@nodesecure/tarball 3.2.0 → 3.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/class/NpmTarball.class.d.ts.map +1 -1
- package/dist/class/NpmTarball.class.js +20 -18
- package/dist/class/NpmTarball.class.js.map +1 -1
- package/dist/class/SourceCodeScanner.class.d.ts.map +1 -1
- package/dist/class/SourceCodeScanner.class.js +9 -2
- package/dist/class/SourceCodeScanner.class.js.map +1 -1
- package/dist/warnings.d.ts +25 -0
- package/dist/warnings.d.ts.map +1 -1
- package/package.json +2 -2
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"NpmTarball.class.d.ts","sourceRoot":"","sources":["../../src/class/NpmTarball.class.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,WAAW,MAAM,yBAAyB,CAAC;AACvD,OAAO,EACL,eAAe,EACf,KAAK,sBAAsB,EAC5B,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAIL,KAAK,kBAAkB,EACxB,MAAM,sBAAsB,CAAC;AAG9B,OAAO,EACL,gBAAgB,EAEjB,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAEL,KAAK,kBAAkB,EACxB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,KAAK,QAAQ,EAAe,MAAM,wBAAwB,CAAC;AAEpE,MAAM,WAAW,kBAAkB;IACjC,WAAW,EAAE,kBAAkB,CAAC;IAChC,WAAW,EAAE,WAAW,CAAC,mBAAmB,CAAC;IAC7C,IAAI,EAAE,gBAAgB,CAAC;CACxB;AAED,MAAM,MAAM,iBAAiB,GAAG;IAC9B,QAAQ,CAAC,EAAE,QAAQ,CAAC;CACrB,CAAC;AAEF,qBAAa,UAAU;;IACrB,MAAM,CAAC,aAAa,cAIjB;IAEH,QAAQ,EAAE,sBAAsB,CAAC;gBAI/B,IAAI,EAAE,eAAe,EACrB,OAAO,GAAE,iBAAsB;IAU3B,SAAS,CACb,kBAAkB,CAAC,EAAE,kBAAkB,GACtC,OAAO,CAAC,kBAAkB,CAAC;
|
|
1
|
+
{"version":3,"file":"NpmTarball.class.d.ts","sourceRoot":"","sources":["../../src/class/NpmTarball.class.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,WAAW,MAAM,yBAAyB,CAAC;AACvD,OAAO,EACL,eAAe,EACf,KAAK,sBAAsB,EAC5B,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAIL,KAAK,kBAAkB,EACxB,MAAM,sBAAsB,CAAC;AAG9B,OAAO,EACL,gBAAgB,EAEjB,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAEL,KAAK,kBAAkB,EACxB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,KAAK,QAAQ,EAAe,MAAM,wBAAwB,CAAC;AAEpE,MAAM,WAAW,kBAAkB;IACjC,WAAW,EAAE,kBAAkB,CAAC;IAChC,WAAW,EAAE,WAAW,CAAC,mBAAmB,CAAC;IAC7C,IAAI,EAAE,gBAAgB,CAAC;CACxB;AAED,MAAM,MAAM,iBAAiB,GAAG;IAC9B,QAAQ,CAAC,EAAE,QAAQ,CAAC;CACrB,CAAC;AAEF,qBAAa,UAAU;;IACrB,MAAM,CAAC,aAAa,cAIjB;IAEH,QAAQ,EAAE,sBAAsB,CAAC;gBAI/B,IAAI,EAAE,eAAe,EACrB,OAAO,GAAE,iBAAsB;IAU3B,SAAS,CACb,kBAAkB,CAAC,EAAE,kBAAkB,GACtC,OAAO,CAAC,kBAAkB,CAAC;CAkE/B"}
|
|
@@ -3,7 +3,7 @@ import path from "node:path";
|
|
|
3
3
|
// Import Third-party Dependencies
|
|
4
4
|
import * as conformance from "@nodesecure/conformance";
|
|
5
5
|
import { ManifestManager } from "@nodesecure/mama";
|
|
6
|
-
import { AstAnalyser,
|
|
6
|
+
import { AstAnalyser, DefaultCollectableSet, warnings } from "@nodesecure/js-x-ray";
|
|
7
7
|
// Import Internal Dependencies
|
|
8
8
|
import { SourceCodeReport, SourceCodeScanner } from "./SourceCodeScanner.class.js";
|
|
9
9
|
