js";
 import { hasSdkV2InFile } from "./hasSdkV2InFile.js";
 import { rm } from "node:fs/promises";
 import { tmpdir } from "node:os";
-import { dirname, join } from "node:path";
+import { join } from "node:path";
+import { getCodePathToSdkVersionMap } from "./getCodePathToSdkVersionMap.js";
 /**
  * Scans a Lambda function to detect AWS SDK for JavaScript v2 usage.
  *
- * Downloads the function code, extracts it, and checks for v2 SDK in:
- * 1. package.json dependencies
- * 2. Bundled index file
+ * Downloads the function code, extracts it, and checks for JS SDK v2 signature in handled file if it's a bundle.
+ * If not found, it checks for source code files has require/imports JS SDK v2. It also checks dependencies in
+ * package.json for version validation.
  *
  * @param client - AWS Lambda client instance
  * @param options - Scan configuration options
- * @returns Scan results including SDK v2 detection status and location
+ * @param options.functionName - The name of the Lambda function
+ * @param options.region - AWS region the Lambda function is deployed to
+ * @param options.runtime - Lambda Function's Node.js runtime
+ * @param options.sdkVersionRange - Semver range string to check for AWS SDK for JavaScript v2
+ * @returns Scan results including SDK v2 detection status and locations
  */
 export const getLambdaFunctionScanOutput = async (client, { functionName, region, runtime, sdkVersionRange }) => {
     const output = {
@@ -51,8 +55,9 @@ export const getLambdaFunctionScanOutput = async (client, { functionName, region
     // Process handler as bundle file first.
     const possibleHandlerFiles = getPossibleHandlerFiles(response.Configuration?.Handler ?? "index.handler");
     for (const handlerFile of possibleHandlerFiles) {
-        if (handlerFile in codeMap) {
-            if (hasSdkV2InBundle(codeMap[handlerFile], sdkVersionRange)) {
+        const handlerContent = codeMap.get(handlerFile);
+        if (handlerContent !== undefined) {
+            if (hasSdkV2InBundle(handlerContent, sdkVersionRange)) {
                 output.ContainsAwsSdkJsV2 = true;
                 output.AwsSdkJsV2Locations = [handlerFile];
                 return output;
@@ -61,7 +66,7 @@ export const getLambdaFunctionScanOutput = async (client, { functionName, region
     }
     const filesWithJsSdkV2 = [];
     // Search for JS SDK v2 occurrence in source code
-    for (const [filePath, fileContent] of Object.entries(codeMap)) {
+    for (const [filePath, fileContent] of codeMap) {
         try {
             if (hasSdkV2InFile(filePath, fileContent)) {
                 filesWithJsSdkV2.push(filePath);
@@ -69,6 +74,7 @@ export const getLambdaFunctionScanOutput = async (client, { functionName, region
         }
         catch {
             // Skip files that fail to parse
+            // ToDo: add warning when logging is supported in future.
         }
     }
     // JS SDK v2 not found in source code.
@@ -76,59 +82,26 @@ export const getLambdaFunctionScanOutput = async (client, { functionName, region
         output.ContainsAwsSdkJsV2 = false;
         return output;
     }
-    // Search for JS SDK v2 version from package.json
-    if (packageJsonMap && Object.keys(packageJsonMap).length > 0) {
-        for (const [packageJsonPath, packageJsonContent] of Object.entries(packageJsonMap)) {
+    const codePathToSdkVersionMap = getCodePathToSdkVersionMap(filesWithJsSdkV2, packageJsonMap, awsSdkPackageJsonMap);
+    const jsSdkV2FilesInSdkVersionRange = [];
+    for (const [codePath, version] of codePathToSdkVersionMap) {
+        if (version && validate(version)) {
             try {
-                const packageJson = JSON.parse(packageJsonContent);
-                const dependencies = packageJson.dependencies || {};
-                if (AWS_SDK in dependencies) {
-                    const awsSdkVersionInPackageJson = dependencies[AWS_SDK];
-                    const awsSdkPackageJsonPathInNodeModules = join(NODE_MODULES, AWS_SDK, PACKAGE_JSON);
-                    // Get aws-sdk package.json from nested node_modules or root node_modules.
-                    const awsSdkPackageJson = awsSdkPackageJsonMap
-                        ? (awsSdkPackageJsonMap[join(dirname(packageJsonPath), awsSdkPackageJsonPathInNodeModules)] ?? awsSdkPackageJsonMap[awsSdkPackageJsonPathInNodeModules])
-                        : undefined;
-                    let awsSdkVersionInNodeModules;
-                    try {
-                        if (awsSdkPackageJson) {
-                            awsSdkVersionInNodeModules = JSON.parse(awsSdkPackageJson).version;
-                        }
-                    }
-                    catch {
-                        // Skip if JSON can't be parsed.
-                        // ToDo: add warning when logging is supported in future.
-                    }
-                    const sdkVersionToCheck = validate(awsSdkVersionInPackageJson) || awsSdkPackageJson === undefined
-                        ? // Use version in package.json dependencies, if fixed version is defined or aws-sdk package.json is not available.
-                            awsSdkVersionInPackageJson
-                        : // Use version from aws-sdk package.json, if defined
-                            (awsSdkVersionInNodeModules ?? awsSdkVersionInPackageJson);
-                    try {
-                        if (!satisfies(sdkVersionToCheck, sdkVersionRange)) {
-                            continue;
-                        }
-                    }
-                    catch (error) {
-                        const errorPrefix = `Error checking version range '${sdkVersionRange}' for aws-sdk@${dependencies["aws-sdk"]} in '${packageJsonPath}'`;
-                        output.AwsSdkJsV2Error =
-                            error instanceof Error ? `${errorPrefix}: ${error.message}` : errorPrefix;
-                        return output;
-                    }
-                    output.ContainsAwsSdkJsV2 = true;
-                    output.AwsSdkJsV2Locations = filesWithJsSdkV2;
-                    return output;
+                if (satisfies(version, sdkVersionRange)) {
+                    jsSdkV2FilesInSdkVersionRange.push(codePath);
                 }
             }
-            catch (error) {
-                const errorPrefix = `Error parsing '${packageJsonPath}'`;
-                output.AwsSdkJsV2Error =
-                    error instanceof Error ? `${errorPrefix}: ${error.message}` : errorPrefix;
-                return output;
+            catch {
+                // Ignore if satisfies throws error
+                // ToDo: add warning when logging is supported in future.
             }
         }
     }
-    // JS SDK v2 dependency/code not found.
+    if (jsSdkV2FilesInSdkVersionRange.length > 0) {
+        output.ContainsAwsSdkJsV2 = true;
+        output.AwsSdkJsV2Locations = jsSdkV2FilesInSdkVersionRange;
+        return output;
+    }
     output.ContainsAwsSdkJsV2 = false;
     return output;
 };

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@aws-sdk/find-v2",
-  "version": "0.7.0",
+  "version": "0.7.1",
   "description": "CLI to find resources which call AWS using JavaScript SDK v2",
   "main": "dist/cli.js",
   "types": "dist/cli.d.ts",