@nodesecure/tarball 1.1.0 → 1.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +80 -80
- package/dist/sast/file.d.ts +6 -3
- package/dist/sast/file.d.ts.map +1 -1
- package/dist/sast/file.js +8 -2
- package/dist/sast/file.js.map +1 -1
- package/dist/tarball.d.ts +4 -2
- package/dist/tarball.d.ts.map +1 -1
- package/dist/tarball.js +3 -0
- package/dist/tarball.js.map +1 -1
- package/dist/utils/analyzeDependencies.d.ts +3 -3
- package/dist/utils/analyzeDependencies.d.ts.map +1 -1
- package/dist/utils/analyzeDependencies.js +7 -5
- package/dist/utils/analyzeDependencies.js.map +1 -1
- package/package.json +43 -43
- package/dist/class/TarballExtractor.class.d.ts +0 -24
- package/dist/class/TarballExtractor.class.d.ts.map +0 -1
- package/dist/class/TarballExtractor.class.js +0 -87
- package/dist/class/TarballExtractor.class.js.map +0 -1
- package/dist/constants.d.ts +0 -10
- package/dist/constants.d.ts.map +0 -1
- package/dist/constants.js +0 -14
- package/dist/constants.js.map +0 -1
- package/dist/manifest.d.ts +0 -18
- package/dist/manifest.d.ts.map +0 -1
- package/dist/manifest.js +0 -55
- package/dist/manifest.js.map +0 -1
- package/dist/types.d.ts +0 -31
- package/dist/types.d.ts.map +0 -1
- package/dist/types.js +0 -2
- package/dist/types.js.map +0 -1
- package/dist/utils/getSemverWarning.d.ts +0 -3
- package/dist/utils/getSemverWarning.d.ts.map +0 -1
- package/dist/utils/getSemverWarning.js +0 -13
- package/dist/utils/getSemverWarning.js.map +0 -1
package/README.md
CHANGED
|
@@ -1,80 +1,80 @@
|
|
|
1
|
-
<p align="center"><h1 align="center">
|
|
2
|
-
@nodesecure/tarball
|
|
3
|
-
</h1>
|
|
4
|
-
|
|
5
|
-
<p align="center">
|
|
6
|
-
Utilities to extract and deeply analyze NPM tarball
|
|
7
|
-
</p>
|
|
8
|
-
|
|
9
|
-
## Requirements
|
|
10
|
-
- [Node.js](https://nodejs.org/en/) v20 or higher
|
|
11
|
-
|
|
12
|
-
## Getting Started
|
|
13
|
-
|
|
14
|
-
This package is available in the Node Package Repository and can be easily installed with [npm](https://docs.npmjs.com/getting-started/what-is-npm) or [yarn](https://yarnpkg.com).
|
|
15
|
-
|
|
16
|
-
```bash
|
|
17
|
-
$ npm i @nodesecure/tarball
|
|
18
|
-
# or
|
|
19
|
-
$ yarn add @nodesecure/tarball
|
|
20
|
-
```
|
|
21
|
-
|
|
22
|
-
## Usage example
|
|
23
|
-
|
|
24
|
-
```ts
|
|
25
|
-
import * as tarball from "@nodesecure/tarball";
|
|
26
|
-
|
|
27
|
-
const scanResult = await tarball.scanPackage(
|
|
28
|
-
process.cwd()
|
|
29
|
-
);
|
|
30
|
-
console.log(scanResult);
|
|
31
|
-
```
|
|
32
|
-
|
|
33
|
-
> [!NOTE]
|
|
34
|
-
> This package has been designed to be used by the Scanner package/workspace.
|
|
35
|
-
|
|
36
|
-
## API
|
|
37
|
-
|
|
38
|
-
### scanDirOrArchive
|
|
39
|
-
|
|
40
|
-
Method created for Scanner (to be refactored soon)
|
|
41
|
-
|
|
42
|
-
```ts
|
|
43
|
-
export interface
|
|
44
|
-
ref: DependencyRef;
|
|
45
|
-
location?: string;
|
|
46
|
-
tmpLocation?: null | string;
|
|
47
|
-
locker: Locker;
|
|
48
|
-
registry: string;
|
|
49
|
-
}
|
|
50
|
-
```
|
|
51
|
-
|
|
52
|
-
### scanPackage(dest: string, packageName?: string): Promise< ScannedPackageResult >
|
|
53
|
-
|
|
54
|
-
Scan a given tarball archive or a local project.
|
|
55
|
-
|
|
56
|
-
```ts
|
|
57
|
-
interface ScannedPackageResult {
|
|
58
|
-
files: {
|
|
59
|
-
/** Complete list of files for the given package */
|
|
60
|
-
list: string[];
|
|
61
|
-
/** Complete list of extensions (.js, .md etc.) */
|
|
62
|
-
extensions: string[];
|
|
63
|
-
/** List of minified javascript files */
|
|
64
|
-
minified: string[];
|
|
65
|
-
};
|
|
66
|
-
/** Size of the directory in bytes */
|
|
67
|
-
directorySize: number;
|
|
68
|
-
/** Unique license contained in the tarball (MIT, ISC ..) */
|
|
69
|
-
uniqueLicenseIds: string[];
|
|
70
|
-
/** All licenses with their SPDX */
|
|
71
|
-
licenses: ntlp.SpdxLicenseConformance[];
|
|
72
|
-
ast: {
|
|
73
|
-
dependencies: Record<string, Record<string, Dependency>>;
|
|
74
|
-
warnings: Warning[];
|
|
75
|
-
};
|
|
76
|
-
}
|
|
77
|
-
```
|
|
78
|
-
|
|
79
|
-
## License
|
|
80
|
-
MIT
|
|
1
|
+
<p align="center"><h1 align="center">
|
|
2
|
+
@nodesecure/tarball
|
|
3
|
+
</h1>
|
|
4
|
+
|
|
5
|
+
<p align="center">
|
|
6
|
+
Utilities to extract and deeply analyze NPM tarball
|
|
7
|
+
</p>
|
|
8
|
+
|
|
9
|
+
## Requirements
|
|
10
|
+
- [Node.js](https://nodejs.org/en/) v20 or higher
|
|
11
|
+
|
|
12
|
+
## Getting Started
|
|
13
|
+
|
|
14
|
+
This package is available in the Node Package Repository and can be easily installed with [npm](https://docs.npmjs.com/getting-started/what-is-npm) or [yarn](https://yarnpkg.com).
|
|
15
|
+
|
|
16
|
+
```bash
|
|
17
|
+
$ npm i @nodesecure/tarball
|
|
18
|
+
# or
|
|
19
|
+
$ yarn add @nodesecure/tarball
|
|
20
|
+
```
|
|
21
|
+
|
|
22
|
+
## Usage example
|
|
23
|
+
|
|
24
|
+
```ts
|
|
25
|
+
import * as tarball from "@nodesecure/tarball";
|
|
26
|
+
|
|
27
|
+
const scanResult = await tarball.scanPackage(
|
|
28
|
+
process.cwd()
|
|
29
|
+
);
|
|
30
|
+
console.log(scanResult);
|
|
31
|
+
```
|
|
32
|
+
|
|
33
|
+
> [!NOTE]
|
|
34
|
+
> This package has been designed to be used by the Scanner package/workspace.
|
|
35
|
+
|
|
36
|
+
## API
|
|
37
|
+
|
|
38
|
+
### scanDirOrArchive
|
|
39
|
+
|
|
40
|
+
Method created for Scanner (to be refactored soon)
|
|
41
|
+
|
|
42
|
+
```ts
|
|
43
|
+
export interface ScanDirOrArchiveOptions {
|
|
44
|
+
ref: DependencyRef;
|
|
45
|
+
location?: string;
|
|
46
|
+
tmpLocation?: null | string;
|
|
47
|
+
locker: Locker;
|
|
48
|
+
registry: string;
|
|
49
|
+
}
|
|
50
|
+
```
|
|
51
|
+
|
|
52
|
+
### scanPackage(dest: string, packageName?: string): Promise< ScannedPackageResult >
|
|
53
|
+
|
|
54
|
+
Scan a given tarball archive or a local project.
