@mongodb-js/sbom-tools 0.2.2 → 0.2.3

package/dist/webpack-dependencies-plugin.js

@@ -7,54 +7,59 @@ exports.WebpackDependenciesPlugin = void 0;
 const path_1 = __importDefault(require("path"));
 const fs_1 = require("fs");
 const lodash_1 = __importDefault(require("lodash"));
-const minimatch_1 = require("minimatch");
 const production_deps_1 = require("./production-deps");
 const get_package_info_1 = require("./get-package-info");
 const PLUGIN_NAME = 'WebpackDependenciesPlugin';
 class WebpackDependenciesPlugin {
     constructor(options = {}) {
+        var _a, _b;
         this.options = options;
         this.pluginName = PLUGIN_NAME;
-        this.includePackages = [];
         this.resolvedModules = new Set();
+        this.includePackages = [];
         this.handleTap = (compilation) => {
             for (const module of compilation.modules) {
                 const resource = module.resource;
                 if (resource) {
                     const modulePath = resource;
-                    if (typeof modulePath === 'string' && !this.isExcluded(modulePath)) {
+                    if (typeof modulePath === 'string' &&
+                        this.isThirdPartyModule(modulePath)) {
                         this.resolvedModules.add(modulePath);
                     }
                 }
             }
-            for (const includedPackagePath of this.includePackages) {
+            const includePackages = [
+                ...(this.includeExternalProductionDependencies
+                    ? (0, production_deps_1.findAllProdDepsTreeLocations)(compilation.compiler.context)
+                    : []),
+                ...(this.includePackages || []).map((packageName) => (0, production_deps_1.findPackageLocation)(packageName, compilation.compiler.context)),
+            ];
+            for (const includedPackagePath of includePackages) {
                 const packageJsonPath = path_1.default.join(includedPackagePath, 'package.json');
                 if (packageJsonPath) {
                     this.resolvedModules.add(packageJsonPath);
                 }
             }
         };
-        this.includePackages = [
-            ...(options.includeExternalProductionDependencies
-                ? (0, production_deps_1.findAllProdDepsTreeLocations)()
-                : []),
-            ...(options.includePackages || []).map(production_deps_1.findPackageLocation),
-        ];
-        this.excludedModules = options.excludeModules || [];
-        this.outputPath = options.outputFilename || 'dependencies.json';
+        this.includeExternalProductionDependencies =
+            (_a = options.includeExternalProductionDependencies) !== null && _a !== void 0 ? _a : false;
+        this.includePackages = (_b = options.includePackages) !== null && _b !== void 0 ? _b : [];
+        this.outputPath = options.outputFilename;
     }
-    isExcluded(modulePath) {
-        return this.excludedModules.some((excludedModulePattern) => (0, minimatch_1.minimatch)(modulePath, excludedModulePattern));
+    isThirdPartyModule(modulePath) {
+        return modulePath.split(path_1.default.sep).includes('node_modules');
     }
     apply(compiler) {
         compiler.hooks.shutdown.tapPromise(PLUGIN_NAME, async () => {
+            var _a;
             const dependencyList = await Promise.all(Array.from(this.resolvedModules).map(get_package_info_1.getPackageInfo));
             const uniqueList = lodash_1.default.uniqBy(dependencyList, ({ name, version }) => `${name}@${version}`);
             const sortedList = lodash_1.default.sortBy(uniqueList, ({ name, version }) => `${name}@${version}`);
-            await fs_1.promises.mkdir(path_1.default.dirname(path_1.default.resolve(this.outputPath)), {
+            const outputPath = (_a = this.outputPath) !== null && _a !== void 0 ? _a : path_1.default.join(compiler.context, 'dependencies.json');
+            await fs_1.promises.mkdir(path_1.default.dirname(path_1.default.resolve(outputPath)), {
                 recursive: true,
             });
-            await fs_1.promises.writeFile(this.outputPath, JSON.stringify(sortedList, null, 2));
+            await fs_1.promises.writeFile(outputPath, JSON.stringify(sortedList, null, 2));
         });
         compiler.hooks.emit.tap(PLUGIN_NAME, this.handleTap);
     }

