@nodesecure/scanner 6.9.0 → 6.11.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/class/TempDirectory.class.d.ts +1 -0
- package/dist/class/TempDirectory.class.d.ts.map +1 -1
- package/dist/class/TempDirectory.class.js +3 -0
- package/dist/class/TempDirectory.class.js.map +1 -1
- package/dist/class/TopPackages.class.d.ts +10 -0
- package/dist/class/TopPackages.class.d.ts.map +1 -0
- package/dist/class/TopPackages.class.js +36 -0
- package/dist/class/TopPackages.class.js.map +1 -0
- package/dist/depWalker.d.ts.map +1 -1
- package/dist/depWalker.js +218 -152
- package/dist/depWalker.js.map +1 -1
- package/dist/extractors/probes/WarningsExtractor.class.d.ts +3 -3
- package/dist/extractors/probes/WarningsExtractor.class.d.ts.map +1 -1
- package/dist/extractors/probes/WarningsExtractor.class.js.map +1 -1
- package/dist/i18n/english.d.ts +1 -0
- package/dist/i18n/english.js +4 -1
- package/dist/i18n/english.js.map +1 -1
- package/dist/i18n/french.d.ts +1 -0
- package/dist/i18n/french.js +4 -1
- package/dist/i18n/french.js.map +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +64 -7
- package/dist/index.js.map +1 -1
- package/dist/npmRegistry.js +2 -2
- package/dist/npmRegistry.js.map +1 -1
- package/dist/types.d.ts +2 -2
- package/dist/types.d.ts.map +1 -1
- package/dist/utils/warnings.d.ts.map +1 -1
- package/dist/utils/warnings.js +9 -1
- package/dist/utils/warnings.js.map +1 -1
- package/package.json +11 -10
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"TempDirectory.class.d.ts","sourceRoot":"","sources":["../../src/class/TempDirectory.class.ts"],"names":[],"mappings":"AAKA,qBAAa,aAAa;IACxB,QAAQ,EAAE,MAAM,CAAC;IACjB,EAAE,EAAE,MAAM,CAAC;gBAGT,QAAQ,EAAE,MAAM,EAChB,EAAE,EAAE,MAAM;WAMC,MAAM;IAWb,KAAK;
|
|
1
|
+
{"version":3,"file":"TempDirectory.class.d.ts","sourceRoot":"","sources":["../../src/class/TempDirectory.class.ts"],"names":[],"mappings":"AAKA,qBAAa,aAAa;IACxB,QAAQ,EAAE,MAAM,CAAC;IACjB,EAAE,EAAE,MAAM,CAAC;gBAGT,QAAQ,EAAE,MAAM,EAChB,EAAE,EAAE,MAAM;WAMC,MAAM;IAWb,KAAK;IASL,CAAC,MAAM,CAAC,YAAY,CAAC;CAG5B"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"TempDirectory.class.js","sourceRoot":"","sources":["../../src/class/TempDirectory.class.ts"],"names":[],"mappings":"AAAA,8BAA8B;AAC9B,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAClC,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,MAAM,SAAS,CAAC;AAEzB,MAAM,OAAO,aAAa;IACxB,QAAQ,CAAS;IACjB,EAAE,CAAS;IAEX,YACE,QAAgB,EAChB,EAAU;QAEV,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC;IACf,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,MAAM;QACjB,MAAM,QAAQ,GAAG,MAAM,EAAE,CAAC,OAAO,CAC/B,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,EAAE,GAAG,CAAC,CAC5B,CAAC;QAEF,OAAO,IAAI,aAAa,CACtB,QAAQ,EACR,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CACnB,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,KAAK;QACT,MAAM,EAAE,CAAC,EAAE,CACT,IAAI,CAAC,QAAQ,EACb,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CACjC,CAAC;QAEF,OAAO,IAAI,CAAC;IACd,CAAC;CACF"}
|
|
1
|
+
{"version":3,"file":"TempDirectory.class.js","sourceRoot":"","sources":["../../src/class/TempDirectory.class.ts"],"names":[],"mappings":"AAAA,8BAA8B;AAC9B,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAClC,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,MAAM,SAAS,CAAC;AAEzB,MAAM,OAAO,aAAa;IACxB,QAAQ,CAAS;IACjB,EAAE,CAAS;IAEX,YACE,QAAgB,EAChB,EAAU;QAEV,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC;IACf,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,MAAM;QACjB,MAAM,QAAQ,GAAG,MAAM,EAAE,CAAC,OAAO,CAC/B,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,EAAE,GAAG,CAAC,CAC5B,CAAC;QAEF,OAAO,IAAI,aAAa,CACtB,QAAQ,EACR,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CACnB,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,KAAK;QACT,MAAM,EAAE,CAAC,EAAE,CACT,IAAI,CAAC,QAAQ,EACb,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CACjC,CAAC;QAEF,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC;QACzB,MAAM,IAAI,CAAC,KAAK,EAAE,CAAC;IACrB,CAAC;CACF"}
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* This implementation take inspiration from npq
|
|
3
|
+
* @see https://github.com/lirantal/npq/blob/c11e5425707ae992fcd6fb0878abe01ccd77399b/lib/marshalls/typosquatting.marshall.js#L23
|
|
4
|
+
*/
|
|
5
|
+
export declare class TopPackages {
|
|
6
|
+
#private;
|
|
7
|
+
loadJSON(): Promise<void>;
|
|
8
|
+
getSimilarPackages(packageName: string): string[];
|
|
9
|
+
}
|
|
10
|
+
//# sourceMappingURL=TopPackages.class.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"TopPackages.class.d.ts","sourceRoot":"","sources":["../../src/class/TopPackages.class.ts"],"names":[],"mappings":"AAaA;;;GAGG;AACH,qBAAa,WAAW;;IAGhB,QAAQ;IASd,kBAAkB,CAChB,WAAW,EAAE,MAAM,GAClB,MAAM,EAAE;CAqBZ"}
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
// Import Node.js Dependencies
|
|
2
|
+
import path from "node:path";
|
|
3
|
+
import fs from "node:fs/promises";
|
|
4
|
+
// Import Third-party Dependencies
|
|
5
|
+
import { distance } from "fastest-levenshtein";
|
|
6
|
+
// Import Internal Dependencies
|
|
7
|
+
import { getDirNameFromUrl } from "../utils/index.js";
|
|
8
|
+
// CONSTANTS
|
|
9
|
+
const __dirname = getDirNameFromUrl(import.meta.url);
|
|
10
|
+
/**
|
|
11
|
+
* This implementation take inspiration from npq
|
|
12
|
+
* @see https://github.com/lirantal/npq/blob/c11e5425707ae992fcd6fb0878abe01ccd77399b/lib/marshalls/typosquatting.marshall.js#L23
|
|
13
|
+
*/
|
|
14
|
+
export class TopPackages {
|
|
15
|
+
#packages = [];
|
|
16
|
+
async loadJSON() {
|
|
17
|
+
const rawPackageStr = await fs.readFile(path.join(__dirname, "..", "data", "top-packages.json"), "utf-8");
|
|
18
|
+
this.#packages = JSON.parse(rawPackageStr);
|
|
19
|
+
}
|
|
20
|
+
getSimilarPackages(packageName) {
|
|
21
|
+
const similarPackages = [];
|
|
22
|
+
for (const popularPackageNameInRepository of this.#packages) {
|
|
23
|
+
// If the package to be installed is itself found within the Top Packages dataset
|
|
24
|
+
// then we don't report on it
|
|
25
|
+
if (packageName === popularPackageNameInRepository) {
|
|
26
|
+
return [];
|
|
27
|
+
}
|
|
28
|
+
const levenshteinDistance = distance(packageName, popularPackageNameInRepository);
|
|
29
|
+
if (levenshteinDistance > 0 && levenshteinDistance < 3) {
|
|
30
|
+
similarPackages.push(popularPackageNameInRepository);
|
|
31
|
+
}
|
|
32
|
+
}
|
|
33
|
+
return [...new Set(similarPackages)];
|
|
34
|
+
}
|
|
35
|
+
}
|
|
36
|
+
//# sourceMappingURL=TopPackages.class.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"TopPackages.class.js","sourceRoot":"","sources":["../../src/class/TopPackages.class.ts"],"names":[],"mappings":"AAAA,8BAA8B;AAC9B,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAElC,kCAAkC;AAClC,OAAO,EAAE,QAAQ,EAAE,MAAM,qBAAqB,CAAC;AAE/C,+BAA+B;AAC/B,OAAO,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAEtD,YAAY;AACZ,MAAM,SAAS,GAAG,iBAAiB,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAErD;;;GAGG;AACH,MAAM,OAAO,WAAW;IACtB,SAAS,GAAa,EAAE,CAAC;IAEzB,KAAK,CAAC,QAAQ;QACZ,MAAM,aAAa,GAAG,MAAM,EAAE,CAAC,QAAQ,CACrC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,MAAM,EAAE,mBAAmB,CAAC,EACvD,OAAO,CACR,CAAC;QAEF,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,aAAa,CAAa,CAAC;IACzD,CAAC;IAED,kBAAkB,CAChB,WAAmB;QAEnB,MAAM,eAAe,GAAa,EAAE,CAAC;QACrC,KAAK,MAAM,8BAA8B,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YAC5D,iFAAiF;YACjF,6BAA6B;YAC7B,IAAI,WAAW,KAAK,8BAA8B,EAAE,CAAC;gBACnD,OAAO,EAAE,CAAC;YACZ,CAAC;YAED,MAAM,mBAAmB,GAAG,QAAQ,CAClC,WAAW,EACX,8BAA8B,CAC/B,CAAC;YAEF,IAAI,mBAAmB,GAAG,CAAC,IAAI,mBAAmB,GAAG,CAAC,EAAE,CAAC;gBACvD,eAAe,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;YACvD,CAAC;QACH,CAAC;QAED,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,eAAe,CAAC,CAAC,CAAC;IACvC,CAAC;CACF"}
|
package/dist/depWalker.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"depWalker.d.ts","sourceRoot":"","sources":["../src/depWalker.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"depWalker.d.ts","sourceRoot":"","sources":["../src/depWalker.ts"],"names":[],"mappings":"AAcA,OAAO,KAAK,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAW1E,OAAO,EAAE,MAAM,EAAuB,MAAM,yBAAyB,CAAC;AACtE,OAAO,KAAK,EAGV,OAAO,EACP,OAAO,EACR,MAAM,YAAY,CAAC;AA4CpB,KAAK,aAAa,GAAG,IAAI,CAAC,OAAO,EAAE,UAAU,CAAC,GAAG;IAC/C,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF,wBAAsB,SAAS,CAC7B,QAAQ,EAAE,WAAW,GAAG,eAAe,EACvC,OAAO,EAAE,aAAa,EACtB,MAAM,SAAe,GACpB,OAAO,CAAC,OAAO,CAAC,CAwMlB"}
|
package/dist/depWalker.js
CHANGED
|
@@ -1,7 +1,58 @@
|
|
|
1
|
+
var __addDisposableResource = (this && this.__addDisposableResource) || function (env, value, async) {
|
|
2
|
+
if (value !== null && value !== void 0) {
|
|
3
|
+
if (typeof value !== "object" && typeof value !== "function") throw new TypeError("Object expected.");
|
|
4
|
+
var dispose, inner;
|
|
5
|
+
if (async) {
|
|
6
|
+
