@nodesecure/js-x-ray 4.5.0 → 5.1.0

package/README.md

@@ -1,8 +1,6 @@
 # js-x-ray
 ![version](https://img.shields.io/badge/dynamic/json.svg?url=https://raw.githubusercontent.com/NodeSecure/js-x-ray/master/package.json&query=$.version&label=Version)
 [![Maintenance](https://img.shields.io/badge/Maintained%3F-yes-green.svg)](https://github.com/NodeSecure/js-x-ray/commit-activity)
-[![Security Responsible Disclosure](https://img.shields.io/badge/Security-Responsible%20Disclosure-yellow.svg)](https://github.com/nodejs/security-wg/blob/master/processes/responsible_disclosure_template.md
-)
 [![mit](https://img.shields.io/github/license/Naereen/StrapDown.js.svg)](https://github.com/NodeSecure/js-x-ray/blob/master/LICENSE)
 ![build](https://img.shields.io/github/workflow/status/NodeSecure/js-x-ray/Node.js%20CI)
 
@@ -77,24 +75,23 @@ The analysis will return: `http` (in try), `crypto`, `util` and `fs`.
 
 This section describes how use `warnings` export.
 
-The structure of the `warnings` is as follows:
-```js
-/**
- * @property {object}  warnings                - The default values for Constants.
- * @property {string}  warnings[name]          - The default warning name (parsingError, unsafeImport etc...).
- * @property {string}  warnings[name].i18n     - i18n token.
- * @property {string}  warnings[name].code     - Used to perform unit tests.
- * @property {string}  warnings[name].severity - Warning severity.
- */
- 
-export const warnings = Object.freeze({
-    parsingError: {
-      i18n: "sast_warnings.ast_error"
-      code: "ast-error",
-      severity: "Information"
-    },
-    ...otherWarnings
-  });
+```ts
+type WarningName = "parsing-error"
+| "encoded-literal"
+| "unsafe-regex"
+| "unsafe-stmt"
+| "unsafe-assign"
+| "short-identifiers"
+| "suspicious-literal"
+| "obfuscated-code"
+| "weak-crypto"
+| "unsafe-import";
+
+declare const warnings: Record<WarningName, {
+  i18n: string;
+  severity: "Information" | "Warning" | "Critical";
+  experimental?: boolean;
+}>;
 ```
 
 We make a call to `i18n` through the package `NodeSecure/i18n` to get the translation.
@@ -103,7 +100,7 @@ We make a call to `i18n` through the package `NodeSecure/i18n` to get the transl
 import * as jsxray from "@nodesecure/js-x-ray";
 import * as i18n from "@nodesecure/i18n";
 
-console.log(i18n.getToken(jsxray.warnings.parsingError.i18n));
+console.log(i18n.getToken(jsxray.warnings["parsing-error"].i18n));
 ```
 
 ## Warnings Legends
@@ -142,7 +139,7 @@ The method take a first argument which is the code you want to analyse. It will
 ```ts
 interface Report {
     dependencies: ASTDeps;
-    warnings: Warning<BaseWarning>[];
+    warnings: Warning[];
     idsLengthAvg: number;
     stringScore: number;
     isOneLineRequire: boolean;
@@ -166,12 +163,12 @@ Run the SAST scanner on a given JavaScript file.
