@dxworks/depinder 0.1.1

package/dist/plugins/ruby/index.js

@@ -0,0 +1,142 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ruby = exports.retrieveFormRubyGems = void 0;
+// @ts-ignore
+const gemfile = __importStar(require("@snyk/gemfile"));
+const path_1 = __importDefault(require("path"));
+const preload_1 = __importDefault(require("semver/preload"));
+const node_fetch_1 = __importDefault(require("node-fetch"));
+const extractor = {
+    files: ['Gemfile', '*.gemspec', 'Gemfile.lock'],
+    createContexts: files => files.filter(it => it.endsWith('Gemfile.lock')).map(it => ({
+        root: path_1.default.dirname(it),
+        lockFile: path_1.default.basename(it),
+    })),
+};
+const parser = {
+    parseDependencyTree: parseLockFile,
+};
+function transformDeps(tree, root) {
+    const result = {};
+    const directDeps = new Set(Object.keys(tree.dependencies));
+    Object.keys(tree.specs).forEach(specName => {
+        const value = tree.specs[specName];
+        const id = `${specName}@${value.version}`;
+        result[id] = {
+            id,
+            name: specName,
+            version: value.version,
+            semver: preload_1.default.coerce(value.version),
+            type: value.type,
+            requestedBy: [],
+        };
+    });
+    Object.keys(tree.specs).forEach(specName => {
+        const value = tree.specs[specName];
+        const id = `${specName}@${value.version}`;
+        Object.keys(value).filter(it => !['version', 'remote', 'type'].includes(it)).forEach(spec => {
+            const cachedValue = result[id];
+            if (cachedValue && value[spec].version) {
+                cachedValue.requestedBy = [...cachedValue.requestedBy, id];
+            }
+        });
+    });
+    // TODO: read Gemfile and add the requestedBy field for the direct dependencies
+    directDeps.forEach(dep => {
+        const key = Object.keys(result).find(it => it.startsWith(`${dep}@`));
+        if (!key)
+            return;
+        const cachedValue = result[key];
+        if (cachedValue) {
+            cachedValue.requestedBy = [...cachedValue.requestedBy, root];
+        }
+    });
+    return result;
+}
+function parseLockFile({ root, lockFile }) {
+    const result = gemfile.parseSync(path_1.default.resolve(root, lockFile), true);
+    return {
+        name: path_1.default.basename(root),
+        path: root,
+        version: '',
+        dependencies: transformDeps(result, `${path_1.default.basename(root)}@`),
+    };
+}
+const registrarCache = new Map();
+async function retrieveFormRubyGems(libraryName) {
+    if (registrarCache.has(libraryName))
+        // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+        return registrarCache.get(libraryName);
+    const gemResponse = await (0, node_fetch_1.default)(`https://rubygems.org/api/v1/gems/${libraryName}.json`);
+    const gemData = await gemResponse.json();
+    const versionsResponse = await (0, node_fetch_1.default)(`https://rubygems.org/api/v1/versions/${libraryName}.json`);
+    const versionsData = await versionsResponse.json();
+    const libInfo = {
+        name: gemData.name,
+        versions: versionsData.map((it) => {
+            return {
+                version: it.number,
+                timestamp: Date.parse(it.created_at),
+                buildAt: Date.parse(it.built_at),
+                licenses: it.licenses,
+                latest: it.number == gemData.version,
+                rubyVersion: it.ruby_version,
+                rubygemsVersion: it.rubygems_version,
+            };
+        }),
+        description: gemData.info,
+        issuesUrl: [gemData.metadata.bug_tracker_uri],
+        licenses: gemData.licenses,
+        reposUrl: [gemData.metadata.source_code_uri],
+        documentationUrl: gemData.metadata.documentation_uri,
+        homepageUrl: gemData.homepage_uri,
+        packageUrl: gemData.gem_uri,
+        keywords: [],
+        downloads: gemData.downloads,
+    };
+    registrarCache.set(libraryName, libInfo);
+    return libInfo;
+}
+exports.retrieveFormRubyGems = retrieveFormRubyGems;
+const registrar = {
+    retrieve: retrieveFormRubyGems,
+};
+const checker = {
+    githubSecurityAdvisoryEcosystem: 'RUBYGEMS',
+    getPURL: (lib, ver) => `pkg:gem/${lib}@${ver}`,
+};
+exports.ruby = {
+    name: 'ruby',
+    aliases: ['gem'],
+    extractor,
+    parser,
+    registrar,
+    checker,
+};
+//# sourceMappingURL=index.js.map

