@nodesecure/scanner 8.0.0 → 8.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/class/logger.class.d.ts +11 -1
- package/dist/class/logger.class.d.ts.map +1 -1
- package/dist/class/logger.class.js +1 -0
- package/dist/class/logger.class.js.map +1 -1
- package/dist/comparePayloads.d.ts +1 -1
- package/dist/data/top-packages.json +50000 -0
- package/dist/depWalker.d.ts +2 -2
- package/dist/depWalker.js +188 -262
- package/dist/depWalker.js.map +1 -1
- package/dist/extractors/index.d.ts +2 -2
- package/dist/extractors/payload.d.ts +5 -5
- package/dist/extractors/payload.d.ts.map +1 -1
- package/dist/extractors/payload.js +1 -3
- package/dist/extractors/payload.js.map +1 -1
- package/dist/extractors/probes/ContactExtractor.class.d.ts +2 -2
- package/dist/extractors/probes/ExtensionsExtractor.class.d.ts +2 -2
- package/dist/extractors/probes/FlagsExtractor.class.d.ts +2 -2
- package/dist/extractors/probes/FlagsExtractor.class.js +1 -1
- package/dist/extractors/probes/FlagsExtractor.class.js.map +1 -1
- package/dist/extractors/probes/LicensesExtractor.class.d.ts +2 -2
- package/dist/extractors/probes/NodeDependenciesExtractor.class.d.ts +2 -2
- package/dist/extractors/probes/SizeExtractor.class.d.ts +2 -2
- package/dist/extractors/probes/VulnerabilitiesExtractor.class.d.ts +2 -2
- package/dist/extractors/probes/WarningsExtractor.class.d.ts +2 -2
- package/dist/extractors/probes/index.d.ts +8 -8
- package/dist/index.d.ts +8 -8
- package/dist/index.js +9 -73
- package/dist/index.js.map +1 -1
- package/dist/registry/NpmRegistryProvider.d.ts +6 -6
- package/dist/registry/PackumentExtractor.d.ts +1 -1
- package/dist/registry/RegistryTokenStore.d.ts +1 -1
- package/dist/registry/fetchNpmAvatars.d.ts +1 -1
- package/dist/utils/addMissingVersionFlags.d.ts +1 -1
- package/dist/utils/index.d.ts +7 -7
- package/dist/utils/isNodesecurePayload.d.ts +1 -1
- package/dist/utils/warnings.d.ts +1 -1
- package/package.json +15 -7
package/dist/depWalker.d.ts
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import type { ManifestVersion, PackageJSON, WorkspacesPackageJSON } from "@nodesecure/npm-types";
|
|
2
2
|
import type Config from "@npmcli/config";
|
|
3
|
-
import { Logger } from "./class/logger.class.
|
|
4
|
-
import type { Options, Payload } from "./types.
|
|
3
|
+
import { Logger } from "./class/logger.class.ts";
|
|
4
|
+
import type { Options, Payload } from "./types.ts";
|
|
5
5
|
type WalkerOptions = Omit<Options, "registry"> & {
|
|
6
6
|
registry: string;
|
|
7
7
|
location?: string;
|
package/dist/depWalker.js
CHANGED
|
@@ -1,55 +1,3 @@
|
|
|
1
|
-
var __addDisposableResource = (this && this.__addDisposableResource) || function (env, value, async) {
|
|
2
|
-
if (value !== null && value !== void 0) {
|
|
3
|
-
if (typeof value !== "object" && typeof value !== "function") throw new TypeError("Object expected.");
|
|
4
|
-
var dispose, inner;
|
|
5
|
-
if (async) {
|
|
6
|
-
if (!Symbol.asyncDispose) throw new TypeError("Symbol.asyncDispose is not defined.");
|
|
7
|
-
dispose = value[Symbol.asyncDispose];
|
|
8
|
-
}
|
|
9
|
-
if (dispose === void 0) {
|
|
10
|
-
if (!Symbol.dispose) throw new TypeError("Symbol.dispose is not defined.");
|
|
11
|
-
dispose = value[Symbol.dispose];
|
|
12
|
-
if (async) inner = dispose;
|
|
13
|
-
}
|
|
14
|
-
if (typeof dispose !== "function") throw new TypeError("Object not disposable.");
|
|
15
|
-
if (inner) dispose = function() { try { inner.call(this); } catch (e) { return Promise.reject(e); } };
|
|
16
|
-
env.stack.push({ value: value, dispose: dispose, async: async });
|
|
17
|
-
}
|
|
18
|
-
else if (async) {
|
|
19
|
-
env.stack.push({ async: true });
|
|
20
|
-
}
|
|
21
|
-
return value;
|
|
22
|
-
};
|
|
23
|
-
var __disposeResources = (this && this.__disposeResources) || (function (SuppressedError) {
|
|
24
|
-
return function (env) {
|
|
25
|
-
function fail(e) {
|
|
26
|
-
env.error = env.hasError ? new SuppressedError(e, env.error, "An error was suppressed during disposal.") : e;
|
|
27
|
-
env.hasError = true;
|
|
28
|
-
}
|
|
29
|
-
var r, s = 0;
|
|
30
|
-
function next() {
|
|
31
|
-
while (r = env.stack.pop()) {
|
|
32
|
-
try {
|
|
33
|
-
if (!r.async && s === 1) return s = 0, env.stack.push(r), Promise.resolve().then(next);
|
|
34
|
-
if (r.dispose) {
|
|
35
|
-
var result = r.dispose.call(r.value);
|
|
36
|
-
if (r.async) return s |= 2, Promise.resolve(result).then(next, function(e) { fail(e); return next(); });
|
|
37
|
-
}
|
|
38
|
-
else s |= 1;
|
|
39
|
-
}
|
|
40
|
-
catch (e) {
|
|
41
|
-
fail(e);
|
|
42
|
-
}
|
|
43
|
-
}
|
|
44
|
-
if (s === 1) return env.hasError ? Promise.reject(env.error) : Promise.resolve();
|
|
45
|
-
if (env.hasError) throw env.error;
|
|
46
|
-
}
|
|
47
|
-
return next();
|
|
48
|
-
};
|
|
49
|
-
})(typeof SuppressedError === "function" ? SuppressedError : function (error, suppressed, message) {
|
|
50
|
-
var e = new Error(message);
|
|
51
|
-
return e.name = "SuppressedError", e.error = error, e.suppressed = suppressed, e;
|
|
52
|
-
});
|
|
53
1
|
// Import Node.js Dependencies
|
|
54
2
|
import path from "node:path";
|
|
55
3
|
import { readFileSync } from "node:fs";
|
|
@@ -105,238 +53,216 @@ const kDefaultDependencyMetadata = {
|
|
|
105
53
|
const kRootDependencyId = 0;
|
|
106
54
|
const { version: packageVersion } = JSON.parse(readFileSync(new URL(path.join("..", "package.json"), import.meta.url), "utf-8"));
|
|
107
55
|
export async function depWalker(manifest, options, logger = new Logger()) {
|
|
108
|
-
const
