@nodesecure/scanner 7.1.0 → 8.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/comparePayloads.js +5 -5
- package/dist/comparePayloads.js.map +1 -1
- package/dist/depWalker.d.ts +2 -0
- package/dist/depWalker.d.ts.map +1 -1
- package/dist/depWalker.js +45 -11
- package/dist/depWalker.js.map +1 -1
- package/dist/extractors/payload.d.ts +6 -2
- package/dist/extractors/payload.d.ts.map +1 -1
- package/dist/extractors/payload.js +15 -3
- package/dist/extractors/payload.js.map +1 -1
- package/dist/i18n/english.js +1 -1
- package/dist/i18n/english.js.map +1 -1
- package/dist/i18n/french.js +1 -1
- package/dist/i18n/french.js.map +1 -1
- package/dist/index.d.ts +11 -2
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +4 -1
- package/dist/index.js.map +1 -1
- package/dist/registry/NpmRegistryProvider.d.ts +3 -1
- package/dist/registry/NpmRegistryProvider.d.ts.map +1 -1
- package/dist/registry/NpmRegistryProvider.js +9 -4
- package/dist/registry/NpmRegistryProvider.js.map +1 -1
- package/dist/registry/RegistryTokenStore.d.ts +9 -0
- package/dist/registry/RegistryTokenStore.d.ts.map +1 -0
- package/dist/registry/RegistryTokenStore.js +26 -0
- package/dist/registry/RegistryTokenStore.js.map +1 -0
- package/dist/types.d.ts +23 -3
- package/dist/types.d.ts.map +1 -1
- package/dist/utils/warnings.d.ts +1 -1
- package/dist/utils/warnings.d.ts.map +1 -1
- package/dist/utils/warnings.js +22 -12
- package/dist/utils/warnings.js.map +1 -1
- package/package.json +6 -3
- package/dist/data/top-packages.json +0 -50000
package/dist/types.d.ts
CHANGED
|
@@ -170,7 +170,12 @@ export interface Payload {
|
|
|
170
170
|
/** Payload unique id */
|
|
171
171
|
id: string;
|
|
172
172
|
/** Name of the analyzed package */
|
|
173
|
-
|
|
173
|
+
rootDependency: {
|
|
174
|
+
name: string;
|
|
175
|
+
version: string;
|
|
176
|
+
/** The integrity of the scanned package */
|
|
177
|
+
integrity: string | null;
|
|
178
|
+
};
|
|
174
179
|
/** Global warnings list */
|
|
175
180
|
warnings: GlobalWarning[];
|
|
176
181
|
highlighted: {
|
|
@@ -182,12 +187,22 @@ export interface Payload {
|
|
|
182
187
|
scannerVersion: string;
|
|
183
188
|
/** Vulnerability strategy name (npm, snyk, node) */
|
|
184
189
|
vulnerabilityStrategy: Vulnera.Kind;
|
|
190
|
+
metadata: {
|
|
191
|
+
/**
|
|
192
|
+
* UNIX Timestamp when the scan started
|
|
193
|
+
*/
|
|
194
|
+
startedAt: number;
|
|
195
|
+
/**
|
|
196
|
+
* Execution time in milliseconds
|
|
197
|
+
*/
|
|
198
|
+
executionTime: number;
|
|
199
|
+
};
|
|
185
200
|
}
|
|
186
201
|
export interface Options {
|
|
187
202
|
/**
|
|
188
203
|
* Maximum tree depth
|
|
189
204
|
*
|
|
190
|
-
* @default
|
|
205
|
+
* @default Infinity
|
|
191
206
|
*/
|
|
192
207
|
readonly maxDepth?: number;
|
|
193
208
|
readonly registry?: string | URL;
|
|
@@ -202,7 +217,6 @@ export interface Options {
|
|
|
202
217
|
packageLock?: {
|
|
203
218
|
/**
|
|
204
219
|
* Fetches all manifests for additional metadata.
