@mongodb-js/sbom-tools 0.5.7 → 0.5.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/commands/generate-third-party-notices.js +15 -20
- package/dist/commands/generate-third-party-notices.js.map +1 -1
- package/dist/commands/generate-vulnerability-report.js +4 -8
- package/dist/commands/generate-vulnerability-report.js.map +1 -1
- package/dist/commands/scan-node-js.js +5 -6
- package/dist/commands/scan-node-js.js.map +1 -1
- package/dist/get-package-info.js +1 -2
- package/dist/get-package-info.js.map +1 -1
- package/dist/jira.js +3 -5
- package/dist/jira.js.map +1 -1
- package/dist/vulnerability.d.ts +7 -7
- package/dist/vulnerability.d.ts.map +1 -1
- package/dist/vulnerability.js +8 -11
- package/dist/vulnerability.js.map +1 -1
- package/dist/webpack-dependencies-plugin.d.ts +1 -1
- package/dist/webpack-dependencies-plugin.d.ts.map +1 -1
- package/dist/webpack-dependencies-plugin.js +10 -12
- package/dist/webpack-dependencies-plugin.js.map +1 -1
- package/package.json +6 -6
|
@@ -46,8 +46,7 @@ function normalizeLicenseProperty(license) {
|
|
|
46
46
|
return '';
|
|
47
47
|
}
|
|
48
48
|
function getLicenses(pkg) {
|
|
49
|
-
|
|
50
|
-
return (pkg.license ? [pkg.license] : (_a = pkg.licenses) !== null && _a !== void 0 ? _a : [])
|
|
49
|
+
return (pkg.license ? [pkg.license] : pkg.licenses ?? [])
|
|
51
50
|
.filter(Boolean)
|
|
52
51
|
.map(normalizeLicenseProperty);
|
|
53
52
|
}
|
|
@@ -76,21 +75,19 @@ function validatePackage(pkg, config) {
|
|
|
76
75
|
});
|
|
77
76
|
}
|
|
78
77
|
async function readConfig(configPath) {
|
|
79
|
-
var _a, _b, _c, _d, _e;
|
|
80
78
|
const originalConfig = JSON.parse(await fs_1.promises.readFile(configPath, 'utf-8'));
|
|
81
79
|
return Promise.resolve({
|
|
82
|
-
ignoredOrgs: [...(
|
|
83
|
-
ignoredPackages: [...(
|
|
84
|
-
licenseOverrides: { ...(
|
|
85
|
-
doNotValidatePackages: [...(
|
|
80
|
+
ignoredOrgs: [...(originalConfig.ignoredOrgs ?? [])],
|
|
81
|
+
ignoredPackages: [...(originalConfig.ignoredPackages ?? [])],
|
|
82
|
+
licenseOverrides: { ...(originalConfig.licenseOverrides ?? {}) },
|
|
83
|
+
doNotValidatePackages: [...(originalConfig.doNotValidatePackages ?? [])],
|
|
86
84
|
additionalAllowedLicenses: [
|
|
87
|
-
...(
|
|
85
|
+
...(originalConfig.additionalAllowedLicenses ?? []),
|
|
88
86
|
],
|
|
89
87
|
});
|
|
90
88
|
}
|
|
91
89
|
const packageNameAndVersion = (pkg) => `${pkg.name}@${pkg.version}`;
|
|
92
90
|
function printLicenseInformation(productName, packages) {
|
|
93
|
-
var _a, _b;
|
|
94
91
|
let output = `\
|
|
95
92
|
The following third-party software is used by and included in **${productName}**.
|
|
96
93
|
This document was automatically generated on ${new Date().toDateString()}.
|
|
@@ -118,13 +115,13 @@ ${packages
|
|
|
118
115
|
output += `> ${pkg.description}\n\n`;
|
|
119
116
|
}
|
|
120
117
|
output += `License tags: ${spdx}\n\n`;
|
|
121
|
-
if (
|
|
118
|
+
if (pkg.licenseFiles?.length) {
|
|
122
119
|
output += 'License files:\n';
|
|
123
120
|
for (const file of pkg.licenseFiles) {
|
|
124
121
|
output += `* ${file.filename}:\n\n${indent(file.content, 6)}\n\n`;
|
|
125
122
|
}
|
|
126
123
|
}
|
|
127
|
-
if (
|
|
124
|
+
if (pkg.contributors?.length) {
|
|
128
125
|
output += 'Authors:\n';
|
|
129
126
|
for (const person of pkg.contributors) {
|
|
130
127
|
const name = typeof person !== 'object'
|
|
@@ -160,21 +157,19 @@ function applyConfig(dependencies, config) {
|
|
|
160
157
|
return dependencies
|
|
161
158
|
.filter((pkg) => !(config.ignoredOrgs || []).some((org) => pkg.name.startsWith(org + '/')))
|
|
162
159
|
.filter((pkg) => !(config.ignoredPackages || []).includes(packageNameAndVersion(pkg)))
|
|
163
|
-
.map((pkg) => {
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
|
|
168
|
-
});
|
|
169
|
-
});
|
|
160
|
+
.map((pkg) => ({
|
|
161
|
+
...pkg,
|
|
162
|
+
license: (config.licenseOverrides || {})[packageNameAndVersion(pkg)] ??
|
|
163
|
+
pkg.license,
|
|
164
|
+
}));
|
|
170
165
|
}
|
|
171
166
|
async function generate3rdPartyNotices({ productName, dependencyFiles, configPath, printResult, }) {
|
|
172
|
-
const config = await readConfig(configPath
|
|
167
|
+
const config = await readConfig(configPath ?? 'licenses.json');
|
|
173
168
|
const allPackages = await (0, load_dependency_files_1.loadDependencyFiles)(dependencyFiles);
|
|
174
169
|
const packages = applyConfig(allPackages, config);
|
|
175
170
|
validatePackages(packages, config);
|
|
176
171
|
const markdown = printLicenseInformation(productName, packages);
|
|
177
|
-
(printResult
|
|
172
|
+
(printResult ?? console.info)(markdown);
|
|
178
173
|
}
|
|
179
174
|
exports.generate3rdPartyNotices = generate3rdPartyNotices;
|
|
180
175
|
function commaSeparatedList(value) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"generate-third-party-notices.js","sourceRoot":"","sources":["../../src/commands/generate-third-party-notices.ts"],"names":[],"mappings":";;;;;;AACA,oDAA4B;AAC5B,oEAA2C;AAE3C,2BAAoC;AAGpC,oEAA+D;AAC/D,yCAAoC;AAUpC,MAAM,gBAAgB,GAAG;IACvB,KAAK;IACL,MAAM;IACN,cAAc;IACd,cAAc;IACd,cAAc;IACd,YAAY;IACZ,KAAK;IACL,WAAW;IACX,OAAO;IACP,SAAS;IACT,WAAW;CACZ,CAAC;AAEF,SAAS,cAAc,CAAC,eAAyB,EAAE,YAAuB;IACxE,MAAM,OAAO,GAAG,IAAI,GAAG,CACrB,YAAY,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC,GAAG,IAAI,IAAI,OAAO,EAAE,CAAC,CAC9D,CAAC;IAEF,KAAK,MAAM,WAAW,IAAI,eAAe,EAAE;QACzC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE;YAC7B,MAAM,IAAI,KAAK,CACb,gBAAgB,WAAW,mHAAmH,CAC/I,CAAC;SACH;KACF;AACH,CAAC;AAGD,SAAS,EAAE,CAAC,GAAY;IACtB,OAAO,gBAAM;SACV,UAAU,CAAC,QAAQ,CAAC;SACpB,MAAM,CAAC,qBAAqB,CAAC,GAAG,CAAC,CAAC;SAClC,MAAM,CAAC,KAAK,CAAC,CAAC;AACnB,CAAC;AAED,SAAS,wBAAwB,CAAC,OAAkC;IAClE,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE;QAC/B,OAAO,OAAO,CAAC,IAAI,IAAI,EAAE,CAAC;KAC3B;IAED,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE;QAC/B,OAAO,OAAO,CAAC;KAChB;IAED,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,SAAS,WAAW,CAAC,GAAY
|
|
1
|
+
{"version":3,"file":"generate-third-party-notices.js","sourceRoot":"","sources":["../../src/commands/generate-third-party-notices.ts"],"names":[],"mappings":";;;;;;AACA,oDAA4B;AAC5B,oEAA2C;AAE3C,2BAAoC;AAGpC,oEAA+D;AAC/D,yCAAoC;AAUpC,MAAM,gBAAgB,GAAG;IACvB,KAAK;IACL,MAAM;IACN,cAAc;IACd,cAAc;IACd,cAAc;IACd,YAAY;IACZ,KAAK;IACL,WAAW;IACX,OAAO;IACP,SAAS;IACT,WAAW;CACZ,CAAC;AAEF,SAAS,cAAc,CAAC,eAAyB,EAAE,YAAuB;IACxE,MAAM,OAAO,GAAG,IAAI,GAAG,CACrB,YAAY,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC,GAAG,IAAI,IAAI,OAAO,EAAE,CAAC,CAC9D,CAAC;IAEF,KAAK,MAAM,WAAW,IAAI,eAAe,EAAE;QACzC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE;YAC7B,MAAM,IAAI,KAAK,CACb,gBAAgB,WAAW,mHAAmH,CAC/I,CAAC;SACH;KACF;AACH,CAAC;AAGD,SAAS,EAAE,CAAC,GAAY;IACtB,OAAO,gBAAM;SACV,UAAU,CAAC,QAAQ,CAAC;SACpB,MAAM,CAAC,qBAAqB,CAAC,GAAG,CAAC,CAAC;SAClC,MAAM,CAAC,KAAK,CAAC,CAAC;AACnB,CAAC;AAED,SAAS,wBAAwB,CAAC,OAAkC;IAClE,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE;QAC/B,OAAO,OAAO,CAAC,IAAI,IAAI,EAAE,CAAC;KAC3B;IAED,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE;QAC/B,OAAO,OAAO,CAAC;KAChB;IAED,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,SAAS,WAAW,CAAC,GAAY;IAC/B,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,IAAI,EAAE,CAAC;SACtD,MAAM,CAAC,OAAO,CAAC;SACf,GAAG,CAAC,wBAAwB,CAAC,CAAC;AACnC,CAAC;AAGD,SAAS,WAAW,CAAC,GAAY;IAC/B,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;IAElC,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE;QACpB,OAAO,EAAE,CAAC;KACX;IAED,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE;QACzB,OAAO,QAAQ,CAAC,CAAC,CAAC,CAAC;KACpB;IAED,OAAO,GAAG,GAAG,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,GAAG,CAAC;AAC3D,CAAC;AAED,SAAS,MAAM,CAAC,KAAa,EAAE,KAAa;IAC1C,OAAO,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