@nodesecure/js-x-ray 8.1.1 → 9.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +3 -1
- package/package.json +17 -3
- package/src/AstAnalyser.js +18 -3
- package/src/EntryFilesAnalyser.js +7 -1
- package/src/ProbeRunner.js +2 -0
- package/src/SourceFile.js +2 -0
- package/src/probes/isFetch.js +19 -0
- package/src/probes/isLiteral.js +1 -1
- package/src/warnings.js +6 -5
- package/types/api.d.ts +11 -2
package/README.md
CHANGED
|
@@ -161,7 +161,7 @@ $ yarn add @nodesecure/estree-ast-util
|
|
|
161
161
|
## Contributors ✨
|
|
162
162
|
|
|
163
163
|
<!-- ALL-CONTRIBUTORS-BADGE:START - Do not remove or modify this section -->
|
|
164
|
-
[](#contributors-)
|
|
165
165
|
<!-- ALL-CONTRIBUTORS-BADGE:END -->
|
|
166
166
|
|
|
167
167
|
Thanks goes to these wonderful people ([emoji key](https://allcontributors.org/docs/en/emoji-key)):
|
|
@@ -194,6 +194,8 @@ Thanks goes to these wonderful people ([emoji key](https://allcontributors.org/d
|
|
|
194
194
|
<td align="center" valign="top" width="14.28%"><a href="https://github.com/madina0801"><img src="https://avatars.githubusercontent.com/u/101329759?v=4?s=100" width="100px;" alt="Madina"/><br /><sub><b>Madina</b></sub></a><br /><a href="https://github.com/NodeSecure/js-x-ray/commits?author=madina0801" title="Code">💻</a></td>
|
|
195
195
|
<td align="center" valign="top" width="14.28%"><a href="https://github.com/sairuss7"><img src="https://avatars.githubusercontent.com/u/87803528?v=4?s=100" width="100px;" alt="SairussDev"/><br /><sub><b>SairussDev</b></sub></a><br /><a href="https://github.com/NodeSecure/js-x-ray/commits?author=sairuss7" title="Code">💻</a></td>
|
|
196
196
|
<td align="center" valign="top" width="14.28%"><a href="https://github.com/fless-lab"><img src="https://avatars.githubusercontent.com/u/71844440?v=4?s=100" width="100px;" alt="Abdou-Raouf ATARMLA"/><br /><sub><b>Abdou-Raouf ATARMLA</b></sub></a><br /><a href="https://github.com/NodeSecure/js-x-ray/commits?author=fless-lab" title="Code">💻</a></td>
|
|
197
|
+
<td align="center" valign="top" width="14.28%"><a href="https://clementgombauld.netlify.app/"><img src="https://avatars.githubusercontent.com/u/91478082?v=4?s=100" width="100px;" alt="Clement Gombauld"/><br /><sub><b>Clement Gombauld</b></sub></a><br /><a href="https://github.com/NodeSecure/js-x-ray/commits?author=clemgbld" title="Code">💻</a> <a href="https://github.com/NodeSecure/js-x-ray/commits?author=clemgbld" title="Tests">⚠️</a></td>
|
|
198
|
+
<td align="center" valign="top" width="14.28%"><a href="https://github.com/intincrab"><img src="https://avatars.githubusercontent.com/u/93028153?v=4?s=100" width="100px;" alt="Ajāy "/><br /><sub><b>Ajāy </b></sub></a><br /><a href="https://github.com/NodeSecure/js-x-ray/commits?author=intincrab" title="Code">💻</a></td>
|
|
197
199
|
</tr>
|
|
198
200
|
</tbody>
|
|
199
201
|
</table>
|
package/package.json
CHANGED
|
@@ -1,9 +1,19 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@nodesecure/js-x-ray",
|
|
3
|
-
"version": "
|
|
3
|
+
"version": "9.0.0",
|
|
4
4
|
"description": "JavaScript AST XRay analysis",
|
|
5
5
|
"type": "module",
|
|
6
|
-
"exports":
|
|
6
|
+
"exports": {
|
|
7
|
+
".": {
|
|
8
|
+
"import": "./index.js",
|
|
9
|
+
"types": "./index.d.ts"
|
|
10
|
+
},
|
|
11
|
+
"./warnings": {
|
|
