@nodesecure/scanner 7.1.0 → 8.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/comparePayloads.js +5 -5
- package/dist/comparePayloads.js.map +1 -1
- package/dist/depWalker.d.ts +2 -0
- package/dist/depWalker.d.ts.map +1 -1
- package/dist/depWalker.js +45 -11
- package/dist/depWalker.js.map +1 -1
- package/dist/extractors/payload.d.ts +6 -2
- package/dist/extractors/payload.d.ts.map +1 -1
- package/dist/extractors/payload.js +15 -3
- package/dist/extractors/payload.js.map +1 -1
- package/dist/i18n/english.js +1 -1
- package/dist/i18n/english.js.map +1 -1
- package/dist/i18n/french.js +1 -1
- package/dist/i18n/french.js.map +1 -1
- package/dist/index.d.ts +11 -2
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +4 -1
- package/dist/index.js.map +1 -1
- package/dist/registry/NpmRegistryProvider.d.ts +3 -1
- package/dist/registry/NpmRegistryProvider.d.ts.map +1 -1
- package/dist/registry/NpmRegistryProvider.js +9 -4
- package/dist/registry/NpmRegistryProvider.js.map +1 -1
- package/dist/registry/RegistryTokenStore.d.ts +9 -0
- package/dist/registry/RegistryTokenStore.d.ts.map +1 -0
- package/dist/registry/RegistryTokenStore.js +26 -0
- package/dist/registry/RegistryTokenStore.js.map +1 -0
- package/dist/types.d.ts +23 -3
- package/dist/types.d.ts.map +1 -1
- package/dist/utils/warnings.d.ts +1 -1
- package/dist/utils/warnings.d.ts.map +1 -1
- package/dist/utils/warnings.js +22 -12
- package/dist/utils/warnings.js.map +1 -1
- package/package.json +6 -3
- package/dist/data/top-packages.json +0 -50000
package/dist/comparePayloads.js
CHANGED
|
@@ -3,13 +3,13 @@ export function comparePayloads(payload, comparedPayload) {
|
|
|
3
3
|
if (payload.id === comparedPayload.id) {
|
|
4
4
|
throw new Error(`You try to compare two payloads with the same id '${payload.id}'`);
|
|
5
5
|
}
|
|
6
|
-
if (payload.
|
|
7
|
-
throw new Error(`You can't compare different package payloads '${payload.
|
|
6
|
+
if (payload.rootDependency.name !== comparedPayload.rootDependency.name) {
|
|
7
|
+
throw new Error(`You can't compare different package payloads '${payload.rootDependency.name}' and '${comparedPayload.rootDependency.name}'`);
|
|
8
8
|
}
|
|
9
|
-
const givenVersion =
|
|
10
|
-
const comparedVersion =
|
|
9
|
+
const givenVersion = payload.rootDependency.version;
|
|
10
|
+
const comparedVersion = comparedPayload.rootDependency.version;
|
|
11
11
|
return {
|
|
12
|
-
title: `'${payload.
|
|
12
|
+
title: `'${payload.rootDependency.name}@${givenVersion}' -> '${comparedPayload.rootDependency.name}@${comparedVersion}'`,
|
|
13
13
|
warnings: arrayDiff(payload.warnings, comparedPayload.warnings),
|
|
14
14
|
scannerVersion: compareValues(payload.scannerVersion, comparedPayload.scannerVersion),
|
|
15
15
|
vulnerabilityStrategy: compareValues(payload.vulnerabilityStrategy, comparedPayload.vulnerabilityStrategy),
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"comparePayloads.js","sourceRoot":"","sources":["../src/comparePayloads.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,OAAO,MAAM,qBAAqB,CAAC;AAoF/C,MAAM,UAAU,eAAe,CAC7B,OAAgB,EAChB,eAAwB;IAExB,IAAI,OAAO,CAAC,EAAE,KAAK,eAAe,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,KAAK,CACb,qDAAqD,OAAO,CAAC,EAAE,GAAG,CACnE,CAAC;IACJ,CAAC;IAED,IAAI,OAAO,CAAC,
|
|
1
|
+
{"version":3,"file":"comparePayloads.js","sourceRoot":"","sources":["../src/comparePayloads.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,OAAO,MAAM,qBAAqB,CAAC;AAoF/C,MAAM,UAAU,eAAe,CAC7B,OAAgB,EAChB,eAAwB;IAExB,IAAI,OAAO,CAAC,EAAE,KAAK,eAAe,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,KAAK,CACb,qDAAqD,OAAO,CAAC,EAAE,GAAG,CACnE,CAAC;IACJ,CAAC;IAED,IAAI,OAAO,CAAC,cAAc,CAAC,IAAI,KAAK,eAAe,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC;QACxE,MAAM,IAAI,KAAK,CACb,iDAAiD,OAAO,CAAC,cAAc,CAAC,IAAI,UAAU,eAAe,CAAC,cAAc,CAAC,IAAI,GAAG,CAC7H,CAAC;IACJ,CAAC;IAED,MAAM,YAAY,GAAG,OAAO,CAAC,cAAc,CAAC,OAAO,CAAC;IACpD,MAAM,eAAe,GAAG,eAAe,CAAC,cAAc,CAAC,OAAO,CAAC;IAE/D,OAAO;QACL,KAAK,EAAE,IAAI,OAAO,CAAC,cAAc,CAAC,IAAI,IAAI,YAAY,SAAS,eAAe,CAAC,cAAc,CAAC,IAAI,IAAI,eAAe,GAAG;QACxH,QAAQ,EAAE,SAAS,CACjB,OAAO,CAAC,QAAQ,EAChB,eAAe,CAAC,QAAQ,CACzB;QACD,cAAc,EAAE,aAAa,CAC3B,OAAO,CAAC,cAAc,EACtB,eAAe,CAAC,cAAc,CAC/B;QACD,qBAAqB,EAAE,aAAa,CAClC,OAAO,CAAC,qBAAqB,EAC7B,eAAe,CAAC,qBAAqB,CACtC;QACD,YAAY,EAAE,mBAAmB,CAC/B,OAAO,CAAC,YAAY,EACpB,eAAe,CAAC,YAAY,CAC7B;KACF,CAAC;AACJ,CAAC;AAED,SAAS,mBAAmB,CAC1B,QAAsB,EACtB,SAAuB;IAEvB,MAAM,EACJ,UAAU,EACV,GAAG,YAAY,EAChB,GAAG,gBAAgB,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;IAE1C,MAAM,oBAAoB,GAAG,IAAI,GAAG,EAAE,CAAC;IACvC,KAAK,MAAM,CAAC,IAAI,EAAE,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC,IAAI,UAAU,EAAE,CAAC;QACpD,MAAM,IAAI,GAAG;YACX,UAAU,EAAE,uBAAuB,CAAC,MAAM,EAAE,GAAG,CAAC,QAAQ,CAAC,UAAU,EAAE,WAAW,CAAC,QAAQ,CAAC,UAAU,CAAC;YACrG,WAAW,EAAE,uBAAuB,CAAC,MAAM,EAAE,GAAG,CAAC,QAAQ,CAAC,WAAW,EAAE,WAAW,CAAC,QAAQ,CAAC,WAAW,CAAC;YACxG,QAAQ,EAAE,eAAe,CAAC,GAAG,CAAC,QAAQ,EAAE,WAAW,CAAC,QAAQ,CAAC;YAC7D,eAAe,EAAE,uBAAuB,CAAC,IAAI,EAAE,GAAG,CAAC,eAAe,EAAE,WAAW,CAAC,eAAe,CAAC;SACjG,CAAC;QAEF,oBAAoB,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IACvC,CAAC;IAED,OAAO,EAAE,QAAQ,EAAE,oBAAoB,EAAE,GAAG,YAAY,EAAE,CAAC;AAC7D,CAAC;AAED,SAAS,eAAe,CACtB,QAA2C,EAC3C,SAA4C;IAE5C,MAAM,EAAE,UAAU,EAAE,GAAG,QAAQ,EAAE,GAAG,gBAAgB,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;IAE1E,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAAuC,CAAC;IACxE,KAAK,MAAM,CAAC,IAAI,EAAE,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC,IAAI,UAAU,EAAE,CAAC;QAC5D,MAAM,IAAI,GAAgC;YACxC,EAAE,EAAE,aAAa,CAAC,OAAO,CAAC,EAAE,EAAE,eAAe,CAAC,EAAE,CAAC;YACjD,IAAI,EAAE,aAAa,CAAC,OAAO,CAAC,IAAI,EAAE,eAAe,CAAC,IAAI,CAAC;YACvD,MAAM,EAAE,oBAAoB,CAAC,OAAO,CAAC,MAAM,EAAE,eAAe,CAAC,MAAM,CAAC;YACpE,eAAe,EAAE,aAAa,CAAC,OAAO,CAAC,eAAe,EAAE,eAAe,CAAC,eAAe,CAAC;YACxF,qBAAqB,EAAE,aAAa,CAAC,OAAO,CAAC,qBAAqB,EAAE,eAAe,CAAC,qBAAqB,CAAC;YAC1G,WAAW,EAAE,aAAa,CAAC,OAAO,CAAC,WAAW,EAAE,eAAe,CAAC,WAAW,CAAC;YAC5E,MAAM,EAAE,OAAO,CAAC,MAAM,IAAI,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;YAC1H,aAAa;YACb,OAAO,EAAE,oBAAoB,CAAC,OAAO,CAAC,OAAO,EAAE,eAAe,CAAC,OAAO,CAAC;YACvE,wGAAwG;YACxG,UAAU,EAAE,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,UAAU,EAAE,eAAe,CAAC,UAAU,CAAC;mBAC7E,cAAc,CAAC,KAAK,EAAE,OAAO,CAAC,UAAU,EAAE,eAAe,CAAC,UAAU,CAAC;YAC1E,OAAO,EAAE,oBAAoB,CAAC,OAAO,CAAC,OAAO,EAAE,eAAe,CAAC,OAAO,CAAC;YACvE,QAAQ,EAAE,SAAS,CAAC,OAAO,CAAC,QAAQ,EAAE,eAAe,CAAC,QAAQ,CAAC;YAC/D,WAAW,EAAE,kBAAkB,CAAC,OAAO,CAAC,WAAW,EAAE,eAAe,CAAC,WAAW,CAAC;YACjF,gBAAgB,EAAE,SAAS,CAAC,OAAO,CAAC,gBAAgB,EAAE,eAAe,CAAC,gBAAgB,CAAC;YACvF,KAAK,EAAE,SAAS,CAAC,OAAO,CAAC,KAAK,EAAE,eAAe,CAAC,KAAK,CAAC;YACtD,KAAK,EAAE,aAAa,CAAC,OAAO,CAAC,KAAM,EAAE,eAAe,CAAC,KAAM,CAAC;SAC7D,CAAC;QAEF,gBAAgB,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IACnC,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,gBAAgB;QAC1B,GAAG,QAAQ;KACZ,CAAC;AACJ,CAAC;AAED,SAAS,kBAAkB,CACzB,QAA0C,EAC1C,SAA2C;IAE3C,OAAO;QACL,QAAQ,EAAE,SAAS,CAAC,QAAQ,CAAC,QAAQ,EAAE,SAAS,CAAC,QAAQ,CAAC;QAC1D,mBAAmB,EAAE,SAAS,CAAC,QAAQ,CAAC,mBAAmB,EAAE,SAAS,CAAC,mBAAmB,CAAC;QAC3F,eAAe,EAAE,SAAS,CAAC,QAAQ,CAAC,eAAe,EAAE,SAAS,CAAC,eAAe,CAAC;QAC/E,MAAM,EAAE,SAAS,CAAC,QAAQ,CAAC,MAAM,EAAE,SAAS,CAAC,MAAM,CAAC;QACpD,OAAO,EAAE,SAAS,CAAC,QAAQ,CAAC,OAAO,EAAE,SAAS,CAAC,OAAO,CAAC;KACxD,CAAC;AACJ,CAAC;AAED,SAAS,oBAAoB,CAC3B,QAAsB,EACtB,SAAuB;IAEvB,MAAM,EAAE,UAAU,EAAE,GAAG,IAAI,EAAE,GAAG,gBAAgB,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;IAEtE,MAAM,QAAQ,GAAG,IAAI,GAAG,EAA8B,CAAC;IACvD,KAAK,MAAM,CAAC,IAAI,EAAE,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC,IAAI,UAAU,EAAE,CAAC;QAC1D,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,aAAa,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC,CAAC;IAC5D,CAAC;IAED,OAAO;QACL,QAAQ;QACR,GAAG,IAAI;KACR,CAAC;AACJ,CAAC;AAED,SAAS,cAAc,CACrB,GAAY,EACZ,WAAc,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,EACjC,YAAe,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC;IAElC,IAAI,QAAQ,CAAC,GAAG,CAAC,KAAK,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC;QACrC,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,OAAO;QACL,IAAI,