@openrewrite/recipes-nodejs 0.37.0-20260106-083133 → 0.37.0-20260106-104324
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/security/dependency-vulnerability-check.d.ts +6 -54
- package/dist/security/dependency-vulnerability-check.d.ts.map +1 -1
- package/dist/security/dependency-vulnerability-check.js +133 -259
- package/dist/security/dependency-vulnerability-check.js.map +1 -1
- package/dist/security/index.d.ts +3 -0
- package/dist/security/index.d.ts.map +1 -1
- package/dist/security/index.js +3 -0
- package/dist/security/index.js.map +1 -1
- package/dist/security/npm-utils.d.ts +8 -2
- package/dist/security/npm-utils.d.ts.map +1 -1
- package/dist/security/npm-utils.js +114 -14
- package/dist/security/npm-utils.js.map +1 -1
- package/dist/security/override-utils.d.ts +23 -0
- package/dist/security/override-utils.d.ts.map +1 -0
- package/dist/security/override-utils.js +169 -0
- package/dist/security/override-utils.js.map +1 -0
- package/dist/security/remove-redundant-overrides.d.ts +1 -10
- package/dist/security/remove-redundant-overrides.d.ts.map +1 -1
- package/dist/security/remove-redundant-overrides.js +4 -152
- package/dist/security/remove-redundant-overrides.js.map +1 -1
- package/dist/security/types.d.ts +42 -0
- package/dist/security/types.d.ts.map +1 -0
- package/dist/security/types.js +7 -0
- package/dist/security/types.js.map +1 -0
- package/dist/security/version-utils.d.ts +13 -0
- package/dist/security/version-utils.d.ts.map +1 -0
- package/dist/security/version-utils.js +173 -0
- package/dist/security/version-utils.js.map +1 -0
- package/package.json +1 -1
- package/src/security/dependency-vulnerability-check.ts +232 -485
- package/src/security/index.ts +3 -0
- package/src/security/npm-utils.ts +172 -37
- package/src/security/override-utils.ts +253 -0
- package/src/security/remove-redundant-overrides.ts +9 -211
- package/src/security/types.ts +116 -0
- package/src/security/version-utils.ts +198 -0
|
@@ -1,45 +1,8 @@
|
|
|
1
1
|
import { ExecutionContext, ScanningRecipe, TreeVisitor } from "@openrewrite/rewrite";
|
|
2
|
-
import { DependencyRecipeAccumulator, DependencyScope
|
|
3
|
-
import { Severity,
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
interface PathSegment {
|
|
7
|
-
name: string;
|
|
8
|
-
version: string;
|
|
9
|
-
}
|
|
10
|
-
interface VulnerableDependency {
|
|
11
|
-
resolved: ResolvedDependency;
|
|
12
|
-
vulnerability: Vulnerability;
|
|
13
|
-
depth: number;
|
|
14
|
-
isDirect: boolean;
|
|
15
|
-
scope?: DependencyScope;
|
|
16
|
-
path: PathSegment[];
|
|
17
|
-
}
|
|
18
|
-
interface VulnerabilityFix {
|
|
19
|
-
packageName: string;
|
|
20
|
-
newVersion: string;
|
|
21
|
-
isTransitive: boolean;
|
|
22
|
-
cves: string[];
|
|
23
|
-
cveSummaries: Map<string, string>;
|
|
24
|
-
scope?: DependencyScope;
|
|
25
|
-
originalMajorVersion?: number;
|
|
26
|
-
directDepInfo?: {
|
|
27
|
