@nodesecure/scanner 6.8.0 → 6.10.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/class/TempDirectory.class.d.ts +9 -0
- package/dist/class/TempDirectory.class.d.ts.map +1 -0
- package/dist/class/TempDirectory.class.js +24 -0
- package/dist/class/TempDirectory.class.js.map +1 -0
- package/dist/depWalker.d.ts.map +1 -1
- package/dist/depWalker.js +213 -146
- package/dist/depWalker.js.map +1 -1
- package/dist/extractors/probes/WarningsExtractor.class.d.ts +3 -3
- package/dist/extractors/probes/WarningsExtractor.class.d.ts.map +1 -1
- package/dist/extractors/probes/WarningsExtractor.class.js.map +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +69 -11
- package/dist/index.js.map +1 -1
- package/dist/types.d.ts +2 -2
- package/dist/types.d.ts.map +1 -1
- package/package.json +7 -7
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
export declare class TempDirectory {
|
|
2
|
+
location: string;
|
|
3
|
+
id: string;
|
|
4
|
+
constructor(location: string, id: string);
|
|
5
|
+
static create(): Promise<TempDirectory>;
|
|
6
|
+
clear(): Promise<this>;
|
|
7
|
+
[Symbol.asyncDispose](): Promise<void>;
|
|
8
|
+
}
|
|
9
|
+
//# sourceMappingURL=TempDirectory.class.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"TempDirectory.class.d.ts","sourceRoot":"","sources":["../../src/class/TempDirectory.class.ts"],"names":[],"mappings":"AAKA,qBAAa,aAAa;IACxB,QAAQ,EAAE,MAAM,CAAC;IACjB,EAAE,EAAE,MAAM,CAAC;gBAGT,QAAQ,EAAE,MAAM,EAChB,EAAE,EAAE,MAAM;WAMC,MAAM;IAWb,KAAK;IASL,CAAC,MAAM,CAAC,YAAY,CAAC;CAG5B"}
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
// Import Node.js Dependencies
|
|
2
|
+
import fs from "node:fs/promises";
|
|
3
|
+
import path from "node:path";
|
|
4
|
+
import os from "node:os";
|
|
5
|
+
export class TempDirectory {
|
|
6
|
+
location;
|
|
7
|
+
id;
|
|
8
|
+
constructor(location, id) {
|
|
9
|
+
this.location = location;
|
|
10
|
+
this.id = id;
|
|
11
|
+
}
|
|
12
|
+
static async create() {
|
|
13
|
+
const location = await fs.mkdtemp(path.join(os.tmpdir(), "/"));
|
|
14
|
+
return new TempDirectory(location, location.slice(-6));
|
|
15
|
+
}
|
|
16
|
+
async clear() {
|
|
17
|
+
await fs.rm(this.location, { recursive: true, force: true });
|
|
18
|
+
return this;
|
|
19
|
+
}
|
|
20
|
+
async [Symbol.asyncDispose]() {
|
|
21
|
+
await this.clear();
|
|
22
|
+
}
|
|
23
|
+
}
|
|
24
|
+
//# sourceMappingURL=TempDirectory.class.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"TempDirectory.class.js","sourceRoot":"","sources":["../../src/class/TempDirectory.class.ts"],"names":[],"mappings":"AAAA,8BAA8B;AAC9B,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAClC,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,MAAM,SAAS,CAAC;AAEzB,MAAM,OAAO,aAAa;IACxB,QAAQ,CAAS;IACjB,EAAE,CAAS;IAEX,YACE,QAAgB,EAChB,EAAU;QAEV,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC;IACf,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,MAAM;QACjB,MAAM,QAAQ,GAAG,MAAM,EAAE,CAAC,OAAO,CAC/B,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,EAAE,GAAG,CAAC,CAC5B,CAAC;QAEF,OAAO,IAAI,aAAa,CACtB,QAAQ,EACR,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CACnB,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,KAAK;QACT,MAAM,EAAE,CAAC,EAAE,CACT,IAAI,CAAC,QAAQ,EACb,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CACjC,CAAC;QAEF,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC;QACzB,MAAM,IAAI,CAAC,KAAK,EAAE,CAAC;IACrB,CAAC;CACF"}
|
package/dist/depWalker.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"depWalker.d.ts","sourceRoot":"","sources":["../src/depWalker.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"depWalker.d.ts","sourceRoot":"","sources":["../src/depWalker.ts"],"names":[],"mappings":"AAcA,OAAO,KAAK,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAW1E,OAAO,EAAE,MAAM,EAAuB,MAAM,yBAAyB,CAAC;AACtE,OAAO,KAAK,EAGV,OAAO,EACP,OAAO,EACR,MAAM,YAAY,CAAC;AA4CpB,KAAK,aAAa,GAAG,IAAI,CAAC,OAAO,EAAE,UAAU,CAAC,GAAG;IAC/C,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF,wBAAsB,SAAS,CAC7B,QAAQ,EAAE,WAAW,GAAG,eAAe,EACvC,OAAO,EAAE,aAAa,EACtB,MAAM,SAAe,GACpB,OAAO,CAAC,OAAO,CAAC,CAyMlB"}
|
package/dist/depWalker.js
CHANGED
|
@@ -1,17 +1,69 @@
|
|
|
1
|
+
var __addDisposableResource = (this && this.__addDisposableResource) || function (env, value, async) {
|
|
2
|
+
if (value !== null && value !== void 0) {
|
|
3
|
+
if (typeof value !== "object" && typeof value !== "function") throw new TypeError("Object expected.");
|
|
4
|
+
var dispose, inner;
|
|
5
|
+
if (async) {
|
|
6
|
+
if (!Symbol.asyncDispose) throw new TypeError("Symbol.asyncDispose is not defined.");
|
|
7
|
+
dispose = value[Symbol.asyncDispose];
|
|
8
|
+
}
|
|
9
|
+
if (dispose === void 0) {
|
|
10
|
+
if (!Symbol.dispose) throw new TypeError("Symbol.dispose is not defined.");
|
|
11
|
+
dispose = value[Symbol.dispose];
|
|
12
|
+
if (async) inner = dispose;
|
|
13
|
+
}
|
|
14
|
+
if (typeof dispose !== "function") throw new TypeError("Object not disposable.");
|
|
15
|
+
if (inner) dispose = function() { try { inner.call(this); } catch (e) { return Promise.reject(e); } };
|
|
16
|
+
env.stack.push({ value: value, dispose: dispose, async: async });
|
|
17
|
+
}
|
|
18
|
+
else if (async) {
|
|
19
|
+
env.stack.push({ async: true });
|
|
20
|
+
}
|
|
21
|
+
return value;
|
|
22
|
+
};
|
|
23
|
+
var __disposeResources = (this && this.__disposeResources) || (function (SuppressedError) {
|
|
24
|
+
return function (env) {
|
|
25
|
+
function fail(e) {
|
|
26
|
+
env.error = env.hasError ? new SuppressedError(e, env.error, "An error was suppressed during disposal.") : e;
|
|
27
|
+
env.hasError = true;
|
|
28
|
+
}
|
|
29
|
+
var r, s = 0;
|
|
30
|
+
function next() {
|
|
31
|
+
while (r = env.stack.pop()) {
|
|
32
|
+
try {
|
|
33
|
+
if (!r.async && s === 1) return s = 0, env.stack.push(r), Promise.resolve().then(next);
|
|
34
|
+
if (r.dispose) {
|
|
35
|
+
var result = r.dispose.call(r.value);
|
|
36
|
+
if (r.async) return s |= 2, Promise.resolve(result).then(next, function(e) { fail(e); return next(); });
|
|
37
|
+
}
|
|
38
|
+
else s |= 1;
|
|
39
|
+
}
|
|
40
|
+
catch (e) {
|
|
41
|
+
fail(e);
|
|
42
|
+
}
|
|
43
|
+
}
|
|
44
|
+
if (s === 1) return env.hasError ? Promise.reject(env.error) : Promise.resolve();
|
|
45
|
+
if (env.hasError) throw env.error;
|
|
46
|
+
}
|
|
47
|
+
return next();
|
|
48
|
+
};
|
|
49
|
+
