@openrewrite/recipes-nodejs 0.37.0-20260106-082310 → 0.37.0-20260106-104324
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/security/dependency-vulnerability-check.d.ts +6 -54
- package/dist/security/dependency-vulnerability-check.d.ts.map +1 -1
- package/dist/security/dependency-vulnerability-check.js +133 -259
- package/dist/security/dependency-vulnerability-check.js.map +1 -1
- package/dist/security/index.d.ts +3 -0
- package/dist/security/index.d.ts.map +1 -1
- package/dist/security/index.js +3 -0
- package/dist/security/index.js.map +1 -1
- package/dist/security/npm-utils.d.ts +8 -2
- package/dist/security/npm-utils.d.ts.map +1 -1
- package/dist/security/npm-utils.js +114 -14
- package/dist/security/npm-utils.js.map +1 -1
- package/dist/security/override-utils.d.ts +23 -0
- package/dist/security/override-utils.d.ts.map +1 -0
- package/dist/security/override-utils.js +169 -0
- package/dist/security/override-utils.js.map +1 -0
- package/dist/security/remove-redundant-overrides.d.ts +1 -10
- package/dist/security/remove-redundant-overrides.d.ts.map +1 -1
- package/dist/security/remove-redundant-overrides.js +4 -152
- package/dist/security/remove-redundant-overrides.js.map +1 -1
- package/dist/security/types.d.ts +42 -0
- package/dist/security/types.d.ts.map +1 -0
- package/dist/security/types.js +7 -0
- package/dist/security/types.js.map +1 -0
- package/dist/security/version-utils.d.ts +13 -0
- package/dist/security/version-utils.d.ts.map +1 -0
- package/dist/security/version-utils.js +173 -0
- package/dist/security/version-utils.js.map +1 -0
- package/package.json +1 -1
- package/src/security/dependency-vulnerability-check.ts +232 -485
- package/src/security/index.ts +3 -0
- package/src/security/npm-utils.ts +172 -37
- package/src/security/override-utils.ts +253 -0
- package/src/security/remove-redundant-overrides.ts +9 -211
- package/src/security/types.ts +116 -0
- package/src/security/version-utils.ts +198 -0
|
@@ -0,0 +1,173 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
19
|
+
var ownKeys = function(o) {
|
|
20
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
21
|
+
var ar = [];
|
|
22
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
23
|
+
return ar;
|
|
24
|
+
};
|
|
25
|
+
return ownKeys(o);
|
|
26
|
+
};
|
|
27
|
+
return function (mod) {
|
|
28
|
+
if (mod && mod.__esModule) return mod;
|
|
29
|
+
var result = {};
|
|
30
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
31
|
+
__setModuleDefault(result, mod);
|
|
32
|
+
return result;
|
|
33
|
+
};
|
|
34
|
+
})();
|
|
35
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
36
|
+
exports.extractVersionPrefix = extractVersionPrefix;
|
|
37
|
+
exports.applyVersionPrefix = applyVersionPrefix;
|
|
38
|
+
exports.extractMinimumVersion = extractMinimumVersion;
|
|
39
|
+
exports.isVersionWithinDelta = isVersionWithinDelta;
|
|
40
|
+
exports.isVersionAffected = isVersionAffected;
|
|
41
|
+
exports.isUpgradeableWithinDelta = isUpgradeableWithinDelta;
|
|
42
|
+
exports.getUpgradeVersion = getUpgradeVersion;
|
|
43
|
+
