@nodesecure/js-x-ray 8.0.0 → 8.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/LICENSE CHANGED
@@ -1,6 +1,6 @@
1
1
  MIT License
2
2
 
3
- Copyright (c) 2021-2024 NodeSecure
3
+ Copyright (c) 2021-2025 NodeSecure
4
4
 
5
5
  Permission is hereby granted, free of charge, to any person obtaining a copy
6
6
  of this software and associated documentation files (the "Software"), to deal
package/package.json CHANGED
@@ -1,11 +1,11 @@
1
1
  {
2
2
  "name": "@nodesecure/js-x-ray",
3
- "version": "8.0.0",
3
+ "version": "8.1.0",
4
4
  "description": "JavaScript AST XRay analysis",
5
5
  "type": "module",
6
6
  "exports": "./index.js",
7
7
  "engines": {
8
- "node": ">=18.0.0"
8
+ "node": ">=20.0.0"
9
9
  },
10
10
  "scripts": {
11
11
  "lint": "eslint src workspaces test",
@@ -49,12 +49,12 @@
49
49
  "estree-walker": "^3.0.1",
50
50
  "frequency-set": "^1.0.2",
51
51
  "is-minified-code": "^2.0.0",
52
- "meriyah": "^5.0.0",
52
+ "meriyah": "^6.0.0",
53
53
  "safe-regex": "^2.1.1",
54
54
  "ts-pattern": "^5.0.6"
55
55
  },
56
56
  "devDependencies": {
57
- "@openally/config.eslint": "^1.0.0",
57
+ "@openally/config.eslint": "^2.0.0",
58
58
  "@types/node": "^22.0.0",
59
59
  "c8": "^10.1.2",
60
60
  "glob": "^11.0.0",
@@ -11,6 +11,7 @@ import isImportDeclaration from "./probes/isImportDeclaration.js";
11
11
  import isWeakCrypto from "./probes/isWeakCrypto.js";
12
12
  import isBinaryExpression from "./probes/isBinaryExpression.js";
13
13
  import isArrayExpression from "./probes/isArrayExpression.js";
14
+ import isESMExport from "./probes/isESMExport.js";
14
15
 
15
16
  // Import Internal Dependencies
16
17
  import { SourceFile } from "./SourceFile.js";
@@ -39,6 +40,7 @@ export class ProbeRunner {
39
40
  */
40
41
  static Defaults = [
41
42
  isRequire,
43
+ isESMExport,
42
44
  isUnsafeCallee,
43
45
  isLiteral,
44
46
  isLiteralRegex,
package/src/SourceFile.js CHANGED
@@ -129,7 +129,7 @@ export class SourceFile {
129
129
  this.deobfuscator.walk(node);
130
130
 
131
131
  // Detect TryStatement and CatchClause to known which dependency is required in a Try {} clause
132
- if (node.type === "TryStatement" && typeof node.handler !== "undefined") {
132
+ if (node.type === "TryStatement" && node.handler) {
133
133
  this.inTryStatement = true;
134
134
  }
135
135
  else if (node.type === "CatchClause") {
@@ -0,0 +1,31 @@
1
+ /**
2
+ * @description Search for ESM Export
3
+ *
4
+ * @example
5
+ * export { bar } from "./foo.js";
6
+ * export * from "./bar.js";
7
+ */
8
+ function validateNode(node) {
9
+ return [
10
+ /**
11
+ * We must be sure that the source property is a Literal to not fall in a trap
12
+ * export const foo = "bar";
13
+ */
14
+ (node.type === "ExportNamedDeclaration" && node.source?.type === "Literal") ||
15
+ node.type === "ExportAllDeclaration"
16
+ ];
17
+ }
18
+
19
+ function main(node, { sourceFile }) {
20
+ sourceFile.addDependency(
21
+ node.source.value,
22
+ node.loc
23
+ );
24
+ }
25
+
26
+ export default {
27
+ name: "isESMExport",
28
+ validateNode,
29
+ main,
30
+ breakOnMatch: true
31
+ };