@openrewrite/recipes-nodejs 0.37.0-20260106-083133 → 0.37.0-20260106-170728
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/security/dependency-vulnerability-check.d.ts +8 -54
- package/dist/security/dependency-vulnerability-check.d.ts.map +1 -1
- package/dist/security/dependency-vulnerability-check.js +176 -287
- package/dist/security/dependency-vulnerability-check.js.map +1 -1
- package/dist/security/index.d.ts +3 -0
- package/dist/security/index.d.ts.map +1 -1
- package/dist/security/index.js +3 -0
- package/dist/security/index.js.map +1 -1
- package/dist/security/npm-utils.d.ts +8 -2
- package/dist/security/npm-utils.d.ts.map +1 -1
- package/dist/security/npm-utils.js +114 -14
- package/dist/security/npm-utils.js.map +1 -1
- package/dist/security/override-utils.d.ts +23 -0
- package/dist/security/override-utils.d.ts.map +1 -0
- package/dist/security/override-utils.js +169 -0
- package/dist/security/override-utils.js.map +1 -0
- package/dist/security/remove-redundant-overrides.d.ts +1 -10
- package/dist/security/remove-redundant-overrides.d.ts.map +1 -1
- package/dist/security/remove-redundant-overrides.js +4 -152
- package/dist/security/remove-redundant-overrides.js.map +1 -1
- package/dist/security/types.d.ts +42 -0
- package/dist/security/types.d.ts.map +1 -0
- package/dist/security/types.js +7 -0
- package/dist/security/types.js.map +1 -0
- package/dist/security/version-utils.d.ts +13 -0
- package/dist/security/version-utils.d.ts.map +1 -0
- package/dist/security/version-utils.js +173 -0
- package/dist/security/version-utils.js.map +1 -0
- package/package.json +1 -1
- package/src/security/dependency-vulnerability-check.ts +300 -525
- package/src/security/index.ts +3 -0
- package/src/security/npm-utils.ts +172 -37
- package/src/security/override-utils.ts +253 -0
- package/src/security/remove-redundant-overrides.ts +9 -211
- package/src/security/types.ts +115 -0
- package/src/security/version-utils.ts +198 -0
|
@@ -0,0 +1,169 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.findDirectDependencyScope = findDirectDependencyScope;
|
|
4
|
+
exports.getOverridesFromPackageJson = getOverridesFromPackageJson;
|
|
5
|
+
exports.getOverrideFieldNames = getOverrideFieldNames;
|
|
6
|
+
exports.parseOverrideKey = parseOverrideKey;
|
|
7
|
+
exports.extractOverrides = extractOverrides;
|
|
8
|
+
exports.removeOverrideFromObject = removeOverrideFromObject;
|
|
9
|
+
exports.removeOverridesFromContent = removeOverridesFromContent;
|
|
10
|
+
const types_1 = require("./types");
|
|
11
|
+
function findDirectDependencyScope(packageJson, packageName) {
|
|
12
|
+
var _a;
|
|
13
|
+
for (const scope of types_1.ALL_DEPENDENCY_SCOPES) {
|
|
14
|
+
if ((_a = packageJson[scope]) === null || _a === void 0 ? void 0 : _a[packageName]) {
|
|
15
|
+
return scope;
|
|
16
|
+
}
|
|
17
|
+
}
|
|
18
|
+
return undefined;
|
|
19
|
+
}
|
|
20
|
+
function getOverridesFromPackageJson(packageJson, packageManager) {
|
|
21
|
+
var _a;
|
|
22
|
+
switch (packageManager) {
|
|
23
|
+
case "Npm":
|
|
24
|
+
case "Bun":
|
|
25
|
+
return packageJson.overrides;
|
|
26
|
+
case "Pnpm":
|
|
27
|
+
return (_a = packageJson.pnpm) === null || _a === void 0 ? void 0 : _a.overrides;
|
|
28
|
+
case "YarnClassic":
|
|
29
|
+
case "YarnBerry":
|
|
30
|
+
return packageJson.resolutions;
|
|
31
|
+
default:
|
|
32
|
+
return undefined;
|
|
33
|
+
}
|
|
34
|
+
}
|
|
35
|
+
function getOverrideFieldNames(packageManager) {
