@nodesecure/scanner 7.0.0 → 7.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/depWalker.d.ts.map +1 -1
- package/dist/depWalker.js +13 -3
- package/dist/depWalker.js.map +1 -1
- package/dist/i18n/english.d.ts +3 -0
- package/dist/i18n/english.js +4 -1
- package/dist/i18n/english.js.map +1 -1
- package/dist/i18n/french.d.ts +3 -0
- package/dist/i18n/french.js +4 -1
- package/dist/i18n/french.js.map +1 -1
- package/dist/registry/NpmRegistryProvider.d.ts +20 -5
- package/dist/registry/NpmRegistryProvider.d.ts.map +1 -1
- package/dist/registry/NpmRegistryProvider.js +72 -8
- package/dist/registry/NpmRegistryProvider.js.map +1 -1
- package/dist/types.d.ts +10 -2
- package/dist/types.d.ts.map +1 -1
- package/package.json +6 -6
package/dist/depWalker.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"depWalker.d.ts","sourceRoot":"","sources":["../src/depWalker.ts"],"names":[],"mappings":"AAcA,OAAO,KAAK,EAAE,eAAe,EAAE,WAAW,EAAE,qBAAqB,EAAE,MAAM,uBAAuB,CAAC;
|
|
1
|
+
{"version":3,"file":"depWalker.d.ts","sourceRoot":"","sources":["../src/depWalker.ts"],"names":[],"mappings":"AAcA,OAAO,KAAK,EAAE,eAAe,EAAE,WAAW,EAAE,qBAAqB,EAAE,MAAM,uBAAuB,CAAC;AAYjG,OAAO,EAAE,MAAM,EAAuB,MAAM,yBAAyB,CAAC;AACtE,OAAO,KAAK,EAKV,OAAO,EACP,OAAO,EACR,MAAM,YAAY,CAAC;AA4CpB,KAAK,aAAa,GAAG,IAAI,CAAC,OAAO,EAAE,UAAU,CAAC,GAAG;IAC/C,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF,wBAAsB,SAAS,CAC7B,QAAQ,EAAE,WAAW,GAAG,qBAAqB,GAAG,eAAe,EAC/D,OAAO,EAAE,aAAa,EACtB,MAAM,SAAe,GACpB,OAAO,CAAC,OAAO,CAAC,CAyNlB"}
|
package/dist/depWalker.js
CHANGED
|
@@ -59,7 +59,8 @@ import { extractAndResolve, scanDirOrArchive } from "@nodesecure/tarball";
|
|
|
59
59
|
import * as Vulnera from "@nodesecure/vulnera";
|
|
60
60
|
import { npm } from "@nodesecure/tree-walker";
|
|
61
61
|
import { parseAuthor } from "@nodesecure/utils";
|
|
62
|
-
import { ManifestManager } from "@nodesecure/mama";
|
|
62
|
+
import { ManifestManager, parseNpmSpec } from "@nodesecure/mama";
|
|
63
|
+
import { getNpmRegistryURL } from "@nodesecure/npm-registry-sdk";
|
|
63
64
|
// Import Internal Dependencies
|
|
64
65
|
import { getDependenciesWarnings, addMissingVersionFlags, getUsedDeps, getManifestLinks } from "./utils/index.js";
|
|
65
66
|
import { NpmRegistryProvider } from "./registry/NpmRegistryProvider.js";
|
|
@@ -105,6 +106,7 @@ export async function depWalker(manifest, options, logger = new Logger()) {
|
|
|
105
106
|
try {
|
|
106
107
|
const { scanRootNode = false, includeDevDeps = false, packageLock, maxDepth, location, vulnerabilityStrategy = Vulnera.strategies.NONE, registry } = options;
|
|
107
108
|
const tempDir = __addDisposableResource(env_1, await TempDirectory.create(), true);
|
|
109
|
+
const dependencyConfusionWarnings = [];
|
|
108
110
|
const payload = {
|
|
109
111
|
id: tempDir.id,
|
|
110
112
|
rootDependencyName: manifest.name ?? "workspace",
|
|
@@ -143,9 +145,12 @@ export async function depWalker(manifest, options, logger = new Logger()) {
|
|
|
143
145
|
metadata: structuredClone(kDefaultDependencyMetadata)
|
|
144
146
|
};
|
|
145
147
|
let proceedDependencyScan = true;
|
|
148
|
+
const org = parseNpmSpec(name)?.org;
|
|
146
149
|
if (dependencies.has(name)) {
|
|
147
150
|
const dep = dependencies.get(name);
|
|
148
|
-
operationsQueue.push(new NpmRegistryProvider(name, version
|
|
151
|
+
operationsQueue.push(new NpmRegistryProvider(name, version, {
|
|
152
|
+
registry
|
|
153
|
+
}).enrichDependencyVersion(dep, dependencyConfusionWarnings, org));
|
|
149
154
|
if (version in dep.versions) {
|
|
150
155
|
// The dependency has already entered the analysis
|
|
151
156
|
// This happens if the package is used by multiple packages in the tree
|
|
@@ -171,6 +176,11 @@ export async function depWalker(manifest, options, logger = new Logger()) {
|
|
|
171
176
|
fetchedMetadataPackages.add(name);
|
|
172
177
|
const provider = new NpmRegistryProvider(name, version);
|
|
173
178
|
operationsQueue.push(provider.enrichDependency(logger, dependency));
|
|
179
|
+
if (registry !== getNpmRegistryURL() && org) {
|
|
180
|
+
operationsQueue.push(new NpmRegistryProvider(name, version, {
|
|
181
|
+
registry
|
|
182
|
+
}).enrichScopedDependencyConfusionWarnings(dependencyConfusionWarnings, org));
|
|
183
|
+
}
|
|
174
184
|
}
|
|
175
185
|
const scanDirOptions = {
|
|
176
186
|
ref: dependency.versions[version],
|
|
@@ -247,7 +257,7 @@ export async function depWalker(manifest, options, logger = new Logger()) {
|
|
|
247
257
|
}
|
|
248
258
|
try {
|
|
249
259
|
const { warnings, illuminated } = await getDependenciesWarnings(dependencies, options.highlight?.contacts);
|
|
250
|
-
payload.warnings = globalWarnings.concat(warnings);
|
|
260
|
+
payload.warnings = globalWarnings.concat(dependencyConfusionWarnings).concat(warnings);
|
|
251
261
|
payload.highlighted = {
|
|
252
262
|
contacts: illuminated
|
|
253
263
|
};
|
package/dist/depWalker.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"depWalker.js","sourceRoot":"","sources":["../src/depWalker.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8BAA8B;AAC9B,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAEvC,kCAAkC;AAClC,OAAO,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AACtD,OAAO,EACL,iBAAiB,EACjB,gBAAgB,EACjB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,KAAK,OAAO,MAAM,qBAAqB,CAAC;AAC/C,OAAO,EAAE,GAAG,EAAE,MAAM,yBAAyB,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;
|
|
1
|
+