-
name: string;
|
|
28
|
-
version: string;
|
|
29
|
-
scope: DependencyScope;
|
|
30
|
-
};
|
|
31
|
-
fixViaDirectUpgrade?: {
|
|
32
|
-
directDepName: string;
|
|
33
|
-
directDepVersion: string;
|
|
34
|
-
directDepScope: DependencyScope;
|
|
35
|
-
};
|
|
36
|
-
}
|
|
37
|
-
interface ProjectUpdateInfo {
|
|
38
|
-
packageJsonPath: string;
|
|
39
|
-
originalPackageJson: string;
|
|
40
|
-
packageManager: PackageManager;
|
|
41
|
-
configFiles?: Record<string, string>;
|
|
42
|
-
}
|
|
2
|
+
import { DependencyRecipeAccumulator, DependencyScope } from "@openrewrite/rewrite/javascript";
|
|
3
|
+
import { Severity, VulnerabilityDatabase } from "./vulnerability";
|
|
4
|
+
import { UpgradeDelta } from "./version-utils";
|
|
5
|
+
import { TransitiveFixStrategy, VulnerableDependency, VulnerabilityFix, ProjectUpdateInfo } from "./types";
|
|
43
6
|
interface Accumulator extends DependencyRecipeAccumulator<ProjectUpdateInfo> {
|
|
44
7
|
db: VulnerabilityDatabase;
|
|
45
8
|
vulnerableByProject: Map<string, VulnerableDependency[]>;
|
|
@@ -73,26 +36,20 @@ export declare class DependencyVulnerabilityCheck extends ScanningRecipe<Accumul
|
|
|
73
36
|
addOverrideComments?: boolean;
|
|
74
37
|
});
|
|
75
38
|
private shouldScanTransitives;
|
|
76
|
-
private shouldFixTransitives;
|
|
77
39
|
private shouldVerifyTransitiveFixes;
|
|
78
40
|
private filterRemainingTransitiveFixes;
|
|
79
41
|
private isVersionStillVulnerable;
|
|
80
42
|
initialValue(_ctx: ExecutionContext): Accumulator;
|
|
81
43
|
private isReportOnly;
|
|
82
44
|
private matchesCvePattern;
|
|
83
|
-
private isVersionAffected;
|
|
84
|
-
private isUpgradeableWithinDelta;
|
|
85
|
-
private getUpgradeVersion;
|
|
86
|
-
private getVersionPrefixForDelta;
|
|
87
45
|
private renderPath;
|
|
46
|
+
private findAllDirectDepsForTransitive;
|
|
47
|
+
private hasTransitiveInTree;
|
|
88
48
|
private findVulnerabilities;
|
|
89
49
|
private findPreventiveFixes;
|
|
90
50
|
private isUpgradeWithinDelta;
|
|
91
|
-
private extractMinimumVersion;
|
|
92
51
|
private findHighestSafeVersion;
|
|
93
|
-
private isVersionWithinDelta;
|
|
94
52
|
private computeFixes;
|
|
95
|
-
private tryFindDirectDepUpgrade;
|
|
96
53
|
private tryDirectUpgradesForTransitives;
|
|
97
54
|
scanner(acc: Accumulator): Promise<TreeVisitor<any, ExecutionContext>>;
|
|
98
55
|
editorWithData(acc: Accumulator): Promise<TreeVisitor<any, ExecutionContext>>;
|
|
@@ -103,10 +60,5 @@ export declare class DependencyVulnerabilityCheck extends ScanningRecipe<Accumul
|
|
|
103
60
|
private generateOverrideComment;
|
|
104
61
|
private addOverrideCommentsToPackageJson;
|
|
105
62
|
}
|
|
106
|
-
export declare function extractVersionPrefix(versionString: string): {
|
|
107
|
-
prefix: string;
|
|
108
|
-
version: string;
|
|
109
|
-
};
|
|
110
|
-
export declare function applyVersionPrefix(originalVersion: string, newVersion: string): string;