12
|
+
"import": "./src/warnings.js",
|
|
13
|
+
"types": "./types/warnings.d.ts"
|
|
14
|
+
},
|
|
15
|
+
"./package.json": "./package.json"
|
|
16
|
+
},
|
|
7
17
|
"engines": {
|
|
8
18
|
"node": ">=20.0.0"
|
|
9
19
|
},
|
|
@@ -11,7 +21,9 @@
|
|
|
11
21
|
"lint": "eslint src workspaces test",
|
|
12
22
|
"test-only": "glob -c \"node --test-reporter=spec --test\" \"./test/**/*.spec.js\"",
|
|
13
23
|
"test": "c8 --all --src ./src -r html npm run test-only",
|
|
14
|
-
"check": "npm run lint && npm run test-only"
|
|
24
|
+
"check": "npm run lint && npm run test-only",
|
|
25
|
+
"ci:publish": "changeset publish",
|
|
26
|
+
"ci:version": "changeset version"
|
|
15
27
|
},
|
|
16
28
|
"repository": {
|
|
17
29
|
"type": "git",
|
|
@@ -54,6 +66,8 @@
|
|
|
54
66
|
"ts-pattern": "^5.0.6"
|
|
55
67
|
},
|
|
56
68
|
"devDependencies": {
|
|
69
|
+
"@changesets/changelog-github": "^0.5.1",
|
|
70
|
+
"@changesets/cli": "^2.29.4",
|
|
57
71
|
"@openally/config.eslint": "^2.0.0",
|
|
58
72
|
"@types/node": "^22.0.0",
|
|
59
73
|
"c8": "^10.1.2",
|
package/src/AstAnalyser.js
CHANGED
|
@@ -75,10 +75,15 @@ export class AstAnalyser {
|
|
|
75
75
|
finalize(source);
|
|
76
76
|
}
|
|
77
77
|
|
|
78
|
+
// Add oneline-require flag if this is a one-line require expression
|
|
79
|
+
if (isOneLineExpressionExport(body)) {
|
|
80
|
+
source.flags.add("oneline-require");
|
|
81
|
+
}
|
|
82
|
+
|
|
78
83
|
return {
|
|
79
84
|
...source.getResult(isMinified),
|
|
80
85
|
dependencies: source.dependencies,
|
|
81
|
-
|
|
86
|
+
flags: source.flags
|
|
82
87
|
};
|
|
83
88
|
}
|
|
84
89
|
|
|
@@ -111,11 +116,16 @@ export class AstAnalyser {
|
|
|
111
116
|
data.dependencies.delete(packageName);
|
|
112
117
|
}
|
|
113
118
|
|
|
119
|
+
// Add is-minified flag if the file is minified and not a one-line require
|
|
120
|
+
if (!data.flags.has("oneline-require") && isMin) {
|
|
121
|
+
data.flags.add("is-minified");
|
|
122
|
+
}
|
|
123
|
+
|
|
114
124
|
return {
|
|
115
125
|
ok: true,
|
|
116
126
|
dependencies: data.dependencies,
|
|
117
127
|
warnings: data.warnings,
|
|
118
|
-
|
|
128
|
+
flags: data.flags
|
|
119
129
|
};
|
|
120
130
|
}
|
|
121
131
|
catch (error) {
|
|
@@ -157,11 +167,16 @@ export class AstAnalyser {
|
|
|
157
167
|
data.dependencies.delete(packageName);
|
|
158
168
|
}
|
|
159
169
|
|
|
170
|
+
// Add is-minified flag if the file is minified and not a one-line require
|
|
171
|
+
if (!data.flags.has("oneline-require") && isMin) {
|
|
172
|
+
data.flags.add("is-minified");
|
|
173
|
+
}
|
|
174
|
+
|
|
160
175
|
return {
|
|
161
176
|
ok: true,
|
|
162
177
|
dependencies: data.dependencies,
|
|
163
178
|
warnings: data.warnings,
|
|
164
|
-
|
|
179
|
+
flags: data.flags
|
|
165
180
|
};
|
|
166
181
|
}
|
|
167
182
|
catch (error) {
|
|
@@ -19,7 +19,8 @@ export class EntryFilesAnalyser {
|
|
|
19
19
|
const {
|
|
20
20
|
astAnalyzer = new AstAnalyser(),
|
|
21
21
|
loadExtensions,
|
|
22
|
-
rootPath = null
|
|
22
|
+
rootPath = null,
|
|
23
|
+
ignoreENOENT = false
|
|
23
24
|
} = options;
|
|
24
25
|
|
|
25
26
|
this.astAnalyzer = astAnalyzer;
|
|
@@ -30,6 +31,7 @@ export class EntryFilesAnalyser {
|
|
|
30
31
|
this.allowedExtensions = new Set(rawAllowedExtensions);
|
|
31
32
|
this.#rootPath = options.rootPath === null ?