;AACjD,CAAC;AAED,SAAS,eAAe,CAAC,GAAY,EAAE,MAAc;IACnD,OAAO,CAAC,GAAG,gBAAgB,EAAE,GAAG,MAAM,CAAC,yBAAyB,CAAC,CAAC,IAAI,CACpE,CAAC,cAAc,EAAE,EAAE;QACjB,MAAM,IAAI,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;QAC9B,IAAI;YACF,OAAO,IAAA,wBAAa,EAAC,cAAc,EAAE,IAAI,CAAC,CAAC;SAC5C;QAAC,OAAO,KAAK,EAAE;YACd,OAAO,cAAc,KAAK,IAAI,CAAC;SAChC;IACH,CAAC,CACF,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,UAAU,CAAC,UAAkB;IAC1C,MAAM,cAAc,GAAoB,IAAI,CAAC,KAAK,CAChD,MAAM,aAAE,CAAC,QAAQ,CAAC,UAAU,EAAE,OAAO,CAAC,CACvC,CAAC;IAEF,OAAO,OAAO,CAAC,OAAO,CAAC;QACrB,WAAW,EAAE,CAAC,GAAG,CAAC,cAAc,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC;QACpD,eAAe,EAAE,CAAC,GAAG,CAAC,cAAc,CAAC,eAAe,IAAI,EAAE,CAAC,CAAC;QAC5D,gBAAgB,EAAE,EAAE,GAAG,CAAC,cAAc,CAAC,gBAAgB,IAAI,EAAE,CAAC,EAAE;QAChE,qBAAqB,EAAE,CAAC,GAAG,CAAC,cAAc,CAAC,qBAAqB,IAAI,EAAE,CAAC,CAAC;QACxE,yBAAyB,EAAE;YACzB,GAAG,CAAC,cAAc,CAAC,yBAAyB,IAAI,EAAE,CAAC;SACpD;KACF,CAAC,CAAC;AACL,CAAC;AAED,MAAM,qBAAqB,GAAG,CAAC,GAAY,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;AAI7E,SAAgB,uBAAuB,CACrC,WAAmB,EACnB,QAAmB;IAEnB,IAAI,MAAM,GAAG;kEACmD,WAAW;+CAC9B,IAAI,IAAI,EAAE,CAAC,YAAY,EAAE;;;;;;EAMtE,QAAQ;SACP,GAAG,CACF,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,GAAG,CAAC,IAAI,MAAM,EAAE,CAAC,GAAG,CAAC,OAAO,GAAG,CAAC,OAAO,IAAI,WAAW,CAAC,GAAG,CAAC,EAAE,CAC7E;SACA,IAAI,CAAC,IAAI,CAAC;;;CAGZ,CAAC;IAEA,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE;QAC1B,MAAM,IAAI,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;QAC9B,MAAM,iBAAiB,GAAG,GAAG,CAAC,OAAO;YACnC,CAAC,CAAC,GAAG,CAAC,IAAI;YACV,CAAC,CAAC,IAAI,GAAG,CAAC,IAAI,mCAAmC,GAAG,CAAC,IAAI,GAAG,CAAC;QAC/D,MAAM,IAAI;SACL,EAAE,CAAC,GAAG,CAAC;MACV,iBAAiB,aAAa,GAAG,CAAC,OAAO;CAC9C,CAAC;QACE,IAAI,GAAG,CAAC,WAAW,EAAE;YACnB,MAAM,IAAI,KAAK,GAAG,CAAC,WAAW,MAAM,CAAC;SACtC;QAED,MAAM,IAAI,iBAAiB,IAAI,MAAM,CAAC;QAEtC,IAAI,GAAG,CAAC,YAAY,EAAE,MAAM,EAAE;YAC5B,MAAM,IAAI,kBAAkB,CAAC;YAC7B,KAAK,MAAM,IAAI,IAAI,GAAG,CAAC,YAAY,EAAE;gBACnC,MAAM,IAAI,KAAK,IAAI,CAAC,QAAQ,QAAQ,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC,MAAM,CAAC;aACnE;SACF;QAED,IAAI,GAAG,CAAC,YAAY,EAAE,MAAM,EAAE;YAC5B,MAAM,IAAI,YAAY,CAAC;YACvB,KAAK,MAAM,MAAM,IAAI,GAAG,CAAC,YAAY,EAAE;gBACrC,MAAM,IAAI,GACR,OAAO,MAAM,KAAK,QAAQ;oBACxB,CAAC,CAAC,MAAM;oBACR,CAAC,CAAC,MAAM,CAAC,IAAI;wBACX,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,MAAM,CAAC,KAAK,YAAY,CAAC,CAAC,CAAC,EAAE,CAAC;wBACpD,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,MAAM,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;gBAC7C,MAAM,IAAI,KAAK,IAAI,IAAI,CAAC;aACzB;YACD,MAAM,IAAI,IAAI,CAAC;SAChB;KACF;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AA1DD,0DA0DC;AAED,SAAS,gBAAgB,CAAC,QAAmB,EAAE,MAAc;IAC3D,MAAM,eAAe,GAAG,QAAQ;SAC7B,MAAM,CACL,CAAC,GAAG,EAAE,EAAE,CACN,CAAC,MAAM,CAAC,qBAAqB,CAAC,QAAQ,CAAC,qBAAqB,CAAC,GAAG,CAAC,CAAC,CACrE;SACA,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,eAAe,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC,CAAC;IAElD,IAAI,eAAe,CAAC,MAAM,EAAE;QAC1B,MAAM,IAAI,KAAK,CACb;YACE,4BAA4B,eAAe,CAAC,MAAM,oBAAoB;YACtE,GAAG,eAAe,CAAC,GAAG,CACpB,CAAC,GAAG,EAAE,EAAE,CAAC,KAAK,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,OAAO,KAAK,WAAW,CAAC,GAAG,CAAC,EAAE,CAC7D;SACF,CAAC,IAAI,CAAC,IAAI,CAAC,CACb,CAAC;KACH;AACH,CAAC;AAED,SAAS,WAAW,CAAC,YAAuB,EAAE,MAAc;IAC1D,cAAc,CACZ;QACE,GAAG,MAAM,CAAC,eAAe;QACzB,GAAG,MAAM,CAAC,qBAAqB;QAC/B,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC;KACxC,EACD,YAAY,CACb,CAAC;IAEF,OAAO,YAAY;SAChB,MAAM,CACL,CAAC,GAAG,EAAE,EAAE,CACN,CAAC,CAAC,MAAM,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CACvC,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,GAAG,GAAG,CAAC,CAC/B,CACJ;SACA,MAAM,CACL,CAAC,GAAG,EAAE,EAAE,CACN,CAAC,CAAC,MAAM,CAAC,eAAe,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,qBAAqB,CAAC,GAAG,CAAC,CAAC,CACvE;SACA,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QACb,GAAG,GAAG;QACN,OAAO,EACL,CAAC,MAAM,CAAC,gBAAgB,IAAI,EAAE,CAAC,CAAC,qBAAqB,CAAC,GAAG,CAAC,CAAC;YAC3D,GAAG,CAAC,OAAO;KACd,CAAC,CAAC,CAAC;AACR,CAAC;AAEM,KAAK,UAAU,uBAAuB,CAAC,EAC5C,WAAW,EACX,eAAe,EACf,UAAU,EACV,WAAW,GAMZ;IACC,MAAM,MAAM,GAAW,MAAM,UAAU,CAAC,UAAU,IAAI,eAAe,CAAC,CAAC;IACvE,MAAM,WAAW,GAAG,MAAM,IAAA,2CAAmB,EAAU,eAAe,CAAC,CAAC;IACxE,MAAM,QAAQ,GAAc,WAAW,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;IAE7D,gBAAgB,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAEnC,MAAM,QAAQ,GAAG,uBAAuB,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;IAChE,CAAC,WAAW,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,CAAC;AAC1C,CAAC;AAnBD,0DAmBC;AAED,SAAS,kBAAkB,CAAC,KAAa;IACvC,OAAO,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;AAC1B,CAAC;AAEY,QAAA,OAAO,GAAG,IAAI,mBAAO,CAAC,4BAA4B,CAAC;KAC7D,WAAW,CAAC,8BAA8B,CAAC;KAC3C,MAAM,CAAC,yBAAyB,EAAE,cAAc,CAAC;KACjD,MAAM,CACL,mBAAmB,EACnB,gCAAgC,EAChC,eAAe,CAChB;KACA,MAAM,CACL,wBAAwB,EACxB,0CAA0C,EAC1C,kBAAkB,EAClB,EAAE,CACH;KACA,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE;IACxB,MAAM,uBAAuB,CAAC;QAC5B,WAAW,EAAE,OAAO,CAAC,OAAO;QAC5B,eAAe,EAAE,OAAO,CAAC,YAAY;QACrC,UAAU,EAAE,OAAO,CAAC,MAAM;KAC3B,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
|
@@ -42,8 +42,7 @@ function filterApplicableVulnerabilities(snykTestResults, dependencies, rules) {
|
|
|
42
42
|
return sortedVulnerabilities;
|
|
43
43
|
}
|
|
44
44
|
function fail(failOn, bundleVulnerabilities) {
|
|
45
|
-
|
|
46
|
-
const minScore = (_a = (0, vulnerability_1.severityToScore)(failOn)) !== null && _a !== void 0 ? _a : 0;
|
|
45
|
+
const minScore = (0, vulnerability_1.severityToScore)(failOn) ?? 0;
|
|
47
46
|
for (const vuln of bundleVulnerabilities) {
|
|
48
47
|
if ((vuln.score === undefined || vuln.score >= minScore) &&
|
|
49
48
|
(0, vulnerability_1.hasKnownRemediation)(vuln) &&
|
|
@@ -53,25 +52,23 @@ function fail(failOn, bundleVulnerabilities) {
|
|
|
53
52
|
}
|
|
54
53
|
}
|
|
55
54
|
function formatIgnored(vuln) {
|
|
56
|
-
var _a, _b;
|
|
57
55
|
if (!(0, vulnerability_1.hasKnownRemediation)(vuln)) {
|
|
58
56
|
return 'Reason: Remediation not available yet';
|
|
59
57
|
}
|
|
60
58
|
if ((0, vulnerability_1.hasIgnorePolicy)(vuln)) {
|
|
61
59
|
const expired = (0, vulnerability_1.hasExpiredPolicy)(vuln) ? ' (Expired)' : '';
|
|
62
|
-
return `Reason: ${
|
|
60
|
+
return `Reason: ${vuln.policy?.reason ?? 'unknown'}${expired}`;
|
|
63
61
|
}
|
|
64
62
|
return '-';
|
|
65
63
|
}
|
|
66
64
|
exports.formatIgnored = formatIgnored;
|
|
67
65
|
function generateVulnerabilityTable(vulnerabilities) {
|
|
68
|
-
var _a;
|
|
69
66
|
let output = '';
|
|
70
67
|
output += '| dep@version | id | score | fixed in | ignored |\n';
|
|
71
68
|
output += '| ----------- | -- | ----- | -------- | ------- |\n';
|
|
72
69
|
const sortedVulns = lodash_1.default.orderBy(vulnerabilities, ['score', 'name'], ['desc', 'asc']);
|
|
73
70
|
for (const vuln of sortedVulns) {
|
|
74
|
-
const severity = `${
|
|
71
|
+
const severity = `${vuln.score ?? '?'} (${vuln.severity
|
|
75
72
|
.charAt(0)
|
|
76
73
|
.toUpperCase()}${vuln.severity.slice(1)})`;
|
|
77
74
|
const ignored = formatIgnored(vuln);
|
|
@@ -81,12 +78,11 @@ function generateVulnerabilityTable(vulnerabilities) {
|
|
|
81
78
|
}
|
|
82
79
|
exports.generateVulnerabilityTable = generateVulnerabilityTable;
|
|
83
80
|
async function generateVulnerabilityReport(options) {
|
|
84
|
-
var _a;
|
|
85
81
|
const productionDependencies = await (0, load_dependency_files_1.loadDependencyFiles)(options.dependencyFiles);
|
|
86
82
|
const snykTestResult = await loadReports(options.snykReports);
|
|
87
83
|
const rules = await (0, vulnerability_1.loadSnykPolicyRules)(options.snykPolicyPath);
|
|
88
84
|
const applicableVulnerabilities = filterApplicableVulnerabilities(snykTestResult, productionDependencies, rules);
|
|
89
|
