@cyclonedx/cdxgen 12.2.1 → 12.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +239 -90
- package/bin/audit.js +191 -0
- package/bin/cdxgen.js +513 -167
- package/bin/convert.js +99 -0
- package/bin/evinse.js +23 -0
- package/bin/repl.js +339 -8
- package/bin/sign.js +8 -0
- package/bin/validate.js +8 -0
- package/bin/verify.js +8 -0
- package/data/container-knowledge-index.json +125 -0
- package/data/gtfobins-index.json +6296 -0
- package/data/lolbas-index.json +150 -0
- package/data/queries-darwin.json +63 -3
- package/data/queries-win.json +45 -3
- package/data/queries.json +74 -2
- package/data/rules/chrome-extensions.yaml +240 -0
- package/data/rules/ci-permissions.yaml +478 -18
- package/data/rules/container-risk.yaml +270 -0
- package/data/rules/obom-runtime.yaml +891 -0
- package/data/rules/package-integrity.yaml +49 -0
- package/data/spdx-export.schema.json +6794 -0
- package/data/spdx-model-v3.0.1.jsonld +15999 -0
- package/lib/audit/index.js +1924 -0
- package/lib/audit/index.poku.js +1488 -0
- package/lib/audit/progress.js +137 -0
- package/lib/audit/progress.poku.js +188 -0
- package/lib/audit/reporters.js +618 -0
- package/lib/audit/scoring.js +310 -0
- package/lib/audit/scoring.poku.js +341 -0
- package/lib/audit/targets.js +260 -0
- package/lib/audit/targets.poku.js +331 -0
- package/lib/cli/index.js +154 -11
- package/lib/cli/index.poku.js +251 -0
- package/lib/helpers/analyzer.js +446 -2
- package/lib/helpers/analyzer.poku.js +72 -1
- package/lib/helpers/annotationFormatter.js +49 -0
- package/lib/helpers/annotationFormatter.poku.js +44 -0
- package/lib/helpers/bomUtils.js +36 -0
- package/lib/helpers/bomUtils.poku.js +51 -0
- package/lib/helpers/caxa.js +2 -2
- package/lib/helpers/chromextutils.js +1153 -0
- package/lib/helpers/chromextutils.poku.js +493 -0
- package/lib/helpers/ciParsers/githubActions.js +1632 -45
- package/lib/helpers/ciParsers/githubActions.poku.js +853 -1
- package/lib/helpers/containerRisk.js +186 -0
- package/lib/helpers/containerRisk.poku.js +52 -0
- package/lib/helpers/display.js +241 -59
- package/lib/helpers/display.poku.js +162 -2
- package/lib/helpers/exportUtils.js +123 -0
- package/lib/helpers/exportUtils.poku.js +60 -0
- package/lib/helpers/formulationParsers.js +69 -0
- package/lib/helpers/formulationParsers.poku.js +44 -0
- package/lib/helpers/gtfobins.js +189 -0
- package/lib/helpers/gtfobins.poku.js +49 -0
- package/lib/helpers/lolbas.js +267 -0
- package/lib/helpers/lolbas.poku.js +39 -0
- package/lib/helpers/osqueryTransform.js +84 -0
- package/lib/helpers/osqueryTransform.poku.js +49 -0
- package/lib/helpers/provenanceUtils.js +193 -0
- package/lib/helpers/provenanceUtils.poku.js +145 -0
- package/lib/helpers/pylockutils.js +281 -0
- package/lib/helpers/pylockutils.poku.js +48 -0
- package/lib/helpers/registryProvenance.js +793 -0
- package/lib/helpers/registryProvenance.poku.js +452 -0
- package/lib/helpers/source.js +1267 -0
- package/lib/helpers/source.poku.js +771 -0
- package/lib/helpers/spdxUtils.js +97 -0
- package/lib/helpers/spdxUtils.poku.js +70 -0
- package/lib/helpers/unicodeScan.js +147 -0
- package/lib/helpers/unicodeScan.poku.js +45 -0
- package/lib/helpers/utils.js +700 -128
- package/lib/helpers/utils.poku.js +877 -80
- package/lib/managers/binary.js +29 -5
- package/lib/managers/docker.js +179 -52
- package/lib/managers/docker.poku.js +327 -28
- package/lib/managers/oci.js +107 -23
- package/lib/managers/oci.poku.js +132 -0
- package/lib/server/openapi.yaml +17 -0
- package/lib/server/server.js +225 -336
- package/lib/server/server.poku.js +16 -10
- package/lib/stages/postgen/annotator.js +7 -0
- package/lib/stages/postgen/annotator.poku.js +40 -0
- package/lib/stages/postgen/auditBom.js +19 -3
- package/lib/stages/postgen/auditBom.poku.js +1729 -67
- package/lib/stages/postgen/postgen.js +40 -0
- package/lib/stages/postgen/postgen.poku.js +47 -0
- package/lib/stages/postgen/ruleEngine.js +80 -2
- package/lib/stages/postgen/spdxConverter.js +796 -0
- package/lib/stages/postgen/spdxConverter.poku.js +341 -0
- package/lib/validator/bomValidator.js +232 -0
- package/lib/validator/bomValidator.poku.js +70 -0
- package/lib/validator/complianceRules.js +70 -7
- package/lib/validator/complianceRules.poku.js +30 -0
- package/lib/validator/reporters/annotations.js +2 -2
- package/lib/validator/reporters/console.js +11 -0
- package/lib/validator/reporters.poku.js +13 -0
- package/package.json +10 -7
- package/types/bin/audit.d.ts +3 -0
- package/types/bin/audit.d.ts.map +1 -0
- package/types/bin/convert.d.ts +3 -0
- package/types/bin/convert.d.ts.map +1 -0
- package/types/bin/repl.d.ts.map +1 -1
- package/types/lib/audit/index.d.ts +115 -0
- package/types/lib/audit/index.d.ts.map +1 -0
- package/types/lib/audit/progress.d.ts +27 -0
- package/types/lib/audit/progress.d.ts.map +1 -0
