@nodesecure/scanner 6.10.0 → 6.12.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/class/TopPackages.class.d.ts +10 -0
- package/dist/class/TopPackages.class.d.ts.map +1 -0
- package/dist/class/TopPackages.class.js +36 -0
- package/dist/class/TopPackages.class.js.map +1 -0
- package/dist/data/top-packages.json +50000 -0
- package/dist/depWalker.d.ts.map +1 -1
- package/dist/depWalker.js +23 -19
- package/dist/depWalker.js.map +1 -1
- package/dist/i18n/english.d.ts +1 -0
- package/dist/i18n/english.js +4 -1
- package/dist/i18n/english.js.map +1 -1
- package/dist/i18n/french.d.ts +1 -0
- package/dist/i18n/french.js +4 -1
- package/dist/i18n/french.js.map +1 -1
- package/dist/registry/NpmRegistryProvider.d.ts +54 -0
- package/dist/registry/NpmRegistryProvider.d.ts.map +1 -0
- package/dist/registry/NpmRegistryProvider.js +80 -0
- package/dist/registry/NpmRegistryProvider.js.map +1 -0
- package/dist/registry/PackumentExtractor.d.ts +14 -0
- package/dist/registry/PackumentExtractor.d.ts.map +1 -0
- package/dist/registry/PackumentExtractor.js +70 -0
- package/dist/registry/PackumentExtractor.js.map +1 -0
- package/dist/registry/fetchNpmAvatars.d.ts +3 -0
- package/dist/registry/fetchNpmAvatars.d.ts.map +1 -0
- package/dist/registry/fetchNpmAvatars.js +48 -0
- package/dist/registry/fetchNpmAvatars.js.map +1 -0
- package/dist/utils/warnings.d.ts.map +1 -1
- package/dist/utils/warnings.js +9 -1
- package/dist/utils/warnings.js.map +1 -1
- package/package.json +8 -7
- package/dist/npmRegistry.d.ts +0 -9
- package/dist/npmRegistry.d.ts.map +0 -1
- package/dist/npmRegistry.js +0 -127
- package/dist/npmRegistry.js.map +0 -1
package/dist/depWalker.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"depWalker.d.ts","sourceRoot":"","sources":["../src/depWalker.ts"],"names":[],"mappings":"AAcA,OAAO,KAAK,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAW1E,OAAO,EAAE,MAAM,EAAuB,MAAM,yBAAyB,CAAC;AACtE,OAAO,KAAK,EAGV,OAAO,EACP,OAAO,EACR,MAAM,YAAY,CAAC;AA4CpB,KAAK,aAAa,GAAG,IAAI,CAAC,OAAO,EAAE,UAAU,CAAC,GAAG;IAC/C,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF,wBAAsB,SAAS,CAC7B,QAAQ,EAAE,WAAW,GAAG,eAAe,EACvC,OAAO,EAAE,aAAa,EACtB,MAAM,SAAe,GACpB,OAAO,CAAC,OAAO,CAAC,
|
|
1
|
+
{"version":3,"file":"depWalker.d.ts","sourceRoot":"","sources":["../src/depWalker.ts"],"names":[],"mappings":"AAcA,OAAO,KAAK,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAW1E,OAAO,EAAE,MAAM,EAAuB,MAAM,yBAAyB,CAAC;AACtE,OAAO,KAAK,EAGV,OAAO,EACP,OAAO,EACR,MAAM,YAAY,CAAC;AA4CpB,KAAK,aAAa,GAAG,IAAI,CAAC,OAAO,EAAE,UAAU,CAAC,GAAG;IAC/C,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF,wBAAsB,SAAS,CAC7B,QAAQ,EAAE,WAAW,GAAG,eAAe,EACvC,OAAO,EAAE,aAAa,EACtB,MAAM,SAAe,GACpB,OAAO,CAAC,OAAO,CAAC,CAuMlB"}
|
package/dist/depWalker.js
CHANGED
|
@@ -62,7 +62,7 @@ import { parseAuthor } from "@nodesecure/utils";
|
|
|
62
62
|
import { ManifestManager } from "@nodesecure/mama";
|
|
63
63
|
// Import Internal Dependencies
|
|
64
64
|
import { getDependenciesWarnings, addMissingVersionFlags, getUsedDeps, getManifestLinks } from "./utils/index.js";
|
|
65
|
-
import {
|
|
65
|
+
import { NpmRegistryProvider } from "./registry/NpmRegistryProvider.js";
|
|
66
66
|
import { TempDirectory } from "./class/TempDirectory.class.js";
|
|
67
67
|
import { Logger, ScannerLoggerEvents } from "./class/logger.class.js";
|
|
68
68
|
// CONSTANTS
|
|
@@ -145,7 +145,7 @@ export async function depWalker(manifest, options, logger = new Logger()) {
|
|
|
145
145
|
let proceedDependencyScan = true;
|
|
146
146
|
if (dependencies.has(name)) {
|
|
147
147
|
const dep = dependencies.get(name);
|
|
148
|
-
operationsQueue.push(
|
|
148
|
+
operationsQueue.push(new NpmRegistryProvider(name, version).enrichDependencyVersion(dep));
|
|
149
149
|
if (version in dep.versions) {
|
|
150
150
|
// The dependency has already entered the analysis
|
|
151
151
|
// This happens if the package is used by multiple packages in the tree
|
|
@@ -169,10 +169,8 @@ export async function depWalker(manifest, options, logger = new Logger()) {
|
|
|
169
169
|
}
|
|
170
170
|
else {
|
|
171
171
|
fetchedMetadataPackages.add(name);
|
|
172
|
-
|
|
173
|
-
|
|
174
|
-
logger
|
|
175
|
-
}));
|
|
172
|
+
const provider = new NpmRegistryProvider(name, version);
|
|
173
|
+
operationsQueue.push(provider.enrichDependency(logger, dependency));
|
|
176
174
|
}
|
|
177
175
|
const scanDirOptions = {
|
|
178
176
|
ref: dependency.versions[version],
|
|
@@ -205,7 +203,6 @@ export async function depWalker(manifest, options, logger = new Logger()) {
|
|
|
205
203
|
const metadataIntegrities = dependency.metadata?.integrity ?? {};
|
|
206
204
|
for (const [version, integrity] of Object.entries(metadataIntegrities)) {
|
|
207
205
|
const dependencyVer = dependency.versions[version];
|
|
208
|
-
// @ts-ignore
|
|
209
206
|
const isEmptyPackage = dependencyVer.warnings.some((warning) => warning.kind === "empty-package");
|
|
210
207
|
if (isEmptyPackage) {
|
|
211
208
|
globalWarnings.push(`${packageName}@${version} only contain a package.json file!`);
|
|
@@ -267,22 +264,29 @@ export async function depWalker(manifest, options, logger = new Logger()) {
|
|
|
267
264
|
}
|
|
268
265
|
// eslint-disable-next-line max-params
|
|
269
266
|
async function scanDirOrArchiveEx(name, version, locker, tempDir, options) {
|
|
270
|
-
const
|
|
267
|
+
const env_2 = { stack: [], error: void 0, hasError: false };
|
|
271
268
|
try {
|
|
272
|
-
const
|
|
273
|
-
|
|
274
|
-
|
|
275
|
-
|
|
276
|
-
|
|
277
|
-
|
|
278
|
-
|
|
279
|
-
|
|
269
|
+
const _ = __addDisposableResource(env_2, await locker.acquire(), false);
|
|
270
|
+
try {
|
|
271
|
+
const { registry, location = process.cwd(), isRootNode, ref } = options;
|
|
272
|
+
const mama = await (isRootNode ?