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
|
|
129
|
-
|
|
56
|
+
const { scanRootNode = false, includeDevDeps = false, packageLock, maxDepth, location, vulnerabilityStrategy = Vulnera.strategies.NONE, registry, npmRcConfig } = options;
|
|
57
|
+
const startedAt = Date.now();
|
|
58
|
+
const isRemoteScanning = typeof location === "undefined";
|
|
59
|
+
const tokenStore = new RegistryTokenStore(npmRcConfig, NPM_TOKEN.token);
|
|
60
|
+
await using tempDir = await TempDirectory.create();
|
|
61
|
+
const dependencyConfusionWarnings = [];
|
|
62
|
+
const payload = {
|
|
63
|
+
id: tempDir.id,
|
|
64
|
+
rootDependency: {
|
|
65
|
+
name: manifest.name ?? "workspace",
|
|
66
|
+
version: manifest.version ?? "0.0.0",
|
|
67
|
+
integrity: null
|
|
68
|
+
},
|
|
69
|
+
scannerVersion: packageVersion,
|
|
70
|
+
vulnerabilityStrategy,
|
|
71
|
+
warnings: [],
|
|
72
|
+
metadata: {
|
|
73
|
+
startedAt,
|
|
74
|
+
executionTime: 0
|
|
75
|
+
}
|
|
76
|
+
};
|
|
77
|
+
const dependencies = new Map();
|
|
78
|
+
const npmTreeWalker = new npm.TreeWalker({
|
|
79
|
+
registry
|
|
80
|
+
});
|
|
81
|
+
{
|
|
82
|
+
logger
|
|
83
|
+
.start(ScannerLoggerEvents.analysis.tree)
|
|
84
|
+
.start(ScannerLoggerEvents.analysis.tarball)
|
|
85
|
+
.start(ScannerLoggerEvents.analysis.registry);
|
|
86
|
+
const fetchedMetadataPackages = new Set();
|
|
87
|
+
const operationsQueue = [];
|
|
88
|
+
const locker = new Mutex({ concurrency: 5 });
|
|
89
|
+
locker.on(MutexRelease, () => logger.tick(ScannerLoggerEvents.analysis.tarball));
|
|
90
|
+
const rootDepsOptions = {
|
|
91
|
+
maxDepth,
|
|
92
|
+
includeDevDeps,
|
|
93
|
+
packageLock
|
|
130
94
|
};
|
|
131
|
-
const
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
.start(ScannerLoggerEvents.analysis.tarball)
|
|
139
|
-
.start(ScannerLoggerEvents.analysis.registry);
|
|
140
|
-
const fetchedMetadataPackages = new Set();
|
|
141
|
-
const operationsQueue = [];
|
|
142
|
-
const locker = new Mutex({ concurrency: 5 });
|
|
143
|
-
locker.on(MutexRelease, () => logger.tick(ScannerLoggerEvents.analysis.tarball));
|
|
144
|
-
const rootDepsOptions = {
|
|
145
|
-
maxDepth,
|
|
146
|
-
includeDevDeps,
|
|
147
|
-
packageLock
|
|
148
|
-
};
|
|
149
|
-
for await (const current of npmTreeWalker.walk(manifest, rootDepsOptions)) {
|
|
150
|
-
const { name, version, integrity, ...currentVersion } = current;
|
|
151
|
-
const dependency = {
|
|
152
|
-
versions: {
|
|
153
|
-
[version]: {
|
|
154
|
-
...currentVersion,
|
|
155
|
-
...structuredClone(kDefaultDependencyVersionFields)
|
|
156
|
-
}
|
|
157
|
-
},
|
|
158
|
-
vulnerabilities: [],
|
|
159
|
-
metadata: structuredClone(kDefaultDependencyMetadata)
|
|
160
|
-
};
|
|
161
|
-
let proceedDependencyScan = true;
|
|
162
|
-
const org = parseNpmSpec(name)?.org;
|
|
163
|
-
if (dependencies.has(name)) {
|
|
164
|
-
const dep = dependencies.get(name);
|
|
165
|
-
operationsQueue.push(new NpmRegistryProvider(name, version, {
|
|
166
|
-
registry,
|
|
167
|
-
tokenStore
|
|
168
|
-
}).enrichDependencyVersion(dep, dependencyConfusionWarnings, org));
|
|
169
|
-
if (version in dep.versions) {
|
|
170
|
-
// The dependency has already entered the analysis
|
|
171
|
-
// This happens if the package is used by multiple packages in the tree
|
|
172
|
-
proceedDependencyScan = false;
|
|
173
|
-
}
|
|
174
|
-
else {
|
|
175
|
-
dep.versions[version] = dependency.versions[version];
|
|
95
|
+
for await (const current of npmTreeWalker.walk(manifest, rootDepsOptions)) {
|
|
96
|
+
const { name, version, integrity, ...currentVersion } = current;
|
|
97
|
+
const dependency = {
|
|
98
|
+
versions: {
|
|
99
|
+
[version]: {
|
|
100
|
+
...currentVersion,
|
|
101
|
+
...structuredClone(kDefaultDependencyVersionFields)
|
|
176
102
|
}
|
|
103
|
+
},
|
|
104
|
+
vulnerabilities: [],
|
|
105
|
+
metadata: structuredClone(kDefaultDependencyMetadata)
|
|
106
|
+
};
|
|
107
|
+
let proceedDependencyScan = true;
|
|
108
|
+
const org = parseNpmSpec(name)?.org;
|
|
109
|
+
if (dependencies.has(name)) {
|
|
110
|
+
const dep = dependencies.get(name);
|
|
111
|
+
operationsQueue.push(new NpmRegistryProvider(name, version, {
|
|
112
|
+
registry,
|
|
113
|
+
tokenStore
|
|
114
|
+
}).enrichDependencyVersion(dep, dependencyConfusionWarnings, org));
|
|
115
|
+
if (version in dep.versions) {
|
|
116
|
+
// The dependency has already entered the analysis
|
|
117
|
+
// This happens if the package is used by multiple packages in the tree
|
|
118
|
+
proceedDependencyScan = false;
|
|
177
119
|
}
|
|
178
120
|
else {
|
|
179
|
-
|
|
180
|
-
}
|
|
181
|
-
const isRoot = current.id === kRootDependencyId;
|
|
182
|
-
if (isRoot && payload.rootDependency.integrity) {
|
|
183
|
-
payload.rootDependency.integrity = integrity;
|
|
121
|
+
dep.versions[version] = dependency.versions[version];
|
|
184
122
|
}
|
|
185
|
-
|
|
186
|
-
|
|
187
|
-
|
|
188
|
-
|
|
189
|
-
|
|
190
|
-
|
|
191
|
-
|
|
192
|
-
|
|
193
|
-
|
|
194
|
-
|
|
195
|
-
|
|
196
|
-
|
|
197
|
-
|
|
198
|
-
|
|
199
|
-
|
|
200
|
-
|
|
201
|
-
|
|
202
|
-
|
|
123
|
+
}
|
|
124
|
+
else {
|
|
125
|
+
dependencies.set(name, dependency);
|
|
126
|
+
}
|
|
127
|
+
const isRoot = current.id === kRootDependencyId;
|
|
128
|
+
if (isRoot && payload.rootDependency.integrity) {
|
|
129
|
+
payload.rootDependency.integrity = integrity;
|
|
130
|
+
}
|
|
131
|
+
else if (isRoot) {
|
|
132
|
+
const isWorkspace = options.location && "workspaces" in manifest;
|
|
133
|
+
payload.rootDependency.integrity = isWorkspace ?