- package/types/lib/audit/reporters.d.ts +35 -0
- package/types/lib/audit/reporters.d.ts.map +1 -0
- package/types/lib/audit/scoring.d.ts +35 -0
- package/types/lib/audit/scoring.d.ts.map +1 -0
- package/types/lib/audit/targets.d.ts +63 -0
- package/types/lib/audit/targets.d.ts.map +1 -0
- package/types/lib/cli/index.d.ts +8 -0
- package/types/lib/cli/index.d.ts.map +1 -1
- package/types/lib/helpers/analyzer.d.ts +13 -0
- package/types/lib/helpers/analyzer.d.ts.map +1 -1
- package/types/lib/helpers/annotationFormatter.d.ts +23 -0
- package/types/lib/helpers/annotationFormatter.d.ts.map +1 -0
- package/types/lib/helpers/bomUtils.d.ts +5 -0
- package/types/lib/helpers/bomUtils.d.ts.map +1 -0
- package/types/lib/helpers/chromextutils.d.ts +97 -0
- package/types/lib/helpers/chromextutils.d.ts.map +1 -0
- package/types/lib/helpers/ciParsers/githubActions.d.ts +3 -8
- package/types/lib/helpers/ciParsers/githubActions.d.ts.map +1 -1
- package/types/lib/helpers/containerRisk.d.ts +17 -0
- package/types/lib/helpers/containerRisk.d.ts.map +1 -0
- package/types/lib/helpers/display.d.ts +4 -1
- package/types/lib/helpers/display.d.ts.map +1 -1
- package/types/lib/helpers/exportUtils.d.ts +40 -0
- package/types/lib/helpers/exportUtils.d.ts.map +1 -0
- package/types/lib/helpers/formulationParsers.d.ts.map +1 -1
- package/types/lib/helpers/gtfobins.d.ts +17 -0
- package/types/lib/helpers/gtfobins.d.ts.map +1 -0
- package/types/lib/helpers/lolbas.d.ts +16 -0
- package/types/lib/helpers/lolbas.d.ts.map +1 -0
- package/types/lib/helpers/osqueryTransform.d.ts +7 -0
- package/types/lib/helpers/osqueryTransform.d.ts.map +1 -0
- package/types/lib/helpers/provenanceUtils.d.ts +90 -0
- package/types/lib/helpers/provenanceUtils.d.ts.map +1 -0
- package/types/lib/helpers/pylockutils.d.ts +51 -0
- package/types/lib/helpers/pylockutils.d.ts.map +1 -0
- package/types/lib/helpers/registryProvenance.d.ts +17 -0
- package/types/lib/helpers/registryProvenance.d.ts.map +1 -0
- package/types/lib/helpers/source.d.ts +141 -0
- package/types/lib/helpers/source.d.ts.map +1 -0
- package/types/lib/helpers/spdxUtils.d.ts +2 -0
- package/types/lib/helpers/spdxUtils.d.ts.map +1 -0
- package/types/lib/helpers/unicodeScan.d.ts +46 -0
- package/types/lib/helpers/unicodeScan.d.ts.map +1 -0
- package/types/lib/helpers/utils.d.ts +29 -11
- package/types/lib/helpers/utils.d.ts.map +1 -1
- package/types/lib/managers/binary.d.ts.map +1 -1
- package/types/lib/managers/docker.d.ts.map +1 -1
- package/types/lib/managers/oci.d.ts.map +1 -1
- package/types/lib/server/server.d.ts +0 -36
- package/types/lib/server/server.d.ts.map +1 -1
- package/types/lib/stages/postgen/annotator.d.ts.map +1 -1
- package/types/lib/stages/postgen/auditBom.d.ts.map +1 -1
- package/types/lib/stages/postgen/postgen.d.ts.map +1 -1
- package/types/lib/stages/postgen/ruleEngine.d.ts.map +1 -1
- package/types/lib/stages/postgen/spdxConverter.d.ts +11 -0
- package/types/lib/stages/postgen/spdxConverter.d.ts.map +1 -0
- package/types/lib/validator/bomValidator.d.ts +1 -0
- package/types/lib/validator/bomValidator.d.ts.map +1 -1
- package/types/lib/validator/complianceRules.d.ts.map +1 -1
- package/types/lib/validator/reporters/console.d.ts.map +1 -1
- package/types/bin/dependencies.d.ts +0 -3
- package/types/bin/dependencies.d.ts.map +0 -1
- package/types/bin/licenses.d.ts +0 -3
- package/types/bin/licenses.d.ts.map +0 -1
|
@@ -1,5 +1,18 @@
|
|
|
1
|
+
export const CHROMIUM_EXTENSION_CAPABILITY_CATEGORIES: string[];
|
|
1
2
|
export function findJSImportsExports(src: any, deep: any): Promise<{
|
|
2
3
|
allImports: {};
|
|
3
4
|
allExports: {};
|
|
4
5
|
}>;
|
|
6
|
+
export function analyzeSuspiciousJsFile(filePath: string): {
|
|
7
|
+
executionIndicators: string[];
|
|
8
|
+
indicators: string[];
|
|
9
|
+
networkIndicators: string[];
|
|
10
|
+
obfuscationIndicators: string[];
|
|
11
|
+
};
|
|
12
|
+
export function detectExtensionCapabilities(src: string, deep?: boolean): {
|
|
13
|
+
capabilities: string[];
|
|
14
|
+
indicators: {
|
|
15
|
+
[x: string]: string[];
|
|
16
|
+
};
|
|
17
|
+
};
|
|
5
18
|
//# sourceMappingURL=analyzer.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"analyzer.d.ts","sourceRoot":"","sources":["../../../lib/helpers/analyzer.js"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"analyzer.d.ts","sourceRoot":"","sources":["../../../lib/helpers/analyzer.js"],"names":[],"mappings":"AA23BA,gEAQE;AAmUK;;;GAiBN;AASM,kDAHI,MAAM,GACJ;IAAC,mBAAmB,EAAE,MAAM,EAAE,CAAC;IAAC,UAAU,EAAE,MAAM,EAAE,CAAC;IAAC,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAAC,qBAAqB,EAAE,MAAM,EAAE,CAAA;CAAC,CAe/H;AAWM,iDANI,MAAM,SACN,OAAO,GACL;IAAC,YAAY,EAAE,MAAM,EAAE,CAAC;IAAC,UAAU,EAAE;YAAO,MAAM,GAAE,MAAM,EAAE;KAAC,CAAA;CAAC,CAwF1E"}
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Format annotation properties as a markdown table for CycloneDX annotations.