import { getTarballComposition } from "../utils/index.js";
|
|
@@ -43,23 +43,25 @@ export class NpmTarball {
|
|
|
43
43
|
javascript: composition.files
|
|
44
44
|
.flatMap(filterJavaScriptFiles())
|
|
45
45
|
});
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
46
|
+
if (hostNameSet instanceof DefaultCollectableSet) {
|
|
47
|
+
const operationQueue = Array.from(hostNameSet)
|
|
48
|
+
.map(({ value, locations }) => this.#resolver.isPrivateHost(value)
|
|
49
|
+
.then((isPrivate) => {
|
|
50
|
+
if (isPrivate) {
|
|
51
|
+
locations.forEach(({ file, location }) => {
|
|
52
|
+
code.warnings.push({
|
|
53
|
+
kind: "shady-link",
|
|
54
|
+
...warnings["shady-link"],
|
|
55
|
+
file: file ?? undefined,
|
|
56
|
+
location,
|
|
57
|
+
value,
|
|
58
|
+
source: "Scanner"
|
|
59
|
+
});
|
|
58
60
|
});
|
|
59
|
-
}
|
|
60
|
-
}
|
|
61
|
-
|
|
62
|
-
|
|
61
|
+
}
|
|
62
|
+
}));
|
|
63
|
+
await Promise.allSettled(operationQueue);
|
|
64
|
+
}
|
|
63
65
|
}
|
|
64
66
|
return {
|
|
65
67
|
conformance: spdx,
|
|
@@ -72,7 +74,7 @@ export class NpmTarball {
|
|
|
72
74
|
if (hasHostnameSet) {
|
|
73
75
|
return options;
|
|
74
76
|
}
|
|
75
|
-
return { ...options, collectables: [...options.collectables ?? [], new
|
|
77
|
+
return { ...options, collectables: [...options.collectables ?? [], new DefaultCollectableSet("hostname")] };
|
|
76
78
|
}
|
|
77
79
|
}
|
|
78
80
|
function filterJavaScriptFiles() {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"NpmTarball.class.js","sourceRoot":"","sources":["../../src/class/NpmTarball.class.ts"],"names":[],"mappings":"AAAA,8BAA8B;AAC9B,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,kCAAkC;AAClC,OAAO,KAAK,WAAW,MAAM,yBAAyB,CAAC;AACvD,OAAO,EACL,eAAe,EAEhB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EACL,WAAW,EACX,
|
|
1
|
+
{"version":3,"file":"NpmTarball.class.js","sourceRoot":"","sources":["../../src/class/NpmTarball.class.ts"],"names":[],"mappings":"AAAA,8BAA8B;AAC9B,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,kCAAkC;AAClC,OAAO,KAAK,WAAW,MAAM,yBAAyB,CAAC;AACvD,OAAO,EACL,eAAe,EAEhB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EACL,WAAW,EACX,qBAAqB,EACrB,QAAQ,EAET,MAAM,sBAAsB,CAAC;AAE9B,+BAA+B;AAC/B,OAAO,EACL,gBAAgB,EAChB,iBAAiB,EAClB,MAAM,8BAA8B,CAAC;AACtC,OAAO,EACL,qBAAqB,EAEtB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAiB,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAYpE,MAAM,OAAO,UAAU;IACrB,MAAM,CAAC,aAAa,GAAG,IAAI,GAAG,CAAC;QAC7B,KAAK,EAAE,MAAM,EAAE,MAAM;QACrB,KAAK,EAAE,MAAM,EAAE,MAAM;QACrB,MAAM,EAAE,MAAM;KACf,CAAC,CAAC;IAEH,QAAQ,CAAyB;IACjC,SAAS,CAAW;IAEpB,YACE,IAAqB,EACrB,UAA6B,EAAE;QAE/B,IAAI,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC;YACrC,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;QAC1D,CAAC;QAED,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC;QACrB