})(typeof SuppressedError === "function" ? SuppressedError : function (error, suppressed, message) {
|
|
50
|
+
var e = new Error(message);
|
|
51
|
+
return e.name = "SuppressedError", e.error = error, e.suppressed = suppressed, e;
|
|
52
|
+
});
|
|
1
53
|
// Import Node.js Dependencies
|
|
2
54
|
import path from "node:path";
|
|
3
|
-
import { readFileSync
|
|
4
|
-
import timers from "node:timers/promises";
|
|
5
|
-
import os from "node:os";
|
|
55
|
+
import { readFileSync } from "node:fs";
|
|
6
56
|
// Import Third-party Dependencies
|
|
7
57
|
import { Mutex, MutexRelease } from "@openally/mutex";
|
|
8
|
-
import { scanDirOrArchive } from "@nodesecure/tarball";
|
|
58
|
+
import { extractAndResolve, scanDirOrArchive } from "@nodesecure/tarball";
|
|
9
59
|
import * as Vulnera from "@nodesecure/vulnera";
|
|
10
60
|
import { npm } from "@nodesecure/tree-walker";
|
|
11
61
|
import { parseAuthor } from "@nodesecure/utils";
|
|
62
|
+
import { ManifestManager } from "@nodesecure/mama";
|
|
12
63
|
// Import Internal Dependencies
|
|
13
64
|
import { getDependenciesWarnings, addMissingVersionFlags, getUsedDeps, getManifestLinks } from "./utils/index.js";
|
|
14
65
|
import { packageMetadata, manifestMetadata } from "./npmRegistry.js";
|
|
66
|
+
import { TempDirectory } from "./class/TempDirectory.class.js";
|
|
15
67
|
import { Logger, ScannerLoggerEvents } from "./class/logger.class.js";
|
|
16
68
|
// CONSTANTS
|
|
17
69
|
const kDefaultDependencyVersionFields = {
|
|
@@ -49,167 +101,182 @@ const kDefaultDependencyMetadata = {
|
|
|
49
101
|
};
|
|
50
102
|
const { version: packageVersion } = JSON.parse(readFileSync(new URL(path.join("..", "package.json"), import.meta.url), "utf-8"));
|
|
51
103
|
export async function depWalker(manifest, options, logger = new Logger()) {
|
|
52
|
-
const
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
const dependencies = new Map();
|
|
63
|
-
const npmTreeWalker = new npm.TreeWalker({
|
|
64
|
-
registry
|
|
65
|
-
});
|
|
66
|
-
{
|
|
67
|
-
logger
|
|
68
|
-
.start(ScannerLoggerEvents.analysis.tree)
|
|
69
|
-
.start(ScannerLoggerEvents.analysis.tarball)
|
|
70
|
-
.start(ScannerLoggerEvents.analysis.registry);
|
|
71
|
-
const fetchedMetadataPackages = new Set();
|
|
72
|
-
const operationsQueue = [];
|
|
73
|
-
const locker = new Mutex({ concurrency: 5 });
|
|
74
|
-
locker.on(MutexRelease, () => logger.tick(ScannerLoggerEvents.analysis.tarball));
|
|
75
|
-
const rootDepsOptions = {
|
|
76
|
-
maxDepth,
|
|
77
|
-
includeDevDeps,
|
|
78
|
-
packageLock
|
|
104
|
+
const env_1 = { stack: [], error: void 0, hasError: false };
|
|
105
|
+
try {
|
|
106
|
+
const { scanRootNode = false, includeDevDeps = false, packageLock, maxDepth, location, vulnerabilityStrategy = Vulnera.strategies.NONE, registry } = options;
|
|
107
|
+
const tempDir = __addDisposableResource(env_1, await TempDirectory.create(), true);
|
|
108
|
+
const payload = {
|
|
109
|
+
id: tempDir.id,
|
|
110
|
+
rootDependencyName: manifest.name,
|
|
111
|
+
scannerVersion: packageVersion,
|
|
112
|
+
vulnerabilityStrategy,
|
|
113
|
+
warnings: []
|
|
79
114
|
};
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
115
|
+
const dependencies = new Map();
|
|
116
|
+
const npmTreeWalker = new npm.TreeWalker({
|
|
117
|
+
registry
|
|
118
|
+
});
|
|
119
|
+
{
|
|
120
|
+
logger
|
|
121
|
+
.start(ScannerLoggerEvents.analysis.tree)
|
|
122
|
+
.start(ScannerLoggerEvents.analysis.tarball)
|
|
123
|
+
.start(ScannerLoggerEvents.analysis.registry);
|
|
124
|
+
const fetchedMetadataPackages = new Set();
|
|
125
|
+
const operationsQueue = [];
|
|
126
|
+
const locker = new Mutex({ concurrency: 5 });
|
|
127
|
+
locker.on(MutexRelease, () => logger.tick(ScannerLoggerEvents.analysis.tarball));
|
|
128
|
+
const rootDepsOptions = {
|
|
129
|
+
maxDepth,
|
|
130
|
+
includeDevDeps,
|
|
131
|
+
packageLock
|
|
91
132
|
};
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
const
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
133
|
+
for await (const current of npmTreeWalker.walk(manifest, rootDepsOptions)) {
|
|
134
|
+
const { name, version, ...currentVersion } = current;
|
|
135
|
+
const dependency = {
|
|
136
|
+
versions: {
|
|
137
|
+
[version]: {
|
|
138
|
+
...currentVersion,
|
|
139
|
+
...structuredClone(kDefaultDependencyVersionFields)
|
|
140
|
+
}
|
|
141
|
+
},
|
|
142
|
+
vulnerabilities: [],
|
|
143
|
+
metadata: structuredClone(kDefaultDependencyMetadata)
|
|
144
|
+
};
|
|
145
|
+
let proceedDependencyScan = true;
|
|
146
|
+
if (dependencies.has(name)) {
|
|
147
|
+
const dep = dependencies.get(name);
|
|
148
|
+
operationsQueue.push(manifestMetadata(name, version, dep));
|
|
149
|
+
if (version in dep.versions) {
|
|
150
|
+
// The dependency has already entered the analysis
|
|
151
|
+
// This happens if the package is used by multiple packages in the tree
|
|
152
|
+
proceedDependencyScan = false;
|
|
153
|
+
}
|
|
154
|
+
else {
|
|
155
|
+
dep.versions[version] = dependency.versions[version];
|
|
156
|
+
}
|
|
100
157
|
}
|
|
101
158
|
else {
|
|
102
|
-
|
|
159
|
+
dependencies.set(name, dependency);
|
|
103
160
|
}
|
|
161
|
+
// If the dependency is a DevDependencies we ignore it.
|
|
162
|
+
if (current.isDevDependency || !proceedDependencyScan) {
|
|
163
|
+
continue;
|
|
164
|
+
}
|
|
165
|
+
logger.tick(ScannerLoggerEvents.analysis.tree);
|
|
166
|
+
// There is no need to fetch 'N' times the npm metadata for the same package.
|
|
167
|
+
if (fetchedMetadataPackages.has(name) || !current.existOnRemoteRegistry) {
|
|
168
|
+
logger.tick(ScannerLoggerEvents.analysis.registry);
|
|
169
|
+
}
|
|
170
|
+
else {
|
|
171
|
+
fetchedMetadataPackages.add(name);
|
|
172
|
+
operationsQueue.push(packageMetadata(name, version, {
|
|
173
|
+
dependency,
|
|
174
|
+
logger
|
|
175
|
+
}));
|
|
176
|
+
}
|
|
177
|
+
const scanDirOptions = {
|
|
178
|
+
ref: dependency.versions[version],
|
|
179
|
+
location,
|
|
180
|
+
isRootNode: scanRootNode && name === manifest.name,
|
|
181
|
+
registry
|
|
182
|
+
};
|
|
183
|
+
operationsQueue.push(scanDirOrArchiveEx(name, version, locker, tempDir, scanDirOptions));
|
|
104
184
|
}
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
continue;
|
|
111
|
-
}
|
|
112
|
-
logger.tick(ScannerLoggerEvents.analysis.tree);
|
|
113
|
-
// There is no need to fetch 'N' times the npm metadata for the same package.