|
|
32
33
|
null : fileURLToPathExtended(rootPath);
|
|
34
|
+
this.ignoreENOENT = ignoreENOENT;
|
|
33
35
|
}
|
|
34
36
|
|
|
35
37
|
async* analyse(
|
|
@@ -43,6 +45,10 @@ export class EntryFilesAnalyser {
|
|
|
43
45
|
fileURLToPathExtended(entryFile)
|
|
44
46
|
);
|
|
45
47
|
|
|
48
|
+
if (this.ignoreENOENT && !await this.#fileExists(normalizedEntryFile)) {
|
|
49
|
+
return;
|
|
50
|
+
}
|
|
51
|
+
|
|
46
52
|
yield* this.#analyseFile(
|
|
47
53
|
normalizedEntryFile,
|
|
48
54
|
this.#getRelativeFilePath(normalizedEntryFile),
|
package/src/ProbeRunner.js
CHANGED
|
@@ -12,6 +12,7 @@ import isWeakCrypto from "./probes/isWeakCrypto.js";
|
|
|
12
12
|
import isBinaryExpression from "./probes/isBinaryExpression.js";
|
|
13
13
|
import isArrayExpression from "./probes/isArrayExpression.js";
|
|
14
14
|
import isESMExport from "./probes/isESMExport.js";
|
|
15
|
+
import isFetch from "./probes/isFetch.js";
|
|
15
16
|
|
|
16
17
|
// Import Internal Dependencies
|
|
17
18
|
import { SourceFile } from "./SourceFile.js";
|
|
@@ -39,6 +40,7 @@ export class ProbeRunner {
|
|
|
39
40
|
* @type {Probe[]}
|
|
40
41
|
*/
|
|
41
42
|
static Defaults = [
|
|
43
|
+
isFetch,
|
|
42
44
|
isRequire,
|
|
43
45
|
isESMExport,
|
|
44
46
|
isUnsafeCallee,
|
package/src/SourceFile.js
CHANGED
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
// Import Third-party Dependencies
|
|
2
|
+
import { getCallExpressionIdentifier } from "@nodesecure/estree-ast-utils";
|
|
3
|
+
|
|
4
|
+
function validateNode(node) {
|
|
5
|
+
const id = getCallExpressionIdentifier(node);
|
|
6
|
+
|
|
7
|
+
return [id === "fetch"];
|
|
8
|
+
}
|
|
9
|
+
|
|
10
|
+
function main(_node, { sourceFile }) {
|
|
11
|
+
sourceFile.flags.add("fetch");
|
|
12
|
+
}
|
|
13
|
+
|
|
14
|
+
export default {
|
|
15
|
+
name: "isFetch",
|
|
16
|
+
validateNode,
|
|
17
|
+
main,
|
|
18
|
+
breakOnMatch: false
|
|
19
|
+
};
|
package/src/probes/isLiteral.js
CHANGED
|
@@ -15,7 +15,7 @@ const kNodeDeps = new Set(builtinModules);
|
|
|
15
15
|
const kShadyLinkRegExps = [
|
|
16
16
|
kMapRegexIps.regexIPv4,
|
|
17
17
|
kMapRegexIps.regexIPv6,
|
|
18
|
-
/(http[s]?:\/\/bit\.ly.*)$/,
|
|
18
|
+
/(http[s]?:\/\/(bit\.ly|ipinfo\.io|httpbin\.org).*)$/,
|
|
19
19
|
/(http[s]?:\/\/.*\.(link|xyz|tk|ml|ga|cf|gq|pw|top|club|mw|bd|ke|am|sbs|date|quest|cd|bid|cd|ws|icu|cam|uno|email|stream))$/
|
|
20
20
|
];
|
|
21
21
|
/**
|
package/src/warnings.js
CHANGED
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
// Import Internal Dependencies
|
|
2
|
-
import
|
|
2
|
+