 ```ts
 export type ReportOnFile = {
   ok: true,
-  warnings: Warning<BaseWarning>[];
+  warnings: Warning[];
   dependencies: ASTDeps;
   isMinified: boolean;
 } | {
   ok: false,
-  warnings: Warning<BaseWarning>[];
+  warnings: Warning[];
 }
 ```
 
@@ -181,7 +178,7 @@ export type ReportOnFile = {
 ## Contributors ✨
 
 <!-- ALL-CONTRIBUTORS-BADGE:START - Do not remove or modify this section -->
-[![All Contributors](https://img.shields.io/badge/all_contributors-6-orange.svg?style=flat-square)](#contributors-)
+[![All Contributors](https://img.shields.io/badge/all_contributors-8-orange.svg?style=flat-square)](#contributors-)
 <!-- ALL-CONTRIBUTORS-BADGE:END -->
 
 Thanks goes to these wonderful people ([emoji key](https://allcontributors.org/docs/en/emoji-key)):
@@ -197,6 +194,10 @@ Thanks goes to these wonderful people ([emoji key](https://allcontributors.org/d
     <td align="center"><a href="https://github.com/Mathieuka"><img src="https://avatars.githubusercontent.com/u/34446722?v=4?s=100" width="100px;" alt=""/><br /><sub><b>Mathieu</b></sub></a><br /><a href="https://github.com/NodeSecure/js-x-ray/commits?author=Mathieuka" title="Code">💻</a></td>
     <td align="center"><a href="https://github.com/Kawacrepe"><img src="https://avatars.githubusercontent.com/u/40260517?v=4?s=100" width="100px;" alt=""/><br /><sub><b>Vincent Dhennin</b></sub></a><br /><a href="https://github.com/NodeSecure/js-x-ray/commits?author=Kawacrepe" title="Code">💻</a> <a href="https://github.com/NodeSecure/js-x-ray/commits?author=Kawacrepe" title="Tests">⚠️</a></td>
     <td align="center"><a href="http://tonygo.dev"><img src="https://avatars.githubusercontent.com/u/22824417?v=4?s=100" width="100px;" alt=""/><br /><sub><b>Tony Gorez</b></sub></a><br /><a href="https://github.com/NodeSecure/js-x-ray/commits?author=tony-go" title="Code">💻</a> <a href="https://github.com/NodeSecure/js-x-ray/commits?author=tony-go" title="Documentation">📖</a> <a href="https://github.com/NodeSecure/js-x-ray/commits?author=tony-go" title="Tests">⚠️</a></td>
+    <td align="center"><a href="https://github.com/PierreDemailly"><img src="https://avatars.githubusercontent.com/u/39910767?v=4?s=100" width="100px;" alt=""/><br /><sub><b>PierreD</b></sub></a><br /><a href="https://github.com/NodeSecure/js-x-ray/commits?author=PierreDemailly" title="Tests">⚠️</a></td>
+  </tr>
+  <tr>
+    <td align="center"><a href="https://www.linkedin.com/in/franck-hallaert/"><img src="https://avatars.githubusercontent.com/u/110826655?v=4?s=100" width="100px;" alt=""/><br /><sub><b>Franck Hallaert</b></sub></a><br /><a href="https://github.com/NodeSecure/js-x-ray/commits?author=Aekk0" title="Code">💻</a></td>
   </tr>
 </table>
 

package/index.d.ts

@@ -1,140 +1,35 @@
-declare class ASTDeps {
-  constructor();
-  removeByName(name: string): void;
-  add(depName: string): void;
-  getDependenciesInTryStatement(): IterableIterator<string>;
-
-  public isInTryStmt: boolean;
-  public dependencies: Record<string, JSXRay.Dependency>;
-  public readonly size: number;
-}
-
-declare namespace JSXRay {
-  type kindWithValue = "parsing-error"
-    | "encoded-literal"
-    | "unsafe-regex"
-    | "unsafe-stmt"
-    | "unsafe-assign"
-    | "short-identifiers"
-    | "suspicious-literal"
-    | "obfuscated-code"
-    | "weak-crypto";
-
-  type WarningLocation = [[number, number], [number, number]];
-  interface BaseWarning {
-    kind: "unsafe-import" | kindWithValue;
-    file?: string;
-    value: string;
-    location: WarningLocation | WarningLocation[];
-  }
-
-  type Warning<T extends BaseWarning> = T extends { kind: kindWithValue } ? T : Omit<T, "value">;
-
-  interface Report {
-    dependencies: ASTDeps;
-    warnings: Warning<BaseWarning>[];
-    idsLengthAvg: number;
-    stringScore: number;
-    isOneLineRequire: boolean;