,IAAI,CAAC,SAAS,GAAG,OAAO,EAAE,QAAQ,IAAI,IAAI,WAAW,EAAE,CAAC;IAC1D,CAAC;IAED,KAAK,CAAC,SAAS,CACb,kBAAuC;QAEvC,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;QACxC,MAAM,CACJ,WAAW,EACX,IAAI,CACL,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;YACpB,qBAAqB,CAAC,QAAQ,CAAC;YAC/B,WAAW,CAAC,eAAe,CAAC,QAAQ,CAAC;SACtC,CAAC,CAAC;QAEH,IAAI,IAAsB,CAAC;QAC3B,IAAI,WAAW,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,WAAW,CAAC,KAAK,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;YACjF,IAAI,GAAG,IAAI,gBAAgB,EAAE,CAAC;QAChC,CAAC;aACI,CAAC;YACJ,MAAM,OAAO,GAAG,IAAI,CAAC,uBAAuB,CAAC,kBAAkB,IAAI,EAAE,CAAC,CAAC;YAEvE,MAAM,WAAW,GAAG,OAAO,EAAE,YAAY,EAAE,IAAI,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC,WAAW,CAAC,IAAI,KAAK,UAAU,CAAE,CAAC;YAEnG,MAAM,WAAW,GAAG,IAAI,WAAW,CAAC,OAAO,CAAC,CAAC;YAE7C,IAAI,GAAG,MAAM,IAAI,iBAAiB,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAE,WAAW,EAAE,CAAC,CAAC,OAAO,CAAC;gBACzE,QAAQ,EAAE,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,aAAa,EAAE,CAAC;qBACzC,OAAO,CAAC,qBAAqB,EAAE,CAAC;gBACnC,UAAU,EAAE,WAAW,CAAC,KAAK;qBAC1B,OAAO,CAAC,qBAAqB,EAAE,CAAC;aACpC,CAAC,CAAC;YAEH,IAAI,WAAW,YAAY,qBAAqB,EAAE,CAAC;gBACjD,MAAM,cAAc,GAClB,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC;qBACpB,GAAG,CAAC,CAAC,EAAE,KAAK,EAAE,SAAS,EAAE,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,KAAK,CAAC;qBAC/D,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE;oBAClB,IAAI,SAAS,EAAE,CAAC;wBACd,SAAS,CAAC,OAAO,CAAC,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE;4BACvC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC;gCACjB,IAAI,EAAE,YAAY;gCAClB,GAAG,QAAQ,CAAC,YAAY,CAAC;gCACzB,IAAI,EAAE,IAAI,IAAI,SAAS;gCACvB,QAAQ;gCACR,KAAK;gCACL,MAAM,EAAE,SAAS;6BAClB,CAAC,CAAC;wBACL,CAAC,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC,CAAC,CACH,CAAC;gBACN,MAAM,OAAO,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC;YAC3C,CAAC;QACH,CAAC;QAED,OAAO;YACL,WAAW,EAAE,IAAI;YACjB,WAAW;YACX,IAAI;SACL,CAAC;IACJ,CAAC;IAED,uBAAuB,CAAC,OAA2B;QACjD,MAAM,cAAc,GAAG,OAAO,EAAE,YAAY,EAAE,IAAI,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC,WAAW,CAAC,IAAI,KAAK,UAAU,CAAC,CAAC;QACrG,IAAI,cAAc,EAAE,CAAC;YACnB,OAAO,OAAO,CAAC;QACjB,CAAC;QAED,OAAO,EAAE,GAAG,OAAO,EAAE,YAAY,EAAE,CAAC,GAAG,OAAO,CAAC,YAAY,IAAI,EAAE,EAAE,IAAI,qBAAqB,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC;IAC9G,CAAC;;AAGH,SAAS,qBAAqB;IAC5B,OAAO,CAAC,IAAY,EAAE,EAAE;QACtB,IAAI,UAAU,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;YACrD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,EAAE,CAAC;IACZ,CAAC,CAAC;AACJ,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"SourceCodeScanner.class.d.ts","sourceRoot":"","sources":["../../src/class/SourceCodeScanner.class.ts"],"names":[],"mappings":"AAIA,OAAO,EAEL,WAAW,EACX,KAAK,OAAO,EACZ,KAAK,UAAU,EACf,KAAK,YAAY,EAClB