@nodesecure/scanner 3.8.0 → 3.8.2

package/LICENSE

@@ -1,21 +1,21 @@
-MIT License
-
-Copyright (c) 2021 NodeSecure
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
+MIT License
+
+Copyright (c) 2021 NodeSecure
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -1,8 +1,10 @@
 # NodeSecure Scanner
 ![version](https://img.shields.io/badge/dynamic/json.svg?url=https://raw.githubusercontent.com/NodeSecure/scanner/master/package.json&query=$.version&label=Version)
 [![Maintenance](https://img.shields.io/badge/Maintained%3F-yes-green.svg)](https://github.com/NodeSecure/scanner/commit-activity)
+[![OpenSSF
+Scorecard](https://api.securityscorecards.dev/projects/github.com/NodeSecure/scanner/badge)](https://api.securityscorecards.dev/projects/github.com/NodeSecure/scanner)
 [![mit](https://img.shields.io/github/license/Naereen/StrapDown.js.svg)](https://github.com/NodeSecure/scanner/blob/master/LICENSE)
-![build](https://img.shields.io/github/workflow/status/NodeSecure/scanner/Node.js%20CI)
+![build](https://img.shields.io/github/actions/workflow/status/NodeSecure/scanner/node.js.yml)
 
 ⚡️ Run a static analysis of your module's dependencies.
 

package/index.d.ts

@@ -1,14 +1,14 @@
-import Scanner from "./types/scanner";
-import { cwd, from, verify, ScannerLoggerEvents } from "./types/api";
-import { depWalker } from "./types/walker";
-import { Logger, LoggerEventData } from "./types/logger";
-import tarball from "./types/tarball";
-
-export {
-  cwd, from, verify, ScannerLoggerEvents,
-  Scanner,
-  Logger,
-  LoggerEventData,
-  tarball,
-  depWalker
-}
+import Scanner from "./types/scanner.js";
+import { cwd, from, verify, ScannerLoggerEvents } from "./types/api.js";
+import { depWalker } from "./types/walker.js";
+import { Logger, LoggerEventData } from "./types/logger.js";
+import tarball from "./types/tarball.js";
+
+export {
+  cwd, from, verify, ScannerLoggerEvents,
+  Scanner,
+  Logger,
+  LoggerEventData,
+  tarball,
+  depWalker
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nodesecure/scanner",
-  "version": "3.8.0",
+  "version": "3.8.2",
   "description": "A package API to run a static analysis of your module's dependencies.",
   "exports": "./index.js",
   "engines": {
@@ -48,38 +48,38 @@
   },
   "homepage": "https://github.com/NodeSecure/scanner#readme",
   "devDependencies": {
-    "@nodesecure/eslint-config": "^1.5.0",
+    "@nodesecure/eslint-config": "^1.6.0",
     "@slimio/is": "^1.5.1",
     "@small-tech/esm-tape-runner": "^2.0.0",
     "@small-tech/tap-monkey": "^1.4.0",
-    "@types/node": "^18.11.9",
+    "@types/node": "^18.11.18",
     "c8": "^7.12.0",
     "cross-env": "^7.0.3",
     "dotenv": "^16.0.3",
-    "eslint": "^8.27.0",
+    "eslint": "^8.31.0",
     "get-folder-size": "^4.0.0",
     "pkg-ok": "^3.0.0",
-    "sinon": "^14.0.1",
+    "sinon": "^15.0.1",
     "snap-shot-core": "^10.2.4",
     "tape": "^5.6.1"
   },
   "dependencies": {
     "@nodesecure/flags": "^2.4.0",
     "@nodesecure/fs-walk": "^1.0.0",
-    "@nodesecure/i18n": "^2.0.0",
+    "@nodesecure/i18n": "^2.1.1",
     "@nodesecure/js-x-ray": "^5.1.0",
     "@nodesecure/npm-registry-sdk": "^1.4.1",
-    "@nodesecure/ntlp": "^2.1.0",
+    "@nodesecure/ntlp": "^2.2.0",
     "@nodesecure/utils": "^1.0.0",
     "@nodesecure/vuln": "^1.7.0",
     "@npm/types": "^1.0.2",
-    "@npmcli/arborist": "^6.1.1",
+    "@npmcli/arborist": "^6.1.5",
     "@slimio/lock": "^1.0.0",
     "builtins": "^5.0.1",
     "combine-async-iterators": "^2.0.1",
     "itertools": "^1.7.1",
     "lodash.difference": "^4.5.0",
-    "pacote": "^15.0.6",
+    "pacote": "^15.0.8",
     "semver": "^7.3.8"
   },
   "type": "module"