EAAE,QAAQ;QACd,GAAG,EAAE,SAAS;KACf,CAAC;AACJ,CAAC;AAED,SAAS,aAAa,CACpB,QAAW,EACX,SAAY;IAEZ,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACjC,IAAI,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,KAAK,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,EAAE,CAAC;YAC3D,OAAO,SAAS,CAAC;QACnB,CAAC;IACH,CAAC;SACI,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;QAChC,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,OAAO;QACL,IAAI,EAAE,QAAQ;QACd,GAAG,EAAE,SAAS;KACf,CAAC;AACJ,CAAC;AAED,SAAS,gBAAgB,CACvB,WAA8B,EAAE,EAChC,YAA+B,EAAE;IAEjC,MAAM,KAAK,GAAG,IAAI,GAAG,EAAa,CAAC;IACnC,MAAM,OAAO,GAAG,IAAI,GAAG,EAAa,CAAC;IACrC,MAAM,UAAU,GAAG,IAAI,GAAG,EAAkB,CAAC;IAE7C,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;QACpC,IAAI,GAAG,IAAI,SAAS,EAAE,CAAC;YACrB,UAAU,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QACvD,CAAC;aACI,CAAC;YACJ,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;QAClC,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;QACrC,IAAI,CAAC,CAAC,GAAG,IAAI,QAAQ,CAAC,EAAE,CAAC;YACvB,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;QACjC,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,UAAU,EAAE,CAAC;AACxC,CAAC;AAED,SAAS,SAAS,CAChB,WAAgB,EAAE,EAClB,YAAiB,EAAE;IAEnB,MAAM,KAAK,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACtC,IAAI,OAAO,CAAC,KAAK,QAAQ,EAAE,CAAC;YAC1B,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC;QAC3B,CAAC;QAED,OAAO,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IAC3D,CAAC,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACvC,IAAI,OAAO,CAAC,KAAK,QAAQ,EAAE,CAAC;YAC1B,OAAO,CAAC,KAAK,SAAS,CAAC,CAAC,CAAC,CAAC;QAC5B,CAAC;QAED,OAAO,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;IAC5D,CAAC,CAAC,CAAC;IAEH,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;AAC5B,CAAC;AAED,MAAM,UAAU,uBAAuB,CACrC,GAAW,EACX,WAAgB,EAAE,EAClB,YAAiB,EAAE;IAEnB,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC;IACzE,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC;IAEvE,MAAM,KAAK,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IACtE,MAAM,OAAO,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IAExE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;AAC5B,CAAC"}
|
package/dist/depWalker.d.ts
CHANGED
|
@@ -1,9 +1,11 @@
|
|
|
1
1
|
import type { ManifestVersion, PackageJSON, WorkspacesPackageJSON } from "@nodesecure/npm-types";
|
|
2
|
+
import type Config from "@npmcli/config";
|
|
2
3
|
import { Logger } from "./class/logger.class.js";
|
|
3
4
|
import type { Options, Payload } from "./types.js";
|
|
4
5
|
type WalkerOptions = Omit<Options, "registry"> & {
|
|
5
6
|
registry: string;
|
|
6
7
|
location?: string;
|
|
8
|
+
npmRcConfig?: Config;
|
|
7
9
|
};
|
|
8
10
|
export declare function depWalker(manifest: PackageJSON | WorkspacesPackageJSON | ManifestVersion, options: WalkerOptions, logger?: Logger): Promise<Payload>;
|
|
9
11
|
export {};
|
package/dist/depWalker.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"depWalker.d.ts","sourceRoot":"","sources":["../src/depWalker.ts"],"names":[],"mappings":"AAcA,OAAO,KAAK,EAAE,eAAe,EAAE,WAAW,EAAE,qBAAqB,EAAE,MAAM,uBAAuB,CAAC;
|
|
1
|
+
{"version":3,"file":"depWalker.d.ts","sourceRoot":"","sources":["../src/depWalker.ts"],"names":[],"mappings":"AAcA,OAAO,KAAK,EAAE,eAAe,EAAE,WAAW,EAAE,qBAAqB,EAAE,MAAM,uBAAuB,CAAC;AAEjG,OAAO,KAAK,MAAM,MAAM,gBAAgB,CAAC;AAczC,OAAO,EAAE,MAAM,EAAuB,MAAM,yBAAyB,CAAC;AACtE,OAAO,KAAK,EAKV,OAAO,EACP,OAAO,EACR,MAAM,YAAY,CAAC;AA8CpB,KAAK,aAAa,GAAG,IAAI,CAAC,OAAO,EAAE,UAAU,CAAC,GAAG;IAC/C,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB,CAAC;AASF,wBAAsB,SAAS,CAC7B,QAAQ,EAAE,WAAW,GAAG,qBAAqB,GAAG,eAAe,EAC/D,OAAO,EAAE,aAAa,EACtB,MAAM,SAAe,GACpB,OAAO,CAAC,OAAO,CAAC,CAyPlB"}
|
package/dist/depWalker.js
CHANGED
|
@@ -61,9 +61,11 @@ import { npm } from "@nodesecure/tree-walker";
|
|
|
61
61
|
import { parseAuthor } from "@nodesecure/utils";
|
|
62
62
|
import { ManifestManager, parseNpmSpec } from "@nodesecure/mama";
|
|
63
63
|
import { getNpmRegistryURL } from "@nodesecure/npm-registry-sdk";
|
|
64
|
+
import { fromData } from "ssri";
|
|
64
65
|
// Import Internal Dependencies
|
|
65
|
-
import { getDependenciesWarnings, addMissingVersionFlags, getUsedDeps, getManifestLinks } from "./utils/index.js";
|
|
66
|
+
import { getDependenciesWarnings, addMissingVersionFlags, getUsedDeps, getManifestLinks, NPM_TOKEN } from "./utils/index.js";
|
|
66
67
|
import { NpmRegistryProvider } from "./registry/NpmRegistryProvider.js";
|
|
68
|
+
import { RegistryTokenStore } from "./registry/RegistryTokenStore.js";
|
|
67
69
|
import { TempDirectory } from "./class/TempDirectory.class.js";
|
|
68
70
|
import { Logger, ScannerLoggerEvents } from "./class/logger.class.js";
|
|
69
71
|
// CONSTANTS
|
|
@@ -100,19 +102,31 @@ const kDefaultDependencyMetadata = {
|
|
|
100
102
|
maintainers: [],
|
|
101
103
|
integrity: {}
|
|
102
104
|
};
|
|
105
|
+
const kRootDependencyId = 0;
|
|
103
106
|
const { version: packageVersion } = JSON.parse(readFileSync(new URL(path.join("..", "package.json"), import.meta.url), "utf-8"));
|
|
104
107
|
export async function depWalker(manifest, options, logger = new Logger()) {
|
|
105
108
|
const env_1 = { stack: [], error: void 0, hasError: false };
|
|
106
109
|
try {
|
|
107
|
-
const { scanRootNode = false, includeDevDeps = false, packageLock, maxDepth, location, vulnerabilityStrategy = Vulnera.strategies.NONE, registry } = options;
|
|
110
|
+
const { scanRootNode = false, includeDevDeps = false, packageLock, maxDepth, location, vulnerabilityStrategy = Vulnera.strategies.NONE, registry, npmRcConfig } = options;
|
|
111
|
+
const startedAt = Date.now();
|
|
112
|
+
const isRemoteScanning = typeof location === "undefined";
|
|
113
|
+
const tokenStore = new RegistryTokenStore(npmRcConfig, NPM_TOKEN.token);
|
|
108
114
|
const tempDir = __addDisposableResource(env_1, await TempDirectory.create(), true);
|
|
109
115
|
const dependencyConfusionWarnings = [];
|
|
110
116
|
const payload = {
|
|
111
117
|
id: tempDir.id,
|
|
112
|
-
|
|
118
|
+
rootDependency: {
|
|
119
|
+
name: manifest.name ?? "workspace",
|
|
120
|
+
version: manifest.version ?? "0.0.0",
|
|
121
|
+
integrity: null
|
|
122
|
+
},
|
|
113
123
|
scannerVersion: packageVersion,
|
|
114
124
|
vulnerabilityStrategy,
|
|
115
|
-
warnings: []
|
|
125
|
+
warnings: [],
|
|
126
|
+
metadata: {
|
|
127
|
+
startedAt,
|
|
128
|
+
executionTime: 0
|
|
129
|
+
}
|
|
116
130
|
};
|
|
117
131
|
const dependencies = new Map();
|
|
118
132
|
const npmTreeWalker = new npm.TreeWalker({
|
|
@@ -133,7 +147,7 @@ export async function depWalker(manifest, options, logger = new Logger()) {
|
|
|
133
147
|
packageLock
|
|
134
148
|
};
|
|
135
149
|
for await (const current of npmTreeWalker.walk(manifest, rootDepsOptions)) {
|
|
136
|
-
const { name, version, ...currentVersion } = current;
|
|
150
|
+
const { name, version, integrity, ...currentVersion } = current;
|
|
137
151
|
const dependency = {
|
|
138
152
|
versions: {
|
|
139
153
|
[version]: {
|
|
@@ -149,7 +163,8 @@ export async function depWalker(manifest, options, logger = new Logger()) {
|
|
|
149
163
|
if (dependencies.has(name)) {
|
|
150
164
|
const dep = dependencies.get(name);
|
|
151
165
|
operationsQueue.push(new NpmRegistryProvider(name, version, {
|
|
152
|
-
registry
|
|
166
|
+
registry,
|
|
167
|
+
tokenStore
|
|
153
168
|
}).enrichDependencyVersion(dep, dependencyConfusionWarnings, org));
|
|
154
169
|
if (version in dep.versions) {
|
|
155
170
|
// The dependency has already entered the analysis
|
|
@@ -163,6 +178,16 @@ export async function depWalker(manifest, options, logger = new Logger()) {
|
|
|
163
178
|
else {
|
|
164
179
|
dependencies.set(name, dependency);
|
|
165
180
|
}
|
|
181
|
+
const isRoot = current.id === kRootDependencyId;
|
|
182
|
+
if (isRoot && payload.rootDependency.integrity) {
|
|
183
|
+
payload.rootDependency.integrity = integrity;
|
|
184
|
+
}
|
|
185
|
+
else if (isRoot) {
|
|
186
|
+
const isWorkspace = options.location && "workspaces" in manifest;
|
|
187
|
+
payload.rootDependency.integrity = isWorkspace ?
