npm - @nodesecure/scanner - Versions diffs - 3.1.0 → 3.1.1-rc.0 - Mend

@nodesecure/scanner 3.1.0 → 3.1.1-rc.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/README.md +95 -95
package/package.json +1 -1
package/src/depWalker.js +2 -2
package/src/utils/index.js +16 -16
package/src/utils/isGitDependency.js +20 -20
package/src/utils/mergeDependencies.js +26 -26
package/types/scanner.d.ts +1 -1

package/README.md CHANGED Viewed

@@ -1,95 +1,95 @@
-# NodeSecure Scanner
-![version](https://img.shields.io/badge/dynamic/json.svg?url=https://raw.githubusercontent.com/NodeSecure/scanner/master/package.json&query=$.version&label=Version)
-[![Maintenance](https://img.shields.io/badge/Maintained%3F-yes-green.svg)](https://github.com/NodeSecure/scanner/commit-activity)
-[![Security Responsible Disclosure](https://img.shields.io/badge/Security-Responsible%20Disclosure-yellow.svg)](https://github.com/nodejs/security-wg/blob/master/processes/responsible_disclosure_template.md
-)
-[![mit](https://img.shields.io/github/license/Naereen/StrapDown.js.svg)](https://github.com/NodeSecure/scanner/blob/master/LICENSE)
-![build](https://img.shields.io/github/workflow/status/NodeSecure/scanner/Node.js%20CI)
-⚡️ Run a static analysis of your module's dependencies.
-## Requirements
-- [Node.js](https://nodejs.org/en/) version 16 or higher
-## Getting Started
-This package is available in the Node Package Repository and can be easily installed with [npm](https://docs.npmjs.com/getting-started/what-is-npm) or [yarn](https://yarnpkg.com).
-```bash
-$ npm i @nodesecure/scanner
-# or
-$ yarn add @nodesecure/scanner
-```
-## Usage example
-```js
-import * as scanner from "@nodesecure/scanner";
-import fs from "fs/promises";
-// CONSTANTS
-const kPackagesToAnalyze = ["mocha", "cacache", "is-wsl"];
-const payloads = await Promise.all(
-  kPackagesToAnalyze.map((name) => scanner.from(name))
-);
-const promises = [];
-for (let i = 0; i < kPackagesToAnalyze.length; i++) {
-  const data = JSON.stringify(payloads[i], null, 2);
-  promises.push(fs.writeFile(`${kPackagesToAnalyze[i]}.json`, data));
-}
-await Promise.allSettled(promises);
-```
-## API
-See `types/api.d.ts` for a complete TypeScript definition.
-```ts
-function cwd(path: string, options?: Scanner.Options): Promise<Scanner.Payload>;
-function from(packageName: string, options?: Scanner.Options): Promise<Scanner.Payload>;
-function verify(packageName: string): Promise<Scanner.VerifyPayload>;
-```
-`Options` is described with the following TypeScript interface:
-```ts
-interface Options {
-  readonly maxDepth?: number;
-  readonly usePackageLock?: boolean;
-  readonly vulnerabilityStrategy: Strategy.Kind;
-  readonly forceRootAnalysis?: boolean;
-  readonly fullLockMode?: boolean;
-}
-```
-## Contributors ✨
-<!-- ALL-CONTRIBUTORS-BADGE:START - Do not remove or modify this section -->
-[![All Contributors](https://img.shields.io/badge/all_contributors-4-orange.svg?style=flat-square)](#contributors-)
-<!-- ALL-CONTRIBUTORS-BADGE:END -->
-Thanks goes to these wonderful people ([emoji key](https://allcontributors.org/docs/en/emoji-key)):
-<!-- ALL-CONTRIBUTORS-LIST:START - Do not remove or modify this section -->
-<!-- prettier-ignore-start -->
-<!-- markdownlint-disable -->
-<table>
-  <tr>