package/dist/plugins/ruby/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/plugins/ruby/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAOA,aAAa;AACb,uDAAwC;AACxC,gDAAuB;AACvB,6DAAmC;AAEnC,4DAA8B;AAI9B,MAAM,SAAS,GAAc;IACzB,KAAK,EAAE,CAAC,SAAS,EAAE,WAAW,EAAE,cAAc,CAAC;IAC/C,cAAc,EAAE,KAAK,CAAC,EAAE,CACpB,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;QACvD,IAAI,EAAE,cAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QACtB,QAAQ,EAAE,cAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;KACJ,CAAA,CAAC;CACnC,CAAA;AAED,MAAM,MAAM,GAAW;IACnB,mBAAmB,EAAE,aAAa;CACrC,CAAA;AAED,SAAS,aAAa,CAAC,IAAS,EAAE,IAAY;IAE1C,MAAM,MAAM,GAAyC,EAAE,CAAA;IAEvD,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAA;IAE1D,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE;QACvC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAA;QAClC,MAAM,EAAE,GAAG,GAAG,QAAQ,IAAI,KAAK,CAAC,OAAO,EAAE,CAAA;QACzC,MAAM,CAAC,EAAE,CAAC,GAAG;YACT,EAAE;YACF,IAAI,EAAE,QAAQ;YACd,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,MAAM,EAAE,iBAAM,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC;YACpC,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,WAAW,EAAE,EAAE;SACI,CAAA;IAC3B,CAAC,CAAC,CAAA;IAEF,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE;QACvC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAA;QAClC,MAAM,EAAE,GAAG,GAAG,QAAQ,IAAI,KAAK,CAAC,OAAO,EAAE,CAAA;QACzC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE;YACxF,MAAM,WAAW,GAAG,MAAM,CAAC,EAAE,CAAuB,CAAA;YACpD,IAAI,WAAW,IAAI,KAAK,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE;gBACpC,WAAW,CAAC,WAAW,GAAE,CAAC,GAAG,WAAW,CAAC,WAAW,EAAE,EAAE,CAAC,CAAA;aAC5D;QACL,CAAC,CAAC,CAAA;IACN,CAAC,CAAC,CAAA;IAEF,+EAA+E;IAC/E,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE;QACrB,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,GAAG,GAAG,GAAG,CAAC,CAAC,CAAA;QACpE,IAAG,CAAC,GAAG;YAAE,OAAM;QACf,MAAM,WAAW,GAAG,MAAM,CAAC,GAAG,CAAuB,CAAA;QACrD,IAAG,WAAW,EAAE;YACZ,WAAW,CAAC,WAAW,GAAG,CAAC,GAAG,WAAW,CAAC,WAAW,EAAE,IAAI,CAAC,CAAA;SAC/D;IACL,CAAC,CAAC,CAAA;IAEF,OAAO,MAAM,CAAA;AACjB,CAAC;AAED,SAAS,aAAa,CAAC,EAAC,IAAI,EAAE,QAAQ,EAAwB;IAC1D,MAAM,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,cAAI,CAAC,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC,EAAE,IAAI,CAAC,CAAA;IAEpE,OAAO;QACH,IAAI,EAAE,cAAI,CAAC,QAAQ,CAAC,IAAI,CAAC;QACzB,IAAI,EAAE,IAAI;QACV,OAAO,EAAE,EAAE;QACX,YAAY,EAAE,aAAa,CAAC,MAAM,EAAE,GAAG,cAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC;KAC9C,CAAA;AACxB,CAAC;AAED,MAAM,cAAc,GAA6B,IAAI,GAAG,EAAuB,CAAA;AAExE,KAAK,UAAU,oBAAoB,CAAC,WAAmB;IAC1D,IAAG,cAAc,CAAC,GAAG,CAAC,WAAW,CAAC;QAC9B,oEAAoE;QACpE,OAAO,cAAc,CAAC,GAAG,CAAC,WAAW,CAAE,CAAA;IAE3C,MAAM,WAAW,GAAQ,MAAM,IAAA,oBAAK,EAAC,oCAAoC,WAAW,OAAO,CAAC,CAAA;IAC5F,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,IAAI,EAAE,CAAA;IACxC,MAAM,gBAAgB,GAAQ,MAAM,IAAA,oBAAK,EAAC,wCAAwC,WAAW,OAAO,CAAC,CAAA;IACrG,MAAM,YAAY,GAAG,MAAM,gBAAgB,CAAC,IAAI,EAAE,CAAA;IAElD,MAAM,OAAO,GAAI;QACb,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,QAAQ,EAAE,YAAY,CAAC,GAAG,CAAC,CAAC,EAAO,EAAE,EAAE;YACnC,OAAO;gBACH,OAAO,EAAE,EAAE,CAAC,MAAM;gBAClB,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,UAAU,CAAC;gBACpC,OAAO,EAAE,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,QAAQ,CAAC;gBAChC,QAAQ,EAAE,EAAE,CAAC,QAAQ;gBACrB,MAAM,EAAE,EAAE,CAAC,MAAM,IAAI,OAAO,CAAC,OAAO;gBACpC,WAAW,EAAE,EAAE,CAAC,YAAY;gBAC5B,eAAe,EAAE,EAAE,CAAC,gBAAgB;aACvC,CAAA;QACL,CAAC,CAAC;QACF,WAAW,EAAE,OAAO,CAAC,IAAI;QACzB,SAAS,EAAE,CAAC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAC;QAC7C,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,QAAQ,EAAE,CAAC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAC;QAC5C,gBAAgB,EAAE,OAAO,CAAC,QAAQ,CAAC,iBAAiB;QACpD,WAAW,EAAE,OAAO,CAAC,YAAY;QACjC,UAAU,EAAE,OAAO,CAAC,OAAO;QAC3B,QAAQ,EAAE,EAAE;QACZ,SAAS,EAAE,OAAO,CAAC,SAAS;KAC/B,CAAA;IACD,cAAc,CAAC,GAAG,CAAC,WAAW,EAAE,OAAO,CAAC,CAAA;IAExC,OAAO,OAAO,CAAA;AAClB,CAAC;AApCD,oDAoCC;AAED,MAAM,SAAS,GAAc;IACzB,QAAQ,EAAE,oBAAoB;CACjC,CAAA;AAED,MAAM,OAAO,GAAyB;IAClC,+BAA+B,EAAE,UAAU;IAC3C,OAAO,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,WAAW,GAAG,IAAI,GAAG,EAAE;CACjD,CAAA;AAEY,QAAA,IAAI,GAAW;IACxB,IAAI,EAAE,MAAM;IACZ,OAAO,EAAE,CAAC,KAAK,CAAC;IAChB,SAAS;IACT,MAAM;IACN,SAAS;IACT,OAAO;CACV,CAAA"}