-
(
|
|
85
|
+
(options.printResult ?? console.info)(`## Vulnerabilities Report (${applicableVulnerabilities.length} vulnerabilities)
|
|
90
86
|
${generateVulnerabilityTable(applicableVulnerabilities)}`);
|
|
91
87
|
if (options.createJiraIssues) {
|
|
92
88
|
await (0, jira_1.createVulnerabilityTickets)(applicableVulnerabilities);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"generate-vulnerability-report.js","sourceRoot":"","sources":["../../src/commands/generate-vulnerability-report.ts"],"names":[],"mappings":";;;;;;AACA,2BAAoC;AACpC,oDAAuB;AAEvB,oEAA+D;AAS/D,oDAQ0B;AAE1B,yCAAoC;AACpC,kCAAqD;AAE9C,KAAK,UAAU,WAAW,CAC/B,KAAe;IAIf,OAAO,CACL,MAAM,OAAO,CAAC,GAAG,CACf,KAAK,CAAC,GAAG,CAAC,KAAK,EAAE,QAAQ,EAAE,EAAE,CAC3B,IAAI,CAAC,KAAK,CAAC,MAAM,aAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CACjD,CACF,CACF,CAAC,IAAI,EAAE,CAAC;AACX,CAAC;AAZD,kCAYC;AAOD,SAAS,+BAA+B,CACtC,eAAwC,EACxC,YAA0B,EAC1B,KAAsB;IAEtB,MAAM,qBAAqB,GAAG,IAAI,GAAG,EAA6B,CAAC;IAEnE,eAAe,CAAC,OAAO,CAAC,CAAC,aAAa,EAAE,EAAE;QACxC,aAAa,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC,iBAAiB,EAAE,EAAE;YAC1D,IAAI,iBAAiB,CAAC,IAAI,KAAK,SAAS,EAAE;gBACxC,OAAO;aACR;YAED,MAAM,gBAAgB,GAAsB,IAAA,qCAAqB,EAC/D,iBAAiB,EACjB,KAAK,CACN,CAAC;YAEF,KAAK,MAAM,GAAG,IAAI,YAAY,EAAE;gBAC9B,IACE,gBAAgB,CAAC,WAAW,KAAK,GAAG,CAAC,IAAI;oBACzC,gBAAgB,CAAC,cAAc,KAAK,GAAG,CAAC,OAAO,EAC/C;oBACA,SAAS;iBACV;gBAED,MAAM,GAAG,GAAG,GAAG,gBAAgB,CAAC,WAAW,IAAI,gBAAgB,CAAC,cAAc,IAAI,gBAAgB,CAAC,EAAE,EAAE,CAAC;gBAExG,MAAM,eAAe,GAAG,qBAAqB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;gBACvD,IAAI,eAAe,EAAE;oBAEnB,eAAe,CAAC,OAAO,GAAG,KAAK,CAAC,IAAI,CAClC,IAAI,GAAG,CAAC,CAAC,GAAG,eAAe,CAAC,OAAO,EAAE,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC,CACnE,CAAC;iBACH;qBAAM;oBACL,qBAAqB,CAAC,GAAG,CAAC,GAAG,EAAE,gBAAgB,CAAC,CAAC;iBAClD;aACF;QACH,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,MAAM,qBAAqB,GAAG,KAAK,CAAC,IAAI,CAAC,qBAAqB,CAAC,MAAM,EAAE,CAAC,CAAC,IAAI,CAC3E,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CACP,GAAG,CAAC,CAAC,WAAW,IAAI,CAAC,CAAC,cAAc,EAAE,CAAC,aAAa,CAClD,GAAG,CAAC,CAAC,WAAW,IAAI,CAAC,CAAC,cAAc,EAAE,CACvC,CACJ,CAAC;IAEF,OAAO,qBAAqB,CAAC;AAC/B,CAAC;AAED,SAAS,IAAI,CACX,MAAqB,EACrB,qBAA0C
|
|
1
|
+
{"version":3,"file":"generate-vulnerability-report.js","sourceRoot":"","sources":["../../src/commands/generate-vulnerability-report.ts"],"names":[],"mappings":";;;;;;AACA,2BAAoC;AACpC,oDAAuB;AAEvB,oEAA+D;AAS/D,oDAQ0B;AAE1B,yCAAoC;AACpC,kCAAqD;AAE9C,KAAK,UAAU,WAAW,CAC/B,KAAe;IAIf,OAAO,CACL,MAAM,OAAO,CAAC,GAAG,CACf,KAAK,CAAC,GAAG,CAAC,KAAK,EAAE,QAAQ,EAAE,EAAE,CAC3B,IAAI,CAAC,KAAK,CAAC,MAAM,aAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CACjD,CACF,CACF,CAAC,IAAI,EAAE,CAAC;AACX,CAAC;AAZD,kCAYC;AAOD,SAAS,+BAA+B,CACtC,eAAwC,EACxC,YAA0B,EAC1B,KAAsB;IAEtB,MAAM,qBAAqB,GAAG,IAAI,GAAG,EAA6B,CAAC;IAEnE,eAAe,CAAC,OAAO,CAAC,CAAC,aAAa,EAAE,EAAE;QACxC,aAAa,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC,iBAAiB,EAAE,EAAE;YAC1D,IAAI,iBAAiB,CAAC,IAAI,KAAK,SAAS,EAAE;gBACxC,OAAO;aACR;YAED,MAAM,gBAAgB,GAAsB,IAAA,qCAAqB,EAC/D,iBAAiB,EACjB,KAAK,CACN,CAAC;YAEF,KAAK,MAAM,GAAG,IAAI,YAAY,EAAE;gBAC9B,IACE,gBAAgB,CAAC,WAAW,KAAK,GAAG,CAAC,IAAI;oBACzC,gBAAgB,CAAC,cAAc,KAAK,GAAG,CAAC,OAAO,EAC/C;oBACA,SAAS;iBACV;gBAED,MAAM,GAAG,GAAG,GAAG,gBAAgB,CAAC,WAAW,IAAI,gBAAgB,CAAC,cAAc,IAAI,gBAAgB,CAAC,EAAE,EAAE,CAAC;gBAExG,MAAM,eAAe,GAAG,qBAAqB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;gBACvD,IAAI,eAAe,EAAE;oBAEnB,eAAe,CAAC,OAAO,GAAG,KAAK,CAAC,IAAI,CAClC,IAAI,GAAG,CAAC,CAAC,GAAG,eAAe,CAAC,OAAO,EAAE,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC,CACnE,CAAC;iBACH;qBAAM;oBACL,qBAAqB,CAAC,GAAG,CAAC,GAAG,EAAE,gBAAgB,CAAC,CAAC;iBAClD;aACF;QACH,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,MAAM,qBAAqB,GAAG,KAAK,CAAC,IAAI,CAAC,qBAAqB,CAAC,MAAM,EAAE,CAAC,CAAC,IAAI,CAC3E,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CACP,GAAG,CAAC,CAAC,WAAW,IAAI,CAAC,CAAC,cAAc,EAAE,CAAC,aAAa,CAClD,GAAG,CAAC,CAAC,WAAW,IAAI,CAAC,CAAC,cAAc,EAAE,CACvC,CACJ,CAAC;IAEF,OAAO,qBAAqB,CAAC;AAC/B,CAAC;AAED,SAAS,IAAI,CACX,MAAqB,EACrB,qBAA0C;IAE1C,MAAM,QAAQ,GAAG,IAAA,+BAAe,EAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IAE9C,KAAK,MAAM,IAAI,IAAI,qBAAqB,EAAE;QACxC,IACE,CAAC,IAAI,CAAC,KAAK,KAAK,SAAS,IAAI,IAAI,CAAC,KAAK,IAAI,QAAQ,CAAC;YACpD,IAAA,mCAAmB,EAAC,IAAI,CAAC;YACzB,CAAC,IAAA,yBAAS,EAAC,IAAI,CAAC,EAChB;YACA,MAAM,IAAI,KAAK,CACb,2DAA2D,MAAM,GAAG,CACrE,CAAC;SACH;KACF;AACH,CAAC;AAED,SAAgB,aAAa,CAAC,IAAuB;IACnD,IAAI,CAAC,IAAA,mCAAmB,EAAC,IAAI,CAAC,EAAE;QAC9B,OAAO,uCAAuC,CAAC;KAChD;IAED,IAAI,IAAA,+BAAe,EAAC,IAAI,CAAC,EAAE;QACzB,MAAM,OAAO,GAAG,IAAA,gCAAgB,EAAC,IAAI,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,CAAC;QAC3D,OAAO,WAAW,IAAI,CAAC,MAAM,EAAE,MAAM,IAAI,SAAS,GAAG,OAAO,EAAE,CAAC;KAChE;IAED,OAAO,GAAG,CAAC;AACb,CAAC;AAXD,sCAWC;AAED,SAAgB,0BAA0B,CACxC,eAAoC;IAEpC,IAAI,MAAM,GAAG,EAAE,CAAC;IAEhB,MAAM,IAAI,qDAAqD,CAAC;IAChE,MAAM,IAAI,qDAAqD,CAAC;IAEhE,MAAM,WAAW,GAAG,gBAAC,CAAC,OAAO,CAC3B,eAAe,EACf,CAAC,OAAO,EAAE,MAAM,CAAC,EACjB,CAAC,MAAM,EAAE,KAAK,CAAC,CAChB,CAAC;IAEF,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE;QAC9B,MAAM,QAAQ,GAAG,GAAG,IAAI,CAAC,KAAK,IAAI,GAAG,KAAK,IAAI,CAAC,QAAQ;aACpD,MAAM,CAAC,CAAC,CAAC;aACT,WAAW,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC;QAC7C,MAAM,OAAO,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC;QAEpC,MAAM,IAAI,KAAK,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,cAAc,MACpD,IAAI,CAAC,EACP,MAAM,QAAQ,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,MAAM,OAAO,MAAM,CAAC;KACzE;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AA1BD,gEA0BC;AAEM,KAAK,UAAU,2BAA2B,CAAC,OAOjD;IACC,MAAM,sBAAsB,GAAG,MAAM,IAAA,2CAAmB,EACtD,OAAO,CAAC,eAAe,CACxB,CAAC;IAEF,MAAM,cAAc,GAAG,MAAM,WAAW,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;IAC9D,MAAM,KAAK,GAAG,MAAM,IAAA,mCAAmB,EAAC,OAAO,CAAC,cAAc,CAAC,CAAC;IAEhE,MAAM,yBAAyB,GAAG,+BAA+B,CAC/D,cAAc,EACd,sBAAsB,EACtB,KAAK,CACN,CAAC;IAEF,CAAC,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,IAAI,CAAC,CACnC,8BACE,yBAAyB,CAAC,MAC5B;EACF,0BAA0B,CAAC,yBAAyB,CAAC,EAAE,CACtD,CAAC;IAEF,IAAI,OAAO,CAAC,gBAAgB,EAAE;QAC5B,MAAM,IAAA,iCAA0B,EAAC,yBAAyB,CAAC,CAAC;KAC7D;IAED,IAAI,OAAO,CAAC,MAAM,EAAE;QAClB,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,yBAAyB,CAAC,CAAC;KACjD;AACH,CAAC;AAnCD,kEAmCC;AAED,SAAS,kBAAkB,CAAC,KAAa;IACvC,OAAO,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;AAC1B,CAAC;AAEY,QAAA,OAAO,GAAG,IAAI,mBAAO,CAAC,+BAA+B,CAAC;KAChE,WAAW,CACV,gFAAgF,CACjF;KACA,MAAM,CACL,wBAAwB,EACxB,0CAA0C,EAC1C,kBAAkB,EAClB,EAAE,CACH;KACA,MAAM,CACL,wBAAwB,EACxB,2CAA2C,EAC3C,kBAAkB,EAClB,EAAE,CACH;KACA,MAAM,CAAC,mBAAmB,EAAE,sCAAsC,CAAC;KACnE,MAAM,CAAC,2BAA2B,EAAE,kBAAkB,CAAC;KACvD,MAAM,CACL,sBAAsB,EACtB,kDAAkD,CACnD;KACA,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE;IACxB,MAAM,2BAA2B,CAAC;QAChC,eAAe,EAAE,OAAO,CAAC,YAAY;QACrC,WAAW,EAAE,OAAO,CAAC,WAAW;QAChC,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,cAAc,EAAE,OAAO,CAAC,cAAc;QACtC,gBAAgB,EAAE,OAAO,CAAC,gBAAgB;KAC3C,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
|
@@ -35,13 +35,12 @@ async function fetchScore(vulnId, nodeVulnerability) {
|
|
|
35
35
|
return [];
|
|
36
36
|
});
|
|
37
37
|
const getBestCvssMetricScore = (cvssMetrics) => {
|
|
38
|
-
|
|
39
|
-
|
|
38
|
+
return (cvssMetrics.find((m) => m.type === 'Primary')?.cvssData?.baseScore ??
|
|
39
|
+
cvssMetrics.find((m) => m.type === 'Secondary')?.cvssData?.baseScore);
|
|
40
40
|
};
|
|
41
|
-
const allCvss = cves.map((cve) =>
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
});
|
|
41
|
+
const allCvss = cves.map((cve) => getBestCvssMetricScore(cve?.vulnerabilities[0]?.cve?.metrics?.cvssMetricV31 ?? []) ??
|
|
42
|
+
getBestCvssMetricScore(cve?.vulnerabilities[0]?.cve?.metrics?.cvssMetricV30 ?? []) ??