|
|
3
|
+
*
|
|
4
|
+
* @param {{ name: string, value: string }[]} properties annotation properties
|
|
5
|
+
* @returns {string} markdown table text
|
|
6
|
+
*/
|
|
7
|
+
export function propertiesToMarkdownTable(properties: {
|
|
8
|
+
name: string;
|
|
9
|
+
value: string;
|
|
10
|
+
}[]): string;
|
|
11
|
+
/**
|
|
12
|
+
* Build production-ready markdown annotation text.
|
|
13
|
+
*
|
|
14
|
+
* @param {string} message leading message text
|
|
15
|
+
* @param {{ name: string, value: string }[]} properties annotation properties
|
|
16
|
+
* @param {string[]} [details] optional detail lines shown before the table
|
|
17
|
+
* @returns {string} annotation text
|
|
18
|
+
*/
|
|
19
|
+
export function buildAnnotationText(message: string, properties: {
|
|
20
|
+
name: string;
|
|
21
|
+
value: string;
|
|
22
|
+
}[], details?: string[]): string;
|
|
23
|
+
//# sourceMappingURL=annotationFormatter.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"annotationFormatter.d.ts","sourceRoot":"","sources":["../../../lib/helpers/annotationFormatter.js"],"names":[],"mappings":"AAcA;;;;;GAKG;AACH,sDAHW;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,EAAE,GAC/B,MAAM,CAalB;AAED;;;;;;;GAOG;AACH,6CALW,MAAM,cACN;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,EAAE,YACjC,MAAM,EAAE,GACN,MAAM,CASlB"}
|
|
@@ -0,0 +1,5 @@
|
|
|
1
|
+
export function isSpdxJsonLd(bomJson: any): boolean;
|
|
2
|
+
export function isCycloneDxBom(bomJson: any): boolean;
|
|
3
|
+
export function detectBomFormat(bomJson: any): "unknown" | "cyclonedx" | "spdx";
|
|
4
|
+
export function getNonCycloneDxErrorMessage(bomJson: any, commandName?: string): string;
|
|
5
|
+
//# sourceMappingURL=bomUtils.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"bomUtils.d.ts","sourceRoot":"","sources":["../../../lib/helpers/bomUtils.js"],"names":[],"mappings":"AAMO,oDAKJ;AAEI,sDACmE;AAEnE,gFAQN;AAEM,wFASN"}
|
|
@@ -0,0 +1,97 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Discover known Chromium-based browser user-data directories.
|
|
3
|
+
*
|
|
4
|
+
* @returns {Array<{browser: string, channel: string, dir: string}>}
|
|
5
|
+
*/
|
|
6
|
+
export function getChromiumExtensionDirs(): Array<{
|
|
7
|
+
browser: string;
|
|
8
|
+
channel: string;
|
|
9
|
+
dir: string;
|
|
10
|
+
}>;
|
|
11
|
+
/**
|
|
12
|
+
* Discover existing Chromium-based browser user-data directories.
|
|
13
|
+
*
|
|
14
|
+
* @returns {Array<{browser: string, channel: string, dir: string}>}
|
|
15
|
+
*/
|
|
16
|
+
export function discoverChromiumExtensionDirs(): Array<{
|
|
17
|
+
browser: string;
|
|
18
|
+
channel: string;
|
|
19
|
+
dir: string;
|
|
20
|
+
}>;
|
|
21
|
+
/**
|
|
22
|
+
* Compare Chromium extension versions with numeric dot-separated semantics.
|
|
23
|
+
*
|
|
24
|
+
* @param {string} leftVersion Left version
|
|
25
|
+
* @param {string} rightVersion Right version
|
|
26
|
+
* @returns {number} Negative when left<right, positive when left>right, zero when equal
|
|
27
|
+
*/
|
|
28
|
+
export function compareChromiumExtensionVersions(leftVersion: string, rightVersion: string): number;
|
|
29
|
+
/**
|
|
30
|
+
* Read profile names from Chromium user-data directory.
|
|
31
|
+
*
|
|
32
|
+
* @param {string} userDataDir Browser user-data directory
|
|
33
|
+
* @returns {string[]} Profile directory names
|
|
34
|
+
*/
|
|
35
|
+
export function getChromiumProfiles(userDataDir: string): string[];
|
|
36
|
+
/**
|
|
37
|
+
* Parse a Chromium extension manifest file.
|
|
38
|
+
*
|
|
39
|
+
* @param {string} manifestFile Absolute path to manifest.json
|
|
40
|
+
* @returns {Object|undefined} Parsed manifest metadata
|
|
41
|
+
*/
|
|
42
|
+
export function parseChromiumExtensionManifest(manifestFile: string): Object | undefined;
|
|
43
|
+
/**
|
|
44
|
+
* Infer browser context from a resolved Chromium extension manifest path.
|
|
45
|
+
*
|
|
46
|
+
* @param {string} manifestFile Absolute path to manifest.json
|
|
47
|
+
* @returns {{browser?: string, channel?: string, profile?: string, profilePath?: string}}
|
|
48
|
+
*/
|
|
49
|
+
export function inferChromiumContextFromManifest(manifestFile: string): {
|
|
50
|
+
browser?: string;
|
|
51
|
+
channel?: string;
|
|
52
|
+
profile?: string;
|
|
53
|
+
profilePath?: string;
|
|
54
|
+
};
|
|
55
|
+
/**
|
|
56
|
+
* Collect one directly specified extension from a path.
|
|
57
|
+
*
|
|
58
|
+
* Supported path forms:
|
|
59
|
+
* - `<...>/manifest.json`
|
|
60
|
+
* - `<...>/<extension-id>/<version>/manifest.json`
|
|
61
|
+
* - `<...>/<version>/` (contains manifest.json)
|
|
62
|
+
* - `<...>/<extension-id>/` (contains version subdirectories)
|
|
63
|
+
*
|
|
64
|
+
* Note: a standalone `<...>/<version>/` directory is not sufficient unless its
|
|
65
|
+
* parent directory name is the extension id, because the parser derives the
|
|
66
|
+
* extension id from the version directory's parent path.