|
|
55
|
+
|
|
56
|
+
```ts
|
|
57
|
+
interface ScannedPackageResult {
|
|
58
|
+
files: {
|
|
59
|
+
/** Complete list of files for the given package */
|
|
60
|
+
list: string[];
|
|
61
|
+
/** Complete list of extensions (.js, .md etc.) */
|
|
62
|
+
extensions: string[];
|
|
63
|
+
/** List of minified javascript files */
|
|
64
|
+
minified: string[];
|
|
65
|
+
};
|
|
66
|
+
/** Size of the directory in bytes */
|
|
67
|
+
directorySize: number;
|
|
68
|
+
/** Unique license contained in the tarball (MIT, ISC ..) */
|
|
69
|
+
uniqueLicenseIds: string[];
|
|
70
|
+
/** All licenses with their SPDX */
|
|
71
|
+
licenses: ntlp.SpdxLicenseConformance[];
|
|
72
|
+
ast: {
|
|
73
|
+
dependencies: Record<string, Record<string, Dependency>>;
|
|
74
|
+
warnings: Warning[];
|
|
75
|
+
};
|
|
76
|
+
}
|
|
77
|
+
```
|
|
78
|
+
|
|
79
|
+
## License
|
|
80
|
+
MIT
|
package/dist/sast/file.d.ts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { type WarningName, type WarningDefault } from "@nodesecure/js-x-ray";
|
|
2
|
-
export interface
|
|
2
|
+
export interface ScanFileReport {
|
|
3
3
|
file: string;
|
|
4
4
|
warnings: (Omit<WarningDefault<WarningName>, "value"> & {
|
|
5
5
|
file: string;
|
|
@@ -8,7 +8,10 @@ export interface scanFileReport {
|
|
|
8
8
|
tryDependencies: string[];
|
|
9
9
|
dependencies: string[];
|
|
10
10
|
filesDependencies: string[];
|
|
11
|
+
filesFlags: {
|
|
12
|
+
hasExternalCapacity: boolean;
|
|
13
|
+
};
|
|
11
14
|
}
|
|
12
|
-
export declare function scanFile(destination: string, file: string, packageName: string): Promise<
|
|
13
|
-
export declare function scanManyFiles(files: string[], destination: string, packageName: string): Promise<
|
|
15
|
+
export declare function scanFile(destination: string, file: string, packageName: string): Promise<ScanFileReport>;
|
|
16
|
+
export declare function scanManyFiles(files: string[], destination: string, packageName: string): Promise<ScanFileReport[]>;
|
|
14
17
|
//# sourceMappingURL=file.d.ts.map
|
package/dist/sast/file.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"file.d.ts","sourceRoot":"","sources":["../../src/sast/file.ts"],"names":[],"mappings":"AAIA,OAAO,EAEL,KAAK,WAAW,EAChB,KAAK,cAAc,EACpB,MAAM,sBAAsB,CAAC;AAU9B,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,CAAC,IAAI,CAAC,cAAc,CAAC,WAAW,CAAC,EAAE,OAAO,CAAC,GAAG;QAAE,IAAI,EAAE,MAAM,CAAC;KAAE,CAAC,EAAE,CAAC;IAC7E,UAAU,EAAE,OAAO,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,iBAAiB,EAAE,MAAM,EAAE,CAAC;
|
|
1
|
+
{"version":3,"file":"file.d.ts","sourceRoot":"","sources":["../../src/sast/file.ts"],"names":[],"mappings":"AAIA,OAAO,EAEL,KAAK,WAAW,EAChB,KAAK,cAAc,EACpB,MAAM,sBAAsB,CAAC;AAU9B,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,CAAC,IAAI,CAAC,cAAc,CAAC,WAAW,CAAC,EAAE,OAAO,CAAC,GAAG;QAAE,IAAI,EAAE,MAAM,CAAC;KAAE,CAAC,EAAE,CAAC;IAC7E,UAAU,EAAE,OAAO,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,UAAU,EAAE;QACV,mBAAmB,EAAE,OAAO,CAAC;KAC9B,CAAC;CACH;AAED,wBAAsB,QAAQ,CAC5B,WAAW,EAAE,MAAM,EACnB,IAAI,EAAE,MAAM,EACZ,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,cAAc,CAAC,CA0CzB;AAED,wBAAsB,aAAa,CACjC,KAAK,EAAE,MAAM,EAAE,EACf,WAAW,EAAE,MAAM,EACnB,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,cAAc,EAAE,CAAC,CAU3B"}
|
package/dist/sast/file.js
CHANGED
|
@@ -21,7 +21,10 @@ export async function scanFile(destination, file, packageName) {
|
|
|
21
21
|
isMinified: result.isMinified,
|
|
22
22
|
tryDependencies,
|
|
23
23
|
dependencies: packages,
|
|
24
|
-
filesDependencies: files
|
|
24
|
+
filesDependencies: files,
|
|
25
|
+
filesFlags: {
|
|
26
|
+
hasExternalCapacity: result.flags.has("fetch")
|
|
27
|
+
}
|
|
25
28
|
};
|
|
26
29
|
}
|
|
27
30
|
return {
|
|
@@ -30,7 +33,10 @@ export async function scanFile(destination, file, packageName) {
|
|
|
30
33
|
isMinified: false,
|
|
31
34
|
tryDependencies: [],
|
|
32
35
|
dependencies: [],
|
|
33
|
-
filesDependencies: []
|
|
36
|
+
filesDependencies: [],
|
|
37
|
+
filesFlags: {
|
|
38
|
+
hasExternalCapacity: false
|
|
39
|
+
}
|
|
34
40
|
};
|
|
35
41
|
}
|
|
36
42
|
export async function scanManyFiles(files, destination, packageName) {
|
package/dist/sast/file.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"file.js","sourceRoot":"","sources":["../../src/sast/file.ts"],"names":[],"mappings":"AAAA,8BAA8B;AAC9B,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,kCAAkC;AAClC,OAAO,EACL,WAAW,EAGZ,MAAM,sBAAsB,CAAC;AAE9B,+BAA+B;AAC/B,OAAO,EACL,oBAAoB,EACrB,MAAM,mBAAmB,CAAC;AAE3B,YAAY;AACZ,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"file.js","sourceRoot":"","sources":["../../src/sast/file.ts"],"names":[],"mappings":"AAAA,8BAA8B;AAC9B,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,kCAAkC;AAClC,OAAO,EACL,WAAW,EAGZ,MAAM,sBAAsB,CAAC;AAE9B,+BAA+B;AAC/B,OAAO,EACL,oBAAoB,EACrB,MAAM,mBAAmB,CAAC;AAE3B,YAAY;AACZ,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;AAcpD,MAAM,CAAC,KAAK,UAAU,QAAQ,CAC5B,WAAmB,EACnB,IAAY,EACZ,WAAmB;IAEnB,MAAM,MAAM,GAAG,MAAM,IAAI,WAAW,EAAE,CAAC,WAAW,CAChD,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,EAC5B;QACE,WAAW;KACZ,CACF,CAAC;IAEF,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IAClF,IAAI,MAAM,CAAC,EAAE,EAAE,CAAC;QACd,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,oBAAoB,CAC9C,CAAC,GAAG,MAAM,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC,EAC/B,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CACnB,CAAC;QAEF,MAAM,eAAe,GAAG,CAAC,GAAG,MAAM,CAAC,YAAY,CAAC,OAAO,EAAE,CAAC;aACvD,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,UAAU,CAAC,EAAE,EAAE,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAErE,OAAO;YACL,IAAI;YACJ,QAAQ;YACR,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,eAAe;YACf,YAAY,EAAE,QAAQ;YACtB,iBAAiB,EAAE,KAAK;YACxB,UAAU,EAAE;gBACV,mBAAmB,EAAE,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC;aAC/C;SACF,CAAC;IACJ,CAAC;IAED,OAAO;QACL,IAAI;QACJ,QAAQ;QACR,UAAU,EAAE,KAAK;QACjB,eAAe,EAAE,EAAE;QACnB,YAAY,EAAE,EAAE;QAChB,iBAAiB,EAAE,EAAE;QACrB,UAAU,EAAE;YACV,mBAAmB,EAAE,KAAK;SAC3B;KACF,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,KAAe,EACf,WAAmB,EACnB,WAAmB;IAEnB,MAAM,YAAY,GAAG,MAAM,OAAO,CAAC,UAAU,CAC3C,KAAK;SACF,MAAM,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC;SAC5D,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,QAAQ,CAAC,WAAW,EAAE,IAAI,EAAE,WAAW,CAAC,CAAC,CAC3D,CAAC;IAEF,OAAO,YAAY;SAChB,MAAM,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,MAAM,KAAK,WAAW,CAAC;SACjD,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACnC,CAAC"}
|
package/dist/tarball.d.ts
CHANGED
|
@@ -1,7 +1,9 @@
|
|
|
1
1
|
import { type Warning, type Dependency } from "@nodesecure/js-x-ray";
|
|
2
2
|
import * as conformance from "@nodesecure/conformance";
|
|
3
|
+
import { type PackageModuleType } from "@nodesecure/mama";
|
|
3
4
|
export interface DependencyRef {
|
|
4
5
|
id: number;
|
|
6
|
+
type: PackageModuleType;
|
|
5
7
|
usedBy: Record<string, string>;
|
|
6
8
|
isDevDependency: boolean;
|
|
7
9
|
existOnRemoteRegistry: boolean;
|
|
@@ -29,13 +31,13 @@ export interface DependencyRef {
|
|
|
29
31
|
required_subpath: Record<string, string>;
|
|
30
32
|
};
|
|
31
33
|
}
|
|
32
|
-
export interface
|
|
34
|
+
export interface ScanDirOrArchiveOptions {
|
|
33
35
|
ref: DependencyRef;
|
|
34
36
|
location?: string;
|
|
35
37
|
tmpLocation?: null | string;
|
|
36
38