package/dist/utils/blacklist.d.ts

@@ -0,0 +1 @@
+export declare const blacklistedGlobs: string[];

package/dist/utils/blacklist.js

@@ -0,0 +1,13 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.blacklistedGlobs = void 0;
+const path_1 = __importDefault(require("path"));
+const fs_1 = __importDefault(require("fs"));
+const blacklistFile = path_1.default.join(process.cwd(), '.blacklist');
+exports.blacklistedGlobs = fs_1.default.existsSync(blacklistFile) ?
+    fs_1.default.readFileSync(blacklistFile).toString().split('\n').filter(it => it.trim() !== '' && !it.startsWith('#'))
+    : [];
+//# sourceMappingURL=blacklist.js.map

package/dist/utils/blacklist.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"blacklist.js","sourceRoot":"","sources":["../../src/utils/blacklist.ts"],"names":[],"mappings":";;;;;;AAAA,gDAAuB;AACvB,4CAAmB;AAEnB,MAAM,aAAa,GAAG,cAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,YAAY,CAAC,CAAA;AAE/C,QAAA,gBAAgB,GAAG,YAAE,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC,CAAC;IAC1D,YAAE,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC,QAAQ,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IAC3G,CAAC,CAAC,EAAE,CAAA"}

package/dist/utils/npm.d.ts

@@ -0,0 +1,8 @@
+/// <reference types="node" />
+export declare const npm: {
+    install: typeof install;
+    npmCommand: typeof npmCommand;
+};
+declare function install(module: string | undefined, otherOptions: string | undefined, directory: string): any;
+declare function npmCommand(args: string, options?: any): string | Buffer;
+export {};

package/dist/utils/npm.js

@@ -0,0 +1,19 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.npm = void 0;
+const child_process_1 = require("child_process");
+const utils_1 = require("./utils");
+exports.npm = {
+    install,
+    npmCommand,
+};
+function install(module = '', otherOptions = '', directory) {
+    npmCommand(`install ${module} ${otherOptions}`, { cwd: directory, stdio: 'inherit' });
+}
+function npmCommand(args, options) {
+    if (!options)
+        return (0, child_process_1.execSync)(`${utils_1.npmExePath} ${args}`, { cwd: options.cwd, stdio: ['pipe', 'pipe', 'inherit'] });
+    else
+        return (0, child_process_1.execSync)(`${utils_1.npmExePath} ${args}`, options);
+}
+//# sourceMappingURL=npm.js.map

package/dist/utils/npm.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"npm.js","sourceRoot":"","sources":["../../src/utils/npm.ts"],"names":[],"mappings":";;;AAAA,iDAAsC;AACtC,mCAAkC;AAErB,QAAA,GAAG,GAAG;IACf,OAAO;IACP,UAAU;CACb,CAAA;AAED,SAAS,OAAO,CAAC,MAAM,GAAG,EAAE,EAAE,YAAY,GAAG,EAAE,EAAE,SAAiB;IAC9D,UAAU,CAAC,WAAW,MAAM,IAAI,YAAY,EAAE,EAAE,EAAC,GAAG,EAAE,SAAS,EAAE,KAAK,EAAE,SAAS,EAAC,CAAC,CAAA;AACvF,CAAC;AAED,SAAS,UAAU,CAAC,IAAY,EAAE,OAAa;IAC3C,IAAI,CAAC,OAAO;QACR,OAAO,IAAA,wBAAQ,EAAC,GAAG,kBAAU,IAAI,IAAI,EAAE,EAAE,EAAC,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,CAAC,EAAC,CAAC,CAAA;;QAEhG,OAAO,IAAA,wBAAQ,EAAC,GAAG,kBAAU,IAAI,IAAI,EAAE,EAAE,OAAO,CAAC,CAAA;AACzD,CAAC"}