|
|
67
|
+
*
|
|
68
|
+
* @param {string} extensionPath Candidate extension path
|
|
69
|
+
* @returns {{components: Object[], extensionDirs: string[]}}
|
|
70
|
+
*/
|
|
71
|
+
export function collectChromeExtensionsFromPath(extensionPath: string): {
|
|
72
|
+
components: Object[];
|
|
73
|
+
extensionDirs: string[];
|
|
74
|
+
};
|
|
75
|
+
/**
|
|
76
|
+
* Convert parsed Chromium extension metadata into a CycloneDX component object.
|
|
77
|
+
*
|
|
78
|
+
* @param {Object} extInfo Extension metadata
|
|
79
|
+
* @returns {Object|undefined} CycloneDX component object or undefined
|
|
80
|
+
*/
|
|
81
|
+
export function toComponent(extInfo: Object): Object | undefined;
|
|
82
|
+
/**
|
|
83
|
+
* Collect installed Chromium extension components from discovered browser directories.
|
|
84
|
+
*
|
|
85
|
+
* @param {Array<{browser: string, channel: string, dir: string}>} browserDirs Browser directories
|
|
86
|
+
* @returns {Object[]} Array of CycloneDX component objects
|
|
87
|
+
*/
|
|
88
|
+
export function collectInstalledChromeExtensions(browserDirs: Array<{
|
|
89
|
+
browser: string;
|
|
90
|
+
channel: string;
|
|
91
|
+
dir: string;
|
|
92
|
+
}>): Object[];
|
|
93
|
+
/**
|
|
94
|
+
* The purl type for Chrome extensions as defined by the packageurl spec.
|
|
95
|
+
*/
|
|
96
|
+
export const CHROME_EXTENSION_PURL_TYPE: "chrome-extension";
|
|
97
|
+
//# sourceMappingURL=chromextutils.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"chromextutils.d.ts","sourceRoot":"","sources":["../../../lib/helpers/chromextutils.js"],"names":[],"mappings":"AAsLA;;;;GAIG;AACH,4CAFa,KAAK,CAAC;IAAC,OAAO,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAC;IAAC,GAAG,EAAE,MAAM,CAAA;CAAC,CAAC,CAoMlE;AAED;;;;GAIG;AACH,iDAFa,KAAK,CAAC;IAAC,OAAO,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAC;IAAC,GAAG,EAAE,MAAM,CAAA;CAAC,CAAC,CAYlE;AAED;;;;;;GAMG;AACH,8DAJW,MAAM,gBACN,MAAM,GACJ,MAAM,CAwBlB;AAED;;;;;GAKG;AACH,iDAHW,MAAM,GACJ,MAAM,EAAE,CA8CpB;AAED;;;;;GAKG;AACH,6DAHW,MAAM,GACJ,MAAM,GAAC,SAAS,CAuK5B;AAED;;;;;GAKG;AACH,+DAHW,MAAM,GACJ;IAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAAC,WAAW,CAAC,EAAE,MAAM,CAAA;CAAC,CA4BxF;AAuFD;;;;;;;;;;;;;;;GAeG;AACH,+DAHW,MAAM,GACJ;IAAC,UAAU,EAAE,MAAM,EAAE,CAAC;IAAC,aAAa,EAAE,MAAM,EAAE,CAAA;CAAC,CAuC3D;AAED;;;;;GAKG;AACH,qCAHW,MAAM,GACJ,MAAM,GAAC,SAAS,CA+M5B;AAED;;;;;GAKG;AACH,8DAHW,KAAK,CAAC;IAAC,OAAO,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAC;IAAC,GAAG,EAAE,MAAM,CAAA;CAAC,CAAC,GACpD,MAAM,EAAE,CAyGpB;AAnnCD;;GAEG;AACH,yCAA0C,kBAAkB,CAAC"}
|
|
@@ -1,13 +1,8 @@
|
|
|
1
1
|
/**
|
|
2
|
-
* Parse a single GitHub Actions workflow file and
|
|
2
|
+
* Parse a single GitHub Actions workflow file into workflow, component, and dependency data.
|
|
3
3
|
*
|
|
4
|
-
*
|
|
5
|
-
*
|
|
6
|
-
* - **components** – action references (`pkg:github/…`) and run-step processes
|
|
7
|
-
* - **dependencies** – workflow→job and job→action/step edges
|
|
8
|
-
*
|
|
9
|
-
* @param {string} f - Absolute path to a workflow YAML file.
|
|
10
|
-
* @param {Object} options - CLI options
|
|
4
|
+
* @param {string} f Absolute path to a workflow YAML file
|
|
5
|
+
* @param {Object} options CLI options
|
|
11
6
|
* @returns {{ workflows: Object[], components: Object[], dependencies: Object[] }}
|
|
12
7
|
*/
|
|
13
8
|
export function parseWorkflowFile(f: string, options: Object): {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"githubActions.d.ts","sourceRoot":"","sources":["../../../../lib/helpers/ciParsers/githubActions.js"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"githubActions.d.ts","sourceRoot":"","sources":["../../../../lib/helpers/ciParsers/githubActions.js"],"names":[],"mappings":"AA4lDA;;;;;;GAMG;AAEH,qCALW,MAAM,WACN,MAAM,GACJ;IAAE,SAAS,EAAE,MAAM,EAAE,CAAC;IAAC,UAAU,EAAE,MAAM,EAAE,CAAC;IAAC,YAAY,EAAE,MAAM,EAAE,CAAA;CAAE,CAqiBjF;;;;IAeC;;;;OAIG;IACH,sBAJW,MAAM,EAAE,WACR,MAAM,GACJ;QAAE,SAAS,EAAE,MAAM,EAAE,CAAC;QAAC,UAAU,EAAE,MAAM,EAAE,CAAC;QAAC,QAAQ,EAAE,MAAM,EAAE,CAAC;QAAC,UAAU,EAAE,MAAM,EAAE,CAAC;QAAC,YAAY,EAAE,MAAM,EAAE,CAAA;KAAE,CAqB3H"}
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
export function getContainerRiskMetadata(name: any, linkedName: any): {
|
|
2
|
+
attackTactics: any[];
|
|
3
|
+
attackTechniques: any[];
|
|
4
|
+
canonicalName: any;
|
|
5
|
+
knowledgeSourceRefs: any[];
|
|
6
|
+
knowledgeSources: any[];
|
|
7
|
+
matchSource: string;
|
|
8
|
+
offenseTools: any[];
|
|
9
|
+
riskTags: any[];
|
|
10
|
+
seccompBlockedSyscalls: any[];
|
|
11
|
+
seccompProfile: any;
|
|
12
|
+
} | undefined;
|
|
13
|
+
export function createContainerRiskProperties(name: any, linkedName: any): {
|
|
14
|
+
name: string;
|
|
15
|
+
value: any;
|
|
16
|
+
}[];
|
|
17
|
+
//# sourceMappingURL=containerRisk.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"containerRisk.d.ts","sourceRoot":"","sources":["../../../lib/helpers/containerRisk.js"],"names":[],"mappings":"AAqFA;;;;;;;;;;;cAuCC;AAED;;;IA2DC"}
|
|
@@ -6,9 +6,10 @@
|
|
|
6
6
|
* @param {Object} bomJson CycloneDX BOM JSON object
|
|
7
7
|
* @param {string[]} [filterTypes] Optional list of component types to include; all types shown when omitted
|
|
8
8
|
* @param {string} [highlight] Optional string to highlight in the output
|
|
9
|
+
* @param {string} [summaryText] Optional summary message to print after the table
|
|
9
10
|
* @returns {void}
|
|
10
11
|
*/
|
|
11
|
-
export function printTable(bomJson: Object, filterTypes?: string[], highlight?: string): void;
|
|
12
|
+
export function printTable(bomJson: Object, filterTypes?: string[], highlight?: string, summaryText?: string): void;
|
|
12
13
|
/**
|
|
13
14
|
* Prints OS package components from the BOM as a formatted streaming table.