|
|
36
|
+
switch (packageManager) {
|
|
37
|
+
case "Npm":
|
|
38
|
+
case "Bun":
|
|
39
|
+
return { overrideField: 'overrides', commentField: '//overrides' };
|
|
40
|
+
case "Pnpm":
|
|
41
|
+
return { overrideField: 'pnpm', commentField: '//pnpm.overrides' };
|
|
42
|
+
case "YarnClassic":
|
|
43
|
+
case "YarnBerry":
|
|
44
|
+
return { overrideField: 'resolutions', commentField: '//resolutions' };
|
|
45
|
+
default:
|
|
46
|
+
return { overrideField: 'overrides', commentField: '//overrides' };
|
|
47
|
+
}
|
|
48
|
+
}
|
|
49
|
+
function parseOverrideKey(key) {
|
|
50
|
+
const atIndex = key.lastIndexOf('@');
|
|
51
|
+
let packageName;
|
|
52
|
+
let versionRange;
|
|
53
|
+
let isVersionSpecific = false;
|
|
54
|
+
if (atIndex > 0 && !key.startsWith('@')) {
|
|
55
|
+
packageName = key.substring(0, atIndex);
|
|
56
|
+
versionRange = key.substring(atIndex + 1);
|
|
57
|
+
isVersionSpecific = true;
|
|
58
|
+
}
|
|
59
|
+
else if (atIndex > 0 && key.startsWith('@')) {
|
|
60
|
+
const secondAtIndex = key.indexOf('@', 1);
|
|
61
|
+
if (secondAtIndex > 0 && secondAtIndex !== atIndex) {
|
|
62
|
+
packageName = key.substring(0, secondAtIndex);
|
|
63
|
+
versionRange = key.substring(secondAtIndex + 1);
|
|
64
|
+
isVersionSpecific = true;
|
|
65
|
+
}
|
|
66
|
+
else {
|
|
67
|
+
packageName = key;
|
|
68
|
+
}
|
|
69
|
+
}
|
|
70
|
+
else {
|
|
71
|
+
packageName = key;
|
|
72
|
+
}
|
|
73
|
+
return { packageName, versionRange, isVersionSpecific };
|
|
74
|
+
}
|
|
75
|
+
function extractOverrides(packageJson, packageManager) {
|
|
76
|
+
const overrides = [];
|
|
77
|
+
const overrideObj = getOverridesFromPackageJson(packageJson, packageManager);
|
|
78
|
+
if (!overrideObj) {
|
|
79
|
+
return overrides;
|
|
80
|
+
}
|
|
81
|
+
for (const [key, value] of Object.entries(overrideObj)) {
|
|
82
|
+
if (typeof value !== 'string') {
|
|
83
|
+
continue;
|
|
84
|
+
}
|
|
85
|
+
const { packageName, versionRange, isVersionSpecific } = parseOverrideKey(key);
|
|
86
|
+
overrides.push({
|
|
87
|
+
key,
|
|
88
|
+
packageName,
|
|
89
|
+
version: value,
|
|
90
|
+
isVersionSpecific,
|
|
91
|
+
versionRange
|
|
92
|
+
});
|
|
93
|
+
}
|
|
94
|
+
return overrides;
|
|
95
|
+
}
|
|
96
|
+
function removeOverrideFromObject(packageJson, packageManager, key) {
|
|
97
|
+
var _a;
|
|
98
|
+
switch (packageManager) {
|
|
99
|
+
case "Npm":
|
|
100
|
+
case "Bun":
|
|
101
|
+
if (packageJson.overrides) {
|
|
102
|
+
delete packageJson.overrides[key];
|
|
103
|
+
if (Object.keys(packageJson.overrides).length === 0) {
|
|
104
|
+
delete packageJson.overrides;
|
|
105
|
+
}
|
|
106
|
+
}
|
|
107
|
+
break;
|
|
108
|
+
case "Pnpm":
|
|
109
|
+
if ((_a = packageJson.pnpm) === null || _a === void 0 ? void 0 : _a.overrides) {
|
|
110
|
+
delete packageJson.pnpm.overrides[key];
|
|
111
|
+
if (Object.keys(packageJson.pnpm.overrides).length === 0) {
|
|
112
|
+
delete packageJson.pnpm.overrides;
|
|
113
|
+
}
|
|
114
|
+
if (Object.keys(packageJson.pnpm).length === 0) {
|
|
115
|
+
delete packageJson.pnpm;
|
|
116
|
+
}
|
|
117
|
+
}
|
|
118
|
+
break;
|
|
119
|
+
case "YarnClassic":
|
|
120
|
+
case "YarnBerry":
|
|
121
|
+
if (packageJson.resolutions) {
|
|
122
|
+
delete packageJson.resolutions[key];
|
|
123
|
+
if (Object.keys(packageJson.resolutions).length === 0) {
|
|
124
|
+
delete packageJson.resolutions;
|
|
125
|
+
}
|
|
126
|
+
}
|
|
127
|
+
break;
|
|
128
|
+
}
|