if (!Symbol.asyncDispose) throw new TypeError("Symbol.asyncDispose is not defined.");
|
|
7
|
+
dispose = value[Symbol.asyncDispose];
|
|
8
|
+
}
|
|
9
|
+
if (dispose === void 0) {
|
|
10
|
+
if (!Symbol.dispose) throw new TypeError("Symbol.dispose is not defined.");
|
|
11
|
+
dispose = value[Symbol.dispose];
|
|
12
|
+
if (async) inner = dispose;
|
|
13
|
+
}
|
|
14
|
+
if (typeof dispose !== "function") throw new TypeError("Object not disposable.");
|
|
15
|
+
if (inner) dispose = function() { try { inner.call(this); } catch (e) { return Promise.reject(e); } };
|
|
16
|
+
env.stack.push({ value: value, dispose: dispose, async: async });
|
|
17
|
+
}
|
|
18
|
+
else if (async) {
|
|
19
|
+
env.stack.push({ async: true });
|
|
20
|
+
}
|
|
21
|
+
return value;
|
|
22
|
+
};
|
|
23
|
+
var __disposeResources = (this && this.__disposeResources) || (function (SuppressedError) {
|
|
24
|
+
return function (env) {
|
|
25
|
+
function fail(e) {
|
|
26
|
+
env.error = env.hasError ? new SuppressedError(e, env.error, "An error was suppressed during disposal.") : e;
|
|
27
|
+
env.hasError = true;
|
|
28
|
+
}
|
|
29
|
+
var r, s = 0;
|
|
30
|
+
function next() {
|
|
31
|
+
while (r = env.stack.pop()) {
|
|
32
|
+
try {
|
|
33
|
+
if (!r.async && s === 1) return s = 0, env.stack.push(r), Promise.resolve().then(next);
|
|
34
|
+
if (r.dispose) {
|
|
35
|
+
var result = r.dispose.call(r.value);
|
|
36
|
+
if (r.async) return s |= 2, Promise.resolve(result).then(next, function(e) { fail(e); return next(); });
|
|
37
|
+
}
|
|
38
|
+
else s |= 1;
|
|
39
|
+
}
|
|
40
|
+
catch (e) {
|
|
41
|
+
fail(e);
|
|
42
|
+
}
|
|
43
|
+
}
|
|
44
|
+
if (s === 1) return env.hasError ? Promise.reject(env.error) : Promise.resolve();
|
|
45
|
+
if (env.hasError) throw env.error;
|
|
46
|
+
}
|
|
47
|
+
return next();
|
|
48
|
+
};
|
|
49
|
+
})(typeof SuppressedError === "function" ? SuppressedError : function (error, suppressed, message) {
|
|
50
|
+
var e = new Error(message);
|
|
51
|
+
return e.name = "SuppressedError", e.error = error, e.suppressed = suppressed, e;
|
|
52
|
+
});
|
|
1
53
|
// Import Node.js Dependencies
|
|
2
54
|
import path from "node:path";
|
|
3
55
|
import { readFileSync } from "node:fs";
|
|
4
|
-
import timers from "node:timers/promises";
|
|
5
56
|
// Import Third-party Dependencies
|
|
6
57
|
import { Mutex, MutexRelease } from "@openally/mutex";
|
|
7
58
|
import { extractAndResolve, scanDirOrArchive } from "@nodesecure/tarball";
|
|
@@ -50,179 +101,194 @@ const kDefaultDependencyMetadata = {
|
|
|
50
101
|
};
|
|
51
102
|
const { version: packageVersion } = JSON.parse(readFileSync(new URL(path.join("..", "package.json"), import.meta.url), "utf-8"));
|
|
52
103
|
export async function depWalker(manifest, options, logger = new Logger()) {
|
|
53
|
-
const
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
const npmTreeWalker = new npm.TreeWalker({
|
|
64
|
-
registry
|
|
65
|
-
});
|
|
66
|
-
{
|
|
67
|
-
logger
|
|
68
|
-
.start(ScannerLoggerEvents.analysis.tree)
|
|
69
|
-
.start(ScannerLoggerEvents.analysis.tarball)
|
|
70
|
-
.start(ScannerLoggerEvents.analysis.registry);
|
|
71
|
-
const fetchedMetadataPackages = new Set();
|
|
72
|
-
const operationsQueue = [];
|
|
73
|
-
const locker = new Mutex({ concurrency: 5 });
|
|
74
|
-
locker.on(MutexRelease, () => logger.tick(ScannerLoggerEvents.analysis.tarball));
|
|
75
|
-
const rootDepsOptions = {
|
|
76
|
-
maxDepth,
|
|
77
|
-
includeDevDeps,
|
|
78
|
-
packageLock
|
|
104
|
+
const env_1 = { stack: [], error: void 0, hasError: false };
|
|
105
|
+
try {
|
|
106
|
+
const { scanRootNode = false, includeDevDeps = false, packageLock, maxDepth, location, vulnerabilityStrategy = Vulnera.strategies.NONE, registry } = options;
|
|
107
|
+
const tempDir = __addDisposableResource(env_1, await TempDirectory.create(), true);
|
|
108
|
+
const payload = {
|
|
109
|
+
id: tempDir.id,
|
|
110
|
+
rootDependencyName: manifest.name,
|
|
111
|
+
scannerVersion: packageVersion,
|
|
112
|
+
vulnerabilityStrategy,
|
|
113
|
+
warnings: []
|
|
79
114
|
};
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
115
|
+
const dependencies = new Map();
|
|
116
|
+
const npmTreeWalker = new npm.TreeWalker({
|
|
117
|
+
registry
|
|
118
|
+
});
|
|
119
|
+
{
|
|
120
|
+
logger
|
|
121
|
+
.start(ScannerLoggerEvents.analysis.tree)
|
|
122
|
+
.start(ScannerLoggerEvents.analysis.tarball)
|
|
123
|
+
.start(ScannerLoggerEvents.analysis.registry);
|
|
124
|
+
const fetchedMetadataPackages = new Set();
|
|
125
|
+
const operationsQueue = [];
|
|
126
|
+
const locker = new Mutex({ concurrency: 5 });
|
|
127
|
+
locker.on(MutexRelease, () => logger.tick(ScannerLoggerEvents.analysis.tarball));
|
|
128
|
+
const rootDepsOptions = {
|
|
129
|
+
maxDepth,
|
|
130
|
+
includeDevDeps,
|
|
131
|
+
packageLock
|
|
91
132
|
};
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
const
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
133
|
+
for await (const current of npmTreeWalker.walk(manifest, rootDepsOptions)) {
|
|
134
|
+
const { name, version, ...currentVersion } = current;
|
|
135
|
+
const dependency = {
|
|
136
|
+
versions: {
|
|
137
|
+
[version]: {
|
|
138
|
+
...currentVersion,
|
|
139
|
+
...structuredClone(kDefaultDependencyVersionFields)
|
|
140
|
+
}
|
|
141
|
+
},
|
|
142
|
+
vulnerabilities: [],
|
|
143
|
+
metadata: structuredClone(kDefaultDependencyMetadata)
|
|
144
|
+
};
|
|
145
|
+
let proceedDependencyScan = true;
|
|
146
|
+
if (dependencies.has(name)) {
|
|
147
|
+
const dep = dependencies.get(name);
|
|
148
|
+
operationsQueue.push(manifestMetadata(name, version, dep));
|
|
149
|
+
if (version in dep.versions) {
|
|
150
|
+
// The dependency has already entered the analysis
|
|
151
|
+
// This happens if the package is used by multiple packages in the tree
|
|
152
|
+
proceedDependencyScan = false;
|
|
153
|
+
}
|
|
154
|
+
else {
|
|
155
|
+
dep.versions[version] = dependency.versions[version];
|
|
156
|
+
}
|
|
100
157
|
}
|
|
101
158
|
else {
|
|
102
|
-
|
|
159
|
+
dependencies.set(name, dependency);
|
|
103
160
|
}
|
|
161
|
+
// If the dependency is a DevDependencies we ignore it.
|
|
162
|
+
if (current.isDevDependency || !proceedDependencyScan) {
|
|
163
|
+
continue;
|
|
164
|
+
}
|
|
165
|
+
logger.tick(ScannerLoggerEvents.analysis.tree);
|
|
166
|
+
// There is no need to fetch 'N' times the npm metadata for the same package.
|
|
167
|
+
if (fetchedMetadataPackages.has(name) || !current.existOnRemoteRegistry) {
|
|
168
|
+
logger.tick(ScannerLoggerEvents.analysis.registry);
|
|
169
|
+
}
|
|
170
|
+
else {
|
|
171
|
+
fetchedMetadataPackages.add(name);
|
|
172
|
+
operationsQueue.push(packageMetadata(name, version, {
|
|
173
|
+
dependency,
|
|
174
|
+
logger
|
|
175
|
+
}));
|
|
176
|
+
}
|
|
177
|
+
const scanDirOptions = {
|
|
178
|
+
ref: dependency.versions[version],
|
|
179
|
+
location,
|
|
180
|
+
isRootNode: scanRootNode && name === manifest.name,
|
|
181
|
+
registry
|
|
182
|
+
};
|
|
183
|
+
operationsQueue.push(scanDirOrArchiveEx(name, version, locker, tempDir, scanDirOptions));
|
|
104
184
|
}
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
continue;
|
|
111
|
-
}
|
|
112
|
-
logger.tick(ScannerLoggerEvents.analysis.tree);
|
|
113
|
-
// There is no need to fetch 'N' times the npm metadata for the same package.
|
|
114
|
-
if (fetchedMetadataPackages.has(name) || !current.existOnRemoteRegistry) {
|
|
115
|
-
logger.tick(ScannerLoggerEvents.analysis.registry);
|
|
116
|
-
}
|
|
117
|
-
else {
|
|
118
|
-
fetchedMetadataPackages.add(name);
|
|
119
|
-
operationsQueue.push(packageMetadata(name, version, {
|
|
120
|
-
dependency,
|
|
121
|
-
logger
|
|
122
|
-
}));
|
|
123
|
-
}
|
|
124
|
-
const scanDirOptions = {
|
|
125
|
-
ref: dependency.versions[version],
|
|
126
|
-
location,
|
|
127
|
-
isRootNode: scanRootNode && name === manifest.name,
|
|
128
|
-
registry
|
|
129
|
-
};
|
|
130
|
-
operationsQueue.push(scanDirOrArchiveEx(name, version, locker, tempDir, scanDirOptions));
|
|
185
|
+
logger.end(ScannerLoggerEvents.analysis.tree);
|
|
186
|
+
await Promise.allSettled(operationsQueue);
|
|
187
|
+
logger
|
|
188
|
+
.end(ScannerLoggerEvents.analysis.tarball)
|
|
189
|
+
.end(ScannerLoggerEvents.analysis.registry);
|
|
131
190
|
}
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
const isVulnHydratable = (strategy === "github-advisory" || strategy === "snyk")
|
|
141
|
-
&& typeof location === "undefined";
|
|
142
|
-
if (!isVulnHydratable) {
|
|
143
|
-
await hydratePayloadDependencies(dependencies, {
|
|
144
|
-
useStandardFormat: true,
|
|
145
|
-
path: location
|
|
146
|
-
});
|
|
147
|
-
}
|
|
148
|
-
payload.vulnerabilityStrategy = strategy;
|
|
149
|
-
// We do this because it "seem" impossible to link all dependencies in the first walk.
|
|
150
|
-
// Because we are dealing with package only one time it may happen sometimes.
