@nodesecure/scanner 2.0.1 → 3.1.0

package/LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2019 Communauté JavaScript et Node.js Francophone
+Copyright (c) 2021 NodeSecure
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

package/README.md

@@ -1,94 +1,95 @@
-# NodeSecure Scanner
-![version](https://img.shields.io/badge/dynamic/json.svg?url=https://raw.githubusercontent.com/NodeSecure/scanner/master/package.json&query=$.version&label=Version)
-[![Maintenance](https://img.shields.io/badge/Maintained%3F-yes-green.svg)](https://github.com/NodeSecure/scanner/commit-activity)
-[![Security Responsible Disclosure](https://img.shields.io/badge/Security-Responsible%20Disclosure-yellow.svg)](https://github.com/nodejs/security-wg/blob/master/processes/responsible_disclosure_template.md
-)
-[![mit](https://img.shields.io/github/license/Naereen/StrapDown.js.svg)](https://github.com/NodeSecure/scanner/blob/master/LICENSE)
-![build](https://img.shields.io/github/workflow/status/NodeSecure/scanner/Node.js%20CI)
-
-⚡️ Run a static analysis of your module's dependencies.
-
-## Requirements
-
-- [Node.js](https://nodejs.org/en/) version 16 or higher
-
-## Getting Started
-
-This package is available in the Node Package Repository and can be easily installed with [npm](https://docs.npmjs.com/getting-started/what-is-npm) or [yarn](https://yarnpkg.com).
-
-```bash
-$ npm i @nodesecure/scanner
-# or
-$ yarn add @nodesecure/scanner
-```
-
-## Usage example
-
-```js
-import * as scanner from "@nodesecure/scanner";
-import fs from "fs/promises";
-
-// CONSTANTS
-const kPackagesToAnalyze = ["mocha", "cacache", "is-wsl"];
-
-const payloads = await Promise.all(
-  kPackagesToAnalyze.map((name) => scanner.from(name))
-);
-
-const promises = [];
-for (let i = 0; i < kPackagesToAnalyze.length; i++) {
-  const data = JSON.stringify(payloads[i], null, 2);
-
-  promises.push(fs.writeFile(`${kPackagesToAnalyze[i]}.json`, data));
-}
-await Promise.allSettled(promises);
-```
-
-## API
-
-See `types/api.d.ts` for a complete TypeScript definition.
-
-```ts
-function cwd(path: string, options?: Scanner.Options): Promise<Scanner.Payload>;
-function from(packageName: string, options?: Scanner.Options): Promise<Scanner.Payload>;
-function verify(packageName: string): Promise<Scanner.VerifyPayload>;
-```
-
-`Options` is described with the following TypeScript interface:
-
-```ts
-interface Options {
-  readonly maxDepth?: number;
-  readonly usePackageLock?: boolean;
-  readonly vulnerabilityStrategy: Strategy.Kind;
-  readonly forceRootAnalysis?: boolean;
-  readonly fullLockMode?: boolean;
-}
-```
-
-## Contributors ✨
-
-<!-- ALL-CONTRIBUTORS-BADGE:START - Do not remove or modify this section -->
-[![All Contributors](https://img.shields.io/badge/all_contributors-3-orange.svg?style=flat-square)](#contributors-)
-<!-- ALL-CONTRIBUTORS-BADGE:END -->
-
-Thanks goes to these wonderful people ([emoji key](https://allcontributors.org/docs/en/emoji-key)):
-
-<!-- ALL-CONTRIBUTORS-LIST:START - Do not remove or modify this section -->
-<!-- prettier-ignore-start -->
-<!-- markdownlint-disable -->
-<table>
-  <tr>
