@nodesecure/scanner 6.0.2 → 6.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/comparePayloads.d.ts +2 -2
- package/dist/comparePayloads.d.ts.map +1 -1
- package/dist/comparePayloads.js +6 -3
- package/dist/comparePayloads.js.map +1 -1
- package/dist/depWalker.d.ts.map +1 -1
- package/dist/depWalker.js +11 -7
- package/dist/depWalker.js.map +1 -1
- package/dist/extractors/index.d.ts +6 -0
- package/dist/extractors/index.d.ts.map +1 -0
- package/dist/extractors/index.js +6 -0
- package/dist/extractors/index.js.map +1 -0
- package/dist/extractors/payload.d.ts +29 -0
- package/dist/extractors/payload.d.ts.map +1 -0
- package/dist/extractors/payload.js +37 -0
- package/dist/extractors/payload.js.map +1 -0
- package/dist/types.d.ts +4 -4
- package/dist/types.d.ts.map +1 -1
- package/dist/types.js +1 -1
- package/dist/types.js.map +1 -1
- package/dist/utils/getUsedDeps.d.ts.map +1 -1
- package/dist/utils/getUsedDeps.js.map +1 -1
- package/dist/utils/isNodesecurePayload.d.ts +3 -0
- package/dist/utils/isNodesecurePayload.d.ts.map +1 -0
- package/dist/utils/isNodesecurePayload.js +4 -0
- package/dist/utils/isNodesecurePayload.js.map +1 -0
- package/package.json +4 -4
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import * as JSXRay from "@nodesecure/js-x-ray";
|
|
2
|
-
import * as
|
|
2
|
+
import * as Vulnera from "@nodesecure/vulnera";
|
|
3
3
|
import type { Payload, Dependency, DependencyVersion, Publisher, Maintainer, Repository, DependencyLinks } from "./types.js";
|
|
4
4
|
export interface PayloadComparison {
|
|
5
5
|
title: string;
|
|
@@ -17,7 +17,7 @@ export interface DependencyComparison {
|
|
|
17
17
|
publishers: ArrayDiff<Publisher>;
|
|
18
18
|
maintainers: ArrayDiff<Maintainer>;
|
|
19
19
|
versions: VersionsComparisonResult;
|
|
20
|
-
vulnerabilities: ArrayDiff<
|
|
20
|
+
vulnerabilities: ArrayDiff<Vulnera.StandardVulnerability>;
|
|
21
21
|
}
|
|
22
22
|
export interface VersionsComparisonResult {
|
|
23
23
|
compared: Map<string, DependencyVersionComparison>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"comparePayloads.d.ts","sourceRoot":"","sources":["../src/comparePayloads.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,MAAM,MAAM,sBAAsB,CAAC;AAC/C,OAAO,KAAK,
|
|
1
|
+
{"version":3,"file":"comparePayloads.d.ts","sourceRoot":"","sources":["../src/comparePayloads.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,MAAM,MAAM,sBAAsB,CAAC;AAC/C,OAAO,KAAK,OAAO,MAAM,qBAAqB,CAAC;AAG/C,OAAO,KAAK,EACV,OAAO,EAEP,UAAU,EACV,iBAAiB,EACjB,SAAS,EACT,UAAU,EACV,UAAU,EACV,eAAe,EAChB,MAAM,YAAY,CAAC;AAEpB,MAAM,WAAW,iBAAiB;IAChC,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC;IAC5B,cAAc,EAAE,eAAe,CAAC,MAAM,CAAC,CAAC;IACxC,qBAAqB,EAAE,eAAe,CAAC,MAAM,CAAC,CAAC;IAC/C,YAAY,EAAE,sBAAsB,CAAC;CACtC;AAED,MAAM,WAAW,sBAAsB;IACrC,QAAQ,EAAE,GAAG,CAAC,MAAM,EAAE,oBAAoB,CAAC,CAAC;IAC5C,KAAK,EAAE,GAAG,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;IAC/B,OAAO,EAAE,GAAG,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;CAClC;AAED,MAAM,WAAW,oBAAoB;IACnC,UAAU,EAAE,SAAS,CAAC,SAAS,CAAC,CAAC;IACjC,WAAW,EAAE,SAAS,CAAC,UAAU,CAAC,CAAC;IACnC,QAAQ,EAAE,wBAAwB,CAAC;IACnC,eAAe,EAAE,SAAS,CAAC,OAAO,CAAC,qBAAqB,CAAC,CAAC;CAC3D;AAED,MAAM,WAAW,wBAAwB;IACvC,QAAQ,EAAE,GAAG,CAAC,MAAM,EAAE,2BAA2B,CAAC,CAAC;IACnD,KAAK,EAAE,GAAG,CAAC,MAAM,EAAE,iBAAiB,CAAC,CAAC;IACtC,OAAO,EAAE,GAAG,CAAC,MAAM,EAAE,iBAAiB,CAAC,CAAC;CACzC;AAED,MAAM,WAAW,2BAA2B;IAC1C,EAAE,EAAE,eAAe,CAAC,MAAM,CAAC,CAAC;IAC5B,IAAI,EAAE,eAAe,CAAC,MAAM,CAAC,CAAC;IAC9B,MAAM,EAAE,oBAAoB,CAAC,MAAM,CAAC,CAAC;IACrC,eAAe,EAAE,eAAe,CAAC,OAAO,CAAC,CAAC;IAC1C,qBAAqB,EAAE,eAAe,CAAC,OAAO,CAAC,CAAC;IAChD,WAAW,EAAE,eAAe,CAAC,MAAM,CAAC,CAAC;IACrC,MAAM,EAAE,eAAe,CAAC,UAAU,CAAC,CAAC;IACpC,OAAO,EAAE,oBAAoB,CAAC,MAAM,CAAC,CAAC;IACtC,UAAU,EAAE,eAAe,CAAC,UAAU,CAAC,CAAC;IACxC,OAAO,EAAE,oBAAoB,CAAC,MAAM,CAAC,CAAC;IACtC,QAAQ,EAAE,SAAS,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACpC,WAAW,EAAE,qBAAqB,CAAC;IACnC,gBAAgB,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC;IACpC,KAAK,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC;IACzB,KAAK,EAAE,eAAe,CAAC,eAAe,CAAC,CAAC;CACzC;AAED,MAAM,WAAW,oBAAoB,CAAC,CAAC;IACrC,QAAQ,EAAE,GAAG,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC,CAAC,CAAC,CAAC;IAC1C,KAAK,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IACtB,OAAO,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;CACzB;AAED,MAAM,WAAW,qBAAqB;IACpC,QAAQ,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC;IAC5B,mBAAmB,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC;IACvC,eAAe,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC;IACnC,MAAM,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC;IAC1B,OAAO,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC;CAC5B;AAED,MAAM,MAAM,eAAe,CAAC,CAAC,IAAI;IAC/B,IAAI,EAAE,CAAC,CAAC;IACR,GAAG,EAAE,CAAC,CAAC;CACR,GAAG,SAAS,CAAC;AAEd,MAAM,WAAW,SAAS,CAAC,CAAC;IAC1B,KAAK,EAAE,CAAC,EAAE,CAAC;IACX,OAAO,EAAE,CAAC,EAAE,CAAC;CACd;AAED,wBAAgB,eAAe,CAC7B,OAAO,EAAE,OAAO,EAChB,eAAe,EAAE,OAAO,GACvB,iBAAiB,CAmCnB;AAiLD,wBAAgB,uBAAuB,CAAC,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EACnE,GAAG,EAAE,MAAM,EACX,QAAQ,GAAE,CAAC,EAAO,EAClB,SAAS,GAAE,CAAC,EAAO,GAClB,SAAS,CAAC,CAAC,CAAC,CAQd"}
|