{"version":3,"file":"depWalker.js","sourceRoot":"","sources":["../src/depWalker.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8BAA8B;AAC9B,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAEvC,kCAAkC;AAClC,OAAO,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AACtD,OAAO,EACL,iBAAiB,EACjB,gBAAgB,EACjB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,KAAK,OAAO,MAAM,qBAAqB,CAAC;AAC/C,OAAO,EAAE,GAAG,EAAE,MAAM,yBAAyB,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,eAAe,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAEjE,OAAO,EAAE,iBAAiB,EAAE,MAAM,8BAA8B,CAAC;AAEjE,+BAA+B;AAC/B,OAAO,EACL,uBAAuB,EACvB,sBAAsB,EACtB,WAAW,EACX,gBAAgB,EACjB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,mBAAmB,EAAE,MAAM,mCAAmC,CAAC;AACxE,OAAO,EAAE,aAAa,EAAE,MAAM,gCAAgC,CAAC;AAC/D,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAUtE,YAAY;AACZ,MAAM,+BAA+B,GAAG;IACtC,WAAW,EAAE,EAAE;IACf,IAAI,EAAE,CAAC;IACP,MAAM,EAAE,IAAI;IACZ,OAAO,EAAE,EAAE;IACX,OAAO,EAAE,EAAE;IACX,QAAQ,EAAE,EAAE;IACZ,gBAAgB,EAAE,EAAE;IACpB,WAAW,EAAE;QACX,UAAU,EAAE,EAAE;QACd,KAAK,EAAE,EAAE;QACT,QAAQ,EAAE,EAAE;QACZ,MAAM,EAAE,EAAE;QACV,OAAO,EAAE,EAAE;QACX,cAAc,EAAE,EAAE;QAClB,eAAe,EAAE,EAAE;QACnB,mBAAmB,EAAE,EAAE;QACvB,gBAAgB,EAAE,EAAE;KACrB;CACF,CAAC;AACF,MAAM,0BAA0B,GAA2B;IACzD,cAAc,EAAE,CAAC;IACjB,YAAY,EAAE,IAAI,IAAI,EAAE;IACxB,WAAW,EAAE,KAAK;IAClB,gBAAgB,EAAE,KAAK;IACvB,iBAAiB,EAAE,KAAK;IACxB,0BAA0B,EAAE,IAAI;IAChC,QAAQ,EAAE,IAAI;IACd,MAAM,EAAE,IAAI;IACZ,UAAU,EAAE,EAAE;IACd,WAAW,EAAE,EAAE;IACf,SAAS,EAAE,EAAE;CACd,CAAC;AAEF,MAAM,EAAE,OAAO,EAAE,cAAc,EAAE,GAAG,IAAI,CAAC,KAAK,CAC5C,YAAY,CACV,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,cAAc,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EACzD,OAAO,CACR,CACF,CAAC;AAOF,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,QAA+D,EAC/D,OAAsB,EACtB,MAAM,GAAG,IAAI,MAAM,EAAE;;;QAErB,MAAM,EACJ,YAAY,GAAG,KAAK,EACpB,cAAc,GAAG,KAAK,EACtB,WAAW,EACX,QAAQ,EACR,QAAQ,EACR,qBAAqB,GAAG,OAAO,CAAC,UAAU,CAAC,IAAI,EAC/C,QAAQ,EACT,GAAG,OAAO,CAAC;QAEZ,MAAY,OAAO,kCAAG,MAAM,aAAa,CAAC,MAAM,EAAE,OAAA,CAAC;QAEnD,MAAM,2BAA2B,GAAiC,EAAE,CAAC;QAErE,MAAM,OAAO,GAAqB;YAChC,EAAE,EAAE,OAAO,CAAC,EAAE;YACd,kBAAkB,EAAE,QAAQ,CAAC,IAAI,IAAI,WAAW;YAChD,cAAc,EAAE,cAAc;YAC9B,qBAAqB;YACrB,QAAQ,EAAE,EAAE;SACb,CAAC;QAEF,MAAM,YAAY,GAA4B,IAAI,GAAG,EAAE,CAAC;QACxD,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC;YACvC,QAAQ;SACT,CAAC,CAAC;QACH,CAAC;YACC,MAAM;iBACH,KAAK,CAAC,mBAAmB,CAAC,QAAQ,CAAC,IAAI,CAAC;iBACxC,KAAK,CAAC,mBAAmB,CAAC,QAAQ,CAAC,OAAO,CAAC;iBAC3C,KAAK,CAAC,mBAAmB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAChD,MAAM,uBAAuB,GAAG,IAAI,GAAG,EAAU,CAAC;YAClD,MAAM,eAAe,GAAoB,EAAE,CAAC;YAE5C,MAAM,MAAM,GAAG,IAAI,KAAK,CAAC,EAAE,WAAW,EAAE,CAAC,EAAE,CAAC,CAAC;YAC7C,MAAM,CAAC,EAAE,CACP,YAAY,EACZ,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,OAAO,CAAC,CACxD,CAAC;YAEF,MAAM,eAAe,GAAoB;gBACvC,QAAQ;gBACR,cAAc;gBACd,WAAW;aACZ,CAAC;YACF,IAAI,KAAK,EAAE,MAAM,OAAO,IAAI,aAAa,CAAC,IAAI,CAAC,QAAQ,EAAE,eAAe,CAAC,EAAE,CAAC;gBAC1E,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,cAAc,EAAE,GAAG,OAAO,CAAC;gBACrD,MAAM,UAAU,GAAe;oBAC7B,QAAQ,EAAE;wBACR,CAAC,OAAO,CAAC,EAAE;4BACT,GAAG,cAAc;4BACjB,GAAG,eAAe,CAAC,+BAA+B,CAAC;yBACpD;qBACF;oBACD,eAAe,EAAE,EAAE;oBACnB,QAAQ,EAAE,eAAe,CAAC,0BAA0B,CAAC;iBACtD,CAAC;gBAEF,IAAI,qBAAqB,GAAG,IAAI,CAAC;gBACjC,MAAM,GAAG,GAAG,YAAY,CAAC,IAAI,CAAC,EAAE,GAAG,CAAC;gBACpC,IAAI,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;oBAC3B,MAAM,GAAG,GAAG,YAAY,CAAC,GAAG,CAAC,IAAI,CAAE,CAAC;oBACpC,eAAe,CAAC,IAAI,CAClB,IAAI,mBAAmB,CAAC,IAAI,EAAE,OAAO,EAAE;wBACrC,QAAQ;qBACT,CAAC,CAAC,uBAAuB,CAAC,GAAG,EAAE,2BAA2B,EAAE,GAAG,CAAC,CAClE,CAAC;oBAEF,IAAI,OAAO,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;wBAC5B,kDAAkD;wBAClD,uEAAuE;wBACvE,qBAAqB,GAAG,KAAK,CAAC;oBAChC,CAAC;yBACI,CAAC;wBACJ,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;oBACvD,CAAC;gBACH,CAAC;qBACI,CAAC;oBACJ,YAAY,CAAC,GAAG,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;gBACrC,CAAC;gBAED,uDAAuD;gBACvD,IAAI,OAAO,CAAC,eAAe,IAAI,CAAC,qBAAqB,EAAE,CAAC;oBACtD,SAAS;gBACX,CAAC;gBAED,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;gBAE/C,6EAA6E;gBAC7E,IAAI,uBAAuB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,qBAAqB,EAAE,CAAC;oBACxE,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;gBACrD,CAAC;qBACI,CAAC;oBACJ,uBAAuB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;oBAClC,MAAM,QAAQ,GAAG,IAAI,mBAAmB,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;oBAExD,eAAe,CAAC,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC,CAAC;oBACpE,IAAI,QAAQ,KAAK,iBAAiB,EAAE,IAAI,GAAG,EAAE,CAAC;wBAC5C,eAAe,CAAC,IAAI,CAClB,IAAI,mBAAmB,CAAC,IAAI,EAAE,OAAO,EAAE;4BACrC,QAAQ;yBACT,CAAC,CAAC,uCAAuC,CAAC,2BAA2B,EAAE,GAAG,CAAC,CAC7E,CAAC;oBACJ,CAAC;gBACH,CAAC;gBAED,MAAM,cAAc,GAAG;oBACrB,GAAG,EAAE,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAQ;oBACxC,QAAQ;oBACR,UAAU,EAAE,YAAY,IAAI,IAAI,KAAK,QAAQ,CAAC,IAAI;oBAClD,QAAQ;iBACT,CAAC;gBACF,eAAe,CAAC,IAAI,CAClB,kBAAkB,CAAC,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,cAAc,CAAC,CACnE,CAAC;YACJ,CAAC;YAED,MAAM,CAAC,GAAG,CAAC,mBAAmB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YAC9C,MAAM,OAAO,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC;YAE1C,MAAM;iBACH,GAAG,CAAC,mBAAmB,CAAC,QAAQ,CAAC,OAAO,CAAC;iBACzC,GAAG,CAAC,mBAAmB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAChD,CAAC;QAED,MAAM,EAAE,0BAA0B,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC,WAAW,CAClE,qBAAqB,CACtB,CAAC;QAEF,MAAM,gBAAgB,GAAG,CAAC,QAAQ,KAAK,iBAAiB,IAAI,QAAQ,KAAK,MAAM,CAAC;eAC3E,OAAO,QAAQ,KAAK,WAAW,CAAC;QACrC,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACtB,MAAM,0BAA0B,CAAC,YAAmB,EAAE;gBACpD,iBAAiB,EAAE,IAAI;gBACvB,IAAI,EAAE,QAAQ;aACf,CAAC,CAAC;QACL,CAAC;QAED,OAAO,CAAC,qBAAqB,GAAG,QAAQ,CAAC;QAEzC,sFAAsF;QACtF,6EAA6E;QAC7E,MAAM,cAAc,GAAoB,EAAE,CAAC;QAC3C,KAAK,MAAM,CAAC,WAAW,EAAE,UAAU,CAAC,IAAI,YAAY,EAAE,CAAC;YACrD,MAAM,mBAAmB,GAAG,UAAU,CAAC,QAAQ,EAAE,SAAS,IAAI,EAAE,CAAC;YAEjE,KAAK,MAAM,CAAC,OAAO,EAAE,SAAS,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,mBAAmB,CAAC,EAAE,CAAC;gBACvE,MAAM,aAAa,GAAG,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAsB,CAAC;gBAExE,MAAM,cAAc,GAAG,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,KAAK,eAAe,CAAC,CAAC;gBAClG,IAAI,cAAc,EAAE,CAAC;oBACnB,cAAc,CAAC,IAAI,CAAC;wBAClB,IAAI,EAAE,eAAe;wBACrB,OAAO,EAAE,GAAG,WAAW,IAAI,OAAO,oCAAoC;qBACvE,CAAC,CAAC;gBACL,CAAC;gBAED,IAAI,CAAC,CAAC,WAAW,IAAI,aAAa,CAAC,IAAI,aAAa,CAAC,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;oBAC7E,SAAS;gBACX,CAAC;gBAED,IAAI,aAAa,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;oBAC1C,cAAc,CAAC,IAAI,CAAC;wBAClB,IAAI,EAAE,oBAAoB;wBAC1B,OAAO,EAAE,GAAG,WAAW,IAAI,OAAO,8CAA8C;qBACjF,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YACD,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC1D,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,GAAG,OAAsC,CAAC;gBACvE,aAAa,CAAC,KAAK,CAAC,IAAI,CACtB,GAAG,sBAAsB,CAAC,IAAI,GAAG,CAAC,aAAa,CAAC,KAAK,CAAC,EAAE,UAAU,CAAC,CACpE,CAAC;gBAEF,IAAI,eAAe,CAAC,aAAa,EAAE,QAAQ,EAAE,WAAW,CAAC,EAAE,CAAC;oBAC1D,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,QAAQ,EAAE;wBACjC,MAAM,EAAE,WAAW,CAAC,QAAQ,CAAC,MAAM,CAAC;wBACpC,QAAQ,EAAE,QAAQ,CAAC,QAAQ;qBAC5B,CAAC,CAAC;oBAEH,MAAM,CAAC,MAAM,CAAC,aAAa,EAAE;wBAC3B,MAAM,EAAE,WAAW,CAAC,QAAQ,CAAC,MAAM,CAAC;wBACpC,KAAK,EAAE,gBAAgB,CAAC,QAAQ,CAAC;wBACjC,UAAU,EAAE,QAAQ,CAAC,UAAU;qBAChC,CAAC,CAAC;gBACL,CAAC;gBAED,MAAM,QAAQ,GAAG,aAAa,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,WAAW,IAAI,MAAM,EAAE,CAAC,IAAI,IAAI,GAAG,EAAE,CAAC;gBACzF,IAAI,QAAQ,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;oBACxB,SAAS;gBACX,CAAC;gBAED,MAAM,MAAM,GAA2B,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;gBAC3D,KAAK,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,WAAW,CAAC,QAAQ,CAAC,EAAE,CAAC;oBACpD,MAAM,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC;gBACzB,CAAC;gBACD,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;YAC9C,CAAC;QACH,CAAC;QAED,IAAI,CAAC;YACH,MAAM,EAAE,QAAQ,EAAE,WAAW,EAAE,GAAG,MAAM,uBAAuB,CAC7D,YAAY,EACZ,OAAO,CAAC,SAAS,EAAE,QAAQ,CAC5B,CAAC;YACF,OAAO,CAAC,QAAQ,GAAG,cAAc,CAAC,MAAM,CAAC,2BAA8C,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAC1G,OAAO,CAAC,WAAW,GAAG;gBACpB,QAAQ,EAAE,WAAW;aACtB,CAAC;YACF,OAAO,CAAC,YAAY,GAAG,MAAM,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC;YAExD,OAAO,OAAkB,CAAC;QAC5B,CAAC;gBACO,CAAC;YACP,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC;QACxC,CAAC;;;;;;;;;;;CACF;AAED,sCAAsC;AACtC,KAAK,UAAU,kBAAkB,CAC/B,IAAY,EACZ,OAAe,EACf,MAAa,EACb,OAAsB,EACtB,OAKC;;;QAED,MAAM,CAAC,kCAAG,MAAM,MAAM,CAAC,OAAO,EAAE,QAAA,CAAC;QAEjC,IAAI,CAAC;YACH,MAAM,EACJ,QAAQ,EACR,QAAQ,GAAG,OAAO,CAAC,GAAG,EAAE,EACxB,UAAU,EACV,GAAG,EACJ,GAAG,OAAO,CAAC;YAEZ,MAAM,IAAI,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC;gBAC9B,eAAe,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC,CAAC;gBAC3C,iBAAiB,CAAC,OAAO,CAAC,QAAQ,EAAE;oBAClC,IAAI,EAAE,GAAG,IAAI,IAAI,OAAO,EAAE;oBAC1B,QAAQ;iBACT,CAAC,CACH,CAAC;YAEF,MAAM,gBAAgB,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QACpC,CAAC;QACD,MAAM,CAAC;YACL,SAAS;QACX,CAAC;;;;;;;;;CACF;AAED,SAAS,eAAe,CACtB,aAAgC,EAChC,QAA+D,EAC/D,WAAmB;IAEnB,OAAO,aAAa,CAAC,qBAAqB,KAAK,KAAK,IAAI,CACtD,WAAW,KAAK,QAAQ,CAAC,IAAI,IAAI,QAAQ,CAAC,IAAI,KAAK,SAAS,CAC7D,CAAC;AACJ,CAAC"}
|
package/dist/i18n/english.d.ts
CHANGED
|
@@ -6,5 +6,8 @@ declare namespace scanner {
|
|
|
6
6
|
let disable_scarf: string;
|
|
7
7
|
let keylogging: string;
|
|
8
8
|
let typo_squatting: (...valeurs: any[]) => string;
|
|
9
|
+
let dependency_confusion: string;
|
|
10
|
+
let dependency_confusion_missing: string;
|
|
11
|
+
let dependency_confusion_missing_org: (...valeurs: any[]) => string;
|
|
9
12
|
}
|
|
10
13
|
//# sourceMappingURL=english.d.ts.map
|
package/dist/i18n/english.js
CHANGED
|
@@ -3,7 +3,10 @@ import { taggedString as tS } from "@nodesecure/i18n";
|
|
|
3
3
|
const scanner = {
|
|
4
4
|
disable_scarf: "This dependency could collect data against your consent so think to disable it with the env var: SCARF_ANALYTICS",
|
|
5
5
|
keylogging: "This dependency can retrieve your keyboard and mouse inputs. It can be used for 'keylogging' attacks/malwares.",
|
|
6
|
-
typo_squatting: tS `The package '${0}' is similar to the following popular packages: ${1}
|
|
6
|
+
typo_squatting: tS `The package '${0}' is similar to the following popular packages: ${1}`,
|
|
7
|
+
dependency_confusion: "This dependency was found on both a public and private registry but its signature does not match",
|
|
8
|
+
dependency_confusion_missing: "This dependency was found on the private but not on the public registry, this dependency is vulnerable to dependency confusion attacks.",
|
|
9
|
+
dependency_confusion_missing_org: tS `The org '${0}' is not claimed on the public registry`
|
|
7
10
|
};
|
|
8
11
|
export default { scanner };
|
|
9
12
|
//# sourceMappingURL=english.js.map
|