package/dist/utils/utils.d.ts

@@ -0,0 +1,10 @@
+import { SemVer } from 'semver';
+export declare const _package: any;
+export declare function getAssetFile(assetName: string): string;
+export declare const npmExePath: string;
+export declare const depinderFolder: string;
+export declare const depinderTempFolder: string;
+export declare function getHomeDir(): string;
+export declare function walkDir(dir: string): string[];
+export declare function delay(ms: number): Promise<void>;
+export declare function getPackageSemver(version: string): SemVer | null;

package/dist/utils/utils.js

@@ -0,0 +1,58 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getPackageSemver = exports.delay = exports.walkDir = exports.getHomeDir = exports.depinderTempFolder = exports.depinderFolder = exports.npmExePath = exports.getAssetFile = exports._package = void 0;
+const path_1 = __importDefault(require("path"));
+const os_1 = require("os");
+const fs_1 = __importDefault(require("fs"));
+const semver_1 = require("semver");
+const preload_1 = __importDefault(require("semver/preload"));
+// eslint-disable-next-line @typescript-eslint/no-var-requires
+exports._package = require('../../package.json');
+function getAssetFile(assetName) {
+    return path_1.default.join(__dirname, '..', 'assets', assetName);
+}
+exports.getAssetFile = getAssetFile;
+exports.npmExePath = getBin('npm');
+function getBin(exe) {
+    return path_1.default.resolve(__dirname, '..', '..', 'node_modules', '.bin', exe);
+}
+exports.depinderFolder = path_1.default.join((0, os_1.homedir)(), '.dxw', 'depinder');
+exports.depinderTempFolder = path_1.default.join(exports.depinderFolder, 'temp');
+function getHomeDir() {
+    if (!fs_1.default.existsSync(exports.depinderFolder)) {
+        fs_1.default.mkdirSync(exports.depinderFolder);
+    }
+    if (!fs_1.default.existsSync(exports.depinderTempFolder)) {
+        fs_1.default.mkdirSync(exports.depinderTempFolder);
+    }
+    return exports.depinderFolder;
+}
+exports.getHomeDir = getHomeDir;
+function walkDir(dir) {
+    const allChildren = fs_1.default.readdirSync(dir);
+    const files = allChildren.map(it => path_1.default.resolve(dir, it)).filter(it => fs_1.default.lstatSync(it).isFile());
+    return [...files, ...allChildren.map(it => path_1.default.resolve(dir, it)).filter(it => fs_1.default.lstatSync(it).isDirectory()).flatMap(it => walkDir(path_1.default.resolve(dir, it)))];
+}
+exports.walkDir = walkDir;
+function delay(ms) {
+    return new Promise(resolve => setTimeout(resolve, ms));
+}
+exports.delay = delay;
+function getPackageSemver(version) {
+    try {
+        return new semver_1.SemVer(version);
+    }
+    catch (e) {
+        try {
+            return new semver_1.SemVer(version, { loose: true });
+        }
+        catch (e) {
+            return preload_1.default.coerce(version);
+        }
+    }
+}
+exports.getPackageSemver = getPackageSemver;
+//# sourceMappingURL=utils.js.map