|
|
188
|
+
null :
|
|
189
|
+
fromData(JSON.stringify(manifest), { algorithms: ["sha512"] }).toString();
|
|
190
|
+
}
|
|
166
191
|
// If the dependency is a DevDependencies we ignore it.
|
|
167
192
|
if (current.isDevDependency || !proceedDependencyScan) {
|
|
168
193
|
continue;
|
|
@@ -174,11 +199,15 @@ export async function depWalker(manifest, options, logger = new Logger()) {
|
|
|
174
199
|
}
|
|
175
200
|
else {
|
|
176
201
|
fetchedMetadataPackages.add(name);
|
|
177
|
-
const provider = new NpmRegistryProvider(name, version
|
|
202
|
+
const provider = new NpmRegistryProvider(name, version, {
|
|
203
|
+
registry,
|
|
204
|
+
tokenStore
|
|
205
|
+
});
|
|
178
206
|
operationsQueue.push(provider.enrichDependency(logger, dependency));
|
|
179
207
|
if (registry !== getNpmRegistryURL() && org) {
|
|
180
208
|
operationsQueue.push(new NpmRegistryProvider(name, version, {
|
|
181
|
-
registry
|
|
209
|
+
registry,
|
|
210
|
+
tokenStore
|
|
182
211
|
}).enrichScopedDependencyConfusionWarnings(dependencyConfusionWarnings, org));
|
|
183
212
|
}
|
|
184
213
|
}
|
|
@@ -198,7 +227,7 @@ export async function depWalker(manifest, options, logger = new Logger()) {
|
|
|
198
227
|
}
|
|
199
228
|
const { hydratePayloadDependencies, strategy } = Vulnera.setStrategy(vulnerabilityStrategy);
|
|
200
229
|
const isVulnHydratable = (strategy === "github-advisory" || strategy === "snyk")
|
|
201
|
-
&&
|
|
230
|
+
&& isRemoteScanning;
|
|
202
231
|
if (!isVulnHydratable) {
|
|
203
232
|
await hydratePayloadDependencies(dependencies, {
|
|
204
233
|
useStandardFormat: true,
|
|
@@ -256,12 +285,13 @@ export async function depWalker(manifest, options, logger = new Logger()) {
|
|
|
256
285
|
}
|
|
257
286
|
}
|
|
258
287
|
try {
|
|
259
|
-
const { warnings, illuminated } = await getDependenciesWarnings(dependencies, options.highlight?.contacts);
|
|
288
|
+
const { warnings, illuminated } = await getDependenciesWarnings(dependencies, options.highlight?.contacts, isRemoteScanning);
|
|
260
289
|
payload.warnings = globalWarnings.concat(dependencyConfusionWarnings).concat(warnings);
|
|
261
290
|
payload.highlighted = {
|
|
262
291
|
contacts: illuminated
|
|
263
292
|
};
|
|
264
293
|
payload.dependencies = Object.fromEntries(dependencies);
|
|
294
|
+
payload.metadata.executionTime = Date.now() - startedAt;
|
|
265
295
|
return payload;
|
|
266
296
|
}
|
|
267
297
|
finally {
|
|
@@ -291,7 +321,11 @@ async function scanDirOrArchiveEx(name, version, locker, tempDir, options) {
|
|
|
291
321
|
spec: `${name}@${version}`,
|
|
292
322
|
registry
|
|
293
323
|
}));
|
|
294
|
-
await scanDirOrArchive(mama, ref
|
|
324
|
+
await scanDirOrArchive(mama, ref, {
|
|
325
|
+
astAnalyserOptions: {
|
|
326
|
+
optionalWarnings: typeof location !== "undefined"
|
|
327
|
+
}
|
|
328
|
+
});
|
|
295
329
|
}
|
|
296
330
|
catch {
|
|
297
331
|
// ignore
|
package/dist/depWalker.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"depWalker.js","sourceRoot":"","sources":["../src/depWalker.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8BAA8B;AAC9B,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAEvC,kCAAkC;AAClC,OAAO,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AACtD,OAAO,EACL,iBAAiB,EACjB,gBAAgB,EACjB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,KAAK,OAAO,MAAM,qBAAqB,CAAC;AAC/C,OAAO,EAAE,GAAG,EAAE,MAAM,yBAAyB,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,eAAe,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAEjE,OAAO,EAAE,iBAAiB,EAAE,MAAM,8BAA8B,CAAC;AAEjE,+BAA+B;AAC/B,OAAO,EACL,uBAAuB,EACvB,sBAAsB,EACtB,WAAW,EACX,gBAAgB,
|
|
1
|
+
{"version":3,"file":"depWalker.js","sourceRoot":"","sources":["../src/depWalker.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8BAA8B;AAC9B,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAEvC,kCAAkC;AAClC,OAAO,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AACtD,OAAO,EACL,iBAAiB,EACjB,gBAAgB,EACjB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,KAAK,OAAO,MAAM,qBAAqB,CAAC;AAC/C,OAAO,EAAE,GAAG,EAAE,MAAM,yBAAyB,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,eAAe,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAEjE,OAAO,EAAE,iBAAiB,EAAE,MAAM,8BAA8B,CAAC;AAEjE,OAAO,EAAE,QAAQ,EAAE,MAAM,MAAM,CAAC;AAEhC,+BAA+B;AAC/B,OAAO,EACL,uBAAuB,EACvB,sBAAsB,EACtB,WAAW,EACX,gBAAgB,EAChB,SAAS,EACV,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,mBAAmB,EAAE,MAAM,mCAAmC,CAAC;AACxE,OAAO,EAAE,kBAAkB,EAAE,MAAM,kCAAkC,CAAC;AACtE,OAAO,EAAE,aAAa,EAAE,MAAM,gCAAgC,CAAC;AAC/D,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAUtE,YAAY;AACZ,MAAM,+BAA+B,GAAG;IACtC,WAAW,EAAE,EAAE;IACf,IAAI,EAAE,CAAC;IACP,MAAM,EAAE,IAAI;IACZ,OAAO,EAAE,EAAE;IACX,OAAO,EAAE,EAAE;IACX,QAAQ,EAAE,EAAE;IACZ,gBAAgB,EAAE,EAAE;IACpB,WAAW,EAAE;QACX,UAAU,EAAE,EAAE;QACd,KAAK,EAAE,EAAE;QACT,QAAQ,EAAE,EAAE;QACZ,MAAM,EAAE,EAAE;QACV,OAAO,EAAE,EAAE;QACX,cAAc,EAAE,EAAE;QAClB,eAAe,EAAE,EAAE;QACnB,mBAAmB,EAAE,EAAE;QACvB,gBAAgB,EAAE,EAAE;KACrB;CACF,CAAC;AACF,MAAM,0BAA0B,GAA2B;IACzD,cAAc,EAAE,CAAC;IACjB,YAAY,EAAE,IAAI,IAAI,EAAE;IACxB,WAAW,EAAE,KAAK;IAClB,gBAAgB,EAAE,KAAK;IACvB,iBAAiB,EAAE,KAAK;IACxB,0BAA0B,EAAE,IAAI;IAChC,QAAQ,EAAE,IAAI;IACd,MAAM,EAAE,IAAI;IACZ,UAAU,EAAE,EAAE;IACd,WAAW,EAAE,EAAE;IACf,SAAS,EAAE,EAAE;CACd,CAAC;AAEF,MAAM,iBAAiB,GAAG,CAAC,CAAC;AAE5B,MAAM,EAAE,OAAO,EAAE,cAAc,EAAE,GAAG,IAAI,CAAC,KAAK,CAC5C,YAAY,CACV,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,cAAc,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EACzD,OAAO,CACR,CACF,CAAC;AAeF,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,QAA+D,EAC/D,OAAsB,EACtB,MAAM,GAAG,IAAI,MAAM,EAAE;;;QAErB,MAAM,EACJ,YAAY,GAAG,KAAK,EACpB,cAAc,GAAG,KAAK,EACtB,WAAW,EACX,QAAQ,EACR,QAAQ,EACR,qBAAqB,GAAG,OAAO,CAAC,UAAU,CAAC,IAAI,EAC/C,QAAQ,EACR,WAAW,EACZ,GAAG,OAAO,CAAC;QAEZ,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC7B,MAAM,gBAAgB,GAAG,OAAO,QAAQ,KAAK,WAAW,CAAC;QACzD,MAAM,UAAU,GAAG,IAAI,kBAAkB,CAAC,WAAW,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC;QAExE,MAAY,OAAO,kCAAG,MAAM,aAAa,CAAC,MAAM,EAAE,OAAA,CAAC;QAEnD,MAAM,2BAA2B,GAAiC,EAAE,CAAC;QAErE,MAAM,OAAO,GAAmB;YAC9B,EAAE,EAAE,OAAO,CAAC,EAAE;YACd,cAAc,EAAE;gBACd,IAAI,EAAE,QAAQ,CAAC,IAAI,IAAI,WAAW;gBAClC,OAAO,EAAE,QAAQ,CAAC,OAAO,IAAI,OAAO;gBACpC,SAAS,EAAE,IAAI;aAChB;YACD,cAAc,EAAE,cAAc;YAC9B,qBAAqB;YACrB,QAAQ,EAAE,EAAE;YACZ,QAAQ,EAAE;gBACR,SAAS;gBACT,aAAa,EAAE,CAAC;aACjB;SACF,CAAC;QAEF,MAAM,YAAY,GAA4B,IAAI,GAAG,EAAE,CAAC;QACxD,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC;YACvC,QAAQ;SACT,CAAC,CAAC;QACH,CAAC;YACC,MAAM;iBACH,KAAK,CAAC,mBAAmB,CAAC,QAAQ,CAAC,IAAI,CAAC;iBACxC,KAAK,CAAC,mBAAmB,CAAC,QAAQ,CAAC,OAAO,CAAC;iBAC3C,KAAK,CAAC,mBAAmB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAChD,MAAM,uBAAuB,GAAG,IAAI,GAAG,EAAU,CAAC;YAClD,MAAM,eAAe,GAAoB,EAAE,CAAC;YAE5C,MAAM,MAAM,GAAG,IAAI,KAAK,CAAC,EAAE,WAAW,EAAE,CAAC,EAAE,CAAC,CAAC;YAC7C,MAAM,CAAC,EAAE,CACP,YAAY,EACZ,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,OAAO,CAAC,CACxD,CAAC;YAEF,MAAM,eAAe,GAAoB;gBACvC,QAAQ;gBACR,cAAc;gBACd,WAAW;aACZ,CAAC;YACF,IAAI,KAAK,EAAE,MAAM,OAAO,IAAI,aAAa,CAAC,IAAI,CAAC,QAAQ,EAAE,eAAe,CAAC,EAAE,CAAC;gBAC1E,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,cAAc,EAAE,GAAG,OAAO,CAAC;gBAChE,MAAM,UAAU,GAAe;oBAC7B,QAAQ,EAAE;wBACR,CAAC,OAAO,CAAC,EAAE;4BACT,GAAG,cAAc;4BACjB,GAAG,eAAe,CAAC,+BAA+B,CAAC;yBACpD;qBACF;oBACD,eAAe,EAAE,EAAE;oBACnB,QAAQ,EAAE,eAAe,CAAC,0BAA0B,CAAC;iBACtD,CAAC;gBAEF,IAAI,qBAAqB,GAAG,IAAI,CAAC;gBACjC,MAAM,GAAG,GAAG,YAAY,CAAC,IAAI,CAAC,EAAE,GAAG,CAAC;gBACpC,IAAI,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;oBAC3B,MAAM,GAAG,GAAG,YAAY,CAAC,GAAG,CAAC,IAAI,CAAE,CAAC;oBACpC,eAAe,CAAC,IAAI,CAClB,IAAI,mBAAmB,CAAC,IAAI,EAAE,OAAO,EAAE;wBACrC,QAAQ;wBACR,UAAU;qBACX,CAAC,CAAC,uBAAuB,CAAC,GAAG,EAAE,2BAA2B,EAAE,GAAG,CAAC,CAClE,CAAC;oBAEF,IAAI,OAAO,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;wBAC5B,kDAAkD;wBAClD,uEAAuE;wBACvE,qBAAqB,GAAG,KAAK,CAAC;oBAChC,CAAC;yBACI,CAAC;wBACJ,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;oBACvD,CAAC;gBACH,CAAC;qBACI,CAAC;oBACJ,YAAY,CAAC,GAAG,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;gBACrC,CAAC;gBAED,MAAM,MAAM,GAAG,OAAO,CAAC,EAAE,KAAK,iBAAiB,CAAC;gBAEhD,IAAI,MAAM,IAAI,OAAO,CAAC,cAAc,CAAC,SAAS,EAAE,CAAC;oBAC/C,OAAO,CAAC,cAAc,CAAC,SAAS,GAAG,SAAS,CAAC;gBAC/C,CAAC;qBACI,IAAI,MAAM,EAAE,CAAC;oBAChB,MAAM,WAAW,GAAG,OAAO,CAAC,QAAQ,IAAI,YAAY,IAAI,QAAQ,CAAC;oBACjE,OAAO,CAAC,cAAc,CAAC,SAAS,GAAG,WAAW,CAAC,CAAC;wBAC9C,IAAI,CAAC,CAAC;wBACN,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,EAAE,UAAU,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC;gBAC9E,CAAC;gBAED,uDAAuD;gBACvD,IAAI,OAAO,CAAC,eAAe,IAAI,CAAC,qBAAqB,EAAE,CAAC;oBACtD,SAAS;gBACX,CAAC;gBAED,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;gBAE/C,6EAA6E;gBAC7E,IAAI,uBAAuB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,qBAAqB,EAAE,CAAC;oBACxE,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;gBACrD,CAAC;qBACI,CAAC;oBACJ,uBAAuB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;oBAClC,MAAM,QAAQ,GAAG,IAAI,mBAAmB,CAAC,IAAI,EAAE,OAAO,EAAE;wBACtD,QAAQ;wBACR,UAAU;qBACX,CAAC,CAAC;oBAEH,eAAe,CAAC,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC,CAAC;oBACpE,IAAI,QAAQ,KAAK,iBAAiB,EAAE,IAAI,GAAG,EAAE,CAAC;wBAC5C,eAAe,CAAC,IAAI,CAClB,IAAI,mBAAmB,CAAC,IAAI,EAAE,OAAO,EAAE;4BACrC,QAAQ;4BACR,UAAU;yBACX,CAAC,CAAC,uCAAuC,CAAC,2BAA2B,EAAE,GAAG,CAAC,CAC7E,CAAC;oBACJ,CAAC;gBACH,CAAC;gBAED,MAAM,cAAc,GAAG;oBACrB,GAAG,EAAE,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAQ;oBACxC,QAAQ;oBACR,UAAU,EAAE,YAAY,IAAI,IAAI,KAAK,QAAQ,CAAC,IAAI;oBAClD,QAAQ;iBACT,CAAC;gBACF,eAAe,CAAC,IAAI,CAClB,kBAAkB,CAAC,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,cAAc,CAAC,CACnE,CAAC;YACJ,CAAC;YAED,MAAM,CAAC,GAAG,CAAC,mBAAmB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YAC9C,MAAM,OAAO,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC;YAE1C,MAAM;iBACH,GAAG,CAAC,mBAAmB,CAAC,QAAQ,CAAC,OAAO,CAAC;iBACzC,GAAG,CAAC,mBAAmB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAChD,CAAC;QAED,MAAM,EAAE,0BAA0B,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC,WAAW,CAClE,qBAAqB,CACtB,CAAC;QAEF,MAAM,gBAAgB,GAAG,CAAC,QAAQ,KAAK,iBAAiB,IAAI,QAAQ,KAAK,MAAM,CAAC;eAC3E,gBAAgB,CAAC;QACtB,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACtB,MAAM,0BAA0B,CAAC,YAAmB,EAAE;gBACpD,iBAAiB,EAAE,IAAI;gBACvB,IAAI,EAAE,QAAQ;aACf,CAAC,CAAC;QACL,CAAC;QAED,OAAO,CAAC,qBAAqB,GAAG,QAAQ,CAAC;QAEzC,sFAAsF;QACtF,6EAA6E;QAC7E,MAAM,cAAc,GAAoB,EAAE,CAAC;QAC3C,KAAK,MAAM,CAAC,WAAW,EAAE,UAAU,CAAC,IAAI,YAAY,EAAE,CAAC;YACrD,MAAM,mBAAmB,GAAG,UAAU,CAAC,QAAQ,EAAE,SAAS,IAAI,EAAE,CAAC;YAEjE,KAAK,MAAM,CAAC,OAAO,EAAE,SAAS,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,mBAAmB,CAAC,EAAE,CAAC;gBACvE,MAAM,aAAa,GAAG,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAsB,CAAC;gBAExE,MAAM,cAAc,GAAG,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,KAAK,eAAe,CAAC,CAAC;gBAClG,IAAI,cAAc,EAAE,CAAC;oBACnB,cAAc,CAAC,IAAI,CAAC;wBAClB,IAAI,EAAE,eAAe;wBACrB,OAAO,EAAE,GAAG,WAAW,IAAI,OAAO,oCAAoC;qBACvE,CAAC,CAAC;gBACL,CAAC;gBAED,IAAI,CAAC,CAAC,WAAW,IAAI,aAAa,CAAC,IAAI,aAAa,CAAC,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;oBAC7E,SAAS;gBACX,CAAC;gBAED,IAAI,aAAa,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;oBAC1C,cAAc,CAAC,IAAI,CAAC;wBAClB,IAAI,EAAE,oBAAoB;wBAC1B,OAAO,EAAE,GAAG,WAAW,IAAI,OAAO,8CAA8C;qBACjF,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YACD,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC1D,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,GAAG,OAAsC,CAAC;gBACvE,aAAa,CAAC,KAAK,CAAC,IAAI,CACtB,GAAG,sBAAsB,CAAC,IAAI,GAAG,CAAC,aAAa,CAAC,KAAK,CAAC,EAAE,UAAU,CAAC,CACpE,CAAC;gBAEF,IAAI,eAAe,CAAC,aAAa,EAAE,QAAQ,EAAE,WAAW,CAAC,EAAE,CAAC;oBAC1D,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,QAAQ,EAAE;wBACjC,MAAM,EAAE,WAAW,CAAC,QAAQ,CAAC,MAAM,CAAC;wBACpC,QAAQ,EAAE,QAAQ,CAAC,QAAQ;qBAC5B,CAAC,CAAC;oBAEH,MAAM,CAAC,MAAM,CAAC,aAAa,EAAE;wBAC3B,MAAM,EAAE,WAAW,CAAC,QAAQ,CAAC,MAAM,CAAC;wBACpC,KAAK,EAAE,gBAAgB,CAAC,QAAQ,CAAC;wBACjC,UAAU,EAAE,QAAQ,CAAC,UAAU;qBAChC,CAAC,CAAC;gBACL,CAAC;gBAED,MAAM,QAAQ,GAAG,aAAa,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,WAAW,IAAI,MAAM,EAAE,CAAC,IAAI,IAAI,GAAG,EAAE,CAAC;gBACzF,IAAI,QAAQ,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;oBACxB,SAAS;gBACX,CAAC;gBAED,MAAM,MAAM,GAA2B,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;gBAC3D,KAAK,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,WAAW,CAAC,QAAQ,CAAC,EAAE,CAAC;oBACpD,MAAM,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC;gBACzB,CAAC;gBACD,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;YAC9C,CAAC;QACH,CAAC;QAED,IAAI,CAAC;YACH,MAAM,EAAE,QAAQ,EAAE,WAAW,EAAE,GAAG,MAAM,uBAAuB,CAC7D,YAAY,EACZ,OAAO,CAAC,SAAS,EAAE,QAAQ,EAC3B,gBAAgB,CACjB,CAAC;YACF,OAAO,CAAC,QAAQ,GAAG,cAAc,CAAC,MAAM,CAAC,2BAA8C,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAC1G,OAAO,CAAC,WAAW,GAAG;gBACpB,QAAQ,EAAE,WAAW;aACtB,CAAC;YACF,OAAO,CAAC,YAAY,GAAG,MAAM,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC;YACxD,OAAO,CAAC,QAAQ,CAAC,aAAa,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;YAExD,OAAO,OAAkB,CAAC;QAC5B,CAAC;gBACO,CAAC;YACP,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC;QACxC,CAAC;;;;;;;;;;;CACF;AAED,sCAAsC;AACtC,KAAK,UAAU,kBAAkB,CAC/B,IAAY,EACZ,OAAe,EACf,MAAa,EACb,OAAsB,EACtB,OAKC;;;QAED,MAAM,CAAC,kCAAG,MAAM,MAAM,CAAC,OAAO,EAAE,QAAA,CAAC;QAEjC,IAAI,CAAC;YACH,MAAM,EACJ,QAAQ,EACR,QAAQ,GAAG,OAAO,CAAC,GAAG,EAAE,EACxB,UAAU,EACV,GAAG,EACJ,GAAG,OAAO,CAAC;YAEZ,MAAM,IAAI,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC;gBAC9B,eAAe,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC,CAAC;gBAC3C,iBAAiB,CAAC,OAAO,CAAC,QAAQ,EAAE;oBAClC,IAAI,EAAE,GAAG,IAAI,IAAI,OAAO,EAAE;oBAC1B,QAAQ;iBACT,CAAC,CACH,CAAC;YAEF,MAAM,gBAAgB,CAAC,IAAI,EAAE,GAAG,EAAE;gBAChC,kBAAkB,EAAE;oBAClB,gBAAgB,EAAE,OAAO,QAAQ,KAAK,WAAW;iBAClD;aACF,CAAC,CAAC;QACL,CAAC;QACD,MAAM,CAAC;YACL,SAAS;QACX,CAAC;;;;;;;;;CACF;AAED,SAAS,eAAe,CACtB,aAAgC,EAChC,QAA+D,EAC/D,WAAmB;IAEnB,OAAO,aAAa,CAAC,qBAAqB,KAAK,KAAK,IAAI,CACtD,WAAW,KAAK,QAAQ,CAAC,IAAI,IAAI,QAAQ,CAAC,IAAI,KAAK,SAAS,CAC7D,CAAC;AACJ,CAAC"}
|
|
@@ -1,4 +1,3 @@
|
|
|
1
|
-
import { EventEmitter } from "node:events";
|
|
2
1
|
import type { Simplify } from "type-fest";
|
|
3
2
|
import * as Scanner from "../types.js";
|
|
4
3
|
type MergeDeep<T extends unknown[]> = T extends [a: infer A, ...rest: infer R] ? A & MergeDeep<R> : {};
|
|
@@ -26,17 +25,22 @@ export interface ManifestProbeExtractor<Defs> extends ProbeExtractor<Defs> {
|
|
|
26
25
|
level: "manifest";
|
|
27
26
|
next: ManifestProbeNextCallback;
|
|
28
27
|
}
|
|
29
|
-
export declare class Payload<T extends ProbeExtractor<any>[]> extends