|
129
|
+
}
|
|
130
|
+
function removeOverridesFromContent(originalContent, packageManager, keysToRemove) {
|
|
131
|
+
var _a;
|
|
132
|
+
const packageJson = JSON.parse(originalContent);
|
|
133
|
+
const { overrideField, commentField } = getOverrideFieldNames(packageManager);
|
|
134
|
+
if (packageManager === "Pnpm") {
|
|
135
|
+
if ((_a = packageJson.pnpm) === null || _a === void 0 ? void 0 : _a.overrides) {
|
|
136
|
+
for (const key of keysToRemove) {
|
|
137
|
+
delete packageJson.pnpm.overrides[key];
|
|
138
|
+
}
|
|
139
|
+
if (Object.keys(packageJson.pnpm.overrides).length === 0) {
|
|
140
|
+
delete packageJson.pnpm.overrides;
|
|
141
|
+
}
|
|
142
|
+
if (Object.keys(packageJson.pnpm).length === 0) {
|
|
143
|
+
delete packageJson.pnpm;
|
|
144
|
+
}
|
|
145
|
+
}
|
|
146
|
+
}
|
|
147
|
+
else {
|
|
148
|
+
if (packageJson[overrideField]) {
|
|
149
|
+
for (const key of keysToRemove) {
|
|
150
|
+
delete packageJson[overrideField][key];
|
|
151
|
+
}
|
|
152
|
+
if (Object.keys(packageJson[overrideField]).length === 0) {
|
|
153
|
+
delete packageJson[overrideField];
|
|
154
|
+
}
|
|
155
|
+
}
|
|
156
|
+
}
|
|
157
|
+
if (packageJson[commentField]) {
|
|
158
|
+
for (const key of keysToRemove) {
|
|
159
|
+
delete packageJson[commentField][key];
|
|
160
|
+
}
|
|
161
|
+
if (Object.keys(packageJson[commentField]).length === 0) {
|
|
162
|
+
delete packageJson[commentField];
|
|
163
|
+
}
|
|
164
|
+
}
|
|
165
|
+
const indentMatch = originalContent.match(/^(\s+)"/m);
|
|
166
|
+
const indent = indentMatch ? indentMatch[1].length : 2;
|
|
167
|
+
return JSON.stringify(packageJson, null, indent);
|
|
168
|
+
}
|
|
169
|
+
//# sourceMappingURL=override-utils.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"override-utils.js","sourceRoot":"","sources":["../../src/security/override-utils.ts"],"names":[],"mappings":";;AAaA,8DAUC;AAMD,kEAgBC;AAKD,sDAgBC;AAsBD,4CAkCC;AAKD,4CA6BC;AAMD,4DAoCC;AAOD,gEA+CC;AArPD,mCAA8C;AAM9C,SAAgB,yBAAyB,CACrC,WAAgC,EAChC,WAAmB;;IAEnB,KAAK,MAAM,KAAK,IAAI,6BAAqB,EAAE,CAAC;QACxC,IAAI,MAAA,WAAW,CAAC,KAAK,CAAC,0CAAG,WAAW,CAAC,EAAE,CAAC;YACpC,OAAO,KAAK,CAAC;QACjB,CAAC;IACL,CAAC;IACD,OAAO,SAAS,CAAC;AACrB,CAAC;AAMD,SAAgB,2BAA2B,CACvC,WAAgC,EAChC,cAA8B;;IAE9B,QAAQ,cAAc,EAAE,CAAC;QACrB,WAAwB;QACxB;YACI,OAAO,WAAW,CAAC,SAAS,CAAC;QACjC;YACI,OAAO,MAAA,WAAW,CAAC,IAAI,0CAAE,SAAS,CAAC;QACvC,mBAAgC;QAChC;YACI,OAAO,WAAW,CAAC,WAAW,CAAC;QACnC;YACI,OAAO,SAAS,CAAC;IACzB,CAAC;AACL,CAAC;AAKD,SAAgB,qBAAqB,CAAC,cAA8B;IAIhE,QAAQ,cAAc,EAAE,CAAC;QACrB,WAAwB;QACxB;YACI,OAAO,EAAC,aAAa,EAAE,WAAW,EAAE,YAAY,EAAE,aAAa,EAAC,CAAC;QACrE;YACI,OAAO,EAAC,aAAa,EAAE,MAAM,EAAE,YAAY,EAAE,kBAAkB,EAAC,CAAC;QACrE,mBAAgC;QAChC;YACI,OAAO,EAAC,aAAa,EAAE,aAAa,EAAE,YAAY,EAAE,eAAe,EAAC,CAAC;QACzE;YACI,OAAO,EAAC,aAAa,EAAE,WAAW,EAAE,YAAY,EAAE,aAAa,EAAC,CAAC;IACzE,CAAC;AACL,CAAC;AAsBD,SAAgB,gBAAgB,CAAC,GAAW;IAKxC,MAAM,OAAO,GAAG,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;IACrC,IAAI,WAAmB,CAAC;IACxB,IAAI,YAAgC,CAAC;IACrC,IAAI,iBAAiB,GAAG,KAAK,CAAC;IAI9B,IAAI,OAAO,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QAEtC,WAAW,GAAG,GAAG,CAAC,SAAS,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;QACxC,YAAY,GAAG,GAAG,CAAC,SAAS,CAAC,OAAO,GAAG,CAAC,CAAC,CAAC;QAC1C,iBAAiB,GAAG,IAAI,CAAC;IAC7B,CAAC;SAAM,IAAI,OAAO,GAAG,CAAC,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QAE5C,MAAM,aAAa,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;QAC1C,IAAI,aAAa,GAAG,CAAC,IAAI,aAAa,