@nodesecure/js-x-ray 8.0.0 → 8.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +1 -1
- package/package.json +4 -4
- package/src/ProbeRunner.js +2 -0
- package/src/SourceFile.js +1 -1
- package/src/probes/isESMExport.js +31 -0
package/LICENSE
CHANGED
package/package.json
CHANGED
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@nodesecure/js-x-ray",
|
|
3
|
-
"version": "8.
|
|
3
|
+
"version": "8.1.0",
|
|
4
4
|
"description": "JavaScript AST XRay analysis",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"exports": "./index.js",
|
|
7
7
|
"engines": {
|
|
8
|
-
"node": ">=
|
|
8
|
+
"node": ">=20.0.0"
|
|
9
9
|
},
|
|
10
10
|
"scripts": {
|
|
11
11
|
"lint": "eslint src workspaces test",
|
|
@@ -49,12 +49,12 @@
|
|
|
49
49
|
"estree-walker": "^3.0.1",
|
|
50
50
|
"frequency-set": "^1.0.2",
|
|
51
51
|
"is-minified-code": "^2.0.0",
|
|
52
|
-
"meriyah": "^
|
|
52
|
+
"meriyah": "^6.0.0",
|
|
53
53
|
"safe-regex": "^2.1.1",
|
|
54
54
|
"ts-pattern": "^5.0.6"
|
|
55
55
|
},
|
|
56
56
|
"devDependencies": {
|
|
57
|
-
"@openally/config.eslint": "^
|
|
57
|
+
"@openally/config.eslint": "^2.0.0",
|
|
58
58
|
"@types/node": "^22.0.0",
|
|
59
59
|
"c8": "^10.1.2",
|
|
60
60
|
"glob": "^11.0.0",
|
package/src/ProbeRunner.js
CHANGED
|
@@ -11,6 +11,7 @@ import isImportDeclaration from "./probes/isImportDeclaration.js";
|
|
|
11
11
|
import isWeakCrypto from "./probes/isWeakCrypto.js";
|
|
12
12
|
import isBinaryExpression from "./probes/isBinaryExpression.js";
|
|
13
13
|
import isArrayExpression from "./probes/isArrayExpression.js";
|
|
14
|
+
import isESMExport from "./probes/isESMExport.js";
|
|
14
15
|
|
|
15
16
|
// Import Internal Dependencies
|
|
16
17
|
import { SourceFile } from "./SourceFile.js";
|
|
@@ -39,6 +40,7 @@ export class ProbeRunner {
|
|
|
39
40
|
*/
|
|
40
41
|
static Defaults = [
|
|
41
42
|
isRequire,
|
|
43
|
+
isESMExport,
|
|
42
44
|
isUnsafeCallee,
|
|
43
45
|
isLiteral,
|
|
44
46
|
isLiteralRegex,
|
package/src/SourceFile.js
CHANGED
|
@@ -129,7 +129,7 @@ export class SourceFile {
|
|
|
129
129
|
this.deobfuscator.walk(node);
|
|
130
130
|
|
|
131
131
|
// Detect TryStatement and CatchClause to known which dependency is required in a Try {} clause
|
|
132
|
-
if (node.type === "TryStatement" &&
|
|
132
|
+
if (node.type === "TryStatement" && node.handler) {
|
|
133
133
|
this.inTryStatement = true;
|
|
134
134
|
}
|
|
135
135
|
else if (node.type === "CatchClause") {
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @description Search for ESM Export
|
|
3
|
+
*
|
|
4
|
+
* @example
|
|
5
|
+
* export { bar } from "./foo.js";
|
|
6
|
+
* export * from "./bar.js";
|
|
7
|
+
*/
|
|
8
|
+
function validateNode(node) {
|
|
9
|
+
return [
|
|
10
|
+
/**
|
|
11
|
+
* We must be sure that the source property is a Literal to not fall in a trap
|
|
12
|
+
* export const foo = "bar";
|
|
13
|
+
*/
|
|
14
|
+
(node.type === "ExportNamedDeclaration" && node.source?.type === "Literal") ||
|
|
15
|
+
node.type === "ExportAllDeclaration"
|
|
16
|
+
];
|
|
17
|
+
}
|
|
18
|
+
|
|
19
|
+
function main(node, { sourceFile }) {
|
|
20
|
+
sourceFile.addDependency(
|
|
21
|
+
node.source.value,
|
|
22
|
+
node.loc
|
|
23
|
+
);
|
|
24
|
+
}
|
|
25
|
+
|
|
26
|
+
export default {
|
|
27
|
+
name: "isESMExport",
|
|
28
|
+
validateNode,
|
|
29
|
+
main,
|
|
30
|
+
breakOnMatch: true
|
|
31
|
+
};
|