-    <td align="center"><a href="https://www.linkedin.com/in/thomas-gentilhomme/"><img src="https://avatars.githubusercontent.com/u/4438263?v=4?s=100" width="100px;" alt=""/><br /><sub><b>Gentilhomme</b></sub></a><br /><a href="https://github.com/NodeSecure/scanner/commits?author=fraxken" title="Code">💻</a> <a href="https://github.com/NodeSecure/scanner/commits?author=fraxken" title="Documentation">📖</a> <a href="https://github.com/NodeSecure/scanner/pulls?q=is%3Apr+reviewed-by%3Afraxken" title="Reviewed Pull Requests">👀</a> <a href="#security-fraxken" title="Security">🛡️</a> <a href="https://github.com/NodeSecure/scanner/issues?q=author%3Afraxken" title="Bug reports">🐛</a></td>
-    <td align="center"><a href="http://tonygo.dev"><img src="https://avatars.githubusercontent.com/u/22824417?v=4?s=100" width="100px;" alt=""/><br /><sub><b>Tony Gorez</b></sub></a><br /><a href="https://github.com/NodeSecure/scanner/commits?author=tony-go" title="Code">💻</a> <a href="https://github.com/NodeSecure/scanner/commits?author=tony-go" title="Documentation">📖</a> <a href="https://github.com/NodeSecure/scanner/pulls?q=is%3Apr+reviewed-by%3Atony-go" title="Reviewed Pull Requests">👀</a> <a href="https://github.com/NodeSecure/scanner/issues?q=author%3Atony-go" title="Bug reports">🐛</a></td>
-    <td align="center"><a href="https://mickaelcroquet.fr"><img src="https://avatars.githubusercontent.com/u/23740372?v=4?s=100" width="100px;" alt=""/><br /><sub><b>Haze</b></sub></a><br /><a href="https://github.com/NodeSecure/scanner/commits?author=CroquetMickael" title="Code">💻</a></td>
-    <td align="center"><a href="https://github.com/mbalabash"><img src="https://avatars.githubusercontent.com/u/16868922?v=4?s=100" width="100px;" alt=""/><br /><sub><b>Maksim Balabash</b></sub></a><br /><a href="https://github.com/NodeSecure/scanner/commits?author=mbalabash" title="Code">💻</a></td>
-  </tr>
-</table>
-<!-- markdownlint-restore -->
-<!-- prettier-ignore-end -->
-<!-- ALL-CONTRIBUTORS-LIST:END -->
-## License
-MIT
+# NodeSecure Scanner
+![version](https://img.shields.io/badge/dynamic/json.svg?url=https://raw.githubusercontent.com/NodeSecure/scanner/master/package.json&query=$.version&label=Version)
+[![Maintenance](https://img.shields.io/badge/Maintained%3F-yes-green.svg)](https://github.com/NodeSecure/scanner/commit-activity)
+[![Security Responsible Disclosure](https://img.shields.io/badge/Security-Responsible%20Disclosure-yellow.svg)](https://github.com/nodejs/security-wg/blob/master/processes/responsible_disclosure_template.md
+)
+[![mit](https://img.shields.io/github/license/Naereen/StrapDown.js.svg)](https://github.com/NodeSecure/scanner/blob/master/LICENSE)
+![build](https://img.shields.io/github/workflow/status/NodeSecure/scanner/Node.js%20CI)
+⚡️ Run a static analysis of your module's dependencies.
+## Requirements
+- [Node.js](https://nodejs.org/en/) version 16 or higher
+## Getting Started
+This package is available in the Node Package Repository and can be easily installed with [npm](https://docs.npmjs.com/getting-started/what-is-npm) or [yarn](https://yarnpkg.com).
+```bash
+$ npm i @nodesecure/scanner
+# or
+$ yarn add @nodesecure/scanner
+```
+## Usage example
+```js
+import * as scanner from "@nodesecure/scanner";
+import fs from "fs/promises";
+// CONSTANTS
+const kPackagesToAnalyze = ["mocha", "cacache", "is-wsl"];
+const payloads = await Promise.all(
+  kPackagesToAnalyze.map((name) => scanner.from(name))
+);
+const promises = [];