|
registry: string;
|
|
37
39
|
}
|
|
38
|
-
export declare function scanDirOrArchive(name: string, version: string, options:
|
|
40
|
+
export declare function scanDirOrArchive(name: string, version: string, options: ScanDirOrArchiveOptions): Promise<void>;
|
|
39
41
|
export interface ScannedPackageResult {
|
|
40
42
|
files: {
|
|
41
43
|
/** Complete list of files for the given package */
|
package/dist/tarball.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tarball.d.ts","sourceRoot":"","sources":["../src/tarball.ts"],"names":[],"mappings":"AAKA,OAAO,EAEL,KAAK,OAAO,EACZ,KAAK,UAAU,EAChB,MAAM,sBAAsB,CAAC;AAE9B,OAAO,KAAK,WAAW,MAAM,yBAAyB,CAAC;
|
|
1
|
+
{"version":3,"file":"tarball.d.ts","sourceRoot":"","sources":["../src/tarball.ts"],"names":[],"mappings":"AAKA,OAAO,EAEL,KAAK,OAAO,EACZ,KAAK,UAAU,EAChB,MAAM,sBAAsB,CAAC;AAE9B,OAAO,KAAK,WAAW,MAAM,yBAAyB,CAAC;AACvD,OAAO,EAEL,KAAK,iBAAiB,EACvB,MAAM,kBAAkB,CAAC;AAY1B,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,iBAAiB,CAAC;IACxB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC/B,eAAe,EAAE,OAAO,CAAC;IACzB,qBAAqB,EAAE,OAAO,CAAC;IAC/B,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC5B,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC7B,UAAU,EAAE,GAAG,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,QAAQ,EAAE,GAAG,CAAC;IACd,QAAQ,EAAE,WAAW,CAAC,0BAA0B,EAAE,CAAC;IACnD,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC9B,WAAW,EAAE;QACX,UAAU,EAAE,MAAM,EAAE,CAAC;QACrB,KAAK,EAAE,MAAM,EAAE,CAAC;QAChB,QAAQ,EAAE,MAAM,EAAE,CAAC;QACnB,MAAM,EAAE,MAAM,EAAE,CAAC;QACjB,OAAO,EAAE,MAAM,EAAE,CAAC;QAClB,cAAc,EAAE,MAAM,EAAE,CAAC;QACzB,eAAe,EAAE,MAAM,EAAE,CAAC;QAC1B,mBAAmB,EAAE,MAAM,EAAE,CAAC;QAC9B,gBAAgB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;KAC1C,CAAC;CACH;AAUD,MAAM,WAAW,uBAAuB;IACtC,GAAG,EAAE,aAAa,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,IAAI,GAAG,MAAM,CAAC;IAC5B,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,wBAAsB,gBAAgB,CACpC,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,uBAAuB,iBAkGjC;AAED,MAAM,WAAW,oBAAoB;IACnC,KAAK,EAAE;QACL,mDAAmD;QACnD,IAAI,EAAE,MAAM,EAAE,CAAC;QACf,kDAAkD;QAClD,UAAU,EAAE,MAAM,EAAE,CAAC;QACrB,wCAAwC;QACxC,QAAQ,EAAE,MAAM,EAAE,CAAC;KACpB,CAAC;IACF,qCAAqC;IACrC,aAAa,EAAE,MAAM,CAAC;IACtB,4DAA4D;IAC5D,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,mCAAmC;IACnC,QAAQ,EAAE,WAAW,CAAC,0BAA0B,EAAE,CAAC;IACnD,GAAG,EAAE;QACH,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC,CAAC;QACzD,QAAQ,EAAE,OAAO,EAAE,CAAC;KACrB,CAAC;CACH;AAED,wBAAsB,WAAW,CAC/B,IAAI,EAAE,MAAM,EACZ,WAAW,CAAC,EAAE,MAAM,GACnB,OAAO,CAAC,oBAAoB,CAAC,CAkD/B"}
|
package/dist/tarball.js
CHANGED
|
@@ -59,7 +59,9 @@ export async function scanDirOrArchive(name, version, options) {
|
|
|
59
59
|
const filesDependencies = [...new Set(scannedFiles.flatMap((row) => row.filesDependencies))];
|
|
60
60
|
const tryDependencies = new Set(scannedFiles.flatMap((row) => row.tryDependencies));
|
|
61
61
|
const minifiedFiles = scannedFiles.filter((row) => row.isMinified).flatMap((row) => row.file);
|
|
62
|
+
const hasExternalCapacity = scannedFiles.some((row) => row.filesFlags.hasExternalCapacity);
|
|
62
63
|
const { nodeDependencies, thirdPartyDependencies, subpathImportsDependencies, missingDependencies, unusedDependencies, flags } = analyzeDependencies(dependencies, { mama, tryDependencies });
|
|
64
|
+
ref.type = mama.moduleType;
|
|
63
65
|
ref.size = composition.size;
|
|
64
66
|
ref.composition.extensions.push(...composition.ext);
|
|
65
67
|
ref.composition.files.push(...composition.files);
|
|
@@ -72,6 +74,7 @@ export async function scanDirOrArchive(name, version, options) {
|
|
|
72
74
|
ref.composition.minified = minifiedFiles;
|
|
73
75
|
ref.flags.push(...booleanToFlags({
|
|
74
76
|
...flags,
|
|
77
|
+
hasExternalCapacity: hasExternalCapacity || flags.hasExternalCapacity,
|
|
75
78
|
hasNoLicense: spdx.uniqueLicenseIds.length === 0,
|
|
76
79
|
hasMultipleLicenses: spdx.uniqueLicenseIds.length > 1,
|
|
77
80
|
hasMinifiedCode: minifiedFiles.length > 0,
|
package/dist/tarball.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tarball.js","sourceRoot":"","sources":["../src/tarball.ts"],"names":[],"mappings":"AAAA,8BAA8B;AAC9B,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,MAAM,SAAS,CAAC;AAEzB,kCAAkC;AAClC,OAAO,EACL,WAAW,EAGZ,MAAM,sBAAsB,CAAC;AAC9B,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,KAAK,WAAW,MAAM,yBAAyB,CAAC;AACvD,OAAO,
|
|
1
|
+
{"version":3,"file":"tarball.js","sourceRoot":"","sources":["../src/tarball.ts"],"names":[],"mappings":"AAAA,8BAA8B;AAC9B,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,MAAM,SAAS,CAAC;AAEzB,kCAAkC;AAClC,OAAO,EACL,WAAW,EAGZ,MAAM,sBAAsB,CAAC;AAC9B,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,KAAK,WAAW,MAAM,yBAAyB,CAAC;AACvD,OAAO,EACL,eAAe,EAEhB,MAAM,kBAAkB,CAAC;AAE1B,+BAA+B;AAC/B,OAAO,EACL,qBAAqB,EACrB,eAAe,EACf,mBAAmB,EACnB,cAAc,EACf,MAAM,kBAAkB,CAAC;AAC1B,OAAO,KAAK,QAAQ,MAAM,eAAe,CAAC;AAC1C,OAAO,KAAK,IAAI,MAAM,iBAAiB,CAAC;AAiCxC,YAAY;AACZ,MAAM,SAAS,GAAG,OAAO,OAAO,CAAC,GAAG,CAAC,iBAAiB,KAAK,QAAQ,CAAC,CAAC;IACnE,EAAE,KAAK,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB,EAAE,CAAC,CAAC;IAC1C,EAAE,CAAC;AAEL,MAAM,qBAAqB,GAAG,IAAI,GAAG,CAAC,CAAC,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC,CAAC;AACpF,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;AASpD,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,IAAY,EACZ,OAAe,EACf,OAAgC;IAEhC,MAAM,EAAE,GAAG,EAAE,QAAQ,GAAG,OAAO,CAAC,GAAG,EAAE,EAAE,WAAW,GAAG,IAAI,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC;IAEhF,MAAM,YAAY,GAAG,CAAC,CAAC,WAAW,KAAK,IAAI,CAAC,CAAC;IAC7C,MAAM,IAAI,GAAG,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,GAAG,IAAI,IAAI,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC;IAEpF,wEAAwE;IACxE,IAAI,YAAY,EAAE,CAAC;QACjB,MAAM,MAAM,CAAC,OAAO,CAClB,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,MAAO,CAAC,CAAC,CAAC,GAAG,IAAI,IAAI,OAAO,EAAE,EAChE,IAAI,EACJ;YACE,GAAG,SAAS;YACZ,QAAQ;YACR,KAAK,EAAE,GAAG,EAAE,CAAC,OAAO,EAAE,OAAO;SAC9B,CACF,CAAC;IACJ,CAAC;IAED,iEAAiE;IACjE,MAAM,CACJ,IAAI,EACJ,WAAW,EACX,IAAI,CACL,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;QACpB,eAAe,CAAC,eAAe,CAAC,IAAI,CAAC;QACrC,qBAAqB,CAAC,IAAI,CAAC;QAC3B,WAAW,CAAC,eAAe,CAAC,IAAI,CAAC;KAClC,CAAC,CAAC;IAEH,CAAC;QACC,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC;QACpE,MAAM,CAAC,MAAM,CAAC,GAAG,EAAE;YACjB,WAAW,EAAE,OAAO,EAAE,UAAU,EAAE,OAAO;YACzC,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS;SACpD,CAAC,CAAC;IACL,CAAC;IACD,GAAG,CAAC,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;IAC7B,GAAG,CAAC,gBAAgB,GAAG,IAAI,CAAC,gBAAgB,CAAC;IAE7C,mDAAmD;IACnD,IAAI,WAAW,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,WAAW,CAAC,KAAK,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;QACjF,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,sBAAsB,EAAE,CAAC,CAAC;IACvD,CAAC;IAED,+CAA+C;IAC/C,mEAAmE;IACnE,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,WAAW,CAAC,KAAK,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;IAE7E,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;IAClE,IAAI,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QAChC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC,CAAC;IACxD,CAAC;IAED,MAAM,YAAY,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IACnF,MAAM,iBAAiB,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC,CAAC,CAAC;IAC7F,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC,CAAC;IACpF,MAAM,aAAa,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAC9F,MAAM,mBAAmB,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,UAAU,CAAC,mBAAmB,CAAC,CAAC;IAE3F,MAAM,EACJ,gBAAgB,EAChB,sBAAsB,EACtB,0BAA0B,EAC1B,mBAAmB,EACnB,kBAAkB,EAClB,KAAK,EACN,GAAG,mBAAmB,CACrB,YAAY,EACZ,EAAE,IAAI,EAAE,eAAe,EAAE,CAC1B,CAAC;IAEF,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC,UAAU,CAAC;IAC3B,GAAG,CAAC,IAAI,GAAG,WAAW,CAAC,IAAI,CAAC;IAC5B,GAAG,CAAC,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;IACpD,GAAG,CAAC,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC;IACjD,GAAG,CAAC,WAAW,CAAC,mBAAmB,GAAG,sBAAsB,CAAC;IAC7D,GAAG,CAAC,WAAW,CAAC,gBAAgB,GAAG,0BAA0B,CAAC;IAC9D,GAAG,CAAC,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,kBAAkB,CAAC,CAAC;IACnD,GAAG,CAAC,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,mBAAmB,CAAC,CAAC;IACrD,GAAG,CAAC,WAAW,CAAC,cAAc,GAAG,iBAAiB,CAAC;IACnD,GAAG,CAAC,WAAW,CAAC,eAAe,GAAG,gBAAgB,CAAC;IACnD,GAAG,CAAC,WAAW,CAAC,QAAQ,GAAG,aAAa,CAAC;IAEzC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,cAAc,CAAC;QAC/B,GAAG,KAAK;QACR,mBAAmB,EAAE,mBAAmB,IAAI,KAAK,CAAC,mBAAmB;QACrE,YAAY,EAAE,IAAI,CAAC,gBAAgB,CAAC,MAAM,KAAK,CAAC;QAChD,mBAAmB,EAAE,IAAI,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC;QACrD,eAAe,EAAE,aAAa,CAAC,MAAM,GAAG,CAAC;QACzC,WAAW,EAAE,GAAG,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,aAAa,CAAC;QAC1E,aAAa,EAAE,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;QACtE,aAAa,EAAE,IAAI,CAAC,KAAK,CAAC,QAAQ;YAChC,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,qBAAqB,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;QACjF,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,gBAAgB;KACvC,CAAC,CAAC,CAAC;AACN,CAAC;AAuBD,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,IAAY,EACZ,WAAoB;IAEpB,MAAM,CACJ,IAAI,EACJ,WAAW,EACX,IAAI,CACL,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;QACpB,eAAe,CAAC,eAAe,CAAC,IAAI,CAAC;QACrC,qBAAqB,CAAC,IAAI,CAAC;QAC3B,WAAW,CAAC,eAAe,CAAC,IAAI,CAAC;KAClC,CAAC,CAAC;IACH,MAAM,EAAE,IAAI,GAAG,QAAQ,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC;IAE1C,kCAAkC;IAClC,MAAM,YAAY,GAA+C,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACrF,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,MAAM,QAAQ,GAAc,EAAE,CAAC;IAE/B,MAAM,OAAO,GAAG,WAAW,CAAC,KAAK;SAC9B,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACxD,KAAK,MAAM,IAAI,IAAI,OAAO,EAAE,CAAC;QAC3B,MAAM,MAAM,GAAG,MAAM,IAAI,WAAW,EAAE,CAAC,WAAW,CAChD,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,EACrB;YACE,WAAW,EAAE,WAAW,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI;YAC9C,MAAM,EAAE,IAAI,KAAK,QAAQ;SAC1B,CACF,CAAC;QAEF,QAAQ,CAAC,IAAI,CACX,GAAG,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CACpE,CAAC;QACF,IAAI,MAAM,CAAC,EAAE,EAAE,CAAC;YACd,YAAY,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;YAC7D,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;gBACtB,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACtB,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,KAAK,EAAE;YACL,IAAI,EAAE,WAAW,CAAC,KAAK;YACvB,UAAU,EAAE,CAAC,GAAG,WAAW,CAAC,GAAG,CAAC;YAChC,QAAQ;SACT;QACD,aAAa,EAAE,WAAW,CAAC,IAAI;QAC/B,gBAAgB,EAAE,IAAI,CAAC,gBAAgB;QACvC,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,GAAG,EAAE,EAAE,YAAY,EAAE,QAAQ,EAAE;KAChC,CAAC;AACJ,CAAC"}
|
|
@@ -1,10 +1,10 @@
|
|
|
1
1
|
import { ManifestManager } from "@nodesecure/mama";
|
|
2
2
|
export declare const NODE_BUILTINS: Set<string>;
|
|
3
|
-
export interface
|
|
3
|
+
export interface AnalyzeDependenciesOptions {
|
|
4
4
|
mama: Pick<ManifestManager, "dependencies" | "devDependencies"> & Partial<Pick<ManifestManager, "nodejsImports">>;
|
|
5
5
|
tryDependencies: Set<string>;
|
|
6
6
|
}
|
|
7
|
-
export interface
|
|
7
|
+
export interface AnalyzeDependenciesResult {
|
|
8
8
|
nodeDependencies: string[];
|
|
9
9
|
thirdPartyDependencies: string[];
|
|
10
10
|
subpathImportsDependencies: Record<string, string>;
|
|
@@ -15,5 +15,5 @@ export interface analyzeDependenciesResult {
|
|
|
15
15
|
hasMissingOrUnusedDependency: boolean;
|
|
16
16
|
};
|
|
17
17
|
}
|
|
18
|
-
export declare function analyzeDependencies(sourceDependencies: string[], options:
|
|
18
|
+
export declare function analyzeDependencies(sourceDependencies: string[], options: AnalyzeDependenciesOptions): AnalyzeDependenciesResult;
|
|
19
19
|
//# sourceMappingURL=analyzeDependencies.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"analyzeDependencies.d.ts","sourceRoot":"","sources":["../../src/utils/analyzeDependencies.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"analyzeDependencies.d.ts","sourceRoot":"","sources":["../../src/utils/analyzeDependencies.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAOnD,eAAO,MAAM,aAAa,aA6CxB,CAAC;AAKH,MAAM,WAAW,0BAA0B;IACzC,IAAI,EACF,IAAI,CAAC,eAAe,EAAE,cAAc,GAAG,iBAAiB,CAAC,GACzD,OAAO,CAAC,IAAI,CAAC,eAAe,EAAE,eAAe,CAAC,CAAC,CAAC;IAClD,eAAe,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;CAC9B;AAED,MAAM,WAAW,yBAAyB;IACxC,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,sBAAsB,EAAE,MAAM,EAAE,CAAC;IACjC,0BAA0B,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACnD,kBAAkB,EAAE,MAAM,EAAE,CAAC;IAC7B,mBAAmB,EAAE,MAAM,EAAE,CAAC;IAC9B,KAAK,EAAE;QACL,mBAAmB,EAAE,OAAO,CAAC;QAC7B,4BAA4B,EAAE,OAAO,CAAC;KACvC,CAAC;CACH;AAED,wBAAgB,mBAAmB,CACjC,kBAAkB,EAAE,MAAM,EAAE,EAC5B,OAAO,EAAE,0BAA0B,GAClC,yBAAyB,CAkD3B"}
|
|
@@ -1,5 +1,3 @@
|
|
|
1
|
-
// Import Node.js Dependencies
|
|
2
|
-
import path from "node:path";
|
|
3
1
|
// Import Third-party Dependencies
|
|
4
2
|
import { ManifestManager } from "@nodesecure/mama";
|
|
5
3
|
// Import Internal Dependencies
|
|
@@ -51,6 +49,7 @@ export const NODE_BUILTINS = new Set([
|
|
|
51
49
|
"wasi",
|
|
52
50
|
"diagnostics_channel"
|
|
53
51
|
]);
|
|
52
|
+
const kFileExtensions = [".js", ".jsx", ".ts", ".tsx", ".mjs", ".cjs", ".node", ".json"];
|
|
54
53
|
const kExternalModules = new Set(["http", "https", "net", "http2", "dgram", "child_process"]);
|
|
55
54
|
export function analyzeDependencies(sourceDependencies, options) {
|
|
56
55
|
const { mama, tryDependencies } = options;
|
|
@@ -74,6 +73,8 @@ export function analyzeDependencies(sourceDependencies, options) {
|
|
|
74
73
|
]
|
|
75
74
|
.filter((name) => !(name in nodejsImports) && !thirdPartyDependenciesAliased.has(name));
|
|
76
75
|
const nodeDependencies = sourceDependencies.filter((name) => isCoreModule(name));
|
|
76
|
+
const hasMissingOrUnusedDependency = unusedDependencies.length > 0 ||
|
|
77
|
+
missingDependencies.length > 0;
|
|
77
78
|
return {
|
|
78
79
|
nodeDependencies,
|
|
79
80
|
thirdPartyDependencies: [...new Set(thirdPartyDependencies)],
|
|
@@ -82,15 +83,16 @@ export function analyzeDependencies(sourceDependencies, options) {
|
|
|
82
83
|
missingDependencies,
|
|
83
84
|
flags: {
|
|
84
85
|
hasExternalCapacity: nodeDependencies.some((depName) => kExternalModules.has(depName)),
|
|
85
|
-
hasMissingOrUnusedDependency
|
|
86
|
+
hasMissingOrUnusedDependency
|
|
86
87
|
}
|
|
87
88
|
};
|
|
88
89
|
}
|
|
89
90
|
function difference(arr1, arr2) {
|
|
90
91
|
return arr1.filter((item) => !arr2.includes(item));
|
|
91
92
|
}
|
|
92
|
-
function isFile(
|
|
93
|
-
return
|
|
93
|
+
function isFile(filePath) {
|
|
94
|
+
return filePath.startsWith(".")