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EACL,eAAe,EACf,KAAK,sBAAsB,EAC5B,MAAM,kBAAkB,CAAC;AAQ1B,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC;IAE3B,IAAI,CAAC,MAAM,EAAE,YAAY,GAAG;QAAE,IAAI,EAAE,MAAM,CAAC;KAAE,GAAG,IAAI,CAAC;CACtD;AAED,MAAM,WAAW,iBAAiB;IAChC;;OAEG;IACH,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB;;OAEG;IACH,UAAU,EAAE,MAAM,EAAE,CAAC;CACtB;AAED,qBAAa,gBAAiB,YAAW,oBAAoB;;IAG3D,QAAQ,EAAE,OAAO,EAAE,CAAM;IACzB,YAAY,EAAE,MAAM,CAClB,MAAM,EACN,MAAM,CAAC,MAAM,EAAE,UAAU,CAAC,CAC3B,CAAuB;IACxB,QAAQ,EAAE,MAAM,EAAE,CAAM;IACxB,KAAK;;MAEH;IAEF,IAAI,QAAQ,YAEX;IAED,IAAI,CACF,MAAM,EAAE,YAAY,GAAG;QAAE,IAAI,EAAE,MAAM,CAAC;KAAE;IAoB1C,2BAA2B,CACzB,IAAI,EAAE,eAAe;;;;;;;;;;;;;;;CA6CxB;AAED,MAAM,WAAW,wBAAwB,CAAC,CAAC;IACzC,eAAe,CAAC,EAAE,MAAM,CAAC,CAAC;IAC1B,WAAW,CAAC,EAAE,WAAW,CAAC;CAC3B;AAED,qBAAa,iBAAiB,CAC5B,CAAC,SAAS,oBAAoB,GAAG,gBAAgB;;IAKjD,QAAQ,EAAE,sBAAsB,CAAC;gBAG/B,QAAQ,EAAE,sBAAsB,EAChC,OAAO,GAAE,wBAAwB,CAAC,CAAC,CAAM;IAYrC,OAAO,CACX,OAAO,EAAE,iBAAiB,GACzB,OAAO,CAAC,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"SourceCodeScanner.class.d.ts","sourceRoot":"","sources":["../../src/class/SourceCodeScanner.class.ts"],"names":[],"mappings":"AAIA,OAAO,EAEL,WAAW,EACX,KAAK,OAAO,EACZ,KAAK,UAAU,EACf,KAAK,YAAY,EAClB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EACL,eAAe,EACf,KAAK,sBAAsB,EAC5B,MAAM,kBAAkB,CAAC;AAQ1B,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC;IAE3B,IAAI,CAAC,MAAM,EAAE,YAAY,GAAG;QAAE,IAAI,EAAE,MAAM,CAAC;KAAE,GAAG,IAAI,CAAC;CACtD;AAED,MAAM,WAAW,iBAAiB;IAChC;;OAEG;IACH,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB;;OAEG;IACH,UAAU,EAAE,MAAM,EAAE,CAAC;CACtB;AAED,qBAAa,gBAAiB,YAAW,oBAAoB;;IAG3D,QAAQ,EAAE,OAAO,EAAE,CAAM;IACzB,YAAY,EAAE,MAAM,CAClB,MAAM,EACN,MAAM,CAAC,MAAM,EAAE,UAAU,CAAC,CAC3B,CAAuB;IACxB,QAAQ,EAAE,MAAM,EAAE,CAAM;IACxB,KAAK;;MAEH;IAEF,IAAI,QAAQ,YAEX;IAED,IAAI,CACF,MAAM,EAAE,YAAY,GAAG;QAAE,IAAI,EAAE,MAAM,CAAC;KAAE;IAoB1C,2BAA2B,CACzB,IAAI,EAAE,eAAe;;;;;;;;;;;;;;;CA6CxB;AAED,MAAM,WAAW,wBAAwB,CAAC,CAAC;IACzC,eAAe,CAAC,EAAE,MAAM,CAAC,CAAC;IAC1B,WAAW,CAAC,EAAE,WAAW,CAAC;CAC3B;AAED,qBAAa,iBAAiB,CAC5B,CAAC,SAAS,oBAAoB,GAAG,gBAAgB;;IAKjD,QAAQ,EAAE,sBAAsB,CAAC;gBAG/B,QAAQ,EAAE,sBAAsB,EAChC,OAAO,GAAE,wBAAwB,CAAC,CAAC,CAAM;IAYrC,OAAO,CACX,OAAO,EAAE,iBAAiB,GACzB,OAAO,CAAC,CAAC,CAAC;CA2Ed"}
|
|
@@ -84,7 +84,11 @@ export class SourceCodeScanner {
|
|
|
84
84
|
ignoreENOENT: true
|
|
85
85
|
});
|
|
86
86
|
const absoluteEntryFiles = entries.manifest.map((filePath) => path.join(location, filePath));
|
|
87
|
-
for await (const fileReport of efa.analyse(absoluteEntryFiles
|
|
87
|
+
for await (const fileReport of efa.analyse(absoluteEntryFiles, {
|
|
88
|
+
metadata: {
|
|
89
|
+
spec: this.manifest.spec
|
|
90
|
+
}
|
|
91
|
+
})) {
|
|
88
92
|
report.push(fileReport);
|
|
89
93
|
}
|
|
90
94
|
return report.consumed ?