package/dist/webpack-dependencies-plugin.js.map

@@ -1 +1 @@
-{"version":3,"file":"webpack-dependencies-plugin.js","sourceRoot":"","sources":["../src/webpack-dependencies-plugin.ts"],"names":[],"mappings":";;;;;;AAAA,gDAAwB;AACxB,2BAAoC;AAEpC,oDAAuB;AAEvB,yCAAsC;AAEtC,uDAG2B;AAC3B,yDAAoD;AAEpD,MAAM,WAAW,GAAG,2BAA2B,CAAC;AAahD,MAAa,yBAAyB;IAOpC,YAAoB,UAA4C,EAAE;QAA9C,YAAO,GAAP,OAAO,CAAuC;QANjD,eAAU,GAAG,WAAW,CAAC;QAE1C,oBAAe,GAAa,EAAE,CAAC;QAC/B,oBAAe,GAAG,IAAI,GAAG,EAAU,CAAC;QAqB5B,cAAS,GAAG,CAAC,WAAwB,EAAE,EAAE;YAC/C,KAAK,MAAM,MAAM,IAAI,WAAW,CAAC,OAAO,EAAE;gBACxC,MAAM,QAAQ,GAAI,MAAyB,CAAC,QAAQ,CAAC;gBACrD,IAAI,QAAQ,EAAE;oBACZ,MAAM,UAAU,GAAG,QAAQ,CAAC;oBAC5B,IAAI,OAAO,UAAU,KAAK,QAAQ,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE;wBAClE,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;qBACtC;iBACF;aACF;YAED,KAAK,MAAM,mBAAmB,IAAI,IAAI,CAAC,eAAe,EAAE;gBACtD,MAAM,eAAe,GAAG,cAAI,CAAC,IAAI,CAAC,mBAAmB,EAAE,cAAc,CAAC,CAAC;gBAEvE,IAAI,eAAe,EAAE;oBACnB,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;iBAC3C;aACF;QACH,CAAC,CAAC;QAnCA,IAAI,CAAC,eAAe,GAAG;YACrB,GAAG,CAAC,OAAO,CAAC,qCAAqC;gBAC/C,CAAC,CAAC,IAAA,8CAA4B,GAAE;gBAChC,CAAC,CAAC,EAAE,CAAC;YACP,GAAG,CAAC,OAAO,CAAC,eAAe,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,qCAAmB,CAAC;SAC5D,CAAC;QAEF,IAAI,CAAC,eAAe,GAAG,OAAO,CAAC,cAAc,IAAI,EAAE,CAAC;QACpD,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,cAAc,IAAI,mBAAmB,CAAC;IAClE,CAAC;IAEO,UAAU,CAAC,UAAkB;QACnC,OAAO,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,qBAAqB,EAAE,EAAE,CACzD,IAAA,qBAAS,EAAC,UAAU,EAAE,qBAAqB,CAAC,CAC7C,CAAC;IACJ,CAAC;IAsBD,KAAK,CAAC,QAAkB;QACtB,QAAQ,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,WAAW,EAAE,KAAK,IAAI,EAAE;YACzD,MAAM,cAAc,GAAG,MAAM,OAAO,CAAC,GAAG,CACtC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,GAAG,CAAC,iCAAc,CAAC,CACrD,CAAC;YAEF,MAAM,UAAU,GAAG,gBAAC,CAAC,MAAM,CACzB,cAAc,EACd,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC,GAAG,IAAI,IAAI,OAAO,EAAE,CAC5C,CAAC;YAEF,MAAM,UAAU,GAAG,gBAAC,CAAC,MAAM,CACzB,UAAU,EACV,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC,GAAG,IAAI,IAAI,OAAO,EAAE,CAC5C,CAAC;YAEF,MAAM,aAAE,CAAC,KAAK,CAAC,cAAI,CAAC,OAAO,CAAC,cAAI,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,EAAE;gBAC1D,SAAS,EAAE,IAAI;aAChB,CAAC,CAAC;YAEH,MAAM,aAAE,CAAC,SAAS,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QAC3E,CAAC,CAAC,CAAC;QAEH,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;IACvD,CAAC;CACF;AAtED,8DAsEC;AAED,kBAAe,yBAAyB,CAAC"}