package/src/class/logger.class.js

@@ -1,54 +1,54 @@
-// Import Node.js Dependencies
-import { EventEmitter } from "events";
-import { performance } from "perf_hooks";
-
-export default class Logger extends EventEmitter {
-  constructor() {
-    super();
-
-    this.events = new Map();
-  }
-
-  start(eventName) {
-    if (this.events.has(eventName)) {
-      return this;
-    }
-
-    this.events.set(eventName, {
-      startedAt: performance.now(),
-      count: 0
-    });
-    this.emit("start", eventName);
-
-    return this;
-  }
-
-  tick(eventName) {
-    if (!this.events.has(eventName)) {
-      return this;
-    }
-
-    this.events.get(eventName).count++;
-    this.emit("tick", eventName);
-
-    return this;
-  }
-
-  count(eventName) {
-    return this.events.get(eventName)?.count ?? 0;
-  }
-
-  end(eventName) {
-    if (!this.events.has(eventName)) {
-      return this;
-    }
-
-    const data = this.events.get(eventName);
-    this.emit("end", eventName, {
-      ...data,
-      executionTime: performance.now() - data.startedAt
-    });
-
-    return this;
-  }
-}
+// Import Node.js Dependencies
+import { EventEmitter } from "events";
+import { performance } from "perf_hooks";
+
+export default class Logger extends EventEmitter {
+  constructor() {
+    super();
+
+    this.events = new Map();
+  }
+
+  start(eventName) {
+    if (this.events.has(eventName)) {
+      return this;
+    }
+
+    this.events.set(eventName, {
+      startedAt: performance.now(),
+      count: 0
+    });
+    this.emit("start", eventName);
+
+    return this;
+  }
+
+  tick(eventName) {
+    if (!this.events.has(eventName)) {
+      return this;
+    }
+
+    this.events.get(eventName).count++;
+    this.emit("tick", eventName);
+
+    return this;
+  }
+
+  count(eventName) {
+    return this.events.get(eventName)?.count ?? 0;
+  }
+
+  end(eventName) {
+    if (!this.events.has(eventName)) {
+      return this;
+    }
+
+    const data = this.events.get(eventName);
+    this.emit("end", eventName, {
+      ...data,
+      executionTime: performance.now() - data.startedAt
+    });
+
+    return this;
+  }
+}

package/src/constants.js

@@ -1,13 +1,13 @@
-
-export const ScannerLoggerEvents = {
-  done: "depWalkerFinished",
-  analysis: {
-    tree: "walkTree",
-    tarball: "tarball",
-    registry: "registry"
-  },
-  manifest: {
-    read: "readManifest",
-    fetch: "fetchManifest"
-  }
-};
+
+export const ScannerLoggerEvents = {
+  done: "depWalkerFinished",
+  analysis: {
+    tree: "walkTree",
+    tarball: "tarball",
+    registry: "registry"
+  },
+  manifest: {
+    read: "readManifest",
+    fetch: "fetchManifest"
+  }
+};