const semver = __importStar(require("semver"));
|
|
44
|
+
function extractVersionPrefix(versionString) {
|
|
45
|
+
const match = versionString.match(/^([~^]|>=?|<=?|=)?(.*)$/);
|
|
46
|
+
if (match) {
|
|
47
|
+
return {
|
|
48
|
+
prefix: match[1] || '',
|
|
49
|
+
version: match[2]
|
|
50
|
+
};
|
|
51
|
+
}
|
|
52
|
+
return { prefix: '', version: versionString };
|
|
53
|
+
}
|
|
54
|
+
function applyVersionPrefix(originalVersion, newVersion) {
|
|
55
|
+
const { prefix } = extractVersionPrefix(originalVersion);
|
|
56
|
+
return prefix + newVersion;
|
|
57
|
+
}
|
|
58
|
+
function extractMinimumVersion(constraint) {
|
|
59
|
+
if (!constraint)
|
|
60
|
+
return undefined;
|
|
61
|
+
if (semver.valid(constraint)) {
|
|
62
|
+
return constraint;
|
|
63
|
+
}
|
|
64
|
+
const match = constraint.match(/^[~^>=<]*\s*(\d+\.\d+\.\d+(?:-[a-zA-Z0-9.]+)?)/);
|
|
65
|
+
if (match && semver.valid(match[1])) {
|
|
66
|
+
return match[1];
|
|
67
|
+
}
|
|
68
|
+
const coerced = semver.coerce(constraint);
|
|
69
|
+
return coerced === null || coerced === void 0 ? void 0 : coerced.version;
|
|
70
|
+
}
|
|
71
|
+
function isVersionWithinDelta(originalVersion, targetVersion, delta) {
|
|
72
|
+
if (delta === 'none') {
|
|
73
|
+
return false;
|
|
74
|
+
}
|
|
75
|
+
try {
|
|
76
|
+
const original = semver.parse(originalVersion);
|
|
77
|
+
const target = semver.parse(targetVersion);
|
|
78
|
+
if (!original || !target)
|
|
79
|
+
return false;
|
|
80
|
+
switch (delta) {
|
|
81
|
+
case 'patch':
|
|
82
|
+
return original.major === target.major && original.minor === target.minor;
|
|
83
|
+
case 'minor':
|
|
84
|
+
return original.major === target.major;
|
|
85
|
+
case 'major':
|
|
86
|
+
return true;
|
|
87
|
+
default:
|
|
88
|
+
return false;
|
|
89
|
+
}
|
|
90
|
+
}
|
|
91
|
+
catch (_a) {
|
|
92
|
+
return false;
|
|
93
|
+
}
|
|
94
|
+
}
|
|
95
|
+
function isVersionAffected(version, vulnerability) {
|
|
96
|
+
try {
|
|
97
|
+
const v = semver.parse(version);
|
|
98
|
+
if (!v)
|
|
99
|
+
return false;
|
|
100
|
+
if (vulnerability.introducedVersion && vulnerability.introducedVersion !== '0') {
|
|
101
|
+
const introduced = semver.parse(vulnerability.introducedVersion);
|
|
102
|
+
if (introduced && semver.lt(v, introduced)) {
|
|
103
|
+
return false;
|
|
104
|
+
}
|
|
105
|
+
}
|
|
106
|
+
if (vulnerability.fixedVersion) {
|
|
107
|
+
const fixed = semver.parse(vulnerability.fixedVersion);
|
|
108
|
+
if (fixed && semver.gte(v, fixed)) {
|
|
109
|
+
return false;
|
|
110
|
+
}
|
|
111
|
+
return true;
|
|
112
|
+
}
|
|
113
|
+
if (vulnerability.lastAffectedVersion) {
|
|
114
|
+
const lastAffected = semver.parse(vulnerability.lastAffectedVersion);
|
|
115
|
+
if (lastAffected && semver.gt(v, lastAffected)) {
|
|
116
|
+
return false;
|
|
117
|
+
}
|
|
118
|
+
return true;
|
|
119
|
+
}
|
|
120
|
+
return true;
|
|
121
|
+
}
|
|
122
|
+
catch (_a) {
|
|
123
|
+
return false;
|
|
124
|
+
}
|
|
125
|
+
}
|
|
126
|
+
function isUpgradeableWithinDelta(currentVersion, vulnerability, delta) {
|
|
127
|
+
if (delta === 'none') {