+{"version":3,"file":"webpack-dependencies-plugin.js","sourceRoot":"","sources":["../src/webpack-dependencies-plugin.ts"],"names":[],"mappings":";;;;;;AAAA,gDAAwB;AACxB,2BAAoC;AAEpC,oDAAuB;AAEvB,uDAG2B;AAC3B,yDAAoD;AAEpD,MAAM,WAAW,GAAG,2BAA2B,CAAC;AAYhD,MAAa,yBAAyB;IAOpC,YAAoB,UAA4C,EAAE;;QAA9C,YAAO,GAAP,OAAO,CAAuC;QANjD,eAAU,GAAG,WAAW,CAAC;QAE1C,oBAAe,GAAG,IAAI,GAAG,EAAU,CAAC;QAEpC,oBAAe,GAAa,EAAE,CAAC;QAavB,cAAS,GAAG,CAAC,WAAwB,EAAE,EAAE;YAC/C,KAAK,MAAM,MAAM,IAAI,WAAW,CAAC,OAAO,EAAE;gBACxC,MAAM,QAAQ,GAAI,MAAyB,CAAC,QAAQ,CAAC;gBACrD,IAAI,QAAQ,EAAE;oBACZ,MAAM,UAAU,GAAG,QAAQ,CAAC;oBAC5B,IACE,OAAO,UAAU,KAAK,QAAQ;wBAC9B,IAAI,CAAC,kBAAkB,CAAC,UAAU,CAAC,EACnC;wBACA,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;qBACtC;iBACF;aACF;YAED,MAAM,eAAe,GAAG;gBACtB,GAAG,CAAC,IAAI,CAAC,qCAAqC;oBAC5C,CAAC,CAAC,IAAA,8CAA4B,EAAC,WAAW,CAAC,QAAQ,CAAC,OAAO,CAAC;oBAC5D,CAAC,CAAC,EAAE,CAAC;gBACP,GAAG,CAAC,IAAI,CAAC,eAAe,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,WAAW,EAAE,EAAE,CAClD,IAAA,qCAAmB,EAAC,WAAW,EAAE,WAAW,CAAC,QAAQ,CAAC,OAAO,CAAC,CAC/D;aACF,CAAC;YAEF,KAAK,MAAM,mBAAmB,IAAI,eAAe,EAAE;gBACjD,MAAM,eAAe,GAAG,cAAI,CAAC,IAAI,CAAC,mBAAmB,EAAE,cAAc,CAAC,CAAC;gBAEvE,IAAI,eAAe,EAAE;oBACnB,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;iBAC3C;aACF;QACH,CAAC,CAAC;QAxCA,IAAI,CAAC,qCAAqC;YACxC,MAAA,OAAO,CAAC,qCAAqC,mCAAI,KAAK,CAAC;QACzD,IAAI,CAAC,eAAe,GAAG,MAAA,OAAO,CAAC,eAAe,mCAAI,EAAE,CAAC;QACrD,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,cAAc,CAAC;IAC3C,CAAC;IAEO,kBAAkB,CAAC,UAAkB;QAC3C,OAAO,UAAU,CAAC,KAAK,CAAC,cAAI,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;IAC7D,CAAC;IAkCD,KAAK,CAAC,QAAkB;QACtB,QAAQ,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,WAAW,EAAE,KAAK,IAAI,EAAE;;YACzD,MAAM,cAAc,GAAG,MAAM,OAAO,CAAC,GAAG,CACtC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,GAAG,CAAC,iCAAc,CAAC,CACrD,CAAC;YAEF,MAAM,UAAU,GAAG,gBAAC,CAAC,MAAM,CACzB,cAAc,EACd,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC,GAAG,IAAI,IAAI,OAAO,EAAE,CAC5C,CAAC;YAEF,MAAM,UAAU,GAAG,gBAAC,CAAC,MAAM,CACzB,UAAU,EACV,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC,GAAG,IAAI,IAAI,OAAO,EAAE,CAC5C,CAAC;YAEF,MAAM,UAAU,GACd,MAAA,IAAI,CAAC,UAAU,mCAAI,cAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,mBAAmB,CAAC,CAAC;YAEtE,MAAM,aAAE,CAAC,KAAK,CAAC,cAAI,CAAC,OAAO,CAAC,cAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,EAAE;gBACrD,SAAS,EAAE,IAAI;aAChB,CAAC,CAAC;YAEH,MAAM,aAAE,CAAC,SAAS,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QACtE,CAAC,CAAC,CAAC;QAEH,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;IACvD,CAAC;CACF;AA9ED,8DA8EC;AAED,kBAAe,yBAAyB,CAAC"}