|
|
43
|
+
getBestCvssMetricScore(cve?.vulnerabilities[0]?.cve?.metrics?.cvssMetricV2 ?? []));
|
|
45
44
|
const knownCvss = [];
|
|
46
45
|
for (const cvss of allCvss) {
|
|
47
46
|
if (typeof cvss === 'number') {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"scan-node-js.js","sourceRoot":"","sources":["../../src/commands/scan-node-js.ts"],"names":[],"mappings":";;;;;;AACA,4DAA+B;AAC/B,oDAA4B;AAC5B,mDAA2B;AAK3B,oDAAmD;AACnD,oDAAuD;AACvD,yCAAoC;AAYpC,KAAK,UAAU,mBAAmB,CAChC,EAAU,EACV,iBAAoC,EACpC,WAAmB;IAEnB,MAAM,KAAK,GAAG,MAAM,UAAU,CAAC,YAAY,EAAE,EAAE,EAAE,iBAAiB,CAAC,CAAC;IAEpE,OAAO,IAAA,mCAAmB,EAAC;QACzB,EAAE,EAAE,YAAY,EAAE,EAAE;QACpB,KAAK,EAAE,YAAY,EAAE,EAAE;QACvB,IAAI,EAAE,iBAAiB,CAAC,GAAG;QAC3B,OAAO,EAAE,CAAC,iBAAiB,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC;QACxD,WAAW,EAAE,UAAU;QACvB,KAAK;QACL,QAAQ,EAAE,IAAA,+BAAe,EAAC,KAAK,CAAC;QAChC,IAAI,EAAE,CAAC,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,EAAE,iBAAiB,CAAC,GAAG,EAAE,CAAC;QACpD,OAAO,EAAE,CAAC,YAAY,WAAW,EAAE,CAAC;QACpC,cAAc,EAAE,WAAW;QAC3B,WAAW,EAAE,iBAAiB,CAAC,QAAQ;QACvC,gBAAgB,EAAE,iBAAiB,CAAC,UAAU;KAC/C,CAAC,CAAC;AACL,CAAC;AAED,KAAK,UAAU,UAAU,CACvB,MAAc,EACd,iBAAoC;IAEpC,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,GAAG,CAC5B,iBAAiB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAChC,IAAA,oBAAK,EACH,0DAA0D,GAAG,EAAE,CAChE,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CACb,GAAG,CAAC,EAAE;QACJ,CAAC,CAAC,GAAG,CAAC,IAAI,EAAE;QACZ,CAAC,CAAC,OAAO,CAAC,MAAM,CACZ,IAAI,KAAK,CAAC,SAAS,GAAG,oBAAoB,GAAG,CAAC,MAAM,EAAE,CAAC,CACxD,CACN,CACF,CACF,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE;QACZ,OAAO,CAAC,KAAK,CACX,4BAA4B,MAAM,KAAM,CAAW,CAAC,OAAO,EAAE,CAC9D,CAAC;QAEF,OAAO,EAAE,CAAC;IACZ,CAAC,CAAC,CAAC;IAEH,MAAM,sBAAsB,GAAG,CAC7B,WAGG,EACH,EAAE
|
|
1
|
+
{"version":3,"file":"scan-node-js.js","sourceRoot":"","sources":["../../src/commands/scan-node-js.ts"],"names":[],"mappings":";;;;;;AACA,4DAA+B;AAC/B,oDAA4B;AAC5B,mDAA2B;AAK3B,oDAAmD;AACnD,oDAAuD;AACvD,yCAAoC;AAYpC,KAAK,UAAU,mBAAmB,CAChC,EAAU,EACV,iBAAoC,EACpC,WAAmB;IAEnB,MAAM,KAAK,GAAG,MAAM,UAAU,CAAC,YAAY,EAAE,EAAE,EAAE,iBAAiB,CAAC,CAAC;IAEpE,OAAO,IAAA,mCAAmB,EAAC;QACzB,EAAE,EAAE,YAAY,EAAE,EAAE;QACpB,KAAK,EAAE,YAAY,EAAE,EAAE;QACvB,IAAI,EAAE,iBAAiB,CAAC,GAAG;QAC3B,OAAO,EAAE,CAAC,iBAAiB,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC;QACxD,WAAW,EAAE,UAAU;QACvB,KAAK;QACL,QAAQ,EAAE,IAAA,+BAAe,EAAC,KAAK,CAAC;QAChC,IAAI,EAAE,CAAC,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,EAAE,iBAAiB,CAAC,GAAG,EAAE,CAAC;QACpD,OAAO,EAAE,CAAC,YAAY,WAAW,EAAE,CAAC;QACpC,cAAc,EAAE,WAAW;QAC3B,WAAW,EAAE,iBAAiB,CAAC,QAAQ;QACvC,gBAAgB,EAAE,iBAAiB,CAAC,UAAU;KAC/C,CAAC,CAAC;AACL,CAAC;AAED,KAAK,UAAU,UAAU,CACvB,MAAc,EACd,iBAAoC;IAEpC,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,GAAG,CAC5B,iBAAiB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAChC,IAAA,oBAAK,EACH,0DAA0D,GAAG,EAAE,CAChE,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CACb,GAAG,CAAC,EAAE;QACJ,CAAC,CAAC,GAAG,CAAC,IAAI,EAAE;QACZ,CAAC,CAAC,OAAO,CAAC,MAAM,CACZ,IAAI,KAAK,CAAC,SAAS,GAAG,oBAAoB,GAAG,CAAC,MAAM,EAAE,CAAC,CACxD,CACN,CACF,CACF,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE;QACZ,OAAO,CAAC,KAAK,CACX,4BAA4B,MAAM,KAAM,CAAW,CAAC,OAAO,EAAE,CAC9D,CAAC;QAEF,OAAO,EAAE,CAAC;IACZ,CAAC,CAAC,CAAC;IAEH,MAAM,sBAAsB,GAAG,CAC7B,WAGG,EACH,EAAE;QACF,OAAO,CACL,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,SAAS,CAAC,EAAE,QAAQ,EAAE,SAAS;YAClE,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,WAAW,CAAC,EAAE,QAAQ,EAAE,SAAS,CACrE,CAAC;IACJ,CAAC,CAAC;IAEF,MAAM,OAAO,GAA2B,IAAI,CAAC,GAAG,CAC9C,CAAC,GAAG,EAAE,EAAE,CACN,sBAAsB,CACpB,GAAG,EAAE,eAAe,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,aAAa,IAAI,EAAE,CAC3D;QACD,sBAAsB,CACpB,GAAG,EAAE,eAAe,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,aAAa,IAAI,EAAE,CAC3D;QACD,sBAAsB,CACpB,GAAG,EAAE,eAAe,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,YAAY,IAAI,EAAE,CAC1D,CACJ,CAAC;IAEF,MAAM,SAAS,GAAa,EAAE,CAAC;IAE/B,KAAK,MAAM,IAAI,IAAI,OAAO,EAAE;QAC1B,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE;YAC5B,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;SACtB;KACF;IAKD,OAAO,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;AAC/D,CAAC;AAED,KAAK,UAAU,cAAc;IAC3B,MAAM,GAAG,GACP,gFAAgF,CAAC;IAEnF,MAAM,QAAQ,GAAG,MAAM,IAAA,oBAAK,EAAC,GAAG,CAAC,CAAC;IAElC,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE;QAChB,MAAM,IAAI,KAAK,CAAC,oBAAoB,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;KACxD;IAED,OAAO,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;AAC/B,CAAC;AAED,KAAK,UAAU,WAAW,CAAC,OAAe;IACxC,MAAM,SAAS,GAAG,CAAC,MAAM,IAAA,YAAE,EAAC,WAAW,CAAC,CAAC;SACtC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,KAAK,IAAI,CAAC;SAC1B,IAAI,CAAC,MAAM,CAAC,CAAC;IAEhB,OAAO,gBAAM,CAAC,SAAS,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;AAC9C,CAAC;AAEM,KAAK,UAAU,UAAU,CAAC,EAC/B,OAAO,GAGR;IAGC,IAAI,CAAC,CAAC,MAAM,WAAW,CAAC,OAAO,CAAC,CAAC,EAAE;QACjC,MAAM,IAAI,KAAK,CAAC,mBAAmB,OAAO,4BAA4B,CAAC,CAAC;KACzE;IAED,MAAM,mBAAmB,GAAG,MAAM,cAAc,EAAE,CAAC;IAEnD,MAAM,UAAU,GAAG,EAAE,CAAC;IAEtB,KAAK,MAAM,CAAC,EAAE,EAAE,aAAa,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,mBAAmB,CAAC,EAAE;QACrE,IACE,gBAAM,CAAC,SAAS,CAAC,OAAO,EAAE,aAAa,CAAC,UAAU,CAAC;YACnD,aAAa,CAAC,OAAO;YACrB,CAAC,gBAAM,CAAC,SAAS,CAAC,OAAO,EAAE,aAAa,CAAC,OAAO,CAAC,EACjD;YACA,UAAU,CAAC,IAAI,CAAC,MAAM,mBAAmB,CAAC,EAAE,EAAE,aAAa,EAAE,OAAO,CAAC,CAAC,CAAC;SACxE;KACF;IAED,OAAO,EAAE,eAAe,EAAE,UAAU,EAAE,CAAC;AACzC,CAAC;AA1BD,gCA0BC;AAEY,QAAA,OAAO,GAAG,IAAI,mBAAO,CAAC,cAAc,CAAC;KAC/C,WAAW,CAAC,gDAAgD,CAAC;KAC7D,MAAM,CAAC,qBAAqB,EAAE,6CAA6C,CAAC;KAC5E,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE;IACxB,OAAO,CAAC,IAAI,CACV,IAAI,CAAC,SAAS,CACZ,MAAM,UAAU,CAAC;QACf,OAAO,EAAE,OAAO,CAAC,OAAO;KACzB,CAAC,EACF,IAAI,EACJ,CAAC,CACF,CACF,CAAC;AACJ,CAAC,CAAC,CAAC"}
|
package/dist/get-package-info.js
CHANGED
|
@@ -10,8 +10,7 @@ const find_up_1 = __importDefault(require("find-up"));
|
|
|
10
10
|
const licenseRegexp = /^(license|copyright|copying)/i;
|
|
11
11
|
const fileCache = {};
|
|
12
12
|
function readFileWithCache(filePath) {
|
|
13
|
-
|
|
14
|
-
(_a = fileCache[filePath]) !== null && _a !== void 0 ? _a : (fileCache[filePath] = fs_1.promises.readFile(filePath, 'utf-8'));
|
|
13
|
+
fileCache[filePath] ??= fs_1.promises.readFile(filePath, 'utf-8');
|
|
15
14
|
return fileCache[filePath];
|
|
16
15
|
}
|
|
17
16
|
const findPackageJson = async (modulePath) => {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"get-package-info.js","sourceRoot":"","sources":["../src/get-package-info.ts"],"names":[],"mappings":";;;;;;AAAA,2BAAoC;AACpC,gDAAwB;AACxB,sDAA6B;AAsB7B,MAAM,aAAa,GAAG,+BAA+B,CAAC;AAItD,MAAM,SAAS,GAAoC,EAAE,CAAC;AACtD,SAAS,iBAAiB,CAAC,QAAgB
|
|
1
|
+
{"version":3,"file":"get-package-info.js","sourceRoot":"","sources":["../src/get-package-info.ts"],"names":[],"mappings":";;;;;;AAAA,2BAAoC;AACpC,gDAAwB;AACxB,sDAA6B;AAsB7B,MAAM,aAAa,GAAG,+BAA+B,CAAC;AAItD,MAAM,SAAS,GAAoC,EAAE,CAAC;AACtD,SAAS,iBAAiB,CAAC,QAAgB;IACzC,SAAS,CAAC,QAAQ,CAAC,KAAK,aAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IACvD,OAAO,SAAS,CAAC,QAAQ,CAAC,CAAC;AAC7B,CAAC;AAED,MAAM,eAAe,GAAG,KAAK,EAC3B,UAAkB,EAC2C,EAAE;IAC/D,MAAM,aAAa,GAAG,MAAM,IAAA,iBAAM,EAAC,cAAc,EAAE;QACjD,GAAG,EAAE,cAAI,CAAC,OAAO,CAAC,UAAU,CAAC;KAC9B,CAAC,CAAC;IAEH,IAAI,CAAC,aAAa,EAAE;QAClB,OAAO;KACR;IAED,IAAI;QACF,MAAM,WAAW,GAAgB,IAAI,CAAC,KAAK,CACzC,MAAM,iBAAiB,CAAC,aAAa,CAAC,CACvC,CAAC;QAEF,IACE,OAAO,WAAW,CAAC,IAAI,KAAK,QAAQ;YACpC,OAAO,WAAW,CAAC,OAAO,KAAK,QAAQ,EACvC;YACA,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC;SACtD;KACF;IAAC,OAAO,CAAC,EAAE;KAEX;IAKD,OAAO,MAAM,eAAe,CAAC,cAAI,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC;AAC5D,CAAC,CAAC;AAGK,KAAK,UAAU,cAAc,CAAC,UAAkB;IACrD,MAAM,eAAe,GAAG,MAAM,eAAe,CAAC,UAAU,CAAC,CAAC;IAE1D,IAAI,CAAC,eAAe,EAAE;QACpB,MAAM,IAAI,KAAK,CAAC,8BAA8B,UAAU,EAAE,CAAC,CAAC;KAC7D;IAED,MAAM,EAAE,IAAI,EAAE,eAAe,EAAE,OAAO,EAAE,WAAW,EAAE,GAAG,eAAe,CAAC;IAExE,MAAM,WAAW,GAAG,cAAI,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;IAGlD,WAAW,CAAC,YAAY,GAAG;QACzB,GAAG,IAAI,GAAG,CAAC,CAAC,WAAW,CAAC,MAAM,EAAE,WAAW,CAAC,YAAY,CAAC,CAAC,IAAI,EAAE,CAAC;KAClE,CAAC,MAAM,CAAC,OAAO,CAAQ,CAAC;IAEzB,MAAM,YAAY,GAAG,MAAM,OAAO,CAAC,GAAG,CACpC,CACE,MAAM,aAAE,CAAC,OAAO,CAAC,WAAW,CAAC,CAC9B;SACE,MAAM,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;SAClD,IAAI,EAAE;SACN,GAAG,CAAC,KAAK,EAAE,QAAQ,EAAE,EAAE,CAAC,CAAC;QACxB,QAAQ;QACR,OAAO,EAAE,MAAM,iBAAiB,CAAC,cAAI,CAAC,IAAI,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;KACnE,CAAC,CAAC,CACN,CAAC;IAEF,OAAO;QACL,IAAI,EAAE,WAAW,CAAC,IAAI;QACtB,OAAO,EAAE,WAAW,CAAC,OAAO;QAC5B,OAAO,EAAE,WAAW,CAAC,OAAO;QAC5B,QAAQ,EAAE,WAAW,CAAC,QAAQ;QAC9B,IAAI,EAAE,WAAW;QACjB,YAAY;KACb,CAAC;AACJ,CAAC;AApCD,wCAoCC"}