-    <td align="center"><a href="https://www.linkedin.com/in/thomas-gentilhomme/"><img src="https://avatars.githubusercontent.com/u/4438263?v=4?s=100" width="100px;" alt=""/><br /><sub><b>Gentilhomme</b></sub></a><br /><a href="https://github.com/NodeSecure/scanner/commits?author=fraxken" title="Code">💻</a> <a href="https://github.com/NodeSecure/scanner/commits?author=fraxken" title="Documentation">📖</a> <a href="https://github.com/NodeSecure/scanner/pulls?q=is%3Apr+reviewed-by%3Afraxken" title="Reviewed Pull Requests">👀</a> <a href="#security-fraxken" title="Security">🛡️</a> <a href="https://github.com/NodeSecure/scanner/issues?q=author%3Afraxken" title="Bug reports">🐛</a></td>
-    <td align="center"><a href="http://tonygo.dev"><img src="https://avatars.githubusercontent.com/u/22824417?v=4?s=100" width="100px;" alt=""/><br /><sub><b>Tony Gorez</b></sub></a><br /><a href="https://github.com/NodeSecure/scanner/commits?author=tony-go" title="Code">💻</a> <a href="https://github.com/NodeSecure/scanner/commits?author=tony-go" title="Documentation">📖</a> <a href="https://github.com/NodeSecure/scanner/pulls?q=is%3Apr+reviewed-by%3Atony-go" title="Reviewed Pull Requests">👀</a> <a href="https://github.com/NodeSecure/scanner/issues?q=author%3Atony-go" title="Bug reports">🐛</a></td>
-    <td align="center"><a href="https://mickaelcroquet.fr"><img src="https://avatars.githubusercontent.com/u/23740372?v=4?s=100" width="100px;" alt=""/><br /><sub><b>Haze</b></sub></a><br /><a href="https://github.com/NodeSecure/scanner/commits?author=CroquetMickael" title="Code">💻</a></td>
-  </tr>
-</table>
-
-<!-- markdownlint-restore -->
-<!-- prettier-ignore-end -->
-
-<!-- ALL-CONTRIBUTORS-LIST:END -->
-
-## License
-MIT
+# NodeSecure Scanner
+![version](https://img.shields.io/badge/dynamic/json.svg?url=https://raw.githubusercontent.com/NodeSecure/scanner/master/package.json&query=$.version&label=Version)
+[![Maintenance](https://img.shields.io/badge/Maintained%3F-yes-green.svg)](https://github.com/NodeSecure/scanner/commit-activity)
+[![Security Responsible Disclosure](https://img.shields.io/badge/Security-Responsible%20Disclosure-yellow.svg)](https://github.com/nodejs/security-wg/blob/master/processes/responsible_disclosure_template.md
+)
+[![mit](https://img.shields.io/github/license/Naereen/StrapDown.js.svg)](https://github.com/NodeSecure/scanner/blob/master/LICENSE)
+![build](https://img.shields.io/github/workflow/status/NodeSecure/scanner/Node.js%20CI)
+
+⚡️ Run a static analysis of your module's dependencies.
+
+## Requirements
+
+- [Node.js](https://nodejs.org/en/) version 16 or higher
+
+## Getting Started
+
+This package is available in the Node Package Repository and can be easily installed with [npm](https://docs.npmjs.com/getting-started/what-is-npm) or [yarn](https://yarnpkg.com).
+
+```bash
+$ npm i @nodesecure/scanner
+# or
+$ yarn add @nodesecure/scanner
+```
+
+## Usage example
+
+```js
+import * as scanner from "@nodesecure/scanner";
+import fs from "fs/promises";
+
+// CONSTANTS
+const kPackagesToAnalyze = ["mocha", "cacache", "is-wsl"];
+
+const payloads = await Promise.all(
+  kPackagesToAnalyze.map((name) => scanner.from(name))
+);
+
+const promises = [];
+for (let i = 0; i < kPackagesToAnalyze.length; i++) {
+  const data = JSON.stringify(payloads[i], null, 2);
+
+  promises.push(fs.writeFile(`${kPackagesToAnalyze[i]}.json`, data));