|
|
273
|
+
ManifestManager.fromPackageJSON(location) :
|
|
274
|
+
extractAndResolve(tempDir.location, {
|
|
275
|
+
spec: `${name}@${version}`,
|
|
276
|
+
registry
|
|
277
|
+
}));
|
|
278
|
+
await scanDirOrArchive(mama, ref);
|
|
279
|
+
}
|
|
280
|
+
catch {
|
|
281
|
+
// ignore
|
|
282
|
+
}
|
|
280
283
|
}
|
|
281
|
-
catch {
|
|
282
|
-
|
|
284
|
+
catch (e_2) {
|
|
285
|
+
env_2.error = e_2;
|
|
286
|
+
env_2.hasError = true;
|
|
283
287
|
}
|
|
284
288
|
finally {
|
|
285
|
-
|
|
289
|
+
__disposeResources(env_2);
|
|
286
290
|
}
|
|
287
291
|
}
|
|
288
292
|
function isLocalManifest(verDescriptor, manifest, packageName) {
|
package/dist/depWalker.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"depWalker.js","sourceRoot":"","sources":["../src/depWalker.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8BAA8B;AAC9B,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAEvC,kCAAkC;AAClC,OAAO,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AACtD,OAAO,EACL,iBAAiB,EACjB,gBAAgB,EACjB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,KAAK,OAAO,MAAM,qBAAqB,CAAC;AAC/C,OAAO,EAAE,GAAG,EAAE,MAAM,yBAAyB,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAGnD,+BAA+B;AAC/B,OAAO,EACL,uBAAuB,EACvB,sBAAsB,EACtB,WAAW,EACX,gBAAgB,EACjB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"depWalker.js","sourceRoot":"","sources":["../src/depWalker.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8BAA8B;AAC9B,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAEvC,kCAAkC;AAClC,OAAO,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AACtD,OAAO,EACL,iBAAiB,EACjB,gBAAgB,EACjB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,KAAK,OAAO,MAAM,qBAAqB,CAAC;AAC/C,OAAO,EAAE,GAAG,EAAE,MAAM,yBAAyB,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAGnD,+BAA+B;AAC/B,OAAO,EACL,uBAAuB,EACvB,sBAAsB,EACtB,WAAW,EACX,gBAAgB,EACjB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,mBAAmB,EAAE,MAAM,mCAAmC,CAAC;AACxE,OAAO,EAAE,aAAa,EAAE,MAAM,gCAAgC,CAAC;AAC/D,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAQtE,YAAY;AACZ,MAAM,+BAA+B,GAAG;IACtC,WAAW,EAAE,EAAE;IACf,IAAI,EAAE,CAAC;IACP,MAAM,EAAE,IAAI;IACZ,OAAO,EAAE,EAAE;IACX,OAAO,EAAE,EAAE;IACX,QAAQ,EAAE,EAAE;IACZ,gBAAgB,EAAE,EAAE;IACpB,WAAW,EAAE;QACX,UAAU,EAAE,EAAE;QACd,KAAK,EAAE,EAAE;QACT,QAAQ,EAAE,EAAE;QACZ,MAAM,EAAE,EAAE;QACV,OAAO,EAAE,EAAE;QACX,cAAc,EAAE,EAAE;QAClB,eAAe,EAAE,EAAE;QACnB,mBAAmB,EAAE,EAAE;QACvB,gBAAgB,EAAE,EAAE;KACrB;CACF,CAAC;AACF,MAAM,0BAA0B,GAA2B;IACzD,cAAc,EAAE,CAAC;IACjB,YAAY,EAAE,IAAI,IAAI,EAAE;IACxB,WAAW,EAAE,KAAK;IAClB,gBAAgB,EAAE,KAAK;IACvB,iBAAiB,EAAE,KAAK;IACxB,0BAA0B,EAAE,IAAI;IAChC,QAAQ,EAAE,IAAI;IACd,MAAM,EAAE,IAAI;IACZ,UAAU,EAAE,EAAE;IACd,WAAW,EAAE,EAAE;IACf,SAAS,EAAE,EAAE;CACd,CAAC;AAEF,MAAM,EAAE,OAAO,EAAE,cAAc,EAAE,GAAG,IAAI,CAAC,KAAK,CAC5C,YAAY,CACV,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,cAAc,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EACzD,OAAO,CACR,CACF,CAAC;AAOF,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,QAAuC,EACvC,OAAsB,EACtB,MAAM,GAAG,IAAI,MAAM,EAAE;;;QAErB,MAAM,EACJ,YAAY,GAAG,KAAK,EACpB,cAAc,GAAG,KAAK,EACtB,WAAW,EACX,QAAQ,EACR,QAAQ,EACR,qBAAqB,GAAG,OAAO,CAAC,UAAU,CAAC,IAAI,EAC/C,QAAQ,EACT,GAAG,OAAO,CAAC;QAEZ,MAAY,OAAO,kCAAG,MAAM,aAAa,CAAC,MAAM,EAAE,OAAA,CAAC;QAEnD,MAAM,OAAO,GAAqB;YAChC,EAAE,EAAE,OAAO,CAAC,EAAE;YACd,kBAAkB,EAAE,QAAQ,CAAC,IAAI;YACjC,cAAc,EAAE,cAAc;YAC9B,qBAAqB;YACrB,QAAQ,EAAE,EAAE;SACb,CAAC;QAEF,MAAM,YAAY,GAA4B,IAAI,GAAG,EAAE,CAAC;QACxD,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC;YACvC,QAAQ;SACT,CAAC,CAAC;QACH,CAAC;YACC,MAAM;iBACH,KAAK,CAAC,mBAAmB,CAAC,QAAQ,CAAC,IAAI,CAAC;iBACxC,KAAK,CAAC,mBAAmB,CAAC,QAAQ,CAAC,OAAO,CAAC;iBAC3C,KAAK,CAAC,mBAAmB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAChD,MAAM,uBAAuB,GAAG,IAAI,GAAG,EAAU,CAAC;YAClD,MAAM,eAAe,GAAoB,EAAE,CAAC;YAE5C,MAAM,MAAM,GAAG,IAAI,KAAK,CAAC,EAAE,WAAW,EAAE,CAAC,EAAE,CAAC,CAAC;YAC7C,MAAM,CAAC,EAAE,CACP,YAAY,EACZ,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,OAAO,CAAC,CACxD,CAAC;YAEF,MAAM,eAAe,GAAoB;gBACvC,QAAQ;gBACR,cAAc;gBACd,WAAW;aACZ,CAAC;YACF,IAAI,KAAK,EAAE,MAAM,OAAO,IAAI,aAAa,CAAC,IAAI,CAAC,QAAQ,EAAE,eAAe,CAAC,EAAE,CAAC;gBAC1E,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,cAAc,EAAE,GAAG,OAAO,CAAC;gBACrD,MAAM,UAAU,GAAe;oBAC7B,QAAQ,EAAE;wBACR,CAAC,OAAO,CAAC,EAAE;4BACT,GAAG,cAAc;4BACjB,GAAG,eAAe,CAAC,+BAA+B,CAAC;yBACpD;qBACF;oBACD,eAAe,EAAE,EAAE;oBACnB,QAAQ,EAAE,eAAe,CAAC,0BAA0B,CAAC;iBACtD,CAAC;gBAEF,IAAI,qBAAqB,GAAG,IAAI,CAAC;gBACjC,IAAI,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;oBAC3B,MAAM,GAAG,GAAG,YAAY,CAAC,GAAG,CAAC,IAAI,CAAE,CAAC;oBACpC,eAAe,CAAC,IAAI,CAClB,IAAI,mBAAmB,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,uBAAuB,CAAC,GAAG,CAAC,CACpE,CAAC;oBAEF,IAAI,OAAO,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;wBAC5B,kDAAkD;wBAClD,uEAAuE;wBACvE,qBAAqB,GAAG,KAAK,CAAC;oBAChC,CAAC;yBACI,CAAC;wBACJ,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;oBACvD,CAAC;gBACH,CAAC;qBACI,CAAC;oBACJ,YAAY,CAAC,GAAG,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;gBACrC,CAAC;gBAED,uDAAuD;gBACvD,IAAI,OAAO,CAAC,eAAe,IAAI,CAAC,qBAAqB,EAAE,CAAC;oBACtD,SAAS;gBACX,CAAC;gBAED,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;gBAE/C,6EAA6E;gBAC7E,IAAI,uBAAuB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,qBAAqB,EAAE,CAAC;oBACxE,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;gBACrD,CAAC;qBACI,CAAC;oBACJ,uBAAuB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;oBAClC,MAAM,QAAQ,GAAG,IAAI,mBAAmB,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;oBAExD,eAAe,CAAC,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC,CAAC;gBACtE,CAAC;gBAED,MAAM,cAAc,GAAG;oBACrB,GAAG,EAAE,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAQ;oBACxC,QAAQ;oBACR,UAAU,EAAE,YAAY,IAAI,IAAI,KAAK,QAAQ,CAAC,IAAI;oBAClD,QAAQ;iBACT,CAAC;gBACF,eAAe,CAAC,IAAI,CAClB,kBAAkB,CAAC,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,cAAc,CAAC,CACnE,CAAC;YACJ,CAAC;YAED,MAAM,CAAC,GAAG,CAAC,mBAAmB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