@openrewrite/recipes-nodejs 0.36.0-20251211-172625 → 0.36.0-20251212-170419

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (21) hide show
  1. package/dist/index.d.ts.map +1 -1
  2. package/dist/index.js +2 -0
  3. package/dist/index.js.map +1 -1
  4. package/dist/resources/advisories-npm.csv +5357 -0
  5. package/dist/security/dependency-vulnerability-check.d.ts +63 -0
  6. package/dist/security/dependency-vulnerability-check.d.ts.map +1 -0
  7. package/dist/security/dependency-vulnerability-check.js +639 -0
  8. package/dist/security/dependency-vulnerability-check.js.map +1 -0
  9. package/dist/security/index.d.ts +3 -0
  10. package/dist/security/index.d.ts.map +1 -0
  11. package/dist/security/index.js +19 -0
  12. package/dist/security/index.js.map +1 -0
  13. package/dist/security/vulnerability.d.ts +33 -0
  14. package/dist/security/vulnerability.d.ts.map +1 -0
  15. package/dist/security/vulnerability.js +182 -0
  16. package/dist/security/vulnerability.js.map +1 -0
  17. package/package.json +6 -3
  18. package/src/index.ts +2 -0
  19. package/src/security/dependency-vulnerability-check.ts +934 -0
  20. package/src/security/index.ts +8 -0
  21. package/src/security/vulnerability.ts +265 -0
package/dist/security/dependency-vulnerability-check.d.ts ADDED
@@ -0,0 +1,63 @@
1
+ import { ExecutionContext, Recipe, ScanningRecipe, TreeVisitor } from "@openrewrite/rewrite";
2
+ import { DependencyScope, ResolvedDependency, PackageManager, DependencyRecipeAccumulator } from "@openrewrite/rewrite/javascript";
3
+ import { Vulnerability, VulnerabilityDatabase } from "./vulnerability";
4
+ export type UpgradeDelta = 'none' | 'patch' | 'minor' | 'major';
5
+ interface PathSegment {
6
+ name: string;
7
+ version: string;
8
+ }
9
+ interface VulnerableDependency {
10
+ resolved: ResolvedDependency;
11
+ vulnerability: Vulnerability;
12
+ depth: number;
13
+ isDirect: boolean;
14
+ scope?: DependencyScope;
15
+ path: PathSegment[];
16
+ }
17
+ interface VulnerabilityFix {
18
+ packageName: string;
19
+ newVersion: string;
20
+ isTransitive: boolean;
21
+ cves: string[];
22
+ scope?: DependencyScope;
23
+ }
24
+ interface ProjectUpdateInfo {
25
+ projectDir: string;
26
+ packageJsonPath: string;
27
+ originalPackageJson: string;
28
+ packageManager: PackageManager;
29
+ }
30
+ interface Accumulator extends DependencyRecipeAccumulator<ProjectUpdateInfo> {
31
+ db: VulnerabilityDatabase;
32
+ vulnerableByProject: Map<string, VulnerableDependency[]>;
33
+ fixesByProject: Map<string, VulnerabilityFix[]>;
34
+ }
35
+ export declare class DependencyVulnerabilityCheck extends ScanningRecipe<Accumulator> {
36
+ readonly name = "org.openrewrite.node.dependency-vulnerability-check";
37
+ readonly displayName = "Find and fix vulnerable npm dependencies";
38
+ readonly description: string;
39
+ private readonly vulnerabilityReport;
40
+ scope?: DependencyScope;
41
+ overrideTransitive?: boolean;
42
+ maximumUpgradeDelta?: UpgradeDelta;
43
+ minimumSeverity?: string;
44
+ cvePattern?: string;