|
|
134
|
+
null :
|
|
135
|
+
fromData(JSON.stringify(manifest), { algorithms: ["sha512"] }).toString();
|
|
136
|
+
}
|
|
137
|
+
// If the dependency is a DevDependencies we ignore it.
|
|
138
|
+
if (current.isDevDependency || !proceedDependencyScan) {
|
|
139
|
+
continue;
|
|
140
|
+
}
|
|
141
|
+
logger.tick(ScannerLoggerEvents.analysis.tree);
|
|
142
|
+
// There is no need to fetch 'N' times the npm metadata for the same package.
|
|
143
|
+
if (fetchedMetadataPackages.has(name) || !current.existOnRemoteRegistry) {
|
|
144
|
+
logger.tick(ScannerLoggerEvents.analysis.registry);
|
|
145
|
+
}
|
|
146
|
+
else {
|
|
147
|
+
fetchedMetadataPackages.add(name);
|
|
148
|
+
const provider = new NpmRegistryProvider(name, version, {
|
|
149
|
+
registry,
|
|
150
|
+
tokenStore
|
|
151
|
+
});
|
|
152
|
+
operationsQueue.push(provider.enrichDependency(logger, dependency));
|
|
153
|
+
if (registry !== getNpmRegistryURL() && org) {
|
|
154
|
+
operationsQueue.push(new NpmRegistryProvider(name, version, {
|
|
203
155
|
registry,
|
|
204
156
|
tokenStore
|
|
205
|
-
});
|
|
206
|
-
operationsQueue.push(provider.enrichDependency(logger, dependency));
|
|
207
|
-
if (registry !== getNpmRegistryURL() && org) {
|
|
208
|
-
operationsQueue.push(new NpmRegistryProvider(name, version, {
|
|
209
|
-
registry,
|
|
210
|
-
tokenStore
|
|
211
|
-
}).enrichScopedDependencyConfusionWarnings(dependencyConfusionWarnings, org));
|
|
212
|
-
}
|
|
157
|
+
}).enrichScopedDependencyConfusionWarnings(dependencyConfusionWarnings, org));
|
|
213
158
|
}
|
|
214
|
-
const scanDirOptions = {
|
|
215
|
-
ref: dependency.versions[version],
|
|
216
|
-
location,
|
|
217
|
-
isRootNode: scanRootNode && name === manifest.name,
|
|
218
|
-
registry
|
|
219
|
-
};
|
|
220
|
-
operationsQueue.push(scanDirOrArchiveEx(name, version, locker, tempDir, scanDirOptions));
|
|
221
159
|
}
|
|
222
|
-
|
|
223
|
-
|
|
224
|
-
|
|
225
|
-
.
|
|
226
|
-
|
|
227
|
-
|
|
228
|
-
|
|
229
|
-
const isVulnHydratable = (strategy === "github-advisory" || strategy === "snyk")
|
|
230
|
-
&& isRemoteScanning;
|
|
231
|
-
if (!isVulnHydratable) {
|
|
232
|
-
await hydratePayloadDependencies(dependencies, {
|
|
233
|
-
useStandardFormat: true,
|
|
234
|
-
path: location
|
|
235
|
-
});
|
|
160
|
+
const scanDirOptions = {
|
|
161
|
+
ref: dependency.versions[version],
|
|
162
|
+
location,
|
|
163
|
+
isRootNode: scanRootNode && name === manifest.name,
|
|
164
|
+
registry
|
|
165
|
+
};
|
|
166
|
+
operationsQueue.push(scanDirOrArchiveEx(name, version, locker, tempDir, logger, scanDirOptions));
|
|
236
167
|
}
|
|
237
|
-
|
|
238
|
-
|
|
239
|
-
|
|
240
|
-
|
|
241
|
-
|
|
242
|
-
|
|
243
|
-
|
|
244
|
-
|
|
245
|
-
|
|
246
|
-
|
|
247
|
-
|
|
248
|
-
|
|
249
|
-
|
|
250
|
-
|
|
251
|
-
|
|
252
|
-
|
|
253
|
-
|
|
254
|
-
|
|
255
|
-
|
|
256
|
-
|
|
257
|
-
|
|
258
|
-
|
|
259
|
-
|
|
260
|
-
|
|
168
|
+
logger.end(ScannerLoggerEvents.analysis.tree);
|
|
169
|
+
await Promise.allSettled(operationsQueue);
|
|
170
|
+
logger
|
|
171
|
+
.end(ScannerLoggerEvents.analysis.tarball)
|
|
172
|
+
.end(ScannerLoggerEvents.analysis.registry);
|
|
173
|
+
}
|
|
174
|
+
const { hydratePayloadDependencies, strategy } = Vulnera.setStrategy(vulnerabilityStrategy);
|
|
175
|
+
const isVulnHydratable = (strategy === "github-advisory" || strategy === "snyk")
|
|
176
|
+
&& isRemoteScanning;
|
|
177
|
+
if (!isVulnHydratable) {
|
|
178
|
+
await hydratePayloadDependencies(dependencies, {
|
|
179
|
+
useStandardFormat: true,
|
|
180
|
+
path: location
|
|
181
|
+
});
|
|
182
|
+
}
|
|
183
|
+
payload.vulnerabilityStrategy = strategy;
|
|
184
|
+
// We do this because it "seem" impossible to link all dependencies in the first walk.
|
|
185
|
+
// Because we are dealing with package only one time it may happen sometimes.