|
|
114
|
-
if (fetchedMetadataPackages.has(name) || !current.existOnRemoteRegistry) {
|
|
115
|
-
logger.tick(ScannerLoggerEvents.analysis.registry);
|
|
116
|
-
}
|
|
117
|
-
else {
|
|
118
|
-
fetchedMetadataPackages.add(name);
|
|
119
|
-
operationsQueue.push(packageMetadata(name, version, {
|
|
120
|
-
dependency,
|
|
121
|
-
logger
|
|
122
|
-
}));
|
|
123
|
-
}
|
|
124
|
-
const scanDirOptions = {
|
|
125
|
-
ref: dependency.versions[version],
|
|
126
|
-
location,
|
|
127
|
-
tmpLocation: scanRootNode && name === manifest.name ? null : tmpLocation,
|
|
128
|
-
registry
|
|
129
|
-
};
|
|
130
|
-
operationsQueue.push(scanDirOrArchiveEx(name, version, locker, scanDirOptions));
|
|
185
|
+
logger.end(ScannerLoggerEvents.analysis.tree);
|
|
186
|
+
await Promise.allSettled(operationsQueue);
|
|
187
|
+
logger
|
|
188
|
+
.end(ScannerLoggerEvents.analysis.tarball)
|
|
189
|
+
.end(ScannerLoggerEvents.analysis.registry);
|
|
131
190
|
}
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
const isVulnHydratable = (strategy === "github-advisory" || strategy === "snyk")
|
|
141
|
-
&& typeof location === "undefined";
|
|
142
|
-
if (!isVulnHydratable) {
|
|
143
|
-
await hydratePayloadDependencies(dependencies, {
|
|
144
|
-
useStandardFormat: true,
|
|
145
|
-
path: location
|
|
146
|
-
});
|
|
147
|
-
}
|
|
148
|
-
payload.vulnerabilityStrategy = strategy;
|
|
149
|
-
// We do this because it "seem" impossible to link all dependencies in the first walk.
|
|
150
|
-
// Because we are dealing with package only one time it may happen sometimes.
|
|
151
|
-
const globalWarnings = [];
|
|
152
|
-
for (const [packageName, dependency] of dependencies) {
|
|
153
|
-
const metadataIntegrities = dependency.metadata?.integrity ?? {};
|
|
154
|
-
for (const [version, integrity] of Object.entries(metadataIntegrities)) {
|
|
155
|
-
const dependencyVer = dependency.versions[version];
|
|
156
|
-
// @ts-ignore
|
|
157
|
-
const isEmptyPackage = dependencyVer.warnings.some((warning) => warning.kind === "empty-package");
|
|
158
|
-
if (isEmptyPackage) {
|
|
159
|
-
globalWarnings.push(`${packageName}@${version} only contain a package.json file!`);
|
|
160
|
-
}
|
|
161
|
-
if (!("integrity" in dependencyVer) || dependencyVer.flags.includes("isGit")) {
|
|
162
|
-
continue;
|
|
163
|
-
}
|
|
164
|
-
if (dependencyVer.integrity !== integrity) {
|
|
165
|
-
globalWarnings.push(`${packageName}@${version} manifest & tarball integrity doesn't match!`);
|
|
166
|
-
}
|
|
191
|
+
const { hydratePayloadDependencies, strategy } = Vulnera.setStrategy(vulnerabilityStrategy);
|
|
192
|
+
const isVulnHydratable = (strategy === "github-advisory" || strategy === "snyk")
|
|
193
|
+
&& typeof location === "undefined";
|
|
194
|
+
if (!isVulnHydratable) {
|
|
195
|
+
await hydratePayloadDependencies(dependencies, {
|
|
196
|
+
useStandardFormat: true,
|
|
197
|
+
path: location
|
|
198
|
+
});
|
|
167
199
|
}
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
|
|
174
|
-
|
|
175
|
-
|
|
176
|
-
|
|
177
|
-
|
|
178
|
-
|
|
179
|
-
|
|
180
|
-
}
|
|
181
|
-
|
|
182
|
-
|
|
183
|
-
|
|
184
|
-
|
|
200
|
+
payload.vulnerabilityStrategy = strategy;
|
|
201
|
+
// We do this because it "seem" impossible to link all dependencies in the first walk.
|
|
202
|
+
// Because we are dealing with package only one time it may happen sometimes.
|
|
203
|
+
const globalWarnings = [];
|
|
204
|
+
for (const [packageName, dependency] of dependencies) {
|
|
205
|
+
const metadataIntegrities = dependency.metadata?.integrity ?? {};
|
|
206
|
+
for (const [version, integrity] of Object.entries(metadataIntegrities)) {
|
|
207
|
+
const dependencyVer = dependency.versions[version];
|
|
208
|
+
// @ts-ignore
|
|
209
|
+
const isEmptyPackage = dependencyVer.warnings.some((warning) => warning.kind === "empty-package");
|
|
210
|
+
if (isEmptyPackage) {
|
|
211
|
+
globalWarnings.push(`${packageName}@${version} only contain a package.json file!`);
|
|
212
|
+
}
|
|
213
|
+
if (!("integrity" in dependencyVer) || dependencyVer.flags.includes("isGit")) {
|
|
214
|
+
continue;
|
|
215
|
+
}
|
|
216
|
+
if (dependencyVer.integrity !== integrity) {
|
|
217
|
+
globalWarnings.push(`${packageName}@${version} manifest & tarball integrity doesn't match!`);
|
|
218
|
+
}
|
|
185
219
|
}
|
|
186
|
-
const
|
|
187
|
-
|
|
188
|
-
|
|
220
|
+
for (const version of Object.entries(dependency.versions)) {
|
|
221
|
+
const [verStr, verDescriptor] = version;
|
|
222
|
+
verDescriptor.flags.push(...addMissingVersionFlags(new Set(verDescriptor.flags), dependency));
|
|
223
|
+
if (isLocalManifest(verDescriptor, manifest, packageName)) {
|
|
224
|
+
Object.assign(dependency.metadata, {
|
|
225
|
+
author: parseAuthor(manifest.author),
|
|
226
|
+
homepage: manifest.homepage
|
|
227
|
+
});
|
|
228
|
+
Object.assign(verDescriptor, {
|
|
229
|
+
author: parseAuthor(manifest.author),
|
|
230
|
+
links: getManifestLinks(manifest),
|
|
231
|
+
repository: manifest.repository
|
|
232
|
+
});
|
|
233
|
+
}
|
|
234
|
+
const usedDeps = npmTreeWalker.relationsMap.get(`${packageName}@${verStr}`) || new Set();
|
|
235
|
+
if (usedDeps.size === 0) {
|
|
236
|
+
continue;
|
|
237
|
+
}
|
|
238
|
+
const usedBy = Object.create(null);
|
|
239
|
+
for (const [name, version] of getUsedDeps(usedDeps)) {
|
|
240
|
+
usedBy[name] = version;
|
|
241
|
+
}
|
|
242
|
+
Object.assign(verDescriptor.usedBy, usedBy);
|
|
189
243
|
}
|
|
190
|
-
|
|
244
|
+
}
|
|
245
|
+
try {
|
|
246
|
+
const { warnings, illuminated } = await getDependenciesWarnings(dependencies, options.highlight?.contacts);
|
|
247
|
+
payload.warnings = globalWarnings.concat(warnings);
|
|
248
|
+
payload.highlighted = {
|
|
249
|
+
contacts: illuminated
|
|
250
|
+
};
|
|
251
|
+
payload.dependencies = Object.fromEntries(dependencies);
|
|
252
|
+
return payload;
|
|
253
|
+
}
|
|
254
|
+
finally {
|
|
255
|
+
logger.emit(ScannerLoggerEvents.done);
|
|
191
256
|
}
|
|
192
257
|
}
|
|
193
|
-
|
|
194
|
-
|
|
195
|
-
|
|
196
|
-
payload.highlighted = {
|
|
197
|
-
contacts: illuminated
|
|
198
|
-
};
|
|
199
|
-
payload.dependencies = Object.fromEntries(dependencies);
|
|
200
|
-
return payload;
|
|
258
|
+
catch (e_1) {
|
|
259
|
+
env_1.error = e_1;
|
|
260
|
+
env_1.hasError = true;
|
|
201
261
|
}
|
|
202
262
|
finally {
|
|
203
|
-
|
|
204
|
-
|
|
205
|
-
|
|
263
|
+
const result_1 = __disposeResources(env_1);
|
|
264
|
+
if (result_1)
|
|
265
|
+
await result_1;
|
|
206
266
|
}
|
|
207
267
|
}
|
|
208
268
|
// eslint-disable-next-line max-params
|
|
209
|
-
async function scanDirOrArchiveEx(name, version, locker, options) {
|
|
269
|
+
async function scanDirOrArchiveEx(name, version, locker, tempDir, options) {
|
|
210
270
|
const free = await locker.acquire();
|
|
211
271
|
try {
|
|
212
|
-
|
|
272
|
+
const { registry, location = process.cwd(), isRootNode, ref } = options;
|
|
273
|
+
const mama = await (isRootNode ?
