@nodesecure/tarball 3.3.0 → 3.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"NpmTarball.class.d.ts","sourceRoot":"","sources":["../../src/class/NpmTarball.class.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,WAAW,MAAM,yBAAyB,CAAC;AACvD,OAAO,EACL,eAAe,EACf,KAAK,sBAAsB,EAC5B,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAIL,KAAK,kBAAkB,EACxB,MAAM,sBAAsB,CAAC;AAG9B,OAAO,EACL,gBAAgB,EAEjB,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAEL,KAAK,kBAAkB,EACxB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,KAAK,QAAQ,EAAe,MAAM,wBAAwB,CAAC;AAEpE,MAAM,WAAW,kBAAkB;IACjC,WAAW,EAAE,kBAAkB,CAAC;IAChC,WAAW,EAAE,WAAW,CAAC,mBAAmB,CAAC;IAC7C,IAAI,EAAE,gBAAgB,CAAC;CACxB;AAED,MAAM,MAAM,iBAAiB,GAAG;IAC9B,QAAQ,CAAC,EAAE,QAAQ,CAAC;CACrB,CAAC;AAEF,qBAAa,UAAU;;IACrB,MAAM,CAAC,aAAa,cAIjB;IAEH,QAAQ,EAAE,sBAAsB,CAAC;gBAI/B,IAAI,EAAE,eAAe,EACrB,OAAO,GAAE,iBAAsB;IAU3B,SAAS,CACb,kBAAkB,CAAC,EAAE,kBAAkB,GACtC,OAAO,CAAC,kBAAkB,CAAC;
|
|
1
|
+
{"version":3,"file":"NpmTarball.class.d.ts","sourceRoot":"","sources":["../../src/class/NpmTarball.class.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,WAAW,MAAM,yBAAyB,CAAC;AACvD,OAAO,EACL,eAAe,EACf,KAAK,sBAAsB,EAC5B,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAIL,KAAK,kBAAkB,EACxB,MAAM,sBAAsB,CAAC;AAG9B,OAAO,EACL,gBAAgB,EAEjB,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAEL,KAAK,kBAAkB,EACxB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,KAAK,QAAQ,EAAe,MAAM,wBAAwB,CAAC;AAEpE,MAAM,WAAW,kBAAkB;IACjC,WAAW,EAAE,kBAAkB,CAAC;IAChC,WAAW,EAAE,WAAW,CAAC,mBAAmB,CAAC;IAC7C,IAAI,EAAE,gBAAgB,CAAC;CACxB;AAED,MAAM,MAAM,iBAAiB,GAAG;IAC9B,QAAQ,CAAC,EAAE,QAAQ,CAAC;CACrB,CAAC;AAEF,qBAAa,UAAU;;IACrB,MAAM,CAAC,aAAa,cAIjB;IAEH,QAAQ,EAAE,sBAAsB,CAAC;gBAI/B,IAAI,EAAE,eAAe,EACrB,OAAO,GAAE,iBAAsB;IAU3B,SAAS,CACb,kBAAkB,CAAC,EAAE,kBAAkB,GACtC,OAAO,CAAC,kBAAkB,CAAC;CAkE/B"}
|
|
@@ -3,7 +3,7 @@ import path from "node:path";
|
|
|
3
3
|
// Import Third-party Dependencies
|
|
4
4
|
import * as conformance from "@nodesecure/conformance";
|
|
5
5
|
import { ManifestManager } from "@nodesecure/mama";
|
|
6
|
-
import { AstAnalyser,
|
|
6
|
+
import { AstAnalyser, DefaultCollectableSet, warnings } from "@nodesecure/js-x-ray";
|
|
7
7
|
// Import Internal Dependencies
|
|
8
8
|
import { SourceCodeReport, SourceCodeScanner } from "./SourceCodeScanner.class.js";
|
|
9
9
|
import { getTarballComposition } from "../utils/index.js";
|
|
@@ -43,23 +43,25 @@ export class NpmTarball {
|
|
|
43
43
|
javascript: composition.files
|
|
44
44
|
.flatMap(filterJavaScriptFiles())
|
|
45
45
|
});
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
46
|
+
if (hostNameSet instanceof DefaultCollectableSet) {
|
|
47
|
+
const operationQueue = Array.from(hostNameSet)
|
|
48
|
+
.map(({ value, locations }) => this.#resolver.isPrivateHost(value)
|
|
49
|
+
.then((isPrivate) => {
|
|
50
|
+
if (isPrivate) {
|
|
51
|
+
locations.forEach(({ file, location }) => {
|
|
52
|
+
code.warnings.push({
|
|
53
|
+
kind: "shady-link",
|
|
54
|
+
...warnings["shady-link"],
|
|
55
|
+
file: file ?? undefined,
|
|
56
|
+
location,
|
|
57
|
+
value,
|
|
58
|
+
source: "Scanner"
|
|
59
|
+
});
|
|
58
60
|
});
|
|
59
|
-
}
|
|
60
|
-
}
|
|
61
|
-
|
|
62
|
-
|
|
61
|
+
}
|
|
62
|
+
}));
|
|