|
|
186
|
+
const globalWarnings = [];
|
|
187
|
+
for (const [packageName, dependency] of dependencies) {
|
|
188
|
+
const metadataIntegrities = dependency.metadata?.integrity ?? {};
|
|
189
|
+
for (const [version, integrity] of Object.entries(metadataIntegrities)) {
|
|
190
|
+
const dependencyVer = dependency.versions[version];
|
|
191
|
+
const isEmptyPackage = dependencyVer.warnings.some((warning) => warning.kind === "empty-package");
|
|
192
|
+
if (isEmptyPackage) {
|
|
193
|
+
globalWarnings.push({
|
|
194
|
+
type: "empty-package",
|
|
195
|
+
message: `${packageName}@${version} only contain a package.json file!`
|
|
196
|
+
});
|
|
261
197
|
}
|
|
262
|
-
|
|
263
|
-
|
|
264
|
-
|
|
265
|
-
|
|
266
|
-
|
|
267
|
-
|
|
268
|
-
|
|
269
|
-
|
|
270
|
-
Object.assign(verDescriptor, {
|
|
271
|
-
author: parseAuthor(manifest.author),
|
|
272
|
-
links: getManifestLinks(manifest),
|
|
273
|
-
repository: manifest.repository
|
|
274
|
-
});
|
|
275
|
-
}
|
|
276
|
-
const usedDeps = npmTreeWalker.relationsMap.get(`${packageName}@${verStr}`) || new Set();
|
|
277
|
-
if (usedDeps.size === 0) {
|
|
278
|
-
continue;
|
|
279
|
-
}
|
|
280
|
-
const usedBy = Object.create(null);
|
|
281
|
-
for (const [name, version] of getUsedDeps(usedDeps)) {
|
|
282
|
-
usedBy[name] = version;
|
|
283
|
-
}
|
|
284
|
-
Object.assign(verDescriptor.usedBy, usedBy);
|
|
198
|
+
if (!("integrity" in dependencyVer) || dependencyVer.flags.includes("isGit")) {
|
|
199
|
+
continue;
|
|
200
|
+
}
|
|
201
|
+
if (dependencyVer.integrity !== integrity) {
|
|
202
|
+
globalWarnings.push({
|
|
203
|
+
type: "integrity-mismatch",
|
|
204
|
+
message: `${packageName}@${version} manifest & tarball integrity doesn't match!`
|
|
205
|
+
});
|
|
285
206
|
}
|
|
286
207
|
}
|
|
287
|
-
|
|
288
|
-
const
|
|
289
|
-
|
|
290
|
-
|
|
291
|
-
|
|
292
|
-
|
|
293
|
-
|
|
294
|
-
|
|
295
|
-
|
|
296
|
-
|
|
297
|
-
|
|
298
|
-
|
|
208
|
+
for (const version of Object.entries(dependency.versions)) {
|
|
209
|
+
const [verStr, verDescriptor] = version;
|
|
210
|
+
verDescriptor.flags.push(...addMissingVersionFlags(new Set(verDescriptor.flags), dependency));
|
|
211
|
+
if (isLocalManifest(verDescriptor, manifest, packageName)) {
|
|
212
|
+
Object.assign(dependency.metadata, {
|
|
213
|
+
author: parseAuthor(manifest.author),
|
|
214
|
+
homepage: manifest.homepage
|
|
215
|
+
});
|
|
216
|
+
Object.assign(verDescriptor, {
|
|
217
|
+
author: parseAuthor(manifest.author),
|
|
218
|
+
links: getManifestLinks(manifest),
|
|
219
|
+
repository: manifest.repository
|
|
220
|
+
});
|
|
221
|
+
}
|
|
222
|
+
const usedDeps = npmTreeWalker.relationsMap.get(`${packageName}@${verStr}`) || new Set();
|
|
223
|
+
if (usedDeps.size === 0) {
|
|
224
|
+
continue;
|
|
225
|
+
}
|
|
226
|
+
const usedBy = Object.create(null);
|
|
227
|
+
for (const [name, version] of getUsedDeps(usedDeps)) {
|
|
228
|
+
usedBy[name] = version;
|
|
229
|
+
}
|
|
230
|
+
Object.assign(verDescriptor.usedBy, usedBy);
|
|
299
231
|
}
|
|
300
232
|
}
|
|
301
|
-
|
|
302
|
-
|
|
303
|
-
|
|
233
|
+
try {
|
|
234
|
+
const { warnings, illuminated } = await getDependenciesWarnings(dependencies, options.highlight?.contacts, isRemoteScanning);
|
|
235
|
+
payload.warnings = globalWarnings.concat(dependencyConfusionWarnings).concat(warnings);
|
|
236
|
+
payload.highlighted = {
|
|
237
|
+
contacts: illuminated
|
|
238
|
+
};
|
|
239
|
+
payload.dependencies = Object.fromEntries(dependencies);
|
|
240
|
+
payload.metadata.executionTime = Date.now() - startedAt;
|
|
241
|
+
return payload;
|
|
304
242
|
}
|
|
305
243
|
finally {
|
|
306
|
-
|
|
307
|
-
if (result_1)
|
|
308
|
-
await result_1;
|
|
244
|
+
logger.emit(ScannerLoggerEvents.done);
|
|
309
245
|
}
|
|
310
246
|
}
|
|
311
247
|
// eslint-disable-next-line max-params
|
|
312
|
-
async function scanDirOrArchiveEx(name, version, locker, tempDir, options) {
|
|
313
|
-
|
|
248
|
+
async function scanDirOrArchiveEx(name, version, locker, tempDir, logger, options) {
|
|
249
|
+
using _ = await locker.acquire();
|
|
314
250
|
try {
|
|
315
|
-
const
|
|
316
|
-
|
|
317
|
-
|
|
318
|
-
|
|
319
|
-
|
|
320
|
-
|
|
321
|
-
|
|
322
|
-
|
|
323
|
-
|
|
324
|
-
|
|
325
|
-
|
|
326
|
-
|
|
327
|
-
}
|
|
328
|
-
});
|
|
329
|
-
}
|
|
330
|
-
catch {
|
|
331
|
-
// ignore
|
|
332
|
-
}
|
|
333
|
-
}
|
|
334
|
-
catch (e_2) {
|
|
335
|
-
env_2.error = e_2;
|
|
336
|
-
env_2.hasError = true;
|
|
251
|
+
const { registry, location = process.cwd(), isRootNode, ref } = options;
|
|
252
|
+
const mama = await (isRootNode ?
|
|
253
|
+
ManifestManager.fromPackageJSON(location) :
|
|
254
|
+
extractAndResolve(tempDir.location, {
|
|
255
|
+
spec: `${name}@${version}`,
|
|
256
|
+
registry
|
|
257
|
+
}));
|
|
258
|
+
await scanDirOrArchive(mama, ref, {
|
|
259
|
+
astAnalyserOptions: {
|
|
260
|
+
optionalWarnings: typeof location !== "undefined"
|
|
261
|
+
}
|
|
262
|
+
});
|
|
337
263
|
}
|
|
338
|
-
|
|
339
|
-
|
|
264
|
+
catch (error) {
|
|
265
|
+
logger.emit(ScannerLoggerEvents.error, error, "tarball-scan");
|
|
340
266
|
}
|
|
341
267
|
}
|
|
342
268
|
function isLocalManifest(verDescriptor, manifest, packageName) {
|