|
package/dist/jira.js
CHANGED
|
@@ -14,7 +14,6 @@ const formatDueDate = (date) => {
|
|
|
14
14
|
return `${yy}-${MM}-${dd}`;
|
|
15
15
|
};
|
|
16
16
|
async function createJiraTicket(jiraBaseUrl, auth, issue) {
|
|
17
|
-
var _a;
|
|
18
17
|
jiraBaseUrl = jiraBaseUrl.replace(/\/$/, '');
|
|
19
18
|
const issueApiUrl = `${jiraBaseUrl}/rest/api/2/issue/`;
|
|
20
19
|
const headers = {
|
|
@@ -67,7 +66,7 @@ async function createJiraTicket(jiraBaseUrl, auth, issue) {
|
|
|
67
66
|
if (!response.ok) {
|
|
68
67
|
throw new Error(`HTTP error: ${response.status}. ${await response.text()}`);
|
|
69
68
|
}
|
|
70
|
-
const key = (
|
|
69
|
+
const key = (await response.json())?.key;
|
|
71
70
|
console.info('Created issue:', `${jiraBaseUrl}/browse/${key}`);
|
|
72
71
|
}
|
|
73
72
|
const JIRA_ISSUE_TYPE = 'Build Failure';
|
|
@@ -111,14 +110,13 @@ const formatOrigins = (origins) => {
|
|
|
111
110
|
return text;
|
|
112
111
|
};
|
|
113
112
|
const buildJiraDescription = (vulnerability) => {
|
|
114
|
-
var _a, _b;
|
|
115
113
|
return (`h4. Vulnerability Details
|
|
116
114
|
|
|
117
115
|
- *Affected Package*: ${vulnerability.packageName}
|
|
118
116
|
- *Affected Version*: ${vulnerability.packageVersion}
|
|
119
|
-
- *Fixed In*: ${
|
|
117
|
+
- *Fixed In*: ${vulnerability.fixedIn?.length ? vulnerability.fixedIn.join(', ') : 'N/A'}
|
|
120
118
|
- *Severity*: ${vulnerability.severity}
|
|
121
|
-
- *Cvss score*: ${
|
|
119
|
+
- *Cvss score*: ${vulnerability.score ?? '-'}
|
|
122
120
|
|
|
123
121
|
h4. Vulnerability Description
|
|
124
122
|
|
package/dist/jira.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"jira.js","sourceRoot":"","sources":["../src/jira.ts"],"names":[],"mappings":";;;;;;AACA,4DAA+B;AAE/B,mDAAmD;AACnD,mDAA4C;AAE5C,MAAM,aAAa,GAAG,CAAC,IAAU,EAAU,EAAE;IAC3C,MAAM,EAAE,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;IAC9B,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACxD,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IAEnD,OAAO,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,CAAC;AAC7B,CAAC,CAAC;AAEF,KAAK,UAAU,gBAAgB,CAC7B,WAAmB,EACnB,IAEC,EACD,KASC
|
|
1
|
+
{"version":3,"file":"jira.js","sourceRoot":"","sources":["../src/jira.ts"],"names":[],"mappings":";;;;;;AACA,4DAA+B;AAE/B,mDAAmD;AACnD,mDAA4C;AAE5C,MAAM,aAAa,GAAG,CAAC,IAAU,EAAU,EAAE;IAC3C,MAAM,EAAE,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;IAC9B,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACxD,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IAEnD,OAAO,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,CAAC;AAC7B,CAAC,CAAC;AAEF,KAAK,UAAU,gBAAgB,CAC7B,WAAmB,EACnB,IAEC,EACD,KASC;IAED,WAAW,GAAG,WAAW,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IAC7C,MAAM,WAAW,GAAG,GAAG,WAAW,oBAAoB,CAAC;IAEvD,MAAM,OAAO,GAAG;QACd,aAAa,EAAE,UAAU,IAAI,CAAC,KAAK,EAAE;QACrC,MAAM,EAAE,kBAAkB;KAC3B,CAAC;IAEF,MAAM,QAAQ,GAAG,IAAI,eAAe,CAAC;QACnC,GAAG,EAAE,YAAY,KAAK,CAAC,OAAO,oBAAoB,KAAK,CAAC,SAAS,4CAA4C,KAAK,CAAC,OAAO,GAAG;KAC9H,CAAC,CAAC,QAAQ,EAAE,CAAC;IAEd,MAAM,YAAY,GAAG,GAAG,WAAW,sBAAsB,QAAQ,EAAE,CAAC;IAEpE,MAAM,MAAM,GAAG,MAAM,IAAA,oBAAK,EAAC,YAAY,EAAE;QACvC,MAAM,EAAE,KAAK;QACb,OAAO,EAAE;YACP,GAAG,OAAO;SACX;KACF,CAAC,CAAC,IAAI,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE,CACpB,GAAG,CAAC,EAAE;QACJ,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,KAAK,GAAG,CAAC;QAC9B,CAAC,CAAC,OAAO,CAAC,MAAM,CACZ,IAAI,KAAK,CAAC,eAAe,GAAG,CAAC,MAAM,KAAK,MAAM,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC,CAC5D,CACN,CAAC;IAEF,IAAI,MAAM,EAAE;QACV,OAAO,CAAC,IAAI,CACV,OAAO,KAAK,CAAC,SAAS,WAAW,KAAK,CAAC,OAAO,MAAM,KAAK,CAAC,OAAO,mBAAmB,CACrF,CAAC;QACF,OAAO;KACR;IAED,MAAM,QAAQ,GAAG,MAAM,IAAA,oBAAK,EAAC,WAAW,EAAE;QACxC,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,GAAG,OAAO;YACV,cAAc,EAAE,kBAAkB;SACnC;QACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;YACnB,MAAM,EAAE;gBACN,OAAO,EAAE;oBACP,GAAG,EAAE,KAAK,CAAC,OAAO;iBACnB;gBACD,OAAO,EAAE,KAAK,CAAC,OAAO;gBACtB,WAAW,EAAE,KAAK,CAAC,WAAW;gBAC9B,SAAS,EAAE;oBACT,IAAI,EAAE,KAAK,CAAC,SAAS;iBACtB;gBACD,UAAU,EAAE,KAAK,CAAC,UAAU,CAAC,MAAM;oBACjC,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC,CAAC;oBACpD,CAAC,CAAC,SAAS;gBACb,MAAM,EAAE,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;gBACtD,QAAQ,EAAE;oBACR,IAAI,EAAE,KAAK,CAAC,QAAQ;iBACrB;gBACD,OAAO,EAAE,aAAa,CAAC,KAAK,CAAC,OAAO,CAAC;aACtC;SACF,CAAC;KACH,CAAC,CAAC;IAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE;QAChB,MAAM,IAAI,KAAK,CAAC,eAAe,QAAQ,CAAC,MAAM,KAAK,MAAM,QAAQ,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;KAC7E;IAED,MAAM,GAAG,GAAW,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,EAAE,GAAG,CAAC;IACjD,OAAO,CAAC,IAAI,CAAC,gBAAgB,EAAE,GAAG,WAAW,WAAW,GAAG,EAAE,CAAC,CAAC;AACjE,CAAC;AAED,MAAM,eAAe,GAAG,eAAe,CAAC;AAExC,SAAS,sBAAsB,CAAC,QAAkB;IAChD,IAAI,QAAQ,KAAK,MAAM,EAAE;QACvB,OAAO,eAAe,CAAC;KACxB;IAED,IAAI,QAAQ,KAAK,QAAQ,EAAE;QACzB,OAAO,YAAY,CAAC;KACrB;IAED,IAAI,QAAQ,KAAK,KAAK,EAAE;QACtB,OAAO,YAAY,CAAC;KACrB;IAGD,OAAO,cAAc,CAAC;AACxB,CAAC;AAED,SAAS,iBAAiB,CAAC,QAAkB;IAC3C,MAAM,aAAa,GAAG,CAAC,CAAC;IACxB,MAAM,iBAAiB,GACrB,QAAQ,KAAK,MAAM;QACjB,CAAC,CAAC,CAAC;QACH,CAAC,CAAC,QAAQ,KAAK,QAAQ;YACvB,CAAC,CAAC,CAAC,GAAe,CAAC;YACnB,CAAC,CAAC,QAAQ,KAAK,KAAK;gBACpB,CAAC,CAAC,EAAE,GAAe,CAAC;gBACpB,CAAC;oBACC,CAAC,CAAC;IAER,OAAO,IAAI,IAAI,CACb,IAAI,IAAI,EAAE,CAAC,OAAO,EAAE;QAClB,aAAa;QACb,iBAAiB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAC1C,CAAC;AACJ,CAAC;AAED,MAAM,aAAa,GAAG,CAAC,OAAiB,EAAE,EAAE;IAC1C,IAAI,IAAI,GAAG,OAAO;SACf,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;SACZ,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;SACxB,IAAI,CAAC,IAAI,CAAC,CAAC;IAEd,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,MAAM,CAAC;IAE3C,IAAI,SAAS,EAAE;QACb,IAAI;YACF,IAAI;gBACJ,iBAAiB,SAAS,eACxB,SAAS,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAC7B,GAAG,CAAC;KACP;IAED,OAAO,IAAI,CAAC;AACd,CAAC,CAAC;AAEK,MAAM,oBAAoB,GAAG,CAClC,aAAgC,EACxB,EAAE;IACV,OAAO,CACL;;wBAEoB,aAAa,CAAC,WAAW;wBACzB,aAAa,CAAC,cAAc;gBAE9C,aAAa,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC,aAAa,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,KACrE;gBACY,aAAa,CAAC,QAAQ;kBACpB,aAAa,CAAC,KAAK,IAAI,GAAG;;;;eAI7B,aAAa,CAAC,KAAK;EAChC,aAAa,CAAC,WAAW;;;;;EAKzB,aAAa,CAAC,aAAa,CAAC,OAAO,CAAC;;;;EAIpC,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;CACpE;QACG,CAAC,OAAO,CAAC,GAAG,CAAC,6BAA6B;YACxC,CAAC,CAAC;;;EAGN,OAAO,CAAC,GAAG,CAAC,6BAA6B;CAC1C;YACK,CAAC,CAAC,EAAE,CAAC,CACR,CAAC;AACJ,CAAC,CAAC;AApCW,QAAA,oBAAoB,wBAoC/B;AAEK,KAAK,UAAU,0BAA0B,CAC9C,eAAoC;IAEpC,IACE,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa;QAC1B,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc;QAC3B,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,EACzB;QACA,MAAM,UAAU,GAAG,CAAC,eAAe,EAAE,gBAAgB,EAAE,cAAc,CAAC;aACnE,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;aAC9B,IAAI,CAAC,IAAI,CAAC,CAAC;QAEd,MAAM,IAAI,KAAK,CACb,sDAAsD,UAAU,EAAE,CACnE,CAAC;KACH;IAED,KAAK,MAAM,aAAa,IAAI,eAAe,EAAE;QAC3C,IAAI,IAAA,yBAAS,EAAC,aAAa,CAAC,EAAE;YAC5B,OAAO;SACR;QAED,MAAM,gBAAgB,CACpB,OAAO,CAAC,GAAG,CAAC,aAAa,EACzB;YACE,KAAK,EAAE,OAAO,CAAC,GAAG,CAAC,cAAc;SAClC,EACD;YACE,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,YAAY;YACjC,OAAO,EAAE,iBAAiB,aAAa,CAAC,EAAE,aACxC,aAAa,CAAC,WAChB,IAAI,aAAa,CAAC,cAAc,GAC9B,IAAA,gCAAgB,EAAC,aAAa,CAAC,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC,EAC1D,EAAE;YACF,WAAW,EAAE,IAAA,4BAAoB,EAAC,aAAa,CAAC;YAChD,UAAU,EAAE,CAAC,0BAA0B,CAAC;YACxC,MAAM,EAAE,EAAE;YACV,QAAQ,EAAE,sBAAsB,CAAC,aAAa,CAAC,QAAQ,CAAC;YACxD,SAAS,EAAE,eAAe;YAC1B,OAAO,EAAE,iBAAiB,CAAC,aAAa,CAAC,QAAQ,CAAC;SACnD,CACF,CAAC;KACH;AACH,CAAC;AA3CD,gEA2CC"}