+}
+await Promise.allSettled(promises);
+```
+
+## API
+
+See `types/api.d.ts` for a complete TypeScript definition.
+
+```ts
+function cwd(path: string, options?: Scanner.Options): Promise<Scanner.Payload>;
+function from(packageName: string, options?: Scanner.Options): Promise<Scanner.Payload>;
+function verify(packageName: string): Promise<Scanner.VerifyPayload>;
+```
+
+`Options` is described with the following TypeScript interface:
+
+```ts
+interface Options {
+  readonly maxDepth?: number;
+  readonly usePackageLock?: boolean;
+  readonly vulnerabilityStrategy: Strategy.Kind;
+  readonly forceRootAnalysis?: boolean;
+  readonly fullLockMode?: boolean;
+}
+```
+
+## Contributors ✨
+
+<!-- ALL-CONTRIBUTORS-BADGE:START - Do not remove or modify this section -->
+[![All Contributors](https://img.shields.io/badge/all_contributors-4-orange.svg?style=flat-square)](#contributors-)
+<!-- ALL-CONTRIBUTORS-BADGE:END -->
+
+Thanks goes to these wonderful people ([emoji key](https://allcontributors.org/docs/en/emoji-key)):
+
+<!-- ALL-CONTRIBUTORS-LIST:START - Do not remove or modify this section -->
+<!-- prettier-ignore-start -->
+<!-- markdownlint-disable -->
+<table>
+  <tr>
+    <td align="center"><a href="https://www.linkedin.com/in/thomas-gentilhomme/"><img src="https://avatars.githubusercontent.com/u/4438263?v=4?s=100" width="100px;" alt=""/><br /><sub><b>Gentilhomme</b></sub></a><br /><a href="https://github.com/NodeSecure/scanner/commits?author=fraxken" title="Code">💻</a> <a href="https://github.com/NodeSecure/scanner/commits?author=fraxken" title="Documentation">📖</a> <a href="https://github.com/NodeSecure/scanner/pulls?q=is%3Apr+reviewed-by%3Afraxken" title="Reviewed Pull Requests">👀</a> <a href="#security-fraxken" title="Security">🛡️</a> <a href="https://github.com/NodeSecure/scanner/issues?q=author%3Afraxken" title="Bug reports">🐛</a></td>
+    <td align="center"><a href="http://tonygo.dev"><img src="https://avatars.githubusercontent.com/u/22824417?v=4?s=100" width="100px;" alt=""/><br /><sub><b>Tony Gorez</b></sub></a><br /><a href="https://github.com/NodeSecure/scanner/commits?author=tony-go" title="Code">💻</a> <a href="https://github.com/NodeSecure/scanner/commits?author=tony-go" title="Documentation">📖</a> <a href="https://github.com/NodeSecure/scanner/pulls?q=is%3Apr+reviewed-by%3Atony-go" title="Reviewed Pull Requests">👀</a> <a href="https://github.com/NodeSecure/scanner/issues?q=author%3Atony-go" title="Bug reports">🐛</a></td>
+    <td align="center"><a href="https://mickaelcroquet.fr"><img src="https://avatars.githubusercontent.com/u/23740372?v=4?s=100" width="100px;" alt=""/><br /><sub><b>Haze</b></sub></a><br /><a href="https://github.com/NodeSecure/scanner/commits?author=CroquetMickael" title="Code">💻</a></td>
+    <td align="center"><a href="https://github.com/mbalabash"><img src="https://avatars.githubusercontent.com/u/16868922?v=4?s=100" width="100px;" alt=""/><br /><sub><b>Maksim Balabash</b></sub></a><br /><a href="https://github.com/NodeSecure/scanner/commits?author=mbalabash" title="Code">💻</a></td>
+  </tr>
+</table>
+
+<!-- markdownlint-restore -->
+<!-- prettier-ignore-end -->
+
+<!-- ALL-CONTRIBUTORS-LIST:END -->
+
+## License
+MIT