package/dist/utils/utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../src/utils/utils.ts"],"names":[],"mappings":";;;;;;AAAA,gDAAuB;AACvB,2BAA0B;AAC1B,4CAAmB;AACnB,mCAA6B;AAC7B,6DAAmC;AAEnC,8DAA8D;AACjD,QAAA,QAAQ,GAAG,OAAO,CAAC,oBAAoB,CAAC,CAAA;AAGrD,SAAgB,YAAY,CAAC,SAAiB;IAC1C,OAAO,cAAI,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAA;AAC1D,CAAC;AAFD,oCAEC;AAEY,QAAA,UAAU,GAAG,MAAM,CAAC,KAAK,CAAC,CAAA;AAEvC,SAAS,MAAM,CAAC,GAAW;IACvB,OAAO,cAAI,CAAC,OAAO,CAAC,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,cAAc,EAAE,MAAM,EAAE,GAAG,CAAC,CAAA;AAC3E,CAAC;AAGY,QAAA,cAAc,GAAG,cAAI,CAAC,IAAI,CAAC,IAAA,YAAO,GAAE,EAAE,MAAM,EAAE,UAAU,CAAC,CAAA;AACzD,QAAA,kBAAkB,GAAG,cAAI,CAAC,IAAI,CAAC,sBAAc,EAAE,MAAM,CAAC,CAAA;AAEnE,SAAgB,UAAU;IACtB,IAAI,CAAC,YAAE,CAAC,UAAU,CAAC,sBAAc,CAAC,EAAE;QAChC,YAAE,CAAC,SAAS,CAAC,sBAAc,CAAC,CAAA;KAC/B;IACD,IAAI,CAAC,YAAE,CAAC,UAAU,CAAC,0BAAkB,CAAC,EAAE;QACpC,YAAE,CAAC,SAAS,CAAC,0BAAkB,CAAC,CAAA;KACnC;IACD,OAAO,sBAAc,CAAA;AACzB,CAAC;AARD,gCAQC;AAED,SAAgB,OAAO,CAAC,GAAW;IAC/B,MAAM,WAAW,GAAG,YAAE,CAAC,WAAW,CAAC,GAAG,CAAC,CAAA;IACvC,MAAM,KAAK,GAAG,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,cAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,YAAE,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,CAAA;IAClG,OAAO,CAAC,GAAG,KAAK,EAAE,GAAG,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,cAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,YAAE,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,CAAC,OAAO,CAAC,cAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAA;AACjK,CAAC;AAJD,0BAIC;AAED,SAAgB,KAAK,CAAC,EAAU;IAC5B,OAAO,IAAI,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAA;AAC1D,CAAC;AAFD,sBAEC;AAED,SAAgB,gBAAgB,CAAC,OAAe;IAC5C,IAAI;QACA,OAAO,IAAI,eAAM,CAAC,OAAO,CAAC,CAAA;KAC7B;IAAC,OAAO,CAAC,EAAE;QACR,IAAI;YACA,OAAO,IAAI,eAAM,CAAC,OAAO,EAAE,EAAC,KAAK,EAAE,IAAI,EAAC,CAAC,CAAA;SAE5C;QAAC,OAAO,CAAC,EAAE;YACR,OAAO,iBAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;SAChC;KACJ;AACL,CAAC;AAXD,4CAWC"}