YAC9C,MAAM,OAAO,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC;YAE1C,MAAM;iBACH,GAAG,CAAC,mBAAmB,CAAC,QAAQ,CAAC,OAAO,CAAC;iBACzC,GAAG,CAAC,mBAAmB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAChD,CAAC;QAED,MAAM,EAAE,0BAA0B,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC,WAAW,CAClE,qBAAqB,CACtB,CAAC;QAEF,MAAM,gBAAgB,GAAG,CAAC,QAAQ,KAAK,iBAAiB,IAAI,QAAQ,KAAK,MAAM,CAAC;eAC3E,OAAO,QAAQ,KAAK,WAAW,CAAC;QACrC,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACtB,MAAM,0BAA0B,CAAC,YAAmB,EAAE;gBACpD,iBAAiB,EAAE,IAAI;gBACvB,IAAI,EAAE,QAAQ;aACf,CAAC,CAAC;QACL,CAAC;QAED,OAAO,CAAC,qBAAqB,GAAG,QAAQ,CAAC;QAEzC,sFAAsF;QACtF,6EAA6E;QAC7E,MAAM,cAAc,GAAa,EAAE,CAAC;QACpC,KAAK,MAAM,CAAC,WAAW,EAAE,UAAU,CAAC,IAAI,YAAY,EAAE,CAAC;YACrD,MAAM,mBAAmB,GAAG,UAAU,CAAC,QAAQ,EAAE,SAAS,IAAI,EAAE,CAAC;YAEjE,KAAK,MAAM,CAAC,OAAO,EAAE,SAAS,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,mBAAmB,CAAC,EAAE,CAAC;gBACvE,MAAM,aAAa,GAAG,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAsB,CAAC;gBAExE,MAAM,cAAc,GAAG,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,KAAK,eAAe,CAAC,CAAC;gBAClG,IAAI,cAAc,EAAE,CAAC;oBACnB,cAAc,CAAC,IAAI,CAAC,GAAG,WAAW,IAAI,OAAO,oCAAoC,CAAC,CAAC;gBACrF,CAAC;gBAED,IAAI,CAAC,CAAC,WAAW,IAAI,aAAa,CAAC,IAAI,aAAa,CAAC,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;oBAC7E,SAAS;gBACX,CAAC;gBAED,IAAI,aAAa,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;oBAC1C,cAAc,CAAC,IAAI,CAAC,GAAG,WAAW,IAAI,OAAO,8CAA8C,CAAC,CAAC;gBAC/F,CAAC;YACH,CAAC;YACD,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC1D,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,GAAG,OAAsC,CAAC;gBACvE,aAAa,CAAC,KAAK,CAAC,IAAI,CACtB,GAAG,sBAAsB,CAAC,IAAI,GAAG,CAAC,aAAa,CAAC,KAAK,CAAC,EAAE,UAAU,CAAC,CACpE,CAAC;gBAEF,IAAI,eAAe,CAAC,aAAa,EAAE,QAAQ,EAAE,WAAW,CAAC,EAAE,CAAC;oBAC1D,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,QAAQ,EAAE;wBACjC,MAAM,EAAE,WAAW,CAAC,QAAQ,CAAC,MAAM,CAAC;wBACpC,QAAQ,EAAE,QAAQ,CAAC,QAAQ;qBAC5B,CAAC,CAAC;oBAEH,MAAM,CAAC,MAAM,CAAC,aAAa,EAAE;wBAC3B,MAAM,EAAE,WAAW,CAAC,QAAQ,CAAC,MAAM,CAAC;wBACpC,KAAK,EAAE,gBAAgB,CAAC,QAAQ,CAAC;wBACjC,UAAU,EAAE,QAAQ,CAAC,UAAU;qBAChC,CAAC,CAAC;gBACL,CAAC;gBAED,MAAM,QAAQ,GAAG,aAAa,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,WAAW,IAAI,MAAM,EAAE,CAAC,IAAI,IAAI,GAAG,EAAE,CAAC;gBACzF,IAAI,QAAQ,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;oBACxB,SAAS;gBACX,CAAC;gBAED,MAAM,MAAM,GAA2B,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;gBAC3D,KAAK,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,WAAW,CAAC,QAAQ,CAAC,EAAE,CAAC;oBACpD,MAAM,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC;gBACzB,CAAC;gBACD,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;YAC9C,CAAC;QACH,CAAC;QAED,IAAI,CAAC;YACH,MAAM,EAAE,QAAQ,EAAE,WAAW,EAAE,GAAG,MAAM,uBAAuB,CAC7D,YAAY,EACZ,OAAO,CAAC,SAAS,EAAE,QAAQ,CAC5B,CAAC;YACF,OAAO,CAAC,QAAQ,GAAG,cAAc,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YACnD,OAAO,CAAC,WAAW,GAAG;gBACpB,QAAQ,EAAE,WAAW;aACtB,CAAC;YACF,OAAO,CAAC,YAAY,GAAG,MAAM,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC;YAExD,OAAO,OAAkB,CAAC;QAC5B,CAAC;gBACO,CAAC;YACP,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC;QACxC,CAAC;;;;;;;;;;;CACF;AAED,sCAAsC;AACtC,KAAK,UAAU,kBAAkB,CAC/B,IAAY,EACZ,OAAe,EACf,MAAa,EACb,OAAsB,EACtB,OAKC;;;QAED,MAAM,CAAC,kCAAG,MAAM,MAAM,CAAC,OAAO,EAAE,QAAA,CAAC;QAEjC,IAAI,CAAC;YACH,MAAM,EACJ,QAAQ,EACR,QAAQ,GAAG,OAAO,CAAC,GAAG,EAAE,EACxB,UAAU,EACV,GAAG,EACJ,GAAG,OAAO,CAAC;YAEZ,MAAM,IAAI,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC;gBAC9B,eAAe,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC,CAAC;gBAC3C,iBAAiB,CAAC,OAAO,CAAC,QAAQ,EAAE;oBAClC,IAAI,EAAE,GAAG,IAAI,IAAI,OAAO,EAAE;oBAC1B,QAAQ;iBACT,CAAC,CACH,CAAC;YAEF,MAAM,gBAAgB,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QACpC,CAAC;QACD,MAAM,CAAC;YACL,SAAS;QACX,CAAC;;;;;;;;;CACF;AAED,SAAS,eAAe,CACtB,aAAgC,EAChC,QAAuC,EACvC,WAAmB;IAEnB,OAAO,aAAa,CAAC,qBAAqB,KAAK,KAAK,IAAI,WAAW,KAAK,QAAQ,CAAC,IAAI,CAAC;AACxF,CAAC"}
|
package/dist/i18n/english.d.ts
CHANGED
package/dist/i18n/english.js
CHANGED
|
@@ -1,6 +1,9 @@
|
|
|
1
|
+
// Import Third-party Dependencies
|
|
2
|
+
import { taggedString as tS } from "@nodesecure/i18n";
|
|
1
3
|
const scanner = {
|
|
2
4
|
disable_scarf: "This dependency could collect data against your consent so think to disable it with the env var: SCARF_ANALYTICS",
|
|
3
|
-
keylogging: "This dependency can retrieve your keyboard and mouse inputs. It can be used for 'keylogging' attacks/malwares."
|
|
5
|
+
keylogging: "This dependency can retrieve your keyboard and mouse inputs. It can be used for 'keylogging' attacks/malwares.",
|
|
6
|
+
typo_squatting: tS `The package '${0}' is similar to the following popular packages: ${1}`
|
|
4
7
|
};
|
|
5
8
|
export default { scanner };
|
|
6
9
|
//# sourceMappingURL=english.js.map
|
package/dist/i18n/english.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"english.js","sourceRoot":"","sources":["../../src/i18n/english.js"],"names":[],"mappings":"AAAA,MAAM,OAAO,GAAG;IACd,aAAa,EAAE,kHAAkH;IACjI,UAAU,EAAE,gHAAgH;
|
|
1
|
+
{"version":3,"file":"english.js","sourceRoot":"","sources":["../../src/i18n/english.js"],"names":[],"mappings":"AAAA,kCAAkC;AAClC,OAAO,EAAE,YAAY,IAAI,EAAE,EAAE,MAAM,kBAAkB,CAAC;AAEtD,MAAM,OAAO,GAAG;IACd,aAAa,EAAE,kHAAkH;IACjI,UAAU,EAAE,gHAAgH;IAC5H,cAAc,EAAE,EAAE,CAAA,gBAAgB,CAAC,mDAAmD,CAAC,EAAE;CAC1F,CAAC;AAEF,eAAe,EAAE,OAAO,EAAE,CAAC"}
|
package/dist/i18n/french.d.ts
CHANGED
package/dist/i18n/french.js
CHANGED
|
@@ -1,6 +1,9 @@
|
|
|
1
|
+
// Import Third-party Dependencies
|
|
2
|
+
import { taggedString as tS } from "@nodesecure/i18n";
|
|
1
3
|
const scanner = {
|
|
2
4
|
disable_scarf: "Cette dépendance peut récolter des données contre votre volonté, pensez donc à la désactiver en fournissant la variable d'environnement SCARF_ANALYTICS",
|
|
3
|
-
keylogging: "Cette dépendance peut obtenir vos entrées clavier ou de souris. Cette dépendance peut être utilisée en tant que 'keylogging' attacks/malwares."