|
|
@@ -99,7 +103,10 @@ export class SourceCodeScanner {
|
|
|
99
103
|
await Promise.allSettled(sourceFiles.map(async (relativeFile) => {
|
|
100
104
|
const filePath = path.join(location, relativeFile);
|
|
101
105
|
const fileReport = await this.#astAnalyser.analyseFile(filePath, {
|
|
102
|
-
packageName
|
|
106
|
+
packageName,
|
|
107
|
+
metadata: {
|
|
108
|
+
spec: this.manifest.spec
|
|
109
|
+
}
|
|
103
110
|
});
|
|
104
111
|
report.push({ ...fileReport, file: relativeFile });
|
|
105
112
|
}));
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"SourceCodeScanner.class.js","sourceRoot":"","sources":["../../src/class/SourceCodeScanner.class.ts"],"names":[],"mappings":"AAAA,8BAA8B;AAC9B,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,kCAAkC;AAClC,OAAO,EACL,kBAAkB,EAClB,WAAW,EAIZ,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EACL,eAAe,EAEhB,MAAM,kBAAkB,CAAC;AAE1B,+BAA+B;AAC/B,OAAO,EACL,oBAAoB,EACpB,mBAAmB,EACpB,MAAM,mBAAmB,CAAC;AAmB3B,MAAM,OAAO,gBAAgB;IAC3B,WAAW,GAAG,KAAK,CAAC;IAEpB,QAAQ,GAAc,EAAE,CAAC;IACzB,YAAY,GAGR,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACxB,QAAQ,GAAa,EAAE,CAAC;IACxB,KAAK,GAAG;QACN,mBAAmB,EAAE,KAAK;KAC3B,CAAC;IAEF,IAAI,QAAQ;QACV,OAAO,IAAI,CAAC,WAAW,CAAC;IAC1B,CAAC;IAED,IAAI,CACF,MAAwC;QAExC,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;QACxB,IAAI,CAAC,QAAQ,CAAC,IAAI,CAChB,GAAG,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE;YACjC,OAAO,EAAE,GAAG,OAAO,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,CAAC;QAC3C,CAAC,CAAC,CACH,CAAC;QAEF,IAAI,MAAM,CAAC,EAAE,EAAE,CAAC;YACd,IAAI,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC9B,IAAI,CAAC,KAAK,CAAC,mBAAmB,GAAG,IAAI,CAAC;YACxC,CAAC;YACD,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,WAAW,CACjD,MAAM,CAAC,YAAY,CACpB,CAAC;YACF,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,aAAa,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QACrE,CAAC;IACH,CAAC;IAED,2BAA2B,CACzB,IAAqB;QAErB,MAAM,KAAK,GAAG,IAAI,GAAG,EAAU,CAAC;QAChC,MAAM,YAAY,GAAG,IAAI,GAAG,EAAU,CAAC;QACvC,MAAM,sBAAsB,GAAG,IAAI,GAAG,EAAU,CAAC;QAEjD,KAAK,MAAM,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC;YACjE,MAAM,QAAQ,GAAG,oBAAoB,CACnC,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,EAC1B,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CACnB,CAAC;YAEF,CAAC,GAAG,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;iBAC1B,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,UAAU,CAAC,EAAE,EAAE,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;iBACjE,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,sBAAsB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC;YAEvD,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC;YAC5D,QAAQ,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC;QACpD,CAAC;QAED,MAAM,EACJ,gBAAgB,EAChB,sBAAsB,EACtB,0BAA0B,EAC1B,mBAAmB,EACnB,kBAAkB,EAClB,KAAK,EACN,GAAG,mBAAmB,CACrB,CAAC,GAAG,YAAY,CAAC,EACjB,EAAE,IAAI,EAAE,eAAe,EAAE,sBAAsB,EAAE,CAClD,CAAC;QAEF,OAAO;YACL,KAAK;YACL,sBAAsB,EAAE,CAAC,GAAG,sBAAsB,CAAC;YACnD,YAAY,EAAE;gBACZ,MAAM,EAAE,gBAAgB;gBACxB,cAAc,EAAE,0BAA0B;gBAC1C,UAAU,EAAE,sBAAsB;gBAClC,OAAO,EAAE,mBAAmB;gBAC5B,MAAM,EAAE,kBAAkB;aAC3B;YACD,KAAK;SACN,CAAC;IACJ,CAAC;CACF;AAOD,MAAM,OAAO,iBAAiB;IAG5B,YAAY,CAAc;IAC1B,cAAc,CAAU;IAExB,QAAQ,CAAyB;IAEjC,YACE,QAAgC,EAChC,UAAuC,EAAE;QAEzC,MAAM,EACJ,eAAe,GAAG,GAAG,EAAE,CAAC,IAAI,gBAAgB,EAAE,EAC9C,WAAW,GAAG,IAAI,WAAW,EAAE,EAChC,GAAG,OAAO,CAAC;QAEZ,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,YAAY,GAAG,WAAW,CAAC;QAChC,IAAI,CAAC,cAAc,GAAG,eAA0B,CAAC;IACnD,CAAC;IAED,KAAK,CAAC,OAAO,CACX,OAA0B;QAE1B,MAAM,MAAM,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;QACrC,IACE,OAAO,CAAC,QAAQ,CAAC,MAAM,KAAK,CAAC;YAC7B,OAAO,CAAC,UAAU,CAAC,MAAM,KAAK,CAAC,EAC/B,CAAC;YACD,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,OAAO,OAAO,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;YAClC,IAAI,CAAC,mBAAmB,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;YAC3C,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,OAAO,CAAC,UAAU,CAAC,CAAC;IACjD,CAAC;IAED,KAAK,CAAC,mBAAmB,CACvB,MAAS,EACT,OAA0B;QAE1B,MAAM,EAAE,QAAQ,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC;QAEnC,MAAM,GAAG,GAAG,IAAI,kBAAkB,CAAC;YACjC,WAAW,EAAE,IAAI,CAAC,YAAY;YAC9B,QAAQ,EAAE,QAAQ;YAClB,YAAY,EAAE,IAAI;SACnB,CAAC,CAAC;QAEH,MAAM,kBAAkB,GAAG,OAAO,CAAC,QAAQ,CAAC,GAAG,CAC7C,CAAC,QAAQ,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAC5C,CAAC;QAEF,IAAI,KAAK,EAAE,MAAM,UAAU,IAAI,GAAG,CAAC,OAAO,CAAC,kBAAkB,CAAC,EAAE,CAAC;
|
|
1
|
+
{"version":3,"file":"SourceCodeScanner.class.js","sourceRoot":"","sources":["../../src/class/SourceCodeScanner.class.ts"],"names":[],"mappings":"AAAA,8BAA8B;AAC9B,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,kCAAkC;AAClC,OAAO,EACL,kBAAkB,EAClB,WAAW,EAIZ,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EACL,eAAe,EAEhB,MAAM,kBAAkB,CAAC;AAE1B,+BAA+B;AAC/B,OAAO,EACL,oBAAoB,EACpB,mBAAmB,EACpB,MAAM,mBAAmB,CAAC;AAmB3B,MAAM,OAAO,gBAAgB;IAC3B,WAAW,GAAG,KAAK,CAAC;IAEpB,QAAQ,GAAc,EAAE,CAAC;IACzB,YAAY,GAGR,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACxB,QAAQ,GAAa,EAAE,CAAC;IACxB,KAAK,GAAG;QACN,mBAAmB,EAAE,KAAK;KAC3B,CAAC;IAEF,IAAI,QAAQ;QACV,OAAO,IAAI,CAAC,WAAW,CAAC;IAC1B,CAAC;IAED,IAAI,CACF,MAAwC;QAExC,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;QACxB,IAAI,CAAC,QAAQ,CAAC,IAAI,CAChB,GAAG,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE;YACjC,OAAO,EAAE,GAAG,OAAO,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,CAAC;QAC3C,CAAC,CAAC,CACH,CAAC;QAEF,IAAI,MAAM,CAAC,EAAE,EAAE,CAAC;YACd,IAAI,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC9B,IAAI,CAAC,KAAK,CAAC,mBAAmB,GAAG,IAAI,CAAC;YACxC,CAAC;YACD,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,WAAW,CACjD,MAAM,CAAC,YAAY,CACpB,CAAC;YACF,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,aAAa,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QACrE,CAAC;IACH,CAAC;IAED,2BAA2B,CACzB,IAAqB;QAErB,MAAM,KAAK,GAAG,IAAI,GAAG,EAAU,CAAC;QAChC,