45
+ initialValue(_ctx: ExecutionContext): Accumulator;
46
+ private getMinimumSeverity;
47
+ private getMaximumUpgradeDelta;
48
+ private isReportOnly;
49
+ private matchesCvePattern;
50
+ private isVersionAffected;
51
+ private isUpgradeableWithinDelta;
52
+ private getUpgradeVersion;
53
+ private renderPath;
54
+ private findVulnerabilities;
55
+ private computeFixes;
56
+ scanner(acc: Accumulator): Promise<TreeVisitor<any, ExecutionContext>>;
57
+ getRecipeList(): Promise<Recipe[]>;
58
+ editorWithData(acc: Accumulator): Promise<TreeVisitor<any, ExecutionContext>>;
59
+ private runPackageManagerInstall;
60
+ private createModifiedPackageJson;
61
+ }
62
+ export {};
63
+ //# sourceMappingURL=dependency-vulnerability-check.d.ts.map
package/dist/security/dependency-vulnerability-check.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"dependency-vulnerability-check.d.ts","sourceRoot":"","sources":["../../src/security/dependency-vulnerability-check.ts"],"names":[],"mappings":"AAMA,OAAO,EAAoB,gBAAgB,EAAU,MAAM,EAAE,cAAc,EAAQ,WAAW,EAAa,MAAM,sBAAsB,CAAC;AAKxI,OAAO,EACH,eAAe,EAEf,kBAAkB,EAClB,cAAc,EAEd,2BAA2B,EAM9B,MAAM,iCAAiC,CAAC;AAGzC,OAAO,EAA2C,aAAa,EAAE,qBAAqB,EAAC,MAAM,iBAAiB,CAAC;AAM/G,MAAM,MAAM,YAAY,GAAG,MAAM,GAAG,OAAO,GAAG,OAAO,GAAG,OAAO,CAAC;AAsHhE,UAAU,WAAW;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;CACnB;AAKD,UAAU,oBAAoB;IAE1B,QAAQ,EAAE,kBAAkB,CAAC;IAE7B,aAAa,EAAE,aAAa,CAAC;IAE7B,KAAK,EAAE,MAAM,CAAC;IAEd,QAAQ,EAAE,OAAO,CAAC;IAElB,KAAK,CAAC,EAAE,eAAe,CAAC;IAExB,IAAI,EAAE,WAAW,EAAE,CAAC;CACvB;AAKD,UAAU,gBAAgB;IAEtB,WAAW,EAAE,MAAM,CAAC;IAEpB,UAAU,EAAE,MAAM,CAAC;IAEnB,YAAY,EAAE,OAAO,CAAC;IAEtB,IAAI,EAAE,MAAM,EAAE,CAAC;IAEf,KAAK,CAAC,EAAE,eAAe,CAAC;CAC3B;AAKD,UAAU,iBAAiB;IAEvB,UAAU,EAAE,MAAM,CAAC;IAEnB,eAAe,EAAE,MAAM,CAAC;IAExB,mBAAmB,EAAE,MAAM,CAAC;IAE5B,cAAc,EAAE,cAAc,CAAC;CAClC;AAKD,UAAU,WAAY,SAAQ,2BAA2B,CAAC,iBAAiB,CAAC;IAExE,EAAE,EAAE,qBAAqB,CAAC;IAE1B,mBAAmB,EAAE,GAAG,CAAC,MAAM,EAAE,oBAAoB,EAAE,CAAC,CAAC;IAEzD,cAAc,EAAE,GAAG,CAAC,MAAM,EAAE,gBAAgB,EAAE,CAAC,CAAC;CACnD;AAgBD,qBAAa,4BAA6B,SAAQ,cAAc,CAAC,WAAW,CAAC;IACzE,QAAQ,CAAC,IAAI,yDAAyD;IACtE,QAAQ,CAAC,WAAW,8CAA8C;IAClE,QAAQ,CAAC,WAAW,SAI8D;IAElF,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAKlC;IAUF,KAAK,CAAC,EAAE,eAAe,CAAC;IAUxB,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAa7B,mBAAmB,CAAC,EAAE,YAAY,CAAC;IAWnC,eAAe,CAAC,EAAE,MAAM,CAAC;IAWzB,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB,YAAY,CAAC,IAAI,EAAE,gBAAgB,GAAG,WAAW;IAWjD,OAAO,CAAC,kBAAkB;IAI1B,OAAO,CAAC,sBAAsB;IAI9B,OAAO,CAAC,YAAY;IAOpB,OAAO,CAAC,iBAAiB;IAezB,OAAO,CAAC,iBAAiB;IAwCzB,OAAO,CAAC,wBAAwB;IAwDhC,OAAO,CAAC,iBAAiB;IAczB,OAAO,CAAC,UAAU;IAclB,OAAO,CAAC,mBAAmB;IAyE3B,OAAO,CAAC,YAAY;IAyDd,OAAO,CAAC,GAAG,EAAE,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC,GAAG,EAAE,gBAAgB,CAAC,CAAC;IA0EtE,aAAa,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;IAMlC,cAAc,CAAC,GAAG,EAAE,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC,GAAG,EAAE,gBAAgB,CAAC,CAAC;YAiKrE,wBAAwB;IAuBtC,OAAO,CAAC,yBAAyB;CAgBpC"}