|
|
95
|
+
|| kFileExtensions.some((extension) => filePath.endsWith(extension));
|
|
94
96
|
}
|
|
95
97
|
function isCoreModule(moduleName) {
|
|
96
98
|
const cleanModuleName = moduleName.startsWith("node:") ? moduleName.slice(5) : moduleName;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"analyzeDependencies.js","sourceRoot":"","sources":["../../src/utils/analyzeDependencies.ts"],"names":[],"mappings":"AAAA,
|
|
1
|
+
{"version":3,"file":"analyzeDependencies.js","sourceRoot":"","sources":["../../src/utils/analyzeDependencies.ts"],"names":[],"mappings":"AAAA,kCAAkC;AAClC,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAGnD,+BAA+B;AAC/B,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AAErD,YAAY;AACZ,MAAM,CAAC,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC;IACnC,QAAQ;IACR,QAAQ;IACR,eAAe;IACf,SAAS;IACT,SAAS;IACT,WAAW;IACX,QAAQ;IACR,OAAO;IACP,KAAK;IACL,QAAQ;IACR,QAAQ;IACR,IAAI;IACJ,MAAM;IACN,OAAO;IACP,QAAQ;IACR,KAAK;IACL,IAAI;IACJ,MAAM;IACN,UAAU;IACV,aAAa;IACb,UAAU;IACV,MAAM;IACN,QAAQ;IACR,gBAAgB;IAChB,KAAK;IACL,QAAQ;IACR,KAAK;IACL,KAAK;IACL,KAAK;IACL,MAAM;IACN,IAAI;IACJ,MAAM;IACN,UAAU;IACV,IAAI;IACJ,SAAS;IACT,WAAW;IACX,aAAa;IACb,OAAO;IACP,YAAY;IACZ,cAAc;IACd,gBAAgB;IAChB,WAAW;IACX,MAAM;IACN,qBAAqB;CACtB,CAAC,CAAC;AAEH,MAAM,eAAe,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;AACzF,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,CAAC,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,eAAe,CAAC,CAAC,CAAC;AAqB9F,MAAM,UAAU,mBAAmB,CACjC,kBAA4B,EAC5B,OAAmC;IAEnC,MAAM,EAAE,IAAI,EAAE,eAAe,EAAE,GAAG,OAAO,CAAC;IAC1C,MAAM,EAAE,YAAY,EAAE,eAAe,EAAE,aAAa,GAAG,EAAE,EAAE,GAAG,IAAI,CAAC;IAEnE,4DAA4D;IAC5D,MAAM,0BAA0B,GAAG,MAAM,CAAC,WAAW,CACnD,kBAAkB;SACf,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,iBAAiB,CAAC,IAAI,CAAC,IAAI,IAAI,IAAI,aAAa,CAAC;SAClE,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,sBAAsB,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC,CAC9D,CAAC;IACF,MAAM,6BAA6B,GAAG,IAAI,GAAG,CAC3C,MAAM,CAAC,MAAM,CAAC,0BAA0B,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CACxE,CAAC;IAEF,MAAM,sBAAsB,GAAG,kBAAkB,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,EAAE;QACvE,MAAM,IAAI,GAAG,YAAY,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;QAEzF,OAAO,MAAM,CAAC,IAAI,CAAC;YACjB,YAAY,CAAC,IAAI,CAAC;YAClB,eAAe,CAAC,QAAQ,CAAC,IAAI,CAAC;YAC9B,eAAe,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC;YAC3B,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;IACd,CAAC,CAAC,CAAC;IAEH,MAAM,kBAAkB,GAAG,UAAU,CACnC,YAAY,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,EACzD,CAAC,GAAG,sBAAsB,EAAE,GAAG,6BAA6B,CAAC,CAC9D,CAAC;IACF,MAAM,mBAAmB,GAAG;QAC1B,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,sBAAsB,EAAE,YAAY,CAAC,CAAC;KAC7D;SACE,MAAM,CAAC,CAAC,IAAY,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,IAAI,aAAa,CAAC,IAAI,CAAC,6BAA6B,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC;IAClG,MAAM,gBAAgB,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC;IAEjF,MAAM,4BAA4B,GAChC,kBAAkB,CAAC,MAAM,GAAG,CAAC;QAC7B,mBAAmB,CAAC,MAAM,GAAG,CAAC,CAAC;IAEjC,OAAO;QACL,gBAAgB;QAChB,sBAAsB,EAAE,CAAC,GAAG,IAAI,GAAG,CAAC,sBAAsB,CAAC,CAAC;QAC5D,0BAA0B;QAC1B,kBAAkB;QAClB,mBAAmB;QAEnB,KAAK,EAAE;YACL,mBAAmB,EAAE,gBAAgB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,gBAAgB,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YACtF,4BAA4B;SAC7B;KACF,CAAC;AACJ,CAAC;AAED,SAAS,UAAU,CAAI,IAAS,EAAE,IAAS;IACzC,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;AACrD,CAAC;AAED,SAAS,MAAM,CACb,QAAgB;IAEhB,OAAO,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC;WAC1B,eAAe,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC;AACzE,CAAC;AAED,SAAS,YAAY,CACnB,UAAkB;IAElB,MAAM,eAAe,GAAG,UAAU,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC;IAE1F,oGAAoG;IACpG,OAAO,aAAa,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,aAAa,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;AAC7E,CAAC;AAED,SAAS,iBAAiB,CACxB,UAAkB;IAElB,OAAO,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC;AACtC,CAAC;AAED,SAAS,sBAAsB,CAC7B,KAAa,EACb,WAAgD;IAEhD,MAAM,WAAW,GAAG,WAAW,CAAC,KAAK,CAAE,CAAC;IAExC,OAAO,OAAO,WAAW,KAAK,QAAQ,CAAC,CAAC;QACtC,CAAC,KAAK,EAAE,WAAW,CAAC,CAAC,CAAC;QACtB,CAAC,KAAK,EAAE,MAAM,IAAI,WAAW,CAAC,CAAC,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;AAC5E,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,43 +1,43 @@
|
|
|
1
|
-
{
|
|
2
|
-
"name": "@nodesecure/tarball",
|
|
3
|
-
"version": "1.
|
|
4
|
-
"description": "NodeSecure tarball scanner",
|
|
5
|
-
"type": "module",
|
|
6
|
-
"exports": "./dist/index.js",
|
|
7
|
-
"types": "./dist/index.d.ts",
|
|
8
|
-
"scripts": {
|
|
9
|
-
"build": "tsc -b",
|
|
10
|
-
"prepublishOnly": "npm run build",
|
|
11
|
-
"test-only": "tsx --test ./test/**/*.spec.ts",
|
|
12
|
-
"test": "c8 -r html npm run test-only"
|
|
13
|
-
},
|
|
14
|
-
"files": [
|
|
15
|
-
"dist"
|
|
16
|
-
],
|
|
17
|
-
"keywords": [
|
|
18
|
-
"NodeSecure",
|
|
19
|
-
"tarball"
|
|
20
|
-
],
|
|
21
|
-
"author": "GENTILHOMME Thomas <gentilhomme.thomas@gmail.com>",
|
|
22
|
-
"license": "MIT",
|
|
23
|
-
"repository": {
|
|
24
|
-
"type": "git",
|
|
25
|
-
"url": "git+https://github.com/NodeSecure/scanner.git"
|
|
26
|
-
},
|
|
27
|
-
"bugs": {
|
|
28
|
-
"url": "https://github.com/NodeSecure/scanner/issues"
|
|
29
|
-
},
|
|
30
|
-
"homepage": "https://github.com/NodeSecure/tree/master/workspaces/tarball#readme",
|
|
31
|
-
"dependencies": {
|
|
32
|
-
"@nodesecure/conformance": "^1.0.0",
|
|
33
|
-
"@nodesecure/fs-walk": "^2.0.0",
|
|
34
|
-
"@nodesecure/js-x-ray": "^8.
|
|
35
|
-
"@nodesecure/mama": "^1.
|
|
36
|
-
"@nodesecure/npm-types": "^1.2.0",
|
|
37
|
-
"@nodesecure/utils": "^2.