package/src/utils/addMissingVersionFlags.js

@@ -1,24 +1,24 @@
-/**
- * @param {Set<string>} flags
- * @param {import("../../types/scanner").Dependency} descriptor
- */
-export function* addMissingVersionFlags(flags, descriptor) {
-  const { metadata, vulnerabilities = [], versions } = descriptor;
-  const semverVersions = Object.keys(versions);
-
-  if (!metadata.hasReceivedUpdateInOneYear && flags.has("hasOutdatedDependency") && !flags.has("isDead")) {
-    yield "isDead";
-  }
-  if (metadata.hasManyPublishers && !flags.has("hasManyPublishers")) {
-    yield "hasManyPublishers";
-  }
-  if (metadata.hasChangedAuthor && !flags.has("hasChangedAuthor")) {
-    yield "hasChangedAuthor";
-  }
-  if (vulnerabilities.length > 0 && !flags.has("hasVulnerabilities")) {
-    yield "hasVulnerabilities";
-  }
-  if (semverVersions.length > 1 && !flags.has("hasDuplicate")) {
-    yield "hasDuplicate";
-  }
-}
+/**
+ * @param {Set<string>} flags
+ * @param {import("../../types/scanner").Dependency} descriptor
+ */
+export function* addMissingVersionFlags(flags, descriptor) {
+  const { metadata, vulnerabilities = [], versions } = descriptor;
+  const semverVersions = Object.keys(versions);
+
+  if (!metadata.hasReceivedUpdateInOneYear && flags.has("hasOutdatedDependency") && !flags.has("isDead")) {
+    yield "isDead";
+  }
+  if (metadata.hasManyPublishers && !flags.has("hasManyPublishers")) {
+    yield "hasManyPublishers";
+  }
+  if (metadata.hasChangedAuthor && !flags.has("hasChangedAuthor")) {
+    yield "hasChangedAuthor";
+  }
+  if (vulnerabilities.length > 0 && !flags.has("hasVulnerabilities")) {
+    yield "hasVulnerabilities";
+  }
+  if (semverVersions.length > 1 && !flags.has("hasDuplicate")) {
+    yield "hasDuplicate";
+  }
+}

package/src/utils/booleanToFlags.js

@@ -1,12 +1,12 @@
-/**
- * @param {Record<string, boolean>} flagsRecord
- * @example
- * console.log(...booleanToFlags({ hasScript: true })); // "hasScript"
- */
-export function* booleanToFlags(flagsRecord) {
-  for (const [flagName, boolValue] of Object.entries(flagsRecord)) {
-    if (boolValue) {
-      yield flagName;
-    }
-  }
-}
+/**
+ * @param {Record<string, boolean>} flagsRecord
+ * @example
+ * console.log(...booleanToFlags({ hasScript: true })); // "hasScript"
+ */
+export function* booleanToFlags(flagsRecord) {
+  for (const [flagName, boolValue] of Object.entries(flagsRecord)) {
+    if (boolValue) {
+      yield flagName;
+    }
+  }
+}

package/src/utils/dirname.js

@@ -1,9 +1,9 @@
-// Import Node.js Dependencies
-import { fileURLToPath } from "url";
-import { dirname } from "path";
-
-export function getDirNameFromUrl(url) {
-  const __filename = fileURLToPath(url);
-
-  return dirname(__filename);
-}
+// Import Node.js Dependencies
+import { fileURLToPath } from "url";
+import { dirname } from "path";
+
+export function getDirNameFromUrl(url) {
+  const __filename = fileURLToPath(url);
+
+  return dirname(__filename);
+}

package/src/utils/filterDependencyKind.js

@@ -1,44 +1,44 @@
-// Import Node.js Dependencies
-import path from "path";
-
-// CONSTANTS
-const kRelativeImportPath = new Set([".", "..", "./", "../"]);
-
-/**
- * @see https://nodejs.org/docs/latest/api/modules.html#file-modules
- *
- * @param {IterableIterator<string>} dependencies
- * @param {!string} relativeFileLocation
- */
-export function filterDependencyKind(dependencies, relativeFileLocation) {
-  const packages = [];
-  const files = [];
-
-  for (const moduleNameOrPath of dependencies) {
-    const firstChar = moduleNameOrPath.charAt(0);
-
-    /**
-     * @example
-     * require("..");
-     * require("/home/marco/foo.js");
-     */
-    if (firstChar === "." || firstChar === "/") {
-      // Note: condition only possible for CJS
-      if (kRelativeImportPath.has(moduleNameOrPath)) {
-        files.push(path.join(moduleNameOrPath, "index.js"));
-      }
-      else {
-        // Note: we are speculating that the extension is .js (but it could be .json or .node)
-        const fixedFileName = path.extname(moduleNameOrPath) === "" ?
-          `${moduleNameOrPath}.js` : moduleNameOrPath;
-
-        files.push(path.join(relativeFileLocation, fixedFileName));
-      }
-    }
-    else {
-      packages.push(moduleNameOrPath);
-    }
-  }
-
-  return { packages, files };
-}
+// Import Node.js Dependencies
+import path from "path";
+
+// CONSTANTS
+const kRelativeImportPath = new Set([".", "..", "./", "../"]);
+
+/**
+ * @see https://nodejs.org/docs/latest/api/modules.html#file-modules
+ *
+ * @param {IterableIterator<string>} dependencies
+ * @param {!string} relativeFileLocation
+ */
+export function filterDependencyKind(dependencies, relativeFileLocation) {
+  const packages = [];
+  const files = [];
+
+  for (const moduleNameOrPath of dependencies) {
+    const firstChar = moduleNameOrPath.charAt(0);
+
+    /**
+     * @example
+     * require("..");
+     * require("/home/marco/foo.js");
+     */
+    if (firstChar === "." || firstChar === "/") {
+      // Note: condition only possible for CJS
+      if (kRelativeImportPath.has(moduleNameOrPath)) {
+        files.push(path.join(moduleNameOrPath, "index.js"));
+      }
+      else {
+        // Note: we are speculating that the extension is .js (but it could be .json or .node)
+        const fixedFileName = path.extname(moduleNameOrPath) === "" ?
+          `${moduleNameOrPath}.js` : moduleNameOrPath;
+
+        files.push(path.join(relativeFileLocation, fixedFileName));
+      }
+    }
+    else {
+      packages.push(moduleNameOrPath);
+    }
+  }
+
+  return { packages, files };
+}