package/dist/depWalker.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"depWalker.js","sourceRoot":"","sources":["../src/depWalker.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"depWalker.js","sourceRoot":"","sources":["../src/depWalker.ts"],"names":[],"mappings":"AAAA,8BAA8B;AAC9B,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAEvC,kCAAkC;AAClC,OAAO,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AACtD,OAAO,EACL,iBAAiB,EACjB,gBAAgB,EACjB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,KAAK,OAAO,MAAM,qBAAqB,CAAC;AAC/C,OAAO,EAAE,GAAG,EAAE,MAAM,yBAAyB,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,eAAe,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAEjE,OAAO,EAAE,iBAAiB,EAAE,MAAM,8BAA8B,CAAC;AAEjE,OAAO,EAAE,QAAQ,EAAE,MAAM,MAAM,CAAC;AAEhC,+BAA+B;AAC/B,OAAO,EACL,uBAAuB,EACvB,sBAAsB,EACtB,WAAW,EACX,gBAAgB,EAChB,SAAS,EACV,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,mBAAmB,EAAE,MAAM,mCAAmC,CAAC;AACxE,OAAO,EAAE,kBAAkB,EAAE,MAAM,kCAAkC,CAAC;AACtE,OAAO,EAAE,aAAa,EAAE,MAAM,gCAAgC,CAAC;AAC/D,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAUtE,YAAY;AACZ,MAAM,+BAA+B,GAAG;IACtC,WAAW,EAAE,EAAE;IACf,IAAI,EAAE,CAAC;IACP,MAAM,EAAE,IAAI;IACZ,OAAO,EAAE,EAAE;IACX,OAAO,EAAE,EAAE;IACX,QAAQ,EAAE,EAAE;IACZ,gBAAgB,EAAE,EAAE;IACpB,WAAW,EAAE;QACX,UAAU,EAAE,EAAE;QACd,KAAK,EAAE,EAAE;QACT,QAAQ,EAAE,EAAE;QACZ,MAAM,EAAE,EAAE;QACV,OAAO,EAAE,EAAE;QACX,cAAc,EAAE,EAAE;QAClB,eAAe,EAAE,EAAE;QACnB,mBAAmB,EAAE,EAAE;QACvB,gBAAgB,EAAE,EAAE;KACrB;CACF,CAAC;AACF,MAAM,0BAA0B,GAA2B;IACzD,cAAc,EAAE,CAAC;IACjB,YAAY,EAAE,IAAI,IAAI,EAAE;IACxB,WAAW,EAAE,KAAK;IAClB,gBAAgB,EAAE,KAAK;IACvB,iBAAiB,EAAE,KAAK;IACxB,0BAA0B,EAAE,IAAI;IAChC,QAAQ,EAAE,IAAI;IACd,MAAM,EAAE,IAAI;IACZ,UAAU,EAAE,EAAE;IACd,WAAW,EAAE,EAAE;IACf,SAAS,EAAE,EAAE;CACd,CAAC;AAEF,MAAM,iBAAiB,GAAG,CAAC,CAAC;AAE5B,MAAM,EAAE,OAAO,EAAE,cAAc,EAAE,GAAG,IAAI,CAAC,KAAK,CAC5C,YAAY,CACV,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,cAAc,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EACzD,OAAO,CACR,CACF,CAAC;AAeF,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,QAA+D,EAC/D,OAAsB,EACtB,MAAM,GAAG,IAAI,MAAM,EAAE;IAErB,MAAM,EACJ,YAAY,GAAG,KAAK,EACpB,cAAc,GAAG,KAAK,EACtB,WAAW,EACX,QAAQ,EACR,QAAQ,EACR,qBAAqB,GAAG,OAAO,CAAC,UAAU,CAAC,IAAI,EAC/C,QAAQ,EACR,WAAW,EACZ,GAAG,OAAO,CAAC;IAEZ,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7B,MAAM,gBAAgB,GAAG,OAAO,QAAQ,KAAK,WAAW,CAAC;IACzD,MAAM,UAAU,GAAG,IAAI,kBAAkB,CAAC,WAAW,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC;IAExE,YAAY,OAAO,GAAG,MAAM,aAAa,CAAC,MAAM,EAAE,CAAC;IAEnD,MAAM,2BAA2B,GAAiC,EAAE,CAAC;IAErE,MAAM,OAAO,GAAmB;QAC9B,EAAE,EAAE,OAAO,CAAC,EAAE;QACd,cAAc,EAAE;YACd,IAAI,EAAE,QAAQ,CAAC,IAAI,IAAI,WAAW;YAClC,OAAO,EAAE,QAAQ,CAAC,OAAO,IAAI,OAAO;YACpC,SAAS,EAAE,IAAI;SAChB;QACD,cAAc,EAAE,cAAc;QAC9B,qBAAqB;QACrB,QAAQ,EAAE,EAAE;QACZ,QAAQ,EAAE;YACR,SAAS;YACT,aAAa,EAAE,CAAC;SACjB;KACF,CAAC;IAEF,MAAM,YAAY,GAA4B,IAAI,GAAG,EAAE,CAAC;IACxD,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC;QACvC,QAAQ;KACT,CAAC,CAAC;IACH,CAAC;QACC,MAAM;aACH,KAAK,CAAC,mBAAmB,CAAC,QAAQ,CAAC,IAAI,CAAC;aACxC,KAAK,CAAC,mBAAmB,CAAC,QAAQ,CAAC,OAAO,CAAC;aAC3C,KAAK,CAAC,mBAAmB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAChD,MAAM,uBAAuB,GAAG,IAAI,GAAG,EAAU,CAAC;QAClD,MAAM,eAAe,GAAoB,EAAE,CAAC;QAE5C,MAAM,MAAM,GAAG,IAAI,KAAK,CAAC,EAAE,WAAW,EAAE,CAAC,EAAE,CAAC,CAAC;QAC7C,MAAM,CAAC,EAAE,CACP,YAAY,EACZ,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,OAAO,CAAC,CACxD,CAAC;QAEF,MAAM,eAAe,GAAoB;YACvC,QAAQ;YACR,cAAc;YACd,WAAW;SACZ,CAAC;QACF,IAAI,KAAK,EAAE,MAAM,OAAO,IAAI,aAAa,CAAC,IAAI,CAAC,QAAQ,EAAE,eAAe,CAAC,EAAE,CAAC;YAC1E,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,cAAc,EAAE,GAAG,OAAO,CAAC;YAChE,MAAM,UAAU,GAAe;gBAC7B,QAAQ,EAAE;oBACR,CAAC,OAAO,CAAC,EAAE;wBACT,GAAG,cAAc;wBACjB,GAAG,eAAe,CAAC,+BAA+B,CAAC;qBACpD;iBACF;gBACD,eAAe,EAAE,EAAE;gBACnB,QAAQ,EAAE,eAAe,CAAC,0BAA0B,CAAC;aACtD,CAAC;YAEF,IAAI,qBAAqB,GAAG,IAAI,CAAC;YACjC,MAAM,GAAG,GAAG,YAAY,CAAC,IAAI,CAAC,EAAE,GAAG,CAAC;YACpC,IAAI,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC3B,MAAM,GAAG,GAAG,YAAY,CAAC,GAAG,CAAC,IAAI,CAAE,CAAC;gBACpC,eAAe,CAAC,IAAI,CAClB,IAAI,mBAAmB,CAAC,IAAI,EAAE,OAAO,EAAE;oBACrC,QAAQ;oBACR,UAAU;iBACX,CAAC,CAAC,uBAAuB,CAAC,GAAG,EAAE,2BAA2B,EAAE,GAAG,CAAC,CAClE,CAAC;gBAEF,IAAI,OAAO,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;oBAC5B,kDAAkD;oBAClD,uEAAuE;oBACvE,qBAAqB,GAAG,KAAK,CAAC;gBAChC,CAAC;qBACI,CAAC;oBACJ,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;gBACvD,CAAC;YACH,CAAC;iBACI,CAAC;gBACJ,YAAY,CAAC,GAAG,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;YACrC,CAAC;YAED,MAAM,MAAM,GAAG,OAAO,CAAC,EAAE,KAAK,iBAAiB,CAAC;YAEhD,IAAI,MAAM,IAAI,OAAO,CAAC,cAAc,CAAC,SAAS,EAAE,CAAC;gBAC/C,OAAO,CAAC,cAAc,CAAC,SAAS,GAAG,SAAS,CAAC;YAC/C,CAAC;iBACI,IAAI,MAAM,EAAE,CAAC;gBAChB,MAAM,WAAW,GAAG,OAAO,CAAC,QAAQ,IAAI,YAAY,IAAI,QAAQ,CAAC;gBACjE,OAAO,CAAC,cAAc,CAAC,SAAS,GAAG,WAAW,CAAC,CAAC;oBAC9C,IAAI,CAAC,CAAC;oBACN,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,EAAE,UAAU,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC;YAC9E,CAAC;YAED,uDAAuD;YACvD,IAAI,OAAO,CAAC,eAAe,IAAI,CAAC,qBAAqB,EAAE,CAAC;gBACtD,SAAS;YACX,CAAC;YAED,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YAE/C,6EAA6E;YAC7E,IAAI,uBAAuB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,qBAAqB,EAAE,CAAC;gBACxE,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YACrD,CAAC;iBACI,CAAC;gBACJ,uBAAuB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;gBAClC,MAAM,QAAQ,GAAG,IAAI,mBAAmB,CAAC,IAAI,EAAE,OAAO,EAAE;oBACtD,QAAQ;oBACR,UAAU;iBACX,CAAC,CAAC;gBAEH,eAAe,CAAC,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC,CAAC;gBACpE,IAAI,QAAQ,KAAK,iBAAiB,EAAE,IAAI,GAAG,EAAE,CAAC;oBAC5C,eAAe,CAAC,IAAI,CAClB,IAAI,mBAAmB,CAAC,IAAI,EAAE,OAAO,EAAE;wBACrC,QAAQ;wBACR,UAAU;qBACX,CAAC,CAAC,uCAAuC,CAAC,2BAA2B,EAAE,GAAG,CAAC,CAC7E,CAAC;gBACJ,CAAC;YACH,CAAC;YAED,MAAM,cAAc,GAAG;gBACrB,GAAG,EAAE,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAQ;gBACxC,QAAQ;gBACR,UAAU,EAAE,YAAY,IAAI,IAAI,KAAK,QAAQ,CAAC,IAAI;gBAClD,QAAQ;aACT,CAAC;YACF,eAAe,CAAC,IAAI,CAClB,kBAAkB,CAAC,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,cAAc,CAAC,CAC3E,CAAC;QACJ,CAAC;QAED,MAAM,CAAC,GAAG,CAAC,mBAAmB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC9C,MAAM,OAAO,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC;QAE1C,MAAM;aACH,GAAG,CAAC,mBAAmB,CAAC,QAAQ,CAAC,OAAO,CAAC;aACzC,GAAG,CAAC,mBAAmB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAChD,CAAC;IAED,MAAM,EAAE,0BAA0B,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC,WAAW,CAClE,qBAAqB,CACtB,CAAC;IAEF,MAAM,gBAAgB,GAAG,CAAC,QAAQ,KAAK,iBAAiB,IAAI,QAAQ,KAAK,MAAM,CAAC;WAC3E,gBAAgB,CAAC;IACtB,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACtB,MAAM,0BAA0B,CAAC,YAAmB,EAAE;YACpD,iBAAiB,EAAE,IAAI;YACvB,IAAI,EAAE,QAAQ;SACf,CAAC,CAAC;IACL,CAAC;IAED,OAAO,CAAC,qBAAqB,GAAG,QAAQ,CAAC;IAEzC,sFAAsF;IACtF,6EAA6E;IAC7E,MAAM,cAAc,GAAoB,EAAE,CAAC;IAC3C,KAAK,MAAM,CAAC,WAAW,EAAE,UAAU,CAAC,IAAI,YAAY,EAAE,CAAC;QACrD,MAAM,mBAAmB,GAAG,UAAU,CAAC,QAAQ,EAAE,SAAS,IAAI,EAAE,CAAC;QAEjE,KAAK,MAAM,CAAC,OAAO,EAAE,SAAS,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,mBAAmB,CAAC,EAAE,CAAC;YACvE,MAAM,aAAa,GAAG,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAsB,CAAC;YAExE,MAAM,cAAc,GAAG,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,KAAK,eAAe,CAAC,CAAC;YAClG,IAAI,cAAc,EAAE,CAAC;gBACnB,cAAc,CAAC,IAAI,CAAC;oBAClB,IAAI,EAAE,eAAe;oBACrB,OAAO,EAAE,GAAG,WAAW,IAAI,OAAO,oCAAoC;iBACvE,CAAC,CAAC;YACL,CAAC;YAED,IAAI,CAAC,CAAC,WAAW,IAAI,aAAa,CAAC,IAAI,aAAa,CAAC,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC7E,SAAS;YACX,CAAC;YAED,IAAI,aAAa,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;gBAC1C,cAAc,CAAC,IAAI,CAAC;oBAClB,IAAI,EAAE,oBAAoB;oBAC1B,OAAO,EAAE,GAAG,WAAW,IAAI,OAAO,8CAA8C;iBACjF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QACD,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC1D,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,GAAG,OAAsC,CAAC;YACvE,aAAa,CAAC,KAAK,CAAC,IAAI,CACtB,GAAG,sBAAsB,CAAC,IAAI,GAAG,CAAC,aAAa,CAAC,KAAK,CAAC,EAAE,UAAU,CAAC,CACpE,CAAC;YAEF,IAAI,eAAe,CAAC,aAAa,EAAE,QAAQ,EAAE,WAAW,CAAC,EAAE,CAAC;gBAC1D,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,QAAQ,EAAE;oBACjC,MAAM,EAAE,WAAW,CAAC,QAAQ,CAAC,MAAM,CAAC;oBACpC,QAAQ,EAAE,QAAQ,CAAC,QAAQ;iBAC5B,CAAC,CAAC;gBAEH,MAAM,CAAC,MAAM,CAAC,aAAa,EAAE;oBAC3B,MAAM,EAAE,WAAW,CAAC,QAAQ,CAAC,MAAM,CAAC;oBACpC,KAAK,EAAE,gBAAgB,CAAC,QAAQ,CAAC;oBACjC,UAAU,EAAE,QAAQ,CAAC,UAAU;iBAChC,CAAC,CAAC;YACL,CAAC;YAED,MAAM,QAAQ,GAAG,aAAa,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,WAAW,IAAI,MAAM,EAAE,CAAC,IAAI,IAAI,GAAG,EAAE,CAAC;YACzF,IAAI,QAAQ,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;gBACxB,SAAS;YACX,CAAC;YAED,MAAM,MAAM,GAA2B,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YAC3D,KAAK,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,WAAW,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACpD,MAAM,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC;YACzB,CAAC;YACD,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAED,IAAI,CAAC;QACH,MAAM,EAAE,QAAQ,EAAE,WAAW,EAAE,GAAG,MAAM,uBAAuB,CAC7D,YAAY,EACZ,OAAO,CAAC,SAAS,EAAE,QAAQ,EAC3B,gBAAgB,CACjB,CAAC;QACF,OAAO,CAAC,QAAQ,GAAG,cAAc,CAAC,MAAM,CAAC,2BAA8C,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAC1G,OAAO,CAAC,WAAW,GAAG;YACpB,QAAQ,EAAE,WAAW;SACtB,CAAC;QACF,OAAO,CAAC,YAAY,GAAG,MAAM,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC;QACxD,OAAO,CAAC,QAAQ,CAAC,aAAa,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;QAExD,OAAO,OAAkB,CAAC;IAC5B,CAAC;YACO,CAAC;QACP,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC;IACxC,CAAC;AACH,CAAC;AAED,sCAAsC;AACtC,KAAK,UAAU,kBAAkB,CAC/B,IAAY,EACZ,OAAe,EACf,MAAa,EACb,OAAsB,EACtB,MAAc,EACd,OAKC;IAED,MAAM,CAAC,GAAG,MAAM,MAAM,CAAC,OAAO,EAAE,CAAC;IAEjC,IAAI,CAAC;QACH,MAAM,EACJ,QAAQ,EACR,QAAQ,GAAG,OAAO,CAAC,GAAG,EAAE,EACxB,UAAU,EACV,GAAG,EACJ,GAAG,OAAO,CAAC;QAEZ,MAAM,IAAI,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC;YAC9B,eAAe,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC,CAAC;YAC3C,iBAAiB,CAAC,OAAO,CAAC,QAAQ,EAAE;gBAClC,IAAI,EAAE,GAAG,IAAI,IAAI,OAAO,EAAE;gBAC1B,QAAQ;aACT,CAAC,CACH,CAAC;QAEF,MAAM,gBAAgB,CAAC,IAAI,EAAE,GAAG,EAAE;YAChC,kBAAkB,EAAE;gBAClB,gBAAgB,EAAE,OAAO,QAAQ,KAAK,WAAW;aAClD;SACF,CAAC,CAAC;IACL,CAAC;IACD,OAAO,KAAU,EAAE,CAAC;QAClB,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,KAAK,EAAE,KAAK,EAAE,cAAc,CAAC,CAAC;IAChE,CAAC;AACH,CAAC;AAED,SAAS,eAAe,CACtB,aAAgC,EAChC,QAA+D,EAC/D,WAAmB;IAEnB,OAAO,aAAa,CAAC,qBAAqB,KAAK,KAAK,IAAI,CACtD,WAAW,KAAK,QAAQ,CAAC,IAAI,IAAI,QAAQ,CAAC,IAAI,KAAK,SAAS,CAC7D,CAAC;AACJ,CAAC"}
|
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import { Payload, type ProbeExtractor, type PackumentProbeExtractor, type ManifestProbeExtractor, type PackumentProbeNextCallback, type ManifestProbeNextCallback } from "./payload.