KAAK,OAAO,EAAE,CAAC;YAEjD,WAAW,GAAG,GAAG,CAAC,SAAS,CAAC,CAAC,EAAE,aAAa,CAAC,CAAC;YAC9C,YAAY,GAAG,GAAG,CAAC,SAAS,CAAC,aAAa,GAAG,CAAC,CAAC,CAAC;YAChD,iBAAiB,GAAG,IAAI,CAAC;QAC7B,CAAC;aAAM,CAAC;YAEJ,WAAW,GAAG,GAAG,CAAC;QACtB,CAAC;IACL,CAAC;SAAM,CAAC;QACJ,WAAW,GAAG,GAAG,CAAC;IACtB,CAAC;IAED,OAAO,EAAC,WAAW,EAAE,YAAY,EAAE,iBAAiB,EAAC,CAAC;AAC1D,CAAC;AAKD,SAAgB,gBAAgB,CAC5B,WAAgC,EAChC,cAA8B;IAE9B,MAAM,SAAS,GAAmB,EAAE,CAAC;IACrC,MAAM,WAAW,GAAG,2BAA2B,CAAC,WAAW,EAAE,cAAc,CAAC,CAAC;IAE7E,IAAI,CAAC,WAAW,EAAE,CAAC;QACf,OAAO,SAAS,CAAC;IACrB,CAAC;IAED,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE,CAAC;QAErD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC5B,SAAS;QACb,CAAC;QAED,MAAM,EAAC,WAAW,EAAE,YAAY,EAAE,iBAAiB,EAAC,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;QAE7E,SAAS,CAAC,IAAI,CAAC;YACX,GAAG;YACH,WAAW;YACX,OAAO,EAAE,KAAK;YACd,iBAAiB;YACjB,YAAY;SACf,CAAC,CAAC;IACP,CAAC;IAED,OAAO,SAAS,CAAC;AACrB,CAAC;AAMD,SAAgB,wBAAwB,CACpC,WAAgC,EAChC,cAA8B,EAC9B,GAAW;;IAEX,QAAQ,cAAc,EAAE,CAAC;QACrB,WAAwB;QACxB;YACI,IAAI,WAAW,CAAC,SAAS,EAAE,CAAC;gBACxB,OAAO,WAAW,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;gBAClC,IAAI,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBAClD,OAAO,WAAW,CAAC,SAAS,CAAC;gBACjC,CAAC;YACL,CAAC;YACD,MAAM;QACV;YACI,IAAI,MAAA,WAAW,CAAC,IAAI,0CAAE,SAAS,EAAE,CAAC;gBAC9B,OAAO,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;gBACvC,IAAI,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBACvD,OAAO,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC;gBACtC,CAAC;gBACD,IAAI,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBAC7C,OAAO,WAAW,CAAC,IAAI,CAAC;gBAC5B,CAAC;YACL,CAAC;YACD,MAAM;QACV,mBAAgC;QAChC;YACI,IAAI,WAAW,CAAC,WAAW,EAAE,CAAC;gBAC1B,OAAO,WAAW,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;gBACpC,IAAI,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBACpD,OAAO,WAAW,CAAC,WAAW,CAAC;gBACnC,CAAC;YACL,CAAC;YACD,MAAM;IACd,CAAC;AACL,CAAC;AAOD,SAAgB,0BAA0B,CACtC,eAAuB,EACvB,cAA8B,EAC9B,YAAyB;;IAEzB,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;IAChD,MAAM,EAAC,aAAa,EAAE,YAAY,EAAC,GAAG,qBAAqB,CAAC,cAAc,CAAC,CAAC;IAG5E,IAAI,cAAc,WAAwB,EAAE,CAAC;QACzC,IAAI,MAAA,WAAW,CAAC,IAAI,0CAAE,SAAS,EAAE,CAAC;YAC9B,KAAK,MAAM,GAAG,IAAI,YAAY,EAAE,CAAC;gBAC7B,OAAO,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;YAC3C,CAAC;YACD,IAAI,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACvD,OAAO,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC;YACtC,CAAC;YACD,IAAI,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC7C,OAAO,WAAW,CAAC,IAAI,CAAC;YAC5B,CAAC;QACL,CAAC;IACL,CAAC;SAAM,CAAC;QACJ,IAAI,WAAW,CAAC,aAAa,CAAC,EAAE,CAAC;YAC7B,KAAK,MAAM,GAAG,IAAI,YAAY,EAAE,CAAC;gBAC7B,OAAO,WAAW,CAAC,aAAa,CAAC,CAAC,GAAG,CAAC,CAAC;YAC3C,CAAC;YACD,IAAI,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,aAAa,CAAC,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACvD,OAAO,WAAW,CAAC,aAAa,CAAC,CAAC;YACtC,CAAC;QACL,CAAC;IACL,CAAC;IAGD,IAAI,WAAW,CAAC,YAAY,CAAC,EAAE,CAAC;QAC5B,KAAK,MAAM,GAAG,IAAI,YAAY,EAAE,CAAC;YAC7B,OAAO,WAAW,CAAC,YAAY,CAAC,CAAC,GAAG,CAAC,CAAC;QAC1C,CAAC;QACD,IAAI,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACtD,OAAO,WAAW,CAAC,YAAY,CAAC,CAAC;QACrC,CAAC;IACL,CAAC;IAGD,MAAM,WAAW,GAAG,eAAe,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;IACtD,MAAM,MAAM,GAAG,WAAW,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IAEvD,OAAO,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;AACrD,CAAC"}
|
|
@@ -1,12 +1,6 @@