package/dist/i18n/english.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"english.js","sourceRoot":"","sources":["../../src/i18n/english.js"],"names":[],"mappings":"AAAA,kCAAkC;AAClC,OAAO,EAAE,YAAY,IAAI,EAAE,EAAE,MAAM,kBAAkB,CAAC;AAEtD,MAAM,OAAO,GAAG;IACd,aAAa,EAAE,kHAAkH;IACjI,UAAU,EAAE,gHAAgH;IAC5H,cAAc,EAAE,EAAE,CAAA,gBAAgB,CAAC,mDAAmD,CAAC,EAAE;
|
|
1
|
+
{"version":3,"file":"english.js","sourceRoot":"","sources":["../../src/i18n/english.js"],"names":[],"mappings":"AAAA,kCAAkC;AAClC,OAAO,EAAE,YAAY,IAAI,EAAE,EAAE,MAAM,kBAAkB,CAAC;AAEtD,MAAM,OAAO,GAAG;IACd,aAAa,EAAE,kHAAkH;IACjI,UAAU,EAAE,gHAAgH;IAC5H,cAAc,EAAE,EAAE,CAAA,gBAAgB,CAAC,mDAAmD,CAAC,EAAE;IACzF,oBAAoB,EAAE,kGAAkG;IACxH,4BAA4B,EAAE,yIAAyI;IACvK,gCAAgC,EAAE,EAAE,CAAA,YAAY,CAAC,yCAAyC;CAC3F,CAAC;AAEF,eAAe,EAAE,OAAO,EAAE,CAAC"}
|
package/dist/i18n/french.d.ts
CHANGED
|
@@ -6,5 +6,8 @@ declare namespace scanner {
|
|
|
6
6
|
let disable_scarf: string;
|
|
7
7
|
let keylogging: string;
|
|
8
8
|
let typo_squatting: (...valeurs: any[]) => string;
|
|
9
|
+
let dependency_confusion: string;
|
|
10
|
+
let dependency_confusion_missing: string;
|
|
11
|
+
let dependency_confusion_missing_org: (...valeurs: any[]) => string;
|
|
9
12
|
}
|
|
10
13
|
//# sourceMappingURL=french.d.ts.map
|
package/dist/i18n/french.js
CHANGED
|
@@ -3,7 +3,10 @@ import { taggedString as tS } from "@nodesecure/i18n";
|
|
|
3
3
|
const scanner = {
|
|
4
4
|
disable_scarf: "Cette dépendance peut récolter des données contre votre volonté, pensez donc à la désactiver en fournissant la variable d'environnement SCARF_ANALYTICS",
|
|
5
5
|
keylogging: "Cette dépendance peut obtenir vos entrées clavier ou de souris. Cette dépendance peut être utilisée en tant que 'keylogging' attacks/malwares.",
|
|
6
|
-
typo_squatting: tS `Le package '${0}' est similaire aux packages populaires suivants : ${1}
|
|
6
|
+
typo_squatting: tS `Le package '${0}' est similaire aux packages populaires suivants : ${1}`,
|
|
7
|
+
dependency_confusion: "Cette dépendance a été trouvée à la fois sur un registre public et privé, mais sa signature ne correspond pas.",
|
|
8
|
+
dependency_confusion_missing: "Cette dépendance a été trouvée seulement sur le registre privé, cette dépendance est vulnérable à une attaque par confusion de dépendance.",
|
|
9
|
+
dependency_confusion_missing_org: tS `L'organisation '${0}' n'est pas revendiquée sur le registre public`
|
|
7
10
|
};
|
|
8
11
|
export default { scanner };
|
|
9
12
|
//# sourceMappingURL=french.js.map
|
package/dist/i18n/french.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"french.js","sourceRoot":"","sources":["../../src/i18n/french.js"],"names":[],"mappings":"AAAA,kCAAkC;AAClC,OAAO,EAAE,YAAY,IAAI,EAAE,EAAE,MAAM,kBAAkB,CAAC;AAEtD,MAAM,OAAO,GAAG;IACd,aAAa,EAAE,yJAAyJ;IACxK,UAAU,EAAE,gJAAgJ;IAC5J,cAAc,EAAE,EAAE,CAAA,eAAe,CAAC,sDAAsD,CAAC,EAAE;
|
|
1
|
+
{"version":3,"file":"french.js","sourceRoot":"","sources":["../../src/i18n/french.js"],"names":[],"mappings":"AAAA,kCAAkC;AAClC,OAAO,EAAE,YAAY,IAAI,EAAE,EAAE,MAAM,kBAAkB,CAAC;AAEtD,MAAM,OAAO,GAAG;IACd,aAAa,EAAE,yJAAyJ;IACxK,UAAU,EAAE,gJAAgJ;IAC5J,cAAc,EAAE,EAAE,CAAA,eAAe,CAAC,sDAAsD,CAAC,EAAE;IAC3F,oBAAoB,EAAE,gHAAgH;IACtI,4BAA4B,EAAE,4IAA4I;IAC1K,gCAAgC,EAAE,EAAE,CAAA,mBAAmB,CAAC,gDAAgD;CACzG,CAAC;AAEF,eAAe,EAAE,OAAO,EAAE,CAAC"}
|
|
@@ -1,14 +1,20 @@
|
|
|
1
|
-
import
|
|
1
|
+
import * as npmRegistrySDK from "@nodesecure/npm-registry-sdk";
|
|
2
|
+
import type { Packument, PackumentVersion, Signature } from "@nodesecure/npm-types";
|
|
2
3
|
import { type DateProvider } from "./PackumentExtractor.js";
|
|
3
|
-
import type { Dependency } from "../types.js";
|
|
4
|
+
import type { Dependency, DependencyConfusionWarning } from "../types.js";
|
|
4
5
|
import { Logger } from "../class/logger.class.js";
|
|
6
|
+
type PackumentNpmApiOptions = {
|
|
7
|
+
registry: string;
|
|
8
|
+
};
|
|
5
9
|
export interface NpmApiClient {
|
|
6
|
-
packument(name: string): Promise<Packument>;
|
|
7
|
-
packumentVersion(name: string, version: string): Promise<PackumentVersion>;
|
|
10
|
+
packument(name: string, options?: PackumentNpmApiOptions): Promise<Packument>;
|
|
11
|
+
packumentVersion(name: string, version: string, options?: PackumentNpmApiOptions): Promise<PackumentVersion>;
|
|
12
|
+
org(namespace: string): Promise<npmRegistrySDK.NpmPackageOrg>;
|
|
8
13
|
}
|
|
9
14
|
export interface NpmRegistryProviderOptions {
|
|
10
15
|
dateProvider?: DateProvider;
|
|
11
16
|
npmApiClient?: NpmApiClient;
|
|
17
|
+
registry?: string;
|
|
12
18
|
}
|
|
13
19
|
export declare class NpmRegistryProvider {
|
|
14
20
|
#private;
|
|
@@ -23,6 +29,13 @@ export declare class NpmRegistryProvider {
|
|
|
23
29
|
};
|
|
24
30
|
integrity: string;
|
|
25
31
|
deprecated: string | undefined;
|
|
32
|
+
signatures: Signature[] | undefined;
|
|
33
|
+
attestations: {
|
|
34
|
+
url: string;
|
|
35
|
+
provenance: {
|
|
36
|
+
predicateType: string;
|
|
37
|
+
};
|
|
38
|
+
} | undefined;
|
|
26
39
|
}>;
|
|
27
40
|
collectPackageData(): Promise<{
|
|
28
41
|
metadata: {
|
|
@@ -49,6 +62,8 @@ export declare class NpmRegistryProvider {
|
|
|
49
62
|
};
|
|
50
63
|
}>;
|
|
51
64
|
enrichDependency(logger: Logger, dependency: Dependency): Promise<void>;
|
|
52
|
-
enrichDependencyVersion(dependency: Dependency): Promise<void>;
|
|
65
|
+
enrichDependencyVersion(dependency: Dependency, warnings: DependencyConfusionWarning[], org: string | null | undefined): Promise<void>;
|
|
66
|
+
