@nodesecure/scanner 5.2.0 → 5.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/src/depWalker.js +1 -1
- package/src/npmRegistry.js +46 -3
- package/src/utils/getLinks.js +9 -4
- package/types/scanner.d.ts +7 -0
package/package.json
CHANGED
package/src/depWalker.js
CHANGED
|
@@ -268,7 +268,7 @@ export async function depWalker(manifest, options = {}, logger = new Logger()) {
|
|
|
268
268
|
|
|
269
269
|
if (dependencies.has(name)) {
|
|
270
270
|
const dep = dependencies.get(name);
|
|
271
|
-
promisesToWait.push(manifestMetadata(name, version, dep
|
|
271
|
+
promisesToWait.push(manifestMetadata(name, version, dep));
|
|
272
272
|
|
|
273
273
|
const currVersion = Object.keys(current.versions)[0];
|
|
274
274
|
if (currVersion in dep.versions) {
|
package/src/npmRegistry.js
CHANGED
|
@@ -3,17 +3,28 @@ import crypto from "node:crypto";
|
|
|
3
3
|
|
|
4
4
|
// Import Third-party Dependencies
|
|
5
5
|
import semver from "semver";
|
|
6
|
-
import { packument, packumentVersion } from "@nodesecure/npm-registry-sdk";
|
|
6
|
+
import { packument, packumentVersion, user as npmUserProfile } from "@nodesecure/npm-registry-sdk";
|
|
7
7
|
|
|
8
8
|
// Import Internal Dependencies
|
|
9
9
|
import { parseAuthor, getLinks } from "./utils/index.js";
|
|
10
10
|
|
|
11
|
-
export async function manifestMetadata(
|
|
11
|
+
export async function manifestMetadata(
|
|
12
|
+
name,
|
|
13
|
+
version,
|
|
14
|
+
dependency
|
|
15
|
+
) {
|
|
12
16
|
try {
|
|
13
17
|
const pkgVersion = await packumentVersion(name, version);
|
|
14
18
|
|
|
15
19
|
const integrity = getPackumentVersionIntegrity(pkgVersion);
|
|
16
|
-
|
|
20
|
+
Object.assign(
|
|
21
|
+
dependency.versions[version],
|
|
22
|
+
{
|
|
23
|
+
links: getLinks(pkgVersion)
|
|
24
|
+
}
|
|
25
|
+
);
|
|
26
|
+
|
|
27
|
+
dependency.metadata.integrity[version] = integrity;
|
|
17
28
|
}
|
|
18
29
|
catch {
|
|
19
30
|
// Ignore
|
|
@@ -91,6 +102,7 @@ export async function packageMetadata(name, version, options) {
|
|
|
91
102
|
}
|
|
92
103
|
}
|
|
93
104
|
|
|
105
|
+
await addNpmAvatar(metadata);
|
|
94
106
|
Object.assign(ref.versions[version], { links: getLinks(pkg.versions[version]) });
|
|
95
107
|
Object.assign(ref.metadata, metadata);
|
|
96
108
|
}
|
|
@@ -123,3 +135,34 @@ function getPackumentVersionIntegrity(packumentVersion) {
|
|
|
123
135
|
.update(JSON.stringify(integrityObj))
|
|
124
136
|
.digest("hex");
|
|
125
137
|
}
|
|
138
|
+
|
|
139
|
+
async function addNpmAvatar(metadata) {
|
|
140
|
+
const contributors = [metadata.author, ...metadata.maintainers, ...metadata.publishers];
|
|
141
|
+
const emailToAvatar = {};
|
|
142
|
+
|
|
143
|
+
const promises = contributors.map((contributor) => {
|
|
144
|
+
if (contributor.email && emailToAvatar[contributor.email]) {
|
|
145
|
+
contributor.npmAvatar = emailToAvatar[contributor.email];
|
|
146
|
+
|
|
147
|
+
return Promise.resolve();
|
|
148
|
+
}
|
|
149
|
+
|
|
150
|
+
return npmUserProfile(contributor.name, { perPage: 1 }).then((profile) => {
|
|
151
|
+
contributor.npmAvatar = profile.avatars.small;
|
|
152
|
+
if (contributor.email && contributor.npmAvatar) {
|
|
153
|
+
emailToAvatar[contributor.email] = contributor.npmAvatar;
|
|
154
|
+
}
|
|
155
|
+
}).catch(() => {
|
|
156
|
+
contributor.npmAvatar = null;
|
|
157
|
+
});
|
|
158
|
+
});
|
|
159
|
+
|
|
160
|
+
await Promise.all(promises);
|
|
161
|
+
|
|
162
|
+
// back fill npmAvatar if any name property was not npm username in first pass
|
|
163
|
+
for (const contributor of contributors) {
|
|
164
|
+
if (!contributor.npmAvatar && contributor.email && emailToAvatar[contributor.email]) {
|
|
165
|
+
contributor.npmAvatar = emailToAvatar[contributor.email];
|
|
166
|
+
}
|
|
167
|
+
}
|
|
168
|
+
}
|
package/src/utils/getLinks.js
CHANGED
|
@@ -19,12 +19,17 @@ function getVCSRepositoryURL(link) {
|
|
|
19
19
|
}
|
|
20
20
|
}
|
|
21
21
|
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
22
|
+
/**
|
|
23
|
+
* @param {import("@nodesecure/npm-registry-sdk").PackumentVersion} packumentVersion
|
|
24
|
+
*/
|
|
25
|
+
export function getLinks(
|
|
26
|
+
packumentVersion
|
|
27
|
+
) {
|
|
28
|
+
const homepage = packumentVersion.homepage || null;
|
|
29
|
+
const repositoryUrl = packumentVersion.repository?.url || null;
|
|
25
30
|
|
|
26
31
|
return {
|
|
27
|
-
npm: `https://www.npmjs.com/package/${
|
|
32
|
+
npm: `https://www.npmjs.com/package/${packumentVersion.name}/v/${packumentVersion.version}`,
|
|
28
33
|
homepage,
|
|
29
34
|
repository: getVCSRepositoryURL(homepage) ?? getVCSRepositoryURL(repositoryUrl)
|
|
30
35
|
};
|
package/types/scanner.d.ts
CHANGED
|
@@ -13,11 +13,13 @@ declare namespace Scanner {
|
|
|
13
13
|
name: string;
|
|
14
14
|
email?: string;
|
|
15
15
|
url?: string;
|
|
16
|
+
npmAvatar?: string;
|
|
16
17
|
}
|
|
17
18
|
|
|
18
19
|
export interface Maintainer {
|
|
19
20
|
name: string;
|
|
20
21
|
email: string;
|
|
22
|
+
npmAvatar?: string;
|
|
21
23
|
}
|
|
22
24
|
|
|
23
25
|
export interface Publisher {
|
|
@@ -38,6 +40,11 @@ declare namespace Scanner {
|
|
|
38
40
|
* @example 2021-08-10T20:45:08.342Z
|
|
39
41
|
*/
|
|
40
42
|
at: string;
|
|
43
|
+
/**
|
|
44
|
+
* Path to publisher's avatar on "https://www.npmjs.com"
|
|
45
|
+
* @example /npm-avatar/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.e30.LwimMJA3puF3ioGeS-tfczR3370GXBZMIL-bdpu4hOU
|
|
46
|
+
*/
|
|
47
|
+
npmAvatar?: string;
|
|
41
48
|
}
|
|
42
49
|
|
|
43
50
|
export interface DependencyLinks {
|