|
|
38
|
-
"pacote": "^21.0.0"
|
|
39
|
-
},
|
|
40
|
-
"devDependencies": {
|
|
41
|
-
"get-folder-size": "^5.0.0"
|
|
42
|
-
}
|
|
43
|
-
}
|
|
1
|
+
{
|
|
2
|
+
"name": "@nodesecure/tarball",
|
|
3
|
+
"version": "1.3.0",
|
|
4
|
+
"description": "NodeSecure tarball scanner",
|
|
5
|
+
"type": "module",
|
|
6
|
+
"exports": "./dist/index.js",
|
|
7
|
+
"types": "./dist/index.d.ts",
|
|
8
|
+
"scripts": {
|
|
9
|
+
"build": "tsc -b",
|
|
10
|
+
"prepublishOnly": "npm run build",
|
|
11
|
+
"test-only": "tsx --test ./test/**/*.spec.ts",
|
|
12
|
+
"test": "c8 -r html npm run test-only"
|
|
13
|
+
},
|
|
14
|
+
"files": [
|
|
15
|
+
"dist"
|
|
16
|
+
],
|
|
17
|
+
"keywords": [
|
|
18
|
+
"NodeSecure",
|
|
19
|
+
"tarball"
|
|
20
|
+
],
|
|
21
|
+
"author": "GENTILHOMME Thomas <gentilhomme.thomas@gmail.com>",
|
|
22
|
+
"license": "MIT",
|
|
23
|
+
"repository": {
|
|
24
|
+
"type": "git",
|
|
25
|
+
"url": "git+https://github.com/NodeSecure/scanner.git"
|
|
26
|
+
},
|
|
27
|
+
"bugs": {
|
|
28
|
+
"url": "https://github.com/NodeSecure/scanner/issues"
|
|
29
|
+
},
|
|
30
|
+
"homepage": "https://github.com/NodeSecure/tree/master/workspaces/tarball#readme",
|
|
31
|
+
"dependencies": {
|
|
32
|
+
"@nodesecure/conformance": "^1.0.0",
|
|
33
|
+
"@nodesecure/fs-walk": "^2.0.0",
|
|
34
|
+
"@nodesecure/js-x-ray": "^8.2.0",
|
|
35
|
+
"@nodesecure/mama": "^1.5.0",
|
|
36
|
+
"@nodesecure/npm-types": "^1.2.0",
|
|
37
|
+
"@nodesecure/utils": "^2.3.0",
|
|
38
|
+
"pacote": "^21.0.0"
|
|
39
|
+
},
|
|
40
|
+
"devDependencies": {
|
|
41
|
+
"get-folder-size": "^5.0.0"
|
|
42
|
+
}
|
|
43
|
+
}
|
|
@@ -1,24 +0,0 @@
|
|
|
1
|
-
import * as conformance from "@nodesecure/conformance";
|
|
2
|
-
import { ManifestManager } from "@nodesecure/mama";
|
|
3
|
-
import { type Dependency } from "@nodesecure/js-x-ray";
|
|
4
|
-
export interface NpmTarballExtractOptions {
|
|
5
|
-
registry?: string;
|
|
6
|
-
}
|
|
7
|
-
export declare class TarballExtractor {
|
|
8
|
-
static JS_EXTENSIONS: Set<string>;
|
|
9
|
-
manifest: ManifestManager;
|
|
10
|
-
archiveLocation: string;
|
|
11
|
-
constructor(archiveLocation: string, mama: ManifestManager);
|
|
12
|
-
scan(): Promise<{
|
|
13
|
-
spdx: conformance.SpdxExtractedResult;
|
|
14
|
-
composition: import("../utils/getTarballComposition.js").TarballComposition;
|
|
15
|
-
}>;
|
|
16
|
-
runJavaScriptSast(JSFiles: string[]): Promise<{
|
|
17
|
-
dependencies: Record<string, Record<string, Dependency>>;
|
|
18
|
-
warnings: Omit<import("@nodesecure/js-x-ray").WarningDefault<import("@nodesecure/js-x-ray").WarningName>, "value">[];
|
|
19
|
-
minified: string[];
|
|
20
|
-
}>;
|
|
21
|
-
static fromNpm(location: string, spec: string, options?: NpmTarballExtractOptions): Promise<TarballExtractor>;
|
|
22
|
-
static fromFileSystem(location: string): Promise<TarballExtractor>;
|
|
23
|
-
}
|
|
24
|
-
//# sourceMappingURL=TarballExtractor.class.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"TarballExtractor.class.d.ts","sourceRoot":"","sources":["../../src/class/TarballExtractor.class.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,WAAW,MAAM,yBAAyB,CAAC;AACvD,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACnD,OAAO,EAIL,KAAK,UAAU,EAChB,MAAM,sBAAsB,CAAC;AAY9B,MAAM,WAAW,wBAAwB;IACvC,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,qBAAa,gBAAgB;IAC3B,MAAM,CAAC,aAAa,cAAoC;IAEjD,QAAQ,EAAE,eAAe,CAAC;IAC1B,eAAe,EAAE,MAAM,CAAC;gBAG7B,eAAe,EAAE,MAAM,EACvB,IAAI,EAAE,eAAe;IAMjB,IAAI;;;;IAeJ,iBAAiB,CACrB,OAAO,EAAE,MAAM,EAAE;;;;;WAyDN,OAAO,CAClB,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,MAAM,EACZ,OAAO,GAAE,wBAA6B;WAa3B,cAAc,CACzB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,gBAAgB,CAAC;CAK7B"}
|
|
@@ -1,87 +0,0 @@
|
|
|
1
|
-
// Import Node.js Dependencies
|
|
2
|
-
import os from "node:os";
|
|
3
|
-
import path from "node:path";
|
|
4
|
-
// Import Third-party Dependencies
|
|
5
|
-
import pacote from "pacote";
|
|
6
|
-
import * as conformance from "@nodesecure/conformance";
|
|
7
|
-
import { ManifestManager } from "@nodesecure/mama";
|
|
8
|
-
import { EntryFilesAnalyser, AstAnalyser } from "@nodesecure/js-x-ray";
|
|
9
|
-
// Import Internal Dependencies
|
|
10
|
-
import { getTarballComposition } from "../utils/index.js";
|
|
11
|
-
// CONSTANTS
|
|
12
|
-
const kNpmToken = typeof process.env.NODE_SECURE_TOKEN === "string" ?
|
|
13
|
-
{ token: process.env.NODE_SECURE_TOKEN } :
|
|
14
|
-
{};
|
|
15
|
-
export class TarballExtractor {
|
|
16
|
-
static JS_EXTENSIONS = new Set([".js", ".mjs", ".cjs"]);
|
|
17
|
-
manifest;
|
|
18
|
-
archiveLocation;
|
|
19
|
-
constructor(archiveLocation, mama) {
|
|
20
|
-
this.archiveLocation = archiveLocation;
|
|
21
|
-
this.manifest = mama;
|
|
22
|
-
}
|
|
23
|
-
async scan() {
|
|
24
|
-
const [composition, spdx] = await Promise.all([
|
|
25
|
-
getTarballComposition(this.archiveLocation),
|
|
26
|
-
conformance.extractLicenses(this.archiveLocation)
|
|
27
|
-
]);
|
|
28
|
-
return {
|
|
29
|
-
spdx,
|
|
30
|
-
composition
|
|
31
|
-
};
|
|
32
|
-
}
|
|
33
|
-
async runJavaScriptSast(JSFiles) {
|
|
34
|
-
const dependencies = Object.create(null);
|
|
35
|
-
const minified = [];
|
|
36
|
-
const warnings = [];
|
|
37
|
-
const entries = [...this.manifest.getEntryFiles()]
|
|
38
|
-
.filter((entryFile) => TarballExtractor.JS_EXTENSIONS.has(path.extname(entryFile)));
|
|
39
|
-
if (entries.length > 0) {
|
|
40
|
-
const efa = new EntryFilesAnalyser();
|
|
41
|
-
for await (const fileReport of efa.analyse(entries)) {
|
|
42
|
-
warnings.push(...fileReport.warnings.map((warning) => {
|
|
43
|
-
return { ...warning, file: fileReport.file };
|
|
44
|
-
}));
|
|
45
|
-
if (fileReport.ok) {
|
|
46
|
-
dependencies[fileReport.file] = Object.fromEntries(fileReport.dependencies);
|
|
47
|
-
fileReport.isMinified && minified.push(fileReport.file);
|
|
48
|
-
}
|
|
49
|
-
}
|
|
50
|
-
}
|
|
51
|
-
else {
|
|
52
|
-
const { name, type = "script" } = this.manifest.document;
|
|
53
|
-
for (const file of JSFiles) {
|
|
54
|
-
const result = await new AstAnalyser().analyseFile(path.join(this.archiveLocation, file), {
|
|
55
|
-
packageName: name,
|
|
56
|
-
module: type === "module"
|
|
57
|
-
});
|
|
58
|
-
warnings.push(...result.warnings.map((curr) => Object.assign({}, curr, { file })));
|
|
59
|
-
if (result.ok) {
|
|
60
|
-
dependencies[file] = Object.fromEntries(result.dependencies);
|
|
61
|
-
if (result.isMinified) {
|
|
62
|
-
minified.push(file);
|
|
63
|
-
}
|
|
64
|
-
}
|
|
65
|
-
}
|
|
66
|
-
}
|
|
67
|
-
return {
|
|
68
|
-
dependencies,
|
|
69
|
-
warnings,
|
|
70
|
-
minified
|
|
71
|
-
};
|
|
72
|
-
}
|
|
73
|
-
static async fromNpm(location, spec, options = {}) {
|
|
74
|
-
const { registry } = options;
|
|
75
|
-
await pacote.extract(spec, location, {
|
|
76
|
-
...kNpmToken,
|
|
77
|
-
registry,
|
|
78
|
-
cache: `${os.homedir()}/.npm`
|
|
79
|
-
});
|
|
80
|
-
return this.fromFileSystem(location);
|
|
81
|
-
}
|
|
82
|
-
static async fromFileSystem(location) {
|
|
83
|
-
const mama = await ManifestManager.fromPackageJSON(location);