enrichScopedDependencyConfusionWarnings(warnings: DependencyConfusionWarning[], org: string): Promise<void>;
|
|
53
67
|
}
|
|
68
|
+
export {};
|
|
54
69
|
//# sourceMappingURL=NpmRegistryProvider.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"NpmRegistryProvider.d.ts","sourceRoot":"","sources":["../../src/registry/NpmRegistryProvider.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"NpmRegistryProvider.d.ts","sourceRoot":"","sources":["../../src/registry/NpmRegistryProvider.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,cAAc,MAAM,8BAA8B,CAAC;AAE/D,OAAO,KAAK,EAAE,SAAS,EAAE,gBAAgB,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAMpF,OAAO,EAAsB,KAAK,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAEhF,OAAO,KAAK,EACV,UAAU,EACV,0BAA0B,EAC3B,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,MAAM,EAAE,MAAM,0BAA0B,CAAC;AAWlD,KAAK,sBAAsB,GAAG;IAC5B,QAAQ,EAAE,MAAM,CAAC;CAClB,CAAC;AAEF,MAAM,WAAW,YAAY;IAC3B,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,sBAAsB,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;IAC9E,gBAAgB,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,sBAAsB,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAAC;IAC7G,GAAG,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC,aAAa,CAAC,CAAC;CAC/D;AAED,MAAM,WAAW,0BAA0B;IACzC,YAAY,CAAC,EAAE,YAAY,CAAC;IAC5B,YAAY,CAAC,EAAE,YAAY,CAAC;IAC5B,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,qBAAa,mBAAmB;;IAK9B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;gBAGd,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,OAAO,GAAE,0BAA+B;IAgBpC,yBAAyB;;;;;;;;;;;;;;;;IAsBzB,kBAAkB;;;;;;;;;;;;;;;;;;;;;;;;IA0BlB,gBAAgB,CACpB,MAAM,EAAE,MAAM,EACd,UAAU,EAAE,UAAU,GACrB,OAAO,CAAC,IAAI,CAAC;IAoBV,uBAAuB,CAC3B,UAAU,EAAE,UAAU,EACtB,QAAQ,EAAE,0BAA0B,EAAE,EACtC,GAAG,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS;IAqD1B,uCAAuC,CAAC,QAAQ,EAAE,0BAA0B,EAAE,EAAE,GAAG,EAAE,MAAM;CAoBlG"}
|
|
@@ -1,37 +1,54 @@
|
|
|
1
|
+
// Import Node.js Dependencies
|
|
2
|
+
import path from "node:path";
|
|
1
3
|
// Import Third-party Dependencies
|
|
2
4
|
import semver from "semver";
|
|
3
5
|
import * as npmRegistrySDK from "@nodesecure/npm-registry-sdk";
|
|
4
6
|
import { packageJSONIntegrityHash } from "@nodesecure/mama";
|
|
7
|
+
import { getNpmRegistryURL } from "@nodesecure/npm-registry-sdk";
|
|
8
|
+
import * as i18n from "@nodesecure/i18n";
|
|
9
|
+
import { isHTTPError } from "@openally/httpie";
|
|
5
10
|
// Import Internal Dependencies
|
|
6
11
|
import { PackumentExtractor } from "./PackumentExtractor.js";
|
|
7
12
|
import { fetchNpmAvatars } from "./fetchNpmAvatars.js";
|
|
8
13
|
import { Logger } from "../class/logger.class.js";
|
|
9
14
|
import { getLinks } from "../utils/getLinks.js";
|
|
15
|
+
import { getDirNameFromUrl } from "../utils/dirname.js";
|
|
16
|
+
// CONSTANTS
|
|
17
|
+
const kNotFoundStatusCode = 404;
|
|
18
|
+
await i18n.extendFromSystemPath(path.join(getDirNameFromUrl(import.meta.url), "..", "i18n"));
|
|
10
19
|
export class NpmRegistryProvider {
|
|
11
20
|
#date;
|
|
12
21
|
#npmApiClient;
|
|
22
|
+
#registry;
|
|
13
23
|
name;
|
|
14
24
|
version;
|
|
15
25
|
constructor(name, version, options = {}) {
|
|
16
|
-
const { dateProvider = undefined, npmApiClient = npmRegistrySDK } = options;
|
|
26
|
+
const { dateProvider = undefined, npmApiClient = npmRegistrySDK, registry = npmRegistrySDK.getLocalRegistryURL() } = options;
|
|
17
27
|
this.name = name;
|
|
18
28
|
this.version = version;
|
|
19
29
|
this.#date = dateProvider;
|
|
20
30
|
this.#npmApiClient = npmApiClient;
|
|
31
|
+
this.#registry = registry;
|
|
21
32
|
}
|
|
22
33
|
async collectPackageVersionData() {
|
|
23
|
-
const packumentVersion = await this.#npmApiClient.packumentVersion(this.name, this.version
|
|
34
|
+
const packumentVersion = await this.#npmApiClient.packumentVersion(this.name, this.version, {
|
|
35
|
+
registry: this.#registry
|
|
36
|
+
});
|
|
24
37
|
const { integrity } = packageJSONIntegrityHash(packumentVersion, {
|
|
25
38
|
isFromRemoteRegistry: true
|
|
26
39
|
});
|
|
27
40
|
return {
|
|
28
41
|
links: getLinks(packumentVersion),
|
|
29
42
|
integrity,
|
|
30
|
-
deprecated: packumentVersion.deprecated
|
|
43
|
+
deprecated: packumentVersion.deprecated,
|
|
44
|
+
signatures: packumentVersion.dist.signatures,
|
|
45
|
+
attestations: packumentVersion.dist.attestations
|
|
31
46
|
};
|
|
32
47
|
}
|
|
33
48
|
async collectPackageData() {
|
|
34
|
-
const packument = await this.#npmApiClient.packument(this.name
|
|
49
|
+
const packument = await this.#npmApiClient.packument(this.name, {
|
|
50
|
+
registry: this.#registry
|
|
51
|
+
});
|
|
35
52
|
const packumentVersion = packument.versions[this.version];
|
|
36
53
|
const metadata = new PackumentExtractor(packument, { dateProvider: this.#date }).getMetadata(this.version);
|
|
37
54
|
const flags = {
|
|
@@ -57,24 +74,71 @@ export class NpmRegistryProvider {
|
|
|
57
74
|
Object.assign(dependencyVersion, version);
|
|
58
75
|
}
|
|
59
76
|
catch {
|
|
60
|
-
//
|
|
77
|
+
// ignored
|
|
61
78
|
}
|
|
62
79
|
finally {
|
|
63
80
|
logger.tick("registry");
|
|
64
81
|
}
|
|
65
82
|
}
|
|
66
|
-
async enrichDependencyVersion(dependency) {
|
|
83
|
+
async enrichDependencyVersion(dependency, warnings, org) {
|
|
67
84
|
try {
|
|
68
|
-
const { integrity, deprecated, links } = await this.collectPackageVersionData();
|
|
85
|
+
const { integrity, deprecated, links, signatures, attestations } = await this.collectPackageVersionData();