|
|
|
1
1
|
import { ExecutionContext, ScanningRecipe, TreeVisitor } from "@openrewrite/rewrite";
|
|
2
2
|
import { PackageManager } from "@openrewrite/rewrite/javascript";
|
|
3
|
-
|
|
4
|
-
key: string;
|
|
5
|
-
packageName: string;
|
|
6
|
-
version: string;
|
|
7
|
-
isVersionSpecific: boolean;
|
|
8
|
-
versionRange?: string;
|
|
9
|
-
}
|
|
3
|
+
import { OverrideInfo } from "./override-utils";
|
|
10
4
|
interface ProjectInfo {
|
|
11
5
|
packageJsonPath: string;
|
|
12
6
|
originalPackageJson: string;
|
|
@@ -30,11 +24,8 @@ export declare class RemoveRedundantOverrides extends ScanningRecipe<Accumulator
|
|
|
30
24
|
initialValue(_ctx: ExecutionContext): Accumulator;
|
|
31
25
|
scanner(acc: Accumulator): Promise<TreeVisitor<any, ExecutionContext>>;
|
|
32
26
|
editorWithData(acc: Accumulator): Promise<TreeVisitor<any, ExecutionContext>>;
|
|
33
|
-
private extractOverrides;
|
|
34
27
|
private findRedundantOverrides;
|
|
35
28
|
private isOverrideRedundantForLockFile;
|
|
36
|
-
private removeOverrideFromObject;
|
|
37
|
-
private removeOverrides;
|
|
38
29
|
}
|
|
39
30
|
export {};
|
|
40
31
|
//# sourceMappingURL=remove-redundant-overrides.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"remove-redundant-overrides.d.ts","sourceRoot":"","sources":["../../src/security/remove-redundant-overrides.ts"],"names":[],"mappings":"AAMA,OAAO,EACH,gBAAgB,EAEhB,cAAc,EAGd,WAAW,EACd,MAAM,sBAAsB,CAAC;AAE9B,OAAO,EAGH,cAAc,EAEjB,MAAM,iCAAiC,CAAC;
|
|
1
|
+
{"version":3,"file":"remove-redundant-overrides.d.ts","sourceRoot":"","sources":["../../src/security/remove-redundant-overrides.ts"],"names":[],"mappings":"AAMA,OAAO,EACH,gBAAgB,EAEhB,cAAc,EAGd,WAAW,EACd,MAAM,sBAAsB,CAAC;AAE9B,OAAO,EAGH,cAAc,EAEjB,MAAM,iCAAiC,CAAC;AAGzC,OAAO,EACH,YAAY,EAIf,MAAM,kBAAkB,CAAC;AAK1B,UAAU,WAAW;IAEjB,eAAe,EAAE,MAAM,CAAC;IAExB,mBAAmB,EAAE,MAAM,CAAC;IAE5B,cAAc,EAAE,cAAc,CAAC;IAE/B,SAAS,EAAE,YAAY,EAAE,CAAC;IAE1B,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACxC;AAKD,UAAU,WAAW;IAEjB,QAAQ,EAAE,GAAG,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IAEnC,kBAAkB,EAAE,GAAG,CAAC,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC;IAE7C,gBAAgB,EAAE,OAAO,CAAC;CAC7B;AAiBD,qBAAa,wBAAyB,SAAQ,cAAc,CAAC,WAAW,CAAC;IACrE,QAAQ,CAAC,IAAI,8DAA8D;IAC3E,QAAQ,CAAC,WAAW,2CAA2C;IAC/D,QAAQ,CAAC,WAAW,SACoE;IAQxF,MAAM,CAAC,EAAE,OAAO,CAAC;gBAEL,OAAO,CAAC,EAAE;QAAE,MAAM,CAAC,EAAE,OAAO,CAAA;KAAE;IAK1C,YAAY,CAAC,IAAI,EAAE,gBAAgB,GAAG,WAAW;IAQ3C,OAAO,CAAC,GAAG,EAAE,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC,GAAG,EAAE,gBAAgB,CAAC,CAAC;IAyDtE,cAAc,CAAC,GAAG,EAAE,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC,GAAG,EAAE,gBAAgB,CAAC,CAAC;YAoErE,sBAAsB;IAmDpC,OAAO,CAAC,8BAA8B;CAoCzC"}
|
|
@@ -54,6 +54,7 @@ const json_1 = require("@openrewrite/rewrite/json");
|
|
|
54
54
|
const javascript_1 = require("@openrewrite/rewrite/javascript");
|
|
55
55
|
const semver = __importStar(require("semver"));
|
|
56
56
|
const npm_utils_1 = require("./npm-utils");
|
|
57
|
+
const override_utils_1 = require("./override-utils");
|
|
57
58
|
class RemoveRedundantOverrides extends rewrite_1.ScanningRecipe {
|
|
58
59
|
constructor(options) {
|
|
59
60
|
var _a;
|
|
@@ -98,7 +99,7 @@ class RemoveRedundantOverrides extends rewrite_1.ScanningRecipe {
|
|
|
98
99
|
catch (_c) {
|
|
99
100
|
return doc;
|
|
100
101
|
}
|
|
101
|
-
const overrides =
|
|
102
|
+
const overrides = (0, override_utils_1.extractOverrides)(packageJson, pm);