|
package/dist/vulnerability.d.ts
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
|
-
export
|
|
2
|
-
export
|
|
3
|
-
export
|
|
4
|
-
export
|
|
1
|
+
export type KnownSeverity = 'low' | 'medium' | 'high' | 'critical';
|
|
2
|
+
export type Severity = KnownSeverity | 'unknown';
|
|
3
|
+
export type SnykPolicyRules = any;
|
|
4
|
+
export type VulnerabilityInfo = {
|
|
5
5
|
id: string;
|
|
6
6
|
score?: number;
|
|
7
7
|
fixedIn: string[];
|
|
@@ -23,7 +23,7 @@ export declare type VulnerabilityInfo = {
|
|
|
23
23
|
url: string;
|
|
24
24
|
}[];
|
|
25
25
|
};
|
|
26
|
-
export
|
|
26
|
+
export type SnykVulnerability = {
|
|
27
27
|
id: string;
|
|
28
28
|
type?: 'license';
|
|
29
29
|
title: string;
|
|
@@ -72,10 +72,10 @@ export declare type SnykVulnerability = {
|
|
|
72
72
|
name: string;
|
|
73
73
|
version: string;
|
|
74
74
|
};
|
|
75
|
-
export
|
|
75
|
+
export type SnykTestProjectResult = {
|
|
76
76
|
vulnerabilities: SnykVulnerability[];
|
|
77
77
|
};
|
|
78
|
-
|
|
78
|
+
type Score = number | undefined;
|
|
79
79
|
export declare function severityToScore(severity: Severity): Score;
|
|
80
80
|
export declare function scoreToSeverity(score: number | undefined): Severity;
|
|
81
81
|
export declare function vulnerabilityToSnyk(vulnerability: VulnerabilityInfo): SnykVulnerability | PromiseLike<SnykVulnerability>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"vulnerability.d.ts","sourceRoot":"","sources":["../src/vulnerability.ts"],"names":[],"mappings":"AAGA,
|
|
1
|
+
{"version":3,"file":"vulnerability.d.ts","sourceRoot":"","sources":["../src/vulnerability.ts"],"names":[],"mappings":"AAGA,MAAM,MAAM,aAAa,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;AACnE,MAAM,MAAM,QAAQ,GAAG,aAAa,GAAG,SAAS,CAAC;AAEjD,MAAM,MAAM,eAAe,GAAG,GAAG,CAAC;AAElC,MAAM,MAAM,iBAAiB,GAAG;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,QAAQ,EAAE,QAAQ,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,EAAE,MAAM,CAAC;IACvB,gBAAgB,EAAE,MAAM,CAAC;IACzB,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,MAAM,CAAC,EAAE;QACP,IAAI,EAAE,QAAQ,CAAC;QACf,MAAM,EAAE,MAAM,CAAC;QACf,OAAO,EAAE,GAAG,CAAC;KACd,CAAC;IACF,IAAI,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC;CACxC,CAAC;AAEF,MAAM,MAAM,iBAAiB,GAAG;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,CAAC,EAAE,SAAS,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,MAAM,EAAE;QACN,UAAU,EAAE,MAAM,CAAC;KACpB,CAAC;IACF,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,OAAO,EAAE,KAAK,EAAE,CAAC;IACjB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,QAAQ,EAAE;QACR,YAAY,EAAE,IAAI,CAAC;KACpB,CAAC;IACF,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,QAAQ,CAAC;IACnB,SAAS,EAAE,MAAM,GAAG,SAAS,CAAC;IAC9B,SAAS,EAAE,KAAK,EAAE,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE;QACV,GAAG,EAAE,MAAM,CAAC;QACZ,KAAK,EAAE,MAAM,CAAC;KACf,EAAE,CAAC;IACJ,WAAW,EAAE,KAAK,EAAE,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,IAAI,CAAC;IAClB,WAAW,EAAE;QACX,GAAG,EAAE,MAAM,EAAE,CAAC;KACf,CAAC;IACF,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,OAAO,CAAC;IACrB,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,KAAK,EAAE,CAAC;IACvB,cAAc,EAAE,KAAK,EAAE,CAAC;IACxB,cAAc,EAAE,MAAM,CAAC;IACvB,cAAc,EAAE,MAAM,CAAC;IACvB,eAAe,EAAE,MAAM,CAAC;IACxB,gBAAgB,EAAE,MAAM,CAAC;IACzB,gBAAgB,EAAE,OAAO,CAAC;IAC1B,oBAAoB,EAAE,QAAQ,CAAC;IAC/B,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,WAAW,EAAE,KAAK,EAAE,CAAC;IACrB,YAAY,EAAE,OAAO,CAAC;IACtB,WAAW,EAAE,OAAO,CAAC;IACrB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,MAAM,MAAM,qBAAqB,GAAG;IAClC,eAAe,EAAE,iBAAiB,EAAE,CAAC;CACtC,CAAC;AAEF,KAAK,KAAK,GAAG,MAAM,GAAG,SAAS,CAAC;AAUhC,wBAAgB,eAAe,CAAC,QAAQ,EAAE,QAAQ,GAAG,KAAK,CAEzD;AAED,wBAAgB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,GAAG,QAAQ,CAenE;AAED,wBAAgB,mBAAmB,CACjC,aAAa,EAAE,iBAAiB,GAC/B,iBAAiB,GAAG,WAAW,CAAC,iBAAiB,CAAC,CA+DpD;AAED,wBAAgB,qBAAqB,CACnC,iBAAiB,EAAE,iBAAiB,EACpC,KAAK,EAAE,eAAe,GACrB,iBAAiB,CAwCnB;AAED,eAAO,MAAM,mBAAmB,mBACd,MAAM,GAAG,SAAS,KACjC,QAAQ,eAAe,CAGtB,CAAC;AAEL,wBAAgB,SAAS,CAAC,aAAa,EAAE,iBAAiB,GAAG,OAAO,CAEnE;AAED,wBAAgB,eAAe,CAAC,aAAa,EAAE,iBAAiB,GAAG,OAAO,CAEzE;AAED,wBAAgB,gBAAgB,CAAC,aAAa,EAAE,iBAAiB,GAAG,OAAO,CAE1E;AAED,wBAAgB,mBAAmB,CAAC,aAAa,EAAE,iBAAiB,GAAG,OAAO,CAE7E"}
|
package/dist/vulnerability.js
CHANGED
|
@@ -54,7 +54,7 @@ function vulnerabilityToSnyk(vulnerability) {
|
|
|
54
54
|
moduleName: packageName,
|
|
55
55
|
references: urls,
|
|
56
56
|
cvssDetails: [],
|
|
57
|
-
description: description
|
|
57
|
+
description: description ?? '',
|
|
58
58
|
epssDetails: null,
|
|
59
59
|
identifiers: {
|
|
60
60
|
CVE: cves,
|
|
@@ -82,9 +82,8 @@ function vulnerabilityToSnyk(vulnerability) {
|
|
|
82
82
|
}
|
|
83
83
|
exports.vulnerabilityToSnyk = vulnerabilityToSnyk;
|
|
84
84
|
function vulnerabilityFromSnyk(snykVulnerability, rules) {
|
|
85
|
-
var _a, _b, _c, _d, _e, _f, _g;
|
|
86
85
|
const urls = [];
|
|
87
|
-
if (
|
|
86
|
+
if (snykVulnerability.id?.startsWith('NSWG-COR-')) {
|
|
88
87
|
const id = snykVulnerability.id.split('-').reverse()[0];
|
|
89
88
|
urls.push({
|
|
90
89
|
title: snykVulnerability.id,
|
|
@@ -101,7 +100,7 @@ function vulnerabilityFromSnyk(snykVulnerability, rules) {
|
|
|
101
100
|
url: `https://security.snyk.io/package/npm/${snykVulnerability.name}/${snykVulnerability.version}`,
|
|
102
101
|
});
|
|
103
102
|
}
|
|
104
|
-
for (const cve of
|
|
103
|
+
for (const cve of snykVulnerability.identifiers?.CVE ?? []) {
|
|
105
104
|
urls.push({ title: cve, url: `https://nvd.nist.gov/vuln/detail/${cve}` });
|
|
106
105
|
}
|
|
107
106
|
return {
|
|
@@ -113,15 +112,15 @@ function vulnerabilityFromSnyk(snykVulnerability, rules) {
|
|
|
113
112
|
title: snykVulnerability.title,
|
|
114
113
|
description: snykVulnerability.description,
|
|
115
114
|
fixedIn: snykVulnerability.fixedIn,
|
|
116
|
-
cves:
|
|
115
|
+
cves: snykVulnerability.identifiers?.CVE ?? [],
|
|
117
116
|
origins: snykVulnerability.from ? [snykVulnerability.from.join(' > ')] : [],
|
|
118
|
-
vulnerableSemver:
|
|
117
|
+
vulnerableSemver: snykVulnerability.semver?.vulnerable ?? snykVulnerability.version,
|
|
119
118
|
policy: snykPolicy.getByVuln(rules, snykVulnerability),
|
|
120
119
|
urls: urls,
|
|
121
120
|
};
|
|
122
121
|
}
|
|
123
122
|
exports.vulnerabilityFromSnyk = vulnerabilityFromSnyk;
|
|
124
|
-
const loadSnykPolicyRules = async (snykPolicyPath) => await snykPolicy.load(snykPolicyPath
|
|
123
|
+
const loadSnykPolicyRules = async (snykPolicyPath) => await snykPolicy.load(snykPolicyPath ?? process.cwd(), {
|
|
125
124
|
loose: true,
|
|
126
125
|
});
|
|
127
126
|
exports.loadSnykPolicyRules = loadSnykPolicyRules;
|
|
@@ -130,13 +129,11 @@ function isIgnored(vulnerability) {
|
|
|
130
129
|
}
|
|
131
130
|
exports.isIgnored = isIgnored;
|
|
132
131
|
function hasIgnorePolicy(vulnerability) {
|
|
133
|
-
|
|
134
|
-