|
|
69
86
|
Object.assign(dependency.versions[this.version], {
|
|
70
87
|
links,
|
|
71
|
-
deprecated
|
|
88
|
+
deprecated,
|
|
89
|
+
attestations
|
|
72
90
|
});
|
|
73
91
|
dependency.metadata.integrity[this.version] = integrity;
|
|
92
|
+
if (this.#registry === getNpmRegistryURL()) {
|
|
93
|
+
return;
|
|
94
|
+
}
|
|
95
|
+
try {
|
|
96
|
+
const packumentVersionFromPublicRegistry = await this.#npmApiClient.packumentVersion(this.name, this.version, {
|
|
97
|
+
registry: getNpmRegistryURL()
|
|
98
|
+
});
|
|
99
|
+
if (!this.#hasSameSignatures(signatures, packumentVersionFromPublicRegistry.dist.signatures)) {
|
|
100
|
+
this.#addDependencyConfusionWarning(warnings, await i18n.getToken("scanner.dependency_confusion"));
|
|
101
|
+
}
|
|
102
|
+
}
|
|
103
|
+
catch (err) {
|
|
104
|
+
const isScoped = Boolean(org);
|
|
105
|
+
if (isHTTPError(err) && err.statusCode === kNotFoundStatusCode && !isScoped) {
|
|
106
|
+
this.#addDependencyConfusionWarning(warnings, await i18n.getToken("scanner.dependency_confusion_missing"));
|
|
107
|
+
}
|
|
108
|
+
}
|
|
74
109
|
}
|
|
75
110
|
catch {
|
|
76
111
|
// ignore
|
|
77
112
|
}
|
|
78
113
|
}
|
|
114
|
+
#hasSameSignatures(signatures, signaturesFromPublicRegistry) {
|
|
115
|
+
if (!signatures || !signaturesFromPublicRegistry) {
|
|
116
|
+
return false;
|
|
117
|
+
}
|
|
118
|
+
const sortedSignaturesFromPublic = signaturesFromPublicRegistry.sort((a, b) => a.keyid.localeCompare(b.keyid));
|
|
119
|
+
const sortedSignaturesFromPrivate = signatures.sort((a, b) => a.keyid.localeCompare(b.keyid));
|
|
120
|
+
return sortedSignaturesFromPrivate.length === signaturesFromPublicRegistry.length &&
|
|
121
|
+
sortedSignaturesFromPrivate?.every((signature, index) => signature.keyid === sortedSignaturesFromPublic[index].keyid
|
|
122
|
+
&& signature.sig === sortedSignaturesFromPublic[index].sig);
|
|
123
|
+
}
|
|
124
|
+
async enrichScopedDependencyConfusionWarnings(warnings, org) {
|
|
125
|
+
try {
|
|
126
|
+
await this.#npmApiClient.org(this.name);
|
|
127
|
+
}
|
|
128
|
+
catch (err) {
|
|
129
|
+
if (isHTTPError(err) && err.statusCode === kNotFoundStatusCode) {
|
|
130
|
+
await this.#addDependencyConfusionWarning(warnings, await i18n.getToken("scanner.dependency_confusion_missing_org", org));
|
|
131
|
+
}
|
|
132
|
+
}
|
|
133
|
+
}
|
|
134
|
+
async #addDependencyConfusionWarning(warnings, message) {
|
|
135
|
+
warnings.push({
|
|
136
|
+
type: "dependency-confusion",
|
|
137
|
+
message,
|
|
138
|
+
metadata: {
|
|
139
|
+
name: this.name
|
|
140
|
+
}
|
|
141
|
+
});
|
|
142
|
+
}
|
|
79
143
|
}
|
|
80
144
|
//# sourceMappingURL=NpmRegistryProvider.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"NpmRegistryProvider.js","sourceRoot":"","sources":["../../src/registry/NpmRegistryProvider.ts"],"names":[],"mappings":"AAAA,kCAAkC;AAClC,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,KAAK,cAAc,MAAM,8BAA8B,CAAC;AAC/D,OAAO,EAAE,wBAAwB,EAAE,MAAM,kBAAkB,CAAC;
|
|
1
|
+
{"version":3,"file":"NpmRegistryProvider.js","sourceRoot":"","sources":["../../src/registry/NpmRegistryProvider.ts"],"names":[],"mappings":"AAAA,8BAA8B;AAC9B,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,kCAAkC;AAClC,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,KAAK,cAAc,MAAM,8BAA8B,CAAC;AAC/D,OAAO,EAAE,wBAAwB,EAAE,MAAM,kBAAkB,CAAC;AAE5D,OAAO,EAAE,iBAAiB,EAAE,MAAM,8BAA8B,CAAC;AACjE,OAAO,KAAK,IAAI,MAAM,kBAAkB,CAAC;AACzC,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAE/C,+BAA+B;AAC/B,OAAO,EAAE,kBAAkB,EAAqB,MAAM,yBAAyB,CAAC;AAChF,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAKvD,OAAO,EAAE,MAAM,EAAE,MAAM,0BAA0B,CAAC;AAClD,OAAO,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AAChD,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAExD,YAAY;AACZ,MAAM,mBAAmB,GAAG,GAAG,CAAC;AAEhC,MAAM,IAAI,CAAC,oBAAoB,CAC7B,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,MAAM,CAAC,CAC5D,CAAC;AAkBF,MAAM,OAAO,mBAAmB;IAC9B,KAAK,CAA2B;IAChC,aAAa,CAAe;IAC5B,SAAS,CAAS;IAElB,IAAI,CAAS;IACb,OAAO,CAAS;IAEhB,YACE,IAAY,EACZ,OAAe,EACf,UAAsC,EAAE;QAExC,MAAM,EACJ,YAAY,GAAG,SAAS,EACxB,YAAY,GAAG,cAAc,EAC7B,QAAQ,GAAG,cAAc,CAAC,mBAAmB,EAAE,EAChD,GAAG,OAAO,CAAC;QAEZ,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QAEvB,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC;QAC1B,IAAI,CAAC,aAAa,GAAG,YAAY,CAAC;QAClC,IAAI,CAAC,SAAS,GAAG,QAAQ,CAAC;IAC5B,CAAC;IAED,KAAK,CAAC,yBAAyB;QAC7B,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,gBAAgB,CAChE,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,OAAO,EACZ;YACE,QAAQ,EAAE,IAAI,CAAC,SAAS;SACzB,CACF,CAAC;QAEF,MAAM,EAAE,SAAS,EAAE,GAAG,wBAAwB,CAAC,gBAAgB,EAAE;YAC/D,oBAAoB,EAAE,IAAI;SAC3B,CAAC,CAAC;QAEH,OAAO;YACL,KAAK,EAAE,QAAQ,CAAC,gBAAgB,CAAC;YACjC,SAAS;YACT,UAAU,EAAE,gBAAgB,CAAC,UAAU;YACvC,UAAU,EAAE,gBAAgB,CAAC,IAAI,CAAC,UAAU;YAC5C,YAAY,EAAE,gBAAgB,CAAC,IAAI,CAAC,YAAY;SACjD,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,kBAAkB;QACtB,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE;YAC9D,QAAQ,EAAE,IAAI,CAAC,SAAS;SACzB,CAAC,CAAC;QACH,MAAM,gBAAgB,GAAG,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAE1D,MAAM,QAAQ,GAAG,IAAI,kBAAkB,CACrC,SAAS,EACT,EAAE,YAAY,EAAE,IAAI,CAAC,KAAK,EAAE,CAC7B,CAAC,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAE5B,MAAM,KAAK,GAAG;YACZ,UAAU,EAAE,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,WAAW,CAAC;YAC1D,YAAY,EAAE,gBAAgB,CAAC,UAAU;SAC1C,CAAC;QAEF,OAAO;YACL,QAAQ;YACR,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACrD,OAAO,EAAE;gBACP,KAAK,EAAE,QAAQ,CAAC,gBAAgB,CAAC;gBACjC,UAAU,EAAE,gBAAgB,CAAC,UAAU;aACxC;SACF,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,gBAAgB,CACpB,MAAc,EACd,UAAsB;QAEtB,IAAI,CAAC;YACH,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAErE,MAAM,eAAe,CAAC,QAAQ,CAAC,CAAC;YAEhC,MAAM,iBAAiB,GAAG,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAE5D,UAAU,CAAC,QAAQ,GAAG,QAAQ,CAAC;YAC/B,iBAAiB,CAAC,KAAK,GAAG,CAAC,GAAG,iBAAiB,CAAC,KAAK,EAAE,GAAG,KAAK,CAAC,CAAC;YACjE,MAAM,CAAC,MAAM,CAAC,iBAAiB,EAAE,OAAO,CAAC,CAAC;QAC5C,CAAC;QACD,MAAM,CAAC;YACL,UAAU;QACZ,CAAC;gBACO,CAAC;YACP,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC;IAED,KAAK,CAAC,uBAAuB,CAC3B,UAAsB,EACtB,QAAsC,EACtC,GAA8B;QAE9B,IAAI,CAAC;YACH,MAAM,EACJ,SAAS,EAAE,UAAU,EAAE,KAAK,EAC5B,UAAU,EAAE,YAAY,EACzB,GAAG,MAAM,IAAI,CAAC,yBAAyB,EAAE,CAAC;YAE3C,MAAM,CAAC,MAAM,CACX,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,EACjC;gBACE,KAAK;gBACL,UAAU;gBACV,YAAY;aACb,CACF,CAAC;YACF,UAAU,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,SAAS,CAAC;YACxD,IAAI,IAAI,CAAC,SAAS,KAAK,iBAAiB,EAAE,EAAE,CAAC;gBAC3C,OAAO;YACT,CAAC;YACD,IAAI,CAAC;gBACH,MAAM,kCAAkC,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,OAAO,EAAE;oBAC5G,QAAQ,EAAE,iBAAiB,EAAE;iBAC9B,CAAC,CAAC;gBACH,IAAI,CAAC,IAAI,CAAC,kBAAkB,CAAC,UAAU,EAAE,kCAAkC,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;oBAC7F,IAAI,CAAC,8BAA8B,CAAC,QAAQ,EAAE,MAAM,IAAI,CAAC,QAAQ,CAAC,8BAA8B,CAAC,CAAC,CAAC;gBACrG,CAAC;YACH,CAAC;YACD,OAAO,GAAG,EAAE,CAAC;gBACX,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC;gBAC9B,IAAI,WAAW,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,UAAU,KAAK,mBAAmB,IAAI,CAAC,QAAQ,EAAE,CAAC;oBAC5E,IAAI,CAAC,8BAA8B,CAAC,QAAQ,EAAE,MAAM,IAAI,CAAC,QAAQ,CAAC,sCAAsC,CAAC,CAAC,CAAC;gBAC7G,CAAC;YACH,CAAC;QACH,CAAC;QACD,MAAM,CAAC;YACL,SAAS;QACX,CAAC;IACH,CAAC;IAED,kBAAkB,CAAC,UAAmC,EAAE,4BAAqD;QAC3G,IAAI,CAAC,UAAU,IAAI,CAAC,4BAA4B,EAAE,CAAC;YACjD,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,0BAA0B,GAAG,4BAA4B,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;QAC/G,MAAM,2BAA2B,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;QAE9F,OAAO,2BAA2B,CAAC,MAAM,KAAK,4BAA4B,CAAC,MAAM;YAC/E,2BAA2B,EAAE,KAAK,CAAC,CAAC,SAAS,EAAE,KAAK,EAAE,EAAE,CAAC,SAAS,CAAC,KAAK,KAAK,0BAA0B,CAAC,KAAK,CAAC,CAAC,KAAK;mBAC/G,SAAS,CAAC,GAAG,KAAK,0BAA0B,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC;IAClE,CAAC;IAED,KAAK,CAAC,uCAAuC,CAAC,QAAsC,EAAE,GAAW;QAC/F,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1C,CAAC;QACD,OAAO,GAAG,EAAE,CAAC;YACX,IAAI,WAAW,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,UAAU,KAAK,mBAAmB,EAAE,CAAC;gBAC/D,MAAM,IAAI,CAAC,8BAA8B,CAAC,QAAQ,EAAE,MAAM,IAAI,CAAC,QAAQ,CAAC,0CAA0C,EAAE,GAAG,CAAC,CAAC,CAAC;YAC5H,CAAC;QACH,CAAC;IACH,CAAC;IAED,KAAK,CAAC,8BAA8B,CAAC,QAAsC,EAAE,OAAe;QAC1F,QAAQ,CAAC,IAAI,CAAC;YACZ,IAAI,EAAE,sBAAsB;YAC5B,OAAO;YACP,QAAQ,EAAE;gBACR,IAAI,EAAE,IAAI,CAAC,IAAI;aAChB;SACF,CAAC,CAAC;IACL,CAAC;CACF"}
|
package/dist/types.d.ts
CHANGED
|
@@ -3,7 +3,7 @@ import * as Vulnera from "@nodesecure/vulnera";
|
|
|
3
3
|
import type { PackageModuleType } from "@nodesecure/mama";
|
|
4
4
|
import type { SpdxFileLicenseConformance } from "@nodesecure/conformance";
|
|
5
5
|
import type { IlluminatedContact } from "@nodesecure/contact";
|
|
6
|
-
import type { Contact } from "@nodesecure/npm-types";
|
|
6
|
+
import type { Contact, Dist } from "@nodesecure/npm-types";
|
|
7
7
|
export type Maintainer = Contact & {
|
|
8
8
|
/**
|
|
9
9
|
* Path to publisher's avatar on "https://www.npmjs.com"
|
|
@@ -106,6 +106,7 @@ export interface DependencyVersion {
|
|
|
106
106
|
integrity?: string;
|
|
107
107
|
links?: DependencyLinks;
|
|
108
108
|
deprecated?: string;
|
|
109
|
+
attestations?: Dist["attestations"];
|
|
109
110
|
}
|
|
110
111
|
export interface Dependency {
|
|
111
112
|
/** NPM Registry metadata */
|
|
@@ -146,6 +147,13 @@ export interface Dependency {
|
|
|
146
147
|
vulnerabilities: Vulnera.StandardVulnerability[];
|
|
147
148
|
}
|
|
148
149
|
export type Dependencies = Record<string, Dependency>;
|
|
150
|
+
export type DependencyConfusionWarning = {
|
|
151
|
+
type: "dependency-confusion";
|
|
152
|
+
message: string;
|
|
153
|
+
metadata: {
|
|
154
|
+
name: string;
|
|
155
|
+
};
|
|
156
|
+
};
|
|
149
157
|
export type GlobalWarning = {
|
|
150
158
|
message: string;
|
|
151
159
|
} & ({
|
|
@@ -157,7 +165,7 @@ export type GlobalWarning = {
|
|
|
157
165
|
name: string;
|
|
158
166
|
similar: string[];
|
|
159
167
|
};
|
|
160
|
-
});
|
|
168
|
+
} | DependencyConfusionWarning);
|
|
161
169
|
export interface Payload {
|
|
162
170
|
/** Payload unique id */
|
|
163
171
|
id: string;
|
package/dist/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,KAAK,OAAO,MAAM,qBAAqB,CAAC;AAC/C,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAE1D,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,yBAAyB,CAAC;AAC1E,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AAC9D,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAC;