|
|
128
|
+
return false;
|
|
129
|
+
}
|
|
130
|
+
try {
|
|
131
|
+
const current = semver.parse(currentVersion);
|
|
132
|
+
if (!current)
|
|
133
|
+
return false;
|
|
134
|
+
if (vulnerability.fixedVersion) {
|
|
135
|
+
const fixed = semver.parse(vulnerability.fixedVersion);
|
|
136
|
+
if (!fixed)
|
|
137
|
+
return false;
|
|
138
|
+
switch (delta) {
|
|
139
|
+
case 'patch':
|
|
140
|
+
return current.major === fixed.major && current.minor === fixed.minor;
|
|
141
|
+
case 'minor':
|
|
142
|
+
return current.major === fixed.major;
|
|
143
|
+
case 'major':
|
|
144
|
+
return true;
|
|
145
|
+
}
|
|
146
|
+
}
|
|
147
|
+
if (vulnerability.lastAffectedVersion) {
|
|
148
|
+
const lastAffected = semver.parse(vulnerability.lastAffectedVersion);
|
|
149
|
+
if (!lastAffected)
|
|
150
|
+
return false;
|
|
151
|
+
switch (delta) {
|
|
152
|
+
case 'patch':
|
|
153
|
+
return current.major === lastAffected.major &&
|
|
154
|
+
current.minor === lastAffected.minor;
|
|
155
|
+
case 'minor':
|
|
156
|
+
return current.major === lastAffected.major;
|
|
157
|
+
case 'major':
|
|
158
|
+
return true;
|
|
159
|
+
}
|
|
160
|
+
}
|
|
161
|
+
return false;
|
|
162
|
+
}
|
|
163
|
+
catch (_a) {
|
|
164
|
+
return false;
|
|
165
|
+
}
|
|
166
|
+
}
|
|
167
|
+
function getUpgradeVersion(vulnerability) {
|
|
168
|
+
if (vulnerability.fixedVersion) {
|
|
169
|
+
return vulnerability.fixedVersion;
|
|
170
|
+
}
|
|
171
|
+
return undefined;
|
|
172
|
+
}
|
|
173
|
+
//# sourceMappingURL=version-utils.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"version-utils.js","sourceRoot":"","sources":["../../src/security/version-utils.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAkBA,oDASC;AAKD,gDAGC;AAMD,sDAiBC;AAKD,oDA2BC;AAKD,8CAmCC;AAKD,4DAiDC;AAKD,8CAQC;AA/LD,+CAAiC;AAYjC,SAAgB,oBAAoB,CAAC,aAAqB;IACtD,MAAM,KAAK,GAAG,aAAa,CAAC,KAAK,CAAC,yBAAyB,CAAC,CAAC;IAC7D,IAAI,KAAK,EAAE,CAAC;QACR,OAAO;YACH,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE;YACtB,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC;SACpB,CAAC;IACN,CAAC;IACD,OAAO,EAAC,MAAM,EAAE,EAAE,EAAE,OAAO,EAAE,aAAa,EAAC,CAAC;AAChD,CAAC;AAKD,SAAgB,kBAAkB,CAAC,eAAuB,EAAE,UAAkB;IAC1E,MAAM,EAAC,MAAM,EAAC,GAAG,oBAAoB,CAAC,eAAe,CAAC,CAAC;IACvD,OAAO,MAAM,GAAG,UAAU,CAAC;AAC/B,CAAC;AAMD,SAAgB,qBAAqB,CAAC,UAAkB;IACpD,IAAI,CAAC,UAAU;QAAE,OAAO,SAAS,CAAC;IAGlC,IAAI,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,CAAC;QAC3B,OAAO,UAAU,CAAC;IACtB,CAAC;IAGD,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,gDAAgD,CAAC,CAAC;IACjF,IAAI,KAAK,IAAI,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAClC,OAAO,KAAK,CAAC,CAAC,CAAC,CAAC;IACpB,CAAC;IAGD,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IAC1C,OAAO,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,CAAC;AAC5B,CAAC;AAKD,SAAgB,oBAAoB,CAChC,eAAuB,EACvB,aAAqB,EACrB,KAAmB;IAEnB,IAAI,KAAK,KAAK,MAAM,EAAE,CAAC;QACnB,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,IAAI,CAAC;QACD,MAAM,QAAQ,GAAG,MAAM,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;QAC/C,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