|
|
102
103
|
if (overrides.length === 0) {
|
|
103
104
|
return doc;
|
|
104
105
|
}
|
|
@@ -157,7 +158,7 @@ class RemoveRedundantOverrides extends rewrite_1.ScanningRecipe {
|
|
|
157
158
|
if (!project) {
|
|
158
159
|
return doc;
|
|
159
160
|
}
|
|
160
|
-
const modifiedContent =
|
|
161
|
+
const modifiedContent = (0, override_utils_1.removeOverridesFromContent)(project.originalPackageJson, project.packageManager, redundant);
|
|
161
162
|
const parsed = yield new json_1.JsonParser({}).parseOne({
|
|
162
163
|
text: modifiedContent,
|
|
163
164
|
sourcePath: doc.sourcePath
|
|
@@ -168,63 +169,6 @@ class RemoveRedundantOverrides extends rewrite_1.ScanningRecipe {
|
|
|
168
169
|
};
|
|
169
170
|
});
|
|
170
171
|
}
|
|
171
|
-
extractOverrides(packageJson, pm) {
|
|
172
|
-
var _a;
|
|
173
|
-
const overrides = [];
|
|
174
|
-
let overrideObj;
|
|
175
|
-
switch (pm) {
|
|
176
|
-
case "Npm":
|
|
177
|
-
case "Bun":
|
|
178
|
-
overrideObj = packageJson.overrides;
|
|
179
|
-
break;
|
|
180
|
-
case "Pnpm":
|
|
181
|
-
overrideObj = (_a = packageJson.pnpm) === null || _a === void 0 ? void 0 : _a.overrides;
|
|
182
|
-
break;
|
|
183
|
-
case "YarnClassic":
|
|
184
|
-
case "YarnBerry":
|
|
185
|
-
overrideObj = packageJson.resolutions;
|
|
186
|
-
break;
|
|
187
|
-
}
|
|
188
|
-
if (!overrideObj) {
|
|
189
|
-
return overrides;
|
|
190
|
-
}
|
|
191
|
-
for (const [key, value] of Object.entries(overrideObj)) {
|
|
192
|
-
if (typeof value !== 'string') {
|
|
193
|
-
continue;
|
|
194
|
-
}
|
|
195
|
-
const atIndex = key.lastIndexOf('@');
|
|
196
|
-
let packageName;
|
|
197
|
-
let versionRange;
|
|
198
|
-
let isVersionSpecific = false;
|
|
199
|
-
if (atIndex > 0 && !key.startsWith('@')) {
|
|
200
|
-
packageName = key.substring(0, atIndex);
|
|
201
|
-
versionRange = key.substring(atIndex + 1);
|
|
202
|
-
isVersionSpecific = true;
|
|
203
|
-
}
|
|
204
|
-
else if (atIndex > 0 && key.startsWith('@')) {
|
|
205
|
-
const secondAtIndex = key.indexOf('@', 1);
|
|
206
|
-
if (secondAtIndex > 0 && secondAtIndex !== atIndex) {
|
|
207
|
-
packageName = key.substring(0, secondAtIndex);
|
|
208
|
-
versionRange = key.substring(secondAtIndex + 1);
|
|
209
|
-
isVersionSpecific = true;
|
|
210
|
-
}
|
|
211
|
-
else {
|
|
212
|
-
packageName = key;
|
|
213
|
-
}
|
|
214
|
-
}
|
|
215
|
-
else {
|
|
216
|
-
packageName = key;
|
|
217
|
-
}
|
|
218
|
-
overrides.push({
|
|
219
|
-
key,
|
|
220
|
-
packageName,
|
|
221
|
-
version: value,
|
|
222
|
-
isVersionSpecific,
|
|
223
|
-
versionRange
|
|
224
|
-
});
|
|
225
|
-
}
|
|
226
|
-
return overrides;
|
|
227
|
-
}
|
|
228
172
|
findRedundantOverrides(project) {
|
|
229
173
|
return __awaiter(this, void 0, void 0, function* () {
|
|
230
174
|
const redundant = new Set();
|
|
@@ -234,7 +178,7 @@ class RemoveRedundantOverrides extends rewrite_1.ScanningRecipe {
|
|
|
234
178
|
try {
|
|
235
179
|
const packageJson = JSON.parse(project.originalPackageJson);
|
|
236
180
|
for (const override of project.overrides) {
|
|
237
|
-
|
|
181
|
+
(0, override_utils_1.removeOverrideFromObject)(packageJson, project.packageManager, override.key);
|
|
238
182
|
}
|
|
239
183
|
const modifiedPackageJson = JSON.stringify(packageJson, null, 2);
|
|
240
184
|
const result = yield (0, javascript_1.runInstallInTempDir)(project.packageManager, modifiedPackageJson, {
|
|
@@ -274,98 +218,6 @@ class RemoveRedundantOverrides extends rewrite_1.ScanningRecipe {