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,KAAK,OAAO,MAAM,qBAAqB,CAAC;AAC/C,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAE1D,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,yBAAyB,CAAC;AAC1E,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AAC9D,OAAO,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,uBAAuB,CAAC;AAE3D,MAAM,MAAM,UAAU,GAAG,OAAO,GAAG;IACjC;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,MAAM,MAAM,SAAS,GAAG,IAAI,CAAC,UAAU,EAAE,KAAK,CAAC,GAAG;IAChD;;OAEG;IACH,OAAO,EAAE,MAAM,CAAC;IAChB;;;OAGG;IACH,EAAE,EAAE,MAAM,CAAC;CACZ,CAAC;AAEF,MAAM,WAAW,eAAe;IAC9B,wBAAwB;IACxB,GAAG,EAAE,MAAM,CAAC;IACZ,mBAAmB;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,yBAAyB;IACzB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,OAAO;IACtB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,MAAM,CAAC;CACb;AAED,MAAM,WAAW,iBAAiB;IAChC,qDAAqD;IACrD,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,iBAAiB,CAAC;IACxB,eAAe,EAAE,OAAO,CAAC;IACzB;;;OAGG;IACH,qBAAqB,EAAE,OAAO,CAAC;IAC/B,uCAAuC;IACvC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC/B,uDAAuD;IACvD,IAAI,EAAE,MAAM,CAAC;IACb,4BAA4B;IAC5B,eAAe,EAAE,MAAM,CAAC;IACxB,0BAA0B;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,iFAAiF;IACjF,MAAM,EAAE,UAAU,GAAG,IAAI,CAAC;IAC1B,OAAO,EAAE,OAAO,CAAC;IACjB,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC;;;;OAIG;IACH,QAAQ,EAAE,OAAO,EAAE,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC9B,mDAAmD;IACnD,WAAW,EAAE;QACX,8CAA8C;QAC9C,UAAU,EAAE,MAAM,EAAE,CAAC;QACrB,KAAK,EAAE,MAAM,EAAE,CAAC;QAChB,wCAAwC;QACxC,QAAQ,EAAE,MAAM,EAAE,CAAC;QACnB,cAAc,EAAE,MAAM,EAAE,CAAC;QACzB,mBAAmB,EAAE,MAAM,EAAE,CAAC;QAC9B,eAAe,EAAE,MAAM,EAAE,CAAC;QAC1B,gBAAgB,EAAE,MAAM,EAAE,CAAC;QAC3B,MAAM,EAAE,MAAM,EAAE,CAAC;QACjB,OAAO,EAAE,MAAM,EAAE,CAAC;KACnB,CAAC;IACF;;OAEG;IACH,QAAQ,EAAE,0BAA0B,EAAE,CAAC;IACvC,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B;;;;OAIG;IACH,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB;;OAEG;IACH,MAAM,EAAE,IAAI,GAAG,MAAM,CAAC;IACtB;;;;;OAKG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,eAAe,CAAC;IACxB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,IAAI,CAAC,cAAc,CAAC,CAAC;CACrC;AAED,MAAM,WAAW,UAAU;IACzB,4BAA4B;IAC5B,QAAQ,EAAE;QACR,0CAA0C;QAC1C,cAAc,EAAE,MAAM,CAAC;QACvB,YAAY,EAAE,IAAI,CAAC;QACnB,0BAA0B;QAC1B,WAAW,EAAE,MAAM,CAAC;QACpB,gBAAgB,EAAE,OAAO,CAAC;QAC1B,iBAAiB,EAAE,OAAO,CAAC;QAC3B,0BAA0B,EAAE,OAAO,CAAC;QACpC,iFAAiF;QACjF,MAAM,EAAE,UAAU,GAAG,IAAI,CAAC;QAC1B,wBAAwB;QACxB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;QACxB;;WAEG;QACH,WAAW,EAAE,UAAU,EAAE,CAAC;QAC1B;;WAEG;QACH,UAAU,EAAE,SAAS,EAAE,CAAC;QACxB;;;WAGG;QACH,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;KACnC,CAAC;IACF,yFAAyF;IACzF,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,iBAAiB,CAAC,CAAC;IAC5C;;;;OAIG;IACH,eAAe,EAAE,OAAO,CAAC,qBAAqB,EAAE,CAAC;CAClD;AAED,MAAM,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;AAEtD,MAAM,MAAM,0BAA0B,GAAG;IACvC,IAAI,EAAE,sBAAsB,CAAC;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE;QACR,IAAI,EAAE,MAAM,CAAC;KACd,CAAC;CACH,CAAC;AAEF,MAAM,MAAM,aAAa,GAAG;IAAE,OAAO,EAAE,MAAM,CAAC;CAAE,GAAG,CACjD;IACE,IAAI,EACA,sBAAsB,GACtB,oBAAoB,GACpB,eAAe,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC,GACD;IACE,IAAI,EAAE,gBAAgB,CAAC;IACvB,QAAQ,EAAE;QACR,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,EAAE,MAAM,EAAE,CAAC;KACnB,CAAC;CACH,GAED,0BAA0B,CAAC,CAAC;AAE9B,MAAM,WAAW,OAAO;IACtB,wBAAwB;IACxB,EAAE,EAAE,MAAM,CAAC;IACX,mCAAmC;IACnC,kBAAkB,EAAE,MAAM,CAAC;IAC3B,2BAA2B;IAC3B,QAAQ,EAAE,aAAa,EAAE,CAAC;IAC1B,WAAW,EAAE;QACX,QAAQ,EAAE,kBAAkB,EAAE,CAAC;KAChC,CAAC;IACF,sDAAsD;IACtD,YAAY,EAAE,YAAY,CAAC;IAC3B,yDAAyD;IACzD,cAAc,EAAE,MAAM,CAAC;IACvB,oDAAoD;IACpD,qBAAqB,EAAE,OAAO,CAAC,IAAI,CAAC;CACrC;AAED,MAAM,WAAW,OAAO;IACtB;;;;OAIG;IACH,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAE3B,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,GAAG,GAAG,CAAC;IAEjC;;;;;;;OAOG;IACH,WAAW,CAAC,EAAE;QACZ;;;;;WAKG;QACH,aAAa,CAAC,EAAE,OAAO,CAAC;QAExB;;;WAGG;QACH,QAAQ,EAAE,MAAM,CAAC;KAClB,CAAC;IAEF,SAAS,CAAC,EAAE;QACV,QAAQ,EAAE,OAAO,EAAE,CAAC;KACrB,CAAC;IAEF;;;;OAIG;IACH,QAAQ,CAAC,cAAc,CAAC,EAAE,OAAO,CAAC;IAElC;;;;OAIG;IACH,QAAQ,CAAC,qBAAqB,CAAC,EAAE,OAAO,CAAC,IAAI,CAAC;IAE9C;;;;;OAKG;IACH,QAAQ,CAAC,YAAY,CAAC,EAAE,OAAO,CAAC;CACjC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@nodesecure/scanner",
|
|
3
|
-
"version": "7.
|
|
3
|
+
"version": "7.1.0",
|
|
4
4
|
"description": "A package API to run a static analysis of your module's dependencies.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"exports": "./dist/index.js",
|
|
@@ -49,25 +49,25 @@
|
|
|
49
49
|
"homepage": "https://github.com/NodeSecure/tree/master/workspaces/scanner#readme",
|
|
50
50
|
"dependencies": {
|
|
51
51
|
"@fastify/deepmerge": "^3.1.0",
|
|
52
|
-
"@nodesecure/conformance": "^1.
|
|
52
|
+
"@nodesecure/conformance": "^1.2.0",
|
|
53
53
|
"@nodesecure/contact": "^3.0.0",
|
|
54
54
|
"@nodesecure/flags": "^3.0.3",
|
|
55
55
|
"@nodesecure/i18n": "^4.0.2",
|
|
56
56
|
"@nodesecure/js-x-ray": "^10.0.0",
|
|
57
57
|
"@nodesecure/mama": "^2.0.2",
|
|
58
|
-
"@nodesecure/npm-registry-sdk": "^4.
|
|
58
|
+
"@nodesecure/npm-registry-sdk": "^4.4.0",
|
|
59
59
|
"@nodesecure/npm-types": "^1.3.0",
|
|
60
60
|
"@nodesecure/rc": "^5.0.1",
|
|
61
|
-
"@nodesecure/tarball": "^2.
|
|
61
|
+
"@nodesecure/tarball": "^2.2.0",
|
|
62
62
|
"@nodesecure/tree-walker": "^1.3.1",
|
|
63
63
|
"@nodesecure/utils": "^2.3.0",
|
|
64
64
|
"@nodesecure/vulnera": "^2.0.1",
|
|
65
65
|
"@openally/mutex": "^2.0.0",
|
|
66
66
|
"fastest-levenshtein": "^1.0.16",
|
|
67
|
-
"frequency-set": "^1.0
|
|
67
|
+
"frequency-set": "^2.1.0",
|
|
68
68
|
"pacote": "^21.0.0",
|
|
69
69
|
"semver": "^7.5.4",
|
|
70
|
-
"type-fest": "^
|
|
70
|
+
"type-fest": "^5.0.1"
|
|
71
71
|
},
|
|
72
72
|
"devDependencies": {
|
|
73
73
|
"@types/node": "^24.0.2",
|