|
|
205
|
-
* This option is useful only when `usePackageLock` is enabled.
|
|
206
220
|
*
|
|
207
221
|
* @default false
|
|
208
222
|
*/
|
|
@@ -236,4 +250,10 @@ export interface Options {
|
|
|
236
250
|
*/
|
|
237
251
|
readonly scanRootNode?: boolean;
|
|
238
252
|
}
|
|
253
|
+
export interface TokenStore {
|
|
254
|
+
/**
|
|
255
|
+
* Get the token for the given registry
|
|
256
|
+
*/
|
|
257
|
+
get(registry: string): string | undefined;
|
|
258
|
+
}
|
|
239
259
|
//# sourceMappingURL=types.d.ts.map
|
package/dist/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,KAAK,OAAO,MAAM,qBAAqB,CAAC;AAC/C,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAE1D,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,yBAAyB,CAAC;AAC1E,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AAC9D,OAAO,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,uBAAuB,CAAC;AAE3D,MAAM,MAAM,UAAU,GAAG,OAAO,GAAG;IACjC;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,MAAM,MAAM,SAAS,GAAG,IAAI,CAAC,UAAU,EAAE,KAAK,CAAC,GAAG;IAChD;;OAEG;IACH,OAAO,EAAE,MAAM,CAAC;IAChB;;;OAGG;IACH,EAAE,EAAE,MAAM,CAAC;CACZ,CAAC;AAEF,MAAM,WAAW,eAAe;IAC9B,wBAAwB;IACxB,GAAG,EAAE,MAAM,CAAC;IACZ,mBAAmB;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,yBAAyB;IACzB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,OAAO;IACtB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,MAAM,CAAC;CACb;AAED,MAAM,WAAW,iBAAiB;IAChC,qDAAqD;IACrD,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,iBAAiB,CAAC;IACxB,eAAe,EAAE,OAAO,CAAC;IACzB;;;OAGG;IACH,qBAAqB,EAAE,OAAO,CAAC;IAC/B,uCAAuC;IACvC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC/B,uDAAuD;IACvD,IAAI,EAAE,MAAM,CAAC;IACb,4BAA4B;IAC5B,eAAe,EAAE,MAAM,CAAC;IACxB,0BAA0B;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,iFAAiF;IACjF,MAAM,EAAE,UAAU,GAAG,IAAI,CAAC;IAC1B,OAAO,EAAE,OAAO,CAAC;IACjB,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC;;;;OAIG;IACH,QAAQ,EAAE,OAAO,EAAE,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC9B,mDAAmD;IACnD,WAAW,EAAE;QACX,8CAA8C;QAC9C,UAAU,EAAE,MAAM,EAAE,CAAC;QACrB,KAAK,EAAE,MAAM,EAAE,CAAC;QAChB,wCAAwC;QACxC,QAAQ,EAAE,MAAM,EAAE,CAAC;QACnB,cAAc,EAAE,MAAM,EAAE,CAAC;QACzB,mBAAmB,EAAE,MAAM,EAAE,CAAC;QAC9B,eAAe,EAAE,MAAM,EAAE,CAAC;QAC1B,gBAAgB,EAAE,MAAM,EAAE,CAAC;QAC3B,MAAM,EAAE,MAAM,EAAE,CAAC;QACjB,OAAO,EAAE,MAAM,EAAE,CAAC;KACnB,CAAC;IACF;;OAEG;IACH,QAAQ,EAAE,0BAA0B,EAAE,CAAC;IACvC,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B;;;;OAIG;IACH,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB;;OAEG;IACH,MAAM,EAAE,IAAI,GAAG,MAAM,CAAC;