+for (let i = 0; i < kPackagesToAnalyze.length; i++) {
+  const data = JSON.stringify(payloads[i], null, 2);
+  promises.push(fs.writeFile(`${kPackagesToAnalyze[i]}.json`, data));
+}
+await Promise.allSettled(promises);
+```
+## API
+See `types/api.d.ts` for a complete TypeScript definition.
+```ts
+function cwd(path: string, options?: Scanner.Options): Promise<Scanner.Payload>;
+function from(packageName: string, options?: Scanner.Options): Promise<Scanner.Payload>;
+function verify(packageName: string): Promise<Scanner.VerifyPayload>;
+```
+`Options` is described with the following TypeScript interface:
+```ts
+interface Options {
+  readonly maxDepth?: number;
+  readonly usePackageLock?: boolean;
+  readonly vulnerabilityStrategy: Strategy.Kind;
+  readonly forceRootAnalysis?: boolean;
+  readonly fullLockMode?: boolean;
+}
+```
+## Contributors ✨
+<!-- ALL-CONTRIBUTORS-BADGE:START - Do not remove or modify this section -->
+[![All Contributors](https://img.shields.io/badge/all_contributors-4-orange.svg?style=flat-square)](#contributors-)
+<!-- ALL-CONTRIBUTORS-BADGE:END -->
+Thanks goes to these wonderful people ([emoji key](https://allcontributors.org/docs/en/emoji-key)):
+<!-- ALL-CONTRIBUTORS-LIST:START - Do not remove or modify this section -->
+<!-- prettier-ignore-start -->
+<!-- markdownlint-disable -->
+<table>
+  <tr>
+    <td align="center"><a href="https://www.linkedin.com/in/thomas-gentilhomme/"><img src="https://avatars.githubusercontent.com/u/4438263?v=4?s=100" width="100px;" alt=""/><br /><sub><b>Gentilhomme</b></sub></a><br /><a href="https://github.com/NodeSecure/scanner/commits?author=fraxken" title="Code">💻</a> <a href="https://github.com/NodeSecure/scanner/commits?author=fraxken" title="Documentation">📖</a> <a href="https://github.com/NodeSecure/scanner/pulls?q=is%3Apr+reviewed-by%3Afraxken" title="Reviewed Pull Requests">👀</a> <a href="#security-fraxken" title="Security">🛡️</a> <a href="https://github.com/NodeSecure/scanner/issues?q=author%3Afraxken" title="Bug reports">🐛</a></td>
+    <td align="center"><a href="http://tonygo.dev"><img src="https://avatars.githubusercontent.com/u/22824417?v=4?s=100" width="100px;" alt=""/><br /><sub><b>Tony Gorez</b></sub></a><br /><a href="https://github.com/NodeSecure/scanner/commits?author=tony-go" title="Code">💻</a> <a href="https://github.com/NodeSecure/scanner/commits?author=tony-go" title="Documentation">📖</a> <a href="https://github.com/NodeSecure/scanner/pulls?q=is%3Apr+reviewed-by%3Atony-go" title="Reviewed Pull Requests">👀</a> <a href="https://github.com/NodeSecure/scanner/issues?q=author%3Atony-go" title="Bug reports">🐛</a></td>
+    <td align="center"><a href="https://mickaelcroquet.fr"><img src="https://avatars.githubusercontent.com/u/23740372?v=4?s=100" width="100px;" alt=""/><br /><sub><b>Haze</b></sub></a><br /><a href="https://github.com/NodeSecure/scanner/commits?author=CroquetMickael" title="Code">💻</a></td>
+    <td align="center"><a href="https://github.com/mbalabash"><img src="https://avatars.githubusercontent.com/u/16868922?v=4?s=100" width="100px;" alt=""/><br /><sub><b>Maksim Balabash</b></sub></a><br /><a href="https://github.com/NodeSecure/scanner/commits?author=mbalabash" title="Code">💻</a></td>
+  </tr>
+</table>
+<!-- markdownlint-restore -->
+<!-- prettier-ignore-end -->
+<!-- ALL-CONTRIBUTORS-LIST:END -->
+## License
+MIT