package/dist/comparePayloads.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
// Import Third-party Dependencies
|
|
2
2
|
import * as JSXRay from "@nodesecure/js-x-ray";
|
|
3
|
-
import * as
|
|
3
|
+
import * as Vulnera from "@nodesecure/vulnera";
|
|
4
4
|
export function comparePayloads(payload, comparedPayload) {
|
|
5
5
|
if (payload.id === comparedPayload.id) {
|
|
6
6
|
throw new Error(`You try to compare two payloads with the same id '${payload.id}'`);
|
|
@@ -8,8 +8,10 @@ export function comparePayloads(payload, comparedPayload) {
|
|
|
8
8
|
if (payload.rootDependencyName !== comparedPayload.rootDependencyName) {
|
|
9
9
|
throw new Error(`You can't compare different package payloads '${payload.rootDependencyName}' and '${comparedPayload.rootDependencyName}'`);
|
|
10
10
|
}
|
|
11
|
+
const givenVersion = Object.keys(payload.dependencies[payload.rootDependencyName].versions)[0];
|
|
12
|
+
const comparedVersion = Object.keys(comparedPayload.dependencies[comparedPayload.rootDependencyName].versions)[0];
|
|
11
13
|
return {
|
|
12
|
-
title: `'${payload.rootDependencyName}' -> '${comparedPayload.rootDependencyName}'`,
|
|
14
|
+
title: `'${payload.rootDependencyName}@${givenVersion}' -> '${comparedPayload.rootDependencyName}@${comparedVersion}'`,
|
|
13
15
|
warnings: arrayDiff(payload.warnings, comparedPayload.warnings),
|
|
14
16
|
scannerVersion: compareValues(payload.scannerVersion, comparedPayload.scannerVersion),
|
|
15
17
|
vulnerabilityStrategy: compareValues(payload.vulnerabilityStrategy, comparedPayload.vulnerabilityStrategy),
|
|
@@ -41,9 +43,10 @@ function compareVersions(original, toCompare) {
|
|
|
41
43
|
isDevDependency: compareValues(version.isDevDependency, comparedVersion.isDevDependency),
|
|
42
44
|
existOnRemoteRegistry: compareValues(version.existOnRemoteRegistry, comparedVersion.existOnRemoteRegistry),
|
|
43
45
|
description: compareValues(version.description, comparedVersion.description),
|
|
44
|
-
author: compareObjects("name", version.author, comparedVersion.author),
|
|
46
|
+
author: version.author && comparedVersion.author ? compareObjects("name", version.author, comparedVersion.author) : void 0,
|
|
45
47
|
// @ts-ignore
|
|
46
48
|
engines: compareDictionnaries(version.engines, comparedVersion.engines),
|
|
49
|
+
// FIXME: repository can be a string: https://github.com/pillarjs/encodeurl/blob/master/package.json#L14
|
|
47
50
|
repository: compareObjects("type", version.repository, comparedVersion.repository)
|
|
48
51
|
?? compareObjects("url", version.repository, comparedVersion.repository),
|
|
49
52
|
scripts: compareDictionnaries(version.scripts, comparedVersion.scripts),
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"comparePayloads.js","sourceRoot":"","sources":["../src/comparePayloads.ts"],"names":[],"mappings":"AAAA,kCAAkC;AAClC,OAAO,KAAK,MAAM,MAAM,sBAAsB,CAAC;AAC/C,OAAO,KAAK,
|
|
1
|
+
{"version":3,"file":"comparePayloads.js","sourceRoot":"","sources":["../src/comparePayloads.ts"],"names":[],"mappings":"AAAA,kCAAkC;AAClC,OAAO,KAAK,MAAM,MAAM,sBAAsB,CAAC;AAC/C,OAAO,KAAK,OAAO,MAAM,qBAAqB,CAAC;AAmF/C,MAAM,UAAU,eAAe,CAC7B,OAAgB,EAChB,eAAwB;IAExB,IAAI,OAAO,CAAC,EAAE,KAAK,eAAe,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,KAAK,CACb,qDAAqD,OAAO,CAAC,EAAE,GAAG,CACnE,CAAC;IACJ,CAAC;IAED,IAAI,OAAO,CAAC,kBAAkB,KAAK,eAAe,CAAC,kBAAkB,EAAE,CAAC;QACtE,MAAM,IAAI,KAAK,CACb,iDAAiD,OAAO,CAAC,kBAAkB,UAAU,eAAe,CAAC,kBAAkB,GAAG,CAC3H,CAAC;IACJ,CAAC;IAED,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IAC/F,MAAM,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,YAAY,CAAC,eAAe,CAAC,kBAAkB,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IAElH,OAAO;QACL,KAAK,EAAE,IAAI,OAAO,CAAC,kBAAkB,IAAI,YAAY,SAAS,eAAe,CAAC,kBAAkB,IAAI,eAAe,GAAG;QACtH,QAAQ,EAAE,SAAS,CACjB,OAAO,CAAC,QAAQ,EAChB,eAAe,CAAC,QAAQ,CACzB;QACD,cAAc,EAAE,aAAa,CAC3B,OAAO,CAAC,cAAc,EACtB,eAAe,CAAC,cAAc,CAC/B;QACD,qBAAqB,EAAE,aAAa,CAClC,OAAO,CAAC,qBAAqB,EAC7B,eAAe,CAAC,qBAAqB,CACtC;QACD,YAAY,EAAE,mBAAmB,CAC/B,OAAO,CAAC,YAAY,EACpB,eAAe,CAAC,YAAY,CAC7B;KACF,CAAC;AACJ,CAAC;AAED,SAAS,mBAAmB,CAC1B,QAAsB,EACtB,SAAuB;IAEvB,MAAM,EACJ,UAAU,EACV,GAAG,YAAY,EAChB,GAAG,gBAAgB,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;IAE1C,MAAM,oBAAoB,GAAG,IAAI,GAAG,EAAE,CAAC;IACvC,KAAK,MAAM,CAAC,IAAI,EAAE,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC,IAAI,UAAU,EAAE,CAAC;QACpD,MAAM,IAAI,GAAG;YACX,UAAU,EAAE,uBAAuB,CAAC,MAAM,EAAE,GAAG,CAAC,QAAQ,CAAC,UAAU,EAAE,WAAW,CAAC,QAAQ,CAAC,UAAU,CAAC;YACrG,WAAW,EAAE,uBAAuB,CAAC,MAAM,EAAE,GAAG,CAAC,QAAQ,CAAC,WAAW,EAAE,WAAW,CAAC,QAAQ,CAAC,WAAW,CAAC;YACxG,QAAQ,EAAE,eAAe,CAAC,GAAG,CAAC,QAAQ,EAAE,WAAW,CAAC,QAAQ,CAAC;YAC7D,eAAe,EAAE,uBAAuB,CAAC,IAAI,EAAE,GAAG,CAAC,eAAe,EAAE,WAAW,CAAC,eAAe,CAAC;SACjG,CAAC;QAEF,oBAAoB,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IACvC,CAAC;IAED,OAAO,EAAE,QAAQ,EAAE,oBAAoB,EAAE,GAAG,YAAY,EAAE,CAAC;AAC7D,CAAC;AAED,SAAS,eAAe,CACtB,QAA2C,EAC3C,SAA4C;IAE5C,MAAM,EAAE,UAAU,EAAE,GAAG,QAAQ,EAAE,GAAG,gBAAgB,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;IAE1E,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAAuC,CAAC;IACxE,KAAK,MAAM,CAAC,IAAI,EAAE,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC,IAAI,UAAU,EAAE,CAAC;QAC5D,MAAM,IAAI,GAAgC;YACxC,EAAE,EAAE,aAAa,CAAC,