|
|
84
|
-
return new TarballExtractor(location, mama);
|
|
85
|
-
}
|
|
86
|
-
}
|
|
87
|
-
//# sourceMappingURL=TarballExtractor.class.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"TarballExtractor.class.js","sourceRoot":"","sources":["../../src/class/TarballExtractor.class.ts"],"names":[],"mappings":"AAAA,8BAA8B;AAC9B,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,kCAAkC;AAClC,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,KAAK,WAAW,MAAM,yBAAyB,CAAC;AACvD,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACnD,OAAO,EACL,kBAAkB,EAClB,WAAW,EAGZ,MAAM,sBAAsB,CAAC;AAE9B,+BAA+B;AAC/B,OAAO,EACL,qBAAqB,EACtB,MAAM,mBAAmB,CAAC;AAE3B,YAAY;AACZ,MAAM,SAAS,GAAG,OAAO,OAAO,CAAC,GAAG,CAAC,iBAAiB,KAAK,QAAQ,CAAC,CAAC;IACnE,EAAE,KAAK,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB,EAAE,CAAC,CAAC;IAC1C,EAAE,CAAC;AAML,MAAM,OAAO,gBAAgB;IAC3B,MAAM,CAAC,aAAa,GAAG,IAAI,GAAG,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;IAEjD,QAAQ,CAAkB;IAC1B,eAAe,CAAS;IAE/B,YACE,eAAuB,EACvB,IAAqB;QAErB,IAAI,CAAC,eAAe,GAAG,eAAe,CAAC;QACvC,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,IAAI;QACR,MAAM,CACJ,WAAW,EACX,IAAI,CACL,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;YACpB,qBAAqB,CAAC,IAAI,CAAC,eAAe,CAAC;YAC3C,WAAW,CAAC,eAAe,CAAC,IAAI,CAAC,eAAe,CAAC;SAClD,CAAC,CAAC;QAEH,OAAO;YACL,IAAI;YACJ,WAAW;SACZ,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,iBAAiB,CACrB,OAAiB;QAEjB,MAAM,YAAY,GAA+C,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QACrF,MAAM,QAAQ,GAAa,EAAE,CAAC;QAC9B,MAAM,QAAQ,GAAc,EAAE,CAAC;QAE/B,MAAM,OAAO,GAAG,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,aAAa,EAAE,CAAC;aAC/C,MAAM,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,gBAAgB,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;QAEtF,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACvB,MAAM,GAAG,GAAG,IAAI,kBAAkB,EAAE,CAAC;YACrC,IAAI,KAAK,EAAE,MAAM,UAAU,IAAI,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;gBACpD,QAAQ,CAAC,IAAI,CACX,GAAG,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE;oBACrC,OAAO,EAAE,GAAG,OAAO,EAAE,IAAI,EAAE,UAAU,CAAC,IAAI,EAAE,CAAC;gBAC/C,CAAC,CAAC,CACH,CAAC;gBAEF,IAAI,UAAU,CAAC,EAAE,EAAE,CAAC;oBAClB,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,WAAW,CAChD,UAAU,CAAC,YAAY,CACxB,CAAC;oBACF,UAAU,CAAC,UAAU,IAAI,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;gBAC1D,CAAC;YACH,CAAC;QACH,CAAC;aACI,CAAC;YACJ,MAAM,EAAE,IAAI,EAAE,IAAI,GAAG,QAAQ,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAEzD,KAAK,MAAM,IAAI,IAAI,OAAO,EAAE,CAAC;gBAC3B,MAAM,MAAM,GAAG,MAAM,IAAI,WAAW,EAAE,CAAC,WAAW,CAChD,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,IAAI,CAAC,EACrC;oBACE,WAAW,EAAE,IAAI;oBACjB,MAAM,EAAE,IAAI,KAAK,QAAQ;iBAC1B,CACF,CAAC;gBAEF,QAAQ,CAAC,IAAI,CACX,GAAG,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CACpE,CAAC;gBACF,IAAI,MAAM,CAAC,EAAE,EAAE,CAAC;oBACd,YAAY,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;oBAC7D,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;wBACtB,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;oBACtB,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO;YACL,YAAY;YACZ,QAAQ;YACR,QAAQ;SACT,CAAC;IACJ,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,OAAO,CAClB,QAAgB,EAChB,IAAY,EACZ,UAAoC,EAAE;QAEtC,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC;QAE7B,MAAM,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,QAAQ,EAAE;YACnC,GAAG,SAAS;YACZ,QAAQ;YACR,KAAK,EAAE,GAAG,EAAE,CAAC,OAAO,EAAE,OAAO;SAC9B,CAAC,CAAC;QAEH,OAAO,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;IACvC,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,cAAc,CACzB,QAAgB;QAEhB,MAAM,IAAI,GAAG,MAAM,eAAe,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;QAE7D,OAAO,IAAI,gBAAgB,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;IAC9C,CAAC"}
|
package/dist/constants.d.ts
DELETED
|
@@ -1,10 +0,0 @@
|
|
|
1
|
-
export declare const NPM_TOKEN: {
|
|
2
|
-
token: string;
|
|
3
|
-
} | {
|
|
4
|
-
token?: undefined;
|
|
5
|
-
};
|
|
6
|
-
/**
|
|
7
|
-
* @see https://www.nerdycode.com/prevent-npm-executing-scripts-security/
|
|
8
|
-
*/
|
|
9
|
-
export declare const UNSAFE_SCRIPTS: Set<string>;
|
|
10
|
-
//# sourceMappingURL=constants.d.ts.map
|
package/dist/constants.d.ts.map
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,SAAS;;;;CAElB,CAAC;AAEL;;GAEG;AACH,eAAO,MAAM,cAAc,aAMzB,CAAC"}
|
package/dist/constants.js
DELETED
|
@@ -1,14 +0,0 @@
|
|
|
1
|
-
export const NPM_TOKEN = typeof process.env.NODE_SECURE_TOKEN === "string" ?
|
|
2
|
-
{ token: process.env.NODE_SECURE_TOKEN } :
|
|
3
|
-
{};
|
|
4
|
-
/**
|
|
5
|
-
* @see https://www.nerdycode.com/prevent-npm-executing-scripts-security/
|
|
6
|
-
*/
|
|
7
|
-
export const UNSAFE_SCRIPTS = new Set([
|
|
8
|
-
"install",
|
|
9
|
-
"preinstall",
|
|
10
|
-
"postinstall",
|
|
11
|
-
"preuninstall",
|
|
12
|
-
"postuninstall"
|
|
13
|
-
]);
|
|
14
|
-
//# sourceMappingURL=constants.js.map
|
package/dist/constants.js.map
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"constants.js","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,SAAS,GAAG,OAAO,OAAO,CAAC,GAAG,CAAC,iBAAiB,KAAK,QAAQ,CAAC,CAAC;IAC1E,EAAE,KAAK,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB,EAAE,CAAC,CAAC;IAC1C,EAAE,CAAC;AAEL;;GAEG;AACH,MAAM,CAAC,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC;IACpC,SAAS;IACT,YAAY;IACZ,aAAa;IACb,cAAc;IACd,eAAe;CAChB,CAAC,CAAC"}
|
package/dist/manifest.d.ts
DELETED
|
@@ -1,18 +0,0 @@
|
|
|
1
|
-
import type { PackageJSON } from "@nodesecure/npm-types";
|
|
2
|
-
export declare function read(location: string): Promise<PackageJSON>;
|
|
3
|
-
export declare function readAnalyze(location: string): Promise<{
|
|
4
|
-
author: import("@nodesecure/utils").ParsedMaintainer | null;
|
|
5
|
-
description: string;
|
|
6
|
-
engines: Record<string, string>;
|
|
7
|
-
repository: {};
|
|
8
|
-
scripts: Record<string, string>;
|
|
9
|
-
hasScript: boolean;
|
|
10
|
-
packageDeps: string[];
|
|
11
|
-
packageDevDeps: string[];
|
|
12
|
-
nodejs: {
|
|
13
|
-
imports: Record<`#${string}`, string | import("@nodesecure/npm-types").NodeImport>;
|
|
14
|
-
};
|
|
15
|
-
hasNativeElements: boolean;
|
|
16
|
-
integrity: string;
|
|
17
|
-
}>;
|
|
18
|
-
//# sourceMappingURL=manifest.d.ts.map
|
package/dist/manifest.d.ts.map
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"manifest.d.ts","sourceRoot":"","sources":["../src/manifest.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAazD,wBAAsB,IAAI,CACxB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,WAAW,CAAC,CAOtB;AAED,wBAAsB,WAAW,CAAC,QAAQ,EAAE,MAAM;;;;;;;;;;;;;;GAsDjD"}
|
package/dist/manifest.js
DELETED
|
@@ -1,55 +0,0 @@
|
|
|
1
|
-
// Import Node.js Dependencies
|
|
2
|
-
import fs from "node:fs/promises";
|
|
3
|
-
import path from "node:path";
|
|
4
|
-
import crypto from "node:crypto";
|
|
5
|
-
import { parseAuthor } from "@nodesecure/utils";
|
|
6
|
-
// Import Internal Dependencies
|
|
7
|
-
import { UNSAFE_SCRIPTS } from "./constants.js";
|
|
8
|
-
// CONSTANTS
|
|
9
|
-
// PR welcome to contribute to this list!