package/src/utils/getPackageName.js

@@ -1,21 +1,21 @@
-// CONSTANTS
-const kPackageSeparator = "/";
-const kPackageOrgSymbol = "@";
-
-/**
- * @see https://github.com/npm/validate-npm-package-name#naming-rules
- *
- * @param {!string} name full package name
- * @returns {string}
- *
- * @example
- * getPackageName("foo"); // foo
- * getPackageName("foo/bar"); // foo
- * getPackageName("@org/bar"); // @org/bar
- */
-export function getPackageName(name) {
-  const parts = name.split(kPackageSeparator);
-
-  // Note: only scoped package are allowed to start with @
-  return name.startsWith(kPackageOrgSymbol) ? `${parts[0]}/${parts[1]}` : parts[0];
-}
+// CONSTANTS
+const kPackageSeparator = "/";
+const kPackageOrgSymbol = "@";
+
+/**
+ * @see https://github.com/npm/validate-npm-package-name#naming-rules
+ *
+ * @param {!string} name full package name
+ * @returns {string}
+ *
+ * @example
+ * getPackageName("foo"); // foo
+ * getPackageName("foo/bar"); // foo
+ * getPackageName("@org/bar"); // @org/bar
+ */
+export function getPackageName(name) {
+  const parts = name.split(kPackageSeparator);
+
+  // Note: only scoped package are allowed to start with @
+  return name.startsWith(kPackageOrgSymbol) ? `${parts[0]}/${parts[1]}` : parts[0];
+}