OAAO,CAAC,EAAE,EAAE,eAAe,CAAC,EAAE,CAAC;YACjD,IAAI,EAAE,aAAa,CAAC,OAAO,CAAC,IAAI,EAAE,eAAe,CAAC,IAAI,CAAC;YACvD,MAAM,EAAE,oBAAoB,CAAC,OAAO,CAAC,MAAM,EAAE,eAAe,CAAC,MAAM,CAAC;YACpE,eAAe,EAAE,aAAa,CAAC,OAAO,CAAC,eAAe,EAAE,eAAe,CAAC,eAAe,CAAC;YACxF,qBAAqB,EAAE,aAAa,CAAC,OAAO,CAAC,qBAAqB,EAAE,eAAe,CAAC,qBAAqB,CAAC;YAC1G,WAAW,EAAE,aAAa,CAAC,OAAO,CAAC,WAAW,EAAE,eAAe,CAAC,WAAW,CAAC;YAC5E,MAAM,EAAE,OAAO,CAAC,MAAM,IAAI,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;YAC1H,aAAa;YACb,OAAO,EAAE,oBAAoB,CAAC,OAAO,CAAC,OAAO,EAAE,eAAe,CAAC,OAAO,CAAC;YACvE,wGAAwG;YACxG,UAAU,EAAE,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,UAAU,EAAE,eAAe,CAAC,UAAU,CAAC;mBAC/E,cAAc,CAAC,KAAK,EAAE,OAAO,CAAC,UAAU,EAAE,eAAe,CAAC,UAAU,CAAC;YACxE,OAAO,EAAE,oBAAoB,CAAC,OAAO,CAAC,OAAO,EAAE,eAAe,CAAC,OAAO,CAAC;YACvE,QAAQ,EAAE,SAAS,CAAC,OAAO,CAAC,QAAQ,EAAE,eAAe,CAAC,QAAQ,CAAC;YAC/D,WAAW,EAAE,kBAAkB,CAAC,OAAO,CAAC,WAAW,EAAE,eAAe,CAAC,WAAW,CAAC;YACjF,gBAAgB,EAAE,SAAS,CAAC,OAAO,CAAC,gBAAgB,EAAE,eAAe,CAAC,gBAAgB,CAAC;YACvF,KAAK,EAAE,SAAS,CAAC,OAAO,CAAC,KAAK,EAAE,eAAe,CAAC,KAAK,CAAC;YACtD,KAAK,EAAE,aAAa,CAAC,OAAO,CAAC,KAAM,EAAE,eAAe,CAAC,KAAM,CAAC;SAC7D,CAAC;QAEF,gBAAgB,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IACnC,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,gBAAgB;QAC1B,GAAG,QAAQ;KACZ,CAAC;AACJ,CAAC;AAED,SAAS,kBAAkB,CACzB,QAA0C,EAC1C,SAA2C;IAE3C,OAAO;QACL,QAAQ,EAAE,SAAS,CAAC,QAAQ,CAAC,QAAQ,EAAE,SAAS,CAAC,QAAQ,CAAC;QAC1D,mBAAmB,EAAE,SAAS,CAAC,QAAQ,CAAC,mBAAmB,EAAE,SAAS,CAAC,mBAAmB,CAAC;QAC3F,eAAe,EAAE,SAAS,CAAC,QAAQ,CAAC,eAAe,EAAE,SAAS,CAAC,eAAe,CAAC;QAC/E,MAAM,EAAE,SAAS,CAAC,QAAQ,CAAC,MAAM,EAAE,SAAS,CAAC,MAAM,CAAC;QACpD,OAAO,EAAE,SAAS,CAAC,QAAQ,CAAC,OAAO,EAAE,SAAS,CAAC,OAAO,CAAC;KACxD,CAAC;AACJ,CAAC;AAED,SAAS,oBAAoB,CAC3B,QAAsB,EACtB,SAAuB;IAEvB,MAAM,EAAE,UAAU,EAAE,GAAG,IAAI,EAAE,GAAG,gBAAgB,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;IAEtE,MAAM,QAAQ,GAAG,IAAI,GAAG,EAA8B,CAAC;IACvD,KAAK,MAAM,CAAC,IAAI,EAAE,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC,IAAI,UAAU,EAAE,CAAC;QAC1D,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,aAAa,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC,CAAC;IAC5D,CAAC;IAED,OAAO;QACL,QAAQ;QACR,GAAG,IAAI;KACR,CAAC;AACJ,CAAC;AAED,SAAS,cAAc,CACrB,GAAY,EACZ,WAAc,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,EACjC,YAAe,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC;IAElC,IAAI,QAAQ,CAAC,GAAG,CAAC,KAAK,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC;QACrC,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,OAAO;QACL,IAAI,EAAE,QAAQ;QACd,GAAG,EAAE,SAAS;KACf,CAAC;AACJ,CAAC;AAED,SAAS,aAAa,CACpB,QAAW,EACX,SAAY;IAEZ,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACjC,IAAI,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,KAAK,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,EAAE,CAAC;YAC3D,OAAO,SAAS,CAAC;QACnB,CAAC;IACH,CAAC;SACI,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;QAChC,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,OAAO;QACL,IAAI,EAAE,QAAQ;QACd,GAAG,EAAE,SAAS;KACf,CAAC;AACJ,CAAC;AAED,SAAS,gBAAgB,CACvB,WAA8B,EAAE,EAChC,YAA+B,EAAE;IAEjC,MAAM,KAAK,GAAG,IAAI,GAAG,EAAa,CAAC;IACnC,MAAM,OAAO,GAAG,IAAI,GAAG,EAAa,CAAC;IACrC,MAAM,UAAU,GAAG,IAAI,GAAG,EAAkB,CAAC;IAE7C,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;QACpC,IAAI,GAAG,IAAI,SAAS,EAAE,CAAC;YACrB,UAAU,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QACvD,CAAC;aACI,CAAC;YACJ,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;QAClC,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;QACrC,IAAI,CAAC,CAAC,GAAG,IAAI,QAAQ,CAAC,EAAE,CAAC;YACvB,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;QACjC,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,UAAU,EAAE,CAAC;AACxC,CAAC;AAED,SAAS,SAAS,CAChB,WAAgB,EAAE,EAClB,YAAiB,EAAE;IAEnB,MAAM,KAAK,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACtC,IAAI,OAAO,CAAC,KAAK,QAAQ,EAAE,CAAC;YAC1B,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC;QAC3B,CAAC;QAED,OAAO,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IAC3D,CAAC,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACvC,IAAI,OAAO,CAAC,KAAK,QAAQ,EAAE,CAAC;YAC1B,OAAO,CAAC,KAAK,SAAS,CAAC,CAAC,CAAC,CAAC;QAC5B,CAAC;QAED,OAAO,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;IAC5D,CAAC,CAAC,CAAC;IAEH,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;AAC5B,CAAC;AAED,MAAM,UAAU,uBAAuB,CACrC,GAAW,EACX,WAAgB,EAAE,EAClB,YAAiB,EAAE;IAEnB,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC;IACzE,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC;IAEvE,MAAM,KAAK,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IACtE,MAAM,OAAO,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IAExE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;AAC5B,CAAC"}
|
package/dist/depWalker.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"depWalker.d.ts","sourceRoot":"","sources":["../src/depWalker.ts"],"names":[],"mappings":"AAWA,OAAO,KAAK,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAO1E,OAAO,EAAE,MAAM,EAAuB,MAAM,yBAAyB,CAAC;AACtE,OAAO,KAAK,EAGV,OAAO,EACP,OAAO,EACR,MAAM,YAAY,CAAC;AA4CpB,KAAK,aAAa,GAAG,IAAI,CAAC,OAAO,EAAE,UAAU,CAAC,GAAG;IAC/C,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,
|
|
1
|
+