-  }
-
-  interface SourceLocation {
-    start: {
-      line: number;
-      column: number;
-    };
-    end: {
-      line: number;
-      column: number;
-    }
-  }
-
-  interface Dependency {
-    unsafe: boolean;
-    inTry: boolean;
-    location?: SourceLocation;
-  }
-
-  interface WarningsNames {
-    parsingError: {
-      code: "ast-error",
-      i18n: "sast_warnings.ast_error",
-      severity: "Information"
-    },
-    unsafeImport: {
-      code: "unsafe-import",
-      i18n: "sast_warnings.unsafe_import",
-      severity: "Warning"
-    },
-    unsafeRegex: {
-      code: "unsafe-regex",
-      i18n: "sast_warnings.unsafe_regex",
-      severity: "Warning"
-    },
-    unsafeStmt: {
-      code: "unsafe-stmt",
-      i18n: "sast_warnings.unsafe_stmt",
-      severity: "Warning"
-    },
-    unsafeAssign: {
-      code: "unsafe-assign",
-      i18n: "sast_warnings.unsafe_assign",
-      severity: "Warning"
-    },
-    encodedLiteral: {
-      code: "encoded-literal",
-      i18n: "sast_warnings.encoded_literal",
-      severity: "Information"
-    },
-    shortIdentifiers: {
-      code: "short-identifiers",
-      i18n: "sast_warnings.short_identifiers",
-      severity: "Warning"
-    },
-    suspiciousLiteral: {
-      code: "suspicious-literal",
-      i18n: "sast_warnings.suspicious_literal",
-      severity: "Warning"
-    },
-    obfuscatedCode: {
-      code: "obfuscated-code",
-      i18n: "sast_warnings.obfuscated_code",
-      severity: "Critical"
-    },
-    weakCrypto: {
-      code: "weak-crypto",
-      i18n: "sast_warnings.weak_crypto",
-      severity: "Information",
-      experimental: true
-   }
-  }
-
-  interface RuntimeOptions {
-    module?: boolean;
-    isMinified?: boolean;
-  }
-
-  export function runASTAnalysis(str: string, options?: RuntimeOptions): Report;
-
-  export type ReportOnFile = {
-    ok: true,
-    warnings: Warning<BaseWarning>[];
-    dependencies: ASTDeps;
-    isMinified: boolean;
-  } | {
-    ok: false,
-    warnings: Warning<BaseWarning>[];
-  }
-
-  export interface RuntimeFileOptions {
-    packageName?: string;
-    module?: boolean;
-  }
-
-  export function runASTAnalysisOnFile(pathToFile: string, options?: RuntimeFileOptions): Promise<ReportOnFile>;
-
-  export const warnings: WarningsNames;
-}
-
-export = JSXRay;
-export as namespace JSXRay;
+import {
+  runASTAnalysis,
+  runASTAnalysisOnFile,
+  Report,
+  ReportOnFile,
+  RuntimeFileOptions,
+  RuntimeOptions
+} from "./types/api";
+import {
+  Warning,
+  WarningDefault,
+  WarningLocation,
+  WarningName,
+  WarningNameWithValue
+} from "./types/warnings";
+import { ASTDeps, Dependency } from "./types/astdeps";
+
+declare const warnings: Record<WarningName, Pick<WarningDefault, "experimental" | "i18n" | "severity">>;
+
+export {
+  warnings,
+  runASTAnalysis,
+  runASTAnalysisOnFile,
+  Report,
+  ReportOnFile,
+  RuntimeFileOptions,
+  RuntimeOptions,
+  ASTDeps,
+  Dependency,
+  Warning,
+  WarningDefault,
+  WarningLocation,
+  WarningName,
+  WarningNameWithValue
+}

package/index.js

@@ -9,6 +9,7 @@ import isMinified from "is-minified-code";
 
 // Import Internal Dependencies
 import Analysis from "./src/Analysis.js";
+import { warnings } from "./src/warnings.js";
 
 export function runASTAnalysis(str, options = Object.create(null)) {
   const { module = true, isMinified = false } = options;
@@ -83,59 +84,4 @@ export async function runASTAnalysisOnFile(pathToFile, options = {}) {
   }
 }
 
-export const warnings = Object.freeze({
-  parsingError: {
-    code: "ast-error",
-    i18n: "sast_warnings.ast_error",
-    severity: "Information"
-  },
-  unsafeImport: {
-    code: "unsafe-import",
-    i18n: "sast_warnings.unsafe_import",
-    severity: "Warning"
-  },
-  unsafeRegex: {
-    code: "unsafe-regex",