|
|
274
|
+
ManifestManager.fromPackageJSON(location) :
|
|
275
|
+
extractAndResolve(tempDir.location, {
|
|
276
|
+
spec: `${name}@${version}`,
|
|
277
|
+
registry
|
|
278
|
+
}));
|
|
279
|
+
await scanDirOrArchive(mama, ref);
|
|
213
280
|
}
|
|
214
281
|
catch {
|
|
215
282
|
// ignore
|
package/dist/depWalker.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"depWalker.js","sourceRoot":"","sources":["../src/depWalker.ts"],"names":[],"mappings":"AAAA,8BAA8B;AAC9B,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,YAAY,EAAE,
|
|
1
|
+
{"version":3,"file":"depWalker.js","sourceRoot":"","sources":["../src/depWalker.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8BAA8B;AAC9B,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAEvC,kCAAkC;AAClC,OAAO,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AACtD,OAAO,EACL,iBAAiB,EACjB,gBAAgB,EACjB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,KAAK,OAAO,MAAM,qBAAqB,CAAC;AAC/C,OAAO,EAAE,GAAG,EAAE,MAAM,yBAAyB,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAGnD,+BAA+B;AAC/B,OAAO,EACL,uBAAuB,EACvB,sBAAsB,EACtB,WAAW,EACX,gBAAgB,EACjB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACrE,OAAO,EAAE,aAAa,EAAE,MAAM,gCAAgC,CAAC;AAC/D,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAQtE,YAAY;AACZ,MAAM,+BAA+B,GAAG;IACtC,WAAW,EAAE,EAAE;IACf,IAAI,EAAE,CAAC;IACP,MAAM,EAAE,IAAI;IACZ,OAAO,EAAE,EAAE;IACX,OAAO,EAAE,EAAE;IACX,QAAQ,EAAE,EAAE;IACZ,gBAAgB,EAAE,EAAE;IACpB,WAAW,EAAE;QACX,UAAU,EAAE,EAAE;QACd,KAAK,EAAE,EAAE;QACT,QAAQ,EAAE,EAAE;QACZ,MAAM,EAAE,EAAE;QACV,OAAO,EAAE,EAAE;QACX,cAAc,EAAE,EAAE;QAClB,eAAe,EAAE,EAAE;QACnB,mBAAmB,EAAE,EAAE;QACvB,gBAAgB,EAAE,EAAE;KACrB;CACF,CAAC;AACF,MAAM,0BAA0B,GAA2B;IACzD,cAAc,EAAE,CAAC;IACjB,YAAY,EAAE,IAAI,IAAI,EAAE;IACxB,WAAW,EAAE,KAAK;IAClB,gBAAgB,EAAE,KAAK;IACvB,iBAAiB,EAAE,KAAK;IACxB,0BAA0B,EAAE,IAAI;IAChC,QAAQ,EAAE,IAAI;IACd,MAAM,EAAE,IAAI;IACZ,UAAU,EAAE,EAAE;IACd,WAAW,EAAE,EAAE;IACf,SAAS,EAAE,EAAE;CACd,CAAC;AAEF,MAAM,EAAE,OAAO,EAAE,cAAc,EAAE,GAAG,IAAI,CAAC,KAAK,CAC5C,YAAY,CACV,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,cAAc,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EACzD,OAAO,CACR,CACF,CAAC;AAOF,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,QAAuC,EACvC,OAAsB,EACtB,MAAM,GAAG,IAAI,MAAM,EAAE;;;QAErB,MAAM,EACJ,YAAY,GAAG,KAAK,EACpB,cAAc,GAAG,KAAK,EACtB,WAAW,EACX,QAAQ,EACR,QAAQ,EACR,qBAAqB,GAAG,OAAO,CAAC,UAAU,CAAC,IAAI,EAC/C,QAAQ,EACT,GAAG,OAAO,CAAC;QAEZ,MAAY,OAAO,kCAAG,MAAM,aAAa,CAAC,MAAM,EAAE,OAAA,CAAC;QAEnD,MAAM,OAAO,GAAqB;YAChC,EAAE,EAAE,OAAO,CAAC,EAAE;YACd,kBAAkB,EAAE,QAAQ,CAAC,IAAI;YACjC,cAAc,EAAE,cAAc;YAC9B,qBAAqB;YACrB,QAAQ,EAAE,EAAE;SACb,CAAC;QAEF,MAAM,YAAY,GAA4B,IAAI,GAAG,EAAE,CAAC;QACxD,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC;YACvC,QAAQ;SACT,CAAC,CAAC;QACH,CAAC;YACC,MAAM;iBACH,KAAK,CAAC,mBAAmB,CAAC,QAAQ,CAAC,IAAI,CAAC;iBACxC,KAAK,CAAC,mBAAmB,CAAC,QAAQ,CAAC,OAAO,CAAC;iBAC3C,KAAK,CAAC,mBAAmB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAChD,MAAM,uBAAuB,GAAG,IAAI,GAAG,EAAU,CAAC;YAClD,MAAM,eAAe,GAAoB,EAAE,CAAC;YAE5C,MAAM,MAAM,GAAG,IAAI,KAAK,CAAC,EAAE,WAAW,EAAE,CAAC,EAAE,CAAC,CAAC;YAC7C,MAAM,CAAC,EAAE,CACP,YAAY,EACZ,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,OAAO,CAAC,CACxD,CAAC;YAEF,MAAM,eAAe,GAAoB;gBACvC,QAAQ;gBACR,cAAc;gBACd,WAAW;aACZ,CAAC;YACF,IAAI,KAAK,EAAE,MAAM,OAAO,IAAI,aAAa,CAAC,IAAI,CAAC,QAAQ,EAAE,eAAe,CAAC,EAAE,CAAC;gBAC1E,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,cAAc,EAAE,GAAG,OAAO,CAAC;gBACrD,MAAM,UAAU,GAAe;oBAC7B,QAAQ,EAAE;wBACR,CAAC,OAAO,CAAC,EAAE;4BACT,GAAG,cAAc;4BACjB,GAAG,eAAe,CAAC,+BAA+B,CAAC;yBACpD;qBACF;oBACD,eAAe,EAAE,EAAE;oBACnB,QAAQ,EAAE,eAAe,CAAC,0BAA0B,CAAC;iBACtD,CAAC;gBAEF,IAAI,qBAAqB,GAAG,IAAI,CAAC;gBACjC,IAAI,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;oBAC3B,MAAM,GAAG,GAAG,YAAY,CAAC,GAAG,CAAC,IAAI,CAAE,CAAC;oBACpC,eAAe,CAAC,IAAI,CAClB,gBAAgB,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,CAAC,CACrC,CAAC;oBAEF,IAAI,OAAO,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;wBAC5B,kDAAkD;wBAClD,uEAAuE;wBACvE,qBAAqB,GAAG,KAAK,CAAC;oBAChC,CAAC;yBACI,CAAC;wBACJ,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;oBACvD,CAAC;gBACH,CAAC;qBACI,CAAC;oBACJ,YAAY,CAAC,GAAG,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;gBACrC,CAAC;gBAED,uDAAuD;gBACvD,IAAI,OAAO,CAAC,eAAe,IAAI,CAAC,qBAAqB,EAAE,CAAC;oBACtD,SAAS;gBACX,CAAC;gBAED,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;gBAE/C,6EAA6E;gBAC7E,IAAI,uBAAuB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,qBAAqB,EAAE,CAAC;oBACxE,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;gBACrD,CAAC;qBACI,CAAC;oBACJ,uBAAuB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;oBAClC,eAAe,CAAC,IAAI,CAAC,eAAe,CAAC,IAAI,EAAE,OAAO,EAAE;wBAClD,UAAU;wBACV,MAAM;qBACP,CAAC,CAAC,CAAC;gBACN,CAAC;gBAED,MAAM,cAAc,GAAG;oBACrB,GAAG,EAAE,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAQ;oBACxC,QAAQ;oBACR,UAAU,EAAE,YAAY,IAAI,IAAI,KAAK,QAAQ,CAAC,IAAI;oBAClD,QAAQ;iBACT,CAAC;gBACF,eAAe,CAAC,IAAI,CAClB,kBAAkB,CAAC,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,cAAc,CAAC,CACnE,CAAC;YACJ,CAAC;YAED,MAAM,CAAC,GAAG,CAAC,mBAAmB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YAC9C,MAAM,OAAO,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC;YAE1C,MAAM;iBACH,GAAG,CAAC,mBAAmB,CAAC,QAAQ,CAAC,OAAO,CAAC;iBACzC,GAAG,CAAC,mBAAmB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAChD,CAAC;QAED,MAAM,EAAE,0BAA0B,