MAAM,YAAY,GAAG,IAAI,GAAG,EAAU,CAAC;QACvC,MAAM,sBAAsB,GAAG,IAAI,GAAG,EAAU,CAAC;QAEjD,KAAK,MAAM,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC;YACjE,MAAM,QAAQ,GAAG,oBAAoB,CACnC,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,EAC1B,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CACnB,CAAC;YAEF,CAAC,GAAG,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;iBAC1B,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,UAAU,CAAC,EAAE,EAAE,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;iBACjE,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,sBAAsB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC;YAEvD,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC;YAC5D,QAAQ,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC;QACpD,CAAC;QAED,MAAM,EACJ,gBAAgB,EAChB,sBAAsB,EACtB,0BAA0B,EAC1B,mBAAmB,EACnB,kBAAkB,EAClB,KAAK,EACN,GAAG,mBAAmB,CACrB,CAAC,GAAG,YAAY,CAAC,EACjB,EAAE,IAAI,EAAE,eAAe,EAAE,sBAAsB,EAAE,CAClD,CAAC;QAEF,OAAO;YACL,KAAK;YACL,sBAAsB,EAAE,CAAC,GAAG,sBAAsB,CAAC;YACnD,YAAY,EAAE;gBACZ,MAAM,EAAE,gBAAgB;gBACxB,cAAc,EAAE,0BAA0B;gBAC1C,UAAU,EAAE,sBAAsB;gBAClC,OAAO,EAAE,mBAAmB;gBAC5B,MAAM,EAAE,kBAAkB;aAC3B;YACD,KAAK;SACN,CAAC;IACJ,CAAC;CACF;AAOD,MAAM,OAAO,iBAAiB;IAG5B,YAAY,CAAc;IAC1B,cAAc,CAAU;IAExB,QAAQ,CAAyB;IAEjC,YACE,QAAgC,EAChC,UAAuC,EAAE;QAEzC,MAAM,EACJ,eAAe,GAAG,GAAG,EAAE,CAAC,IAAI,gBAAgB,EAAE,EAC9C,WAAW,GAAG,IAAI,WAAW,EAAE,EAChC,GAAG,OAAO,CAAC;QAEZ,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,YAAY,GAAG,WAAW,CAAC;QAChC,IAAI,CAAC,cAAc,GAAG,eAA0B,CAAC;IACnD,CAAC;IAED,KAAK,CAAC,OAAO,CACX,OAA0B;QAE1B,MAAM,MAAM,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;QACrC,IACE,OAAO,CAAC,QAAQ,CAAC,MAAM,KAAK,CAAC;YAC7B,OAAO,CAAC,UAAU,CAAC,MAAM,KAAK,CAAC,EAC/B,CAAC;YACD,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,OAAO,OAAO,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;YAClC,IAAI,CAAC,mBAAmB,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;YAC3C,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,OAAO,CAAC,UAAU,CAAC,CAAC;IACjD,CAAC;IAED,KAAK,CAAC,mBAAmB,CACvB,MAAS,EACT,OAA0B;QAE1B,MAAM,EAAE,QAAQ,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC;QAEnC,MAAM,GAAG,GAAG,IAAI,kBAAkB,CAAC;YACjC,WAAW,EAAE,IAAI,CAAC,YAAY;YAC9B,QAAQ,EAAE,QAAQ;YAClB,YAAY,EAAE,IAAI;SACnB,CAAC,CAAC;QAEH,MAAM,kBAAkB,GAAG,OAAO,CAAC,QAAQ,CAAC,GAAG,CAC7C,CAAC,QAAQ,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAC5C,CAAC;QAEF,IAAI,KAAK,EAAE,MAAM,UAAU,IAAI,GAAG,CAAC,OAAO,CAAC,kBAAkB,EAAE;YAC7D,QAAQ,EAAE;gBACR,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAI;aACzB;SACF,CAAC,EAAE,CAAC;YACH,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC1B,CAAC;QAED,OAAO,MAAM,CAAC,QAAQ,CAAC,CAAC;YACtB,MAAM,CAAC,CAAC;YACR,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,OAAO,CAAC,UAAU,CAAC,CAAC;IACjD,CAAC;IAED,KAAK,CAAC,WAAW,CACf,MAAS,EACT,WAAqB;QAErB,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC7B,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,MAAM,EACJ,QAAQ,EACR,QAAQ,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,EAChC,GAAG,IAAI,CAAC,QAAQ,CAAC;QAElB,MAAM,OAAO,CAAC,UAAU,CACtB,WAAW,CAAC,GAAG,CAAC,KAAK,EAAC,YAAY,EAAE,EAAE;YACpC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;YACnD,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,WAAW,CACpD,QAAQ,EACR;gBACE,WAAW;gBACX,QAAQ,EAAE;oBACR,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAI;iBACzB;aACF,CACF,CAAC;YAEF,MAAM,CAAC,IAAI,CAAC,EAAE,GAAG,UAAU,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,CAAC;QACrD,CAAC,CAAC,CACH,CAAC;QAEF,OAAO,MAAM,CAAC;IAChB,CAAC;CACF"}
|
package/dist/warnings.d.ts
CHANGED
|
@@ -86,6 +86,31 @@ export declare const warnings: Readonly<{
|
|
|
86
86
|
severity: "Warning";
|
|
87
87
|
experimental: false;
|
|
88
88
|
};
|
|
89
|
+
"log-usage": {
|
|
90
|
+
i18n: string;
|
|
91
|
+
severity: "Information";
|
|
92
|
+
experimental: false;
|
|
93
|
+
};
|
|
94
|
+
"sql-injection": {
|
|
95
|
+
i18n: string;
|
|
96
|
+
severity: "Warning";
|
|
97
|
+
experimental: false;
|
|
98
|
+
};
|
|
99
|
+
"monkey-patch": {
|
|
100
|
+
i18n: string;
|
|
101
|
+
severity: "Warning";
|
|
102
|
+
experimental: false;
|
|
103
|
+
};
|
|
104
|
+
"insecure-random": {
|
|
105
|
+
i18n: string;
|
|
106
|
+
severity: "Information";
|
|
107
|
+
experimental: false;
|
|
108
|
+
};
|
|
109
|
+
"prototype-pollution": {
|
|
110
|
+
i18n: string;
|
|
111
|
+
severity: "Warning";
|
|
112
|
+
experimental: false;
|
|
113
|
+
};
|
|
89
114
|
}>;
|
|
90
115
|
export declare function getSemVerWarning(value: string): Warning;
|
|
91
116
|
export declare function getEmptyPackageWarning(): Warning;
|
package/dist/warnings.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"warnings.d.ts","sourceRoot":"","sources":["../src/warnings.ts"],"names":[],"mappings":"AACA,OAAO,EAEL,KAAK,OAAO,EACZ,KAAK,WAAW,EACjB,MAAM,+BAA+B,CAAC;AAEvC,MAAM,MAAM,kBAAkB,GAC1B,WAAW,GACX,aAAa,GACb,eAAe,CAAC;AAEpB,eAAO,MAAM,QAAQ
|
|
1
|
+
{"version":3,"file":"warnings.d.ts","sourceRoot":"","sources":["../src/warnings.ts"],"names":[],"mappings":"AACA,OAAO,EAEL,KAAK,OAAO,EACZ,KAAK,WAAW,EACjB,MAAM,+BAA+B,CAAC;AAEvC,MAAM,MAAM,kBAAkB,GAC1B,WAAW,GACX,aAAa,GACb,eAAe,CAAC;AAEpB,eAAO,MAAM,QAAQ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAYuE,CAAC;AAE7F,wBAAgB,gBAAgB,CAC9B,KAAK,EAAE,MAAM,GACZ,OAAO,CAWT;AAED,wBAAgB,sBAAsB,IAAI,OAAO,CAWhD"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@nodesecure/tarball",
|
|
3
|
-
"version": "3.
|
|
3
|
+
"version": "3.4.0",
|
|
4
4
|
"description": "NodeSecure tarball scanner",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"exports": {
|
|
@@ -47,7 +47,7 @@
|
|
|
47
47
|
"dependencies": {
|
|
48
48
|
"@nodesecure/conformance": "^1.2.1",
|
|
49
49
|
"@nodesecure/fs-walk": "^2.0.0",
|
|
50
|
-
"@nodesecure/js-x-ray": "
|
|
50
|
+
"@nodesecure/js-x-ray": "12.0.0",
|
|
51
51
|
"@nodesecure/mama": "^2.1.1",
|
|
52
52
|
"@nodesecure/npm-types": "^1.2.0",
|
|
53
53
|
"@nodesecure/utils": "^2.3.0",
|