IACtB;;;;;OAKG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,eAAe,CAAC;IACxB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,IAAI,CAAC,cAAc,CAAC,CAAC;CACrC;AAED,MAAM,WAAW,UAAU;IACzB,4BAA4B;IAC5B,QAAQ,EAAE;QACR,0CAA0C;QAC1C,cAAc,EAAE,MAAM,CAAC;QACvB,YAAY,EAAE,IAAI,CAAC;QACnB,0BAA0B;QAC1B,WAAW,EAAE,MAAM,CAAC;QACpB,gBAAgB,EAAE,OAAO,CAAC;QAC1B,iBAAiB,EAAE,OAAO,CAAC;QAC3B,0BAA0B,EAAE,OAAO,CAAC;QACpC,iFAAiF;QACjF,MAAM,EAAE,UAAU,GAAG,IAAI,CAAC;QAC1B,wBAAwB;QACxB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;QACxB;;WAEG;QACH,WAAW,EAAE,UAAU,EAAE,CAAC;QAC1B;;WAEG;QACH,UAAU,EAAE,SAAS,EAAE,CAAC;QACxB;;;WAGG;QACH,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;KACnC,CAAC;IACF,yFAAyF;IACzF,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,iBAAiB,CAAC,CAAC;IAC5C;;;;OAIG;IACH,eAAe,EAAE,OAAO,CAAC,qBAAqB,EAAE,CAAC;CAClD;AAED,MAAM,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;AAEtD,MAAM,MAAM,0BAA0B,GAAG;IACvC,IAAI,EAAE,sBAAsB,CAAC;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE;QACR,IAAI,EAAE,MAAM,CAAC;KACd,CAAC;CACH,CAAC;AAEF,MAAM,MAAM,aAAa,GAAG;IAAE,OAAO,EAAE,MAAM,CAAC;CAAE,GAAG,CACjD;IACE,IAAI,EACA,sBAAsB,GACtB,oBAAoB,GACpB,eAAe,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC,GACD;IACE,IAAI,EAAE,gBAAgB,CAAC;IACvB,QAAQ,EAAE;QACR,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,EAAE,MAAM,EAAE,CAAC;KACnB,CAAC;CACH,GAED,0BAA0B,CAAC,CAAC;AAE9B,MAAM,WAAW,OAAO;IACtB,wBAAwB;IACxB,EAAE,EAAE,MAAM,CAAC;IACX,mCAAmC;IACnC,
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,KAAK,OAAO,MAAM,qBAAqB,CAAC;AAC/C,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAE1D,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,yBAAyB,CAAC;AAC1E,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AAC9D,OAAO,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,uBAAuB,CAAC;AAE3D,MAAM,MAAM,UAAU,GAAG,OAAO,GAAG;IACjC;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,MAAM,MAAM,SAAS,GAAG,IAAI,CAAC,UAAU,EAAE,KAAK,CAAC,GAAG;IAChD;;OAEG;IACH,OAAO,EAAE,MAAM,CAAC;IAChB;;;OAGG;IACH,EAAE,EAAE,MAAM,CAAC;CACZ,CAAC;AAEF,MAAM,WAAW,eAAe;IAC9B,wBAAwB;IACxB,GAAG,EAAE,MAAM,CAAC;IACZ,mBAAmB;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,yBAAyB;IACzB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,OAAO;IACtB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,MAAM,CAAC;CACb;AAED,MAAM,WAAW,iBAAiB;IAChC,qDAAqD;IACrD,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,iBAAiB,CAAC;IACxB,eAAe,EAAE,OAAO,CAAC;IACzB;;;OAGG;IACH,qBAAqB,EAAE,OAAO,CAAC;IAC/B,uCAAuC;IACvC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC/B,uDAAuD;IACvD,IAAI,EAAE,MAAM,CAAC;IACb,4BAA4B;IAC5B,eAAe,EAAE,MAAM,CAAC;IACxB,0BAA0B;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,iFAAiF;IACjF,MAAM,EAAE,UAAU,GAAG,IAAI,CAAC;IAC1B,OAAO,EAAE,OAAO,CAAC;IACjB,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC;;;;OAIG;IACH,QAAQ,EAAE,OAAO,EAAE,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC9B,mDAAmD;IACnD,WAAW,EAAE;QACX,8CAA8C;QAC9C,UAAU,EAAE,MAAM,EAAE,CAAC;QACrB,KAAK,EAAE,MAAM,EAAE,CAAC;QAChB,wCAAwC;QACxC,QAAQ,EAAE,MAAM,EAAE,CAAC;QACnB,cAAc,EAAE,MAAM,EAAE,CAAC;QACzB,mBAAmB,EAAE,MAAM,EAAE,CAAC;QAC9B,eAAe,EAAE,MAAM,EAAE,CAAC;QAC1B,gBAAgB,EAAE,MAAM,EAAE,CAAC;QAC3B,MAAM,EAAE,MAAM,EAAE,CAAC;QACjB,OAAO,EAAE,MAAM,EAAE,CAAC;KACnB,CAAC;IACF;;OAEG;IACH,QAAQ,EAAE,0BAA0B,EAAE,CAAC;IACvC,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B;;;;OAIG;IACH,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB;;OAEG;IACH,MAAM,EAAE,IAAI,GAAG,MAAM,CAAC;IACtB;;;;;OAKG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,eAAe,CAAC;IACxB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,IAAI,CAAC,cAAc,CAAC,CAAC;CACrC;AAED,MAAM,WAAW,UAAU;IACzB,4BAA4B;IAC5B,QAAQ,EAAE;QACR,0CAA0C;QAC1C,cAAc,EAAE,MAAM,CAAC;QACvB,YAAY,EAAE,IAAI,CAAC;QACnB,0BAA0B;QAC1B,WAAW,EAAE,MAAM,CAAC;QACpB,gBAAgB,EAAE,OAAO,CAAC;QAC1B,iBAAiB,EAAE,OAAO,CAAC;QAC3B,0BAA0B,EAAE,OAAO,CAAC;QACpC,iFAAiF;QACjF,MAAM,EAAE,UAAU,GAAG,IAAI,CAAC;QAC1B,wBAAwB;QACxB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;QACxB;;WAEG;QACH,WAAW,EAAE,UAAU,EAAE,CAAC;QAC1B;;WAEG;QACH,UAAU,EAAE,SAAS,EAAE,CAAC;QACxB;;;WAGG;QACH,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;KACnC,CAAC;IACF,yFAAyF;IACzF,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,iBAAiB,CAAC,CAAC;IAC5C;;;;OAIG;IACH,eAAe,EAAE,OAAO,CAAC,qBAAqB,EAAE,CAAC;CAClD;AAED,MAAM,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;AAEtD,MAAM,MAAM,0BAA0B,GAAG;IACvC,IAAI,EAAE,sBAAsB,CAAC;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE;QACR,IAAI,EAAE,MAAM,CAAC;KACd,CAAC;CACH,CAAC;AAEF,MAAM,MAAM,aAAa,GAAG;IAAE,OAAO,EAAE,MAAM,CAAC;CAAE,GAAG,CACjD;IACE,IAAI,EACA,sBAAsB,GACtB,oBAAoB,GACpB,eAAe,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC,GACD;IACE,IAAI,EAAE,gBAAgB,CAAC;IACvB,QAAQ,EAAE;QACR,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,EAAE,MAAM,EAAE,CAAC;KACnB,CAAC;CACH,GAED,0BAA0B,CAAC,CAAC;AAE9B,MAAM,WAAW,OAAO;IACtB,wBAAwB;IACxB,EAAE,EAAE,MAAM,CAAC;IACX,mCAAmC;IACnC,cAAc,EAAE;QACd,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,EAAE,MAAM,CAAC;QAChB,2CAA2C;QAC3C,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