package/package.json

@@ -16,7 +16,7 @@
     "email": "compass@mongodb.com"
   },
   "homepage": "https://github.com/mongodb-js/devtools-shared",
-  "version": "0.2.2",
+  "version": "0.2.3",
   "repository": {
     "type": "git",
     "url": "https://github.com/mongodb-js/devtools-shared.git"
@@ -54,7 +54,6 @@
     "@mongodb-js/prettier-config-compass": "^0.5.0",
     "@mongodb-js/tsconfig-compass": "^0.6.0",
     "@types/chai": "^4.2.21",
-    "@types/cross-spawn": "^6.0.2",
     "@types/lodash": "^4.14.194",
     "@types/mocha": "^9.0.0",
     "@types/node": "^17.0.35",
@@ -66,24 +65,23 @@
     "eslint": "^7.25.0",
     "gen-esm-wrapper": "^1.1.0",
     "mocha": "^8.4.0",
+    "nock": "^13.3.1",
     "nyc": "^15.1.0",
     "prettier": "2.3.2",
+    "rimraf": "^5.0.1",
     "sinon": "^9.2.3",
-    "typescript": "^4.3.5"
+    "typescript": "^4.3.5",
+    "webpack": "^5.82.0"
   },
   "dependencies": {
     "@pkgjs/nv": "^0.2.1",
-    "chalk": "^4.1.2",
     "commander": "^10.0.1",
-    "cross-spawn": "^7.0.3",
     "find-up": "^4.1.0",
     "lodash": "^4.17.21",
-    "minimatch": "^9.0.0",
     "node-fetch": "^2.6.7",
     "semver": "^7.5.0",
     "snyk-policy": "^2.0.4",
-    "spdx-satisfies": "^5.0.1",
-    "webpack": "^5.82.0"
+    "spdx-satisfies": "^5.0.1"
   },
-  "gitHead": "a9fd88c959fc72cfc745e9c84d8509b8ecfea731"
+  "gitHead": "e669a44163ed26c5fad950b7a38301ad04b015ae"
 }

package/dist/commands/severity.d.ts

@@ -1,7 +0,0 @@
-export declare type KnownSeverity = 'low' | 'medium' | 'high' | 'critical';
-export declare type Severity = KnownSeverity | 'unknown';
-declare type Score = number | undefined;
-export declare function severityToScore(severity: Severity): Score;
-export declare function scoreToSeverity(score: number | undefined): Severity;
-export {};
-//# sourceMappingURL=severity.d.ts.map

package/dist/commands/severity.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"severity.d.ts","sourceRoot":"","sources":["../../src/commands/severity.ts"],"names":[],"mappings":"AAAA,oBAAY,aAAa,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;AACnE,oBAAY,QAAQ,GAAG,aAAa,GAAG,SAAS,CAAC;AAEjD,aAAK,KAAK,GAAG,MAAM,GAAG,SAAS,CAAC;AAUhC,wBAAgB,eAAe,CAAC,QAAQ,EAAE,QAAQ,GAAG,KAAK,CAEzD;AAED,wBAAgB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,GAAG,QAAQ,CAenE"}

package/dist/commands/severity.js

@@ -1,31 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.scoreToSeverity = exports.severityToScore = void 0;
-const SEVERITY_TO_SCORE = {
-    low: 0,
-    medium: 4,
-    high: 7,
-    critical: 9,
-    unknown: undefined,
-};
-function severityToScore(severity) {
-    return SEVERITY_TO_SCORE[severity];
-}
-exports.severityToScore = severityToScore;
-function scoreToSeverity(score) {
-    if (score === undefined) {
-        return 'unknown';
-    }
-    if (score >= 9) {
-        return 'critical';
-    }
-    if (score >= 7) {
-        return 'high';
-    }
-    if (score >= 4) {
-        return 'medium';
-    }
-    return 'low';
-}
-exports.scoreToSeverity = scoreToSeverity;
-//# sourceMappingURL=severity.js.map

package/dist/commands/severity.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"severity.js","sourceRoot":"","sources":["../../src/commands/severity.ts"],"names":[],"mappings":";;;AAKA,MAAM,iBAAiB,GAA4B;IACjD,GAAG,EAAE,CAAC;IACN,MAAM,EAAE,CAAC;IACT,IAAI,EAAE,CAAC;IACP,QAAQ,EAAE,CAAC;IACX,OAAO,EAAE,SAAS;CACnB,CAAC;AAEF,SAAgB,eAAe,CAAC,QAAkB;IAChD,OAAO,iBAAiB,CAAC,QAAQ,CAAC,CAAC;AACrC,CAAC;AAFD,0CAEC;AAED,SAAgB,eAAe,CAAC,KAAyB;IACvD,IAAI,KAAK,KAAK,SAAS,EAAE;QACvB,OAAO,SAAS,CAAC;KAClB;IAED,IAAI,KAAK,IAAI,CAAC,EAAE;QACd,OAAO,UAAU,CAAC;KACnB;IACD,IAAI,KAAK,IAAI,CAAC,EAAE;QACd,OAAO,MAAM,CAAC;KACf;IACD,IAAI,KAAK,IAAI,CAAC,EAAE;QACd,OAAO,QAAQ,CAAC;KACjB;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAfD,0CAeC"}