|
|
151
|
-
const globalWarnings = [];
|
|
152
|
-
for (const [packageName, dependency] of dependencies) {
|
|
153
|
-
const metadataIntegrities = dependency.metadata?.integrity ?? {};
|
|
154
|
-
for (const [version, integrity] of Object.entries(metadataIntegrities)) {
|
|
155
|
-
const dependencyVer = dependency.versions[version];
|
|
156
|
-
// @ts-ignore
|
|
157
|
-
const isEmptyPackage = dependencyVer.warnings.some((warning) => warning.kind === "empty-package");
|
|
158
|
-
if (isEmptyPackage) {
|
|
159
|
-
globalWarnings.push(`${packageName}@${version} only contain a package.json file!`);
|
|
160
|
-
}
|
|
161
|
-
if (!("integrity" in dependencyVer) || dependencyVer.flags.includes("isGit")) {
|
|
162
|
-
continue;
|
|
163
|
-
}
|
|
164
|
-
if (dependencyVer.integrity !== integrity) {
|
|
165
|
-
globalWarnings.push(`${packageName}@${version} manifest & tarball integrity doesn't match!`);
|
|
166
|
-
}
|
|
191
|
+
const { hydratePayloadDependencies, strategy } = Vulnera.setStrategy(vulnerabilityStrategy);
|
|
192
|
+
const isVulnHydratable = (strategy === "github-advisory" || strategy === "snyk")
|
|
193
|
+
&& typeof location === "undefined";
|
|
194
|
+
if (!isVulnHydratable) {
|
|
195
|
+
await hydratePayloadDependencies(dependencies, {
|
|
196
|
+
useStandardFormat: true,
|
|
197
|
+
path: location
|
|
198
|
+
});
|
|
167
199
|
}
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
|
|
174
|
-
|
|
175
|
-
|
|
176
|
-
|
|
177
|
-
|
|
178
|
-
|
|
179
|
-
|
|
180
|
-
|
|
181
|
-
|
|
182
|
-
|
|
183
|
-
|
|
184
|
-
|
|
200
|
+
payload.vulnerabilityStrategy = strategy;
|
|
201
|
+
// We do this because it "seem" impossible to link all dependencies in the first walk.
|
|
202
|
+
// Because we are dealing with package only one time it may happen sometimes.
|
|
203
|
+
const globalWarnings = [];
|
|
204
|
+
for (const [packageName, dependency] of dependencies) {
|
|
205
|
+
const metadataIntegrities = dependency.metadata?.integrity ?? {};
|
|
206
|
+
for (const [version, integrity] of Object.entries(metadataIntegrities)) {
|
|
207
|
+
const dependencyVer = dependency.versions[version];
|
|
208
|
+
const isEmptyPackage = dependencyVer.warnings.some((warning) => warning.kind === "empty-package");
|
|
209
|
+
if (isEmptyPackage) {
|
|
210
|
+
globalWarnings.push(`${packageName}@${version} only contain a package.json file!`);
|
|
211
|
+
}
|
|
212
|
+
if (!("integrity" in dependencyVer) || dependencyVer.flags.includes("isGit")) {
|
|
213
|
+
continue;
|
|
214
|
+
}
|
|
215
|
+
if (dependencyVer.integrity !== integrity) {
|
|
216
|
+
globalWarnings.push(`${packageName}@${version} manifest & tarball integrity doesn't match!`);
|
|
217
|
+
}
|
|
185
218
|
}
|
|
186
|
-
const
|
|
187
|
-
|
|
188
|
-
|
|
219
|
+
for (const version of Object.entries(dependency.versions)) {
|
|
220
|
+
const [verStr, verDescriptor] = version;
|
|
221
|
+
verDescriptor.flags.push(...addMissingVersionFlags(new Set(verDescriptor.flags), dependency));
|
|
222
|
+
if (isLocalManifest(verDescriptor, manifest, packageName)) {
|
|
223
|
+
Object.assign(dependency.metadata, {
|
|
224
|
+
author: parseAuthor(manifest.author),
|
|
225
|
+
homepage: manifest.homepage
|
|
226
|
+
});
|
|
227
|
+
Object.assign(verDescriptor, {
|
|
228
|
+
author: parseAuthor(manifest.author),
|
|
229
|
+
links: getManifestLinks(manifest),
|
|
230
|
+
repository: manifest.repository
|
|
231
|
+
});
|
|
232
|
+
}
|
|
233
|
+
const usedDeps = npmTreeWalker.relationsMap.get(`${packageName}@${verStr}`) || new Set();
|
|
234
|
+
if (usedDeps.size === 0) {
|
|
235
|
+
continue;
|
|
236
|
+
}
|
|
237
|
+
const usedBy = Object.create(null);
|
|
238
|
+
for (const [name, version] of getUsedDeps(usedDeps)) {
|
|
239
|
+
usedBy[name] = version;
|
|
240
|
+
}
|
|
241
|
+
Object.assign(verDescriptor.usedBy, usedBy);
|
|
189
242
|
}
|
|
190
|
-
|
|
243
|
+
}
|
|
244
|
+
try {
|
|
245
|
+
const { warnings, illuminated } = await getDependenciesWarnings(dependencies, options.highlight?.contacts);
|
|
246
|
+
payload.warnings = globalWarnings.concat(warnings);
|
|
247
|
+
payload.highlighted = {
|
|
248
|
+
contacts: illuminated
|
|
249
|
+
};
|
|
250
|
+
payload.dependencies = Object.fromEntries(dependencies);
|
|
251
|
+
return payload;
|
|
252
|
+
}
|
|
253
|
+
finally {
|
|
254
|
+
logger.emit(ScannerLoggerEvents.done);
|
|
191
255
|
}
|
|
192
256
|
}
|
|
193
|
-
|
|
194
|
-
|
|
195
|
-
|
|
196
|
-
payload.highlighted = {
|
|
197
|
-
contacts: illuminated
|
|
198
|
-
};
|
|
199
|
-
payload.dependencies = Object.fromEntries(dependencies);
|
|
200
|
-
return payload;
|
|
257
|
+
catch (e_1) {
|
|
258
|
+
env_1.error = e_1;
|
|
259
|
+
env_1.hasError = true;
|
|
201
260
|
}
|
|
202
261
|
finally {
|
|
203
|
-
|
|
204
|
-
|
|
205
|
-
|
|
262
|
+
const result_1 = __disposeResources(env_1);
|
|
263
|
+
if (result_1)
|
|
264
|
+
await result_1;
|
|
206
265
|
}
|
|
207
266
|
}
|
|
208
267
|
// eslint-disable-next-line max-params
|
|
209
268
|
async function scanDirOrArchiveEx(name, version, locker, tempDir, options) {
|
|
210
|
-
const
|
|
269
|
+
const env_2 = { stack: [], error: void 0, hasError: false };
|
|
211
270
|
try {
|
|
212
|
-
const
|
|
213
|
-
|
|
214
|
-
|
|
215
|
-
|
|
216
|
-
|
|
217
|
-
|
|
218
|
-
|
|
219
|
-
|
|
271
|
+
const _ = __addDisposableResource(env_2, await locker.acquire(), false);
|
|
272
|
+
try {
|
|
273
|
+
const { registry, location = process.cwd(), isRootNode, ref } = options;
|
|
274
|
+
const mama = await (isRootNode ?
|
|
275
|
+
ManifestManager.fromPackageJSON(location) :
|
|
276
|
+
extractAndResolve(tempDir.location, {
|
|
277
|
+
spec: `${name}@${version}`,
|
|
278
|
+
registry
|
|
279
|
+
}));
|
|
280
|
+
await scanDirOrArchive(mama, ref);
|
|
281
|
+
}
|
|
282
|
+
catch {
|
|
283
|
+
// ignore
|
|
284
|
+
}
|
|
220
285
|
}
|
|
221
|
-
catch {
|
|
222
|
-
|
|
286
|
+
catch (e_2) {
|
|
287
|
+
env_2.error = e_2;
|
|
288
|
+
env_2.hasError = true;
|
|
223
289
|
}
|
|
224
290
|
finally {
|
|
225
|
-
|
|
291
|
+
__disposeResources(env_2);
|
|
226
292
|
}
|
|
227
293
|
}
|
|
228
294
|
function isLocalManifest(verDescriptor, manifest, packageName) {
|
package/dist/depWalker.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"depWalker.js","sourceRoot":"","sources":["../src/depWalker.ts"],"names":[],"mappings":"AAAA,8BAA8B;AAC9B,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;
|
|
1
|
+
{"version":3,"file":"depWalker.js","sourceRoot":"","sources":["../src/depWalker.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8BAA8B;AAC9B,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAEvC,kCAAkC;AAClC,OAAO,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AACtD,OAAO,EACL,iBAAiB,EACjB,gBAAgB,EACjB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,KAAK,OAAO,MAAM,qBAAqB,CAAC;AAC/C,OAAO,EAAE,GAAG,EAAE,MAAM,yBAAyB,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAGnD,+BAA+B;AAC/B,OAAO,EACL,uBAAuB,EACvB,sBAAsB,EACtB,WAAW,EACX,gBAAgB,EACjB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACrE,OAAO,EAAE,aAAa,EAAE,MAAM,gCAAgC,CAAC;AAC/D,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAQtE,YAAY;AACZ,MAAM,+BAA+B,GAAG;IACtC,WAAW,EAAE,EAAE;IACf,IAAI,EAAE,CAAC;IACP,MAAM,EAAE,IAAI;IACZ,OAAO,EAAE,EAAE;IACX,OAAO,EAAE,EAAE;IACX,QAAQ,EAAE,EAAE;IACZ,gBAAgB,EAAE,EAAE;IACpB,WAAW,EAAE;QACX,UAAU,EAAE,EAAE;QACd,KAAK,EAAE,EAAE;QACT,QAAQ,EAAE,EAAE;QACZ,MAAM,EAAE,EAAE;QACV,OAAO,EAAE,EAAE;QACX,cAAc,EAAE,EAAE;QAClB,eAAe,EAAE,EAAE;QACnB,mBAAmB,EAAE,EAAE;QACvB,gBAAgB,EAAE,EAAE;KACrB;CACF,CAAC;AACF,MAAM,0BAA0B,GAA2B;IACzD,cAAc,EAAE,CAAC;IACjB,YAAY,EAAE,IAAI,IAAI,EAAE;IACxB,WAAW,EAAE,KAAK;IAClB,gBAAgB,EAAE,KAAK;IACvB,iBAAiB,EAAE,KAAK;IACxB,0BAA0B,EAAE,IAAI;IAChC,QAAQ,EAAE,IAAI;IACd,MAAM,EAAE,IAAI;IACZ,UAAU,EAAE,EAAE;IACd,WAAW,EAAE,EAAE;IACf,SAAS,EAAE,EAAE;CACd,CAAC;AAEF,MAAM,EAAE,OAAO,EAAE,cAAc,EAAE,GAAG,IAAI,CAAC,KAAK,CAC5C,YAAY,CACV,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,cAAc,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EACzD,OAAO,CACR,CACF,CAAC;AAOF,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,QAAuC,EACvC,OAAsB,EACtB,MAAM,GAAG,IAAI,MAAM,EAAE;;;QAErB,MAAM,EACJ,YAAY,GAAG,KAAK,EACpB,cAAc,GAAG,KAAK,EACtB,WAAW,EACX,QAAQ,EACR,QAAQ,EACR,qBAAqB,GAAG,OAAO,CAAC,UAAU,CAAC,IAAI,EAC/C,QAAQ,EACT,GAAG,OAAO,CAAC;QAEZ,MAAY,OAAO,kCAAG,MAAM,aAAa,CAAC,MAAM,EAAE,OAAA,CAAC;QAEnD,MAAM,OAAO,GAAqB;YAChC,EAAE,EAAE,OAAO,CAAC,EAAE;YACd,kBAAkB,EAAE,QAAQ,CAAC,IAAI;YACjC,cAAc,EAAE,cAAc;YAC9B,qBAAqB;YACrB,QAAQ,EAAE,EAAE;SACb,CAAC;QAEF,MAAM,YAAY,GAA4B,IAAI,GAAG,EAAE,CAAC;QACxD,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC;YACvC,QAAQ;SACT,CAAC,CAAC;QACH,CAAC;YACC,MAAM;iBACH,KAAK,CAAC,mBAAmB,CAAC,QAAQ,CAAC,IAAI,CAAC;iBACxC,KAAK,CAAC,mBAAmB,CAAC,QAAQ,CAAC,OAAO,CAAC;iBAC3C,KAAK,CAAC,mBAAmB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAChD,MAAM,uBAAuB,GAAG,IAAI,GAAG,EAAU,CAAC;YAClD,MAAM,eAAe,GAAoB,EAAE,CAAC;YAE5C,MAAM,MAAM,GAAG,IAAI,KAAK,CAAC,EAAE,WAAW,EAAE,CAAC,EAAE,CAAC,CAAC;YAC7C,MAAM,CAAC,EAAE,CACP,YAAY,EACZ,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,OAAO,CAAC,CACxD,CAAC;YAEF,MAAM,eAAe,GAAoB;gBACvC,QAAQ;gBACR,cAAc;gBACd,WAAW;aACZ,CAAC;YACF,IAAI,KAAK,EAAE,MAAM,OAAO,IAAI,aAAa,CAAC,IAAI,CAAC,QAAQ,EAAE,eAAe,CAAC,EAAE,CAAC;gBAC1E,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,cAAc,EAAE,GAAG,OAAO,CAAC;gBACrD,MAAM,UAAU,GAAe;oBAC7B,QAAQ,EAAE;wBACR,CAAC,OAAO,CAAC,EAAE;4BACT,GAAG,cAAc;4BACjB,GAAG,eAAe,CAAC,+BAA+B,CAAC;yBACpD;qBACF;oBACD,eAAe,EAAE,EAAE;oBACnB,QAAQ,EAAE,eAAe,CAAC,0BAA0B,CAAC;iBACtD,CAAC;gBAEF,IAAI,qBAAqB,GAAG,IAAI,CAAC;gBACjC,IAAI,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;oBAC3B,MAAM,GAAG,GAAG,YAAY,CAAC,GAAG,CAAC,IAAI,CAAE,CAAC;oBACpC,eAAe,CAAC,IAAI,CAClB,gBAAgB,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,CAAC,CACrC,CAAC;oBAEF,IAAI,OAAO,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;wBAC5B,kDAAkD;wBAClD,uEAAuE;wBACvE,qBAAqB,GAAG,KAAK,CAAC;oBAChC,CAAC;yBACI,CAAC;wBACJ,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;oBACvD,CAAC;gBACH,CAAC;qBACI,CAAC;oBACJ,YAAY,CAAC,GAAG,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;gBACrC,CAAC;gBAED,uDAAuD;gBACvD,IAAI,OAAO,CAAC,eAAe,IAAI,CAAC,qBAAqB,EAAE,CAAC;oBACtD,SAAS;gBACX,CAAC;gBAED,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;gBAE/C,6EAA6E;gBAC7E,IAAI,uBAAuB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,qBAAqB,EAAE,CAAC;oBACxE,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;gBACrD,CAAC;qBACI,CAAC;oBACJ,uBAAuB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;oBAClC,eAAe,CAAC,IAAI,CAAC,eAAe,CAAC,IAAI,EAAE,OAAO,EAAE;wBAClD,UAAU;wBACV,MAAM;qBACP,CAAC,CAAC,CAAC;gBACN,CAAC;gBAED,MAAM,cAAc,GAAG;oBACrB,GAAG,EAAE,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAQ;oBACxC,QAAQ;oBACR,UAAU,EAAE,YAAY,IAAI,IAAI,KAAK,QAAQ,CAAC,IAAI;oBAClD,QAAQ;iBACT,CAAC;gBACF,eAAe,CAAC,IAAI,CAClB,kBAAkB,CAAC,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,cAAc,CAAC,CACnE,CAAC;YACJ,CAAC;YAED,MAAM,CAAC,GAAG,CAAC,mBAAmB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YAC9C,MAAM,OAAO,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC;YAE1C,MAAM;iBACH,GAAG,CAAC,mBAAmB,CAAC,QAAQ,CAAC,OAAO,CAAC;iBACzC,GAAG,CAAC,mBAAmB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAChD,CAAC;QAED,MAAM,EAAE,0BAA0B,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC,WAAW,CAClE,qBAAqB,CACtB,CAAC;QAEF,MAAM,gBAAgB,GAAG,CAAC,QAAQ,KAAK,iBAAiB,IAAI,QAAQ,KAAK,MAAM,CAAC;eAC3E,OAAO,QAAQ,KAAK,WAAW,CAAC;QACrC,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACtB,MAAM,0BAA0B,CAAC,YAAmB,EAAE;gBACpD,iBAAiB,EAAE,IAAI;gBACvB,IAAI,EAAE,QAAQ;aACf,CAAC,CAAC;QACL,CAAC;QAED,OAAO,CAAC,qBAAqB,GAAG,QAAQ,CAAC;QAEzC,sFAAsF;QACtF,6EAA6E;QAC7E,MAAM,cAAc,GAAa,EAAE,CAAC;QACpC,KAAK,MAAM,CAAC,WAAW,EAAE,UAAU,CAAC,IAAI,YAAY,EAAE,CAAC;YACrD,MAAM,mBAAmB,GAAG,UAAU,CAAC,QAAQ,EAAE,SAAS,IAAI,EAAE,CAAC;YAEjE,KAAK,MAAM,CAAC,OAAO,EAAE,SAAS,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,mBAAmB,CAAC,EAAE,CAAC;gBACvE,MAAM,aAAa,GAAG,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAsB,CAAC;gBAExE,MAAM,cAAc,GAAG,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,KAAK,eAAe,CAAC,CAAC;gBAClG,IAAI,cAAc,EAAE,CAAC;oBACnB,cAAc,CAAC,IAAI,CAAC,GAAG,WAAW,IAAI,OAAO,oCAAoC,CAAC,CAAC;gBACrF,CAAC;gBAED,IAAI,CAAC,CAAC,WAAW,IAAI,aAAa,CAAC,IAAI,aAAa,CAAC,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;oBAC7E,SAAS;gBACX,CAAC;gBAED,IAAI,aAAa,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;oBAC1C,cAAc,CAAC,IAAI,CAAC,GAAG,WAAW,IAAI,OAAO,8CAA8C,CAAC,CAAC;gBAC/F,CAAC;YACH,CAAC;YACD,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC1D,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,GAAG,OAAsC,CAAC;gBACvE,aAAa,CAAC,KAAK,CAAC,IAAI,CACtB,GAAG,sBAAsB,CAAC,IAAI,GAAG,CAAC,aAAa,CAAC,KAAK,CAAC,EAAE,UAAU,CAAC,CACpE,CAAC;gBAEF,IAAI,eAAe,CAAC,aAAa,EAAE,QAAQ,EAAE,WAAW,CAAC,EAAE,CAAC;oBAC1D,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,QAAQ,EAAE;wBACjC,MAAM,EAAE,WAAW,CAAC,QAAQ,CAAC,MAAM,CAAC;wBACpC,QAAQ,EAAE,QAAQ,CAAC,QAAQ;qBAC5B,CAAC,CAAC;oBAEH,MAAM,CAAC,MAAM,CAAC,aAAa,EAAE;wBAC3B,MAAM,EAAE,WAAW,CAAC,QAAQ,CAAC,MAAM,CAAC;wBACpC,KAAK,EAAE,gBAAgB,CAAC,QAAQ,CAAC;wBACjC,UAAU,EAAE,QAAQ,CAAC,UAAU;qBAChC,CAAC,CAAC;gBACL,CAAC;gBAED,MAAM,QAAQ,GAAG,aAAa,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,WAAW,IAAI,MAAM,EAAE,CAAC,IAAI,IAAI,GAAG,EAAE,CAAC;gBACzF,IAAI,QAAQ,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;oBACxB,SAAS;gBACX,CAAC;gBAED,MAAM,MAAM,GAA2B,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;gBAC3D,KAAK,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,WAAW,CAAC,QAAQ,CAAC,EAAE,CAAC;oBACpD,MAAM,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC;gBACzB,CAAC;gBACD,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;YAC9C,CAAC;QACH,CAAC;QAED,IAAI,CAAC;YACH,MAAM,EAAE,QAAQ,EAAE,WAAW,EAAE,GAAG,MAAM,uBAAuB,CAC7D,YAAY,EACZ,OAAO,CAAC,SAAS,EAAE,QAAQ,CAC5B,CAAC;YACF,OAAO,CAAC,QAAQ,GAAG,cAAc,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YACnD,OAAO,CAAC,WAAW,GAAG;gBACpB,QAAQ,EAAE,WAAW;aACtB,CAAC;YACF,OAAO,CAAC,YAAY,GAAG,MAAM,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC;YAExD,OAAO,OAAkB,CAAC;QAC5B,CAAC;gBACO,CAAC;YACP,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC;QACxC,CAAC;;;;;;;;;;;CACF;AAED,sCAAsC;AACtC,KAAK,UAAU,kBAAkB,CAC/B,IAAY,EACZ,OAAe,EACf,MAAa,EACb,OAAsB,EACtB,OAKC;;;QAED,MAAM,CAAC,kCAAG,MAAM,MAAM,CAAC,OAAO,EAAE,QAAA,CAAC;QAEjC,IAAI,CAAC;YACH,MAAM,EACJ,QAAQ,EACR,QAAQ,GAAG,OAAO,CAAC,GAAG,EAAE,EACxB,UAAU,EACV,GAAG,EACJ,GAAG,OAAO,CAAC;YAEZ,MAAM,IAAI,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC;gBAC9B,eAAe,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC,CAAC;gBAC3C,iBAAiB,CAAC,OAAO,CAAC,QAAQ,EAAE;oBAClC,IAAI,EAAE,GAAG,IAAI,IAAI,OAAO,EAAE;oBAC1B,QAAQ;iBACT,CAAC,CACH,CAAC;YAEF,MAAM,gBAAgB,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QACpC,CAAC;QACD,MAAM,CAAC;YACL,SAAS;QACX,CAAC;;;;;;;;;CACF;AAED,SAAS,eAAe,CACtB,aAAgC,EAChC,QAAuC,EACvC,WAAmB;IAEnB,OAAO,aAAa,CAAC,qBAAqB,KAAK,KAAK,IAAI,WAAW,KAAK,QAAQ,CAAC,IAAI,CAAC;AACxF,CAAC"}
|
|
@@ -1,10 +1,10 @@
|
|
|
1
|
-
import type {
|
|
1
|
+
import type { Warning, WarningName } from "@nodesecure/js-x-ray";
|
|
2
2
|
import type { ManifestProbeExtractor, ProbeExtractorManifestParent } from "../payload.js";
|
|
3
3
|
import type { DependencyVersion } from "../../types.js";
|
|
4
4
|
export type WarningsResult = {
|
|
5
5
|
warnings: {
|
|
6
6
|
count: number;
|
|
7
|
-
groups: Record<string, Warning
|
|
7
|
+
groups: Record<string, Warning[]>;
|
|
8
8
|
uniqueKinds: Record<WarningName, number>;
|
|
9
9
|
};
|
|
10
10
|
};
|
|
@@ -23,7 +23,7 @@ export declare class Warnings implements ManifestProbeExtractor<WarningsResult>
|
|
|
23
23
|
warnings: {
|
|
24
24
|
count: number;
|
|
25
25
|
uniqueKinds: any;
|
|
26
|
-
groups: Record<string,
|
|
26
|
+
groups: Record<string, Warning<WarningName>[]>;
|
|
27
27
|
};
|
|
28
28
|
};
|
|
29
29
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"WarningsExtractor.class.d.ts","sourceRoot":"","sources":["../../../src/extractors/probes/WarningsExtractor.class.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EACV,
|
|
1
|
+