|
|
14
15
|
*
|
|
@@ -102,6 +103,8 @@ export function printSummary(bomJson: Object): void;
|
|
|
102
103
|
* @param {EnvAuditFinding[]} envAuditFindings Audit findings to display
|
|
103
104
|
*/
|
|
104
105
|
export function displaySelfThreatModel(filePath: string, config: Object, options: Object, envAuditFindings: EnvAuditFinding[]): void;
|
|
106
|
+
export function buildDependencyTreeLegendLines(treeGraphics: string[]): string[];
|
|
107
|
+
export function buildDependencyTreeLines(dependencies: Object[], mode?: string): string[];
|
|
105
108
|
export type EnvAuditFinding = {
|
|
106
109
|
type: string;
|
|
107
110
|
variable: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"display.d.ts","sourceRoot":"","sources":["../../../lib/helpers/display.js"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"display.d.ts","sourceRoot":"","sources":["../../../lib/helpers/display.js"],"names":[],"mappings":"AA+DA;;;;;;;;;;GAUG;AACH,oCANW,MAAM,gBACN,MAAM,EAAE,cACR,MAAM,gBACN,MAAM,GACJ,IAAI,CAuFhB;AAQD;;;;;GAKG;AACH,sCAHW,MAAM,GACJ,IAAI,CAsBhB;AACD;;;;;;GAMG;AACH,uCAHW,MAAM,GACJ,IAAI,CAwBhB;AAED;;;;;GAKG;AACH,0CAHW,MAAM,GACJ,IAAI,CAuBhB;AAeD;;;;;;GAMG;AACH,0CAHW,MAAM,GACJ,IAAI,CAwChB;AAED;;;;;;GAMG;AACH,wCAHW,MAAM,GACJ,IAAI,CA4ChB;AACD;;;;;;;;GAQG;AACH,6CALW,MAAM,SACN,MAAM,cACN,MAAM,GACJ,IAAI,CAoChB;AAoMD;;;;;;GAMG;AACH,gDAHW,MAAM,GACJ,IAAI,CAoChB;AAED;;;;;GAKG;AACH,sDAHW,MAAM,EAAE,GACN,IAAI,CA4BhB;AAED;;;;;;;GAOG;AACH,4CAHW,MAAM,GACJ,IAAI,CAsBhB;AAED;;;;;;GAMG;AACH,sCAHW,MAAM,GACJ,IAAI,CAkDhB;AAED;;GAEG;AAEH;;;;;;;;GAQG;AACH,iDALW,MAAM,UACN,MAAM,WACN,MAAM,oBACN,eAAe,EAAE,QAmU3B;AA3hCM,6DAHI,MAAM,EAAE,GACN,MAAM,EAAE,CAcpB;AAofM,uDAJI,MAAM,EAAE,SACR,MAAM,GACJ,MAAM,EAAE,CAyCpB;8BAuKY;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAC;IAAC,UAAU,EAAE,MAAM,CAAA;CAAC"}
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Normalize the requested export formats.
|
|
3
|
+
*
|
|
4
|
+
* @param {string|string[]|undefined|null} format Raw format value
|
|
5
|
+
* @returns {string[]} Normalized export formats
|
|
6
|
+
*/
|
|
7
|
+
export function normalizeOutputFormats(format: string | string[] | undefined | null): string[];
|
|
8
|
+
/**
|
|
9
|
+
* Derive the SPDX output path from a base output path.
|
|
10
|
+
*
|
|
11
|
+
* @param {string} outputPath Output path
|
|
12
|
+
* @returns {string} SPDX output path
|
|
13
|
+
*/
|
|
14
|
+
export function deriveSpdxOutputPath(outputPath: string): string;
|
|
15
|
+
/**
|
|
16
|
+
* Derive the CycloneDX output path from a base output path.
|
|
17
|
+
*
|
|
18
|
+
* @param {string} outputPath Output path
|
|
19
|
+
* @returns {string} CycloneDX output path
|
|
20
|
+
*/
|
|
21
|
+
export function deriveCycloneDxOutputPath(outputPath: string): string;
|
|
22
|
+
/**
|
|
23
|
+
* Determine the final output plan for the requested export formats.
|
|
24
|
+
*
|
|
25
|
+
* @param {object} options CLI options
|
|
26
|
+
* @returns {{ formats: Set<string>, outputs: Record<string, string>, explicitFormat: boolean }} Output plan
|
|
27
|
+
*/
|
|
28
|
+
export function createOutputPlan(options: object): {
|
|
29
|
+
formats: Set<string>;
|
|
30
|
+
outputs: Record<string, string>;
|
|
31
|
+
explicitFormat: boolean;
|
|
32
|
+
};
|
|
33
|
+
/**
|
|
34
|
+
* Return the output directory for a planned export path.