|
|
28
|
+
export declare class Payload<T extends ProbeExtractor<any>[]> extends EventTarget {
|
|
30
29
|
private dependencies;
|
|
31
30
|
private probes;
|
|
32
31
|
private cachedResult;
|
|
33
32
|
constructor(data: Scanner.Payload | Scanner.Payload["dependencies"], probes: [...T]);
|
|
34
33
|
extract(): ExtractProbeResult<T>;
|
|
35
34
|
extractAndMerge(): MergedExtractProbeResult<T>;
|
|
35
|
+
emit<T extends ProbeExtractorLevel>(event: T, ...extractionDetails: unknown[]): void;
|
|
36
|
+
on<T extends ProbeExtractorLevel>(e: T, listener: ExtractorListener<T>): this;
|
|
36
37
|
}
|
|
37
38
|
export declare const Callbacks: {
|
|
38
39
|
readonly packument: (callback: PackumentProbeNextCallback) => PackumentProbeExtractor<void>;
|
|
39
40
|
readonly manifest: (callback: ManifestProbeNextCallback) => ManifestProbeExtractor<void>;
|
|
40
41
|
};
|
|
42
|
+
type ExtractorCallback<T extends ProbeExtractorLevel> = Parameters<(typeof Callbacks)[T]>[0];
|
|
43
|
+
export type ExtractorCallbackParams<T extends ProbeExtractorLevel> = Parameters<ExtractorCallback<T>>;
|
|
44
|
+
export type ExtractorListener<T extends ProbeExtractorLevel> = (...events: CustomEvent<ExtractorCallbackParams<T>>["detail"]) => void;
|
|
41
45
|
export {};
|
|
42
46
|
//# sourceMappingURL=payload.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"payload.d.ts","sourceRoot":"","sources":["../../src/extractors/payload.ts"],"names":[],"mappings":"AACA,OAAO,
|
|
1
|
+
{"version":3,"file":"payload.d.ts","sourceRoot":"","sources":["../../src/extractors/payload.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AAK1C,OAAO,KAAK,OAAO,MAAM,aAAa,CAAC;AAMvC,KAAK,SAAS,CAAC,CAAC,SAAS,OAAO,EAAE,IAC9B,CAAC,SAAS,CAAC,CAAC,EAAE,MAAM,CAAC,EAAE,GAAG,IAAI,EAAE,MAAM,CAAC,CAAC,GAAG,CAAC,GAAG,SAAS,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC;AAErE,MAAM,MAAM,kBAAkB,CAC5B,CAAC,SAAS,cAAc,CAAC,GAAG,CAAC,EAAE,IAC7B;KACD,CAAC,IAAI,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,cAAc,CAAC,GAAG,CAAC,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,KAAK;CACpF,CAAC;AACF,MAAM,MAAM,wBAAwB,CAClC,CAAC,SAAS,cAAc,CAAC,GAAG,CAAC,EAAE,IAC7B,QAAQ,CAAC,SAAS,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AAE/C,MAAM,MAAM,mBAAmB,GAAG,WAAW,GAAG,UAAU,CAAC;AAC3D,MAAM,MAAM,4BAA4B,GAAG;IACzC,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,OAAO,CAAC,UAAU,CAAC;CAChC,CAAC;AAEF,MAAM,MAAM,0BAA0B,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,KAAK,IAAI,CAAC;AAChG,MAAM,MAAM,yBAAyB,GAAG,CACtC,IAAI,EAAE,MAAM,EACZ,iBAAiB,EAAE,OAAO,CAAC,iBAAiB,EAC5C,MAAM,EAAE,4BAA4B,KAAK,IAAI,CAAC;AAEhD,MAAM,WAAW,cAAc,CAAC,IAAI;IAClC,KAAK,EAAE,mBAAmB,CAAC;IAC3B,IAAI,CAAC,GAAG,IAAI,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;IAC3B,IAAI,IAAI,IAAI,CAAC;CACd;AAED,MAAM,WAAW,uBAAuB,CAAC,IAAI,CAAE,SAAQ,cAAc,CAAC,IAAI,CAAC;IACzE,KAAK,EAAE,WAAW,CAAC;IACnB,IAAI,EAAE,0BAA0B,CAAC;CAClC;AAED,MAAM,WAAW,sBAAsB,CAAC,IAAI,CAAE,SAAQ,cAAc,CAAC,IAAI,CAAC;IACxE,KAAK,EAAE,UAAU,CAAC;IAClB,IAAI,EAAE,yBAAyB,CAAC;CACjC;AAED,qBAAa,OAAO,CAAC,CAAC,SAAS,cAAc,CAAC,GAAG,CAAC,EAAE,CAAE,SAAQ,WAAW;IACvE,OAAO,CAAC,YAAY,CAAkC;IACtD,OAAO,CAAC,MAAM,CAAiC;IAC/C,OAAO,CAAC,YAAY,CAAwB;gBAG1C,IAAI,EAAE,OAAO,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,cAAc,CAAC,EACvD,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC;IAchB,OAAO;IAyBP,eAAe,IAGG,wBAAwB,CAAC,CAAC,CAAC;IAG7C,IAAI,CAAC,CAAC,SAAS,mBAAmB,EAChC,KAAK,EAAE,CAAC,EACR,GAAG,iBAAiB,EAAE,OAAO,EAAE;IAQjC,EAAE,CAAC,CAAC,SAAS,mBAAmB,EAC9B,CAAC,EAAE,CAAC,EACJ,QAAQ,EAAE,iBAAiB,CAAC,CAAC,CAAC,GAC7B,IAAI;CASR;AAED,eAAO,MAAM,SAAS;mCAER,0BAA0B,KACnC,uBAAuB,CAAC,IAAI,CAAC;kCAQpB,yBAAyB,KAClC,sBAAsB,CAAC,IAAI,CAAC;CAOvB,CAAC;AAEX,KAAK,iBAAiB,CAAC,CAAC,SAAS,mBAAmB,IAAI,UAAU,CAChE,CAAC,OAAO,SAAS,CAAC,CAAC,CAAC,CAAC,CACtB,CAAC,CAAC,CAAC,CAAC;AAEL,MAAM,MAAM,uBAAuB,CAAC,CAAC,SAAS,mBAAmB,IAAI,UAAU,CAC7E,iBAAiB,CAAC,CAAC,CAAC,CACrB,CAAC;AAEF,MAAM,MAAM,iBAAiB,CAAC,CAAC,SAAS,mBAAmB,IAAI,CAC7D,GAAG,MAAM,EAAE,WAAW,CAAC,uBAAuB,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KACzD,IAAI,CAAC"}
|
|
@@ -1,5 +1,3 @@
|
|
|
1
|
-
// Import Node.js Dependencies
|
|
2
|
-
import { EventEmitter } from "node:events";
|
|
3
1
|
// @ts-ignore
|
|
4
2
|
import deepmerge from "@fastify/deepmerge";
|
|
5
3
|
// Import Internal Dependencies
|
|
@@ -7,7 +5,7 @@ import * as Scanner from "../types.js";
|
|
|
7
5
|
import { isNodesecurePayload } from "../utils/index.js";
|
|
8
6
|
// CONSTANTS
|
|
9
7
|
const kFastMerge = deepmerge({ all: true });
|
|
10
|
-
export class Payload extends
|
|
8
|
+
export class Payload extends EventTarget {
|
|
11
9
|
dependencies;
|
|
12
10
|
probes;
|
|
13
11
|
cachedResult;
|
|
@@ -44,6 +42,20 @@ export class Payload extends EventEmitter {
|
|
|
44
42
|
extractAndMerge() {
|
|
45
43
|
return kFastMerge(...this.extract());
|
|
46
44
|
}
|
|
45
|
+
emit(event, ...extractionDetails) {
|
|
46
|
+
const customEvent = new CustomEvent(event, {
|
|
47
|
+
detail: extractionDetails
|
|
48
|
+
});
|
|
49
|
+
this.dispatchEvent(customEvent);
|
|
50
|
+
}
|
|
51
|
+
on(e, listener) {
|
|
52
|
+
function wrappedListener(event) {
|
|
53
|
+
const customEvent = event;
|
|
54
|
+
listener(...customEvent.detail);
|
|
55
|
+
}
|
|
56
|
+
this.addEventListener(e, wrappedListener);
|
|
57
|
+
return this;
|
|
58
|
+
}
|
|
47
59
|
}
|
|
48
60
|
export const Callbacks = {
|
|
49
61
|
packument(callback) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"payload.js","sourceRoot":"","sources":["../../src/extractors/payload.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"payload.js","sourceRoot":"","sources":["../../src/extractors/payload.ts"],"names":[],"mappings":"AAEA,aAAa;AACb,OAAO,SAAS,MAAM,oBAAoB,CAAC;AAE3C,+BAA+B;AAC/B,OAAO,KAAK,OAAO,MAAM,aAAa,CAAC;AACvC,OAAO,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AAExD,YAAY;AACZ,MAAM,UAAU,GAAG,SAAS,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC;AA0C5C,MAAM,OAAO,OAAyC,SAAQ,WAAW;IAC/D,YAAY,CAAkC;IAC9C,MAAM,CAAiC;IACvC,YAAY,CAAwB;IAE5C,YACE,IAAuD,EACvD,MAAc;QAEd,KAAK,EAAE,CAAC;QACR,IAAI,CAAC,YAAY,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC;YAC7C,IAAI,CAAC,YAAY,CAAC,CAAC;YACnB,IAAI,CAAC;QAEP,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;YAC1C,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAE9B,OAAO,IAAI,CAAC;QACd,CAAC,EAAE,EAAE,SAAS,EAAE,EAAkB,EAAE,QAAQ,EAAE,EAAkB,EAAE,CAAC,CAAC;IACtE,CAAC;IAED,OAAO;QACL,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACtB,OAAO,IAAI,CAAC,YAAY,CAAC;QAC3B,CAAC;QAED,KAAK,MAAM,CAAC,IAAI,EAAE,UAAU,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC;YACnE,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC,CAAC;YACvE,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC;YAEzC,IAAI,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACpC,KAAK,MAAM,CAAC,IAAI,EAAE,UAAU,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;oBACrE,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,UAAU,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC;oBAC5F,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,CAAC;gBAChE,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,CAAC,YAAY,GAAG;YAClB,GAAG,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;YACrD,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;SAC5B,CAAC;QAE3B,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAED,eAAe;QACb,OAAO,UAAU,CACf,GAAG,IAAI,CAAC,OAAO,EAAE,CACwB,CAAC;IAC9C,CAAC;IAED,IAAI,CACF,KAAQ,EACR,GAAG,iBAA4B;QAE/B,MAAM,WAAW,GAAG,IAAI,WAAW,CAAC,KAAK,EAAE;YACzC,MAAM,EAAE,iBAAiB;SAC1B,CAAC,CAAC;QACH,IAAI,CAAC,aAAa,CAAC,WAAW,CAAC,CAAC;IAClC,CAAC;IAED,EAAE,CACA,CAAI,EACJ,QAA8B;QAE9B,SAAS,eAAe,CAAC,KAAY;YACnC,MAAM,WAAW,GAAG,KAAgD,CAAC;YACrE,QAAQ,CAAC,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;QAClC,CAAC;QACD,IAAI,CAAC,gBAAgB,CAAC,CAAC,EAAE,eAAe,CAAC,CAAC;QAE1C,OAAO,IAAI,CAAC;IACd,CAAC;CACF;AAED,MAAM,CAAC,MAAM,SAAS,GAAG;IACvB,SAAS,CACP,QAAoC;QAEpC,OAAO;YACL,KAAK,EAAE,WAAoB;YAC3B,IAAI,EAAE,QAAQ;YACd,IAAI,EAAE,IAAI;SACX,CAAC;IACJ,CAAC;IACD,QAAQ,CACN,QAAmC;QAEnC,OAAO;YACL,KAAK,EAAE,UAAmB;YAC1B,IAAI,EAAE,QAAQ;YACd,IAAI,EAAE,IAAI;SACX,CAAC;IACJ,CAAC;CACO,CAAC;AAcX,SAAS,IAAI;IACX,OAAO,KAAK,CAAC,CAAC;AAChB,CAAC"}