package/dist/utils/vulnerabilities.d.ts

@@ -0,0 +1,5 @@
+import { Vulnerability } from '../extension-points/vulnerability-checker';
+export declare function getVulnerabilitiesFromGithub(ecosystem: string, packageName: string): Promise<Vulnerability[]>;
+export declare function getVulnerabilitiesFromSonatype(purls: string[]): Promise<{
+    [purl: string]: Vulnerability[];
+}>;

package/dist/utils/vulnerabilities.js

@@ -0,0 +1,103 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getVulnerabilitiesFromSonatype = exports.getVulnerabilitiesFromGithub = void 0;
+const graphql_1 = require("@octokit/graphql");
+const axios_1 = __importDefault(require("axios"));
+async function getVulnerabilitiesFromGithub(ecosystem, packageName) {
+    const authGraphql = graphql_1.graphql.defaults({
+        headers: {
+            authorization: `token ${process.env.GH_TOKEN}`,
+        },
+    });
+    const response = await authGraphql(`
+            query securityVulnerabilities($ecosystem: SecurityAdvisoryEcosystem, $package: String!){
+              securityVulnerabilities(first: 100, ecosystem: $ecosystem package: $package) {
+                pageInfo {
+                  endCursor
+                  hasNextPage
+                }
+                nodes {
+                  firstPatchedVersion {
+                    identifier
+                  }
+                  package {
+                    name
+                    ecosystem
+                  }
+                  severity
+                  updatedAt
+                  vulnerableVersionRange
+                  advisory {
+                    identifiers {
+                      value
+                      type
+                    }
+                    databaseId
+                    description
+                    ghsaId
+                    id
+                    origin
+                    permalink
+                    publishedAt
+                    references {
+                      url
+                    }
+                    severity
+                    summary
+                    updatedAt
+                    withdrawnAt
+                  }
+                }
+              }
+            }
+        `.trim(), {
+        ecosystem: ecosystem,
+        package: packageName,
+    });
+    return response.securityVulnerabilities.nodes.map((it) => {
+        var _a;
+        return {
+            severity: it.severity,
+            updatedAt: it.updatedAt,
+            timestamp: Date.parse(it.advisory.publishedAt),
+            summary: it.advisory.summary,
+            description: it.advisory.description,
+            permalink: it.advisory.permalink,
+            identifiers: it.advisory.identifiers,
+            references: it.advisory.references,
+            vulnerableRange: it.vulnerableVersionRange,
+            firstPatchedVersion: (_a = it.firstPatchedVersion) === null || _a === void 0 ? void 0 : _a.identifiers,
+        };
+    });
+}
+exports.getVulnerabilitiesFromGithub = getVulnerabilitiesFromGithub;
+async function getVulnerabilitiesFromSonatype(purls) {
+    const { data } = await axios_1.default.post('https://ossindex.sonatype.org/api/v3/component-report', { coordinates: purls });
+    return data.reduce((a, v) => (Object.assign(Object.assign({}, a), { [v.coordinates]: v.vulnerabilities.map((it) => ({
+            severity: mapSeverity(it.cvssScore),
+            score: it.cvssScore,
+            description: it.description,
+            summary: it.title,
+            identifiers: [{ value: it.cve, type: 'CVE' }],
+            permalink: it.reference,
+            references: [it.reference, ...it.externalReferences],
+        })) })), {});
+}
+exports.getVulnerabilitiesFromSonatype = getVulnerabilitiesFromSonatype;
+function mapSeverity(cvssScore) {
+    if (cvssScore < 1)
+        return 'NONE';
+    if (cvssScore < 4)
+        return 'LOW';
+    if (cvssScore < 7)
+        return 'MEDIUM';
+    if (cvssScore < 9)
+        return 'HIGH';
+    if (cvssScore <= 10)
+        return 'CRITICAL';
+    return 'NONE';
+}
+//# sourceMappingURL=vulnerabilities.js.map