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC,WAAW,CAClE,qBAAqB,CACtB,CAAC;QAEF,MAAM,gBAAgB,GAAG,CAAC,QAAQ,KAAK,iBAAiB,IAAI,QAAQ,KAAK,MAAM,CAAC;eAC3E,OAAO,QAAQ,KAAK,WAAW,CAAC;QACrC,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACtB,MAAM,0BAA0B,CAAC,YAAmB,EAAE;gBACpD,iBAAiB,EAAE,IAAI;gBACvB,IAAI,EAAE,QAAQ;aACf,CAAC,CAAC;QACL,CAAC;QAED,OAAO,CAAC,qBAAqB,GAAG,QAAQ,CAAC;QAEzC,sFAAsF;QACtF,6EAA6E;QAC7E,MAAM,cAAc,GAAa,EAAE,CAAC;QACpC,KAAK,MAAM,CAAC,WAAW,EAAE,UAAU,CAAC,IAAI,YAAY,EAAE,CAAC;YACrD,MAAM,mBAAmB,GAAG,UAAU,CAAC,QAAQ,EAAE,SAAS,IAAI,EAAE,CAAC;YAEjE,KAAK,MAAM,CAAC,OAAO,EAAE,SAAS,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,mBAAmB,CAAC,EAAE,CAAC;gBACvE,MAAM,aAAa,GAAG,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAsB,CAAC;gBAExE,aAAa;gBACb,MAAM,cAAc,GAAG,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,KAAK,eAAe,CAAC,CAAC;gBAClG,IAAI,cAAc,EAAE,CAAC;oBACnB,cAAc,CAAC,IAAI,CAAC,GAAG,WAAW,IAAI,OAAO,oCAAoC,CAAC,CAAC;gBACrF,CAAC;gBAED,IAAI,CAAC,CAAC,WAAW,IAAI,aAAa,CAAC,IAAI,aAAa,CAAC,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;oBAC7E,SAAS;gBACX,CAAC;gBAED,IAAI,aAAa,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;oBAC1C,cAAc,CAAC,IAAI,CAAC,GAAG,WAAW,IAAI,OAAO,8CAA8C,CAAC,CAAC;gBAC/F,CAAC;YACH,CAAC;YACD,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC1D,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,GAAG,OAAsC,CAAC;gBACvE,aAAa,CAAC,KAAK,CAAC,IAAI,CACtB,GAAG,sBAAsB,CAAC,IAAI,GAAG,CAAC,aAAa,CAAC,KAAK,CAAC,EAAE,UAAU,CAAC,CACpE,CAAC;gBAEF,IAAI,eAAe,CAAC,aAAa,EAAE,QAAQ,EAAE,WAAW,CAAC,EAAE,CAAC;oBAC1D,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,QAAQ,EAAE;wBACjC,MAAM,EAAE,WAAW,CAAC,QAAQ,CAAC,MAAM,CAAC;wBACpC,QAAQ,EAAE,QAAQ,CAAC,QAAQ;qBAC5B,CAAC,CAAC;oBAEH,MAAM,CAAC,MAAM,CAAC,aAAa,EAAE;wBAC3B,MAAM,EAAE,WAAW,CAAC,QAAQ,CAAC,MAAM,CAAC;wBACpC,KAAK,EAAE,gBAAgB,CAAC,QAAQ,CAAC;wBACjC,UAAU,EAAE,QAAQ,CAAC,UAAU;qBAChC,CAAC,CAAC;gBACL,CAAC;gBAED,MAAM,QAAQ,GAAG,aAAa,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,WAAW,IAAI,MAAM,EAAE,CAAC,IAAI,IAAI,GAAG,EAAE,CAAC;gBACzF,IAAI,QAAQ,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;oBACxB,SAAS;gBACX,CAAC;gBAED,MAAM,MAAM,GAA2B,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;gBAC3D,KAAK,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,WAAW,CAAC,QAAQ,CAAC,EAAE,CAAC;oBACpD,MAAM,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC;gBACzB,CAAC;gBACD,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;YAC9C,CAAC;QACH,CAAC;QAED,IAAI,CAAC;YACH,MAAM,EAAE,QAAQ,EAAE,WAAW,EAAE,GAAG,MAAM,uBAAuB,CAC7D,YAAY,EACZ,OAAO,CAAC,SAAS,EAAE,QAAQ,CAC5B,CAAC;YACF,OAAO,CAAC,QAAQ,GAAG,cAAc,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YACnD,OAAO,CAAC,WAAW,GAAG;gBACpB,QAAQ,EAAE,WAAW;aACtB,CAAC;YACF,OAAO,CAAC,YAAY,GAAG,MAAM,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC;YAExD,OAAO,OAAkB,CAAC;QAC5B,CAAC;gBACO,CAAC;YACP,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC;QACxC,CAAC;;;;;;;;;;;CACF;AAED,sCAAsC;AACtC,KAAK,UAAU,kBAAkB,CAC/B,IAAY,EACZ,OAAe,EACf,MAAa,EACb,OAAsB,EACtB,OAKC;IAED,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,OAAO,EAAE,CAAC;IAEpC,IAAI,CAAC;QACH,MAAM,EACJ,QAAQ,EACR,QAAQ,GAAG,OAAO,CAAC,GAAG,EAAE,EACxB,UAAU,EACV,GAAG,EACJ,GAAG,OAAO,CAAC;QAEZ,MAAM,IAAI,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC;YAC9B,eAAe,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC,CAAC;YAC3C,iBAAiB,CAAC,OAAO,CAAC,QAAQ,EAAE;gBAClC,IAAI,EAAE,GAAG,IAAI,IAAI,OAAO,EAAE;gBAC1B,QAAQ;aACT,CAAC,CACH,CAAC;QAEF,MAAM,gBAAgB,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IACpC,CAAC;IACD,MAAM,CAAC;QACL,SAAS;IACX,CAAC;YACO,CAAC;QACP,IAAI,EAAE,CAAC;IACT,CAAC;AACH,CAAC;AAED,SAAS,eAAe,CACtB,aAAgC,EAChC,QAAuC,EACvC,WAAmB;IAEnB,OAAO,aAAa,CAAC,qBAAqB,KAAK,KAAK,IAAI,WAAW,KAAK,QAAQ,CAAC,IAAI,CAAC;AACxF,CAAC"}
|
|
@@ -1,10 +1,10 @@
|
|
|
1
|
-
import type {
|
|
1
|
+
import type { Warning, WarningName } from "@nodesecure/js-x-ray";
|
|
2
2
|
import type { ManifestProbeExtractor, ProbeExtractorManifestParent } from "../payload.js";
|
|
3
3
|
import type { DependencyVersion } from "../../types.js";
|
|
4
4
|
export type WarningsResult = {
|
|
5
5
|
warnings: {
|
|
6
6
|
count: number;
|
|
7
|
-
groups: Record<string, Warning
|
|
7
|
+
groups: Record<string, Warning[]>;
|
|
8
8
|
uniqueKinds: Record<WarningName, number>;
|
|
9
9
|
};
|
|
10
10
|
};
|
|
@@ -23,7 +23,7 @@ export declare class Warnings implements ManifestProbeExtractor<WarningsResult>
|
|
|
23
23
|
warnings: {
|
|
24
24
|
count: number;
|
|
25
25
|
uniqueKinds: any;
|
|
26
|
-
groups: Record<string,
|
|
26
|
+
groups: Record<string, Warning<WarningName>[]>;
|
|
27
27
|
};
|
|
28
28
|
};
|
|
29
29
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"WarningsExtractor.class.d.ts","sourceRoot":"","sources":["../../../src/extractors/probes/WarningsExtractor.class.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EACV,
|
|
1
|
+