|
|
10
|
-
const kNativeNpmPackages = new Set([
|
|
11
|
-
"node-gyp", "node-pre-gyp", "node-gyp-build", "node-addon-api"
|
|
12
|
-
]);
|
|
13
|
-
const kNodemodulesBinPrefix = "node_modules/.bin/";
|
|
14
|
-
export async function read(location) {
|
|
15
|
-
const packageStr = await fs.readFile(path.join(location, "package.json"), "utf-8");
|
|
16
|
-
return JSON.parse(packageStr);
|
|
17
|
-
}
|
|
18
|
-
export async function readAnalyze(location) {
|
|
19
|
-
const { name, version, description = "", author = {}, scripts = {}, dependencies = {}, devDependencies = {}, gypfile = false, engines = {}, repository = {}, imports = {}, license = "" } = await read(location);
|
|
20
|
-
for (const [scriptName, scriptValue] of Object.entries(scripts)) {
|
|
21
|
-
if (scriptValue.startsWith(kNodemodulesBinPrefix)) {
|
|
22
|
-
scripts[scriptName] = scriptValue.replaceAll(kNodemodulesBinPrefix, "");
|
|
23
|
-
}
|
|
24
|
-
}
|
|
25
|
-
const integrityObj = {
|
|
26
|
-
name,
|
|
27
|
-
version,
|
|
28
|
-
dependencies,
|
|
29
|
-
license,
|
|
30
|
-
scripts
|
|
31
|
-
};
|
|
32
|
-
const integrity = crypto
|
|
33
|
-
.createHash("sha256")
|
|
34
|
-
.update(JSON.stringify(integrityObj))
|
|
35
|
-
.digest("hex");
|
|
36
|
-
const packageDeps = Object.keys(dependencies);
|
|
37
|
-
const packageDevDeps = Object.keys(devDependencies);
|
|
38
|
-
const hasNativePackage = [...packageDevDeps, ...packageDeps]
|
|
39
|
-
.some((pkg) => kNativeNpmPackages.has(pkg));
|
|
40
|
-
return {
|
|
41
|
-
author: parseAuthor(author),
|
|
42
|
-
description,
|
|
43
|
-
engines,
|
|
44
|
-
repository,
|
|
45
|
-
scripts,
|
|
46
|
-
hasScript: Object.keys(scripts)
|
|
47
|
-
.some((value) => UNSAFE_SCRIPTS.has(value.toLowerCase())),
|
|
48
|
-
packageDeps,
|
|
49
|
-
packageDevDeps,
|
|
50
|
-
nodejs: { imports },
|
|
51
|
-
hasNativeElements: hasNativePackage || gypfile,
|
|
52
|
-
integrity
|
|
53
|
-
};
|
|
54
|
-
}
|
|
55
|
-
//# sourceMappingURL=manifest.js.map
|
package/dist/manifest.js.map
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"manifest.js","sourceRoot":"","sources":["../src/manifest.ts"],"names":[],"mappings":"AAAA,8BAA8B;AAC9B,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAClC,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,MAAM,MAAM,aAAa,CAAC;AAIjC,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAEhD,+BAA+B;AAC/B,OAAO,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAEhD,YAAY;AACZ,yCAAyC;AACzC,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAC;IACjC,UAAU,EAAE,cAAc,EAAE,gBAAgB,EAAE,gBAAgB;CAC/D,CAAC,CAAC;AACH,MAAM,qBAAqB,GAAG,oBAAoB,CAAC;AAEnD,MAAM,CAAC,KAAK,UAAU,IAAI,CACxB,QAAgB;IAEhB,MAAM,UAAU,GAAG,MAAM,EAAE,CAAC,QAAQ,CAClC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,cAAc,CAAC,EACnC,OAAO,CACR,CAAC;IAEF,OAAO,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;AAChC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,QAAgB;IAChD,MAAM,EACJ,IAAI,EACJ,OAAO,EACP,WAAW,GAAG,EAAE,EAChB,MAAM,GAAG,EAAE,EACX,OAAO,GAAG,EAAE,EACZ,YAAY,GAAG,EAAE,EACjB,eAAe,GAAG,EAAE,EACpB,OAAO,GAAG,KAAK,EACf,OAAO,GAAG,EAAE,EACZ,UAAU,GAAG,EAAE,EACf,OAAO,GAAG,EAAE,EACZ,OAAO,GAAG,EAAE,EACb,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,CAAC;IAEzB,KAAK,MAAM,CAAC,UAAU,EAAE,WAAW,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QAChE,IAAI,WAAW,CAAC,UAAU,CAAC,qBAAqB,CAAC,EAAE,CAAC;YAClD,OAAO,CAAC,UAAU,CAAC,GAAG,WAAW,CAAC,UAAU,CAAC,qBAAqB,EAAE,EAAE,CAAC,CAAC;QAC1E,CAAC;IACH,CAAC;IAED,MAAM,YAAY,GAAG;QACnB,IAAI;QACJ,OAAO;QACP,YAAY;QACZ,OAAO;QACP,OAAO;KACR,CAAC;IAEF,MAAM,SAAS,GAAG,MAAM;SACrB,UAAU,CAAC,QAAQ,CAAC;SACpB,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;SACpC,MAAM,CAAC,KAAK,CAAC,CAAC;IAEjB,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAC9C,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IACpD,MAAM,gBAAgB,GAAG,CAAC,GAAG,cAAc,EAAE,GAAG,WAAW,CAAC;SACzD,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,kBAAkB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;IAE9C,OAAO;QACL,MAAM,EAAE,WAAW,CAAC,MAAM,CAAC;QAC3B,WAAW;QACX,OAAO;QACP,UAAU;QACV,OAAO;QACP,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC;aAC5B,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC;QAC3D,WAAW;QACX,cAAc;QACd,MAAM,EAAE,EAAE,OAAO,EAAE;QACnB,iBAAiB,EAAE,gBAAgB,IAAI,OAAO;QAC9C,SAAS;KACV,CAAC;AACJ,CAAC"}
|
package/dist/types.d.ts
DELETED
|
@@ -1,31 +0,0 @@
|
|
|
1
|
-
import type { SpdxFileLicenseConformance } from "@nodesecure/conformance";
|
|
2
|
-
export interface DependencyRef {
|
|
3
|
-
id: number;
|
|
4
|
-
usedBy: Record<string, string>;
|
|
5
|
-
isDevDependency: boolean;
|
|
6
|
-
existOnRemoteRegistry: boolean;
|
|
7
|
-
flags: string[];
|
|
8
|
-
description: string;
|
|
9
|
-
size: number;
|
|
10
|
-
author: Record<string, any>;
|
|
11
|
-
engines: Record<string, any>;
|
|
12
|
-
repository: any;
|
|
13
|
-
scripts: Record<string, string>;
|
|
14
|
-
warnings: any;
|
|
15
|
-
licenses: SpdxFileLicenseConformance[];
|
|
16
|
-
uniqueLicenseIds: string[];
|
|
17
|
-
gitUrl: string | null;
|
|
18
|
-
alias: Record<string, string>;
|
|
19
|
-
composition: {
|
|
20
|
-
extensions: string[];
|
|
21
|
-
files: string[];
|
|
22
|
-
minified: string[];
|
|
23
|
-
unused: string[];
|
|
24
|
-
missing: string[];
|
|
25
|
-
required_files: string[];
|
|
26
|
-
required_nodejs: string[];
|
|
27
|
-
required_thirdparty: string[];
|
|
28
|
-
required_subpath: Record<string, string>;
|
|
29
|
-
};
|
|
30
|
-
}
|
|
31
|
-
//# sourceMappingURL=types.d.ts.map
|
package/dist/types.d.ts.map
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,yBAAyB,CAAC;AAE1E,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC/B,eAAe,EAAE,OAAO,CAAC;IACzB,qBAAqB,EAAE,OAAO,CAAC;IAC/B,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC5B,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC7B,UAAU,EAAE,GAAG,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,QAAQ,EAAE,GAAG,CAAC;IACd,QAAQ,EAAE,0BAA0B,EAAE,CAAC;IACvC,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC9B,WAAW,EAAE;QACX,UAAU,EAAE,MAAM,EAAE,CAAC;QACrB,KAAK,EAAE,MAAM,EAAE,CAAC;QAChB,QAAQ,EAAE,MAAM,EAAE,CAAC;QACnB,MAAM,EAAE,MAAM,EAAE,CAAC;QACjB,OAAO,EAAE,MAAM,EAAE,CAAC;QAClB,cAAc,EAAE,MAAM,EAAE,CAAC;QACzB,eAAe,EAAE,MAAM,EAAE,CAAC;QAC1B,mBAAmB,EAAE,MAAM,EAAE,CAAC;QAC9B,gBAAgB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;KAC1C,CAAA;CACF"}
|
package/dist/types.js
DELETED
package/dist/types.js.map
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":""}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"getSemverWarning.d.ts","sourceRoot":"","sources":["../../src/utils/getSemverWarning.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAE3D,wBAAgB,gBAAgB,CAC9B,KAAK,EAAE,MAAM,GACZ,cAAc,CAAC,aAAa,CAAC,CAW/B"}
|
|
@@ -1,13 +0,0 @@
|
|
|
1
|
-
export function getSemVerWarning(value) {
|
|
2
|
-
return {
|
|
3
|
-
kind: "zero-semver",
|
|
4
|
-
file: "package.json",
|
|
5
|
-
value,
|
|
6
|
-
location: null,
|
|
7
|
-
i18n: "sast_warnings.zeroSemVer",
|
|
8
|
-
severity: "Information",
|
|
9
|
-
source: "Scanner",
|
|
10
|
-
experimental: false
|
|
11
|
-
};
|
|
12
|
-
}
|
|
13
|
-
//# sourceMappingURL=getSemverWarning.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"getSemverWarning.js","sourceRoot":"","sources":["../../src/utils/getSemverWarning.ts"],"names":[],"mappings":"AAGA,MAAM,UAAU,gBAAgB,CAC9B,KAAa;IAEb,OAAO;QACL,IAAI,EAAE,aAAa;QACnB,IAAI,EAAE,cAAc;QACpB,KAAK;QACL,QAAQ,EAAE,IAAI;QACd,IAAI,EAAE,0BAA0B;QAChC,QAAQ,EAAE,aAAa;QACvB,MAAM,EAAE,SAAS;QACjB,YAAY,EAAE,KAAK;KACpB,CAAC;AACJ,CAAC"}
|