package/dist/utils/vulnerabilities.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"vulnerabilities.js","sourceRoot":"","sources":["../../src/utils/vulnerabilities.ts"],"names":[],"mappings":";;;;;;AAAA,8CAAwC;AACxC,kDAAyB;AAGlB,KAAK,UAAU,4BAA4B,CAAC,SAAiB,EAAE,WAAmB;IACrF,MAAM,WAAW,GAAG,iBAAO,CAAC,QAAQ,CAAC;QACjC,OAAO,EAAE;YACL,aAAa,EAAE,SAAS,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE;SACjD;KACJ,CAAC,CAAA;IAEF,MAAM,QAAQ,GAAQ,MAAM,WAAW,CACnC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;SAyCC,CAAC,IAAI,EAAE,EACR;QACI,SAAS,EAAE,SAAS;QACpB,OAAO,EAAE,WAAW;KACvB,CACJ,CAAA;IACD,OAAO,QAAQ,CAAC,uBAAuB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,EAAO,EAAE,EAAE;;QAC1D,OAAO;YACH,QAAQ,EAAE,EAAE,CAAC,QAAQ;YACrB,SAAS,EAAE,EAAE,CAAC,SAAS;YACvB,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,QAAQ,CAAC,WAAW,CAAC;YAC9C,OAAO,EAAE,EAAE,CAAC,QAAQ,CAAC,OAAO;YAC5B,WAAW,EAAE,EAAE,CAAC,QAAQ,CAAC,WAAW;YACpC,SAAS,EAAE,EAAE,CAAC,QAAQ,CAAC,SAAS;YAChC,WAAW,EAAE,EAAE,CAAC,QAAQ,CAAC,WAAW;YACpC,UAAU,EAAE,EAAE,CAAC,QAAQ,CAAC,UAAU;YAClC,eAAe,EAAE,EAAE,CAAC,sBAAsB;YAC1C,mBAAmB,EAAE,MAAA,EAAE,CAAC,mBAAmB,0CAAE,WAAW;SAC1C,CAAA;IACtB,CAAC,CAAC,CAAA;AAEN,CAAC;AAtED,oEAsEC;AACM,KAAK,UAAU,8BAA8B,CAAC,KAAe;IAChE,MAAM,EAAC,IAAI,EAAC,GAAG,MAAM,eAAK,CAAC,IAAI,CAAC,uDAAuD,EAAE,EAAC,WAAW,EAAE,KAAK,EAAC,CAAC,CAAA;IAE9G,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC,CAAM,EAAE,CAAM,EAAE,EAAE,CAAC,iCAChC,CAAC,KAAE,CAAC,CAAC,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,EAAO,EAAE,EAAE,CAAC,CAAC;YACvD,QAAQ,EAAE,WAAW,CAAC,EAAE,CAAC,SAAS,CAAC;YACnC,KAAK,EAAE,EAAE,CAAC,SAAS;YACnB,WAAW,EAAE,EAAE,CAAC,WAAW;YAC3B,OAAO,EAAE,EAAE,CAAC,KAAK;YACjB,WAAW,EAAE,CAAC,EAAC,KAAK,EAAE,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,KAAK,EAAC,CAAC;YAC3C,SAAS,EAAE,EAAE,CAAC,SAAS;YACvB,UAAU,EAAE,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE,CAAC,kBAAkB,CAAC;SACrC,CAAA,CAAC,IACtB,EAAE,EAAE,CAAC,CAAA;AACX,CAAC;AAdD,wEAcC;AAGD,SAAS,WAAW,CAAC,SAAc;IAC/B,IAAG,SAAS,GAAG,CAAC;QACZ,OAAO,MAAM,CAAA;IACjB,IAAG,SAAS,GAAG,CAAC;QACZ,OAAO,KAAK,CAAA;IAChB,IAAG,SAAS,GAAG,CAAC;QACZ,OAAO,QAAQ,CAAA;IACnB,IAAG,SAAS,GAAG,CAAC;QACZ,OAAO,MAAM,CAAA;IACjB,IAAG,SAAS,IAAG,EAAE;QACb,OAAO,UAAU,CAAA;IAErB,OAAO,MAAM,CAAA;AACjB,CAAC"}