{"version":3,"file":"WarningsExtractor.class.d.ts","sourceRoot":"","sources":["../../../src/extractors/probes/WarningsExtractor.class.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EACV,OAAO,EACP,WAAW,EACZ,MAAM,sBAAsB,CAAC;AAI9B,OAAO,KAAK,EACV,sBAAsB,EACtB,4BAA4B,EAC7B,MAAM,eAAe,CAAC;AACvB,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AAExD,MAAM,MAAM,cAAc,GAAG;IAC3B,QAAQ,EAAE;QACR,KAAK,EAAE,MAAM,CAAC;QACd,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,EAAE,CAAC,CAAC;QAClC,WAAW,EAAE,MAAM,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;KAC1C,CAAC;CACH,CAAC;AAEF,MAAM,WAAW,eAAe;IAC9B;;OAEG;IACH,YAAY,CAAC,EAAE,OAAO,CAAC;CACxB;AAED,qBAAa,QAAS,YAAW,sBAAsB,CAAC,cAAc,CAAC;;IACrE,KAAK,EAAG,UAAU,CAAU;gBAQ1B,OAAO,GAAE,eAAoB;IAK/B,IAAI,CACF,OAAO,EAAE,MAAM,EACf,UAAU,EAAE,iBAAiB,EAC7B,MAAM,EAAE,4BAA4B;IAwBtC,IAAI;;;yBAIwD,GAAG;;;;CAKhE"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"WarningsExtractor.class.js","sourceRoot":"","sources":["../../../src/extractors/probes/WarningsExtractor.class.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"WarningsExtractor.class.js","sourceRoot":"","sources":["../../../src/extractors/probes/WarningsExtractor.class.ts"],"names":[],"mappings":"AAKA,OAAO,YAAY,MAAM,eAAe,CAAC;AAwBzC,MAAM,OAAO,QAAQ;IACnB,KAAK,GAAG,UAAmB,CAAC;IAE5B,SAAS,GAA8B,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IAC3D,YAAY,GAAG,IAAI,YAAY,EAA+B,CAAC;IAC/D,MAAM,GAAG,CAAC,CAAC;IACX,aAAa,CAAU;IAEvB,YACE,UAA2B,EAAE;QAE7B,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC,YAAY,IAAI,IAAI,CAAC;IACpD,CAAC;IAED,IAAI,CACF,OAAe,EACf,UAA6B,EAC7B,MAAoC;QAEpC,MAAM,EAAE,QAAQ,EAAE,GAAG,UAAU,CAAC;QAChC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC1B,OAAO;QACT,CAAC;QAED,IAAI,CAAC,MAAM,IAAI,QAAQ,CAAC,MAAM,CAAC;QAC/B,MAAM,GAAG,GAAG,IAAI,CAAC,aAAa,CAAC,CAAC;YAC9B,GAAG,MAAM,CAAC,IAAI,IAAI,OAAO,EAAE,CAAC,CAAC;YAC7B,MAAM,CAAC,IAAI,CAAC;QAEd,QAAQ;aACL,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC;aACxB,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC;QAElD,IAAI,GAAG,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YAC1B,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC,CAAC;QACxC,CAAC;aACI,CAAC;YACJ,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,QAAQ,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;IAED,IAAI;QACF,OAAO;YACL,QAAQ,EAAE;gBACR,KAAK,EAAE,IAAI,CAAC,MAAM;gBAClB,WAAW,EAAE,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,YAAY,CAAQ;gBACzD,MAAM,EAAE,IAAI,CAAC,SAAS;aACvB;SACF,CAAC;IACJ,CAAC;CACF"}
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,OAAO,MAAM,qBAAqB,CAAC;AAI/C,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAE3C,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAEtE,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AACvD,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AAS1C,cAAc,YAAY,CAAC;AAC3B,cAAc,uBAAuB,CAAC;AAEtC,wBAAsB,GAAG,CACvB,QAAQ,SAAgB,EACxB,OAAO,GAAE,OAAY,EACrB,MAAM,SAAe,yCAyBtB;AAED,wBAAsB,IAAI,CACxB,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE,IAAI,CAAC,OAAO,EAAE,gBAAgB,CAAM,EAC7C,MAAM,SAAe,yCAkBtB;AAED,wBAAsB,MAAM,CAC1B,WAAW,CAAC,EAAE,MAAM,GACnB,OAAO,CAAC,OAAO,CAAC,oBAAoB,CAAC,CAevC;AAED,OAAO,EACL,SAAS,EACT,OAAO,EACP,eAAe,EACf,MAAM,EACN,mBAAmB,EACpB,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -1,7 +1,58 @@
|
|
|
1
|
+
var __addDisposableResource = (this && this.__addDisposableResource) || function (env, value, async) {
|
|
2
|
+
if (value !== null && value !== void 0) {
|
|
3
|
+
if (typeof value !== "object" && typeof value !== "function") throw new TypeError("Object expected.");
|
|
4
|
+
var dispose, inner;
|
|
5
|
+
if (async) {
|
|
6
|
+
if (!Symbol.asyncDispose) throw new TypeError("Symbol.asyncDispose is not defined.");
|
|
7
|
+
dispose = value[Symbol.asyncDispose];
|
|
8
|
+
}
|
|
9
|
+
if (dispose === void 0) {
|
|
10
|
+
if (!Symbol.dispose) throw new TypeError("Symbol.dispose is not defined.");
|
|
11
|
+
dispose = value[Symbol.dispose];
|
|
12
|
+
if (async) inner = dispose;
|
|
13
|
+
}
|
|
14
|
+
if (typeof dispose !== "function") throw new TypeError("Object not disposable.");
|
|
15
|
+
if (inner) dispose = function() { try { inner.call(this); } catch (e) { return Promise.reject(e); } };
|
|
16
|
+
env.stack.push({ value: value, dispose: dispose, async: async });
|
|
17
|
+
}
|
|
18
|
+
else if (async) {
|
|
19
|
+
env.stack.push({ async: true });
|
|
20
|
+
}
|
|
21
|
+
return value;
|
|
22
|
+
};
|
|
23
|
+
var __disposeResources = (this && this.__disposeResources) || (function (SuppressedError) {
|
|
24
|
+
return function (env) {
|
|
25
|
+
function fail(e) {
|
|
26
|
+
env.error = env.hasError ? new SuppressedError(e, env.error, "An error was suppressed during disposal.") : e;
|
|
27
|
+
env.hasError = true;
|
|
28
|
+
}
|
|
29
|
+
var r, s = 0;
|
|
30
|
+
function next() {
|
|
31
|
+
while (r = env.stack.pop()) {
|
|
32
|
+
try {
|
|
33
|
+
if (!r.async && s === 1) return s = 0, env.stack.push(r), Promise.resolve().then(next);
|
|
34
|
+
if (r.dispose) {
|
|
35
|
+
var result = r.dispose.call(r.value);
|
|
36
|
+
if (r.async) return s |= 2, Promise.resolve(result).then(next, function(e) { fail(e); return next(); });
|
|
37
|
+
}
|
|
38
|
+
else s |= 1;
|
|
39
|
+
}
|
|
40
|
+
catch (e) {
|
|
41
|
+
fail(e);
|
|
42
|
+
}
|
|
43
|
+
}
|
|
44
|
+
if (s === 1) return env.hasError ? Promise.reject(env.error) : Promise.resolve();
|
|
45
|
+
if (env.hasError) throw env.error;
|
|
46
|
+
}
|
|
47
|
+
return next();
|
|
48
|
+
};
|
|
49
|
+
})(typeof SuppressedError === "function" ? SuppressedError : function (error, suppressed, message) {
|
|
50
|
+
var e = new Error(message);
|
|
51
|
+
return e.name = "SuppressedError", e.error = error, e.suppressed = suppressed, e;
|
|
52
|
+
});
|
|
1
53
|
// Import Node.js Dependencies
|
|
2
54
|
import path from "node:path";
|
|
3
55
|
import fs from "node:fs/promises";
|
|
4
|
-
import timers from "node:timers/promises";
|
|
5
56
|