{"version":3,"file":"WarningsExtractor.class.d.ts","sourceRoot":"","sources":["../../../src/extractors/probes/WarningsExtractor.class.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EACV,OAAO,EACP,WAAW,EACZ,MAAM,sBAAsB,CAAC;AAI9B,OAAO,KAAK,EACV,sBAAsB,EACtB,4BAA4B,EAC7B,MAAM,eAAe,CAAC;AACvB,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AAExD,MAAM,MAAM,cAAc,GAAG;IAC3B,QAAQ,EAAE;QACR,KAAK,EAAE,MAAM,CAAC;QACd,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,EAAE,CAAC,CAAC;QAClC,WAAW,EAAE,MAAM,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;KAC1C,CAAC;CACH,CAAC;AAEF,MAAM,WAAW,eAAe;IAC9B;;OAEG;IACH,YAAY,CAAC,EAAE,OAAO,CAAC;CACxB;AAED,qBAAa,QAAS,YAAW,sBAAsB,CAAC,cAAc,CAAC;;IACrE,KAAK,EAAG,UAAU,CAAU;gBAQ1B,OAAO,GAAE,eAAoB;IAK/B,IAAI,CACF,OAAO,EAAE,MAAM,EACf,UAAU,EAAE,iBAAiB,EAC7B,MAAM,EAAE,4BAA4B;IAwBtC,IAAI;;;yBAIwD,GAAG;;;;CAKhE"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"WarningsExtractor.class.js","sourceRoot":"","sources":["../../../src/extractors/probes/WarningsExtractor.class.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"WarningsExtractor.class.js","sourceRoot":"","sources":["../../../src/extractors/probes/WarningsExtractor.class.ts"],"names":[],"mappings":"AAKA,OAAO,YAAY,MAAM,eAAe,CAAC;AAwBzC,MAAM,OAAO,QAAQ;IACnB,KAAK,GAAG,UAAmB,CAAC;IAE5B,SAAS,GAA8B,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IAC3D,YAAY,GAAG,IAAI,YAAY,EAA+B,CAAC;IAC/D,MAAM,GAAG,CAAC,CAAC;IACX,aAAa,CAAU;IAEvB,YACE,UAA2B,EAAE;QAE7B,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC,YAAY,IAAI,IAAI,CAAC;IACpD,CAAC;IAED,IAAI,CACF,OAAe,EACf,UAA6B,EAC7B,MAAoC;QAEpC,MAAM,EAAE,QAAQ,EAAE,GAAG,UAAU,CAAC;QAChC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC1B,OAAO;QACT,CAAC;QAED,IAAI,CAAC,MAAM,IAAI,QAAQ,CAAC,MAAM,CAAC;QAC/B,MAAM,GAAG,GAAG,IAAI,CAAC,aAAa,CAAC,CAAC;YAC9B,GAAG,MAAM,CAAC,IAAI,IAAI,OAAO,EAAE,CAAC,CAAC;YAC7B,MAAM,CAAC,IAAI,CAAC;QAEd,QAAQ;aACL,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC;aACxB,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC;QAElD,IAAI,GAAG,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YAC1B,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC,CAAC;QACxC,CAAC;aACI,CAAC;YACJ,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,QAAQ,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;IAED,IAAI;QACF,OAAO;YACL,QAAQ,EAAE;gBACR,KAAK,EAAE,IAAI,CAAC,MAAM;gBAClB,WAAW,EAAE,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,YAAY,CAAQ;gBACzD,MAAM,EAAE,IAAI,CAAC,SAAS;aACvB;SACF,CAAC;IACJ,CAAC;CACF"}
|
package/dist/i18n/english.d.ts
CHANGED
package/dist/i18n/english.js
CHANGED
|
@@ -1,6 +1,9 @@
|
|
|
1
|
+
// Import Third-party Dependencies
|
|
2
|
+
import { taggedString as tS } from "@nodesecure/i18n";
|
|
1
3
|
const scanner = {
|
|
2
4
|
disable_scarf: "This dependency could collect data against your consent so think to disable it with the env var: SCARF_ANALYTICS",
|
|
3
|
-
keylogging: "This dependency can retrieve your keyboard and mouse inputs. It can be used for 'keylogging' attacks/malwares."
|
|
5
|
+
keylogging: "This dependency can retrieve your keyboard and mouse inputs. It can be used for 'keylogging' attacks/malwares.",
|
|
6
|
+
typo_squatting: tS `The package '${0}' is similar to the following popular packages: ${1}`
|
|
4
7
|
};
|
|
5
8
|
export default { scanner };
|
|
6
9
|
//# sourceMappingURL=english.js.map
|
package/dist/i18n/english.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"english.js","sourceRoot":"","sources":["../../src/i18n/english.js"],"names":[],"mappings":"AAAA,MAAM,OAAO,GAAG;IACd,aAAa,EAAE,kHAAkH;IACjI,UAAU,EAAE,gHAAgH;
|
|
1
|
+
{"version":3,"file":"english.js","sourceRoot":"","sources":["../../src/i18n/english.js"],"names":[],"mappings":"AAAA,kCAAkC;AAClC,OAAO,EAAE,YAAY,IAAI,EAAE,EAAE,MAAM,kBAAkB,CAAC;AAEtD,MAAM,OAAO,GAAG;IACd,aAAa,EAAE,kHAAkH;IACjI,UAAU,EAAE,gHAAgH;IAC5H,cAAc,EAAE,EAAE,CAAA,gBAAgB,CAAC,mDAAmD,CAAC,EAAE;CAC1F,CAAC;AAEF,eAAe,EAAE,OAAO,EAAE,CAAC"}
|
package/dist/i18n/french.d.ts
CHANGED
package/dist/i18n/french.js
CHANGED
|
@@ -1,6 +1,9 @@
|
|
|
1
|
+
// Import Third-party Dependencies
|
|
2
|
+
import { taggedString as tS } from "@nodesecure/i18n";
|
|
1
3
|
const scanner = {
|
|
2
4
|
disable_scarf: "Cette dépendance peut récolter des données contre votre volonté, pensez donc à la désactiver en fournissant la variable d'environnement SCARF_ANALYTICS",
|
|
3
|
-
keylogging: "Cette dépendance peut obtenir vos entrées clavier ou de souris. Cette dépendance peut être utilisée en tant que 'keylogging' attacks/malwares."
|
|
5
|
+
keylogging: "Cette dépendance peut obtenir vos entrées clavier ou de souris. Cette dépendance peut être utilisée en tant que 'keylogging' attacks/malwares.",
|
|
6
|
+
typo_squatting: tS `Le package '${0}' est similaire aux packages populaires suivants : ${1}`
|
|
4
7
|
};
|
|
5
8
|
export default { scanner };
|
|
6
9
|
//# sourceMappingURL=french.js.map
|
package/dist/i18n/french.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"french.js","sourceRoot":"","sources":["../../src/i18n/french.js"],"names":[],"mappings":"AAAA,MAAM,OAAO,GAAG;IACd,aAAa,EAAE,yJAAyJ;IACxK,UAAU,EAAE,gJAAgJ;
|
|
1
|
+
{"version":3,"file":"french.js","sourceRoot":"","sources":["../../src/i18n/french.js"],"names":[],"mappings":"AAAA,kCAAkC;AAClC,OAAO,EAAE,YAAY,IAAI,EAAE,EAAE,MAAM,kBAAkB,CAAC;AAEtD,MAAM,OAAO,GAAG;IACd,aAAa,EAAE,yJAAyJ;IACxK,UAAU,EAAE,gJAAgJ;IAC5J,cAAc,EAAE,EAAE,CAAA,eAAe,CAAC,sDAAsD,CAAC,EAAE;CAC5F,CAAC;AAEF,eAAe,EAAE,OAAO,EAAE,CAAC"}
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,OAAO,MAAM,qBAAqB,CAAC;AAI/C,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAE3C,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAEtE,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AACvD,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AAS1C,cAAc,YAAY,CAAC;AAC3B,cAAc,uBAAuB,CAAC;AAEtC,wBAAsB,GAAG,CACvB,QAAQ,SAAgB,EACxB,OAAO,GAAE,OAAY,EACrB,MAAM,SAAe,yCAyBtB;AAED,wBAAsB,IAAI,CACxB,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE,IAAI,CAAC,OAAO,EAAE,gBAAgB,CAAM,EAC7C,MAAM,SAAe,yCAkBtB;AAED,wBAAsB,MAAM,CAC1B,WAAW,CAAC,EAAE,MAAM,GACnB,OAAO,CAAC,OAAO,CAAC,oBAAoB,CAAC,CAevC;AAED,OAAO,EACL,SAAS,EACT,OAAO,EACP,eAAe,EACf,MAAM,EACN,mBAAmB,EACpB,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -1,7 +1,58 @@
|
|
|
1
|
+
var __addDisposableResource = (this && this.__addDisposableResource) || function (env, value, async) {
|
|
2
|
+
if (value !== null && value !== void 0) {
|
|
3
|
+
if (typeof value !== "object" && typeof value !== "function") throw new TypeError("Object expected.");
|
|
4
|
+
var dispose, inner;
|
|
5
|
+
if (async) {
|
|
6
|
+
if (!Symbol.asyncDispose) throw new TypeError("Symbol.asyncDispose is not defined.");
|
|
7
|
+
dispose = value[Symbol.asyncDispose];
|
|
8
|
+
}
|
|
9
|
+
if (dispose === void 0) {
|
|
10
|
+
if (!Symbol.dispose) throw new TypeError("Symbol.dispose is not defined.");
|
|
11
|
+
dispose = value[Symbol.dispose];
|
|
12
|
+
if (async) inner = dispose;
|
|
13
|
+
}
|
|
14
|
+
if (typeof dispose !== "function") throw new TypeError("Object not disposable.");
|
|
15
|
+
if (inner) dispose = function() { try { inner.call(this); } catch (e) { return Promise.reject(e); } };
|
|
16
|
+
env.stack.push({ value: value, dispose: dispose, async: async });
|
|
17
|
+
}
|
|
18
|
+
else if (async) {
|
|
19
|
+
env.stack.push({ async: true });
|
|
20
|
+
}
|
|
21
|
+
return value;
|
|
22
|
+
};
|
|
23
|
+
var __disposeResources = (this && this.__disposeResources) || (function (SuppressedError) {
|
|
24
|
+
return function (env) {
|
|
25
|
+
function fail(e) {
|
|
26
|
+
env.error = env.hasError ? new SuppressedError(e, env.error, "An error was suppressed during disposal.") : e;
|
|
27
|
+
env.hasError = true;
|
|
28
|
+
}
|
|
29
|
+
var r, s = 0;
|
|
30
|
+
function next() {
|
|
31
|
+
while (r = env.stack.pop()) {
|
|
32
|
+
try {
|
|
33
|
+
if (!r.async && s === 1) return s = 0, env.stack.push(r), Promise.resolve().then(next);
|
|
34
|
+
if (r.dispose) {
|
|
35
|
+
var result = r.dispose.call(r.value);
|
|
36
|
+
if (r.async) return s |= 2, Promise.resolve(result).then(next, function(e) { fail(e); return next(); });
|
|
37
|
+
}
|
|
38
|
+
else s |= 1;
|
|
39
|
+
}
|
|
40
|
+
catch (e) {
|
|
41
|
+
fail(e);
|
|
42
|
+