{"version":3,"file":"depWalker.d.ts","sourceRoot":"","sources":["../src/depWalker.ts"],"names":[],"mappings":"AAWA,OAAO,KAAK,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAO1E,OAAO,EAAE,MAAM,EAAuB,MAAM,yBAAyB,CAAC;AACtE,OAAO,KAAK,EAGV,OAAO,EACP,OAAO,EACR,MAAM,YAAY,CAAC;AA4CpB,KAAK,aAAa,GAAG,IAAI,CAAC,OAAO,EAAE,UAAU,CAAC,GAAG;IAC/C,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF,wBAAsB,SAAS,CAC7B,QAAQ,EAAE,WAAW,GAAG,eAAe,EACvC,OAAO,EAAE,aAAa,EACtB,MAAM,SAAe,GACpB,OAAO,CAAC,OAAO,CAAC,CA+LlB"}
|
package/dist/depWalker.js
CHANGED
|
@@ -6,7 +6,7 @@ import os from "node:os";
|
|
|
6
6
|
// Import Third-party Dependencies
|
|
7
7
|
import { Mutex, MutexRelease } from "@openally/mutex";
|
|
8
8
|
import { scanDirOrArchive } from "@nodesecure/tarball";
|
|
9
|
-
import * as
|
|
9
|
+
import * as Vulnera from "@nodesecure/vulnera";
|
|
10
10
|
import { npm } from "@nodesecure/tree-walker";
|
|
11
11
|
// Import Internal Dependencies
|
|
12
12
|
import { getDependenciesWarnings, addMissingVersionFlags, getUsedDeps } from "./utils/index.js";
|
|
@@ -48,7 +48,7 @@ const kDefaultDependencyMetadata = {
|
|
|
48
48
|
};
|
|
49
49
|
const { version: packageVersion } = JSON.parse(readFileSync(new URL(path.join("..", "package.json"), import.meta.url), "utf-8"));
|
|
50
50
|
export async function depWalker(manifest, options, logger = new Logger()) {
|
|
51
|
-
const { scanRootNode = false, includeDevDeps = false, packageLock, maxDepth, location, vulnerabilityStrategy =
|
|
51
|
+
const { scanRootNode = false, includeDevDeps = false, packageLock, maxDepth, location, vulnerabilityStrategy = Vulnera.strategies.NONE, registry } = options;
|
|
52
52
|
// Create TMP directory
|
|
53
53
|
const tmpLocation = await fs.mkdtemp(path.join(os.tmpdir(), "/"));
|
|
54
54
|
const payload = {
|
|
@@ -135,11 +135,15 @@ export async function depWalker(manifest, options, logger = new Logger()) {
|
|
|
135
135
|
.end(ScannerLoggerEvents.analysis.tarball)
|
|
136
136
|
.end(ScannerLoggerEvents.analysis.registry);
|
|
137
137
|
}
|
|
138
|
-
const { hydratePayloadDependencies, strategy } =
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
|
|
138
|
+
const { hydratePayloadDependencies, strategy } = Vulnera.setStrategy(vulnerabilityStrategy);
|
|
139
|
+
const isVulnHydratable = (strategy === "github-advisory" || strategy === "snyk")
|
|
140
|
+
&& typeof location === "undefined";
|
|
141
|
+
if (!isVulnHydratable) {
|
|
142
|
+
await hydratePayloadDependencies(dependencies, {
|
|
143
|
+
useStandardFormat: true,
|
|
144
|
+
path: location
|
|
145
|
+
});
|
|
146
|
+
}
|
|
143
147
|
payload.vulnerabilityStrategy = strategy;
|
|
144
148
|
// We do this because it "seem" impossible to link all dependencies in the first walk.
|
|
145
149
|
// Because we are dealing with package only one time it may happen sometimes.
|
package/dist/depWalker.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"depWalker.js","sourceRoot":"","sources":["../src/depWalker.ts"],"names":[],"mappings":"AAAA,8BAA8B;AAC9B,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,YAAY,EAAE,QAAQ,IAAI,EAAE,EAAE,MAAM,SAAS,CAAC;AACvD,OAAO,MAAM,MAAM,sBAAsB,CAAC;AAC1C,OAAO,EAAE,MAAM,SAAS,CAAC;AAEzB,kCAAkC;AAClC,OAAO,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AACtD,OAAO,EAAE,gBAAgB,EAAgC,MAAM,qBAAqB,CAAC;AACrF,OAAO,KAAK,
|
|
1
|
+
{"version":3,"file":"depWalker.js","sourceRoot":"","sources":["../src/depWalker.ts"],"names":[],"mappings":"AAAA,8BAA8B;AAC9B,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,YAAY,EAAE,QAAQ,IAAI,EAAE,EAAE,MAAM,SAAS,CAAC;AACvD,OAAO,MAAM,MAAM,sBAAsB,CAAC;AAC1C,OAAO,EAAE,MAAM,SAAS,CAAC;AAEzB,kCAAkC;AAClC,OAAO,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AACtD,OAAO,EAAE,gBAAgB,EAAgC,MAAM,qBAAqB,CAAC;AACrF,OAAO,KAAK,OAAO,MAAM,qBAAqB,CAAC;AAC/C,OAAO,EAAE,GAAG,EAAE,MAAM,yBAAyB,CAAC;AAG9C,+BAA+B;AAC/B,OAAO,EACL,uBAAuB,EAAE,sBAAsB,EAAE,WAAW,EAC7D,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACrE,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAQtE,YAAY;AACZ,MAAM,+BAA+B,GAAG;IACtC,WAAW,EAAE,EAAE;IACf,IAAI,EAAE,CAAC;IACP,MAAM,EAAE,IAAI;IACZ,OAAO,EAAE,EAAE;IACX,OAAO,EAAE,EAAE;IACX,QAAQ,EAAE,EAAE;IACZ,gBAAgB,EAAE,EAAE;IACpB,WAAW,EAAE;QACX,UAAU,EAAE,EAAE;QACd,KAAK,EAAE,EAAE;QACT,QAAQ,EAAE,EAAE;QACZ,MAAM,EAAE,EAAE;QACV,OAAO,EAAE,EAAE;QACX,cAAc,EAAE,EAAE;QAClB,eAAe,EAAE,EAAE;QACnB,mBAAmB,EAAE,EAAE;QACvB,gBAAgB,EAAE,EAAE;KACrB;CACF,CAAC;AACF,MAAM,0BAA0B,GAA2B;IACzD,cAAc,EAAE,CAAC;IACjB,YAAY,EAAE,IAAI,IAAI,EAAE;IACxB,WAAW,EAAE,KAAK;IAClB,gBAAgB,EAAE,KAAK;IACvB,iBAAiB,EAAE,KAAK;IACxB,0BAA0B,EAAE,IAAI;IAChC,QAAQ,EAAE,IAAI;IACd,MAAM,EAAE,IAAI;IACZ,UAAU,EAAE,EAAE;IACd,WAAW,EAAE,EAAE;IACf,SAAS,EAAE,EAAE;CACd,CAAC;AAEF,MAAM,EAAE,OAAO,EAAE,cAAc,EAAE,GAAG,IAAI,CAAC,KAAK,CAC5C,YAAY,CACV,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,cAAc,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EACzD,OAAO,CACR,CACF,CAAC;AAOF,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,QAAuC,EACvC,OAAsB,EACtB,MAAM,GAAG,IAAI,MAAM,EAAE;IAErB,MAAM,EACJ,YAAY,GAAG,KAAK,EACpB,cAAc,GAAG,KAAK,EACtB,WAAW,EACX,QAAQ,EACR,QAAQ,EACR,qBAAqB,GAAG,OAAO,CAAC,UAAU,CAAC,IAAI,EAC/C,QAAQ,EACT,GAAG,OAAO,CAAC;IAEZ,uBAAuB;IACvB,MAAM,WAAW,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,EAAE,GAAG,CAAC,CAAC,CAAC;IAElE,MAAM,OAAO,GAAqB;QAChC,EAAE,EAAE,WAAW,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACzB,kBAAkB,EAAE,QAAQ,CAAC,IAAI;QACjC,cAAc,EAAE,cAAc;QAC9B,qBAAqB;QACrB,QAAQ,EAAE,EAAE;KACb,CAAC;IAEF,MAAM,YAAY,GAA4B,IAAI,GAAG,EAAE,CAAC;IACxD,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC;QACvC,QAAQ;KACT,CAAC,CAAC;IACH,CAAC;QACC,MAAM;aACH,KAAK,CAAC,mBAAmB,CAAC,QAAQ,CAAC,IAAI,CAAC;aACxC,KAAK,CAAC,mBAAmB,CAAC,QAAQ,CAAC,OAAO,CAAC;aAC3C,KAAK,CAAC,mBAAmB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAChD,MAAM,uBAAuB,GAAG,IAAI,GAAG,EAAU,CAAC;QAClD,MAAM,eAAe,GAAoB,EAAE,CAAC;QAE5C,MAAM,MAAM,GAAG,IAAI,KAAK,CAAC,EAAE,WAAW,EAAE,CAAC,EAAE,CAAC,CAAC;QAC7C,MAAM,CAAC,EAAE,CACP,YAAY,EACZ,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,OAAO,CAAC,CACxD,CAAC;QAEF,MAAM,eAAe,GAAoB;YACvC,QAAQ;YACR,cAAc;YACd,WAAW;SACZ,CAAC;QACF,IAAI,KAAK,EAAE,MAAM,OAAO,IAAI,aAAa,CAAC,IAAI,CAAC,QAAQ,EAAE,eAAe,CAAC,EAAE,CAAC;YAC1E,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,cAAc,EAAE,GAAG,OAAO,CAAC;YACrD,MAAM,UAAU,GAAe;gBAC7B,QAAQ,EAAE;oBACR,CAAC,OAAO,CAAC,EAAE;wBACT,GAAG,cAAc;wBACjB,GAAG,eAAe,CAAC,+BAA+B,CAAC;qBACpD;iBACF;gBACD,eAAe,EAAE,EAAE;gBACnB,QAAQ,EAAE,eAAe,CAAC,0BAA0B,CAAC;aACtD,CAAC;YAEF,IAAI,qBAAqB,GAAG,IAAI,CAAC;YACjC,IAAI,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC3B,MAAM,GAAG,GAAG,YAAY,CAAC,GAAG,CAAC,IAAI,CAAE,CAAC;gBACpC,eAAe,CAAC,IAAI,CAClB,gBAAgB,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,CAAC,CACrC,CAAC;gBAEF,IAAI,OAAO,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;oBAC5B,kDAAkD;oBAClD,uEAAuE;oBACvE,qBAAqB,GAAG,KAAK,CAAC;gBAChC,CAAC;qBACI,CAAC;oBACJ,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;gBACvD,CAAC;YACH,CAAC;iBACI,CAAC;gBACJ,YAAY,CAAC,GAAG,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;YACrC,CAAC;YAED,uDAAuD;YACvD,IAAI,OAAO,CAAC,eAAe,IAAI,CAAC,qBAAqB,EAAE,CAAC;gBACtD,SAAS;YACX,CAAC;YAED,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YAE/C,6EAA6E;YAC7E,IAAI,uBAAuB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,qBAAqB,EAAE,CAAC;gBACxE,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YACrD,CAAC;iBACI,CAAC;gBACJ,uBAAuB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;gBAClC,eAAe,CAAC,IAAI,CAAC,eAAe,CAAC,IAAI,EAAE,OAAO,EAAE;oBAClD,UAAU;oBACV,MAAM;iBACP,CAAC,CAAC,CAAC;YACN,CAAC;YAED,MAAM,cAAc,GAAG;gBACrB,GAAG,EAAE,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAQ;gBACxC,QAAQ;gBACR,WAAW,EAAE,YAAY,IAAI,IAAI,KAAK,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,WAAW;gBACxE,QAAQ;aACT,CAAC;YACF,eAAe,CAAC,IAAI,CAAC,kBAAkB,CAAC,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,cAAc,CAAC,CAAC,CAAC;QAClF,CAAC;QAED,MAAM,CAAC,GAAG,CAAC,mBAAmB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC9C,MAAM,OAAO,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC;QAC1C,MAAM,MAAM,CAAC,YAAY,EAAE,CAAC;QAE5B,MAAM;aACH,GAAG,CAAC,mBAAmB,CAAC,QAAQ,CAAC,OAAO,CAAC;aACzC,GAAG,CAAC,mBAAmB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAChD,CAAC;IAED,MAAM,EAAE,0BAA0B,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC,WAAW,CAClE,qBAAqB,CACtB,CAAC;IAEF,MAAM,gBAAgB,GAAG,CAAC,QAAQ,KAAK,iBAAiB,IAAI,QAAQ,KAAK,MAAM,CAAC;WAC3E,OAAO,QAAQ,KAAK,WAAW,CAAC;IACrC,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACtB,MAAM,0BAA0B,CAAC,YAAmB,EAAE;YACpD,iBAAiB,EAAE,IAAI;YACvB,IAAI,EAAE,QAAQ;SACf,CAAC,CAAC;IACL,CAAC;IAED,OAAO,CAAC,qBAAqB,GAAG,QAAQ,CAAC;IAEzC,sFAAsF;IACtF,6EAA6E;IAC7E,MAAM,cAAc,GAAa,EAAE,CAAC;IACpC,KAAK,MAAM,CAAC,WAAW,EAAE,UAAU,CAAC,IAAI,YAAY,EAAE,CAAC;QACrD,MAAM,mBAAmB,GAAG,UAAU,CAAC,QAAQ,EAAE,SAAS,IAAI,EAAE,CAAC;QAEjE,KAAK,MAAM,CAAC,OAAO,EAAE,SAAS,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,mBAAmB,CAAC,EAAE,CAAC;YACvE,MAAM,aAAa,GAAG,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAsB,CAAC;YAExE,aAAa;YACb,MAAM,cAAc,GAAG,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,KAAK,eAAe,CAAC,CAAC;YAClG,IAAI,cAAc,EAAE,CAAC;gBACnB,cAAc,CAAC,IAAI,CAAC,GAAG,WAAW,IAAI,OAAO,oCAAoC,CAAC,CAAC;YACrF,CAAC;YAED,IAAI,CAAC,CAAC,WAAW,IAAI,aAAa,CAAC,IAAI,aAAa,CAAC,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC7E,SAAS;YACX,CAAC;YAED,IAAI,aAAa,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;gBAC1C,cAAc,CAAC,IAAI,CAAC,GAAG,WAAW,IAAI,OAAO,8CAA8C,CAAC,CAAC;YAC/F,CAAC;QACH,CAAC;QACD,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC1D,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,GAAG,OAAsC,CAAC;YACvE,aAAa,CAAC,KAAK,CAAC,IAAI,CACtB,GAAG,sBAAsB,CAAC,IAAI,GAAG,CAAC,aAAa,CAAC,KAAK,CAAC,EAAE,UAAU,CAAC,CACpE,CAAC;YAEF,MAAM,QAAQ,GAAG,aAAa,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,WAAW,IAAI,MAAM,EAAE,CAAC,IAAI,IAAI,GAAG,EAAE,CAAC;YACzF,IAAI,QAAQ,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;gBACxB,SAAS;YACX,CAAC;YAED,MAAM,MAAM,GAA2B,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YAC3D,KAAK,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,WAAW,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACpD,MAAM,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC;YACzB,CAAC;YACD,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAED,IAAI,CAAC;QACH,MAAM,EAAE,QAAQ,EAAE,WAAW,EAAE,GAAG,MAAM,uBAAuB,CAC7D,YAAY,EACZ,OAAO,CAAC,SAAS,EAAE,QAAQ,CAC5B,CAAC;QACF,OAAO,CAAC,QAAQ,GAAG,cAAc,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QACnD,OAAO,CAAC,WAAW,GAAG;YACpB,QAAQ,EAAE,WAAW;SACtB,CAAC;QACF,OAAO,CAAC,YAAY,GAAG,MAAM,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC;QAExD,OAAO,OAAkB,CAAC;IAC5B,CAAC;YACO,CAAC;QACP,MAAM,MAAM,CAAC,YAAY,EAAE,CAAC;QAC5B,MAAM,EAAE,CAAC,EAAE,CAAC,WAAW,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QAE3D,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC;IACxC,CAAC;AACH,CAAC;AAED,sCAAsC;AACtC,KAAK,UAAU,kBAAkB,CAC/B,IAAY,EACZ,OAAe,EACf,MAAa,EACb,OAAgC;IAEhC,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,OAAO,EAAE,CAAC;IAEpC,IAAI,CAAC;QACH,MAAM,gBAAgB,CAAC,IAAI,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;IACjD,CAAC;IACD,MAAM,CAAC;QACL,SAAS;IACX,CAAC;YACO,CAAC;QACP,IAAI,EAAE,CAAC;IACT,CAAC;AACH,CAAC"}