|
|
|
274
218
|
}
|
|
275
219
|
return false;
|
|
276
220
|
}
|
|
277
|
-
removeOverrideFromObject(packageJson, pm, key) {
|
|
278
|
-
var _a;
|
|
279
|
-
switch (pm) {
|
|
280
|
-
case "Npm":
|
|
281
|
-
case "Bun":
|
|
282
|
-
if (packageJson.overrides) {
|
|
283
|
-
delete packageJson.overrides[key];
|
|
284
|
-
if (Object.keys(packageJson.overrides).length === 0) {
|
|
285
|
-
delete packageJson.overrides;
|
|
286
|
-
}
|
|
287
|
-
}
|
|
288
|
-
break;
|
|
289
|
-
case "Pnpm":
|
|
290
|
-
if ((_a = packageJson.pnpm) === null || _a === void 0 ? void 0 : _a.overrides) {
|
|
291
|
-
delete packageJson.pnpm.overrides[key];
|
|
292
|
-
if (Object.keys(packageJson.pnpm.overrides).length === 0) {
|
|
293
|
-
delete packageJson.pnpm.overrides;
|
|
294
|
-
}
|
|
295
|
-
if (Object.keys(packageJson.pnpm).length === 0) {
|
|
296
|
-
delete packageJson.pnpm;
|
|
297
|
-
}
|
|
298
|
-
}
|
|
299
|
-
break;
|
|
300
|
-
case "YarnClassic":
|
|
301
|
-
case "YarnBerry":
|
|
302
|
-
if (packageJson.resolutions) {
|
|
303
|
-
delete packageJson.resolutions[key];
|
|
304
|
-
if (Object.keys(packageJson.resolutions).length === 0) {
|
|
305
|
-
delete packageJson.resolutions;
|
|
306
|
-
}
|
|
307
|
-
}
|
|
308
|
-
break;
|
|
309
|
-
}
|
|
310
|
-
}
|
|
311
|
-
removeOverrides(originalContent, pm, keysToRemove) {
|
|
312
|
-
var _a;
|
|
313
|
-
const packageJson = JSON.parse(originalContent);
|
|
314
|
-
let overrideField;
|
|
315
|
-
let commentField;
|
|
316
|
-
switch (pm) {
|
|
317
|
-
case "Npm":
|
|
318
|
-
case "Bun":
|
|
319
|
-
overrideField = 'overrides';
|
|
320
|
-
commentField = '//overrides';
|
|
321
|
-
break;
|
|
322
|
-
case "Pnpm":
|
|
323
|
-
overrideField = 'pnpm';
|
|
324
|
-
commentField = '//pnpm.overrides';
|
|
325
|
-
break;
|
|
326
|
-
case "YarnClassic":
|
|
327
|
-
case "YarnBerry":
|
|
328
|
-
overrideField = 'resolutions';
|
|
329
|
-
commentField = '//resolutions';
|
|
330
|
-
break;
|
|
331
|
-
default:
|
|
332
|
-
return originalContent;
|
|
333
|
-
}
|
|
334
|
-
if (pm === "Pnpm") {
|
|
335
|
-
if ((_a = packageJson.pnpm) === null || _a === void 0 ? void 0 : _a.overrides) {
|
|
336
|
-
for (const key of keysToRemove) {
|
|
337
|
-
delete packageJson.pnpm.overrides[key];
|
|
338
|
-
}
|
|
339
|
-
if (Object.keys(packageJson.pnpm.overrides).length === 0) {
|
|
340
|
-
delete packageJson.pnpm.overrides;
|
|
341
|
-
}
|
|
342
|
-
if (Object.keys(packageJson.pnpm).length === 0) {
|
|
343
|
-
delete packageJson.pnpm;
|
|
344
|
-
}
|
|
345
|
-
}
|
|
346
|
-
}
|
|
347
|
-
else {
|
|
348
|
-
if (packageJson[overrideField]) {
|
|
349
|
-
for (const key of keysToRemove) {
|
|
350
|
-
delete packageJson[overrideField][key];
|
|
351
|
-
}
|
|
352
|
-
if (Object.keys(packageJson[overrideField]).length === 0) {
|
|
353
|
-
delete packageJson[overrideField];
|
|
354
|
-
}
|
|
355
|
-
}
|
|
356
|
-
}
|
|
357
|
-
if (packageJson[commentField]) {
|
|
358
|
-
for (const key of keysToRemove) {
|
|
359
|
-
delete packageJson[commentField][key];
|
|
360
|
-
}
|
|
361
|
-
if (Object.keys(packageJson[commentField]).length === 0) {
|
|
362
|
-
delete packageJson[commentField];
|
|
363
|
-
}
|
|
364
|
-
}
|
|
365
|
-
const indentMatch = originalContent.match(/^(\s+)"/m);
|
|
366
|
-
const indent = indentMatch ? indentMatch[1].length : 2;
|
|
367
|
-
return JSON.stringify(packageJson, null, indent);
|
|
368
|
-
}
|
|
369
221
|
}
|
|
370
222
|