|
|
35
|
+
*
|
|
36
|
+
* @param {string} outputPath Output path
|
|
37
|
+
* @returns {string} Output directory
|
|
38
|
+
*/
|
|
39
|
+
export function getOutputDirectory(outputPath: string): string;
|
|
40
|
+
//# sourceMappingURL=exportUtils.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"exportUtils.d.ts","sourceRoot":"","sources":["../../../lib/helpers/exportUtils.js"],"names":[],"mappings":"AAYA;;;;;GAKG;AACH,+CAHW,MAAM,GAAC,MAAM,EAAE,GAAC,SAAS,GAAC,IAAI,GAC5B,MAAM,EAAE,CAoBpB;AAED;;;;;GAKG;AACH,iDAHW,MAAM,GACJ,MAAM,CAgBlB;AAED;;;;;GAKG;AACH,sDAHW,MAAM,GACJ,MAAM,CAUlB;AAED;;;;;GAKG;AACH,0CAHW,MAAM,GACJ;IAAE,OAAO,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAAC,cAAc,EAAE,OAAO,CAAA;CAAE,CAgC9F;AAED;;;;;GAKG;AACH,+CAHW,MAAM,GACJ,MAAM,CAIlB"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"formulationParsers.d.ts","sourceRoot":"","sources":["../../../lib/helpers/formulationParsers.js"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"formulationParsers.d.ts","sourceRoot":"","sources":["../../../lib/helpers/formulationParsers.js"],"names":[],"mappings":"AAwGA;;;;;;;GAOG;AACH,uCAFW;IAAE,EAAE,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,EAAE,CAAC;IAAC,KAAK,WAAU;CAAE,QAoB7D;AAED;;;;GAIG;AACH,8BAFa,KAAK,CAAC;IAAE,EAAE,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,EAAE,CAAC;IAAC,KAAK,WAAU;CAAE,CAAC,CAItE;AAgDD;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,gDAZW,MAAM,WACN,MAAM,YAEN,MAAM,GAIJ;IAAE,WAAW,EAAE,MAAM,EAAE,CAAC;IAAC,YAAY,EAAE,MAAM,EAAE,CAAA;CAAE,CAuN7D"}
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
export function getGtfoBinsMetadata(name: any, linkedName: any): {
|
|
2
|
+
canonicalName: any;
|
|
3
|
+
contexts: any;
|
|
4
|
+
functions: any;
|
|
5
|
+
matchSource: string;
|
|
6
|
+
mitreTechniques: any;
|
|
7
|
+
privilegedContexts: any;
|
|
8
|
+
reference: string;
|
|
9
|
+
riskTags: any[];
|
|
10
|
+
source: any;
|
|
11
|
+
sourceRef: any;
|
|
12
|
+
} | undefined;
|
|
13
|
+
export function createGtfoBinsProperties(name: any, linkedName: any): {
|
|
14
|
+
name: string;
|
|
15
|
+
value: any;
|
|
16
|
+
}[];
|
|
17
|
+
//# sourceMappingURL=gtfobins.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"gtfobins.d.ts","sourceRoot":"","sources":["../../../lib/helpers/gtfobins.js"],"names":[],"mappings":"AAmHA;;;;;;;;;;;cAsCC;AAED;;;IAiCC"}
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Resolve LOLBAS metadata for a binary or script name.
|
|
3
|
+
*
|
|
4
|
+
* @param {string} candidate Binary or script path/name
|
|
5
|
+
* @returns {object|undefined} Matched LOLBAS metadata
|
|
6
|
+
*/
|
|
7
|
+
export function getLolbasMetadata(candidate: string): object | undefined;
|
|
8
|
+
/**
|
|
9
|
+
* Resolve LOLBAS properties for an osquery row.
|
|
10
|
+
*
|
|
11
|
+
* @param {string} queryCategory Osquery query category
|
|
12
|
+
* @param {object} row Osquery row
|
|
13
|
+
* @returns {Array<object>} CycloneDX custom properties
|
|
14
|
+
*/
|
|
15
|
+
export function createLolbasProperties(queryCategory: string, row: object): Array<object>;
|
|
16
|
+
//# sourceMappingURL=lolbas.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"lolbas.d.ts","sourceRoot":"","sources":["../../../lib/helpers/lolbas.js"],"names":[],"mappings":"AA2IA;;;;;GAKG;AACH,6CAHW,MAAM,GACJ,MAAM,GAAC,SAAS,CAqB5B;AAED;;;;;;GAMG;AACH,sDAJW,MAAM,OACN,MAAM,GACJ,KAAK,CAAC,MAAM,CAAC,CA+FzB"}
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
export function deriveOsQueryVersion(res: any): any;
|
|
2
|
+
export function deriveOsQueryName(res: any, singleResult: any, queryName: any): any;
|
|
3
|
+
export function deriveOsQueryPublisher(res: any): any;
|
|
4
|
+
export function deriveOsQueryDescription(res: any): any;
|
|
5
|
+
export function sanitizeOsQueryIdentity(value: any): string;
|
|
6
|
+
export function createOsQueryPurl(purlType: any, group: any, name: any, version: any, qualifiers: any, subpath: any): string;
|
|
7
|
+
//# sourceMappingURL=osqueryTransform.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"osqueryTransform.d.ts","sourceRoot":"","sources":["../../../lib/helpers/osqueryTransform.js"],"names":[],"mappings":"AAEA,oDAWC;AAED,oFAgBC;AAED,sDASC;AAED,wDAaC;AAED,4DAMC;AAED,6HAgBC"}
|
|
@@ -0,0 +1,90 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Return a component property value by name.
|
|
3
|
+
*
|
|
4
|
+
* @param {object} component CycloneDX component
|
|
5
|
+
* @param {string} propertyName Property name to look up
|
|
6
|
+
* @returns {string | undefined} Property value if present
|
|
7
|
+
*/
|
|
8
|
+
export function getComponentPropertyValue(component: object, propertyName: string): string | undefined;
|
|
9
|
+
/**
|
|
10
|
+
* Return a property value by name from a raw properties array.