}
|
|
43
|
+
}
|
|
44
|
+
if (s === 1) return env.hasError ? Promise.reject(env.error) : Promise.resolve();
|
|
45
|
+
if (env.hasError) throw env.error;
|
|
46
|
+
}
|
|
47
|
+
return next();
|
|
48
|
+
};
|
|
49
|
+
})(typeof SuppressedError === "function" ? SuppressedError : function (error, suppressed, message) {
|
|
50
|
+
var e = new Error(message);
|
|
51
|
+
return e.name = "SuppressedError", e.error = error, e.suppressed = suppressed, e;
|
|
52
|
+
});
|
|
1
53
|
// Import Node.js Dependencies
|
|
2
54
|
import path from "node:path";
|
|
3
55
|
import fs from "node:fs/promises";
|
|
4
|
-
import timers from "node:timers/promises";
|
|
5
56
|
import os from "node:os";
|
|
6
57
|
// Import Third-party Dependencies
|
|
7
58
|
import pacote from "pacote";
|
|
@@ -49,11 +100,12 @@ export async function from(packageName, options = {}, logger = new Logger()) {
|
|
|
49
100
|
manifest, Object.assign(options, { registry }), logger);
|
|
50
101
|
}
|
|
51
102
|
export async function verify(packageName) {
|
|
52
|
-
|
|
53
|
-
return tarball.scanPackage(process.cwd());
|
|
54
|
-
}
|
|
55
|
-
const tempDir = await TempDirectory.create();
|
|
103
|
+
const env_1 = { stack: [], error: void 0, hasError: false };
|
|
56
104
|
try {
|
|
105
|
+
if (typeof packageName === "undefined") {
|
|
106
|
+
return tarball.scanPackage(process.cwd());
|
|
107
|
+
}
|
|
108
|
+
const tempDir = __addDisposableResource(env_1, await TempDirectory.create(), true);
|
|
57
109
|
const mama = await tarball.extractAndResolve(tempDir.location, {
|
|
58
110
|
spec: packageName,
|
|
59
111
|
registry: getLocalRegistryURL()
|
|
@@ -61,9 +113,14 @@ export async function verify(packageName) {
|
|
|
61
113
|
const scanResult = await tarball.scanPackage(mama);
|
|
62
114
|
return scanResult;
|
|
63
115
|
}
|
|
116
|
+
catch (e_1) {
|
|
117
|
+
env_1.error = e_1;
|
|
118
|
+
env_1.hasError = true;
|
|
119
|
+
}
|
|
64
120
|
finally {
|
|
65
|
-
|
|
66
|
-
|
|
121
|
+
const result_1 = __disposeResources(env_1);
|
|
122
|
+
if (result_1)
|
|
123
|
+
await result_1;
|
|
67
124
|
}
|
|
68
125
|
}
|
|
69
126
|
export { depWalker, tarball, comparePayloads, Logger, ScannerLoggerEvents };
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,8BAA8B;AAC9B,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAClC,OAAO,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8BAA8B;AAC9B,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAClC,OAAO,EAAE,MAAM,SAAS,CAAC;AAEzB,kCAAkC;AAClC,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC;AACnE,OAAO,KAAK,OAAO,MAAM,qBAAqB,CAAC;AAG/C,+BAA+B;AAC/B,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAC3C,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAC1D,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AACtE,OAAO,EAAE,aAAa,EAAE,MAAM,gCAAgC,CAAC;AAC/D,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAGvD,YAAY;AACZ,MAAM,kBAAkB,GAAG;IACzB,iBAAiB,EAAE,IAAI;IACvB,cAAc,EAAE,IAAI;IACpB,cAAc,EAAE,KAAK;CACtB,CAAC;AAEF,cAAc,YAAY,CAAC;AAC3B,cAAc,uBAAuB,CAAC;AAEtC,MAAM,CAAC,KAAK,UAAU,GAAG,CACvB,QAAQ,GAAG,OAAO,CAAC,GAAG,EAAE,EACxB,UAAmB,EAAE,EACrB,MAAM,GAAG,IAAI,MAAM,EAAE;IAErB,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;QACjC,WAAW,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC;QAC/B,mBAAmB,EAAE,CAAC;IAExB,MAAM,gBAAgB,GAAG,MAAM,CAAC,MAAM,CACpC,EAAE,QAAQ,EAAE,EACZ,kBAAkB,EAClB;QACE,GAAG,OAAO;QACV,QAAQ;KACT,CACF,CAAC;IAEF,MAAM,CAAC,KAAK,CAAC,mBAAmB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IAChD,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;IACxD,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;IACpD,MAAM,CAAC,GAAG,CAAC,mBAAmB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IAE9C,OAAO,SAAS,CACd,IAAI,CAAC,KAAK,CAAC,GAAG,CAAgB,EAC9B,gBAAgB,EAChB,MAAM,CACP,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,IAAI,CACxB,WAAmB,EACnB,UAA2C,EAAE,EAC7C,MAAM,GAAG,IAAI,MAAM,EAAE;IAErB,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;QACjC,WAAW,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC;QAC/B,mBAAmB,EAAE,CAAC;IAExB,MAAM,CAAC,KAAK,CAAC,mBAAmB,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IACjD,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAE;QAClD,GAAG,SAAS,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,OAAO,EAAE,OAAO;KACtD,CAAC,CAAC;IACH,MAAM,CAAC,GAAG,CAAC,mBAAmB,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAE/C,OAAO,SAAS;IACd,wDAAwD;IACxD,QAAsC,EACtC,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,CAAC,EACpC,MAAM,CACP,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,MAAM,CAC1B,WAAoB;;;QAEpB,IAAI,OAAO,WAAW,KAAK,WAAW,EAAE,CAAC;YACvC,OAAO,OAAO,CAAC,WAAW,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;QAC5C,CAAC;QAED,MAAY,OAAO,kCAAG,MAAM,aAAa,CAAC,MAAM,EAAE,OAAA,CAAC;QAEnD,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,iBAAiB,CAAC,OAAO,CAAC,QAAQ,EAAE;YAC7D,IAAI,EAAE,WAAW;YACjB,QAAQ,EAAE,mBAAmB,EAAE;SAChC,CAAC,CAAC;QAEH,MAAM,UAAU,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;QAEnD,OAAO,UAAU,CAAC;;;;;;;;;;;CACnB;AAED,OAAO,EACL,SAAS,EACT,OAAO,EACP,eAAe,EACf,MAAM,EACN,mBAAmB,EACpB,CAAC"}
|
package/dist/npmRegistry.js
CHANGED
|
@@ -8,7 +8,7 @@ import { Logger } from "./class/logger.class.js";
|
|
|
8
8
|
export async function manifestMetadata(name, version, dependency) {
|
|
9
9
|
try {
|
|
10
10
|
const pkgVersion = await npmRegistrySDK.packumentVersion(name, version);
|
|
11
|
-
const integrity = packageJSONIntegrityHash(pkgVersion, {
|
|
11
|
+
const { integrity } = packageJSONIntegrityHash(pkgVersion, {
|
|
12
12
|
isFromRemoteRegistry: true
|
|
13
13
|
});
|
|
14
14
|
Object.assign(dependency.versions[version], {
|
|
@@ -56,7 +56,7 @@ export async function packageMetadata(name, version, options) {
|
|
|
56
56
|
flags.push("isDeprecated");
|
|
57
57
|
dependencyVersion.deprecated = ver.deprecated;
|
|
58
58
|
}
|
|
59
|
-
metadata.integrity[ver.version] = packageJSONIntegrityHash(ver, { isFromRemoteRegistry: true });
|
|
59
|
+
metadata.integrity[ver.version] = packageJSONIntegrityHash(ver, { isFromRemoteRegistry: true }).integrity;
|
|
60
60
|
}
|
|
61
61
|
const { _npmUser = null, version, maintainers = [] } = ver;
|
|
62
62
|
if (_npmUser !== null) {
|
package/dist/npmRegistry.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"npmRegistry.js","sourceRoot":"","sources":["../src/npmRegistry.ts"],"names":[],"mappings":"AAAA,kCAAkC;AAClC,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,KAAK,cAAc,MAAM,8BAA8B,CAAC;AAC/D,OAAO,EAAE,wBAAwB,EAAE,MAAM,kBAAkB,CAAC;AAE5D,+BAA+B;AAC/B,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,MAAM,EAAE,MAAM,yBAAyB,CAAC;AAOjD,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,IAAY,EACZ,OAAe,EACf,UAAe;IAEf,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,MAAM,cAAc,CAAC,gBAAgB,CACtD,IAAI,EACJ,OAAO,CACR,CAAC;QAEF,MAAM,SAAS,GAAG,wBAAwB,CAAC,UAAU,EAAE;
|
|
1
|
+
{"version":3,"file":"npmRegistry.js","sourceRoot":"","sources":["../src/npmRegistry.ts"],"names":[],"mappings":"AAAA,kCAAkC;AAClC,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,KAAK,cAAc,MAAM,8BAA8B,CAAC;AAC/D,OAAO,EAAE,wBAAwB,EAAE,MAAM,kBAAkB,CAAC;AAE5D,+BAA+B;AAC/B,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,MAAM,EAAE,MAAM,yBAAyB,CAAC;AAOjD,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,IAAY,EACZ,OAAe,EACf,UAAe;IAEf,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,MAAM,cAAc,CAAC,gBAAgB,CACtD,IAAI,EACJ,OAAO,CACR,CAAC;QAEF,MAAM,EAAE,SAAS,EAAE,GAAG,wBAAwB,CAAC,UAAU,EAAE;YACzD,oBAAoB,EAAE,IAAI;SAC3B,CAAC,CAAC;QACH,MAAM,CAAC,MAAM,CACX,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,EAC5B;YACE,KAAK,EAAE,QAAQ,CAAC,UAAU,CAAC;SAC5B,CACF,CAAC;QAEF,UAAU,CAAC,QAAQ,CAAC,SAAS,CAAC,OAAO,CAAC,GAAG,SAAS,CAAC;IACrD,CAAC;IACD,MAAM,CAAC;QACL,SAAS;IACX,CAAC;AACH,CAAC;AAOD,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,IAAY,EACZ,OAAe,EACf,OAA+B;IAE/B,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC;IACvC,MAAM,IAAI,GAAG,GAAG,IAAI,IAAI,OAAO,EAAE,CAAC;IAElC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QAEjD,MAAM,gBAAgB,GAAG,IAAI,IAAI,EAAE,CAAC;QACpC,gBAAgB,CAAC,WAAW,CAAC,gBAAgB,