|
|
@@ -0,0 +1,6 @@
|
|
|
1
|
+
import { Payload, type ProbeExtractor, type PackumentProbeExtractor, type ManifestProbeExtractor } from "./payload.js";
|
|
2
|
+
export declare const Extractors: {
|
|
3
|
+
readonly Payload: typeof Payload;
|
|
4
|
+
};
|
|
5
|
+
export type { ProbeExtractor, PackumentProbeExtractor, ManifestProbeExtractor };
|
|
6
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/extractors/index.ts"],"names":[],"mappings":"AACA,OAAO,EACL,OAAO,EACP,KAAK,cAAc,EACnB,KAAK,uBAAuB,EAC5B,KAAK,sBAAsB,EAC5B,MAAM,cAAc,CAAC;AAEtB,eAAO,MAAM,UAAU;;CAEb,CAAC;AAEX,YAAY,EACV,cAAc,EACd,uBAAuB,EACvB,sBAAsB,EACvB,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/extractors/index.ts"],"names":[],"mappings":"AAAA,+BAA+B;AAC/B,OAAO,EACL,OAAO,EAIR,MAAM,cAAc,CAAC;AAEtB,MAAM,CAAC,MAAM,UAAU,GAAG;IACxB,OAAO;CACC,CAAC"}
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
import type { Simplify } from "type-fest";
|
|
2
|
+
import * as Scanner from "../types.js";
|
|
3
|
+
type MergeDeep<T extends unknown[]> = T extends [a: infer A, ...rest: infer R] ? A & MergeDeep<R> : {};
|
|
4
|
+
type ExtractProbeResult<T extends ProbeExtractor<any>[]> = {
|
|
5
|
+
[K in keyof T]: T[K] extends ProbeExtractor<any> ? ReturnType<T[K]["done"]> : never;
|
|
6
|
+
};
|
|
7
|
+
export type ProbeExtractorLevel = "packument" | "manifest";
|
|
8
|
+
export interface ProbeExtractor<Defs> {
|
|
9
|
+
level: ProbeExtractorLevel;
|
|
10
|
+
next(...args: any[]): void;
|
|
11
|
+
done(): Defs;
|
|
12
|
+
}
|
|
13
|
+
export interface PackumentProbeExtractor<Defs> extends ProbeExtractor<Defs> {
|
|
14
|
+
level: "packument";
|
|
15
|
+
next(name: string, dependency: Scanner.Dependency): void;
|
|
16
|
+
}
|
|
17
|
+
export interface ManifestProbeExtractor<Defs> extends ProbeExtractor<Defs> {
|
|
18
|
+
level: "manifest";
|
|
19
|
+
next(spec: string, dependencyVersion: Scanner.DependencyVersion): void;
|
|
20
|
+
}
|
|
21
|
+
export declare class Payload<T extends ProbeExtractor<any>[]> {
|
|
22
|
+
private dependencies;
|
|
23
|
+
private probes;
|
|
24
|
+
constructor(data: Scanner.Payload | Scanner.Payload["dependencies"], probes: [...T]);
|
|
25
|
+
extract(): ExtractProbeResult<T>;
|
|
26
|
+
extractAndMerge(): Simplify<MergeDeep<ExtractProbeResult<T>>>;
|
|
27
|
+
}
|
|
28
|
+
export {};
|
|
29
|
+
//# sourceMappingURL=payload.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"payload.d.ts","sourceRoot":"","sources":["../../src/extractors/payload.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AAI1C,OAAO,KAAK,OAAO,MAAM,aAAa,CAAC;AAMvC,KAAK,SAAS,CAAC,CAAC,SAAS,OAAO,EAAE,IAC9B,CAAC,SAAS,CAAC,CAAC,EAAE,MAAM,CAAC,EAAE,GAAG,IAAI,EAAE,MAAM,CAAC,CAAC,GAAG,CAAC,GAAG,SAAS,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC;AAErE,KAAK,kBAAkB,CAAC,CAAC,SAAS,cAAc,CAAC,GAAG,CAAC,EAAE,IAAI;KACxD,CAAC,IAAI,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,cAAc,CAAC,GAAG,CAAC,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,KAAK;CACpF,CAAC;AAEF,MAAM,MAAM,mBAAmB,GAAG,WAAW,GAAG,UAAU,CAAC;AAE3D,MAAM,WAAW,cAAc,CAAC,IAAI;IAClC,KAAK,EAAE,mBAAmB,CAAC;IAC3B,IAAI,CAAC,GAAG,IAAI,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;IAC3B,IAAI,IAAI,IAAI,CAAC;CACd;AAED,MAAM,WAAW,uBAAuB,CAAC,IAAI,CAAE,SAAQ,cAAc,CAAC,IAAI,CAAC;IACzE,KAAK,EAAE,WAAW,CAAC;IACnB,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;CAC1D;AAED,MAAM,WAAW,sBAAsB,CAAC,IAAI,CAAE,SAAQ,cAAc,CAAC,IAAI,CAAC;IACxE,KAAK,EAAE,UAAU,CAAC;IAClB,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,iBAAiB,EAAE,OAAO,CAAC,iBAAiB,GAAG,IAAI,CAAC;CACxE;AAED,qBAAa,OAAO,CAAC,CAAC,SAAS,cAAc,CAAC,GAAG,CAAC,EAAE;IAClD,OAAO,CAAC,YAAY,CAAkC;IACtD,OAAO,CAAC,MAAM,CAAiC;gBAG7C,IAAI,EAAE,OAAO,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,cAAc,CAAC,EACvD,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC;IAahB,OAAO,IAaA,kBAAkB,CAAC,CAAC,CAAC;IAG5B,eAAe,IAGG,QAAQ,CAAC,SAAS,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAC,CAAC;CAE7D"}
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
import deepmerge from "@fastify/deepmerge";
|
|
2
|
+
// Import Internal Dependencies
|
|
3
|
+
import * as Scanner from "../types.js";
|
|
4
|
+
import { isNodesecurePayload } from "../utils/isNodesecurePayload.js";
|
|
5
|
+
// CONSTANTS
|
|
6
|
+
const kFastMerge = deepmerge({ all: true });
|
|
7
|
+
export class Payload {
|
|
8
|
+
dependencies;
|
|
9
|
+
probes;
|
|
10
|
+
constructor(data, probes) {
|
|
11
|
+
this.dependencies = isNodesecurePayload(data) ?