|
package/dist/i18n/english.js
CHANGED
|
@@ -3,7 +3,7 @@ import { taggedString as tS } from "@nodesecure/i18n";
|
|
|
3
3
|
const scanner = {
|
|
4
4
|
disable_scarf: "This dependency could collect data against your consent so think to disable it with the env var: SCARF_ANALYTICS",
|
|
5
5
|
keylogging: "This dependency can retrieve your keyboard and mouse inputs. It can be used for 'keylogging' attacks/malwares.",
|
|
6
|
-
typo_squatting: tS `
|
|
6
|
+
typo_squatting: tS `Dependency '${0}' is similar to the following popular packages: ${1}`,
|
|
7
7
|
dependency_confusion: "This dependency was found on both a public and private registry but its signature does not match",
|
|
8
8
|
dependency_confusion_missing: "This dependency was found on the private but not on the public registry, this dependency is vulnerable to dependency confusion attacks.",
|
|
9
9
|
dependency_confusion_missing_org: tS `The org '${0}' is not claimed on the public registry`
|
package/dist/i18n/english.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"english.js","sourceRoot":"","sources":["../../src/i18n/english.js"],"names":[],"mappings":"AAAA,kCAAkC;AAClC,OAAO,EAAE,YAAY,IAAI,EAAE,EAAE,MAAM,kBAAkB,CAAC;AAEtD,MAAM,OAAO,GAAG;IACd,aAAa,EAAE,kHAAkH;IACjI,UAAU,EAAE,gHAAgH;IAC5H,cAAc,EAAE,EAAE,CAAA,
|
|
1
|
+
{"version":3,"file":"english.js","sourceRoot":"","sources":["../../src/i18n/english.js"],"names":[],"mappings":"AAAA,kCAAkC;AAClC,OAAO,EAAE,YAAY,IAAI,EAAE,EAAE,MAAM,kBAAkB,CAAC;AAEtD,MAAM,OAAO,GAAG;IACd,aAAa,EAAE,kHAAkH;IACjI,UAAU,EAAE,gHAAgH;IAC5H,cAAc,EAAE,EAAE,CAAA,eAAe,CAAC,mDAAmD,CAAC,EAAE;IACxF,oBAAoB,EAAE,kGAAkG;IACxH,4BAA4B,EAAE,yIAAyI;IACvK,gCAAgC,EAAE,EAAE,CAAA,YAAY,CAAC,yCAAyC;CAC3F,CAAC;AAEF,eAAe,EAAE,OAAO,EAAE,CAAC"}
|
package/dist/i18n/french.js
CHANGED
|
@@ -3,7 +3,7 @@ import { taggedString as tS } from "@nodesecure/i18n";
|
|
|
3
3
|
const scanner = {
|
|
4
4
|
disable_scarf: "Cette dépendance peut récolter des données contre votre volonté, pensez donc à la désactiver en fournissant la variable d'environnement SCARF_ANALYTICS",
|
|
5
5
|
keylogging: "Cette dépendance peut obtenir vos entrées clavier ou de souris. Cette dépendance peut être utilisée en tant que 'keylogging' attacks/malwares.",
|
|
6
|
-
typo_squatting: tS `
|
|
6
|
+
typo_squatting: tS `La dépendance '${0}' est similaire aux packages populaires suivants : ${1}`,
|
|
7
7
|
dependency_confusion: "Cette dépendance a été trouvée à la fois sur un registre public et privé, mais sa signature ne correspond pas.",
|
|
8
8
|
dependency_confusion_missing: "Cette dépendance a été trouvée seulement sur le registre privé, cette dépendance est vulnérable à une attaque par confusion de dépendance.",
|
|
9
9
|
dependency_confusion_missing_org: tS `L'organisation '${0}' n'est pas revendiquée sur le registre public`
|
package/dist/i18n/french.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"french.js","sourceRoot":"","sources":["../../src/i18n/french.js"],"names":[],"mappings":"AAAA,kCAAkC;AAClC,OAAO,EAAE,YAAY,IAAI,EAAE,EAAE,MAAM,kBAAkB,CAAC;AAEtD,MAAM,OAAO,GAAG;IACd,aAAa,EAAE,yJAAyJ;IACxK,UAAU,EAAE,gJAAgJ;IAC5J,cAAc,EAAE,EAAE,CAAA,
|
|
1
|
+
{"version":3,"file":"french.js","sourceRoot":"","sources":["../../src/i18n/french.js"],"names":[],"mappings":"AAAA,kCAAkC;AAClC,OAAO,EAAE,YAAY,IAAI,EAAE,EAAE,MAAM,kBAAkB,CAAC;AAEtD,MAAM,OAAO,GAAG;IACd,aAAa,EAAE,yJAAyJ;IACxK,UAAU,EAAE,gJAAgJ;IAC5J,cAAc,EAAE,EAAE,CAAA,kBAAkB,CAAC,sDAAsD,CAAC,EAAE;IAC9F,oBAAoB,EAAE,gHAAgH;IACtI,4BAA4B,EAAE,4IAA4I;IAC1K,gCAAgC,EAAE,EAAE,CAAA,mBAAmB,CAAC,gDAAgD;CACzG,CAAC;AAEF,eAAe,EAAE,OAAO,EAAE,CAAC"}
|
package/dist/index.d.ts
CHANGED
|
@@ -1,12 +1,21 @@
|
|
|
1
1
|
import * as tarball from "@nodesecure/tarball";
|
|
2
|
+
import type Config from "@npmcli/config";
|
|
2
3
|
import { depWalker } from "./depWalker.js";
|
|
3
4
|
import { Logger, ScannerLoggerEvents } from "./class/logger.class.js";
|
|
4
5
|
import { comparePayloads } from "./comparePayloads.js";
|
|
5
6
|
import type { Options } from "./types.js";
|
|
6
7
|
export * from "./types.js";
|
|
7
8
|
export * from "./extractors/index.js";
|
|
8
|
-
export
|
|
9
|
-
|
|
9
|
+
export type CwdOptions = Options & {
|
|
10
|
+
/**
|
|
11
|
+
* NPM runtime configuration (such as local .npmrc file)
|
|
12
|
+
* It is optionally used to fetch registry authentication tokens
|
|
13
|
+
*/
|
|
14
|
+
npmRcConfig?: Config;
|
|
15
|
+
};
|
|
16
|
+
export declare function cwd(location?: string, options?: CwdOptions, logger?: Logger): Promise<import("./types.js").Payload>;
|
|
17
|
+
export type FromOptions = Omit<Options, "includeDevDeps">;
|
|
18
|
+
export declare function from(packageName: string, options?: FromOptions, logger?: Logger): Promise<import("./types.js").Payload>;
|
|
10
19
|
export declare function verify(packageName?: string): Promise<tarball.ScannedPackageResult>;
|
|
11
20
|
export { depWalker, tarball, comparePayloads, Logger, ScannerLoggerEvents };
|
|
12
21
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,OAAO,MAAM,qBAAqB,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,OAAO,MAAM,qBAAqB,CAAC;AAE/C,OAAO,KAAK,MAAM,MAAM,gBAAgB,CAAC;AAGzC,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAE3C,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAEtE,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AACvD,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AAQ1C,cAAc,YAAY,CAAC;AAC3B,cAAc,uBAAuB,CAAC;AAEtC,MAAM,MAAM,UAAU,GAAG,OAAO,GAAG;IACjC;;;OAGG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB,CAAC;AAEF,wBAAsB,GAAG,CACvB,QAAQ,SAAgB,EACxB,OAAO,GAAE,UAAe,EACxB,MAAM,SAAe,yCA8BtB;AAED,MAAM,MAAM,WAAW,GAAG,IAAI,CAAC,OAAO,EAAE,gBAAgB,CAAC,CAAC;AAE1D,wBAAsB,IAAI,CACxB,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE,WAAgB,EACzB,MAAM,SAAe,yCAkBtB;AAED,wBAAsB,MAAM,CAC1B,WAAW,CAAC,EAAE,MAAM,GACnB,OAAO,CAAC,OAAO,CAAC,oBAAoB,CAAC,CAevC;AAED,OAAO,EACL,SAAS,EACT,OAAO,EACP,eAAe,EACf,MAAM,EACN,mBAAmB,EACpB,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -67,7 +67,6 @@ import { comparePayloads } from "./comparePayloads.js";
|
|
|
67
67
|
// CONSTANTS
|
|
68
68
|
const kDefaultCwdOptions = {
|
|
69
69
|
forceRootAnalysis: true,
|
|
70
|
-
usePackageLock: true,
|
|
71
70
|
includeDevDeps: false
|
|
72
71
|
};
|
|
73
72
|
export * from "./types.js";
|
|
@@ -76,8 +75,12 @@ export async function cwd(location = process.cwd(), options = {}, logger = new L
|
|
|
76
75
|
const registry = options.registry ?