63
|
+
await Promise.allSettled(operationQueue);
|
|
64
|
+
}
|
|
63
65
|
}
|
|
64
66
|
return {
|
|
65
67
|
conformance: spdx,
|
|
@@ -72,7 +74,7 @@ export class NpmTarball {
|
|
|
72
74
|
if (hasHostnameSet) {
|
|
73
75
|
return options;
|
|
74
76
|
}
|
|
75
|
-
return { ...options, collectables: [...options.collectables ?? [], new
|
|
77
|
+
return { ...options, collectables: [...options.collectables ?? [], new DefaultCollectableSet("hostname")] };
|
|
76
78
|
}
|
|
77
79
|
}
|
|
78
80
|
function filterJavaScriptFiles() {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"NpmTarball.class.js","sourceRoot":"","sources":["../../src/class/NpmTarball.class.ts"],"names":[],"mappings":"AAAA,8BAA8B;AAC9B,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,kCAAkC;AAClC,OAAO,KAAK,WAAW,MAAM,yBAAyB,CAAC;AACvD,OAAO,EACL,eAAe,EAEhB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EACL,WAAW,EACX,
|
|
1
|
+
{"version":3,"file":"NpmTarball.class.js","sourceRoot":"","sources":["../../src/class/NpmTarball.class.ts"],"names":[],"mappings":"AAAA,8BAA8B;AAC9B,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,kCAAkC;AAClC,OAAO,KAAK,WAAW,MAAM,yBAAyB,CAAC;AACvD,OAAO,EACL,eAAe,EAEhB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EACL,WAAW,EACX,qBAAqB,EACrB,QAAQ,EAET,MAAM,sBAAsB,CAAC;AAE9B,+BAA+B;AAC/B,OAAO,EACL,gBAAgB,EAChB,iBAAiB,EAClB,MAAM,8BAA8B,CAAC;AACtC,OAAO,EACL,qBAAqB,EAEtB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAiB,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAYpE,MAAM,OAAO,UAAU;IACrB,MAAM,CAAC,aAAa,GAAG,IAAI,GAAG,CAAC;QAC7B,KAAK,EAAE,MAAM,EAAE,MAAM;QACrB,KAAK,EAAE,MAAM,EAAE,MAAM;QACrB,MAAM,EAAE,MAAM;KACf,CAAC,CAAC;IAEH,QAAQ,CAAyB;IACjC,SAAS,CAAW;IAEpB,YACE,IAAqB,EACrB,UAA6B,EAAE;QAE/B,IAAI,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC;YACrC,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;QAC1D,CAAC;QAED,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC;QACrB,IAAI,CAAC,SAAS,GAAG,OAAO,EAAE,QAAQ,IAAI,IAAI,WAAW,EAAE,CAAC;IAC1D,CAAC;IAED,KAAK,CAAC,SAAS,CACb,kBAAuC;QAEvC,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;QACxC,MAAM,CACJ,WAAW,EACX,IAAI,CACL,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;YACpB,qBAAqB,CAAC,QAAQ,CAAC;YAC/B,WAAW,CAAC,eAAe,CAAC,QAAQ,CAAC;SACtC,CAAC,CAAC;QAEH,IAAI,IAAsB,CAAC;QAC3B,IAAI,WAAW,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,WAAW,CAAC,KAAK,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;YACjF,IAAI,GAAG,IAAI,gBAAgB,EAAE,CAAC;QAChC,CAAC;aACI,CAAC;YACJ,MAAM,OAAO,GAAG,IAAI,CAAC,uBAAuB,CAAC,kBAAkB,IAAI,EAAE,CAAC,CAAC;YAEvE,MAAM,WAAW,GAAG,OAAO,EAAE,YAAY,EAAE,IAAI,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC,WAAW,CAAC,IAAI,KAAK,UAAU,CAAE,CAAC;YAEnG,MAAM,WAAW,GAAG,IAAI,WAAW,CAAC,OAAO,CAAC,CAAC;YAE7C,IAAI,GAAG,MAAM,IAAI,iBAAiB,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAE,WAAW,EAAE,CAAC,CAAC,OAAO,CAAC;gBACzE,QAAQ,EAAE,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,aAAa,EAAE,CAAC;qBACzC,OAAO,CAAC,qBAAqB,EAAE,CAAC;gBACnC,UAAU,EAAE,WAAW,CAAC,KAAK;qBAC1B,OAAO,CAAC,qBAAqB,EAAE,CAAC;aACpC,CAAC,CAAC;YAEH,IAAI,WAAW,YAAY,qBAAqB,EAAE,CAAC;gBACjD,MAAM,cAAc,GAClB,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC;qBACpB,GAAG,CAAC,CAAC,EAAE,KAAK,EAAE,SAAS,EAAE,