@nodesecure/js-x-ray 6.2.1 → 6.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/README.md +18 -6
  2. package/package.json +11 -2
  3. package/types/astdeps.d.ts +1 -0
  4. package/types/warnings.d.ts +6 -5
package/README.md CHANGED
@@ -20,12 +20,10 @@
20
20
  </a>
21
21
  </p>
22
22
 
23
- JavaScript AST analysis. This package has been created to export the [Node-Secure](https://github.com/ES-Community/nsecure) AST Analysis to enable better code evolution and allow better access to developers and researchers.
23
+ JavaScript AST analysis. This package has been created to export the [NodeSecure](https://github.com/NodeSecure/cli) AST Analysis to enable better code evolution and allow better access to developers and researchers.
24
24
 
25
25
  The goal is to quickly identify dangerous code and patterns for developers and Security researchers. Interpreting the results of this tool will still require you to have a set of security notions.
26
26
 
27
- > **Note** I have no particular background in security. I'm simply becoming more and more interested and passionate about static code analysis. But I would be more than happy to learn that my work can help prevent potential future attacks (or leaks).
28
-
29
27
  ## Goals
30
28
  The objective of the project is to successfully detect all potentially suspicious JavaScript codes.. The target is obviously codes that are added or injected for malicious purposes..
31
29
 
@@ -85,7 +83,8 @@ console.log(warnings);
85
83
 
86
84
  The analysis will return: `http` (in try), `crypto`, `util` and `fs`.
87
85
 
88
- > **Warning** There is also a lot of suspicious code example in the `./examples` cases directory. Feel free to try the tool on these files.
86
+ > [!NOTE]
87
+ > There is also a lot of suspicious code example in the `./examples` cases directory. Feel free to try the tool on these files.
89
88
 
90
89
  ## Warnings
91
90
 
@@ -122,8 +121,6 @@ console.log(i18n.getTokenSync(jsxray.warnings["parsing-error"].i18n));
122
121
 
123
122
  ## Warnings Legends
124
123
 
125
- > **Warning** versions of NodeSecure greather than v0.7.0 are no longer compatible with the warnings table below.
126
-
127
124
  This section describe all the possible warnings returned by JSXRay. Click on the warning **name** for additional information and examples.
128
125
 
129
126
  | name | experimental | description |
@@ -194,6 +191,21 @@ export type ReportOnFile = {
194
191
 
195
192
  </details>
196
193
 
194
+ ## Workspaces
195
+
196
+ Click on one of the links to access the documentation of the workspace:
197
+
198
+ | name | package and link |
199
+ | --- | --- |
200
+ | estree-ast-util | [@nodesecure/estree-ast-util](./workspaces/estree-ast-util) |
201
+ | sec-literal | [@nodesecure/sec-literal ](./workspaces/sec-literal) |
202
+
203
+ These packages are available in the Node Package Repository and can be easily installed with [npm](https://docs.npmjs.com/getting-started/what-is-npm) or [yarn](https://yarnpkg.com).
204
+ ```bash
205
+ $ npm i @nodesecure/estree-ast-util
206
+ # or
207
+ $ yarn add @nodesecure/estree-ast-util
208
+ ```
197
209
 
198
210
  ## Contributors ✨
199
211
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@nodesecure/js-x-ray",
3
- "version": "6.2.1",
3
+ "version": "6.3.0",
4
4
  "description": "JavaScript AST XRay analysis",
5
5
  "type": "module",
6
6
  "exports": "./index.js",
@@ -18,6 +18,10 @@
18
18
  "type": "git",
19
19
  "url": "git+https://github.com/NodeSecure/js-x-ray.git"
20
20
  },
21
+ "workspaces": [
22
+ "workspaces/estree-ast-utils",
23
+ "workspaces/sec-literal"
24
+ ],
21
25
  "keywords": [
22
26
  "ast",
23
27
  "nsecure",
@@ -48,10 +52,15 @@
48
52
  },
49
53
  "devDependencies": {
50
54
  "@nodesecure/eslint-config": "^1.6.0",
55
+ "@small-tech/esm-tape-runner": "^2.0.0",
56
+ "@small-tech/tap-monkey": "^1.4.0",
51
57
  "@types/node": "^20.6.2",
52
58
  "c8": "^8.0.1",
59
+ "cross-env": "^7.0.3",
53
60
  "eslint": "^8.31.0",
54
61
  "glob": "^10.3.4",
55
- "pkg-ok": "^3.0.0"
62
+ "iterator-matcher": "^2.1.0",
63
+ "pkg-ok": "^3.0.0",
64
+ "tape": "^5.7.2"
56
65
  }
57
66
  }
package/types/astdeps.d.ts CHANGED
@@ -26,6 +26,7 @@ declare class ASTDeps {
26
26
  removeByName(name: string): void;
27
27
  add(depName: string): void;
28
28
  getDependenciesInTryStatement(): IterableIterator<string>;
29
+ [Symbol.iterator]: IterableIterator<string>;
29
30
 
30
31
  public isInTryStmt: boolean;
31
32
  public dependencies: Record<string, Dependency>;
package/types/warnings.d.ts CHANGED
@@ -21,15 +21,16 @@ type WarningName = WarningNameWithValue | "unsafe-import";
21
21
 
22
22
  type WarningLocation = [[number, number], [number, number]];
23
23
 
24
- interface WarningDefault {
25
- kind: WarningName;
24
+ interface WarningDefault<T = WarningName> {
25
+ kind: T;
26
26
  file?: string;
27
27
  value: string;
28
- source: string;
29
- location: WarningLocation | WarningLocation[];
28
+ source: string;
29
+ location: null | WarningLocation | WarningLocation[];
30
30
  i18n: string;
31
31
  severity: "Information" | "Warning" | "Critical";
32
32
  experimental?: boolean;
33
33
  }
34
34
 
35
- type Warning<T extends WarningDefault = WarningDefault> = T extends { kind: WarningNameWithValue } ? T : Omit<T, "value">;
35
+ type Warning<T extends WarningDefault = WarningDefault> =
36
+ T extends { kind: WarningNameWithValue } ? T : Omit<T, "value">;