|
|
77
76
|
urlToString(options.registry) :
|
|
78
77
|
getLocalRegistryURL();
|
|
78
|
+
const packageLock = options.packageLock ?? {
|
|
79
|
+
location
|
|
80
|
+
};
|
|
79
81
|
const finalizedOptions = Object.assign({ location }, kDefaultCwdOptions, {
|
|
80
82
|
...options,
|
|
83
|
+
packageLock,
|
|
81
84
|
registry
|
|
82
85
|
});
|
|
83
86
|
logger.start(ScannerLoggerEvents.manifest.read);
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8BAA8B;AAC9B,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAClC,OAAO,EAAE,MAAM,SAAS,CAAC;AAEzB,kCAAkC;AAClC,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC;AACnE,OAAO,KAAK,OAAO,MAAM,qBAAqB,CAAC;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8BAA8B;AAC9B,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAClC,OAAO,EAAE,MAAM,SAAS,CAAC;AAEzB,kCAAkC;AAClC,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC;AACnE,OAAO,KAAK,OAAO,MAAM,qBAAqB,CAAC;AAI/C,+BAA+B;AAC/B,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAC3C,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAC1D,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AACtE,OAAO,EAAE,aAAa,EAAE,MAAM,gCAAgC,CAAC;AAC/D,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAGvD,YAAY;AACZ,MAAM,kBAAkB,GAAG;IACzB,iBAAiB,EAAE,IAAI;IACvB,cAAc,EAAE,KAAK;CACtB,CAAC;AAEF,cAAc,YAAY,CAAC;AAC3B,cAAc,uBAAuB,CAAC;AAUtC,MAAM,CAAC,KAAK,UAAU,GAAG,CACvB,QAAQ,GAAG,OAAO,CAAC,GAAG,EAAE,EACxB,UAAsB,EAAE,EACxB,MAAM,GAAG,IAAI,MAAM,EAAE;IAErB,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;QACjC,WAAW,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC;QAC/B,mBAAmB,EAAE,CAAC;IAExB,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW,IAAI;QACzC,QAAQ;KACT,CAAC;IAEF,MAAM,gBAAgB,GAAG,MAAM,CAAC,MAAM,CACpC,EAAE,QAAQ,EAAE,EACZ,kBAAkB,EAClB;QACE,GAAG,OAAO;QACV,WAAW;QACX,QAAQ;KACT,CACF,CAAC;IAEF,MAAM,CAAC,KAAK,CAAC,mBAAmB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IAChD,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;IACxD,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;IACpD,MAAM,CAAC,GAAG,CAAC,mBAAmB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IAE9C,OAAO,SAAS,CACd,IAAI,CAAC,KAAK,CAAC,GAAG,CAAgB,EAC9B,gBAAgB,EAChB,MAAM,CACP,CAAC;AACJ,CAAC;AAID,MAAM,CAAC,KAAK,UAAU,IAAI,CACxB,WAAmB,EACnB,UAAuB,EAAE,EACzB,MAAM,GAAG,IAAI,MAAM,EAAE;IAErB,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;QACjC,WAAW,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC;QAC/B,mBAAmB,EAAE,CAAC;IAExB,MAAM,CAAC,KAAK,CAAC,mBAAmB,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IACjD,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAE;QAClD,GAAG,SAAS,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,OAAO,EAAE,OAAO;KACtD,CAAC,CAAC;IACH,MAAM,CAAC,GAAG,CAAC,mBAAmB,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAE/C,OAAO,SAAS;IACd,wDAAwD;IACxD,QAAsC,EACtC,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,CAAC,EACpC,MAAM,CACP,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,MAAM,CAC1B,WAAoB;;;QAEpB,IAAI,OAAO,WAAW,KAAK,WAAW,EAAE,CAAC;YACvC,OAAO,OAAO,CAAC,WAAW,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;QAC5C,CAAC;QAED,MAAY,OAAO,kCAAG,MAAM,aAAa,CAAC,MAAM,EAAE,OAAA,CAAC;QAEnD,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,iBAAiB,CAAC,OAAO,CAAC,QAAQ,EAAE;YAC7D,IAAI,EAAE,WAAW;YACjB,QAAQ,EAAE,mBAAmB,EAAE;SAChC,CAAC,CAAC;QAEH,MAAM,UAAU,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;QAEnD,OAAO,UAAU,CAAC;;;;;;;;;;;CACnB;AAED,OAAO,EACL,SAAS,EACT,OAAO,EACP,eAAe,EACf,MAAM,EACN,mBAAmB,EACpB,CAAC"}
|
|
@@ -1,10 +1,11 @@
|
|
|
1
1
|
import * as npmRegistrySDK from "@nodesecure/npm-registry-sdk";
|
|
2
2
|
import type { Packument, PackumentVersion, Signature } from "@nodesecure/npm-types";
|
|
3
3
|
import { type DateProvider } from "./PackumentExtractor.js";
|
|
4
|
-
import type { Dependency, DependencyConfusionWarning } from "../types.js";
|
|
4
|
+
import type { Dependency, DependencyConfusionWarning, TokenStore } from "../types.js";
|
|
5
5
|
import { Logger } from "../class/logger.class.js";
|
|
6
6
|
type PackumentNpmApiOptions = {
|
|
7
7
|
registry: string;
|
|
8
|
+
token?: string;
|
|
8
9
|
};
|
|
9
10
|
export interface NpmApiClient {
|
|
10
11
|
packument(name: string, options?: PackumentNpmApiOptions): Promise<Packument>;
|
|
@@ -15,6 +16,7 @@ export interface NpmRegistryProviderOptions {
|
|
|
15
16
|
dateProvider?: DateProvider;
|
|
16
17
|
npmApiClient?: NpmApiClient;
|
|
17
18
|
registry?: string;
|
|
19
|
+
tokenStore?: TokenStore;
|
|
18
20
|
}
|
|
19
21
|
export declare class NpmRegistryProvider {
|
|
20
22
|
#private;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"NpmRegistryProvider.d.ts","sourceRoot":"","sources":["../../src/registry/NpmRegistryProvider.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,cAAc,MAAM,8BAA8B,CAAC;AAE/D,OAAO,KAAK,EAAE,SAAS,EAAE,gBAAgB,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAMpF,OAAO,EAAsB,KAAK,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAEhF,OAAO,KAAK,EACV,UAAU,EACV,0BAA0B,
|
|
1
|
+
{"version":3,"file":"NpmRegistryProvider.d.ts","sourceRoot":"","sources":["../../src/registry/NpmRegistryProvider.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,cAAc,MAAM,8BAA8B,CAAC;AAE/D,OAAO,KAAK,EAAE,SAAS,EAAE,gBAAgB,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAMpF,OAAO,EAAsB,KAAK,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAEhF,OAAO,KAAK,EACV,UAAU,EACV,0BAA0B,EAC1B,UAAU,EACX,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,MAAM,EAAE,MAAM,0BAA0B,CAAC;AAWlD,KAAK,sBAAsB,GAAG;IAC5B,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF,MAAM,WAAW,YAAY;IAC3B,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,sBAAsB,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;IAC9E,gBAAgB,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,sBAAsB,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAAC;IAC7G,GAAG,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC,aAAa,CAAC,CAAC;CAC/D;AAED,MAAM,WAAW,0BAA0B;IACzC,YAAY,CAAC,EAAE,YAAY,CAAC;IAC5B,YAAY,CAAC,EAAE,YAAY,CAAC;IAC5B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,UAAU,CAAC;CACzB;AAED,qBAAa,mBAAmB;;IAM9B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;gBAGd,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,OAAO,GAAE,0BAA+B;IAkBpC,yBAAyB;;;;;;;;;;;;;;;;IAuBzB,kBAAkB;;;;;;;;;;;;;;;;;;;;;;;;IA2BlB,gBAAgB,CACpB,MAAM,EAAE,MAAM,EACd,UAAU,EAAE,UAAU,GACrB,OAAO,CAAC,IAAI,CAAC;IAoBV,uBAAuB,CAC3B,UAAU,EAAE,UAAU,EACtB,QAAQ,EAAE,0BAA0B,EAAE,EACtC,GAAG,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS;IAsD1B,uCAAuC,CAAC,QAAQ,EAAE,0BAA0B,EAAE,EAAE,GAAG,EAAE,MAAM;CAoBlG"}
|
|
@@ -20,19 +20,22 @@ export class NpmRegistryProvider {
|
|
|
20
20
|
#date;
|
|
21
21
|
#npmApiClient;
|
|
22
22
|
#registry;
|
|
23
|
+
#tokenStore;
|
|
23
24
|
name;
|
|
24
25
|
version;
|
|
25
26
|
constructor(name, version, options = {}) {
|
|
26
|
-
const { dateProvider = undefined, npmApiClient = npmRegistrySDK, registry = npmRegistrySDK.getLocalRegistryURL() } = options;
|
|
27
|
+
const { dateProvider = undefined, npmApiClient = npmRegistrySDK, registry = npmRegistrySDK.getLocalRegistryURL(), tokenStore = undefined } = options;
|
|
27
28
|
this.name = name;
|
|
28
29
|
this.version = version;
|
|
29
30
|
this.#date = dateProvider;
|
|
30
31
|
this.#npmApiClient = npmApiClient;
|
|
31
32
|
this.#registry = registry;
|
|
33
|
+
this.#tokenStore = tokenStore;
|
|
32
34
|
}
|
|
33
35
|
async collectPackageVersionData() {
|
|
34
36
|
const packumentVersion = await this.#npmApiClient.packumentVersion(this.name, this.version, {
|
|
35
|
-
registry: this.#registry
|
|
37
|
+
registry: this.#registry,
|
|
38
|
+
token: this.#tokenStore?.get(this.#registry)
|
|
36
39
|
});
|
|
37
40
|
const { integrity } = packageJSONIntegrityHash(packumentVersion, {
|
|
38
41
|
isFromRemoteRegistry: true
|
|
@@ -47,7 +50,8 @@ export class NpmRegistryProvider {
|
|
|
47
50
|
}
|
|
48
51
|
async collectPackageData() {
|
|
49
52
|
const packument = await this.#npmApiClient.packument(this.name, {
|
|
50
|
-
registry: this.#registry
|
|
53
|
+
registry: this.#registry,
|
|
54
|
+
token: this.#tokenStore?.get(this.#registry)
|
|
51
55
|
});
|
|
52
56
|
const packumentVersion = packument.versions[this.version];
|
|
53
57
|
const metadata = new PackumentExtractor(packument, { dateProvider: this.#date }).getMetadata(this.version);
|
|
@@ -94,7 +98,8 @@ export class NpmRegistryProvider {
|
|
|
94
98
|
}
|
|
95
99
|
try {
|
|
96
100
|
const packumentVersionFromPublicRegistry = await this.#npmApiClient.packumentVersion(this.name, this.version, {
|
|
97
|
-
registry: getNpmRegistryURL()
|
|
101
|
+
registry: getNpmRegistryURL(),
|
|
102
|
+
token: this.#tokenStore?.get(getNpmRegistryURL())
|
|
98
103
|
});
|
|
99
104
|
if (!this.#hasSameSignatures(signatures, packumentVersionFromPublicRegistry.dist.signatures)) {
|
|
100
105
|
this.#addDependencyConfusionWarning(warnings, await i18n.getToken("scanner.dependency_confusion"));