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC,CAAC;QAEjE,MAAM,WAAW,GAAG,GAAG,CAAC,WAAW,CAAC,CAAC,MAAO,CAAC;QAC7C,MAAM,YAAY,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,CAAE,CAAC,CAAC;QACtD,MAAM,QAAQ,GAA2B;YACvC,MAAM,EAAE,GAAG,CAAC,MAAM,IAAI,IAAI;YAC1B,QAAQ,EAAE,GAAG,CAAC,QAAQ,IAAI,IAAI;YAC9B,cAAc,EAAE,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,MAAM;YAClD,WAAW;YACX,YAAY;YACZ,0BAA0B,EAAE,CAAC,CAAC,gBAAgB,GAAG,YAAY,CAAC;YAC9D,iBAAiB,EAAE,KAAK;YACxB,gBAAgB,EAAE,KAAK;YACvB,WAAW,EAAE,GAAG,CAAC,WAAW,IAAI,EAAE;YAClC,UAAU,EAAE,EAAE;YACd,SAAS,EAAE,EAAE;SACd,CAAC;QAEF,MAAM,UAAU,GAAG,MAAM,CAAC,GAAG,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;QACpD,MAAM,iBAAiB,GAAG,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QACvD,MAAM,KAAK,GAAG,iBAAkB,CAAC,KAAK,CAAC;QACvC,IAAI,UAAU,EAAE,CAAC;YACf,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAC3B,CAAC;QAED,MAAM,UAAU,GAAG,IAAI,GAAG,EAAE,CAAC;QAC7B,IAAI,8BAA8B,GAAG,QAAQ,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC,CAAC;QACvE,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC;YACxD,IAAI,IAAI,KAAK,GAAG,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC;gBAC1C,IAAI,YAAY,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;oBAC3D,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;oBAC3B,iBAAiB,CAAC,UAAU,GAAG,GAAG,CAAC,UAAU,CAAC;gBAChD,CAAC;gBAED,QAAQ,CAAC,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,wBAAwB,CACxD,GAAG,EAAE,EAAE,oBAAoB,EAAE,IAAI,EAAE,CACpC,CAAC,SAAS,CAAC;YACd,CAAC;YAED,MAAM,EAAE,QAAQ,GAAG,IAAI,EAAE,OAAO,EAAE,WAAW,GAAG,EAAE,EAAE,GAAG,GAAG,CAAC;YAE3D,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;gBACtB,MAAM,UAAU,GAAG,QAAQ,CAAC,MAAM,EAAE,IAAI,IAAI,IAAI,CAAC;gBACjD,IAAI,UAAU,KAAK,IAAI,EAAE,CAAC;oBACxB,QAAQ,CAAC,MAAM,GAAG,QAAQ,CAAC;gBAC7B,CAAC;qBACI,IAAI,UAAU,KAAK,IAAI,IAAI,QAAQ,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;oBAC7D,QAAQ,CAAC,iBAAiB,GAAG,IAAI,CAAC;gBACpC,CAAC;gBAED,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;oBACnC,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;oBAC9B,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC;wBACvB,GAAG,QAAQ;wBACX,OAAO;wBACP,EAAE,EAAE,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,WAAW,EAAE;qBAC9C,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,IAAI,8BAA8B,EAAE,CAAC;gBACnC,QAAQ,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,WAAW,CAAC,CAAC;gBAC1C,8BAA8B,GAAG,KAAK,CAAC;YACzC,CAAC;QACH,CAAC;QAED,MAAM,YAAY,CAAC,QAAQ,CAAC,CAAC;QAC7B,MAAM,CAAC,MAAM,CACX,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAE,EAC7B,EAAE,KAAK,EAAE,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAE,CAAC,EAAE,CAC5C,CAAC;QACF,UAAU,CAAC,QAAQ,GAAG,QAAQ,CAAC;IACjC,CAAC;IACD,MAAM,CAAC;QACL,SAAS;IACX,CAAC;YACO,CAAC;QACP,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAC1B,CAAC;AACH,CAAC;AAED,KAAK,UAAU,YAAY,CACzB,QAAgC;IAEhC,MAAM,YAAY,GAA+B;QAC/C,GAAG,QAAQ,CAAC,WAAW;QACvB,GAAG,QAAQ,CAAC,UAAU;KACvB,CAAC;IACF,IAAI,QAAQ,CAAC,MAAM,KAAK,IAAI,EAAE,CAAC;QAC7B,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IACrC,CAAC;IACD,MAAM,aAAa,GAA2B,EAAE,CAAC;IAEjD,MAAM,QAAQ,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC,WAAW,EAAE,EAAE;QAChD,IAAI,WAAW,CAAC,KAAK,IAAI,aAAa,CAAC,WAAW,CAAC,KAAK,CAAC,EAAE,CAAC;YAC1D,WAAW,CAAC,SAAS,GAAG,aAAa,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;YAEzD,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;QAC3B,CAAC;QAED,OAAO,cAAc,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;aACzD,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE;YAChB,WAAW,CAAC,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC;YAC9C,IAAI,WAAW,CAAC,KAAK,IAAI,WAAW,CAAC,SAAS,EAAE,CAAC;gBAC/C,aAAa,CAAC,WAAW,CAAC,KAAK,CAAC,GAAG,WAAW,CAAC,SAAS,CAAC;YAC3D,CAAC;QACH,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE;YACZ,WAAW,CAAC,SAAS,GAAG,SAAS,CAAC;QACpC,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,MAAM,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IAE5B,8EAA8E;IAC9E,KAAK,MAAM,WAAW,IAAI,YAAY,EAAE,CAAC;QACvC,IAAI,CAAC,WAAW,CAAC,SAAS,IAAI,WAAW,CAAC,KAAK,IAAI,aAAa,CAAC,WAAW,CAAC,KAAK,CAAC,EAAE,CAAC;YACpF,WAAW,CAAC,SAAS,GAAG,aAAa,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QAC3D,CAAC;IACH,CAAC;AACH,CAAC"}
|
package/dist/types.d.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import type { Warning
|
|
1
|
+
import type { Warning } from "@nodesecure/js-x-ray";
|
|
2
2
|
import * as Vulnera from "@nodesecure/vulnera";
|
|
3
3
|
import type { PackageModuleType } from "@nodesecure/mama";
|
|
4
4
|
import type { SpdxFileLicenseConformance } from "@nodesecure/conformance";
|
|
@@ -66,7 +66,7 @@ export interface DependencyVersion {
|
|
|
66
66
|
*
|
|
67
67
|
* @see https://github.com/NodeSecure/js-x-ray/blob/master/WARNINGS.md
|
|
68
68
|
*/
|
|
69
|
-
warnings: Warning
|
|
69
|
+
warnings: Warning[];
|
|
70
70
|
alias: Record<string, string>;
|
|
71
71
|
/** Tarball composition (files and dependencies) */
|
|
72
72
|
composition: {
|
package/dist/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,KAAK,OAAO,MAAM,qBAAqB,CAAC;AAC/C,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAE1D,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,yBAAyB,CAAC;AAC1E,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AAC9D,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAC;AAErD,MAAM,MAAM,UAAU,GAAG,OAAO,GAAG;IACjC;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,MAAM,MAAM,SAAS,GAAG,IAAI,CAAC,UAAU,EAAE,KAAK,CAAC,GAAG;IAChD;;OAEG;IACH,OAAO,EAAE,MAAM,CAAC;IAChB;;;OAGG;IACH,EAAE,EAAE,MAAM,CAAC;CACZ,CAAC;AAEF,MAAM,WAAW,eAAe;IAC9B,wBAAwB;IACxB,GAAG,EAAE,MAAM,CAAC;IACZ,mBAAmB;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,yBAAyB;IACzB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,OAAO;IACtB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,MAAM,CAAC;CACb;AAED,MAAM,WAAW,iBAAiB;IAChC,qDAAqD;IACrD,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,iBAAiB,CAAC;IACxB,eAAe,EAAE,OAAO,CAAC;IACzB;;;OAGG;IACH,qBAAqB,EAAE,OAAO,CAAC;IAC/B,uCAAuC;IACvC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC/B,uDAAuD;IACvD,IAAI,EAAE,MAAM,CAAC;IACb,4BAA4B;IAC5B,eAAe,EAAE,MAAM,CAAC;IACxB,0BAA0B;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,iFAAiF;IACjF,MAAM,EAAE,UAAU,GAAG,IAAI,CAAC;IAC1B,OAAO,EAAE,OAAO,CAAC;IACjB,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC;;;;OAIG;IACH,QAAQ,EAAE,OAAO,EAAE,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC9B,mDAAmD;IACnD,WAAW,EAAE;QACX,8CAA8C;QAC9C,UAAU,EAAE,MAAM,EAAE,CAAC;QACrB,KAAK,EAAE,MAAM,EAAE,CAAC;QAChB,wCAAwC;QACxC,QAAQ,EAAE,MAAM,EAAE,CAAC;QACnB,cAAc,EAAE,MAAM,EAAE,CAAC;QACzB,mBAAmB,EAAE,MAAM,EAAE,CAAC;QAC9B,eAAe,EAAE,MAAM,EAAE,CAAC;QAC1B,gBAAgB,EAAE,MAAM,EAAE,CAAC;QAC3B,MAAM,EAAE,MAAM,EAAE,CAAC;QACjB,OAAO,EAAE,MAAM,EAAE,CAAC;KACnB,CAAC;IACF;;OAEG;IACH,QAAQ,EAAE,0BAA0B,EAAE,CAAC;IACvC,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B;;;;OAIG;IACH,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB;;OAEG;IACH,MAAM,EAAE,IAAI,GAAG,MAAM,CAAC;IACtB;;;;;OAKG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,eAAe,CAAC;IACxB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,UAAU;IACzB,4BAA4B;IAC5B,QAAQ,EAAE;QACR,0CAA0C;QAC1C,cAAc,EAAE,MAAM,CAAC;QACvB,YAAY,EAAE,IAAI,CAAC;QACnB,0BAA0B;QAC1B,WAAW,EAAE,MAAM,CAAC;QACpB,gBAAgB,EAAE,OAAO,CAAC;QAC1B,iBAAiB,EAAE,OAAO,CAAC;QAC3B,0BAA0B,EAAE,OAAO,CAAC;QACpC,iFAAiF;QACjF,MAAM,EAAE,UAAU,GAAG,IAAI,CAAC;QAC1B,wBAAwB;QACxB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;QACxB;;WAEG;QACH,WAAW,EAAE,UAAU,EAAE,CAAC;QAC1B;;WAEG;QACH,UAAU,EAAE,SAAS,EAAE,CAAC;QACxB;;;WAGG;QACH,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;KACnC,CAAC;IACF,yFAAyF;IACzF,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,iBAAiB,CAAC,CAAC;IAC5C;;;;OAIG;IACH,eAAe,EAAE,OAAO,CAAC,qBAAqB,EAAE,CAAC;CAClD;AAED,MAAM,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;AAEtD,MAAM,WAAW,OAAO;IACtB,wBAAwB;IACxB,EAAE,EAAE,MAAM,CAAC;IACX,mCAAmC;IACnC,kBAAkB,EAAE,MAAM,CAAC;IAC3B,2BAA2B;IAC3B,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,WAAW,EAAE;QACX,QAAQ,EAAE,kBAAkB,EAAE,CAAC;KAChC,CAAC;IACF,sDAAsD;IACtD,YAAY,EAAE,YAAY,CAAC;IAC3B,yDAAyD;IACzD,cAAc,EAAE,MAAM,CAAC;IACvB,oDAAoD;IACpD,qBAAqB,EAAE,OAAO,CAAC,IAAI,CAAC;CACrC;AAED,MAAM,WAAW,OAAO;IACtB;;;;OAIG;IACH,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAE3B,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,GAAG,GAAG,CAAC;IAEjC;;;;;;;OAOG;IACH,WAAW,CAAC,EAAE;QACZ;;;;;WAKG;QACH,aAAa,CAAC,EAAE,OAAO,CAAC;QAExB;;;WAGG;QACH,QAAQ,EAAE,MAAM,CAAC;KAClB,CAAC;IAEF,SAAS,CAAC,EAAE;QACV,QAAQ,EAAE,OAAO,EAAE,CAAC;KACrB,CAAC;IAEF;;;;OAIG;IACH,QAAQ,CAAC,cAAc,CAAC,EAAE,OAAO,CAAC;IAElC;;;;OAIG;IACH,QAAQ,CAAC,qBAAqB,CAAC,EAAE,OAAO,CAAC,IAAI,CAAC;IAE9C;;;;;OAKG;IACH,QAAQ,CAAC,YAAY,CAAC,EAAE,OAAO,CAAC;CACjC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"warnings.d.ts","sourceRoot":"","sources":["../../src/utils/warnings.ts"],"names":[],"mappings":"AAMA,OAAO,EAEL,KAAK,kBAAkB,EAExB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAC;