import { toArrayLocation } from "./utils/toArrayLocation.js";
|
|
3
|
+
import { notNullOrUndefined } from "./utils/notNullOrUndefined.js";
|
|
3
4
|
|
|
4
5
|
export const warnings = Object.freeze({
|
|
5
6
|
"parsing-error": {
|
|
@@ -58,16 +59,16 @@ export function generateWarning(kind, options) {
|
|
|
58
59
|
|
|
59
60
|
if (kind === "encoded-literal") {
|
|
60
61
|
return Object.assign(
|
|
61
|
-
{ kind, value, location: [
|
|
62
|
+
{ kind, value, location: [toArrayLocation(location)], source },
|
|
62
63
|
warnings[kind]
|
|
63
64
|
);
|
|
64
65
|
}
|
|
65
66
|
|
|
66
|
-
const result = { kind, location:
|
|
67
|
-
if (
|
|
67
|
+
const result = { kind, location: toArrayLocation(location), source };
|
|
68
|
+
if (notNullOrUndefined(file)) {
|
|
68
69
|
result.file = file;
|
|
69
70
|
}
|
|
70
|
-
if (
|
|
71
|
+
if (notNullOrUndefined(value)) {
|
|
71
72
|
result.value = value;
|
|
72
73
|
}
|
|
73
74
|
|
package/types/api.d.ts
CHANGED
|
@@ -24,10 +24,16 @@ export {
|
|
|
24
24
|
Report,
|
|
25
25
|
ReportOnFile,
|
|
26
26
|
|
|
27
|
+
SourceFlags,
|
|
27
28
|
SourceLocation,
|
|
28
29
|
Dependency
|
|
29
30
|
}
|
|
30
31
|
|
|
32
|
+
type SourceFlags =
|
|
33
|
+
| "fetch"
|
|
34
|
+
| "oneline-require"
|
|
35
|
+
| "is-minified";
|
|
36
|
+
|
|
31
37
|
interface SourceLocation {
|
|
32
38
|
start: {
|
|
33
39
|
line: number;
|
|
@@ -89,16 +95,16 @@ interface Probe {
|
|
|
89
95
|
interface Report {
|
|
90
96
|
dependencies: Map<string, Dependency>;
|
|
91
97
|
warnings: Warning[];
|
|
98
|
+
flags: Set<SourceFlags>;
|
|
92
99
|
idsLengthAvg: number;
|
|
93
100
|
stringScore: number;
|
|
94
|
-
isOneLineRequire: boolean;
|
|
95
101
|
}
|
|
96
102
|
|
|
97
103
|
type ReportOnFile = {
|
|
98
104
|
ok: true,
|
|
99
105
|
warnings: Warning[];
|
|
100
106
|
dependencies: Map<string, Dependency>;
|
|
101
|
-
|
|
107
|
+
flags: Set<SourceFlags>;
|
|
102
108
|
} | {
|
|
103
109
|
ok: false,
|
|
104
110
|
warnings: Warning[];
|
|
@@ -125,6 +131,8 @@ declare class AstAnalyser {
|
|
|
125
131
|
}
|
|
126
132
|
|
|
127
133
|
declare class SourceFile {
|
|
134
|
+
flags: Set<SourceFlags>;
|
|
135
|
+
|
|
128
136
|
constructor(source: string, options: any);
|
|
129
137
|
addDependency(
|
|
130
138
|
name: string,
|
|
@@ -145,6 +153,7 @@ interface EntryFilesAnalyserOptions {
|
|
|
145
153
|
astAnalyzer?: AstAnalyser;
|
|
146
154
|
loadExtensions?: (defaults: string[]) => string[];
|
|
147
155
|
rootPath?: string | URL;
|
|
156
|
+
ignoreENOENT?: boolean;
|
|
148
157
|
}
|
|
149
158
|
|
|
150
159
|
declare class EntryFilesAnalyser {
|