|
|
5
|
+
keylogging: "Cette dépendance peut obtenir vos entrées clavier ou de souris. Cette dépendance peut être utilisée en tant que 'keylogging' attacks/malwares.",
|
|
6
|
+
typo_squatting: tS `Le package '${0}' est similaire aux packages populaires suivants : ${1}`
|
|
4
7
|
};
|
|
5
8
|
export default { scanner };
|
|
6
9
|
//# sourceMappingURL=french.js.map
|
package/dist/i18n/french.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"french.js","sourceRoot":"","sources":["../../src/i18n/french.js"],"names":[],"mappings":"AAAA,MAAM,OAAO,GAAG;IACd,aAAa,EAAE,yJAAyJ;IACxK,UAAU,EAAE,gJAAgJ;
|
|
1
|
+
{"version":3,"file":"french.js","sourceRoot":"","sources":["../../src/i18n/french.js"],"names":[],"mappings":"AAAA,kCAAkC;AAClC,OAAO,EAAE,YAAY,IAAI,EAAE,EAAE,MAAM,kBAAkB,CAAC;AAEtD,MAAM,OAAO,GAAG;IACd,aAAa,EAAE,yJAAyJ;IACxK,UAAU,EAAE,gJAAgJ;IAC5J,cAAc,EAAE,EAAE,CAAA,eAAe,CAAC,sDAAsD,CAAC,EAAE;CAC5F,CAAC;AAEF,eAAe,EAAE,OAAO,EAAE,CAAC"}
|
|
@@ -0,0 +1,54 @@
|
|
|
1
|
+
import type { Packument, PackumentVersion } from "@nodesecure/npm-types";
|
|
2
|
+
import { type DateProvider } from "./PackumentExtractor.js";
|
|
3
|
+
import type { Dependency } from "../types.js";
|
|
4
|
+
import { Logger } from "../class/logger.class.js";
|
|
5
|
+
export interface NpmApiClient {
|
|
6
|
+
packument(name: string): Promise<Packument>;
|
|
7
|
+
packumentVersion(name: string, version: string): Promise<PackumentVersion>;
|
|
8
|
+
}
|
|
9
|
+
export interface NpmRegistryProviderOptions {
|
|
10
|
+
dateProvider?: DateProvider;
|
|
11
|
+
npmApiClient?: NpmApiClient;
|
|
12
|
+
}
|
|
13
|
+
export declare class NpmRegistryProvider {
|
|
14
|
+
#private;
|
|
15
|
+
name: string;
|
|
16
|
+
version: string;
|
|
17
|
+
constructor(name: string, version: string, options?: NpmRegistryProviderOptions);
|
|
18
|
+
collectPackageVersionData(): Promise<{
|
|
19
|
+
links: {
|
|
20
|
+
npm: string;
|
|
21
|
+
homepage: string | null;
|
|
22
|
+
repository: string | null;
|
|
23
|
+
};
|
|
24
|
+
integrity: string;
|
|
25
|
+
deprecated: string | undefined;
|
|
26
|
+
}>;
|
|
27
|
+
collectPackageData(): Promise<{
|
|
28
|
+
metadata: {
|
|
29
|
+
publishedCount: number;
|
|
30
|
+
lastUpdateAt: Date;
|
|
31
|
+
lastVersion: string;
|
|
32
|
+
hasChangedAuthor: boolean;
|
|
33
|
+
hasManyPublishers: boolean;
|
|
34
|
+
hasReceivedUpdateInOneYear: boolean;
|
|
35
|
+
author: import("../types.js").Maintainer | null;
|
|
36
|
+
homepage: string | null;
|
|
37
|
+
maintainers: import("../types.js").Maintainer[];
|
|
38
|
+
publishers: import("../types.js").Publisher[];
|
|
39
|
+
integrity: Record<string, string>;
|
|
40
|
+
};
|
|
41
|
+
flags: string[];
|
|
42
|
+
version: {
|
|
43
|
+
links: {
|
|
44
|
+
npm: string;
|
|
45
|
+
homepage: string | null;
|
|
46
|
+
repository: string | null;
|
|
47
|
+
};
|
|
48
|
+
deprecated: string | undefined;
|
|
49
|
+
};
|
|
50
|
+
}>;
|
|
51
|
+
enrichDependency(logger: Logger, dependency: Dependency): Promise<void>;
|
|
52
|
+
enrichDependencyVersion(dependency: Dependency): Promise<void>;
|
|
53
|
+
}
|
|
54
|
+
//# sourceMappingURL=NpmRegistryProvider.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"NpmRegistryProvider.d.ts","sourceRoot":"","sources":["../../src/registry/NpmRegistryProvider.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,SAAS,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAGzE,OAAO,EAAsB,KAAK,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAEhF,OAAO,KAAK,EACV,UAAU,EACX,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,MAAM,EAAE,MAAM,0BAA0B,CAAC;AAGlD,MAAM,WAAW,YAAY;IAC3B,SAAS,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;IAC5C,gBAAgB,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAAC;CAC5E;AAED,MAAM,WAAW,0BAA0B;IACzC,YAAY,CAAC,EAAE,YAAY,CAAC;IAC5B,YAAY,CAAC,EAAE,YAAY,CAAC;CAC7B;AAED,qBAAa,mBAAmB;;IAI9B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;gBAGd,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,OAAO,GAAE,0BAA+B;IAcpC,yBAAyB;;;;;;;;;IAiBzB,kBAAkB;;;;;;;;;;;;;;;;;;;;;;;;IAwBlB,gBAAgB,CACpB,MAAM,EAAE,MAAM,EACd,UAAU,EAAE,UAAU,GACrB,OAAO,CAAC,IAAI,CAAC;IAoBV,uBAAuB,CAC3B,UAAU,EAAE,UAAU;CAkBzB"}
|
|
@@ -0,0 +1,80 @@
|
|
|
1
|
+
// Import Third-party Dependencies
|
|
2
|
+
import semver from "semver";
|
|
3
|
+
import * as npmRegistrySDK from "@nodesecure/npm-registry-sdk";
|
|
4
|
+
import { packageJSONIntegrityHash } from "@nodesecure/mama";
|
|
5
|
+
// Import Internal Dependencies
|
|
6
|
+
import { PackumentExtractor } from "./PackumentExtractor.js";
|
|
7
|
+
import { fetchNpmAvatars } from "./fetchNpmAvatars.js";
|
|
8
|
+
import { Logger } from "../class/logger.class.js";
|
|
9
|
+
import { getLinks } from "../utils/getLinks.js";
|
|
10
|
+
export class NpmRegistryProvider {
|
|
11
|
+
#date;
|
|
12
|
+
#npmApiClient;
|
|
13
|
+
name;
|
|
14
|
+
version;
|
|
15
|
+
constructor(name, version, options = {}) {
|
|
16
|
+
const { dateProvider = undefined, npmApiClient = npmRegistrySDK } = options;
|
|
17
|
+
this.name = name;
|
|
18
|
+
this.version = version;
|
|
19
|
+
this.#date = dateProvider;
|
|
20
|
+
this.#npmApiClient = npmApiClient;
|
|
21
|
+
}
|
|
22
|
+
async collectPackageVersionData() {
|
|
23
|
+
const packumentVersion = await this.#npmApiClient.packumentVersion(this.name, this.version);
|
|
24
|
+
const { integrity } = packageJSONIntegrityHash(packumentVersion, {
|
|
25
|
+
isFromRemoteRegistry: true
|
|
26
|
+
});
|
|
27
|
+
return {
|
|
28
|
+
links: getLinks(packumentVersion),
|
|
29
|
+
integrity,
|
|
30
|
+
deprecated: packumentVersion.deprecated
|
|
31
|
+
};
|
|
32
|
+
}
|
|
33
|
+
async collectPackageData() {
|
|
34
|
+
const packument = await this.#npmApiClient.packument(this.name);
|
|
35
|
+
const packumentVersion = packument.versions[this.version];
|
|
36
|
+
const metadata = new PackumentExtractor(packument, { dateProvider: this.#date }).getMetadata(this.version);
|
|
37
|
+
const flags = {
|
|
38
|
+
isOutdated: semver.neq(this.version, metadata.lastVersion),
|
|
39
|
+