-    i18n: "sast_warnings.unsafe_regex",
-    severity: "Warning"
-  },
-  unsafeStmt: {
-    code: "unsafe-stmt",
-    i18n: "sast_warnings.unsafe_stmt",
-    severity: "Warning"
-  },
-  unsafeAssign: {
-    code: "unsafe-assign",
-    i18n: "sast_warnings.unsafe_assign",
-    severity: "Warning"
-  },
-  encodedLiteral: {
-    code: "encoded-literal",
-    i18n: "sast_warnings.encoded_literal",
-    severity: "Information"
-  },
-  shortIdentifiers: {
-    code: "short-identifiers",
-    i18n: "sast_warnings.short_identifiers",
-    severity: "Warning"
-  },
-  suspiciousLiteral: {
-    code: "suspicious-literal",
-    i18n: "sast_warnings.suspicious_literal",
-    severity: "Warning"
-  },
-  obfuscatedCode: {
-    code: "obfuscated-code",
-    i18n: "sast_warnings.obfuscated_code",
-    severity: "Critical",
-    experimental: true
-  },
-  weakCrypto: {
-    code: "weak-crypto",
-    i18n: "sast_warnings.weak_crypto",
-    severity: "Information",
-    experimental: true
-  }
-});
-
-
+export { warnings };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nodesecure/js-x-ray",
-  "version": "4.5.0",
+  "version": "5.1.0",
   "description": "JavaScript AST XRay analysis",
   "type": "module",
   "exports": "./index.js",
@@ -27,6 +27,7 @@
   ],
   "files": [
     "src",
+    "types",
     "index.js",
     "index.d.ts"
   ],
@@ -40,18 +41,18 @@
     "@nodesecure/sec-literal": "^1.1.0",
     "estree-walker": "^3.0.1",
     "is-minified-code": "^2.0.0",
-    "meriyah": "^4.2.1",
+    "meriyah": "^4.3.0",
     "safe-regex": "^2.1.1"
   },
   "devDependencies": {
-    "@nodesecure/eslint-config": "^1.4.1",
+    "@nodesecure/eslint-config": "^1.5.0",
     "@slimio/is": "^1.5.1",
     "@small-tech/esm-tape-runner": "^2.0.0",
     "@small-tech/tap-monkey": "^1.4.0",
-    "@types/node": "^17.0.42",
+    "@types/node": "^18.7.13",
     "cross-env": "^7.0.3",
-    "eslint": "^8.17.0",
+    "eslint": "^8.23.0",
     "pkg-ok": "^3.0.0",
-    "tape": "^5.5.3"
+    "tape": "^5.6.0"
   }
 }

package/src/Analysis.js

@@ -2,8 +2,9 @@
 import { Utils, Literal } from "@nodesecure/sec-literal";
 
 // Import Internal Dependencies
-import { rootLocation, toArrayLocation, generateWarning } from "./utils.js";
-import { warnings as _warnings, processMainModuleRequire } from "./constants.js";
+import { rootLocation, toArrayLocation } from "./utils.js";
+import { generateWarning } from "./warnings.js";
+import { processMainModuleRequire } from "./constants.js";
 import ASTDeps from "./ASTDeps.js";
 import { isObfuscatedCode, hasTrojanSource } from "./obfuscators/index.js";
 import { runOnProbes } from "./probes/index.js";
@@ -15,19 +16,6 @@ const kDictionaryStrParts = [
   "0123456789"
 ];
 
-const kWarningsNameStr = Object.freeze({
-  [_warnings.parsingError]: "parsing-error",
-  [_warnings.unsafeImport]: "unsafe-import",
-  [_warnings.unsafeRegex]: "unsafe-regex",
-  [_warnings.unsafeStmt]: "unsafe-stmt",
-  [_warnings.unsafeAssign]: "unsafe-assign",
-  [_warnings.encodedLiteral]: "encoded-literal",
-  [_warnings.shortIdentifiers]: "short-identifiers",
-  [_warnings.suspiciousLiteral]: "suspicious-literal",
-  [_warnings.obfuscatedCode]: "obfuscated-code",
-  [_warnings.weakCrypto]: "weak-crypto"
-});
-
 export default class Analysis {
   hasDictionaryString = false;
   hasPrefixedIdentifiers = false;
@@ -56,23 +44,24 @@ export default class Analysis {
     this.literalScores = [];
   }
 
-  addWarning(symbol, value, location = rootLocation()) {
-    if (symbol === _warnings.encodedLiteral && this.handledEncodedLiteralValues.has(value)) {
+  addWarning(name, value, location = rootLocation()) {
+    const isEncodedLiteral = name === "encoded-literal";
+    if (isEncodedLiteral && this.handledEncodedLiteralValues.has(value)) {
       const index = this.handledEncodedLiteralValues.get(value);
       this.warnings[index].location.push(toArrayLocation(location));
 
       return;
     }
-    const warningName = kWarningsNameStr[symbol];
-    this.warnings.push(generateWarning(warningName, { value, location }));
-    if (symbol === _warnings.encodedLiteral) {
+
+    this.warnings.push(generateWarning(name, { value, location }));
+    if (isEncodedLiteral) {
       this.handledEncodedLiteralValues.set(value, this.warnings.length - 1);
     }
   }
 
   analyzeSourceString(sourceString) {
     if (hasTrojanSource(sourceString)) {
-      this.addWarning(_warnings.obfuscatedCode, "trojan-source");
+      this.addWarning("obfuscated-code", "trojan-source");
     }
   }
 
@@ -107,7 +96,7 @@ export default class Analysis {
         this.counter.encodedArrayValue++;
       }
       else {
-        this.addWarning(_warnings.encodedLiteral, node.value, node.loc);
+        this.addWarning("encoded-literal", node.value, node.loc);
       }
     }
   }
@@ -116,7 +105,7 @@ export default class Analysis {
     this.counter.identifiers = this.identifiersName.length;
     const [isObfuscated, kind] = isObfuscatedCode(this);
     if (isObfuscated) {
-      this.addWarning(_warnings.obfuscatedCode, kind || "unknown");
+      this.addWarning("obfuscated-code", kind || "unknown");
     }
 
     const identifiersLengthArr = this.identifiersName
@@ -124,10 +113,10 @@ export default class Analysis {
 
     const [idsLengthAvg, stringScore] = [sum(identifiersLengthArr), sum(this.literalScores)];
     if (!isMinified && identifiersLengthArr.length > 5 && idsLengthAvg <= 1.5) {
-      this.addWarning(_warnings.shortIdentifiers, idsLengthAvg);
+      this.addWarning("short-identifiers", idsLengthAvg);
     }
     if (stringScore >= 3) {
-      this.addWarning(_warnings.suspiciousLiteral, stringScore);
+      this.addWarning("suspicious-literal", stringScore);
     }
 
     return { idsLengthAvg, stringScore, warnings: this.warnings };
@@ -149,5 +138,3 @@ export default class Analysis {
 function sum(arr = []) {
   return arr.length === 0 ? 0 : (arr.reduce((prev, curr) => prev + curr, 0) / arr.length);
 }
-
-Analysis.Warnings = _warnings;

package/src/constants.js

@@ -33,16 +33,3 @@ export const unsafeUnicodeControlCharacters = [
   "\u200F",
   "\u061C"
 ];
-
-export const warnings = Object.freeze({
-  parsingError: Symbol("ParsingError"),
-  unsafeImport: Symbol("UnsafeImport"),
-  unsafeRegex: Symbol("UnsafeRegex"),
-  unsafeStmt: Symbol("UnsafeStmt"),
-  unsafeAssign: Symbol("UnsafeAssign"),
-  encodedLiteral: Symbol("EncodedLiteral"),
-  shortIdentifiers: Symbol("ShortIdentifiers"),
-  suspiciousLiteral: Symbol("SuspiciousLiteral"),
-  obfuscatedCode: Symbol("ObfuscatedCode"),
-  weakCrypto: Symbol("WeakCrypto")
-});

package/src/probes/index.js

@@ -1,68 +1,68 @@
-// Import all the probes
-import isUnsafeCallee from "./isUnsafeCallee.js";
-import isLiteral from "./isLiteral.js";
-import isLiteralRegex from "./isLiteralRegex.js";
-import isRegexObject from "./isRegexObject.js";
-import isVariableDeclaration from "./isVariableDeclaration.js";
-import isAssignmentExprOrMemberExpr from "./isAssignmentExprOrMemberExpr.js";
-import isRequire from "./isRequire.js";
-import isImportDeclaration from "./isImportDeclaration.js";
-import isMemberExpression from "./isMemberExpression.js";
-import isArrayExpression from "./isArrayExpression.js";
-import isFunctionDeclaration from "./isFunctionDeclaration.js";
-import isAssignmentExpression from "./isAssignmentExpression.js";
-import isObjectExpression from "./isObjectExpression.js";
-import isUnaryExpression from "./isUnaryExpression.js";
-import isWeakCrypto from "./isWeakCrypto.js";
-
-// CONSTANTS
-const kListOfProbes = [
-  isUnsafeCallee,
-  isLiteral,
-  isLiteralRegex,
-  isRegexObject,
-  isVariableDeclaration,