return ((_a = vulnerability.policy) === null || _a === void 0 ? void 0 : _a.type) === 'ignore';
|
|
132
|
+
return vulnerability.policy?.type === 'ignore';
|
|
135
133
|
}
|
|
136
134
|
exports.hasIgnorePolicy = hasIgnorePolicy;
|
|
137
135
|
function hasExpiredPolicy(vulnerability) {
|
|
138
|
-
|
|
139
|
-
return new Date() >= ((_a = vulnerability.policy) === null || _a === void 0 ? void 0 : _a.expires);
|
|
136
|
+
return new Date() >= vulnerability.policy?.expires;
|
|
140
137
|
}
|
|
141
138
|
exports.hasExpiredPolicy = hasExpiredPolicy;
|
|
142
139
|
function hasKnownRemediation(vulnerability) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"vulnerability.js","sourceRoot":"","sources":["../src/vulnerability.ts"],"names":[],"mappings":";;;AACA,MAAM,UAAU,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC;AAmF1C,MAAM,iBAAiB,GAA4B;IACjD,GAAG,EAAE,CAAC;IACN,MAAM,EAAE,CAAC;IACT,IAAI,EAAE,CAAC;IACP,QAAQ,EAAE,CAAC;IACX,OAAO,EAAE,SAAS;CACnB,CAAC;AAEF,SAAgB,eAAe,CAAC,QAAkB;IAChD,OAAO,iBAAiB,CAAC,QAAQ,CAAC,CAAC;AACrC,CAAC;AAFD,0CAEC;AAED,SAAgB,eAAe,CAAC,KAAyB;IACvD,IAAI,KAAK,KAAK,SAAS,EAAE;QACvB,OAAO,SAAS,CAAC;KAClB;IAED,IAAI,KAAK,IAAI,CAAC,EAAE;QACd,OAAO,UAAU,CAAC;KACnB;IACD,IAAI,KAAK,IAAI,CAAC,EAAE;QACd,OAAO,MAAM,CAAC;KACf;IACD,IAAI,KAAK,IAAI,CAAC,EAAE;QACd,OAAO,QAAQ,CAAC;KACjB;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAfD,0CAeC;AAED,SAAgB,mBAAmB,CACjC,aAAgC;IAEhC,MAAM,EACJ,EAAE,EACF,WAAW,EACX,cAAc,EACd,KAAK,EACL,OAAO,EACP,IAAI,EACJ,gBAAgB,EAChB,OAAO,EACP,WAAW,EACX,IAAI,GACL,GAAG,aAAa,CAAC;IAElB,MAAM,QAAQ,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;IACxC,OAAO;QACL,EAAE;QACF,KAAK,EAAE,EAAE;QACT,MAAM,EAAE,GAAG;QACX,MAAM,EAAE,CAAC,GAAG,CAAC;QACb,MAAM,EAAE;YACN,UAAU,EAAE,gBAAgB;SAC7B;QACD,OAAO,EAAE,GAAG;QACZ,OAAO,EAAE,OAAO;QAChB,OAAO,EAAE,EAAE;QACX,OAAO,EAAE,OAAO;QAChB,QAAQ,EAAE;YACR,YAAY,EAAE,IAAI;SACnB;QACD,QAAQ,EAAE,IAAI;QACd,QAAQ,EAAE,QAAQ;QAClB,SAAS,EAAE,KAAK;QAChB,SAAS,EAAE,EAAE;QACb,UAAU,EAAE,WAAW;QACvB,UAAU,EAAE,IAAI;QAChB,WAAW,EAAE,EAAE;QACf,WAAW,EAAE,WAAW,
|
|
1
|
+
{"version":3,"file":"vulnerability.js","sourceRoot":"","sources":["../src/vulnerability.ts"],"names":[],"mappings":";;;AACA,MAAM,UAAU,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC;AAmF1C,MAAM,iBAAiB,GAA4B;IACjD,GAAG,EAAE,CAAC;IACN,MAAM,EAAE,CAAC;IACT,IAAI,EAAE,CAAC;IACP,QAAQ,EAAE,CAAC;IACX,OAAO,EAAE,SAAS;CACnB,CAAC;AAEF,SAAgB,eAAe,CAAC,QAAkB;IAChD,OAAO,iBAAiB,CAAC,QAAQ,CAAC,CAAC;AACrC,CAAC;AAFD,0CAEC;AAED,SAAgB,eAAe,CAAC,KAAyB;IACvD,IAAI,KAAK,KAAK,SAAS,EAAE;QACvB,OAAO,SAAS,CAAC;KAClB;IAED,IAAI,KAAK,IAAI,CAAC,EAAE;QACd,OAAO,UAAU,CAAC;KACnB;IACD,IAAI,KAAK,IAAI,CAAC,EAAE;QACd,OAAO,MAAM,CAAC;KACf;IACD,IAAI,KAAK,IAAI,CAAC,EAAE;QACd,OAAO,QAAQ,CAAC;KACjB;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAfD,0CAeC;AAED,SAAgB,mBAAmB,CACjC,aAAgC;IAEhC,MAAM,EACJ,EAAE,EACF,WAAW,EACX,cAAc,EACd,KAAK,EACL,OAAO,EACP,IAAI,EACJ,gBAAgB,EAChB,OAAO,EACP,WAAW,EACX,IAAI,GACL,GAAG,aAAa,CAAC;IAElB,MAAM,QAAQ,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;IACxC,OAAO;QACL,EAAE;QACF,KAAK,EAAE,EAAE;QACT,MAAM,EAAE,GAAG;QACX,MAAM,EAAE,CAAC,GAAG,CAAC;QACb,MAAM,EAAE;YACN,UAAU,EAAE,gBAAgB;SAC7B;QACD,OAAO,EAAE,GAAG;QACZ,OAAO,EAAE,OAAO;QAChB,OAAO,EAAE,EAAE;QACX,OAAO,EAAE,OAAO;QAChB,QAAQ,EAAE;YACR,YAAY,EAAE,IAAI;SACnB;QACD,QAAQ,EAAE,IAAI;QACd,QAAQ,EAAE,QAAQ;QAClB,SAAS,EAAE,KAAK;QAChB,SAAS,EAAE,EAAE;QACb,UAAU,EAAE,WAAW;QACvB,UAAU,EAAE,IAAI;QAChB,WAAW,EAAE,EAAE;QACf,WAAW,EAAE,WAAW,IAAI,EAAE;QAC9B,WAAW,EAAE,IAAI;QACjB,WAAW,EAAE;YACX,GAAG,EAAE,IAAI;SACV;QACD,WAAW,EAAE,WAAW;QACxB,WAAW,EAAE,IAAI;QACjB,YAAY,EAAE,GAAG;QACjB,aAAa,EAAE,EAAE;QACjB,cAAc,EAAE,EAAE;QAClB,cAAc,EAAE,GAAG;QACnB,cAAc,EAAE,KAAK;QACrB,eAAe,EAAE,GAAG;QACpB,gBAAgB,EAAE,GAAG;QACrB,gBAAgB,EAAE,KAAK;QACvB,oBAAoB,EAAE,QAAQ;QAC9B,IAAI,EACF,OAAO,IAAI,OAAO,CAAC,MAAM;YACvB,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC;YACd,CAAC,CAAC,CAAC,GAAG,WAAW,IAAI,cAAc,EAAE,CAAC;QAC1C,WAAW,EAAE,EAAE;QACf,YAAY,EAAE,IAAI;QAClB,WAAW,EAAE,KAAK;QAClB,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,cAAc;KACxB,CAAC;AACJ,CAAC;AAjED,kDAiEC;AAED,SAAgB,qBAAqB,CACnC,iBAAoC,EACpC,KAAsB;IAEtB,MAAM,IAAI,GAAG,EAAE,CAAC;IAEhB,IAAI,iBAAiB,CAAC,EAAE,EAAE,UAAU,CAAC,WAAW,CAAC,EAAE;QACjD,MAAM,EAAE,GAAG,iBAAiB,CAAC,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC;QACxD,IAAI,CAAC,IAAI,CAAC;YACR,KAAK,EAAE,iBAAiB,CAAC,EAAE;YAC3B,GAAG,EAAE,6DAA6D,EAAE,OAAO;SAC5E,CAAC,CAAC;KACJ;SAAM;QACL,IAAI,CAAC,IAAI,CAAC;YACR,KAAK,EAAE,iBAAiB,CAAC,EAAE;YAC3B,GAAG,EAAE,iCAAiC,iBAAiB,CAAC,EAAE,EAAE;SAC7D,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,CAAC;YACR,KAAK,EAAE,GAAG,iBAAiB,CAAC,IAAI,IAAI,iBAAiB,CAAC,OAAO,kBAAkB;YAC/E,GAAG,EAAE,wCAAwC,iBAAiB,CAAC,IAAI,IAAI,iBAAiB,CAAC,OAAO,EAAE;SACnG,CAAC,CAAC;KACJ;IAED,KAAK,MAAM,GAAG,IAAI,iBAAiB,CAAC,WAAW,EAAE,GAAG,IAAI,EAAE,EAAE;QAC1D,IAAI,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,oCAAoC,GAAG,EAAE,EAAE,CAAC,CAAC;KAC3E;IAED,OAAO;QACL,WAAW,EAAE,iBAAiB,CAAC,IAAI;QACnC,cAAc,EAAE,iBAAiB,CAAC,OAAO;QACzC,EAAE,EAAE,iBAAiB,CAAC,EAAE;QACxB,KAAK,EAAE,iBAAiB,CAAC,SAAS;QAClC,QAAQ,EAAE,iBAAiB,CAAC,QAAQ;QACpC,KAAK,EAAE,iBAAiB,CAAC,KAAK;QAC9B,WAAW,EAAE,iBAAiB,CAAC,WAAW;QAC1C,OAAO,EAAE,iBAAiB,CAAC,OAAO;QAClC,IAAI,EAAE,iBAAiB,CAAC,WAAW,EAAE,GAAG,IAAI,EAAE;QAC9C,OAAO,EAAE,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE;QAC3E,gBAAgB,EACd,iBAAiB,CAAC,MAAM,EAAE,UAAU,IAAI,iBAAiB,CAAC,OAAO;QACnE,MAAM,EAAE,UAAU,CAAC,SAAS,CAAC,KAAK,EAAE,iBAAiB,CAAC;QACtD,IAAI,EAAE,IAAI;KACX,CAAC;AACJ,CAAC;AA3CD,sDA2CC;AAEM,MAAM,mBAAmB,GAAG,KAAK,EACtC,cAAkC,EACR,EAAE,CAC5B,MAAM,UAAU,CAAC,IAAI,CAAC,cAAc,IAAI,OAAO,CAAC,GAAG,EAAE,EAAE;IACrD,KAAK,EAAE,IAAI;CACZ,CAAC,CAAC;AALQ,QAAA,mBAAmB,uBAK3B;AAEL,SAAgB,SAAS,CAAC,aAAgC;IACxD,OAAO,eAAe,CAAC,aAAa,CAAC,IAAI,CAAC,gBAAgB,CAAC,aAAa,CAAC,CAAC;AAC5E,CAAC;AAFD,8BAEC;AAED,SAAgB,eAAe,CAAC,aAAgC;IAC9D,OAAO,aAAa,CAAC,MAAM,EAAE,IAAI,KAAK,QAAQ,CAAC;AACjD,CAAC;AAFD,0CAEC;AAED,SAAgB,gBAAgB,CAAC,aAAgC;IAC/D,OAAO,IAAI,IAAI,EAAE,IAAI,aAAa,CAAC,MAAM,EAAE,OAAO,CAAC;AACrD,CAAC;AAFD,4CAEC;AAED,SAAgB,mBAAmB,CAAC,aAAgC;IAClE,OAAO,CAAC,CAAC,aAAa,CAAC,OAAO,CAAC,MAAM,CAAC;AACxC,CAAC;AAFD,kDAEC"}
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import type { Compiler, WebpackPluginInstance } from 'webpack';
|
|
2
|
-
export
|
|
2
|
+
export type WebpackDependenciesPluginOptions = {
|
|
3
3
|
outputFilename?: string;
|
|
4
4
|
includePackages?: string[];
|
|
5
5
|
includeExternalProductionDependencies?: boolean;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"webpack-dependencies-plugin.d.ts","sourceRoot":"","sources":["../src/webpack-dependencies-plugin.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,QAAQ,EAAE,qBAAqB,EAAE,MAAM,SAAS,CAAC;AAa/D,
|
|
1
|
+
{"version":3,"file":"webpack-dependencies-plugin.d.ts","sourceRoot":"","sources":["../src/webpack-dependencies-plugin.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,QAAQ,EAAE,qBAAqB,EAAE,MAAM,SAAS,CAAC;AAa/D,MAAM,MAAM,gCAAgC,GAAG;IAC7C,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,qCAAqC,CAAC,EAAE,OAAO,CAAC;CACjD,CAAC;AAMF,qBAAa,yBAA0B,YAAW,qBAAqB;IAOzD,OAAO,CAAC,OAAO;IAN3B,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAe;IAC1C,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,eAAe,cAAqB;IACpC,qCAAqC,EAAE,OAAO,CAAC;IAC/C,eAAe,EAAE,MAAM,EAAE,CAAM;gBAEX,OAAO,GAAE,gCAAqC;IAOlE,OAAO,CAAC,kBAAkB;IAI1B,OAAO,CAAC,oBAAoB;IAa5B,OAAO,CAAC,mBAAmB;IAmB3B,KAAK,CAAC,QAAQ,EAAE,QAAQ,GAAG,IAAI;CAwDhC;AAED,eAAe,yBAAyB,CAAC"}
|
|
@@ -13,14 +13,13 @@ const get_package_info_1 = require("./get-package-info");
|
|
|
13
13
|
const PLUGIN_NAME = 'WebpackDependenciesPlugin';
|
|
14
14
|
class WebpackDependenciesPlugin {
|
|
15
15
|
constructor(options = {}) {
|
|
16
|
-
var _a, _b;
|
|
17
16
|
this.options = options;
|
|
18
17
|
this.pluginName = PLUGIN_NAME;
|
|
19
18
|
this.resolvedModules = new Set();
|
|
20
19
|