isDeprecated: packumentVersion.deprecated
|
|
40
|
+
};
|
|
41
|
+
return {
|
|
42
|
+
metadata,
|
|
43
|
+
flags: Object.keys(flags).filter((key) => flags[key]),
|
|
44
|
+
version: {
|
|
45
|
+
links: getLinks(packumentVersion),
|
|
46
|
+
deprecated: packumentVersion.deprecated
|
|
47
|
+
}
|
|
48
|
+
};
|
|
49
|
+
}
|
|
50
|
+
async enrichDependency(logger, dependency) {
|
|
51
|
+
try {
|
|
52
|
+
const { metadata, flags, version } = await this.collectPackageData();
|
|
53
|
+
await fetchNpmAvatars(metadata);
|
|
54
|
+
const dependencyVersion = dependency.versions[this.version];
|
|
55
|
+
dependency.metadata = metadata;
|
|
56
|
+
dependencyVersion.flags = [...dependencyVersion.flags, ...flags];
|
|
57
|
+
Object.assign(dependencyVersion, version);
|
|
58
|
+
}
|
|
59
|
+
catch {
|
|
60
|
+
// ignore
|
|
61
|
+
}
|
|
62
|
+
finally {
|
|
63
|
+
logger.tick("registry");
|
|
64
|
+
}
|
|
65
|
+
}
|
|
66
|
+
async enrichDependencyVersion(dependency) {
|
|
67
|
+
try {
|
|
68
|
+
const { integrity, deprecated, links } = await this.collectPackageVersionData();
|
|
69
|
+
Object.assign(dependency.versions[this.version], {
|
|
70
|
+
links,
|
|
71
|
+
deprecated
|
|
72
|
+
});
|
|
73
|
+
dependency.metadata.integrity[this.version] = integrity;
|
|
74
|
+
}
|
|
75
|
+
catch {
|
|
76
|
+
// ignore
|
|
77
|
+
}
|
|
78
|
+
}
|
|
79
|
+
}
|
|
80
|
+
//# sourceMappingURL=NpmRegistryProvider.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"NpmRegistryProvider.js","sourceRoot":"","sources":["../../src/registry/NpmRegistryProvider.ts"],"names":[],"mappings":"AAAA,kCAAkC;AAClC,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,KAAK,cAAc,MAAM,8BAA8B,CAAC;AAC/D,OAAO,EAAE,wBAAwB,EAAE,MAAM,kBAAkB,CAAC;AAG5D,+BAA+B;AAC/B,OAAO,EAAE,kBAAkB,EAAqB,MAAM,yBAAyB,CAAC;AAChF,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAIvD,OAAO,EAAE,MAAM,EAAE,MAAM,0BAA0B,CAAC;AAClD,OAAO,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AAYhD,MAAM,OAAO,mBAAmB;IAC9B,KAAK,CAA2B;IAChC,aAAa,CAAe;IAE5B,IAAI,CAAS;IACb,OAAO,CAAS;IAEhB,YACE,IAAY,EACZ,OAAe,EACf,UAAsC,EAAE;QAExC,MAAM,EACJ,YAAY,GAAG,SAAS,EACxB,YAAY,GAAG,cAAc,EAC9B,GAAG,OAAO,CAAC;QAEZ,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QAEvB,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC;QAC1B,IAAI,CAAC,aAAa,GAAG,YAAY,CAAC;IACpC,CAAC;IAED,KAAK,CAAC,yBAAyB;QAC7B,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,gBAAgB,CAChE,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,OAAO,CACb,CAAC;QAEF,MAAM,EAAE,SAAS,EAAE,GAAG,wBAAwB,CAAC,gBAAgB,EAAE;YAC/D,oBAAoB,EAAE,IAAI;SAC3B,CAAC,CAAC;QAEH,OAAO;YACL,KAAK,EAAE,QAAQ,CAAC,gBAAgB,CAAC;YACjC,SAAS;YACT,UAAU,EAAE,gBAAgB,CAAC,UAAU;SACxC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,kBAAkB;QACtB,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAChE,MAAM,gBAAgB,GAAG,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAE1D,MAAM,QAAQ,GAAG,IAAI,kBAAkB,CACrC,SAAS,EACT,EAAE,YAAY,EAAE,IAAI,CAAC,KAAK,EAAE,CAC7B,CAAC,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAE5B,MAAM,KAAK,GAAG;YACZ,UAAU,EAAE,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,WAAW,CAAC;YAC1D,YAAY,EAAE,gBAAgB,CAAC,UAAU;SAC1C,CAAC;QAEF,OAAO;YACL,QAAQ;YACR,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACrD,OAAO,EAAE;gBACP,KAAK,EAAE,QAAQ,CAAC,gBAAgB,CAAC;gBACjC,UAAU,EAAE,gBAAgB,CAAC,UAAU;aACxC;SACF,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,gBAAgB,CACpB,MAAc,EACd,UAAsB;QAEtB,IAAI,CAAC;YACH,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAErE,MAAM,eAAe,CAAC,QAAQ,CAAC,CAAC;YAEhC,MAAM,iBAAiB,GAAG,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAE5D,UAAU,CAAC,QAAQ,GAAG,QAAQ,CAAC;YAC/B,iBAAiB,CAAC,KAAK,GAAG,CAAC,GAAG,iBAAiB,CAAC,KAAK,EAAE,GAAG,KAAK,CAAC,CAAC;YACjE,MAAM,CAAC,MAAM,CAAC,iBAAiB,EAAE,OAAO,CAAC,CAAC;QAC5C,CAAC;QACD,MAAM,CAAC;YACL,SAAS;QACX,CAAC;gBACO,CAAC;YACP,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC;IAED,KAAK,CAAC,uBAAuB,CAC3B,UAAsB;QAEtB,IAAI,CAAC;YACH,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,KAAK,EAAE,GAAG,MAAM,IAAI,CAAC,yBAAyB,EAAE,CAAC;YAEhF,MAAM,CAAC,MAAM,CACX,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,EACjC;gBACE,KAAK;gBACL,UAAU;aACX,CACF,CAAC;YACF,UAAU,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,SAAS,CAAC;QAC1D,CAAC;QACD,MAAM,CAAC;YACL,SAAS;QACX,CAAC;IACH,CAAC;CACF"}
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
import type { Packument } from "@nodesecure/npm-types";
|
|
2
|
+
import type { Dependency } from "../types.js";
|
|
3
|
+
export interface DateProvider {
|
|
4
|
+
oneYearAgo(): Date;
|
|
5
|
+
}
|
|
6
|
+
export interface PackumentExtractorOptions {
|
|
7
|
+
dateProvider?: DateProvider;
|
|
8
|
+
}
|
|
9
|
+
export declare class PackumentExtractor {
|
|
10
|
+
#private;
|
|
11
|
+
constructor(packument: Packument, options?: PackumentExtractorOptions);
|
|
12
|
+
getMetadata(version: string): Dependency["metadata"];
|
|
13
|
+
}
|
|
14
|
+
//# sourceMappingURL=PackumentExtractor.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"PackumentExtractor.d.ts","sourceRoot":"","sources":["../../src/registry/PackumentExtractor.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAIvD,OAAO,KAAK,EACV,UAAU,EACX,MAAM,aAAa,CAAC;AAErB,MAAM,WAAW,YAAY;IAC3B,UAAU,IAAI,IAAI,CAAC;CACpB;AAED,MAAM,WAAW,yBAAyB;IACxC,YAAY,CAAC,EAAE,YAAY,CAAC;CAC7B;AAED,qBAAa,kBAAkB;;gBAK3B,SAAS,EAAE,SAAS,EACpB,OAAO,GAAE,yBAA8B;IAUzC,WAAW,CACT,OAAO,EAAE,MAAM,GACd,UAAU,CAAC,UAAU,CAAC;CAqE1B"}
|
|
@@ -0,0 +1,70 @@
|
|
|
1
|
+
import { packageJSONIntegrityHash } from "@nodesecure/mama";
|
|
2
|
+
export class PackumentExtractor {
|
|
3
|
+
#packument;
|
|
4
|
+
#date;
|
|
5
|
+
constructor(packument, options = {}) {
|
|
6
|
+
const { dateProvider = new SystemDateProvider() } = options;
|
|
7
|
+
this.#packument = packument;
|
|
8
|
+
this.#date = dateProvider;
|
|
9
|
+
}
|
|
10
|
+
getMetadata(version) {
|
|
11
|
+
const lastVersion = this.#packument["dist-tags"].latest;
|
|
12
|
+
const lastUpdateAt = new Date(this.#packument.time[lastVersion]);
|
|
13
|
+