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,KAAK,CAAC;qBAC/D,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE;oBAClB,IAAI,SAAS,EAAE,CAAC;wBACd,SAAS,CAAC,OAAO,CAAC,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE;4BACvC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC;gCACjB,IAAI,EAAE,YAAY;gCAClB,GAAG,QAAQ,CAAC,YAAY,CAAC;gCACzB,IAAI,EAAE,IAAI,IAAI,SAAS;gCACvB,QAAQ;gCACR,KAAK;gCACL,MAAM,EAAE,SAAS;6BAClB,CAAC,CAAC;wBACL,CAAC,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC,CAAC,CACH,CAAC;gBACN,MAAM,OAAO,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC;YAC3C,CAAC;QACH,CAAC;QAED,OAAO;YACL,WAAW,EAAE,IAAI;YACjB,WAAW;YACX,IAAI;SACL,CAAC;IACJ,CAAC;IAED,uBAAuB,CAAC,OAA2B;QACjD,MAAM,cAAc,GAAG,OAAO,EAAE,YAAY,EAAE,IAAI,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC,WAAW,CAAC,IAAI,KAAK,UAAU,CAAC,CAAC;QACrG,IAAI,cAAc,EAAE,CAAC;YACnB,OAAO,OAAO,CAAC;QACjB,CAAC;QAED,OAAO,EAAE,GAAG,OAAO,EAAE,YAAY,EAAE,CAAC,GAAG,OAAO,CAAC,YAAY,IAAI,EAAE,EAAE,IAAI,qBAAqB,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC;IAC9G,CAAC;;AAGH,SAAS,qBAAqB;IAC5B,OAAO,CAAC,IAAY,EAAE,EAAE;QACtB,IAAI,UAAU,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;YACrD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,EAAE,CAAC;IACZ,CAAC,CAAC;AACJ,CAAC"}
|
package/dist/warnings.d.ts
CHANGED
|
@@ -101,6 +101,16 @@ export declare const warnings: Readonly<{
|
|
|
101
101
|
severity: "Warning";
|
|
102
102
|
experimental: false;
|
|
103
103
|
};
|
|
104
|
+
"insecure-random": {
|
|
105
|
+
i18n: string;
|
|
106
|
+
severity: "Information";
|
|
107
|
+
experimental: false;
|
|
108
|
+
};
|
|
109
|
+
"prototype-pollution": {
|
|
110
|
+
i18n: string;
|
|
111
|
+
severity: "Warning";
|
|
112
|
+
experimental: false;
|
|
113
|
+
};
|
|
104
114
|
}>;
|
|
105
115
|
export declare function getSemVerWarning(value: string): Warning;
|
|
106
116
|
export declare function getEmptyPackageWarning(): Warning;
|
package/dist/warnings.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"warnings.d.ts","sourceRoot":"","sources":["../src/warnings.ts"],"names":[],"mappings":"AACA,OAAO,EAEL,KAAK,OAAO,EACZ,KAAK,WAAW,EACjB,MAAM,+BAA+B,CAAC;AAEvC,MAAM,MAAM,kBAAkB,GAC1B,WAAW,GACX,aAAa,GACb,eAAe,CAAC;AAEpB,eAAO,MAAM,QAAQ
|
|
1
|
+
{"version":3,"file":"warnings.d.ts","sourceRoot":"","sources":["../src/warnings.ts"],"names":[],"mappings":"AACA,OAAO,EAEL,KAAK,OAAO,EACZ,KAAK,WAAW,EACjB,MAAM,+BAA+B,CAAC;AAEvC,MAAM,MAAM,kBAAkB,GAC1B,WAAW,GACX,aAAa,GACb,eAAe,CAAC;AAEpB,eAAO,MAAM,QAAQ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAYuE,CAAC;AAE7F,wBAAgB,gBAAgB,CAC9B,KAAK,EAAE,MAAM,GACZ,OAAO,CAWT;AAED,wBAAgB,sBAAsB,IAAI,OAAO,CAWhD"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@nodesecure/tarball",
|
|
3
|
-
"version": "3.
|
|
3
|
+
"version": "3.4.0",
|
|
4
4
|
"description": "NodeSecure tarball scanner",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"exports": {
|
|
@@ -47,7 +47,7 @@
|
|
|
47
47
|
"dependencies": {
|
|
48
48
|
"@nodesecure/conformance": "^1.2.1",
|
|
49
49
|
"@nodesecure/fs-walk": "^2.0.0",
|
|
50
|
-
"@nodesecure/js-x-ray": "
|
|
50
|
+
"@nodesecure/js-x-ray": "12.0.0",
|
|
51
51
|
"@nodesecure/mama": "^2.1.1",
|
|
52
52
|
"@nodesecure/npm-types": "^1.2.0",
|
|
53
53
|
"@nodesecure/utils": "^2.3.0",
|