@nodesecure/scanner 3.5.0 → 3.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +3 -3
- package/src/class/dependency.class.js +3 -0
- package/src/manifest.js +5 -0
- package/src/tarball.js +5 -3
- package/types/scanner.d.ts +9 -0
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@nodesecure/scanner",
|
|
3
|
-
"version": "3.
|
|
3
|
+
"version": "3.6.0",
|
|
4
4
|
"description": "A package API to run a static analysis of your module's dependencies.",
|
|
5
5
|
"exports": "./index.js",
|
|
6
6
|
"engines": {
|
|
@@ -64,10 +64,10 @@
|
|
|
64
64
|
"tape": "^5.5.3"
|
|
65
65
|
},
|
|
66
66
|
"dependencies": {
|
|
67
|
-
"@nodesecure/flags": "^2.
|
|
67
|
+
"@nodesecure/flags": "^2.3.0",
|
|
68
68
|
"@nodesecure/fs-walk": "^1.0.0",
|
|
69
69
|
"@nodesecure/i18n": "^1.3.0",
|
|
70
|
-
"@nodesecure/js-x-ray": "^4.
|
|
70
|
+
"@nodesecure/js-x-ray": "^4.5.0",
|
|
71
71
|
"@nodesecure/npm-registry-sdk": "^1.3.0",
|
|
72
72
|
"@nodesecure/ntlp": "^2.1.0",
|
|
73
73
|
"@nodesecure/utils": "^1.0.0",
|
package/src/manifest.js
CHANGED
|
@@ -37,6 +37,8 @@ export async function readAnalyze(location) {
|
|
|
37
37
|
const {
|
|
38
38
|
description = "", author = {}, scripts = {},
|
|
39
39
|
dependencies = {}, devDependencies = {}, gypfile = false,
|
|
40
|
+
engines = {},
|
|
41
|
+
repository = {},
|
|
40
42
|
imports = {}
|
|
41
43
|
} = await read(location);
|
|
42
44
|
|
|
@@ -48,6 +50,9 @@ export async function readAnalyze(location) {
|
|
|
48
50
|
return {
|
|
49
51
|
author: typeof author === "string" ? parseManifestAuthor(author) : author,
|
|
50
52
|
description,
|
|
53
|
+
engines,
|
|
54
|
+
repository,
|
|
55
|
+
scripts,
|
|
51
56
|
hasScript: Object.keys(scripts)
|
|
52
57
|
.some((value) => kUnsafeNpmScripts.has(value.toLowerCase())),
|
|
53
58
|
packageDeps,
|
package/src/tarball.js
CHANGED
|
@@ -66,10 +66,12 @@ export async function scanDirOrArchive(name, version, options) {
|
|
|
66
66
|
|
|
67
67
|
// Read the package.json at the root of the directory or archive.
|
|
68
68
|
const {
|
|
69
|
-
packageDeps,
|
|
69
|
+
packageDeps,
|
|
70
|
+
packageDevDeps,
|
|
71
|
+
author, description, hasScript, hasNativeElements, nodejs,
|
|
72
|
+
engines, repository, scripts
|
|
70
73
|
} = await manifest.readAnalyze(dest);
|
|
71
|
-
ref
|
|
72
|
-
ref.description = description;
|
|
74
|
+
Object.assign(ref, { author, description, engines, repository, scripts });
|
|
73
75
|
|
|
74
76
|
// Get the composition of the (extracted) directory
|
|
75
77
|
const { ext, files, size } = await getTarballComposition(dest);
|
package/types/scanner.d.ts
CHANGED
|
@@ -42,6 +42,15 @@ declare namespace Scanner {
|
|
|
42
42
|
description: string;
|
|
43
43
|
/** Author of the package. This information is not trustable and can be empty. */
|
|
44
44
|
author: Maintainer;
|
|
45
|
+
engines: {
|
|
46
|
+
node?: string;
|
|
47
|
+
npm?: string;
|
|
48
|
+
};
|
|
49
|
+
repository: {
|
|
50
|
+
type: string;
|
|
51
|
+
url: string;
|
|
52
|
+
};
|
|
53
|
+
scripts: Record<string, string>;
|
|
45
54
|
/**
|
|
46
55
|
* JS-X-Ray warnings
|
|
47
56
|
*
|