package/package.json

@@ -0,0 +1,109 @@
+{
+  "name": "@dxworks/depinder",
+  "version": "0.1.1",
+  "description": "",
+  "keywords": [
+    "dxworks",
+    "dxw"
+  ],
+  "homepage": "https://github.com/dxworks/depinder#readme",
+  "bugs": {
+    "url": "https://github.com/dxworks/depinder/issues"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/dxworks/depinder.git"
+  },
+  "license": "Apache-2.0",
+  "author": "Mario Rivis <mario.rivis@gmail.com>",
+  "main": "dist/depinder.js",
+  "bin": {
+    "depinder": "dist/index.js"
+  },
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "build": "npm run clean && tsc -p tsconfig.build.json && npm run copy-files",
+    "clean": "rimraf dist/ *.tsbuildinfo",
+    "clean:modules": "rm -rf ./node_modules ./package-lock.json",
+    "copy-files": "copyfiles -a -u 1 src/assets/**/*.* dist",
+    "create": "npm run build && npm run test",
+    "lint": "eslint ./src --ext .ts",
+    "lint:fix": "eslint ./src --ext .ts --fix",
+    "local": "npm run build && npm link && npx dx-depinder --help",
+    "refresh": "rm -rf ./node_modules ./package-lock.json && npm install",
+    "test": "jest --passWithNoTests",
+    "test:dev": "jest --watch"
+  },
+  "dependencies": {
+    "@dxworks/cli-common": "^0.0.20",
+    "@dxworks/ktextensions": "^0.1.0",
+    "@dxworks/nuget-inspector": "^1.2.0",
+    "@octokit/graphql": "^4.8.0",
+    "@snyk/gemfile": "^1.2.0",
+    "chalk": "^4.1.2",
+    "cli-progress": "^3.11.2",
+    "commander": "^11.1.0",
+    "cross-env": "^7.0.3",
+    "csv": "^6.0.4",
+    "dotenv": "^16.0.3",
+    "lodash": "^4.17.21",
+    "minimatch": "^6.1.6",
+    "moment": "^2.29.1",
+    "mongodb": "^5.8.1",
+    "mongoose": "^7.5.2",
+    "node-html-parser": "^6.1.4",
+    "npm": "^9.9.0",
+    "npm-registry-fetch": "^12.0.1",
+    "packageurl-js": "^0.0.5",
+    "pom-parser": "^1.2.0",
+    "puppeteer": "18.0.1",
+    "semver": "^7.3.5",
+    "snyk-gradle-plugin": "^3.25.2",
+    "snyk-nodejs-lockfile-parser": "^1.52.1",
+    "spdx-correct": "^3.1.1",
+    "spdx-license-ids": "^3.0.10",
+    "tmp": "^0.2.1",
+    "toml": "^3.0.0"
+  },
+  "devDependencies": {
+    "@types/cli-progress": "^3.9.2",
+    "@types/dockerode": "^3.3.0",
+    "@types/fs-extra": "^9.0.13",
+    "@types/inquirer": "^8.1.3",
+    "@types/jest": "^27.0.2",
+    "@types/lodash": "^4.14.177",
+    "@types/node": "^16.10.2",
+    "@types/npm-registry-fetch": "^8.0.3",
+    "@types/semver": "^7.3.9",
+    "@types/spdx-correct": "^2.0.0",
+    "@types/string-template": "^1.0.2",
+    "@types/tmp": "^0.2.3",
+    "@types/ws": "^8.5.4",
+    "@typescript-eslint/eslint-plugin": "^4.32.0",
+    "@typescript-eslint/parser": "^4.32.0",
+    "copyfiles": "^2.4.1",
+    "eslint": "^7.32.0",
+    "i": "^0.3.7",
+    "jest": "^27.2.4",
+    "json": "^11.0.0",
+    "performance-now": "^2.1.0",
+    "rimraf": "^3.0.2",
+    "sort-package-json": "^1.52.0",
+    "ts-jest": "^27.0.5",
+    "ts-node": "^10.2.1",
+    "typescript": "^4.4.3"
+  },
+  "publishConfig": {
+    "registry": "https://npm.pkg.github.com"
+  },
+  "dxw": {
+    "commands": [
+      {
+        "file": "dist/depinder.js",
+        "command": "mainCommand"
+      }
+    ]
+  }
+}