|
|
12
|
+
data.dependencies :
|
|
13
|
+
data;
|
|
14
|
+
this.probes = probes.reduce((prev, curr) => {
|
|
15
|
+
prev[curr.level].push(curr);
|
|
16
|
+
return prev;
|
|
17
|
+
}, { packument: [], manifest: [] });
|
|
18
|
+
}
|
|
19
|
+
extract() {
|
|
20
|
+
for (const [name, dep] of Object.entries(this.dependencies)) {
|
|
21
|
+
this.probes.packument.forEach((probe) => probe.next(name, dep));
|
|
22
|
+
if (this.probes.manifest.length > 0) {
|
|
23
|
+
for (const [spec, depVersion] of Object.entries(dep.versions)) {
|
|
24
|
+
this.probes.manifest.forEach((probe) => probe.next(spec, depVersion));
|
|
25
|
+
}
|
|
26
|
+
}
|
|
27
|
+
}
|
|
28
|
+
return [
|
|
29
|
+
...this.probes.packument.map((probe) => probe.done()),
|
|
30
|
+
...this.probes.manifest.map((probe) => probe.done())
|
|
31
|
+
];
|
|
32
|
+
}
|
|
33
|
+
extractAndMerge() {
|
|
34
|
+
return kFastMerge(this.extract());
|
|
35
|
+
}
|
|
36
|
+
}
|
|
37
|
+
//# sourceMappingURL=payload.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"payload.js","sourceRoot":"","sources":["../../src/extractors/payload.ts"],"names":[],"mappings":"AAEA,OAAO,SAAS,MAAM,oBAAoB,CAAC;AAE3C,+BAA+B;AAC/B,OAAO,KAAK,OAAO,MAAM,aAAa,CAAC;AACvC,OAAO,EAAE,mBAAmB,EAAE,MAAM,iCAAiC,CAAC;AAEtE,YAAY;AACZ,MAAM,UAAU,GAAG,SAAS,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC;AA2B5C,MAAM,OAAO,OAAO;IACV,YAAY,CAAkC;IAC9C,MAAM,CAAiC;IAE/C,YACE,IAAuD,EACvD,MAAc;QAEd,IAAI,CAAC,YAAY,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC;YAC7C,IAAI,CAAC,YAAY,CAAC,CAAC;YACnB,IAAI,CAAC;QAEP,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,EAAE;YACzC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAE5B,OAAO,IAAI,CAAC;QACd,CAAC,EAAE,EAAE,SAAS,EAAE,EAAkB,EAAE,QAAQ,EAAE,EAAkB,EAAE,CAAC,CAAC;IACtE,CAAC;IAED,OAAO;QACL,KAAK,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC;YAC5D,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,CAAC;YAChE,IAAI,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACpC,KAAK,MAAM,CAAC,IAAI,EAAE,UAAU,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAC9D,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC,CAAC;gBACxE,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO;YACL,GAAG,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;YACrD,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;SAC5B,CAAC;IAC7B,CAAC;IAED,eAAe;QACb,OAAO,UAAU,CACf,IAAI,CAAC,OAAO,EAAE,CAC0C,CAAC;IAC7D,CAAC;CACF"}
|
package/dist/types.d.ts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import * as JSXRay from "@nodesecure/js-x-ray";
|
|
2
|
-
import * as Vulnera from "@nodesecure/
|
|
2
|
+
import * as Vulnera from "@nodesecure/vulnera";
|
|
3
3
|
import type { SpdxFileLicenseConformance } from "@nodesecure/conformance";
|
|
4
4
|
import type { IlluminatedContact } from "@nodesecure/contact";
|
|
5
5
|
import type { Contact } from "@nodesecure/npm-types";
|
|
@@ -140,7 +140,7 @@ export interface Dependency {
|
|
|
140
140
|
*
|
|
141
141
|
* @see https://github.com/NodeSecure/vuln
|
|
142
142
|
*/
|
|
143
|
-
vulnerabilities: Vulnera.
|
|
143
|
+
vulnerabilities: Vulnera.StandardVulnerability[];
|
|
144
144
|
}
|
|
145
145
|
export type Dependencies = Record<string, Dependency>;
|
|
146
146
|
export interface Payload {
|
|
@@ -158,7 +158,7 @@ export interface Payload {
|
|
|
158
158
|
/** Version of the scanner used to generate the result */
|
|
159
159
|
scannerVersion: string;
|
|
160
160
|
/** Vulnerability strategy name (npm, snyk, node) */
|
|
161
|
-
vulnerabilityStrategy: Vulnera.
|
|
161
|
+
vulnerabilityStrategy: Vulnera.Kind;
|
|
162
162
|
}
|
|
163
163
|
export interface Options {
|
|
164
164
|
/**
|
|
@@ -204,7 +204,7 @@ export interface Options {
|
|
|
204
204
|
*
|
|
205
205
|
* @default NONE
|
|
206
206
|
*/
|
|
207
|
-
readonly vulnerabilityStrategy?: Vulnera.
|
|
207
|
+
readonly vulnerabilityStrategy?: Vulnera.Kind;
|
|
208
208
|
/**
|
|
209
209
|
* Analyze root package.