|
|
11
|
+
*
|
|
12
|
+
* @param {object[]} properties CycloneDX properties array
|
|
13
|
+
* @param {string} propertyName Property name to look up
|
|
14
|
+
* @returns {string | undefined} Property value if present
|
|
15
|
+
*/
|
|
16
|
+
export function getPropertyValue(properties: object[], propertyName: string): string | undefined;
|
|
17
|
+
/**
|
|
18
|
+
* Check whether any of the supplied properties exist and carry a value.
|
|
19
|
+
*
|
|
20
|
+
* @param {object[]} properties CycloneDX properties array
|
|
21
|
+
* @param {string[]} propertyNames Property names to test
|
|
22
|
+
* @returns {boolean} True when any named property has a non-empty value
|
|
23
|
+
*/
|
|
24
|
+
export function hasAnyPropertyValue(properties: object[], propertyNames: string[]): boolean;
|
|
25
|
+
/**
|
|
26
|
+
* Determine whether a raw properties array includes trusted publishing metadata.
|
|
27
|
+
*
|
|
28
|
+
* @param {object[]} properties CycloneDX properties array
|
|
29
|
+
* @returns {boolean} True when trusted publishing is recorded for npm or PyPI
|
|
30
|
+
*/
|
|
31
|
+
export function hasTrustedPublishingProperties(properties: object[]): boolean;
|
|
32
|
+
/**
|
|
33
|
+
* Determine whether a raw properties array includes direct registry provenance evidence.
|
|
34
|
+
*
|
|
35
|
+
* @param {object[]} properties CycloneDX properties array
|
|
36
|
+
* @returns {boolean} True when direct provenance evidence is present
|
|
37
|
+
*/
|
|
38
|
+
export function hasRegistryProvenanceEvidenceProperties(properties: object[]): boolean;
|
|
39
|
+
/**
|
|
40
|
+
* Determine whether a component includes trusted publishing metadata.
|
|
41
|
+
*
|
|
42
|
+
* @param {object} component CycloneDX component
|
|
43
|
+
* @returns {boolean} True when trusted publishing is recorded for npm or PyPI
|
|
44
|
+
*/
|
|
45
|
+
export function hasComponentTrustedPublishing(component: object): boolean;
|
|
46
|
+
/**
|
|
47
|
+
* Determine whether a component includes direct registry provenance evidence.
|
|
48
|
+
*
|
|
49
|
+
* @param {object} component CycloneDX component
|
|
50
|
+
* @returns {boolean} True when provenance URL, digests, signatures, or key IDs exist
|
|
51
|
+
*/
|
|
52
|
+
export function hasComponentRegistryProvenanceEvidence(component: object): boolean;
|
|
53
|
+
/**
|
|
54
|
+
* Determine whether a component includes registry provenance metadata.
|
|
55
|
+
*
|
|
56
|
+
* @param {object} component CycloneDX component
|
|
57
|
+
* @returns {boolean} True when provenance or trusted publishing metadata exists
|
|
58
|
+
*/
|
|
59
|
+
export function hasComponentRegistryProvenance(component: object): boolean;
|
|
60
|
+
/**
|
|
61
|
+
* Filter components to those carrying trusted publishing metadata.
|
|
62
|
+
*
|
|
63
|
+
* @param {object[]} components BOM components
|
|
64
|
+
* @returns {object[]} Trusted-publishing-backed components
|
|
65
|
+
*/
|
|
66
|
+
export function getTrustedComponents(components: object[]): object[];
|
|
67
|
+
/**
|
|
68
|
+
* Filter components to those carrying direct registry provenance evidence.
|
|
69
|
+
*
|
|
70
|
+
* @param {object[]} components BOM components
|
|
71
|
+
* @returns {object[]} Provenance-backed components
|
|
72
|
+
*/
|
|
73
|
+
export function getProvenanceComponents(components: object[]): object[];
|
|
74
|
+
/**
|
|
75
|
+
* Count components with trusted publishing metadata by registry ecosystem.
|
|
76
|
+
*
|
|
77
|
+
* @param {object[]} components BOM components
|
|
78
|
+
* @returns {{npm: number, pypi: number, total: number}} Trusted publishing counts
|
|
79
|
+
*/
|
|
80
|
+
export function getTrustedPublishingComponentCounts(components: object[]): {
|
|
81
|
+
npm: number;
|
|
82
|
+
pypi: number;
|
|
83
|
+
total: number;
|
|
84
|
+
};
|
|
85
|
+
export const NPM_PROVENANCE_EVIDENCE_PROPERTIES: string[];
|
|
86
|
+
export const PYPI_PROVENANCE_EVIDENCE_PROPERTIES: string[];
|
|
87
|
+
export const REGISTRY_PROVENANCE_EVIDENCE_PROPERTIES: string[];
|
|
88
|
+
export const TRUSTED_PUBLISHING_PROPERTIES: string[];
|
|
89
|
+
export const REGISTRY_PROVENANCE_ICON: "\uD83D\uDEE1";
|
|
90
|
+
//# sourceMappingURL=provenanceUtils.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"provenanceUtils.d.ts","sourceRoot":"","sources":["../../../lib/helpers/provenanceUtils.js"],"names":[],"mappings":"AAmCA;;;;;;GAMG;AACH,qDAJW,MAAM,gBACN,MAAM,GACJ,MAAM,GAAG,SAAS,CAK9B;AAED;;;;;;GAMG;AACH,6CAJW,MAAM,EAAE,gBACR,MAAM,GACJ,MAAM,GAAG,SAAS,CAI9B;AAED;;;;;;GAMG;AACH,gDAJW,MAAM,EAAE,iBACR,MAAM,EAAE,GACN,OAAO,CAMnB;AAED;;;;;GAKG;AACH,2DAHW,MAAM,EAAE,GACN,OAAO,CAMnB;AAED;;;;;GAKG;AACH,oEAHW,MAAM,EAAE,GACN,OAAO,CAOnB;AAED;;;;;GAKG;AACH,yDAHW,MAAM,GACJ,OAAO,CAInB;AAED;;;;;GAKG;AACH,kEAHW,MAAM,GACJ,OAAO,CAInB;AAED;;;;;GAKG;AACH,0DAHW,MAAM,GACJ,OAAO,CAOnB;AAED;;;;;GAKG;AACH,iDAHW,MAAM,EAAE,GACN,MAAM,EAAE,CASpB;AAED;;;;;GAKG;AACH,oDAHW,MAAM,EAAE,GACN,MAAM,EAAE,CASpB;AAED;;;;;GAKG;AACH,gEAHW,MAAM,EAAE,GACN;IAAC,GAAG,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAC,CA6BtD;AA3LD,0DAQE;AACF,2DASE;AACF,+DAGE;AACF,qDAGE;AAEF,uCAAwC,cAAI,CAAC"}
|
|
@@ -0,0 +1,51 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Check whether a file name conforms to pylock naming.