package/src/utils/getTarballComposition.js

@@ -1,38 +1,38 @@
-// Import Node.js Dependencies
-import fs from "fs/promises";
-import path from "path";
-
-// Import Third-party Dependencies
-import { walk } from "@nodesecure/fs-walk";
-
-export async function getTarballComposition(tarballDir) {
-  const ext = new Set();
-  const files = [];
-  const dirs = [];
-  let { size } = await fs.stat(tarballDir);
-
-  for await (const [dirent, file] of walk(tarballDir)) {
-    if (dirent.isFile()) {
-      ext.add(path.extname(file));
-      files.push(file);
-    }
-    else if (dirent.isDirectory()) {
-      dirs.push(file);
-    }
-  }
-
-  const sizeUnfilteredResult = await Promise.allSettled([
-    ...files.map((file) => fs.stat(file)),
-    ...dirs.map((file) => fs.stat(file))
-  ]);
-  const sizeAll = sizeUnfilteredResult
-    .filter((promiseSettledResult) => promiseSettledResult.status === "fulfilled")
-    .map((promiseSettledResult) => promiseSettledResult.value);
-  size += sizeAll.reduce((prev, curr) => prev + curr.size, 0);
-
-  return {
-    ext,
-    size,
-    files: files.map((fileLocation) => path.relative(tarballDir, fileLocation)).sort()
-  };
-}
+// Import Node.js Dependencies
+import fs from "fs/promises";
+import path from "path";
+
+// Import Third-party Dependencies
+import { walk } from "@nodesecure/fs-walk";
+
+export async function getTarballComposition(tarballDir) {
+  const ext = new Set();
+  const files = [];
+  const dirs = [];
+  let { size } = await fs.stat(tarballDir);
+
+  for await (const [dirent, file] of walk(tarballDir)) {
+    if (dirent.isFile()) {
+      ext.add(path.extname(file));
+      files.push(file);
+    }
+    else if (dirent.isDirectory()) {
+      dirs.push(file);
+    }
+  }
+
+  const sizeUnfilteredResult = await Promise.allSettled([
+    ...files.map((file) => fs.stat(file)),
+    ...dirs.map((file) => fs.stat(file))
+  ]);
+  const sizeAll = sizeUnfilteredResult
+    .filter((promiseSettledResult) => promiseSettledResult.status === "fulfilled")
+    .map((promiseSettledResult) => promiseSettledResult.value);
+  size += sizeAll.reduce((prev, curr) => prev + curr.size, 0);
+
+  return {
+    ext,
+    size,
+    files: files.map((fileLocation) => path.relative(tarballDir, fileLocation)).sort()
+  };
+}

package/src/utils/isSensitiveFile.js

@@ -1,17 +1,17 @@
-// Import Node.js Dependencies
-import path from "path";
-
-// CONSTANTS
-const kSensitiveFileName = new Set([".npmrc", ".env"]);
-const kSensitiveFileExtension = new Set([".key", ".pem"]);
-
-/**
- * @see https://github.com/jandre/safe-commit-hook/blob/master/git-deny-patterns.json
- *
- * @param {!string} fileName
- * @returns {boolean}
- */
-export function isSensitiveFile(fileName) {
-  return kSensitiveFileName.has(path.basename(fileName)) ||
-    kSensitiveFileExtension.has(path.extname(fileName));
-}
+// Import Node.js Dependencies
+import path from "path";
+
+// CONSTANTS
+const kSensitiveFileName = new Set([".npmrc", ".env"]);
+const kSensitiveFileExtension = new Set([".key", ".pem"]);
+
+/**
+ * @see https://github.com/jandre/safe-commit-hook/blob/master/git-deny-patterns.json
+ *
+ * @param {!string} fileName
+ * @returns {boolean}
+ */
+export function isSensitiveFile(fileName) {
+  return kSensitiveFileName.has(path.basename(fileName)) ||
+    kSensitiveFileExtension.has(path.extname(fileName));
+}