|
|
210
210
|
*
|
package/dist/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,MAAM,MAAM,sBAAsB,CAAC;AAC/C,OAAO,KAAK,OAAO,MAAM,
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,MAAM,MAAM,sBAAsB,CAAC;AAC/C,OAAO,KAAK,OAAO,MAAM,qBAAqB,CAAC;AAE/C,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,yBAAyB,CAAC;AAC1E,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AAC9D,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAC;AAErD,MAAM,MAAM,UAAU,GAAG,OAAO,GAAG;IACjC;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,MAAM,MAAM,SAAS,GAAG,IAAI,CAAC,UAAU,EAAE,KAAK,CAAC,GAAG;IAChD;;OAEG;IACH,OAAO,EAAE,MAAM,CAAC;IAChB;;;OAGG;IACH,EAAE,EAAE,MAAM,CAAC;CACZ,CAAC;AAEF,MAAM,WAAW,eAAe;IAC9B,wBAAwB;IACxB,GAAG,EAAE,MAAM,CAAC;IACZ,mBAAmB;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,yBAAyB;IACzB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,OAAO;IACtB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,MAAM,CAAC;CACb;AAED,MAAM,WAAW,iBAAiB;IAChC,qDAAqD;IACrD,EAAE,EAAE,MAAM,CAAC;IACX,eAAe,EAAE,OAAO,CAAC;IACzB;;;OAGG;IACH,qBAAqB,EAAE,OAAO,CAAC;IAC/B,uCAAuC;IACvC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC/B,uDAAuD;IACvD,IAAI,EAAE,MAAM,CAAC;IACb,4BAA4B;IAC5B,eAAe,EAAE,MAAM,CAAC;IACxB,0BAA0B;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,iFAAiF;IACjF,MAAM,EAAE,UAAU,GAAG,IAAI,CAAC;IAC1B,OAAO,EAAE,OAAO,CAAC;IACjB,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC;;;;OAIG;IACH,QAAQ,EAAE,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,cAAc,CAAC,EAAE,CAAC;IAClD,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC9B,mDAAmD;IACnD,WAAW,EAAE;QACX,8CAA8C;QAC9C,UAAU,EAAE,MAAM,EAAE,CAAC;QACrB,KAAK,EAAE,MAAM,EAAE,CAAC;QAChB,wCAAwC;QACxC,QAAQ,EAAE,MAAM,EAAE,CAAC;QACnB,cAAc,EAAE,MAAM,EAAE,CAAC;QACzB,mBAAmB,EAAE,MAAM,EAAE,CAAC;QAC9B,eAAe,EAAE,MAAM,EAAE,CAAC;QAC1B,gBAAgB,EAAE,MAAM,EAAE,CAAC;QAC3B,MAAM,EAAE,MAAM,EAAE,CAAC;QACjB,OAAO,EAAE,MAAM,EAAE,CAAC;KACnB,CAAC;IACF;;OAEG;IACH,QAAQ,EAAE,0BAA0B,EAAE,CAAC;IACvC,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B;;;;OAIG;IACH,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB;;OAEG;IACH,MAAM,EAAE,IAAI,GAAG,MAAM,CAAC;IACtB;;;;;OAKG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,eAAe,CAAC;CACzB;AAED,MAAM,WAAW,UAAU;IACzB,4BAA4B;IAC5B,QAAQ,EAAE;QACR,0CAA0C;QAC1C,cAAc,EAAE,MAAM,CAAC;QACvB,YAAY,EAAE,IAAI,CAAC;QACnB,0BAA0B;QAC1B,WAAW,EAAE,MAAM,CAAC;QACpB,gBAAgB,EAAE,OAAO,CAAC;QAC1B,iBAAiB,EAAE,OAAO,CAAC;QAC3B,0BAA0B,EAAE,OAAO,CAAC;QACpC,iFAAiF;QACjF,MAAM,EAAE,UAAU,GAAG,IAAI,CAAC;QAC1B,wBAAwB;QACxB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;QACxB;;WAEG;QACH,WAAW,EAAE,UAAU,EAAE,CAAC;QAC1B;;WAEG;QACH,UAAU,EAAE,SAAS,EAAE,CAAC;QACxB;;;WAGG;QACH,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;KACnC,CAAC;IACF,yFAAyF;IACzF,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,iBAAiB,CAAC,CAAC;IAC5C;;;;OAIG;IACH,eAAe,EAAE,OAAO,CAAC,qBAAqB,EAAE,CAAC;CAClD;AAED,MAAM,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;AAEtD,MAAM,WAAW,OAAO;IACtB,wBAAwB;IACxB,EAAE,EAAE,MAAM,CAAC;IACX,mCAAmC;IACnC,kBAAkB,EAAE,MAAM,CAAC;IAC3B,2BAA2B;IAC3B,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,WAAW,EAAE;QACX,QAAQ,EAAE,kBAAkB,EAAE,CAAC;KAChC,CAAC;IACF,sDAAsD;IACtD,YAAY,EAAE,YAAY,CAAC;IAC3B,yDAAyD;IACzD,cAAc,EAAE,MAAM,CAAC;IACvB,oDAAoD;IACpD,qBAAqB,EAAE,OAAO,CAAC,IAAI,CAAC;CACrC;AAED,MAAM,WAAW,OAAO;IACtB;;;;OAIG;IACH,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAE3B,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,GAAG,GAAG,CAAC;IAEjC;;;;;;;OAOG;IACH,WAAW,CAAC,EAAE;QACZ;;;;;WAKG;QACH,aAAa,CAAC,EAAE,OAAO,CAAC;QAExB;;;WAGG;QACH,QAAQ,EAAE,MAAM,CAAC;KAClB,CAAC;IAEF,SAAS,CAAC,EAAE;QACV,QAAQ,EAAE,OAAO,EAAE,CAAC;KACrB,CAAC;IAEF;;;;OAIG;IACH,QAAQ,CAAC,cAAc,CAAC,EAAE,OAAO,CAAC;IAElC;;;;OAIG;IACH,QAAQ,CAAC,qBAAqB,CAAC,EAAE,OAAO,CAAC,IAAI,CAAC;IAE9C;;;;;OAKG;IACH,QAAQ,CAAC,YAAY,CAAC,EAAE,OAAO,CAAC;CACjC"}
|
package/dist/types.js
CHANGED
package/dist/types.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,kCAAkC;AAClC,OAAO,KAAK,MAAM,MAAM,sBAAsB,CAAC;AAC/C,OAAO,KAAK,OAAO,MAAM,
|
|
1
|
+
{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,kCAAkC;AAClC,OAAO,KAAK,MAAM,MAAM,sBAAsB,CAAC;AAC/C,OAAO,KAAK,OAAO,MAAM,qBAAqB,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"getUsedDeps.d.ts","sourceRoot":"","sources":["../../src/utils/getUsedDeps.ts"],"names":[],"mappings":"AAAA,wBAAgB,WAAW,
|
|
1
|
+
{"version":3,"file":"getUsedDeps.d.ts","sourceRoot":"","sources":["../../src/utils/getUsedDeps.ts"],"names":[],"mappings":"AAAA,wBAAgB,WAAW,CACzB,IAAI,EAAE,GAAG,CAAC,GAAG,MAAM,IAAI,MAAM,EAAE,CAAC,GAC/B,MAAM,EAAE,EAAE,CAWZ"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"getUsedDeps.js","sourceRoot":"","sources":["../../src/utils/getUsedDeps.ts"],"names":[],"mappings":"AAAA,MAAM,UAAU,WAAW,
|
|
1
|
+
{"version":3,"file":"getUsedDeps.js","sourceRoot":"","sources":["../../src/utils/getUsedDeps.ts"],"names":[],"mappings":"AAAA,MAAM,UAAU,WAAW,CACzB,IAAgC;IAEhC,OAAO,CAAC,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE;QAC5B,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;QACtC,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAEtD,OAAO,CAAC,IAAI,SAAS,EAAE,EAAE,OAAO,CAAC,CAAC;QACpC,CAAC;QAED,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACzB,CAAC,CAAC,CAAC;AACL,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"isNodesecurePayload.d.ts","sourceRoot":"","sources":["../../src/utils/isNodesecurePayload.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAE3C,wBAAgB,mBAAmB,CACjC,IAAI,EAAE,OAAO,GAAG,OAAO,CAAC,cAAc,CAAC,GACtC,IAAI,IAAI,OAAO,CAEjB"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"isNodesecurePayload.js","sourceRoot":"","sources":["../../src/utils/isNodesecurePayload.ts"],"names":[],"mappings":"AAGA,MAAM,UAAU,mBAAmB,CACjC,IAAuC;IAEvC,OAAO,cAAc,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,gBAAgB,IAAI,IAAI,CAAC;AAC5E,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@nodesecure/scanner",
|
|
3
|
-
"version": "6.0
|
|
3
|
+
"version": "6.2.0",
|
|
4
4
|
"description": "A package API to run a static analysis of your module's dependencies.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"exports": "./dist/index.js",
|
|
@@ -56,10 +56,10 @@
|
|
|
56
56
|
"@nodesecure/mama": "^1.0.0",
|
|
57
57
|
"@nodesecure/npm-registry-sdk": "^3.0.0",
|
|
58
58
|
"@nodesecure/npm-types": "^1.1.0",
|
|
59
|
-
"@nodesecure/rc": "^
|
|
60
|
-
"@nodesecure/tarball": "^1.0.
|
|
59
|
+
"@nodesecure/rc": "^4.0.1",
|
|
60
|
+
"@nodesecure/tarball": "^1.0.1",
|
|
61
61
|
"@nodesecure/tree-walker": "^1.1.0",
|
|
62
|
-
"@nodesecure/
|
|
62
|
+
"@nodesecure/vulnera": "^2.0.1",
|
|
63
63
|
"@openally/mutex": "^1.0.0",
|
|
64
64
|
"pacote": "^18.0.6",
|
|
65
65
|
"semver": "^7.5.4"
|