package/index.d.ts

@@ -1,11 +1,11 @@
 import Scanner from "./types/scanner";
-import { cwd, from, verify } from "./types/api";
+import { cwd, from, verify, ScannerLoggerEvents } from "./types/api";
 import { depWalker } from "./types/walker";
 import { Logger, LoggerEventData } from "./types/logger";
 import tarball from "./types/tarball";
 
 export {
-  cwd, from, verify,
+  cwd, from, verify, ScannerLoggerEvents,
   Scanner,
   Logger,
   LoggerEventData,

package/index.js

@@ -10,8 +10,9 @@ import { getLocalRegistryURL } from "@nodesecure/npm-registry-sdk";
 
 // Import Internal Dependencies
 import { depWalker } from "./src/depWalker.js";
-import { constants } from "./src/utils/index.js";
-import Logger from "./src/logger.class.js";
+import { NPM_TOKEN } from "./src/utils/index.js";
+import { ScannerLoggerEvents } from "./src/constants.js";
+import Logger from "./src/class/logger.class.js";
 import * as tarball from "./src/tarball.js";
 
 // CONSTANTS
@@ -20,20 +21,20 @@ const kDefaultCwdOptions = { forceRootAnalysis: true, usePackageLock: true };
 export async function cwd(cwd = process.cwd(), options = {}, logger = new Logger()) {
   const finalizedOptions = Object.assign({}, kDefaultCwdOptions, options);
 
-  logger.start("readManifest");
+  logger.start(ScannerLoggerEvents.manifest.read);
   const packagePath = path.join(cwd, "package.json");
   const str = await fs.readFile(packagePath, "utf-8");
-  logger.end("readManifest");
+  logger.end(ScannerLoggerEvents.manifest.read);
 
   return depWalker(JSON.parse(str), finalizedOptions, logger);
 }
 
 export async function from(packageName, options, logger = new Logger()) {
-  logger.start("fetchManifest");
+  logger.start(ScannerLoggerEvents.manifest.fetch);
   const manifest = await pacote.manifest(packageName, {
-    ...constants.NPM_TOKEN, registry: getLocalRegistryURL(), cache: `${os.homedir()}/.npm`
+    ...NPM_TOKEN, registry: getLocalRegistryURL(), cache: `${os.homedir()}/.npm`
   });
-  logger.end("fetchManifest");
+  logger.end(ScannerLoggerEvents.manifest.fetch);
 
   return depWalker(manifest, options, logger);
 }
@@ -48,7 +49,7 @@ export async function verify(packageName = null) {
 
   try {
     await pacote.extract(packageName, dest, {
-      ...constants.NPM_TOKEN, registry: getLocalRegistryURL(), cache: `${os.homedir()}/.npm`
+      ...NPM_TOKEN, registry: getLocalRegistryURL(), cache: `${os.homedir()}/.npm`
     });
 
     return await tarball.scanPackage(dest, packageName);
@@ -59,4 +60,4 @@ export async function verify(packageName = null) {
   }
 }
 