package/src/utils/semver.js

@@ -1,49 +1,49 @@
-// Import Third-party Dependencies
-import pacote from "pacote";
-import semver from "semver";
-import { getLocalRegistryURL } from "@nodesecure/npm-registry-sdk";
-
-// Import Internal Dependencies
-import { NPM_TOKEN } from "./index.js";
-
-/**
- * @param {!string} version semver range
- * @returns {string} semver version
- *
- * @example
- * cleanRange(">=1.5.0"); // 1.5.0
- * cleanRange("^2.0.0"); // 2.0.0
- */
-export function cleanRange(version) {
-  // TODO: how do we handle complicated range like pkg-name@1 || 2 or pkg-name@2.1.2 < 3
-  const firstChar = version.charAt(0);
-  if (firstChar === "^" || firstChar === "<" || firstChar === ">" || firstChar === "=" || firstChar === "~") {
-    return version.slice(version.charAt(1) === "=" ? 2 : 1);
-  }
-
-  return version;
-}
-
-/**
- * @param {!string} depName dependency name (WITHOUT version/range)
- * @param {!string} range semver range, ex: >=1.5.0
- */
-export async function getExpectedSemVer(depName, range) {
-  try {
-    const { versions, "dist-tags": { latest } } = await pacote.packument(depName, {
-      ...NPM_TOKEN, registry: getLocalRegistryURL()
-    });
-    const currVersion = semver.maxSatisfying(Object.keys(versions), range);
-
-    return currVersion === null ? [latest, true] : [currVersion, semver.eq(latest, currVersion)];
-  }
-  catch (err) {
-    return [cleanRange(range), true];
-  }
-}
-
-export async function getCleanDependencyName([depName, range]) {
-  const [depVer, isLatest] = await getExpectedSemVer(depName, range);
-
-  return [`${depName}@${range}`, `${depName}@${depVer}`, isLatest];
-}
+// Import Third-party Dependencies
+import pacote from "pacote";
+import semver from "semver";
+import { getLocalRegistryURL } from "@nodesecure/npm-registry-sdk";
+
+// Import Internal Dependencies
+import { NPM_TOKEN } from "./index.js";
+
+/**
+ * @param {!string} version semver range
+ * @returns {string} semver version
+ *
+ * @example
+ * cleanRange(">=1.5.0"); // 1.5.0
+ * cleanRange("^2.0.0"); // 2.0.0
+ */
+export function cleanRange(version) {
+  // TODO: how do we handle complicated range like pkg-name@1 || 2 or pkg-name@2.1.2 < 3
+  const firstChar = version.charAt(0);
+  if (firstChar === "^" || firstChar === "<" || firstChar === ">" || firstChar === "=" || firstChar === "~") {
+    return version.slice(version.charAt(1) === "=" ? 2 : 1);
+  }
+
+  return version;
+}
+
+/**
+ * @param {!string} depName dependency name (WITHOUT version/range)
+ * @param {!string} range semver range, ex: >=1.5.0
+ */
+export async function getExpectedSemVer(depName, range) {
+  try {
+    const { versions, "dist-tags": { latest } } = await pacote.packument(depName, {
+      ...NPM_TOKEN, registry: getLocalRegistryURL()
+    });
+    const currVersion = semver.maxSatisfying(Object.keys(versions), range);
+
+    return currVersion === null ? [latest, true] : [currVersion, semver.eq(latest, currVersion)];
+  }
+  catch (err) {
+    return [cleanRange(range), true];
+  }
+}
+
+export async function getCleanDependencyName([depName, range]) {
+  const [depVer, isLatest] = await getExpectedSemVer(depName, range);
+
+  return [`${depName}@${range}`, `${depName}@${depVer}`, isLatest];
+}

package/src/utils/warnings.js

@@ -1,36 +1,36 @@
-// Import Third-party Dependencies
-import { getToken, taggedString } from "@nodesecure/i18n";
-
-// CONSTANTS
-const kDetectedDep = taggedString`The dependency '${0}' has been detected in the dependency Tree.`;
-const kWarningsMessages = Object.freeze({
-  "@scarf/scarf": getToken("warnings.disable_scarf"),
-  iohook: getToken("warnings.keylogging")
-});
-const kPackages = new Set(Object.keys(kWarningsMessages));
-const kAuthors = new Set(["marak", "marak.squires@gmail.com"]);
-
-function getWarning(depName) {
-  return `${kDetectedDep(depName)} ${kWarningsMessages[depName]}`;
-}
-
-export function getDependenciesWarnings(dependencies) {
-  const warnings = [];
-  for (const depName of kPackages) {
-    if (dependencies.has(depName)) {
-      warnings.push(getWarning(depName));
-    }
-  }
-
-  // TODO: optimize with @nodesecure/author later
-  for (const [packageName, dependency] of dependencies) {
-    for (const { name, email } of dependency.metadata.maintainers) {
-      if (kAuthors.has(name) || kAuthors.has(email)) {
-        warnings.push(`'Marak Squires' package '${packageName}' has been detected in the dependency tree`);
-      }
-    }
-  }
-
-  return warnings;
-}
-
+// Import Third-party Dependencies
+import { getToken, taggedString } from "@nodesecure/i18n";
+
+// CONSTANTS
+const kDetectedDep = taggedString`The dependency '${0}' has been detected in the dependency Tree.`;
+const kWarningsMessages = Object.freeze({
+  "@scarf/scarf": getToken("warnings.disable_scarf"),
+  iohook: getToken("warnings.keylogging")
+});
+const kPackages = new Set(Object.keys(kWarningsMessages));
+const kAuthors = new Set(["marak", "marak.squires@gmail.com"]);
+
+function getWarning(depName) {
+  return `${kDetectedDep(depName)} ${kWarningsMessages[depName]}`;
+}
+
+export function getDependenciesWarnings(dependencies) {
+  const warnings = [];
+  for (const depName of kPackages) {
+    if (dependencies.has(depName)) {
+      warnings.push(getWarning(depName));
+    }
+  }
+
+  // TODO: optimize with @nodesecure/author later
+  for (const [packageName, dependency] of dependencies) {
+    for (const { name, email } of dependency.metadata.maintainers) {
+      if (kAuthors.has(name) || kAuthors.has(email)) {
+        warnings.push(`'Marak Squires' package '${packageName}' has been detected in the dependency tree`);
+      }
+    }
+  }
+
+  return warnings;
+}
+