|
|
2
|
-
import * as Probes from "./probes/index.
|
|
1
|
+
import { Payload, type ProbeExtractor, type PackumentProbeExtractor, type ManifestProbeExtractor, type PackumentProbeNextCallback, type ManifestProbeNextCallback } from "./payload.ts";
|
|
2
|
+
import * as Probes from "./probes/index.ts";
|
|
3
3
|
export declare const Extractors: {
|
|
4
4
|
readonly Payload: typeof Payload;
|
|
5
5
|
readonly Callbacks: {
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import type { Simplify } from "type-fest";
|
|
2
|
-
import
|
|
2
|
+
import type { Dependency, DependencyVersion, Payload as NodesecurePayload } from "../types.ts";
|
|
3
3
|
type MergeDeep<T extends unknown[]> = T extends [a: infer A, ...rest: infer R] ? A & MergeDeep<R> : {};
|
|
4
4
|
export type ExtractProbeResult<T extends ProbeExtractor<any>[]> = {
|
|
5
5
|
[K in keyof T]: T[K] extends ProbeExtractor<any> ? ReturnType<T[K]["done"]> : never;
|
|
@@ -8,10 +8,10 @@ export type MergedExtractProbeResult<T extends ProbeExtractor<any>[]> = Simplify
|
|
|
8
8
|
export type ProbeExtractorLevel = "packument" | "manifest";
|
|
9
9
|
export type ProbeExtractorManifestParent = {
|
|
10
10
|
name: string;
|
|
11
|
-
dependency:
|
|
11
|
+
dependency: Dependency;
|
|
12
12
|
};
|
|
13
|
-
export type PackumentProbeNextCallback = (name: string, dependency:
|
|
14
|
-
export type ManifestProbeNextCallback = (spec: string, dependencyVersion:
|
|
13
|
+
export type PackumentProbeNextCallback = (name: string, dependency: Dependency) => void;
|
|
14
|
+
export type ManifestProbeNextCallback = (spec: string, dependencyVersion: DependencyVersion, parent: ProbeExtractorManifestParent) => void;
|
|
15
15
|
export interface ProbeExtractor<Defs> {
|
|
16
16
|
level: ProbeExtractorLevel;
|
|
17
17
|
next(...args: any[]): void;
|
|
@@ -29,7 +29,7 @@ export declare class Payload<T extends ProbeExtractor<any>[]> extends EventTarge
|
|
|
29
29
|
private dependencies;
|
|
30
30
|
private probes;
|
|
31
31
|
private cachedResult;
|
|
32
|
-
constructor(data:
|
|
32
|
+
constructor(data: NodesecurePayload | NodesecurePayload["dependencies"], probes: [...T]);
|
|
33
33
|
extract(): ExtractProbeResult<T>;
|
|
34
34
|
extractAndMerge(): MergedExtractProbeResult<T>;
|
|
35
35
|
emit<T extends ProbeExtractorLevel>(event: T, ...extractionDetails: unknown[]): void;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"payload.d.ts","sourceRoot":"","sources":["../../src/extractors/payload.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AAK1C,OAAO,KAAK,OAAO,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"payload.d.ts","sourceRoot":"","sources":["../../src/extractors/payload.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AAK1C,OAAO,KAAK,EACV,UAAU,EACV,iBAAiB,EACjB,OAAO,IAAI,iBAAiB,EAC7B,MAAM,aAAa,CAAC;AAMrB,KAAK,SAAS,CAAC,CAAC,SAAS,OAAO,EAAE,IAC9B,CAAC,SAAS,CAAC,CAAC,EAAE,MAAM,CAAC,EAAE,GAAG,IAAI,EAAE,MAAM,CAAC,CAAC,GAAG,CAAC,GAAG,SAAS,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC;AAErE,MAAM,MAAM,kBAAkB,CAC5B,CAAC,SAAS,cAAc,CAAC,GAAG,CAAC,EAAE,IAC7B;KACD,CAAC,IAAI,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,cAAc,CAAC,GAAG,CAAC,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,KAAK;CACpF,CAAC;AACF,MAAM,MAAM,wBAAwB,CAClC,CAAC,SAAS,cAAc,CAAC,GAAG,CAAC,EAAE,IAC7B,QAAQ,CAAC,SAAS,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AAE/C,MAAM,MAAM,mBAAmB,GAAG,WAAW,GAAG,UAAU,CAAC;AAC3D,MAAM,MAAM,4BAA4B,GAAG;IACzC,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,UAAU,CAAC;CACxB,CAAC;AAEF,MAAM,MAAM,0BAA0B,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,UAAU,KAAK,IAAI,CAAC;AACxF,MAAM,MAAM,yBAAyB,GAAG,CACtC,IAAI,EAAE,MAAM,EACZ,iBAAiB,EAAE,iBAAiB,EACpC,MAAM,EAAE,4BAA4B,KAAK,IAAI,CAAC;AAEhD,MAAM,WAAW,cAAc,CAAC,IAAI;IAClC,KAAK,EAAE,mBAAmB,CAAC;IAC3B,IAAI,CAAC,GAAG,IAAI,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;IAC3B,IAAI,IAAI,IAAI,CAAC;CACd;AAED,MAAM,WAAW,uBAAuB,CAAC,IAAI,CAAE,SAAQ,cAAc,CAAC,IAAI,CAAC;IACzE,KAAK,EAAE,WAAW,CAAC;IACnB,IAAI,EAAE,0BAA0B,CAAC;CAClC;AAED,MAAM,WAAW,sBAAsB,CAAC,IAAI,CAAE,SAAQ,cAAc,CAAC,IAAI,CAAC;IACxE,KAAK,EAAE,UAAU,CAAC;IAClB,IAAI,EAAE,yBAAyB,CAAC;CACjC;AAED,qBAAa,OAAO,CAAC,CAAC,SAAS,cAAc,CAAC,GAAG,CAAC,EAAE,CAAE,SAAQ,WAAW;IACvE,OAAO,CAAC,YAAY,CAAoC;IACxD,OAAO,CAAC,MAAM,CAAiC;IAC/C,OAAO,CAAC,YAAY,CAAwB;gBAG1C,IAAI,EAAE,iBAAiB,GAAG,iBAAiB,CAAC,cAAc,CAAC,EAC3D,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC;IAchB,OAAO;IAyBP,eAAe,IAGG,wBAAwB,CAAC,CAAC,CAAC;IAG7C,IAAI,CAAC,CAAC,SAAS,mBAAmB,EAChC,KAAK,EAAE,CAAC,EACR,GAAG,iBAAiB,EAAE,OAAO,EAAE;IAQjC,EAAE,CAAC,CAAC,SAAS,mBAAmB,EAC9B,CAAC,EAAE,CAAC,EACJ,QAAQ,EAAE,iBAAiB,CAAC,CAAC,CAAC,GAC7B,IAAI;CASR;AAED,eAAO,MAAM,SAAS;mCAER,0BAA0B,KACnC,uBAAuB,CAAC,IAAI,CAAC;kCAQpB,yBAAyB,KAClC,sBAAsB,CAAC,IAAI,CAAC;CAOvB,CAAC;AAEX,KAAK,iBAAiB,CAAC,CAAC,SAAS,mBAAmB,IAAI,UAAU,CAChE,CAAC,OAAO,SAAS,CAAC,CAAC,CAAC,CAAC,CACtB,CAAC,CAAC,CAAC,CAAC;AAEL,MAAM,MAAM,uBAAuB,CAAC,CAAC,SAAS,mBAAmB,IAAI,UAAU,CAC7E,iBAAiB,CAAC,CAAC,CAAC,CACrB,CAAC;AAEF,MAAM,MAAM,iBAAiB,CAAC,CAAC,SAAS,mBAAmB,IAAI,CAC7D,GAAG,MAAM,EAAE,WAAW,CAAC,uBAAuB,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KACzD,IAAI,CAAC"}
|
|
@@ -1,8 +1,6 @@
|
|
|
1
1
|
// @ts-ignore
|
|
2
2
|
import deepmerge from "@fastify/deepmerge";
|
|
3
|
-
|
|
4
|
-
import * as Scanner from "../types.js";
|
|
5
|
-
import { isNodesecurePayload } from "../utils/index.js";
|
|
3
|
+
import { isNodesecurePayload } from "../utils/isNodesecurePayload.js";
|
|
6
4
|
// CONSTANTS
|
|
7
5
|
const kFastMerge = deepmerge({ all: true });
|
|
8
6
|
export class Payload extends EventTarget {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"payload.js","sourceRoot":"","sources":["../../src/extractors/payload.ts"],"names":[],"mappings":"AAEA,aAAa;AACb,OAAO,SAAS,MAAM,oBAAoB,CAAC;
|
|
1
|
+
{"version":3,"file":"payload.js","sourceRoot":"","sources":["../../src/extractors/payload.ts"],"names":[],"mappings":"AAEA,aAAa;AACb,OAAO,SAAS,MAAM,oBAAoB,CAAC;AAQ3C,OAAO,EAAE,mBAAmB,EAAE,MAAM,iCAAiC,CAAC;AAEtE,YAAY;AACZ,MAAM,UAAU,GAAG,SAAS,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC;AA0C5C,MAAM,OAAO,OAAyC,SAAQ,WAAW;IAC/D,YAAY,CAAoC;IAChD,MAAM,CAAiC;IACvC,YAAY,CAAwB;IAE5C,YACE,IAA2D,EAC3D,MAAc;QAEd,KAAK,EAAE,CAAC;QACR,IAAI,CAAC,YAAY,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC;YAC7C,IAAI,CAAC,YAAY,CAAC,CAAC;YACnB,IAAI,CAAC;QAEP,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;YAC1C,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAE9B,OAAO,IAAI,CAAC;QACd,CAAC,EAAE,EAAE,SAAS,EAAE,EAAkB,EAAE,QAAQ,EAAE,EAAkB,EAAE,CAAC,CAAC;IACtE,CAAC;IAED,OAAO;QACL,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACtB,OAAO,IAAI,CAAC,YAAY,CAAC;QAC3B,CAAC;QAED,KAAK,MAAM,CAAC,IAAI,EAAE,UAAU,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC;YACnE,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC,CAAC;YACvE,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC;YAEzC,IAAI,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACpC,KAAK,MAAM,CAAC,IAAI,EAAE,UAAU,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;oBACrE,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,UAAU,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC;oBAC5F,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,CAAC;gBAChE,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,CAAC,YAAY,GAAG;YAClB,GAAG,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;YACrD,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;SAC5B,CAAC;QAE3B,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAED,eAAe;QACb,OAAO,UAAU,CACf,GAAG,IAAI,CAAC,OAAO,EAAE,CACwB,CAAC;IAC9C,CAAC;IAED,IAAI,CACF,KAAQ,EACR,GAAG,iBAA4B;QAE/B,MAAM,WAAW,GAAG,IAAI,WAAW,CAAC,KAAK,EAAE;YACzC,MAAM,EAAE,iBAAiB;SAC1B,CAAC,CAAC;QACH,IAAI,CAAC,aAAa,CAAC,WAAW,CAAC,CAAC;IAClC,CAAC;IAED,EAAE,CACA,CAAI,EACJ,QAA8B;QAE9B,SAAS,eAAe,CAAC,KAAY;YACnC,MAAM,WAAW,GAAG,KAAgD,CAAC;YACrE,QAAQ,CAAC,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;QAClC,CAAC;QACD,IAAI,CAAC,gBAAgB,CAAC,CAAC,EAAE,eAAe,CAAC,CAAC;QAE1C,OAAO,IAAI,CAAC;IACd,CAAC;CACF;AAED,MAAM,CAAC,MAAM,SAAS,GAAG;IACvB,SAAS,CACP,QAAoC;QAEpC,OAAO;YACL,KAAK,EAAE,WAAoB;YAC3B,IAAI,EAAE,QAAQ;YACd,IAAI,EAAE,IAAI;SACX,CAAC;IACJ,CAAC;IACD,QAAQ,CACN,QAAmC;QAEnC,OAAO;YACL,KAAK,EAAE,UAAmB;YAC1B,IAAI,EAAE,QAAQ;YACd,IAAI,EAAE,IAAI;SACX,CAAC;IACJ,CAAC;CACO,CAAC;AAcX,SAAS,IAAI;IACX,OAAO,KAAK,CAAC,CAAC;AAChB,CAAC"}
|