const oneYearAgoDate = this.#date.oneYearAgo();
|
|
14
|
+
const { integrity } = packageJSONIntegrityHash(this.#packument.versions[version], { isFromRemoteRegistry: true });
|
|
15
|
+
return {
|
|
16
|
+
homepage: this.#packument.homepage || null,
|
|
17
|
+
publishedCount: Object.values(this.#packument.versions).length,
|
|
18
|
+
lastVersion,
|
|
19
|
+
lastUpdateAt,
|
|
20
|
+
hasReceivedUpdateInOneYear: !(oneYearAgoDate > lastUpdateAt),
|
|
21
|
+
hasChangedAuthor: false,
|
|
22
|
+
integrity: {
|
|
23
|
+
[version]: integrity
|
|
24
|
+
},
|
|
25
|
+
...this.#extractMaintainers(this.#packument, this.#packument.author?.name ?? null)
|
|
26
|
+
};
|
|
27
|
+
}
|
|
28
|
+
#extractMaintainers(packument, authorName) {
|
|
29
|
+
const publishers = new Set();
|
|
30
|
+
const result = {
|
|
31
|
+
author: packument.author ?? null,
|
|
32
|
+
publishers: [],
|
|
33
|
+
maintainers: packument.maintainers ?? [],
|
|
34
|
+
hasManyPublishers: false
|
|
35
|
+
};
|
|
36
|
+
let searchForMaintainersInVersions = result.maintainers.length === 0;
|
|
37
|
+
for (const ver of Object.values(packument.versions).reverse()) {
|
|
38
|
+
const { _npmUser = null, version, maintainers = [] } = ver;
|
|
39
|
+
if (_npmUser !== null) {
|
|
40
|
+
if (authorName === null) {
|
|
41
|
+
result.author = _npmUser;
|
|
42
|
+
}
|
|
43
|
+
else if (authorName !== null && _npmUser.name !== authorName) {
|
|
44
|
+
result.hasManyPublishers = true;
|
|
45
|
+
}
|
|
46
|
+
if (!publishers.has(_npmUser.name)) {
|
|
47
|
+
publishers.add(_npmUser.name);
|
|
48
|
+
result.publishers.push({
|
|
49
|
+
..._npmUser,
|
|
50
|
+
version,
|
|
51
|
+
at: new Date(packument.time[version]).toISOString()
|
|
52
|
+
});
|
|
53
|
+
}
|
|
54
|
+
}
|
|
55
|
+
if (searchForMaintainersInVersions) {
|
|
56
|
+
result.maintainers.push(...maintainers);
|
|
57
|
+
searchForMaintainersInVersions = false;
|
|
58
|
+
}
|
|
59
|
+
}
|
|
60
|
+
return result;
|
|
61
|
+
}
|
|
62
|
+
}
|
|
63
|
+
class SystemDateProvider {
|
|
64
|
+
oneYearAgo() {
|
|
65
|
+
const date = new Date();
|
|
66
|
+
date.setFullYear(date.getFullYear() - 1);
|
|
67
|
+
return date;
|
|
68
|
+
}
|
|
69
|
+
}
|
|
70
|
+
//# sourceMappingURL=PackumentExtractor.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"PackumentExtractor.js","sourceRoot":"","sources":["../../src/registry/PackumentExtractor.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,wBAAwB,EAAE,MAAM,kBAAkB,CAAC;AAe5D,MAAM,OAAO,kBAAkB;IAC7B,UAAU,CAAY;IACtB,KAAK,CAAe;IAEpB,YACE,SAAoB,EACpB,UAAqC,EAAE;QAEvC,MAAM,EACJ,YAAY,GAAG,IAAI,kBAAkB,EAAE,EACxC,GAAG,OAAO,CAAC;QAEZ,IAAI,CAAC,UAAU,GAAG,SAAS,CAAC;QAC5B,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC;IAC5B,CAAC;IAED,WAAW,CACT,OAAe;QAEf,MAAM,WAAW,GAAG,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC,MAAO,CAAC;QACzD,MAAM,YAAY,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC;QACjE,MAAM,cAAc,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC;QAE/C,MAAM,EAAE,SAAS,EAAE,GAAG,wBAAwB,CAC5C,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,EACjC,EAAE,oBAAoB,EAAE,IAAI,EAAE,CAC/B,CAAC;QAEF,OAAO;YACL,QAAQ,EAAE,IAAI,CAAC,UAAU,CAAC,QAAQ,IAAI,IAAI;YAC1C,cAAc,EAAE,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM;YAC9D,WAAW;YACX,YAAY;YACZ,0BAA0B,EAAE,CAAC,CAAC,cAAc,GAAG,YAAY,CAAC;YAC5D,gBAAgB,EAAE,KAAK;YACvB,SAAS,EAAE;gBACT,CAAC,OAAO,CAAC,EAAE,SAAS;aACrB;YACD,GAAG,IAAI,CAAC,mBAAmB,CACzB,IAAI,CAAC,UAAU,EACf,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,IAAI,IAAI,IAAI,CACrC;SACF,CAAC;IACJ,CAAC;IAED,mBAAmB,CACjB,SAAoB,EACpB,UAAyB;QAEzB,MAAM,UAAU,GAAG,IAAI,GAAG,EAAE,CAAC;QAC7B,MAAM,MAAM,GAAgG;YAC1G,MAAM,EAAE,SAAS,CAAC,MAAM,IAAI,IAAI;YAChC,UAAU,EAAE,EAAE;YACd,WAAW,EAAE,SAAS,CAAC,WAAW,IAAI,EAAE;YACxC,iBAAiB,EAAE,KAAK;SACzB,CAAC;QACF,IAAI,8BAA8B,GAAG,MAAM,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC,CAAC;QAErE,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC;YAC9D,MAAM,EAAE,QAAQ,GAAG,IAAI,EAAE,OAAO,EAAE,WAAW,GAAG,EAAE,EAAE,GAAG,GAAG,CAAC;YAE3D,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;gBACtB,IAAI,UAAU,KAAK,IAAI,EAAE,CAAC;oBACxB,MAAM,CAAC,MAAM,GAAG,QAAQ,CAAC;gBAC3B,CAAC;qBACI,IAAI,UAAU,KAAK,IAAI,IAAI,QAAQ,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;oBAC7D,MAAM,CAAC,iBAAiB,GAAG,IAAI,CAAC;gBAClC,CAAC;gBAED,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;oBACnC,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;oBAC9B,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;wBACrB,GAAG,QAAQ;wBACX,OAAO;wBACP,EAAE,EAAE,IAAI,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,WAAW,EAAE;qBACpD,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,IAAI,8BAA8B,EAAE,CAAC;gBACnC,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,WAAW,CAAC,CAAC;gBACxC,8BAA8B,GAAG,KAAK,CAAC;YACzC,CAAC;QACH,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;CACF;AAED,MAAM,kBAAkB;IACtB,UAAU;QACR,MAAM,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QACxB,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC,CAAC;QAEzC,OAAO,IAAI,CAAC;IACd,CAAC;CACF"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"fetchNpmAvatars.d.ts","sourceRoot":"","sources":["../../src/registry/fetchNpmAvatars.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EACV,UAAU,EAGX,MAAM,aAAa,CAAC;AAIrB,wBAAsB,eAAe,CACnC,QAAQ,EAAE,UAAU,CAAC,UAAU,CAAC,GAC/B,OAAO,CAAC,IAAI,CAAC,CAsBf"}
|
|
@@ -0,0 +1,48 @@
|
|
|
1
|
+
// Import Third-party Dependencies
|
|
2
|
+
import * as npmRegistrySDK from "@nodesecure/npm-registry-sdk";
|
|
3
|
+
export async function fetchNpmAvatars(metadata) {
|
|
4
|
+
const contributors = [
|
|
5
|
+
...metadata.maintainers,
|
|
6
|
+
...metadata.publishers,
|
|
7
|
+
...(metadata.author ? [metadata.author] : [])
|
|
8
|
+
];
|
|
9
|
+
const avatarCache = new Map();
|
|
10
|
+
await Promise.all(contributors.map((contributor) => enrichContributorWithAvatar(contributor, avatarCache)));
|
|
11
|
+
// Backfill missing avatars: some contributors may have failed username lookup
|
|
12
|
+
// but their email might match a cached avatar from a successful contributor