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@nodesecure/scanner",
-  "version": "3.1.0",
+  "version": "3.1.1-rc.0",
   "description": "A package API to run a static analysis of your module's dependencies.",
   "exports": "./index.js",
   "engines": {

package/src/depWalker.js CHANGED Viewed

@@ -184,8 +184,8 @@ export async function depWalker(manifest, options = {}, logger = new Logger()) {
   const payload = {
     id: tmpLocation.slice(-6),
-    rootDepencyName: manifest.name,
-    version: packageVersion,
+    rootDependencyName: manifest.name,
+    scannerVersion: packageVersion,
     vulnerabilityStrategy,
     warnings: []
   };

package/src/utils/index.js CHANGED Viewed

@@ -1,16 +1,16 @@
-export * from "./getTarballComposition.js";
-export * from "./isSensitiveFile.js";
-export * from "./isGitDependency.js";
-export * from "./getPackageName.js";
-export * from "./mergeDependencies.js";
-export * from "./semver.js";
-export * from "./dirname.js";
-export * from "./warnings.js";
-export * from "./filterDependencyKind.js";
-export * from "./analyzeDependencies.js";
-export * from "./booleanToFlags.js";
-export * from "./addMissingVersionFlags.js";
-export const NPM_TOKEN = typeof process.env.NODE_SECURE_TOKEN === "string" ?
-  { token: process.env.NODE_SECURE_TOKEN } :
-  {};
+export * from "./getTarballComposition.js";
+export * from "./isSensitiveFile.js";
+export * from "./isGitDependency.js";
+export * from "./getPackageName.js";
+export * from "./mergeDependencies.js";
+export * from "./semver.js";
+export * from "./dirname.js";
+export * from "./warnings.js";
+export * from "./filterDependencyKind.js";
+export * from "./analyzeDependencies.js";
+export * from "./booleanToFlags.js";
+export * from "./addMissingVersionFlags.js";
+export const NPM_TOKEN = typeof process.env.NODE_SECURE_TOKEN === "string" ?
+  { token: process.env.NODE_SECURE_TOKEN } :
+  {};

package/src/utils/isGitDependency.js CHANGED Viewed

@@ -1,20 +1,20 @@
-const kGitVersionVariants = ["git:", "git+", "github:"];
-/**
- * @example isGitDependency("github:NodeSecure/scanner") // => true
- * @example isGitDependency("git+ssh://git@github.com:npm/cli#semver:^5.0") // => true
- * @example isGitDependency(">=1.0.2 <2.1.2") // => false
- * @example isGitDependency("http://asdf.com/asdf.tar.gz") // => false
- * @param {string} version
- * @returns {boolean}
- */
-export function isGitDependency(version) {
-  for (const variant of kGitVersionVariants) {
-    if (version.startsWith(variant)) {
-      return true;
-    }
-  }
-  return false;
-}
+const kGitVersionVariants = ["git:", "git+", "github:"];
+/**
+ * @example isGitDependency("github:NodeSecure/scanner") // => true
+ * @example isGitDependency("git+ssh://git@github.com:npm/cli#semver:^5.0") // => true
+ * @example isGitDependency(">=1.0.2 <2.1.2") // => false
+ * @example isGitDependency("http://asdf.com/asdf.tar.gz") // => false
+ * @param {string} version
+ * @returns {boolean}
+ */
+export function isGitDependency(version) {
+  for (const variant of kGitVersionVariants) {
+    if (version.startsWith(variant)) {
+      return true;
+    }
+  }
+  return false;
+}

package/src/utils/mergeDependencies.js CHANGED Viewed

@@ -1,26 +1,26 @@
-export function mergeDependencies(manifest, types = ["dependencies"]) {
-  const dependencies = new Map();
-  const customResolvers = new Map();
-  for (const fieldName of types) {
-    if (!Reflect.has(manifest, fieldName)) {
-      continue;
-    }
-    const dep = manifest[fieldName];
-    for (const [name, version] of Object.entries(dep)) {
-      /**
-       * Version can be file:, github:, git:, git+, ./...
-       * @see https://docs.npmjs.com/cli/v7/configuring-npm/package-json#dependencies
-       */
-      if (/^([a-zA-Z]+:|git\+|\.\\)/.test(version)) {
-        customResolvers.set(name, version);
-        continue;
-      }
-      dependencies.set(name, version);
-    }
-  }
-  return { dependencies, customResolvers };
-}
+export function mergeDependencies(manifest, types = ["dependencies"]) {
+  const dependencies = new Map();
+  const customResolvers = new Map();
+  for (const fieldName of types) {
+    if (!Reflect.has(manifest, fieldName)) {
+      continue;
+    }
+    const dep = manifest[fieldName];
+    for (const [name, version] of Object.entries(dep)) {
+      /**
+       * Version can be file:, github:, git:, git+, ./...
+       * @see https://docs.npmjs.com/cli/v7/configuring-npm/package-json#dependencies
+       */
+      if (/^([a-zA-Z]+:|git\+|\.\\)/.test(version)) {
+        customResolvers.set(name, version);
+        continue;
+      }
+      dependencies.set(name, version);
+    }
+  }
+  return { dependencies, customResolvers };
+}

package/types/scanner.d.ts CHANGED Viewed

@@ -128,7 +128,7 @@ declare namespace Scanner {
     /** All the dependencies of the package (flattened) */
     dependencies: Dependencies;
     /** Version of the scanner used to generate the result */
-    version: string;
+    scannerVersion: string;
     /** Vulnerability strategy name (npm, snyk, node) */
     vulnerabilityStrategy: Vuln.Strategy.Kind;
   }