import os from "node:os";
|
|
6
57
|
// Import Third-party Dependencies
|
|
7
58
|
import pacote from "pacote";
|
|
@@ -11,6 +62,7 @@ import * as tarball from "@nodesecure/tarball";
|
|
|
11
62
|
import { depWalker } from "./depWalker.js";
|
|
12
63
|
import { NPM_TOKEN, urlToString } from "./utils/index.js";
|
|
13
64
|
import { Logger, ScannerLoggerEvents } from "./class/logger.class.js";
|
|
65
|
+
import { TempDirectory } from "./class/TempDirectory.class.js";
|
|
14
66
|
import { comparePayloads } from "./comparePayloads.js";
|
|
15
67
|
// CONSTANTS
|
|
16
68
|
const kDefaultCwdOptions = {
|
|
@@ -48,21 +100,27 @@ export async function from(packageName, options = {}, logger = new Logger()) {
|
|
|
48
100
|
manifest, Object.assign(options, { registry }), logger);
|
|
49
101
|
}
|
|
50
102
|
export async function verify(packageName) {
|
|
51
|
-
|
|
52
|
-
return tarball.scanPackage(process.cwd());
|
|
53
|
-
}
|
|
54
|
-
const tmpLocation = await fs.mkdtemp(path.join(os.tmpdir(), "nsecure-"));
|
|
55
|
-
const dest = path.join(tmpLocation, packageName);
|
|
103
|
+
const env_1 = { stack: [], error: void 0, hasError: false };
|
|
56
104
|
try {
|
|
57
|
-
|
|
58
|
-
|
|
105
|
+
if (typeof packageName === "undefined") {
|
|
106
|
+
return tarball.scanPackage(process.cwd());
|
|
107
|
+
}
|
|
108
|
+
const tempDir = __addDisposableResource(env_1, await TempDirectory.create(), true);
|
|
109
|
+
const mama = await tarball.extractAndResolve(tempDir.location, {
|
|
110
|
+
spec: packageName,
|
|
111
|
+
registry: getLocalRegistryURL()
|
|
59
112
|
});
|
|
60
|
-
const scanResult = await tarball.scanPackage(
|
|
113
|
+
const scanResult = await tarball.scanPackage(mama);
|
|
61
114
|
return scanResult;
|
|
62
115
|
}
|
|
116
|
+
catch (e_1) {
|
|
117
|
+
env_1.error = e_1;
|
|
118
|
+
env_1.hasError = true;
|
|
119
|
+
}
|
|
63
120
|
finally {
|
|
64
|
-
|
|
65
|
-
|
|
121
|
+
const result_1 = __disposeResources(env_1);
|
|
122
|
+
if (result_1)
|
|
123
|
+
await result_1;
|
|
66
124
|
}
|
|
67
125
|
}
|
|
68
126
|
export { depWalker, tarball, comparePayloads, Logger, ScannerLoggerEvents };
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,8BAA8B;AAC9B,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAClC,OAAO,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8BAA8B;AAC9B,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAClC,OAAO,EAAE,MAAM,SAAS,CAAC;AAEzB,kCAAkC;AAClC,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC;AACnE,OAAO,KAAK,OAAO,MAAM,qBAAqB,CAAC;AAG/C,+BAA+B;AAC/B,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAC3C,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAC1D,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AACtE,OAAO,EAAE,aAAa,EAAE,MAAM,gCAAgC,CAAC;AAC/D,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAGvD,YAAY;AACZ,MAAM,kBAAkB,GAAG;IACzB,iBAAiB,EAAE,IAAI;IACvB,cAAc,EAAE,IAAI;IACpB,cAAc,EAAE,KAAK;CACtB,CAAC;AAEF,cAAc,YAAY,CAAC;AAC3B,cAAc,uBAAuB,CAAC;AAEtC,MAAM,CAAC,KAAK,UAAU,GAAG,CACvB,QAAQ,GAAG,OAAO,CAAC,GAAG,EAAE,EACxB,UAAmB,EAAE,EACrB,MAAM,GAAG,IAAI,MAAM,EAAE;IAErB,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;QACjC,WAAW,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC;QAC/B,mBAAmB,EAAE,CAAC;IAExB,MAAM,gBAAgB,GAAG,MAAM,CAAC,MAAM,CACpC,EAAE,QAAQ,EAAE,EACZ,kBAAkB,EAClB;QACE,GAAG,OAAO;QACV,QAAQ;KACT,CACF,CAAC;IAEF,MAAM,CAAC,KAAK,CAAC,mBAAmB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IAChD,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;IACxD,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;IACpD,MAAM,CAAC,GAAG,CAAC,mBAAmB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IAE9C,OAAO,SAAS,CACd,IAAI,CAAC,KAAK,CAAC,GAAG,CAAgB,EAC9B,gBAAgB,EAChB,MAAM,CACP,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,IAAI,CACxB,WAAmB,EACnB,UAA2C,EAAE,EAC7C,MAAM,GAAG,IAAI,MAAM,EAAE;IAErB,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;QACjC,WAAW,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC;QAC/B,mBAAmB,EAAE,CAAC;IAExB,MAAM,CAAC,KAAK,CAAC,mBAAmB,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IACjD,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAE;QAClD,GAAG,SAAS,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,OAAO,EAAE,OAAO;KACtD,CAAC,CAAC;IACH,MAAM,CAAC,GAAG,CAAC,mBAAmB,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAE/C,OAAO,SAAS;IACd,wDAAwD;IACxD,QAAsC,EACtC,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,CAAC,EACpC,MAAM,CACP,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,MAAM,CAC1B,WAAoB;;;QAEpB,IAAI,OAAO,WAAW,KAAK,WAAW,EAAE,CAAC;YACvC,OAAO,OAAO,CAAC,WAAW,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;QAC5C,CAAC;QAED,MAAY,OAAO,kCAAG,MAAM,aAAa,CAAC,MAAM,EAAE,OAAA,CAAC;QAEnD,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,iBAAiB,CAAC,OAAO,CAAC,QAAQ,EAAE;YAC7D,IAAI,EAAE,WAAW;YACjB,QAAQ,EAAE,mBAAmB,EAAE;SAChC,CAAC,CAAC;QAEH,MAAM,UAAU,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;QAEnD,OAAO,UAAU,CAAC;;;;;;;;;;;CACnB;AAED,OAAO,EACL,SAAS,EACT,OAAO,EACP,eAAe,EACf,MAAM,EACN,mBAAmB,EACpB,CAAC"}
|
package/dist/types.d.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import type { Warning
|
|
1
|
+
import type { Warning } from "@nodesecure/js-x-ray";
|
|
2
2
|
import * as Vulnera from "@nodesecure/vulnera";
|
|
3
3
|
import type { PackageModuleType } from "@nodesecure/mama";
|
|
4
4
|
import type { SpdxFileLicenseConformance } from "@nodesecure/conformance";