|
|
13
|
+
contributors
|
|
14
|
+
.filter((contributor) => !contributor.npmAvatar && contributor.email)
|
|
15
|
+
.forEach((contributor) => {
|
|
16
|
+
const cachedAvatar = avatarCache.get(contributor.email);
|
|
17
|
+
if (cachedAvatar) {
|
|
18
|
+
contributor.npmAvatar = cachedAvatar;
|
|
19
|
+
}
|
|
20
|
+
});
|
|
21
|
+
}
|
|
22
|
+
async function enrichContributorWithAvatar(contributor, avatarCache) {
|
|
23
|
+
if (trySetAvatarFromCache(contributor, avatarCache)) {
|
|
24
|
+
return;
|
|
25
|
+
}
|
|
26
|
+
try {
|
|
27
|
+
const profile = await npmRegistrySDK.user(contributor.name, { perPage: 1 });
|
|
28
|
+
contributor.npmAvatar = profile.avatars.small;
|
|
29
|
+
if (contributor.email && contributor.npmAvatar) {
|
|
30
|
+
avatarCache.set(contributor.email, contributor.npmAvatar);
|
|
31
|
+
}
|
|
32
|
+
}
|
|
33
|
+
catch {
|
|
34
|
+
contributor.npmAvatar = undefined;
|
|
35
|
+
}
|
|
36
|
+
}
|
|
37
|
+
function trySetAvatarFromCache(contributor, avatarCache) {
|
|
38
|
+
if (!contributor.email) {
|
|
39
|
+
return false;
|
|
40
|
+
}
|
|
41
|
+
const cachedAvatar = avatarCache.get(contributor.email);
|
|
42
|
+
if (cachedAvatar) {
|
|
43
|
+
contributor.npmAvatar = cachedAvatar;
|
|
44
|
+
return true;
|
|
45
|
+
}
|
|
46
|
+
return false;
|
|
47
|
+
}
|
|
48
|
+
//# sourceMappingURL=fetchNpmAvatars.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"fetchNpmAvatars.js","sourceRoot":"","sources":["../../src/registry/fetchNpmAvatars.ts"],"names":[],"mappings":"AAAA,kCAAkC;AAClC,OAAO,KAAK,cAAc,MAAM,8BAA8B,CAAC;AAW/D,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,QAAgC;IAEhC,MAAM,YAAY,GAAkB;QAClC,GAAG,QAAQ,CAAC,WAAW;QACvB,GAAG,QAAQ,CAAC,UAAU;QACtB,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;KAC9C,CAAC;IACF,MAAM,WAAW,GAAG,IAAI,GAAG,EAAkB,CAAC;IAE9C,MAAM,OAAO,CAAC,GAAG,CACf,YAAY,CAAC,GAAG,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC,2BAA2B,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,CACzF,CAAC;IAEF,8EAA8E;IAC9E,4EAA4E;IAC5E,YAAY;SACT,MAAM,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC,WAAW,CAAC,SAAS,IAAI,WAAW,CAAC,KAAK,CAAC;SACpE,OAAO,CAAC,CAAC,WAAW,EAAE,EAAE;QACvB,MAAM,YAAY,GAAG,WAAW,CAAC,GAAG,CAAC,WAAW,CAAC,KAAM,CAAC,CAAC;QACzD,IAAI,YAAY,EAAE,CAAC;YACjB,WAAW,CAAC,SAAS,GAAG,YAAY,CAAC;QACvC,CAAC;IACH,CAAC,CAAC,CAAC;AACP,CAAC;AAED,KAAK,UAAU,2BAA2B,CACxC,WAAwB,EACxB,WAAgC;IAEhC,IAAI,qBAAqB,CAAC,WAAW,EAAE,WAAW,CAAC,EAAE,CAAC;QACpD,OAAO;IACT,CAAC;IAED,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,cAAc,CAAC,IAAI,CACvC,WAAW,CAAC,IAAI,EAChB,EAAE,OAAO,EAAE,CAAC,EAAE,CACf,CAAC;QACF,WAAW,CAAC,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC;QAE9C,IAAI,WAAW,CAAC,KAAK,IAAI,WAAW,CAAC,SAAS,EAAE,CAAC;YAC/C,WAAW,CAAC,GAAG,CAAC,WAAW,CAAC,KAAK,EAAE,WAAW,CAAC,SAAS,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC;IACD,MAAM,CAAC;QACL,WAAW,CAAC,SAAS,GAAG,SAAS,CAAC;IACpC,CAAC;AACH,CAAC;AAED,SAAS,qBAAqB,CAC5B,WAAwB,EACxB,WAAgC;IAEhC,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,CAAC;QACvB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,YAAY,GAAG,WAAW,CAAC,GAAG,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;IACxD,IAAI,YAAY,EAAE,CAAC;QACjB,WAAW,CAAC,SAAS,GAAG,YAAY,CAAC;QAErC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"warnings.d.ts","sourceRoot":"","sources":["../../src/utils/warnings.ts"],"names":[],"mappings":"AAMA,OAAO,EAEL,KAAK,kBAAkB,EAExB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAC;
|
|
1
|
+
{"version":3,"file":"warnings.d.ts","sourceRoot":"","sources":["../../src/utils/warnings.ts"],"names":[],"mappings":"AAMA,OAAO,EAEL,KAAK,kBAAkB,EAExB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAC;AAKrD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAoB9C,MAAM,WAAW,iBAAiB;IAChC,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,WAAW,EAAE,kBAAkB,EAAE,CAAC;CACnC;AAED,wBAAsB,uBAAuB,CAC3C,eAAe,EAAE,GAAG,CAAC,MAAM,EAAE,UAAU,CAAC,EACxC,iBAAiB,GAAE,OAAO,EAAO,GAChC,OAAO,CAAC,iBAAiB,CAAC,CA+C5B"}
|
package/dist/utils/warnings.js
CHANGED
|
@@ -6,6 +6,7 @@ import * as RC from "@nodesecure/rc";
|
|
|
6
6
|
import { ContactExtractor } from "@nodesecure/contact";
|
|
7
7
|
// Import Internal Dependencies
|
|
8
8
|
import { getDirNameFromUrl } from "./dirname.js";
|
|
9
|
+
import { TopPackages } from "../class/TopPackages.class.js";
|
|
9
10
|
await i18n.extendFromSystemPath(path.join(getDirNameFromUrl(import.meta.url), "..", "i18n"));
|
|
10
11
|
// CONSTANTS
|
|
11
12
|
const kDetectedDep = i18n.taggedString `The dependency '${0}' has been detected in the dependency Tree.`;
|
|
@@ -21,11 +22,18 @@ const kDependencyWarnMessage = {
|
|
|
21
22
|
};
|
|
22
23
|
export async function getDependenciesWarnings(dependenciesMap, highlightContacts = []) {
|
|
23
24
|
const vulnerableDependencyNames = Object.keys(kDependencyWarnMessage);
|
|
25
|
+
const topPackages = new TopPackages();
|
|
26
|
+
await topPackages.loadJSON();
|
|
24
27
|
const warnings = vulnerableDependencyNames
|
|
25
28
|
.flatMap((name) => (dependenciesMap.has(name) ? `${kDetectedDep(name)} ${kDependencyWarnMessage[name]}` : []));
|
|
26
29
|
const dependencies = Object.create(null);
|
|
27
30
|
for (const [packageName, dependency] of dependenciesMap) {
|
|
28
31
|
const { author, maintainers } = dependency.metadata;
|
|
32
|
+
const similarPackages = topPackages.getSimilarPackages(packageName);
|
|
33
|
+
if (similarPackages.length > 0) {
|
|
34
|
+
const warningMessage = await i18n.getToken("scanner.typo_squatting", packageName, similarPackages.join(", "));
|
|
35
|
+
warnings.push(warningMessage);
|
|
36
|
+
}
|
|
29
37
|
dependencies[packageName] = {
|
|
30
38
|
maintainers,
|
|
31
39
|
...(author === null ? {} : { author })
|
|
@@ -40,7 +48,7 @@ export async function getDependenciesWarnings(dependenciesMap, highlightContacts
|
|
|
40
48
|
...kDefaultIlluminatedContacts
|
|
41
49
|
]
|
|
42
50
|
});
|
|
43
|
-
const illuminated = extractor.fromDependencies(dependencies);
|
|
51
|
+