;QAC3C,IAAI,CAAC,QAAQ,IAAI,CAAC,MAAM;YAAE,OAAO,KAAK,CAAC;QAEvC,QAAQ,KAAK,EAAE,CAAC;YACZ,KAAK,OAAO;gBACR,OAAO,QAAQ,CAAC,KAAK,KAAK,MAAM,CAAC,KAAK,IAAI,QAAQ,CAAC,KAAK,KAAK,MAAM,CAAC,KAAK,CAAC;YAC9E,KAAK,OAAO;gBACR,OAAO,QAAQ,CAAC,KAAK,KAAK,MAAM,CAAC,KAAK,CAAC;YAC3C,KAAK,OAAO;gBACR,OAAO,IAAI,CAAC;YAChB;gBACI,OAAO,KAAK,CAAC;QACrB,CAAC;IACL,CAAC;IAAC,WAAM,CAAC;QACL,OAAO,KAAK,CAAC;IACjB,CAAC;AACL,CAAC;AAKD,SAAgB,iBAAiB,CAAC,OAAe,EAAE,aAA4B;IAC3E,IAAI,CAAC;QACD,MAAM,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAChC,IAAI,CAAC,CAAC;YAAE,OAAO,KAAK,CAAC;QAGrB,IAAI,aAAa,CAAC,iBAAiB,IAAI,aAAa,CAAC,iBAAiB,KAAK,GAAG,EAAE,CAAC;YAC7E,MAAM,UAAU,GAAG,MAAM,CAAC,KAAK,CAAC,aAAa,CAAC,iBAAiB,CAAC,CAAC;YACjE,IAAI,UAAU,IAAI,MAAM,CAAC,EAAE,CAAC,CAAC,EAAE,UAAU,CAAC,EAAE,CAAC;gBACzC,OAAO,KAAK,CAAC;YACjB,CAAC;QACL,CAAC;QAGD,IAAI,aAAa,CAAC,YAAY,EAAE,CAAC;YAC7B,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC;YACvD,IAAI,KAAK,IAAI,MAAM,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,EAAE,CAAC;gBAChC,OAAO,KAAK,CAAC;YACjB,CAAC;YACD,OAAO,IAAI,CAAC;QAChB,CAAC;QAGD,IAAI,aAAa,CAAC,mBAAmB,EAAE,CAAC;YACpC,MAAM,YAAY,GAAG,MAAM,CAAC,KAAK,CAAC,aAAa,CAAC,mBAAmB,CAAC,CAAC;YACrE,IAAI,YAAY,IAAI,MAAM,CAAC,EAAE,CAAC,CAAC,EAAE,YAAY,CAAC,EAAE,CAAC;gBAC7C,OAAO,KAAK,CAAC;YACjB,CAAC;YACD,OAAO,IAAI,CAAC;QAChB,CAAC;QAED,OAAO,IAAI,CAAC;IAChB,CAAC;IAAC,WAAM,CAAC;QACL,OAAO,KAAK,CAAC;IACjB,CAAC;AACL,CAAC;AAKD,SAAgB,wBAAwB,CACpC,cAAsB,EACtB,aAA4B,EAC5B,KAAmB;IAEnB,IAAI,KAAK,KAAK,MAAM,EAAE,CAAC;QACnB,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,IAAI,CAAC;QACD,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;QAC7C,IAAI,CAAC,OAAO;YAAE,OAAO,KAAK,CAAC;QAG3B,IAAI,aAAa,CAAC,YAAY,EAAE,CAAC;YAC7B,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC;YACvD,IAAI,CAAC,KAAK;gBAAE,OAAO,KAAK,CAAC;YAEzB,QAAQ,KAAK,EAAE,CAAC;gBACZ,KAAK,OAAO;oBACR,OAAO,OAAO,CAAC,KAAK,KAAK,KAAK,CAAC,KAAK,IAAI,OAAO,CAAC,KAAK,KAAK,KAAK,CAAC,KAAK,CAAC;gBAC1E,KAAK,OAAO;oBACR,OAAO,OAAO,CAAC,KAAK,KAAK,KAAK,CAAC,KAAK,CAAC;gBACzC,KAAK,OAAO;oBACR,OAAO,IAAI,CAAC;YACpB,CAAC;QACL,CAAC;QAID,IAAI,aAAa,CAAC,mBAAmB,EAAE,CAAC;YACpC,MAAM,YAAY,GAAG,MAAM,CAAC,KAAK,CAAC,aAAa,CAAC,mBAAmB,CAAC,CAAC;YACrE,IAAI,CAAC,YAAY;gBAAE,OAAO,KAAK,CAAC;YAEhC,QAAQ,KAAK,EAAE,CAAC;gBACZ,KAAK,OAAO;oBACR,OAAO,OAAO,CAAC,KAAK,KAAK,YAAY,CAAC,KAAK;wBACvC,OAAO,CAAC,KAAK,KAAK,YAAY,CAAC,KAAK,CAAC;gBAC7C,KAAK,OAAO;oBACR,OAAO,OAAO,CAAC,KAAK,KAAK,YAAY,CAAC,KAAK,CAAC;gBAChD,KAAK,OAAO;oBACR,OAAO,IAAI,CAAC;YACpB,CAAC;QACL,CAAC;QAED,OAAO,KAAK,CAAC;IACjB,CAAC;IAAC,WAAM,CAAC;QACL,OAAO,KAAK,CAAC;IACjB,CAAC;AACL,CAAC;AAKD,SAAgB,iBAAiB,CAAC,aAA4B;IAC1D,IAAI,aAAa,CAAC,YAAY,EAAE,CAAC;QAC7B,OAAO,aAAa,CAAC,YAAY,CAAC;IACtC,CAAC;IAID,OAAO,SAAS,CAAC;AACrB,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@openrewrite/recipes-nodejs",
|
|
3
|
-
"version": "0.37.0-20260106-
|
|
3
|
+
"version": "0.37.0-20260106-104324",
|
|
4
4
|
"license": "Moderne Source Available License",
|
|
5
5
|
"description": "OpenRewrite recipes for Node.js library migrations.",
|
|
6
6
|
"homepage": "https://github.com/moderneinc/rewrite-node",
|