;KAC1B,CAAC;IACF,2BAA2B;IAC3B,QAAQ,EAAE,aAAa,EAAE,CAAC;IAC1B,WAAW,EAAE;QACX,QAAQ,EAAE,kBAAkB,EAAE,CAAC;KAChC,CAAC;IACF,sDAAsD;IACtD,YAAY,EAAE,YAAY,CAAC;IAC3B,yDAAyD;IACzD,cAAc,EAAE,MAAM,CAAC;IACvB,oDAAoD;IACpD,qBAAqB,EAAE,OAAO,CAAC,IAAI,CAAC;IAEpC,QAAQ,EAAE;QACR;;WAEG;QACH,SAAS,EAAE,MAAM,CAAC;QAClB;;WAEG;QACH,aAAa,EAAE,MAAM,CAAC;KACvB,CAAC;CACH;AAED,MAAM,WAAW,OAAO;IACtB;;;;OAIG;IACH,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAE3B,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,GAAG,GAAG,CAAC;IAEjC;;;;;;;OAOG;IACH,WAAW,CAAC,EAAE;QACZ;;;;WAIG;QACH,aAAa,CAAC,EAAE,OAAO,CAAC;QAExB;;;WAGG;QACH,QAAQ,EAAE,MAAM,CAAC;KAClB,CAAC;IAEF,SAAS,CAAC,EAAE;QACV,QAAQ,EAAE,OAAO,EAAE,CAAC;KACrB,CAAC;IAEF;;;;OAIG;IACH,QAAQ,CAAC,cAAc,CAAC,EAAE,OAAO,CAAC;IAElC;;;;OAIG;IACH,QAAQ,CAAC,qBAAqB,CAAC,EAAE,OAAO,CAAC,IAAI,CAAC;IAE9C;;;;;OAKG;IACH,QAAQ,CAAC,YAAY,CAAC,EAAE,OAAO,CAAC;CACjC;AAED,MAAM,WAAW,UAAU;IACzB;;OAEG;IACH,GAAG,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAAC;CAC3C"}
|
package/dist/utils/warnings.d.ts
CHANGED
|
@@ -5,5 +5,5 @@ export interface GetWarningsResult {
|
|
|
5
5
|
warnings: GlobalWarning[];
|
|
6
6
|
illuminated: IlluminatedContact[];
|
|
7
7
|
}
|
|
8
|
-
export declare function getDependenciesWarnings(dependenciesMap: Map<string, Dependency>, highlightContacts?: Contact[]): Promise<GetWarningsResult>;
|
|
8
|
+
export declare function getDependenciesWarnings(dependenciesMap: Map<string, Dependency>, highlightContacts?: Contact[], isLocalScan?: boolean): Promise<GetWarningsResult>;
|
|
9
9
|
//# sourceMappingURL=warnings.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"warnings.d.ts","sourceRoot":"","sources":["../../src/utils/warnings.ts"],"names":[],"mappings":"AAMA,OAAO,EAEL,KAAK,kBAAkB,EAExB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAC;AAKrD,OAAO,KAAK,EAAE,UAAU,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAoB7D,MAAM,WAAW,iBAAiB;IAChC,QAAQ,EAAE,aAAa,EAAE,CAAC;IAC1B,WAAW,EAAE,kBAAkB,EAAE,CAAC;CACnC;AAED,wBAAsB,uBAAuB,CAC3C,eAAe,EAAE,GAAG,CAAC,MAAM,EAAE,UAAU,CAAC,EACxC,iBAAiB,GAAE,OAAO,EAAO,
|
|
1
|
+
{"version":3,"file":"warnings.d.ts","sourceRoot":"","sources":["../../src/utils/warnings.ts"],"names":[],"mappings":"AAMA,OAAO,EAEL,KAAK,kBAAkB,EAExB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAC;AAKrD,OAAO,KAAK,EAAE,UAAU,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAoB7D,MAAM,WAAW,iBAAiB;IAChC,QAAQ,EAAE,aAAa,EAAE,CAAC;IAC1B,WAAW,EAAE,kBAAkB,EAAE,CAAC;CACnC;AAED,wBAAsB,uBAAuB,CAC3C,eAAe,EAAE,GAAG,CAAC,MAAM,EAAE,UAAU,CAAC,EACxC,iBAAiB,GAAE,OAAO,EAAO,EACjC,WAAW,UAAQ,GAClB,OAAO,CAAC,iBAAiB,CAAC,CAwD5B"}