|
|
@@ -66,7 +66,7 @@ export interface DependencyVersion {
|
|
|
66
66
|
*
|
|
67
67
|
* @see https://github.com/NodeSecure/js-x-ray/blob/master/WARNINGS.md
|
|
68
68
|
*/
|
|
69
|
-
warnings: Warning
|
|
69
|
+
warnings: Warning[];
|
|
70
70
|
alias: Record<string, string>;
|
|
71
71
|
/** Tarball composition (files and dependencies) */
|
|
72
72
|
composition: {
|
package/dist/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,KAAK,OAAO,MAAM,qBAAqB,CAAC;AAC/C,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAE1D,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,yBAAyB,CAAC;AAC1E,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AAC9D,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAC;AAErD,MAAM,MAAM,UAAU,GAAG,OAAO,GAAG;IACjC;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,MAAM,MAAM,SAAS,GAAG,IAAI,CAAC,UAAU,EAAE,KAAK,CAAC,GAAG;IAChD;;OAEG;IACH,OAAO,EAAE,MAAM,CAAC;IAChB;;;OAGG;IACH,EAAE,EAAE,MAAM,CAAC;CACZ,CAAC;AAEF,MAAM,WAAW,eAAe;IAC9B,wBAAwB;IACxB,GAAG,EAAE,MAAM,CAAC;IACZ,mBAAmB;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,yBAAyB;IACzB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,OAAO;IACtB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,MAAM,CAAC;CACb;AAED,MAAM,WAAW,iBAAiB;IAChC,qDAAqD;IACrD,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,iBAAiB,CAAC;IACxB,eAAe,EAAE,OAAO,CAAC;IACzB;;;OAGG;IACH,qBAAqB,EAAE,OAAO,CAAC;IAC/B,uCAAuC;IACvC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC/B,uDAAuD;IACvD,IAAI,EAAE,MAAM,CAAC;IACb,4BAA4B;IAC5B,eAAe,EAAE,MAAM,CAAC;IACxB,0BAA0B;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,iFAAiF;IACjF,MAAM,EAAE,UAAU,GAAG,IAAI,CAAC;IAC1B,OAAO,EAAE,OAAO,CAAC;IACjB,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC;;;;OAIG;IACH,QAAQ,EAAE,OAAO,EAAE,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC9B,mDAAmD;IACnD,WAAW,EAAE;QACX,8CAA8C;QAC9C,UAAU,EAAE,MAAM,EAAE,CAAC;QACrB,KAAK,EAAE,MAAM,EAAE,CAAC;QAChB,wCAAwC;QACxC,QAAQ,EAAE,MAAM,EAAE,CAAC;QACnB,cAAc,EAAE,MAAM,EAAE,CAAC;QACzB,mBAAmB,EAAE,MAAM,EAAE,CAAC;QAC9B,eAAe,EAAE,MAAM,EAAE,CAAC;QAC1B,gBAAgB,EAAE,MAAM,EAAE,CAAC;QAC3B,MAAM,EAAE,MAAM,EAAE,CAAC;QACjB,OAAO,EAAE,MAAM,EAAE,CAAC;KACnB,CAAC;IACF;;OAEG;IACH,QAAQ,EAAE,0BAA0B,EAAE,CAAC;IACvC,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B;;;;OAIG;IACH,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB;;OAEG;IACH,MAAM,EAAE,IAAI,GAAG,MAAM,CAAC;IACtB;;;;;OAKG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,eAAe,CAAC;IACxB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,UAAU;IACzB,4BAA4B;IAC5B,QAAQ,EAAE;QACR,0CAA0C;QAC1C,cAAc,EAAE,MAAM,CAAC;QACvB,YAAY,EAAE,IAAI,CAAC;QACnB,0BAA0B;QAC1B,WAAW,EAAE,MAAM,CAAC;QACpB,gBAAgB,EAAE,OAAO,CAAC;QAC1B,iBAAiB,EAAE,OAAO,CAAC;QAC3B,0BAA0B,EAAE,OAAO,CAAC;QACpC,iFAAiF;QACjF,MAAM,EAAE,UAAU,GAAG,IAAI,CAAC;QAC1B,wBAAwB;QACxB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;QACxB;;WAEG;QACH,WAAW,EAAE,UAAU,EAAE,CAAC;QAC1B;;WAEG;QACH,UAAU,EAAE,SAAS,EAAE,CAAC;QACxB;;;WAGG;QACH,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;KACnC,CAAC;IACF,yFAAyF;IACzF,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,iBAAiB,CAAC,CAAC;IAC5C;;;;OAIG;IACH,eAAe,EAAE,OAAO,CAAC,qBAAqB,EAAE,CAAC;CAClD;AAED,MAAM,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;AAEtD,MAAM,WAAW,OAAO;IACtB,wBAAwB;IACxB,EAAE,EAAE,MAAM,CAAC;IACX,mCAAmC;IACnC,kBAAkB,EAAE,MAAM,CAAC;IAC3B,2BAA2B;IAC3B,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,WAAW,EAAE;QACX,QAAQ,EAAE,kBAAkB,EAAE,CAAC;KAChC,CAAC;IACF,sDAAsD;IACtD,YAAY,EAAE,YAAY,CAAC;IAC3B,yDAAyD;IACzD,cAAc,EAAE,MAAM,CAAC;IACvB,oDAAoD;IACpD,qBAAqB,EAAE,OAAO,CAAC,IAAI,CAAC;CACrC;AAED,MAAM,WAAW,OAAO;IACtB;;;;OAIG;IACH,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAE3B,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,GAAG,GAAG,CAAC;IAEjC;;;;;;;OAOG;IACH,WAAW,CAAC,EAAE;QACZ;;;;;WAKG;QACH,aAAa,CAAC,EAAE,OAAO,CAAC;QAExB;;;WAGG;QACH,QAAQ,EAAE,MAAM,CAAC;KAClB,CAAC;IAEF,SAAS,CAAC,EAAE;QACV,QAAQ,EAAE,OAAO,EAAE,CAAC;KACrB,CAAC;IAEF;;;;OAIG;IACH,QAAQ,CAAC,cAAc,CAAC,EAAE,OAAO,CAAC;IAElC;;;;OAIG;IACH,QAAQ,CAAC,qBAAqB,CAAC,EAAE,OAAO,CAAC,IAAI,CAAC;IAE9C;;;;;OAKG;IACH,QAAQ,CAAC,YAAY,CAAC,EAAE,OAAO,CAAC;CACjC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@nodesecure/scanner",
|
|
3
|
-
"version": "6.
|
|
3
|
+
"version": "6.10.0",
|
|
4
4
|
"description": "A package API to run a static analysis of your module's dependencies.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"exports": "./dist/index.js",
|
|
@@ -53,16 +53,16 @@
|
|
|
53
53
|
"@nodesecure/contact": "^2.0.0",
|
|
54
54
|
"@nodesecure/flags": "^3.0.3",
|
|
55
55
|
"@nodesecure/i18n": "^4.0.1",
|
|
56
|
-
"@nodesecure/js-x-ray": "^
|
|
57
|
-
"@nodesecure/mama": "^1.
|
|
56
|
+
"@nodesecure/js-x-ray": "^9.2.0",
|
|
57
|
+
"@nodesecure/mama": "^1.6.0",
|
|
58
58
|
"@nodesecure/npm-registry-sdk": "^3.0.0",
|
|
59
59
|
"@nodesecure/npm-types": "^1.2.0",
|
|
60
|
-
"@nodesecure/rc": "^5.0.
|
|
61
|
-
"@nodesecure/tarball": "^
|
|
62
|
-
"@nodesecure/tree-walker": "^1.3.
|
|
60
|
+
"@nodesecure/rc": "^5.0.1",
|
|
61
|
+
"@nodesecure/tarball": "^2.0.1",
|
|
62
|
+
"@nodesecure/tree-walker": "^1.3.1",
|
|
63
63
|
"@nodesecure/utils": "^2.3.0",
|
|
64
64
|
"@nodesecure/vulnera": "^2.0.1",
|
|
65
|
-
"@openally/mutex": "^
|
|
65
|
+
"@openally/mutex": "^2.0.0",
|
|
66
66
|
"frequency-set": "^1.0.2",
|
|
67
67
|
"pacote": "^21.0.0",
|
|
68
68
|
"semver": "^7.5.4",
|