const { illuminated } = await extractor.fromDependencies(dependencies);
|
|
44
52
|
return {
|
|
45
53
|
warnings,
|
|
46
54
|
illuminated
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"warnings.js","sourceRoot":"","sources":["../../src/utils/warnings.ts"],"names":[],"mappings":"AAAA,8BAA8B;AAC9B,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,kCAAkC;AAClC,OAAO,KAAK,IAAI,MAAM,kBAAkB,CAAC;AACzC,OAAO,KAAK,EAAE,MAAM,gBAAgB,CAAC;AACrC,OAAO,EACL,gBAAgB,EAGjB,MAAM,qBAAqB,CAAC;AAG7B,+BAA+B;AAC/B,OAAO,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;
|
|
1
|
+
{"version":3,"file":"warnings.js","sourceRoot":"","sources":["../../src/utils/warnings.ts"],"names":[],"mappings":"AAAA,8BAA8B;AAC9B,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,kCAAkC;AAClC,OAAO,KAAK,IAAI,MAAM,kBAAkB,CAAC;AACzC,OAAO,KAAK,EAAE,MAAM,gBAAgB,CAAC;AACrC,OAAO,EACL,gBAAgB,EAGjB,MAAM,qBAAqB,CAAC;AAG7B,+BAA+B;AAC/B,OAAO,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AACjD,OAAO,EAAE,WAAW,EAAE,MAAM,+BAA+B,CAAC;AAG5D,MAAM,IAAI,CAAC,oBAAoB,CAC7B,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,MAAM,CAAC,CAC5D,CAAC;AAEF,YAAY;AACZ,MAAM,YAAY,GAAG,IAAI,CAAC,YAAY,CAAA,mBAAmB,CAAC,6CAA6C,CAAC;AACxG,MAAM,2BAA2B,GAAc;IAC7C;QACE,IAAI,EAAE,OAAO;QACb,KAAK,EAAE,yBAAyB;KACjC;CACF,CAAC;AAEF,MAAM,sBAAsB,GAAG;IAC7B,cAAc,EAAE,MAAM,IAAI,CAAC,QAAQ,CAAC,uBAAuB,CAAC;IAC5D,MAAM,EAAE,MAAM,IAAI,CAAC,QAAQ,CAAC,oBAAoB,CAAC;CACzC,CAAC;AAOX,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,eAAwC,EACxC,oBAA+B,EAAE;IAEjC,MAAM,yBAAyB,GAAG,MAAM,CAAC,IAAI,CAC3C,sBAAsB,CAC+B,CAAC;IACxD,MAAM,WAAW,GAAG,IAAI,WAAW,EAAE,CAAC;IACtC,MAAM,WAAW,CAAC,QAAQ,EAAE,CAAC;IAE7B,MAAM,QAAQ,GAAG,yBAAyB;SACvC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,eAAe,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,YAAY,CAAC,IAAI,CAAC,IAAI,sBAAsB,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAEjH,MAAM,YAAY,GAAoD,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IAC1F,KAAK,MAAM,CAAC,WAAW,EAAE,UAAU,CAAC,IAAI,eAAe,EAAE,CAAC;QACxD,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,GAAG,UAAU,CAAC,QAAQ,CAAC;QACpD,MAAM,eAAe,GAAG,WAAW,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAC;QACpE,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC/B,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,QAAQ,CACxC,wBAAwB,EACxB,WAAW,EACX,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAC3B,CAAC;YACF,QAAQ,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QAChC,CAAC;QAED,YAAY,CAAC,WAAW,CAAC,GAAG;YAC1B,WAAW;YACX,GAAG,CAAC,MAAM,KAAK,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC;SACvC,CAAC;IACJ,CAAC;IAED,MAAM,cAAc,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC;IACrC,MAAM,SAAS,GAAG,IAAI,gBAAgB,CAAC;QACrC,SAAS,EAAE;YACT,GAAG,iBAAiB;YACpB,GAAG,CAAC,cAAc,KAAK,IAAI,CAAC,CAAC;gBAC3B,EAAE,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,OAAO,EAAE,SAAS,EAAE,QAAQ,IAAI,EAAE,CAAC,CACzD;YACD,GAAG,2BAA2B;SAC/B;KACF,CAAC,CAAC;IACH,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,SAAS,CAAC,gBAAgB,CACtD,YAAY,CACb,CAAC;IAEF,OAAO;QACL,QAAQ;QACR,WAAW;KACZ,CAAC;AACJ,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@nodesecure/scanner",
|
|
3
|
-
"version": "6.
|
|
3
|
+
"version": "6.12.0",
|
|
4
4
|
"description": "A package API to run a static analysis of your module's dependencies.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"exports": "./dist/index.js",
|
|
@@ -9,7 +9,7 @@
|
|
|
9
9
|
"node": ">=20"
|
|
10
10
|
},
|
|
11
11
|
"scripts": {
|
|
12
|
-
"build": "tsc -b",
|
|
12
|
+
"build": "tsc -b & cp -R ./src/data ./dist/data",
|
|
13
13
|
"lint": "eslint src test",
|
|
14
14
|
"prepublishOnly": "npm run build && pkg-ok",
|
|
15
15
|
"test": "npm run test-only",
|
|
@@ -49,20 +49,21 @@
|
|
|
49
49
|
"homepage": "https://github.com/NodeSecure/tree/master/workspaces/scanner#readme",
|
|
50
50
|
"dependencies": {
|
|
51
51
|
"@fastify/deepmerge": "^3.1.0",
|
|
52
|
-
"@nodesecure/conformance": "^1.1.
|
|
53
|
-
"@nodesecure/contact": "^
|
|
52
|
+
"@nodesecure/conformance": "^1.1.1",
|
|
53
|
+
"@nodesecure/contact": "^3.0.0",
|
|
54
54
|
"@nodesecure/flags": "^3.0.3",
|
|
55
|
-
"@nodesecure/i18n": "^4.0.
|
|
55
|
+
"@nodesecure/i18n": "^4.0.2",
|
|
56
56
|
"@nodesecure/js-x-ray": "^9.2.0",
|
|
57
|
-
"@nodesecure/mama": "^
|
|
57
|
+
"@nodesecure/mama": "^2.0.1",
|
|
58
58
|
"@nodesecure/npm-registry-sdk": "^3.0.0",
|
|
59
59
|
"@nodesecure/npm-types": "^1.2.0",
|
|
60
60
|
"@nodesecure/rc": "^5.0.1",
|
|
61
|
-
"@nodesecure/tarball": "^2.0
|
|
61
|
+
"@nodesecure/tarball": "^2.1.0",
|
|
62
62
|
"@nodesecure/tree-walker": "^1.3.1",
|
|
63
63
|
"@nodesecure/utils": "^2.3.0",
|
|
64
64
|
"@nodesecure/vulnera": "^2.0.1",
|
|
65
65
|
"@openally/mutex": "^2.0.0",
|
|
66
|
+
"fastest-levenshtein": "^1.0.16",
|
|
66
67
|
"frequency-set": "^1.0.2",
|
|
67
68
|
"pacote": "^21.0.0",
|
|
68
69
|
"semver": "^7.5.4",
|
package/dist/npmRegistry.d.ts
DELETED
|
@@ -1,9 +0,0 @@
|
|
|
1
|
-
import { Logger } from "./class/logger.class.js";
|
|
2
|
-
import type { Dependency } from "./types.js";
|
|
3
|
-
export declare function manifestMetadata(name: string, version: string, dependency: any): Promise<void>;
|
|
4
|
-
export interface PackageMetadataOptions {
|
|
5
|
-
logger: Logger;
|
|
6
|
-
dependency: Dependency;
|
|
7
|
-
}
|
|
8
|
-
export declare function packageMetadata(name: string, version: string, options: PackageMetadataOptions): Promise<void>;
|
|
9
|
-
//# sourceMappingURL=npmRegistry.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"npmRegistry.d.ts","sourceRoot":"","sources":["../src/npmRegistry.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,MAAM,EAAE,MAAM,yBAAyB,CAAC;AACjD,OAAO,KAAK,EAGV,UAAU,EACX,MAAM,YAAY,CAAC;AAEpB,wBAAsB,gBAAgB,CACpC,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,UAAU,EAAE,GAAG,iBAuBhB;AAED,MAAM,WAAW,sBAAsB;IACrC,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,UAAU,CAAC;CACxB;AAED,wBAAsB,eAAe,CACnC,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,sBAAsB,GAC9B,OAAO,CAAC,IAAI,CAAC,CAuFf"}
|