|
package/dist/utils/warnings.js
CHANGED
|
@@ -20,7 +20,7 @@ const kDependencyWarnMessage = {
|
|
|
20
20
|
"@scarf/scarf": await i18n.getToken("scanner.disable_scarf"),
|
|
21
21
|
iohook: await i18n.getToken("scanner.keylogging")
|
|
22
22
|
};
|
|
23
|
-
export async function getDependenciesWarnings(dependenciesMap, highlightContacts = []) {
|
|
23
|
+
export async function getDependenciesWarnings(dependenciesMap, highlightContacts = [], isLocalScan = false) {
|
|
24
24
|
const vulnerableDependencyNames = Object.keys(kDependencyWarnMessage);
|
|
25
25
|
const topPackages = new TopPackages();
|
|
26
26
|
await topPackages.loadJSON();
|
|
@@ -37,17 +37,11 @@ export async function getDependenciesWarnings(dependenciesMap, highlightContacts
|
|
|
37
37
|
const dependencies = Object.create(null);
|
|
38
38
|
for (const [packageName, dependency] of dependenciesMap) {
|
|
39
39
|
const { author, maintainers } = dependency.metadata;
|
|
40
|
-
const
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
message: warningMessage,
|
|
46
|
-
metadata: {
|
|
47
|
-
name: packageName,
|
|
48
|
-
similar: similarPackages
|
|
49
|
-
}
|
|
50
|
-
});
|
|
40
|
+
const warning = await (isLocalScan ?
|
|
41
|
+
Promise.resolve(null) :
|
|
42
|
+
searchTypoSquattingByName(topPackages, packageName));
|
|
43
|
+
if (warning !== null) {
|
|
44
|
+
warnings.push(warning);
|
|
51
45
|
}
|
|
52
46
|
dependencies[packageName] = {
|
|
53
47
|
maintainers,
|
|
@@ -69,4 +63,20 @@ export async function getDependenciesWarnings(dependenciesMap, highlightContacts
|
|
|
69
63
|
illuminated
|
|
70
64
|
};
|
|
71
65
|
}
|
|
66
|
+
async function searchTypoSquattingByName(topPackages, packageName) {
|
|
67
|
+
const similarPackages = topPackages.getSimilarPackages(packageName);
|
|
68
|
+
if (similarPackages.length > 0 &&
|
|
69
|
+
similarPackages.length <= 3) {
|
|
70
|
+
const warningMessage = await i18n.getToken("scanner.typo_squatting", packageName, similarPackages.join(", "));
|
|
71
|
+
return {
|
|
72
|
+
type: "typo-squatting",
|
|
73
|
+
message: warningMessage,
|
|
74
|
+
metadata: {
|
|
75
|
+
name: packageName,
|
|
76
|
+
similar: similarPackages
|
|
77
|
+
}
|
|
78
|
+
};
|
|
79
|
+
}
|
|
80
|
+
return null;
|
|
81
|
+
}
|
|
72
82
|