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"NpmRegistryProvider.js","sourceRoot":"","sources":["../../src/registry/NpmRegistryProvider.ts"],"names":[],"mappings":"AAAA,8BAA8B;AAC9B,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,kCAAkC;AAClC,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,KAAK,cAAc,MAAM,8BAA8B,CAAC;AAC/D,OAAO,EAAE,wBAAwB,EAAE,MAAM,kBAAkB,CAAC;AAE5D,OAAO,EAAE,iBAAiB,EAAE,MAAM,8BAA8B,CAAC;AACjE,OAAO,KAAK,IAAI,MAAM,kBAAkB,CAAC;AACzC,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAE/C,+BAA+B;AAC/B,OAAO,EAAE,kBAAkB,EAAqB,MAAM,yBAAyB,CAAC;AAChF,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;
|
|
1
|
+
{"version":3,"file":"NpmRegistryProvider.js","sourceRoot":"","sources":["../../src/registry/NpmRegistryProvider.ts"],"names":[],"mappings":"AAAA,8BAA8B;AAC9B,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,kCAAkC;AAClC,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,KAAK,cAAc,MAAM,8BAA8B,CAAC;AAC/D,OAAO,EAAE,wBAAwB,EAAE,MAAM,kBAAkB,CAAC;AAE5D,OAAO,EAAE,iBAAiB,EAAE,MAAM,8BAA8B,CAAC;AACjE,OAAO,KAAK,IAAI,MAAM,kBAAkB,CAAC;AACzC,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAE/C,+BAA+B;AAC/B,OAAO,EAAE,kBAAkB,EAAqB,MAAM,yBAAyB,CAAC;AAChF,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAMvD,OAAO,EAAE,MAAM,EAAE,MAAM,0BAA0B,CAAC;AAClD,OAAO,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AAChD,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAExD,YAAY;AACZ,MAAM,mBAAmB,GAAG,GAAG,CAAC;AAEhC,MAAM,IAAI,CAAC,oBAAoB,CAC7B,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,MAAM,CAAC,CAC5D,CAAC;AAoBF,MAAM,OAAO,mBAAmB;IAC9B,KAAK,CAA2B;IAChC,aAAa,CAAe;IAC5B,SAAS,CAAS;IAClB,WAAW,CAAyB;IAEpC,IAAI,CAAS;IACb,OAAO,CAAS;IAEhB,YACE,IAAY,EACZ,OAAe,EACf,UAAsC,EAAE;QAExC,MAAM,EACJ,YAAY,GAAG,SAAS,EACxB,YAAY,GAAG,cAAc,EAC7B,QAAQ,GAAG,cAAc,CAAC,mBAAmB,EAAE,EAC/C,UAAU,GAAG,SAAS,EACvB,GAAG,OAAO,CAAC;QAEZ,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QAEvB,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC;QAC1B,IAAI,CAAC,aAAa,GAAG,YAAY,CAAC;QAClC,IAAI,CAAC,SAAS,GAAG,QAAQ,CAAC;QAC1B,IAAI,CAAC,WAAW,GAAG,UAAU,CAAC;IAChC,CAAC;IAED,KAAK,CAAC,yBAAyB;QAC7B,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,gBAAgB,CAChE,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,OAAO,EACZ;YACE,QAAQ,EAAE,IAAI,CAAC,SAAS;YACxB,KAAK,EAAE,IAAI,CAAC,WAAW,EAAE,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC;SAC7C,CACF,CAAC;QAEF,MAAM,EAAE,SAAS,EAAE,GAAG,wBAAwB,CAAC,gBAAgB,EAAE;YAC/D,oBAAoB,EAAE,IAAI;SAC3B,CAAC,CAAC;QAEH,OAAO;YACL,KAAK,EAAE,QAAQ,CAAC,gBAAgB,CAAC;YACjC,SAAS;YACT,UAAU,EAAE,gBAAgB,CAAC,UAAU;YACvC,UAAU,EAAE,gBAAgB,CAAC,IAAI,CAAC,UAAU;YAC5C,YAAY,EAAE,gBAAgB,CAAC,IAAI,CAAC,YAAY;SACjD,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,kBAAkB;QACtB,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE;YAC9D,QAAQ,EAAE,IAAI,CAAC,SAAS;YACxB,KAAK,EAAE,IAAI,CAAC,WAAW,EAAE,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC;SAC7C,CAAC,CAAC;QACH,MAAM,gBAAgB,GAAG,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAE1D,MAAM,QAAQ,GAAG,IAAI,kBAAkB,CACrC,SAAS,EACT,EAAE,YAAY,EAAE,IAAI,CAAC,KAAK,EAAE,CAC7B,CAAC,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAE5B,MAAM,KAAK,GAAG;YACZ,UAAU,EAAE,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,WAAW,CAAC;YAC1D,YAAY,EAAE,gBAAgB,CAAC,UAAU;SAC1C,CAAC;QAEF,OAAO;YACL,QAAQ;YACR,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACrD,OAAO,EAAE;gBACP,KAAK,EAAE,QAAQ,CAAC,gBAAgB,CAAC;gBACjC,UAAU,EAAE,gBAAgB,CAAC,UAAU;aACxC;SACF,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,gBAAgB,CACpB,MAAc,EACd,UAAsB;QAEtB,IAAI,CAAC;YACH,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAErE,MAAM,eAAe,CAAC,QAAQ,CAAC,CAAC;YAEhC,MAAM,iBAAiB,GAAG,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAE5D,UAAU,CAAC,QAAQ,GAAG,QAAQ,CAAC;YAC/B,iBAAiB,CAAC,KAAK,GAAG,CAAC,GAAG,iBAAiB,CAAC,KAAK,EAAE,GAAG,KAAK,CAAC,CAAC;YACjE,MAAM,CAAC,MAAM,CAAC,iBAAiB,EAAE,OAAO,CAAC,CAAC;QAC5C,CAAC;QACD,MAAM,CAAC;YACL,UAAU;QACZ,CAAC;gBACO,CAAC;YACP,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC;IAED,KAAK,CAAC,uBAAuB,CAC3B,UAAsB,EACtB,QAAsC,EACtC,GAA8B;QAE9B,IAAI,CAAC;YACH,MAAM,EACJ,SAAS,EAAE,UAAU,EAAE,KAAK,EAC5B,UAAU,EAAE,YAAY,EACzB,GAAG,MAAM,IAAI,CAAC,yBAAyB,EAAE,CAAC;YAE3C,MAAM,CAAC,MAAM,CACX,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,EACjC;gBACE,KAAK;gBACL,UAAU;gBACV,YAAY;aACb,CACF,CAAC;YACF,UAAU,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,SAAS,CAAC;YACxD,IAAI,IAAI,CAAC,SAAS,KAAK,iBAAiB,EAAE,EAAE,CAAC;gBAC3C,OAAO;YACT,CAAC;YACD,IAAI,CAAC;gBACH,MAAM,kCAAkC,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,OAAO,EAAE;oBAC5G,QAAQ,EAAE,iBAAiB,EAAE;oBAC7B,KAAK,EAAE,IAAI,CAAC,WAAW,EAAE,GAAG,CAAC,iBAAiB,EAAE,CAAC;iBAClD,CAAC,CAAC;gBACH,IAAI,CAAC,IAAI,CAAC,kBAAkB,CAAC,UAAU,EAAE,kCAAkC,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;oBAC7F,IAAI,CAAC,8BAA8B,CAAC,QAAQ,EAAE,MAAM,IAAI,CAAC,QAAQ,CAAC,8BAA8B,CAAC,CAAC,CAAC;gBACrG,CAAC;YACH,CAAC;YACD,OAAO,GAAG,EAAE,CAAC;gBACX,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC;gBAC9B,IAAI,WAAW,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,UAAU,KAAK,mBAAmB,IAAI,CAAC,QAAQ,EAAE,CAAC;oBAC5E,IAAI,CAAC,8BAA8B,CAAC,QAAQ,EAAE,MAAM,IAAI,CAAC,QAAQ,CAAC,sCAAsC,CAAC,CAAC,CAAC;gBAC7G,CAAC;YACH,CAAC;QACH,CAAC;QACD,MAAM,CAAC;YACL,SAAS;QACX,CAAC;IACH,CAAC;IAED,kBAAkB,CAAC,UAAmC,EAAE,4BAAqD;QAC3G,IAAI,CAAC,UAAU,IAAI,CAAC,4BAA4B,EAAE,CAAC;YACjD,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,0BAA0B,GAAG,4BAA4B,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;QAC/G,MAAM,2BAA2B,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;QAE9F,OAAO,2BAA2B,CAAC,MAAM,KAAK,4BAA4B,CAAC,MAAM;YAC/E,2BAA2B,EAAE,KAAK,CAAC,CAAC,SAAS,EAAE,KAAK,EAAE,EAAE,CAAC,SAAS,CAAC,KAAK,KAAK,0BAA0B,CAAC,KAAK,CAAC,CAAC,KAAK;mBAC/G,SAAS,CAAC,GAAG,KAAK,0BAA0B,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC;IAClE,CAAC;IAED,KAAK,CAAC,uCAAuC,CAAC,QAAsC,EAAE,GAAW;QAC/F,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1C,CAAC;QACD,OAAO,GAAG,EAAE,CAAC;YACX,IAAI,WAAW,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,UAAU,KAAK,mBAAmB,EAAE,CAAC;gBAC/D,MAAM,IAAI,CAAC,8BAA8B,CAAC,QAAQ,EAAE,MAAM,IAAI,CAAC,QAAQ,CAAC,0CAA0C,EAAE,GAAG,CAAC,CAAC,CAAC;YAC5H,CAAC;QACH,CAAC;IACH,CAAC;IAED,KAAK,CAAC,8BAA8B,CAAC,QAAsC,EAAE,OAAe;QAC1F,QAAQ,CAAC,IAAI,CAAC;YACZ,IAAI,EAAE,sBAAsB;YAC5B,OAAO;YACP,QAAQ,EAAE;gBACR,IAAI,EAAE,IAAI,CAAC,IAAI;aAChB;SACF,CAAC,CAAC;IACL,CAAC;CACF"}
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
import type Config from "@npmcli/config";
|
|
2
|
+
import { type TokenStore } from "../types.js";
|
|
3
|
+
export declare class RegistryTokenStore implements TokenStore {
|
|
4
|
+
#private;
|
|
5
|
+
constructor(config: Config | undefined, tokenFromEnv: string | undefined);
|
|
6
|
+
get(registry: string): string | undefined;
|
|
7
|
+
private getTokenKey;
|
|
8
|
+
}
|
|
9
|
+
//# sourceMappingURL=RegistryTokenStore.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"RegistryTokenStore.d.ts","sourceRoot":"","sources":["../../src/registry/RegistryTokenStore.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,MAAM,MAAM,gBAAgB,CAAC;AAGzC,OAAO,EAAE,KAAK,UAAU,EAAE,MAAM,aAAa,CAAC;AAE9C,qBAAa,kBAAmB,YAAW,UAAU;;gBAIvC,MAAM,EAAE,MAAM,GAAG,SAAS,EAAE,YAAY,EAAE,MAAM,GAAG,SAAS;IAKxE,GAAG,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS;IAazC,OAAO,CAAC,WAAW;CAGpB"}
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
// Import Internal Dependencies
|
|
2
|
+
import {} from "../types.js";
|
|
3
|
+
export class RegistryTokenStore {
|
|
4
|
+
#memo = new Map();
|
|
5
|
+
#config;
|
|
6
|
+
#tokenFromEnv;
|
|
7
|
+
constructor(config, tokenFromEnv) {
|
|
8
|
+
this.#config = config;
|
|
9
|
+
this.#tokenFromEnv = tokenFromEnv;
|
|
10
|
+
}
|
|
11
|
+
get(registry) {
|
|
12
|
+
if (!this.#config) {
|
|
13
|
+
return this.#tokenFromEnv;
|
|
14
|
+
}
|
|
15
|
+
if (this.#memo.has(registry)) {
|
|
16
|
+
return this.#memo.get(registry);
|
|
17
|
+
}
|
|
18
|
+
const token = this.#config.get(this.getTokenKey(registry), "project") ?? this.#tokenFromEnv;
|
|
19
|
+
this.#memo.set(registry, token);
|
|
20
|
+
return token;
|
|
21
|
+
}
|
|
22
|
+
getTokenKey(registry) {
|
|
23
|
+
return `${registry.replace(/https:|http:/, "")}:_authToken`;
|
|
24
|
+
}
|
|
25
|
+
}
|
|
26
|
+
//# sourceMappingURL=RegistryTokenStore.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"RegistryTokenStore.js","sourceRoot":"","sources":["../../src/registry/RegistryTokenStore.ts"],"names":[],"mappings":"AAGA,+BAA+B;AAC/B,OAAO,EAAmB,MAAM,aAAa,CAAC;AAE9C,MAAM,OAAO,kBAAkB;IAC7B,KAAK,GAAoC,IAAI,GAAG,EAAE,CAAC;IACnD,OAAO,CAAqB;IAC5B,aAAa,CAAqB;IAClC,YAAY,MAA0B,EAAE,YAAgC;QACtE,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;QACtB,IAAI,CAAC,aAAa,GAAG,YAAY,CAAC;IACpC,CAAC;IAED,GAAG,CAAC,QAAgB;QAClB,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAClB,OAAO,IAAI,CAAC,aAAa,CAAC;QAC5B,CAAC;QACD,IAAI,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC7B,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAClC,CAAC;QACD,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,EAAE,SAAS,CAAuB,IAAI,IAAI,CAAC,aAAa,CAAC;QAClH,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;QAEhC,OAAO,KAAK,CAAC;IACf,CAAC;IAEO,WAAW,CAAC,QAAgB;QAClC,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC,aAAa,CAAC;IAC9D,CAAC;CACF"}
|