|
|
1
|
+
{"version":3,"file":"warnings.d.ts","sourceRoot":"","sources":["../../src/utils/warnings.ts"],"names":[],"mappings":"AAMA,OAAO,EAEL,KAAK,kBAAkB,EAExB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAC;AAKrD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAoB9C,MAAM,WAAW,iBAAiB;IAChC,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,WAAW,EAAE,kBAAkB,EAAE,CAAC;CACnC;AAED,wBAAsB,uBAAuB,CAC3C,eAAe,EAAE,GAAG,CAAC,MAAM,EAAE,UAAU,CAAC,EACxC,iBAAiB,GAAE,OAAO,EAAO,GAChC,OAAO,CAAC,iBAAiB,CAAC,CA+C5B"}
|
package/dist/utils/warnings.js
CHANGED
|
@@ -6,6 +6,7 @@ import * as RC from "@nodesecure/rc";
|
|
|
6
6
|
import { ContactExtractor } from "@nodesecure/contact";
|
|
7
7
|
// Import Internal Dependencies
|
|
8
8
|
import { getDirNameFromUrl } from "./dirname.js";
|
|
9
|
+
import { TopPackages } from "../class/TopPackages.class.js";
|
|
9
10
|
await i18n.extendFromSystemPath(path.join(getDirNameFromUrl(import.meta.url), "..", "i18n"));
|
|
10
11
|
// CONSTANTS
|
|
11
12
|
const kDetectedDep = i18n.taggedString `The dependency '${0}' has been detected in the dependency Tree.`;
|
|
@@ -21,11 +22,18 @@ const kDependencyWarnMessage = {
|
|
|
21
22
|
};
|
|
22
23
|
export async function getDependenciesWarnings(dependenciesMap, highlightContacts = []) {
|
|
23
24
|
const vulnerableDependencyNames = Object.keys(kDependencyWarnMessage);
|
|
25
|
+
const topPackages = new TopPackages();
|
|
26
|
+
await topPackages.loadJSON();
|
|
24
27
|
const warnings = vulnerableDependencyNames
|
|
25
28
|
.flatMap((name) => (dependenciesMap.has(name) ? `${kDetectedDep(name)} ${kDependencyWarnMessage[name]}` : []));
|
|
26
29
|
const dependencies = Object.create(null);
|
|
27
30
|
for (const [packageName, dependency] of dependenciesMap) {
|
|
28
31
|
const { author, maintainers } = dependency.metadata;
|
|
32
|
+
const similarPackages = topPackages.getSimilarPackages(packageName);
|
|
33
|
+
if (similarPackages.length > 0) {
|
|
34
|
+
const warningMessage = await i18n.getToken("scanner.typo_squatting", packageName, similarPackages.join(", "));
|
|
35
|
+
warnings.push(warningMessage);
|
|
36
|
+
}
|
|
29
37
|
dependencies[packageName] = {
|
|
30
38
|
maintainers,
|
|
31
39
|
...(author === null ? {} : { author })
|
|
@@ -40,7 +48,7 @@ export async function getDependenciesWarnings(dependenciesMap, highlightContacts
|
|
|
40
48
|
...kDefaultIlluminatedContacts
|
|
41
49
|
]
|
|
42
50
|
});
|
|
43
|
-
const illuminated = extractor.fromDependencies(dependencies);
|
|
51
|
+
const { illuminated } = await extractor.fromDependencies(dependencies);
|
|
44
52
|
return {
|
|
45
53
|
warnings,
|
|
46
54
|
illuminated
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"warnings.js","sourceRoot":"","sources":["../../src/utils/warnings.ts"],"names":[],"mappings":"AAAA,8BAA8B;AAC9B,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,kCAAkC;AAClC,OAAO,KAAK,IAAI,MAAM,kBAAkB,CAAC;AACzC,OAAO,KAAK,EAAE,MAAM,gBAAgB,CAAC;AACrC,OAAO,EACL,gBAAgB,EAGjB,MAAM,qBAAqB,CAAC;AAG7B,+BAA+B;AAC/B,OAAO,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;
|
|
1
|
+
{"version":3,"file":"warnings.js","sourceRoot":"","sources":["../../src/utils/warnings.ts"],"names":[],"mappings":"AAAA,8BAA8B;AAC9B,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,kCAAkC;AAClC,OAAO,KAAK,IAAI,MAAM,kBAAkB,CAAC;AACzC,OAAO,KAAK,EAAE,MAAM,gBAAgB,CAAC;AACrC,OAAO,EACL,gBAAgB,EAGjB,MAAM,qBAAqB,CAAC;AAG7B,+BAA+B;AAC/B,OAAO,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AACjD,OAAO,EAAE,WAAW,EAAE,MAAM,+BAA+B,CAAC;AAG5D,MAAM,IAAI,CAAC,oBAAoB,CAC7B,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,MAAM,CAAC,CAC5D,CAAC;AAEF,YAAY;AACZ,MAAM,YAAY,GAAG,IAAI,CAAC,YAAY,CAAA,mBAAmB,CAAC,6CAA6C,CAAC;AACxG,MAAM,2BAA2B,GAAc;IAC7C;QACE,IAAI,EAAE,OAAO;QACb,KAAK,EAAE,yBAAyB;KACjC;CACF,CAAC;AAEF,MAAM,sBAAsB,GAAG;IAC7B,cAAc,EAAE,MAAM,IAAI,CAAC,QAAQ,CAAC,uBAAuB,CAAC;IAC5D,MAAM,EAAE,MAAM,IAAI,CAAC,QAAQ,CAAC,oBAAoB,CAAC;CACzC,CAAC;AAOX,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,eAAwC,EACxC,oBAA+B,EAAE;IAEjC,MAAM,yBAAyB,GAAG,MAAM,CAAC,IAAI,CAC3C,sBAAsB,CAC+B,CAAC;IACxD,MAAM,WAAW,GAAG,IAAI,WAAW,EAAE,CAAC;IACtC,MAAM,WAAW,CAAC,QAAQ,EAAE,CAAC;IAE7B,MAAM,QAAQ,GAAG,yBAAyB;SACvC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,eAAe,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,YAAY,CAAC,IAAI,CAAC,IAAI,sBAAsB,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAEjH,MAAM,YAAY,GAAoD,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IAC1F,KAAK,MAAM,CAAC,WAAW,EAAE,UAAU,CAAC,IAAI,eAAe,EAAE,CAAC;QACxD,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,GAAG,UAAU,CAAC,QAAQ,CAAC;QACpD,MAAM,eAAe,GAAG,WAAW,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAC;QACpE,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC/B,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,QAAQ,CACxC,wBAAwB,EACxB,WAAW,EACX,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAC3B,CAAC;YACF,QAAQ,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QAChC,CAAC;QAED,YAAY,CAAC,WAAW,CAAC,GAAG;YAC1B,WAAW;YACX,GAAG,CAAC,MAAM,KAAK,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC;SACvC,CAAC;IACJ,CAAC;IAED,MAAM,cAAc,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC;IACrC,MAAM,SAAS,GAAG,IAAI,gBAAgB,CAAC;QACrC,SAAS,EAAE;YACT,GAAG,iBAAiB;YACpB,GAAG,CAAC,cAAc,KAAK,IAAI,CAAC,CAAC;gBAC3B,EAAE,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,OAAO,EAAE,SAAS,EAAE,QAAQ,IAAI,EAAE,CAAC,CACzD;YACD,GAAG,2BAA2B;SAC/B;KACF,CAAC,CAAC;IACH,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,SAAS,CAAC,gBAAgB,CACtD,YAAY,CACb,CAAC;IAEF,OAAO;QACL,QAAQ;QACR,WAAW;KACZ,CAAC;AACJ,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@nodesecure/scanner",
|
|
3
|
-
"version": "6.
|
|
3
|
+
"version": "6.11.0",
|
|
4
4
|
"description": "A package API to run a static analysis of your module's dependencies.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"exports": "./dist/index.js",
|
|
@@ -49,20 +49,21 @@
|
|
|
49
49
|
"homepage": "https://github.com/NodeSecure/tree/master/workspaces/scanner#readme",
|
|
50
50
|
"dependencies": {
|
|
51
51
|
"@fastify/deepmerge": "^3.1.0",
|
|
52
|
-
"@nodesecure/conformance": "^1.1.
|
|
53
|
-
"@nodesecure/contact": "^
|
|
52
|
+
"@nodesecure/conformance": "^1.1.1",
|
|
53
|
+
"@nodesecure/contact": "^3.0.0",
|
|
54
54
|
"@nodesecure/flags": "^3.0.3",
|
|
55
|
-
"@nodesecure/i18n": "^4.0.
|
|
56
|
-
"@nodesecure/js-x-ray": "^9.
|
|
57
|
-
"@nodesecure/mama": "^
|
|
55
|
+
"@nodesecure/i18n": "^4.0.2",
|
|
56
|
+
"@nodesecure/js-x-ray": "^9.2.0",
|
|
57
|
+
"@nodesecure/mama": "^2.0.0",
|
|
58
58
|
"@nodesecure/npm-registry-sdk": "^3.0.0",
|
|
59
59
|
"@nodesecure/npm-types": "^1.2.0",
|
|
60
|
-
"@nodesecure/rc": "^5.0.
|
|
61
|
-
"@nodesecure/tarball": "^2.
|
|
62
|
-
"@nodesecure/tree-walker": "^1.3.
|
|
60
|
+
"@nodesecure/rc": "^5.0.1",
|
|
61
|
+
"@nodesecure/tarball": "^2.1.0",
|
|
62
|
+
"@nodesecure/tree-walker": "^1.3.1",
|
|
63
63
|
"@nodesecure/utils": "^2.3.0",
|
|
64
64
|
"@nodesecure/vulnera": "^2.0.1",
|
|
65
|
-
"@openally/mutex": "^
|
|
65
|
+
"@openally/mutex": "^2.0.0",
|
|
66
|
+
"fastest-levenshtein": "^1.0.16",
|
|
66
67
|
"frequency-set": "^1.0.2",
|
|
67
68
|
"pacote": "^21.0.0",
|
|
68
69
|
"semver": "^7.5.4",
|