-export { depWalker, tarball, Logger };
+export { depWalker, tarball, Logger, ScannerLoggerEvents };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nodesecure/scanner",
-  "version": "2.0.1",
+  "version": "3.1.0",
   "description": "A package API to run a static analysis of your module's dependencies.",
   "exports": "./index.js",
   "engines": {
@@ -10,7 +10,8 @@
     "lint": "eslint src test",
     "prepublishOnly": "pkg-ok",
     "test": "npm run lint && npm run test-only",
-    "test-only": "cross-env NODE_OPTIONS=--experimental-vm-modules jest"
+    "test-only": "cross-env esm-tape-runner 'test/**/*.spec.js' | tap-monkey",
+    "coverage": "c8 -r html npm run test-only"
   },
   "files": [
     "src",
@@ -46,54 +47,36 @@
     "url": "https://github.com/NodeSecure/scanner/issues"
   },
   "homepage": "https://github.com/NodeSecure/scanner#readme",
-  "jest": {
-    "setupFilesAfterEnv": [
-      "./jest.setup.js"
-    ],
-    "collectCoverage": true,
-    "collectCoverageFrom": [
-      "**/src/**/*.js"
-    ],
-    "testEnvironment": "node",
-    "testMatch": [
-      "**/test/**/*.js"
-    ],
-    "testPathIgnorePatterns": [
-      "/test/fixtures/"
-    ],
-    "moduleNameMapper": {
-      "^@nodesecure/npm-registry-sdk$": "@nodesecure/npm-registry-sdk/dist/index.js",
-      "^@nodesecure/sec-literal$": "@nodesecure/sec-literal/src/index.js",
-      "^estree-walker$": "estree-walker/src/index.js"
-    }
-  },
   "devDependencies": {
     "@nodesecure/eslint-config": "^1.3.0",
     "@slimio/is": "^1.5.1",
-    "@types/jest": "^27.0.2",
-    "@types/node": "^16.11.6",
+    "@small-tech/esm-tape-runner": "^1.0.3",
+    "@small-tech/tap-monkey": "^1.3.0",
+    "@types/node": "^16.11.10",
+    "c8": "^7.10.0",
     "cross-env": "^7.0.3",
     "dotenv": "^10.0.0",
-    "eslint": "^8.1.0",
+    "eslint": "^8.3.0",
     "get-folder-size": "^3.1.0",
-    "jest": "^27.3.1",
-    "pkg-ok": "^2.3.1"
+    "pkg-ok": "^2.3.1",
+    "sinon": "^12.0.1",
+    "snap-shot-core": "^10.2.4",
+    "tape": "^5.3.2"
   },
   "dependencies": {
-    "@nodesecure/flags": "^1.2.0",
+    "@nodesecure/flags": "^2.2.0",
     "@nodesecure/fs-walk": "^1.0.0",
-    "@nodesecure/i18n": "^1.2.0",
-    "@nodesecure/js-x-ray": "^4.0.1",
+    "@nodesecure/i18n": "^1.2.1",
+    "@nodesecure/js-x-ray": "^4.2.0",
     "@nodesecure/npm-registry-sdk": "^1.3.0",
-    "@nodesecure/ntlp": "^2.0.0",
+    "@nodesecure/ntlp": "^2.1.0",
     "@nodesecure/utils": "^1.0.0",
-    "@nodesecure/vuln": "^1.4.0",
+    "@nodesecure/vuln": "^1.4.1",
     "@npm/types": "^1.0.1",
-    "@npmcli/arborist": "^4.0.3",
+    "@npmcli/arborist": "^4.1.0",
     "@slimio/lock": "^1.0.0",
     "builtins": "^4.0.0",
-    "combine-async-iterators": "^2.0.0",
-    "is-minified-code": "^2.0.0",
+    "combine-async-iterators": "^2.0.1",
     "itertools": "^1.7.1",
     "lodash.difference": "^4.5.0",
     "pacote": "^12.0.2",

package/src/{dependency.class.js → class/dependency.class.js}

@@ -56,28 +56,29 @@ export default class Dependency {
     }
 
     return {
-      [this.version]: {
-        id: typeof customId === "number" ? customId : Dependency.currentId++,
-        usedBy: this.parent,
-        flags: this.flags,
-        description: "",
-        size: 0,
-        author: {},
-        warnings: this.warnings,
-        composition: {
-          extensions: [],
-          files: [],
-          minified: [],
-          unused: [],
-          missing: [],
-          required_files: [],
-          required_nodejs: [],
-          required_thirdparty: []
-        },
-        license: "unkown license",
-        gitUrl: this.gitUrl
+      versions: {
+        [this.version]: {
+          id: typeof customId === "number" ? customId : Dependency.currentId++,
+          usedBy: this.parent,
+          flags: this.flags,
+          description: "",
+          size: 0,
+          author: {},
+          warnings: this.warnings,
+          composition: {
+            extensions: [],
+            files: [],
+            minified: [],
+            unused: [],
+            missing: [],
+            required_files: [],
+            required_nodejs: [],
+            required_thirdparty: []
+          },
+          license: "unkown license",
+          gitUrl: this.gitUrl
+        }
       },
-      versions: [this.version],
       vulnerabilities: [],
       metadata: {
         dependencyCount: this.dependencyCount,

package/src/constants.js

@@ -0,0 +1,13 @@
+
+export const ScannerLoggerEvents = {
+  done: "depWalkerFinished",
+  analysis: {
+    tree: "walkTree",
+    tarball: "tarball",
+    registry: "registry"
+  },
+  manifest: {
+    read: "readManifest",
+    fetch: "fetchManifest"
+  }
+};