//# sourceMappingURL=warnings.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"warnings.js","sourceRoot":"","sources":["../../src/utils/warnings.ts"],"names":[],"mappings":"AAAA,8BAA8B;AAC9B,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,kCAAkC;AAClC,OAAO,KAAK,IAAI,MAAM,kBAAkB,CAAC;AACzC,OAAO,KAAK,EAAE,MAAM,gBAAgB,CAAC;AACrC,OAAO,EACL,gBAAgB,EAGjB,MAAM,qBAAqB,CAAC;AAG7B,+BAA+B;AAC/B,OAAO,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AACjD,OAAO,EAAE,WAAW,EAAE,MAAM,+BAA+B,CAAC;AAG5D,MAAM,IAAI,CAAC,oBAAoB,CAC7B,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,MAAM,CAAC,CAC5D,CAAC;AAEF,YAAY;AACZ,MAAM,YAAY,GAAG,IAAI,CAAC,YAAY,CAAA,mBAAmB,CAAC,6CAA6C,CAAC;AACxG,MAAM,2BAA2B,GAAc;IAC7C;QACE,IAAI,EAAE,OAAO;QACb,KAAK,EAAE,yBAAyB;KACjC;CACF,CAAC;AAEF,MAAM,sBAAsB,GAAG;IAC7B,cAAc,EAAE,MAAM,IAAI,CAAC,QAAQ,CAAC,uBAAuB,CAAC;IAC5D,MAAM,EAAE,MAAM,IAAI,CAAC,QAAQ,CAAC,oBAAoB,CAAC;CACzC,CAAC;AAOX,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,eAAwC,EACxC,oBAA+B,EAAE;
|
|
1
|
+
{"version":3,"file":"warnings.js","sourceRoot":"","sources":["../../src/utils/warnings.ts"],"names":[],"mappings":"AAAA,8BAA8B;AAC9B,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,kCAAkC;AAClC,OAAO,KAAK,IAAI,MAAM,kBAAkB,CAAC;AACzC,OAAO,KAAK,EAAE,MAAM,gBAAgB,CAAC;AACrC,OAAO,EACL,gBAAgB,EAGjB,MAAM,qBAAqB,CAAC;AAG7B,+BAA+B;AAC/B,OAAO,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AACjD,OAAO,EAAE,WAAW,EAAE,MAAM,+BAA+B,CAAC;AAG5D,MAAM,IAAI,CAAC,oBAAoB,CAC7B,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,MAAM,CAAC,CAC5D,CAAC;AAEF,YAAY;AACZ,MAAM,YAAY,GAAG,IAAI,CAAC,YAAY,CAAA,mBAAmB,CAAC,6CAA6C,CAAC;AACxG,MAAM,2BAA2B,GAAc;IAC7C;QACE,IAAI,EAAE,OAAO;QACb,KAAK,EAAE,yBAAyB;KACjC;CACF,CAAC;AAEF,MAAM,sBAAsB,GAAG;IAC7B,cAAc,EAAE,MAAM,IAAI,CAAC,QAAQ,CAAC,uBAAuB,CAAC;IAC5D,MAAM,EAAE,MAAM,IAAI,CAAC,QAAQ,CAAC,oBAAoB,CAAC;CACzC,CAAC;AAOX,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,eAAwC,EACxC,oBAA+B,EAAE,EACjC,WAAW,GAAG,KAAK;IAEnB,MAAM,yBAAyB,GAAG,MAAM,CAAC,IAAI,CAC3C,sBAAsB,CAC+B,CAAC;IACxD,MAAM,WAAW,GAAG,IAAI,WAAW,EAAE,CAAC;IACtC,MAAM,WAAW,CAAC,QAAQ,EAAE,CAAC;IAE7B,MAAM,QAAQ,GAAoB,yBAAyB;SACxD,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE;QAChB,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/B,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,OAAO;YACL,IAAI,EAAE,sBAAsB;YAC5B,OAAO,EAAE,GAAG,YAAY,CAAC,IAAI,CAAC,IAAI,sBAAsB,CAAC,IAAI,CAAC,EAAE;SACjE,CAAC;IACJ,CAAC,CAAC,CAAC;IAEL,MAAM,YAAY,GAAoD,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IAC1F,KAAK,MAAM,CAAC,WAAW,EAAE,UAAU,CAAC,IAAI,eAAe,EAAE,CAAC;QACxD,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,GAAG,UAAU,CAAC,QAAQ,CAAC;QAEpD,MAAM,OAAO,GAAG,MAAM,CACpB,WAAW,CAAC,CAAC;YACX,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;YACvB,yBAAyB,CAAC,WAAW,EAAE,WAAW,CAAC,CACtD,CAAC;QACF,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;YACrB,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACzB,CAAC;QAED,YAAY,CAAC,WAAW,CAAC,GAAG;YAC1B,WAAW;YACX,GAAG,CAAC,MAAM,KAAK,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC;SACvC,CAAC;IACJ,CAAC;IAED,MAAM,cAAc,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC;IACrC,MAAM,SAAS,GAAG,IAAI,gBAAgB,CAAC;QACrC,SAAS,EAAE;YACT,GAAG,iBAAiB;YACpB,GAAG,CAAC,cAAc,KAAK,IAAI,CAAC,CAAC;gBAC3B,EAAE,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,OAAO,EAAE,SAAS,EAAE,QAAQ,IAAI,EAAE,CAAC,CACzD;YACD,GAAG,2BAA2B;SAC/B;KACF,CAAC,CAAC;IACH,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,SAAS,CAAC,gBAAgB,CACtD,YAAY,CACb,CAAC;IAEF,OAAO;QACL,QAAQ;QACR,WAAW;KACZ,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,yBAAyB,CACtC,WAAwB,EACxB,WAAmB;IAEnB,MAAM,eAAe,GAAG,WAAW,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAC;IACpE,IACE,eAAe,CAAC,MAAM,GAAG,CAAC;QAC1B,eAAe,CAAC,MAAM,IAAI,CAAC,EAC3B,CAAC;QACD,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,QAAQ,CACxC,wBAAwB,EACxB,WAAW,EACX,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAC3B,CAAC;QAEF,OAAO;YACL,IAAI,EAAE,gBAAgB;YACtB,OAAO,EAAE,cAAc;YACvB,QAAQ,EAAE;gBACR,IAAI,EAAE,WAAW;gBACjB,OAAO,EAAE,eAAe;aACzB;SACF,CAAC;IACJ,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@nodesecure/scanner",
|
|
3
|
-
"version": "
|
|
3
|
+
"version": "8.0.0",
|
|
4
4
|
"description": "A package API to run a static analysis of your module's dependencies.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"exports": "./dist/index.js",
|
|
@@ -58,8 +58,8 @@
|
|
|
58
58
|
"@nodesecure/npm-registry-sdk": "^4.4.0",
|
|
59
59
|
"@nodesecure/npm-types": "^1.3.0",
|
|
60
60
|
"@nodesecure/rc": "^5.0.1",
|
|
61
|
-
"@nodesecure/tarball": "^2.
|
|
62
|
-
"@nodesecure/tree-walker": "^
|
|
61
|
+
"@nodesecure/tarball": "^2.3.0",
|
|
62
|
+
"@nodesecure/tree-walker": "^2.0.0",
|
|
63
63
|
"@nodesecure/utils": "^2.3.0",
|
|
64
64
|
"@nodesecure/vulnera": "^2.0.1",
|
|
65
65
|
"@openally/mutex": "^2.0.0",
|
|
@@ -67,10 +67,13 @@
|
|
|
67
67
|
"frequency-set": "^2.1.0",
|
|
68
68
|
"pacote": "^21.0.0",
|
|
69
69
|
"semver": "^7.5.4",
|
|
70
|
+
"ssri": "13.0.0",
|
|
70
71
|
"type-fest": "^5.0.1"
|
|
71
72
|
},
|
|
72
73
|
"devDependencies": {
|
|
74
|
+
"@npmcli/config": "^10.4.2",
|
|
73
75
|
"@types/node": "^24.0.2",
|
|
76
|
+
"@types/npmcli__config": "^6.0.3",
|
|
74
77
|
"c8": "^10.1.3",
|
|
75
78
|
"tsx": "^4.19.4",
|
|
76
79
|
"typescript": "^5.8.3"
|