package/types/api.d.ts

@@ -1,5 +1,5 @@
-import Scanner from "./scanner";
-import { Logger, LoggerEvents } from "./logger";
+import Scanner from "./scanner.js";
+import { Logger, LoggerEvents } from "./logger.js";
 
 export {
   cwd,

package/types/logger.d.ts

@@ -1,38 +1,38 @@
-import { EventEmitter } from "events";
-
-export {
-  Logger,
-  LoggerEventData,
-  LoggerEvents
-}
-
-interface LoggerEvents {
-  readonly done: "depWalkerFinished";
-  readonly analysis: {
-      readonly tree: "walkTree";
-      readonly tarball: "tarball";
-      readonly registry: "registry";
-  };
-  readonly manifest: {
-      readonly read: "readManifest";
-      readonly fetch: "fetchManifest";
-  };
-}
-
-interface LoggerEventData {
-  /** UNIX Timestamp */
-  startedAt: number;
-  /** Count of triggered event */
-  count: number;
-}
-
-declare class Logger extends EventEmitter {
-  public events: Map<string, LoggerEventData>;
-
-  constructor();
-
-  start(eventName: string): Logger;
-  end(eventName: string): Logger;
-  tick(eventName: string): Logger;
-  count(eventName: string): number;
-}
+import { EventEmitter } from "events";
+
+export {
+  Logger,
+  LoggerEventData,
+  LoggerEvents
+}
+
+interface LoggerEvents {
+  readonly done: "depWalkerFinished";
+  readonly analysis: {
+      readonly tree: "walkTree";
+      readonly tarball: "tarball";
+      readonly registry: "registry";
+  };
+  readonly manifest: {
+      readonly read: "readManifest";
+      readonly fetch: "fetchManifest";
+  };
+}
+
+interface LoggerEventData {
+  /** UNIX Timestamp */
+  startedAt: number;
+  /** Count of triggered event */
+  count: number;
+}
+
+declare class Logger extends EventEmitter {
+  public events: Map<string, LoggerEventData>;
+
+  constructor();
+
+  start(eventName: string): Logger;
+  end(eventName: string): Logger;
+  tick(eventName: string): Logger;
+  count(eventName: string): number;
+}

package/types/scanner.d.ts

@@ -2,7 +2,6 @@
 import * as JSXRay from "@nodesecure/js-x-ray";
 import { license as License } from "@nodesecure/ntlp";
 import * as Vuln from "@nodesecure/vuln";
-import { Flags } from "@nodesecure/flags";
 
 // Import Third-party Dependencies
 import { Maintainer } from "@npm/types";
@@ -89,7 +88,7 @@ declare namespace Scanner {
      *
      * @see https://github.com/NodeSecure/flags/blob/main/FLAGS.md
      */
-    flags: Flags[];
+    flags: string[];
     /**
      * If the dependency is a GIT repository
      */

package/types/tarball.d.ts

@@ -1,6 +1,6 @@
 import ntlp from "@nodesecure/ntlp";
 import Locker from "@slimio/lock";
-import Logger from "../src/logger.class";
+import { Logger } from "./logger.js";
 
 export = tarball;
 

package/types/walker.d.ts

@@ -1,8 +1,8 @@
-import { Manifest } from "@npm/types";
-import Scanner from "./scanner";
-
-export {
-  depWalker
-}
-
-declare function depWalker(manifest: Manifest, options?: Scanner.Options);
+import { Manifest } from "@npm/types";
+import Scanner from "./scanner.js";
+
+export {
+  depWalker
+}
+
+declare function depWalker(manifest: Manifest, options?: Scanner.Options);