|
|
111
63
|
export {};
|
|
112
64
|
//# sourceMappingURL=dependency-vulnerability-check.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"dependency-vulnerability-check.d.ts","sourceRoot":"","sources":["../../src/security/dependency-vulnerability-check.ts"],"names":[],"mappings":"AAMA,OAAO,EAGH,gBAAgB,EAGhB,cAAc,EAGd,WAAW,EACd,MAAM,sBAAsB,CAAC;AAI9B,OAAO,EAGH,2BAA2B,EAC3B,eAAe,
|
|
1
|
+
{"version":3,"file":"dependency-vulnerability-check.d.ts","sourceRoot":"","sources":["../../src/security/dependency-vulnerability-check.ts"],"names":[],"mappings":"AAMA,OAAO,EAGH,gBAAgB,EAGhB,cAAc,EAGd,WAAW,EACd,MAAM,sBAAsB,CAAC;AAI9B,OAAO,EAGH,2BAA2B,EAC3B,eAAe,EAYlB,MAAM,iCAAiC,CAAC;AAGzC,OAAO,EAAgB,QAAQ,EAAkC,qBAAqB,EAAC,MAAM,iBAAiB,CAAC;AAO/G,OAAO,EACH,YAAY,EAOf,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAEH,qBAAqB,EAErB,oBAAoB,EACpB,gBAAgB,EAChB,iBAAiB,EACpB,MAAM,SAAS,CAAC;AA0HjB,UAAU,WAAY,SAAQ,2BAA2B,CAAC,iBAAiB,CAAC;IAExE,EAAE,EAAE,qBAAqB,CAAC;IAE1B,mBAAmB,EAAE,GAAG,CAAC,MAAM,EAAE,oBAAoB,EAAE,CAAC,CAAC;IAEzD,cAAc,EAAE,GAAG,CAAC,MAAM,EAAE,gBAAgB,EAAE,CAAC,CAAC;IAEhD,iBAAiB,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAEvC,sBAAsB,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAE5C,cAAc,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;IAEtC,+BAA+B,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAErD,0BAA0B,EAAE,OAAO,CAAC;CACvC;AAgBD,qBAAa,4BAA6B,SAAQ,cAAc,CAAC,WAAW,CAAC;IACzE,QAAQ,CAAC,IAAI,yDAAyD;IACtE,QAAQ,CAAC,WAAW,8CAA8C;IAClE,QAAQ,CAAC,WAAW,SAI8D;IAElF,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAKlC;IAUF,KAAK,CAAC,EAAE,eAAe,CAAC;IAaxB,qBAAqB,CAAC,EAAE,qBAAqB,CAAC;IAa9C,mBAAmB,CAAC,EAAE,YAAY,CAAC;IAWnC,eAAe,CAAC,EAAE,QAAQ,CAAC;IAW3B,UAAU,CAAC,EAAE,MAAM,CAAC;IAYpB,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAU9B,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAG9B,OAAO,CAAC,eAAe,CAAC,CAAS;gBAErB,OAAO,CAAC,EAAE;QAClB,KAAK,CAAC,EAAE,eAAe,CAAC;QACxB,qBAAqB,CAAC,EAAE,qBAAqB,CAAC;QAC9C,mBAAmB,CAAC,EAAE,YAAY,CAAC;QACnC,eAAe,CAAC,EAAE,MAAM,CAAC;QACzB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,mBAAmB,CAAC,EAAE,OAAO,CAAC;QAC9B,mBAAmB,CAAC,EAAE,OAAO,CAAC;KACjC;IAuBD,OAAO,CAAC,qBAAqB;IAQ7B,OAAO,CAAC,2BAA2B;IAcnC,OAAO,CAAC,8BAA8B;IAiDtC,OAAO,CAAC,wBAAwB;IAevB,YAAY,CAAC,IAAI,EAAE,gBAAgB,GAAG,WAAW;IAgB1D,OAAO,CAAC,YAAY;IAOpB,OAAO,CAAC,iBAAiB;IAWzB,OAAO,CAAC,UAAU;IAgBlB,OAAO,CAAC,8BAA8B;IA0BtC,OAAO,CAAC,mBAAmB;IA2B3B,OAAO,CAAC,mBAAmB;IA0E3B,OAAO,CAAC,mBAAmB;IAgF3B,OAAO,CAAC,oBAAoB;IAkB5B,OAAO,CAAC,sBAAsB;YAiEhB,YAAY;YAsKZ,+BAA+B;IAoG9B,OAAO,CAAC,GAAG,EAAE,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC,GAAG,EAAE,gBAAgB,CAAC,CAAC;IAoLtE,cAAc,CAAC,GAAG,EAAE,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC,GAAG,EAAE,gBAAgB,CAAC,CAAC;YAwY9E,wBAAwB;YA4HxB,iCAAiC;IAgK/C,OAAO,CAAC,mCAAmC;IA6B3C,OAAO,CAAC,yBAAyB;IAmKjC,OAAO,CAAC,uBAAuB;IA8B/B,OAAO,CAAC,gCAAgC;CAmC3C"}
|