this.includePackages = [];
|
|
21
20
|
this.includeExternalProductionDependencies =
|
|
22
|
-
|
|
23
|
-
this.includePackages =
|
|
21
|
+
options.includeExternalProductionDependencies ?? false;
|
|
22
|
+
this.includePackages = options.includePackages ?? [];
|
|
24
23
|
this.outputPath = options.outputFilename;
|
|
25
24
|
}
|
|
26
25
|
isThirdPartyModule(modulePath) {
|
|
@@ -28,11 +27,11 @@ class WebpackDependenciesPlugin {
|
|
|
28
27
|
}
|
|
29
28
|
getWebpackModulePath(error) {
|
|
30
29
|
const stack = error_stack_parser_1.default.parse(error);
|
|
31
|
-
const webpackEntry = stack.find((entry) =>
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
return webpackEntry
|
|
30
|
+
const webpackEntry = stack.find((entry) => entry.fileName
|
|
31
|
+
?.split(path_1.default.win32.sep)
|
|
32
|
+
.join(path_1.default.posix.sep)
|
|
33
|
+
.includes('node_modules/webpack'));
|
|
34
|
+
return webpackEntry?.fileName;
|
|
36
35
|
}
|
|
37
36
|
addIncludedPackages(compiler) {
|
|
38
37
|
const includePackages = [
|
|
@@ -53,25 +52,24 @@ class WebpackDependenciesPlugin {
|
|
|
53
52
|
this.addIncludedPackages(compiler);
|
|
54
53
|
compiler.hooks.done.tapAsync(PLUGIN_NAME, (stats, done) => {
|
|
55
54
|
const { modules } = stats.toJson();
|
|
56
|
-
modules
|
|
55
|
+
modules?.forEach(({ type, nameForCondition }) => {
|
|
57
56
|
if (type === 'module' &&
|
|
58
57
|
nameForCondition &&
|
|
59
58
|
this.isThirdPartyModule(nameForCondition)) {
|
|
60
59
|
this.resolvedModules.add(nameForCondition);
|
|
61
60
|
}
|
|
62
61
|
});
|
|
63
|
-
if (
|
|
62
|
+
if (modules?.find((m) => m.moduleType === 'runtime' && m.name?.startsWith('webpack/runtime')) &&
|
|
64
63
|
webpackModulePath) {
|
|
65
64
|
this.resolvedModules.add(webpackModulePath);
|
|
66
65
|
}
|
|
67
66
|
done();
|
|
68
67
|
});
|
|
69
68
|
compiler.hooks.shutdown.tapPromise(PLUGIN_NAME, async () => {
|
|
70
|
-
var _a;
|
|
71
69
|
const dependencyList = await Promise.all(Array.from(this.resolvedModules).map(get_package_info_1.getPackageInfo));
|
|
72
70
|
const uniqueList = lodash_1.default.uniqBy(dependencyList, ({ name, version }) => `${name}@${version}`);
|
|
73
71
|
const sortedList = lodash_1.default.sortBy(uniqueList, ({ name, version }) => `${name}@${version}`);
|
|
74
|
-
const outputPath =
|
|
72
|
+
const outputPath = this.outputPath ?? path_1.default.join(compiler.context, 'dependencies.json');
|
|
75
73
|
await fs_1.promises.mkdir(path_1.default.dirname(path_1.default.resolve(outputPath)), {
|
|
76
74
|
recursive: true,
|
|
77
75
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"webpack-dependencies-plugin.js","sourceRoot":"","sources":["../src/webpack-dependencies-plugin.ts"],"names":[],"mappings":";;;;;;AAAA,gDAAwB;AACxB,2BAAoC;AAEpC,oDAAuB;AAEvB,4EAAkD;AAElD,uDAG2B;AAC3B,yDAAoD;AAEpD,MAAM,WAAW,GAAG,2BAA2B,CAAC;AAYhD,MAAa,yBAAyB;IAOpC,YAAoB,UAA4C,EAAE
|
|
1
|
+
{"version":3,"file":"webpack-dependencies-plugin.js","sourceRoot":"","sources":["../src/webpack-dependencies-plugin.ts"],"names":[],"mappings":";;;;;;AAAA,gDAAwB;AACxB,2BAAoC;AAEpC,oDAAuB;AAEvB,4EAAkD;AAElD,uDAG2B;AAC3B,yDAAoD;AAEpD,MAAM,WAAW,GAAG,2BAA2B,CAAC;AAYhD,MAAa,yBAAyB;IAOpC,YAAoB,UAA4C,EAAE;QAA9C,YAAO,GAAP,OAAO,CAAuC;QANjD,eAAU,GAAG,WAAW,CAAC;QAE1C,oBAAe,GAAG,IAAI,GAAG,EAAU,CAAC;QAEpC,oBAAe,GAAa,EAAE,CAAC;QAG7B,IAAI,CAAC,qCAAqC;YACxC,OAAO,CAAC,qCAAqC,IAAI,KAAK,CAAC;QACzD,IAAI,CAAC,eAAe,GAAG,OAAO,CAAC,eAAe,IAAI,EAAE,CAAC;QACrD,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,cAAc,CAAC;IAC3C,CAAC;IAEO,kBAAkB,CAAC,UAAkB;QAC3C,OAAO,UAAU,CAAC,KAAK,CAAC,cAAI,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;IAC7D,CAAC;IAEO,oBAAoB,CAAC,KAAY;QACvC,MAAM,KAAK,GAAG,4BAAgB,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAE5C,MAAM,YAAY,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CACxC,KAAK,CAAC,QAAQ;YACZ,EAAE,KAAK,CAAC,cAAI,CAAC,KAAK,CAAC,GAAG,CAAC;aACtB,IAAI,CAAC,cAAI,CAAC,KAAK,CAAC,GAAG,CAAC;aACpB,QAAQ,CAAC,sBAAsB,CAAC,CACpC,CAAC;QAEF,OAAO,YAAY,EAAE,QAAQ,CAAC;IAChC,CAAC;IAEO,mBAAmB,CAAC,QAAkB;QAC5C,MAAM,eAAe,GAAG;YACtB,GAAG,CAAC,IAAI,CAAC,qCAAqC;gBAC5C,CAAC,CAAC,IAAA,8CAA4B,EAAC,QAAQ,CAAC,OAAO,CAAC;gBAChD,CAAC,CAAC,EAAE,CAAC;YACP,GAAG,CAAC,IAAI,CAAC,eAAe,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,WAAW,EAAE,EAAE,CAClD,IAAA,qCAAmB,EAAC,WAAW,EAAE,QAAQ,CAAC,OAAO,CAAC,CACnD;SACF,CAAC;QAEF,KAAK,MAAM,mBAAmB,IAAI,eAAe,EAAE;YACjD,MAAM,eAAe,GAAG,cAAI,CAAC,IAAI,CAAC,mBAAmB,EAAE,cAAc,CAAC,CAAC;YAEvE,IAAI,eAAe,EAAE;gBACnB,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;aAC3C;SACF;IACH,CAAC;IAED,KAAK,CAAC,QAAkB;QACtB,MAAM,iBAAiB,GAAG,IAAI,CAAC,oBAAoB,CAAC,IAAI,KAAK,EAAE,CAAC,CAAC;QAEjE,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,CAAC;QAEnC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;YACxD,MAAM,EAAE,OAAO,EAAE,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC;YAEnC,OAAO,EAAE,OAAO,CAAC,CAAC,EAAE,IAAI,EAAE,gBAAgB,EAAE,EAAE,EAAE;gBAC9C,IACE,IAAI,KAAK,QAAQ;oBACjB,gBAAgB;oBAChB,IAAI,CAAC,kBAAkB,CAAC,gBAAgB,CAAC,EACzC;oBACA,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;iBAC5C;YACH,CAAC,CAAC,CAAC;YAEH,IACE,OAAO,EAAE,IAAI,CACX,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,UAAU,KAAK,SAAS,IAAI,CAAC,CAAC,IAAI,EAAE,UAAU,CAAC,iBAAiB,CAAC,CACtE;gBACD,iBAAiB,EACjB;gBACA,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;aAC7C;YAED,IAAI,EAAE,CAAC;QACT,CAAC,CAAC,CAAC;QAEH,QAAQ,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,WAAW,EAAE,KAAK,IAAI,EAAE;YACzD,MAAM,cAAc,GAAG,MAAM,OAAO,CAAC,GAAG,CACtC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,GAAG,CAAC,iCAAc,CAAC,CACrD,CAAC;YAEF,MAAM,UAAU,GAAG,gBAAC,CAAC,MAAM,CACzB,cAAc,EACd,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC,GAAG,IAAI,IAAI,OAAO,EAAE,CAC5C,CAAC;YAEF,MAAM,UAAU,GAAG,gBAAC,CAAC,MAAM,CACzB,UAAU,EACV,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC,GAAG,IAAI,IAAI,OAAO,EAAE,CAC5C,CAAC;YAEF,MAAM,UAAU,GACd,IAAI,CAAC,UAAU,IAAI,cAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,mBAAmB,CAAC,CAAC;YAEtE,MAAM,aAAE,CAAC,KAAK,CAAC,cAAI,CAAC,OAAO,CAAC,cAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,EAAE;gBACrD,SAAS,EAAE,IAAI;aAChB,CAAC,CAAC;YAEH,MAAM,aAAE,CAAC,SAAS,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QACtE,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AA1GD,8DA0GC;AAED,kBAAe,yBAAyB,CAAC"}
|
package/package.json
CHANGED
|
@@ -16,7 +16,7 @@
|
|
|
16
16
|
"email": "compass@mongodb.com"
|
|
17
17
|
},
|
|
18
18
|
"homepage": "https://github.com/mongodb-js/devtools-shared",
|
|
19
|
-
"version": "0.5.
|
|
19
|
+
"version": "0.5.9",
|
|
20
20
|
"repository": {
|
|
21
21
|
"type": "git",
|
|
22
22
|
"url": "https://github.com/mongodb-js/devtools-shared.git"
|
|
@@ -49,10 +49,10 @@
|
|
|
49
49
|
"reformat": "npm run prettier -- --write ."
|
|
50
50
|
},
|
|
51
51
|
"devDependencies": {
|
|
52
|
-
"@mongodb-js/eslint-config-devtools": "0.9.
|
|
53
|
-
"@mongodb-js/mocha-config-
|
|
52
|
+
"@mongodb-js/eslint-config-devtools": "0.9.10",
|
|
53
|
+
"@mongodb-js/mocha-config-devtools": "^1.0.1",
|
|
54
54
|
"@mongodb-js/prettier-config-devtools": "^1.0.1",
|
|
55
|
-
"@mongodb-js/tsconfig-
|
|
55
|
+
"@mongodb-js/tsconfig-devtools": "^1.0.1",
|
|
56
56
|
"@types/chai": "^4.2.21",
|
|
57
57
|
"@types/lodash": "^4.14.194",
|
|
58
58
|
"@types/mocha": "^9.0.0",
|
|
@@ -70,7 +70,7 @@
|
|
|
70
70
|
"prettier": "2.3.2",
|
|
71
71
|
"rimraf": "^5.0.1",
|
|
72
72
|
"sinon": "^9.2.3",
|
|
73
|
-
"typescript": "^
|
|
73
|
+
"typescript": "^5.0.4",
|
|
74
74
|
"webpack": "^5.82.0"
|
|
75
75
|
},
|
|
76
76
|
"dependencies": {
|
|
@@ -84,5 +84,5 @@
|
|
|
84
84
|
"snyk-policy": "^2.0.4",
|
|
85
85
|
"spdx-satisfies": "^5.0.1"
|
|
86
86
|
},
|
|
87
|
-
"gitHead": "
|
|
87
|
+
"gitHead": "9c41f233d529e7b5cac1849a0a07ca2076fcdbb0"
|
|
88
88
|
}
|