|
|
3
|
+
*
|
|
4
|
+
* @param {string} lockFilePath lock file path
|
|
5
|
+
* @returns {boolean} true if this is a pylock file
|
|
6
|
+
*/
|
|
7
|
+
export function isPyLockFile(lockFilePath: string): boolean;
|
|
8
|
+
/**
|
|
9
|
+
* Check whether a parsed toml object follows pylock format.
|
|
10
|
+
*
|
|
11
|
+
* @param {object} lockTomlObj parsed toml object
|
|
12
|
+
* @returns {boolean} true if object appears to be pylock data
|
|
13
|
+
*/
|
|
14
|
+
export function isPyLockObject(lockTomlObj: object): boolean;
|
|
15
|
+
/**
|
|
16
|
+
* Get package entries from py lock data in a format-agnostic way.
|
|
17
|
+
*
|
|
18
|
+
* @param {object} lockTomlObj parsed toml object
|
|
19
|
+
* @returns {Array<object>} package entries
|
|
20
|
+
*/
|
|
21
|
+
export function getPyLockPackages(lockTomlObj: object): Array<object>;
|
|
22
|
+
/**
|
|
23
|
+
* Convert top-level pylock keys to custom cdx properties.
|
|
24
|
+
*
|
|
25
|
+
* @param {object} lockTomlObj parsed toml object
|
|
26
|
+
* @returns {Array<object>} custom properties
|
|
27
|
+
*/
|
|
28
|
+
export function collectPyLockTopLevelProperties(lockTomlObj: object): Array<object>;
|
|
29
|
+
/**
|
|
30
|
+
* Convert package-level pylock keys to custom cdx properties.
|
|
31
|
+
*
|
|
32
|
+
* @param {object} pkg pylock package entry
|
|
33
|
+
* @returns {Array<object>} custom properties
|
|
34
|
+
*/
|
|
35
|
+
export function collectPyLockPackageProperties(pkg: object): Array<object>;
|
|
36
|
+
/**
|
|
37
|
+
* Build file components from pylock source entries.
|
|
38
|
+
*
|
|
39
|
+
* @param {object} pkg pylock package entry
|
|
40
|
+
* @param {string} lockFile lock file path
|
|
41
|
+
* @returns {Array<object>} file components
|
|
42
|
+
*/
|
|
43
|
+
export function collectPyLockFileComponents(pkg: object, lockFile: string): Array<object>;
|
|
44
|
+
/**
|
|
45
|
+
* Check whether index points to the default pypi registry.
|
|
46
|
+
*
|
|
47
|
+
* @param {string} indexUrl index URL from pylock
|
|
48
|
+
* @returns {boolean} true for default pypi
|
|
49
|
+
*/
|
|
50
|
+
export function isDefaultPypiRegistry(indexUrl: string): boolean;
|
|
51
|
+
//# sourceMappingURL=pylockutils.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"pylockutils.d.ts","sourceRoot":"","sources":["../../../lib/helpers/pylockutils.js"],"names":[],"mappings":"AAkCA;;;;;GAKG;AACH,2CAHW,MAAM,GACJ,OAAO,CAOnB;AAED;;;;;GAKG;AACH,4CAHW,MAAM,GACJ,OAAO,CAMnB;AAED;;;;;GAKG;AACH,+CAHW,MAAM,GACJ,KAAK,CAAC,MAAM,CAAC,CAUzB;AAED;;;;;GAKG;AACH,6DAHW,MAAM,GACJ,KAAK,CAAC,MAAM,CAAC,CAazB;AAED;;;;;GAKG;AACH,oDAHW,MAAM,GACJ,KAAK,CAAC,MAAM,CAAC,CAazB;AAED;;;;;;GAMG;AACH,iDAJW,MAAM,YACN,MAAM,GACJ,KAAK,CAAC,MAAM,CAAC,CAwCzB;AAED;;;;;GAKG;AACH,gDAHW,MAAM,GACJ,OAAO,CAOnB"}
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Extract advanced npm provenance and publishing properties from registry metadata.
|
|
3
|
+
*
|
|
4
|
+
* @param {object} packument npm packument body
|
|
5
|
+
* @param {string | undefined} version package version
|
|
6
|
+
* @returns {object[]} custom properties
|
|
7
|
+
*/
|
|
8
|
+
export function collectNpmRegistryProvenanceProperties(packument: object, version: string | undefined): object[];
|
|
9
|
+
/**
|
|
10
|
+
* Extract advanced PyPI provenance and publishing properties from registry metadata.
|
|
11
|
+
*
|
|
12
|
+
* @param {object} projectBody PyPI JSON body
|
|
13
|
+
* @param {string | undefined} version package version
|
|
14
|
+
* @returns {object[]} custom properties
|
|
15
|
+
*/
|
|
16
|
+
export function collectPypiRegistryProvenanceProperties(projectBody: object, version: string | undefined): object[];
|
|
17
|
+
//# sourceMappingURL=registryProvenance.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"registryProvenance.d.ts","sourceRoot":"","sources":["../../../lib/helpers/registryProvenance.js"],"names":[],"mappings":"AA6SA;;;;;;GAMG;AACH,kEAJW,MAAM,WACN,MAAM,GAAG,SAAS,GAChB,MAAM,EAAE,CA4MpB;AAED;;;;;;GAMG;AACH,qEAJW,MAAM,WACN,MAAM,GAAG,SAAS,GAChB,MAAM,EAAE,CAmRpB"}
|