-  isAssignmentExprOrMemberExpr,
-  isRequire,
-  isImportDeclaration,
-  isMemberExpression,
-  isAssignmentExpression,
-  isObjectExpression,
-  isArrayExpression,
-  isFunctionDeclaration,
-  isUnaryExpression,
-  isWeakCrypto
-];
-
-const kSymBreak = Symbol.for("breakWalk");
-const kSymSkip = Symbol.for("skipWalk");
-
-export function runOnProbes(node, analysis) {
-  const breakedGroups = new Set();
-
-  for (const probe of kListOfProbes) {
-    if (breakedGroups.has(probe.breakGroup)) {
-      continue;
-    }
-
-    const [isMatching, data = null] = probe.validateNode(node, analysis);
-    if (isMatching) {
-      const result = probe.main(node, { analysis, data });
-
-      if (result === kSymSkip) {
-        return "skip";
-      }
-      if (result === kSymBreak || probe.breakOnMatch) {
-        const breakGroup = probe.breakGroup || null;
-        if (breakGroup === null) {
-          break;
-        }
-        else {
-          breakedGroups.add(breakGroup);
-        }
-      }
-    }
-  }
-
-  return null;
-}
+// Import all the probes
+import isUnsafeCallee from "./isUnsafeCallee.js";
+import isLiteral from "./isLiteral.js";
+import isLiteralRegex from "./isLiteralRegex.js";
+import isRegexObject from "./isRegexObject.js";
+import isVariableDeclaration from "./isVariableDeclaration.js";
+import isAssignmentExprOrMemberExpr from "./isAssignmentExprOrMemberExpr.js";
+import isRequire from "./isRequire.js";
+import isImportDeclaration from "./isImportDeclaration.js";
+import isMemberExpression from "./isMemberExpression.js";
+import isArrayExpression from "./isArrayExpression.js";
+import isFunctionDeclaration from "./isFunctionDeclaration.js";
+import isAssignmentExpression from "./isAssignmentExpression.js";
+import isObjectExpression from "./isObjectExpression.js";
+import isUnaryExpression from "./isUnaryExpression.js";
+import isWeakCrypto from "./isWeakCrypto.js";
+
+// CONSTANTS
+const kListOfProbes = [
+  isUnsafeCallee,
+  isLiteral,
+  isLiteralRegex,
+  isRegexObject,
+  isVariableDeclaration,
+  isAssignmentExprOrMemberExpr,
+  isRequire,
+  isImportDeclaration,
+  isMemberExpression,
+  isAssignmentExpression,
+  isObjectExpression,
+  isArrayExpression,
+  isFunctionDeclaration,
+  isUnaryExpression,
+  isWeakCrypto
+];
+
+const kSymBreak = Symbol.for("breakWalk");
+const kSymSkip = Symbol.for("skipWalk");
+
+export function runOnProbes(node, analysis) {
+  const breakedGroups = new Set();
+
+  for (const probe of kListOfProbes) {
+    if (breakedGroups.has(probe.breakGroup)) {
+      continue;
+    }
+
+    const [isMatching, data = null] = probe.validateNode(node, analysis);
+    if (isMatching) {
+      const result = probe.main(node, { analysis, data });
+
+      if (result === kSymSkip) {
+        return "skip";
+      }
+      if (result === kSymBreak || probe.breakOnMatch) {
+        const breakGroup = probe.breakGroup || null;
+        if (breakGroup === null) {
+          break;
+        }
+        else {
+          breakedGroups.add(breakGroup);
+        }
+      }
+    }
+  }
+
+  return null;
+}

package/src/probes/isImportDeclaration.js

@@ -1,6 +1,3 @@
-// Require Internal Dependencies
-import { warnings } from "../constants.js";
-
 /**
  * @description Search for ESM ImportDeclaration
  * @see https://github.com/estree/estree/blob/master/es2015.md#importdeclaration
@@ -22,7 +19,7 @@ function main(node, options) {
   // Searching for dangerous import "data:text/javascript;..." statement.
   // see: https://2ality.com/2019/10/eval-via-import.html
   if (node.source.value.startsWith("data:text/javascript")) {
-    analysis.addWarning(warnings.unsafeImport, node.source.value, node.loc);
+    analysis.addWarning("unsafe-import", node.source.value, node.loc);
   }
   analysis.dependencies.add(node.source.value, node.loc);
 }