exports.RemoveRedundantOverrides = RemoveRedundantOverrides;
|
|
371
223
|
__decorate([
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"remove-redundant-overrides.js","sourceRoot":"","sources":["../../src/security/remove-redundant-overrides.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAMA,kDAO8B;AAC9B,oDAAgF;AAChF,gEAKyC;AACzC,+CAAiC;AACjC,2CAAuD;
|
|
1
|
+
{"version":3,"file":"remove-redundant-overrides.js","sourceRoot":"","sources":["../../src/security/remove-redundant-overrides.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAMA,kDAO8B;AAC9B,oDAAgF;AAChF,gEAKyC;AACzC,+CAAiC;AACjC,2CAAuD;AACvD,qDAK0B;AA6C1B,MAAa,wBAAyB,SAAQ,wBAA2B;IAcrE,YAAY,OAA8B;;QACtC,KAAK,EAAE,CAAC;QAdH,SAAI,GAAG,0DAA0D,CAAC;QAClE,gBAAW,GAAG,uCAAuC,CAAC;QACtD,gBAAW,GAAG,qEAAqE;YACxF,mFAAmF,CAAC;QAYpF,IAAI,CAAC,MAAM,GAAG,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM,mCAAI,KAAK,CAAC;IAC3C,CAAC;IAED,YAAY,CAAC,IAAsB;QAC/B,OAAO;YACH,QAAQ,EAAE,IAAI,GAAG,EAAE;YACnB,kBAAkB,EAAE,IAAI,GAAG,EAAE;YAC7B,gBAAgB,EAAE,KAAK;SAC1B,CAAC;IACN,CAAC;IAEK,OAAO,CAAC,GAAgB;;YAC1B,MAAM,MAAM,GAAG,IAAI,CAAC;YAEpB,OAAO,IAAI,KAAM,SAAQ,qBAAmC;gBACxC,MAAM,CAAC,IAAU,EAAE,IAAsB;;;wBACrD,IAAI,CAAC,IAAA,aAAM,EAAC,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,KAAK,WAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;4BACpD,OAAO,IAAI,CAAC;wBAChB,CAAC;wBAED,MAAM,GAAG,GAAG,IAAqB,CAAC;wBAClC,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;4BAC3C,OAAO,GAAG,CAAC;wBACf,CAAC;wBAED,MAAM,MAAM,GAAG,IAAA,qCAAwB,EAAC,GAAG,CAAC,CAAC;wBAC7C,IAAI,CAAC,MAAM,EAAE,CAAC;4BACV,OAAO,GAAG,CAAC;wBACf,CAAC;wBAED,MAAM,EAAE,GAAG,MAAA,MAAM,CAAC,cAAc,wCAAsB,CAAC;wBACvD,MAAM,OAAO,GAAG,MAAM,sBAAY,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;wBAC9C,IAAI,WAAgC,CAAC;wBAErC,IAAI,CAAC;4BACD,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;wBACtC,CAAC;wBAAC,WAAM,CAAC;4BACL,OAAO,GAAG,CAAC;wBACf,CAAC;wBAGD,MAAM,SAAS,GAAG,IAAA,iCAAgB,EAAC,WAAW,EAAE,EAAE,CAAC,CAAC;wBACpD,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;4BACzB,OAAO,GAAG,CAAC;wBACf,CAAC;wBAGD,MAAM,WAAW,GAA2B,EAAE,CAAC;wBAC/C,MAAM,YAAY,GAAG,MAAA,MAAM,CAAC,YAAY,0CAAE,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,cAAuB,CAAC,CAAC;wBACpF,IAAI,YAAY,EAAE,CAAC;4BACf,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,UAAU,CAAC;iCAChD,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,IAAI,KAAK,EAAE,CAAC,CAAC;4BAC9C,WAAW,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;wBAC7C,CAAC;wBAED,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,UAAU,EAAE;4BAC7B,eAAe,EAAE,GAAG,CAAC,UAAU;4BAC/B,mBAAmB,EAAE,OAAO;4BAC5B,cAAc,EAAE,EAAE;4BAClB,SAAS;4BACT,WAAW,EAAE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS;yBAC7E,CAAC,CAAC;wBAEH,OAAO,GAAG,CAAC;oBACf,CAAC;iBAAA;aACJ,CAAC;QACN,CAAC;KAAA;IAEK,cAAc,CAAC,GAAgB;;YACjC,MAAM,MAAM,GAAG,IAAI,CAAC;YAGpB,IAAI,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;gBACxB,KAAK,MAAM,CAAC,WAAW,EAAE,OAAO,CAAC,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;oBAChD,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,sBAAsB,CAAC,OAAO,CAAC,CAAC;oBAC/D,IAAI,SAAS,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;wBACrB,GAAG,CAAC,kBAAkB,CAAC,GAAG,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;oBACvD,CAAC;gBACL,CAAC;gBACD,GAAG,CAAC,gBAAgB,GAAG,IAAI,CAAC;YAChC,CAAC;YAGD,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;gBAChB,OAAO,IAAI,KAAM,SAAQ,qBAAmC;oBACxC,MAAM,CAAC,IAAU,EAAE,IAAsB;;4BACrD,OAAO,IAAI,CAAC;wBAChB,CAAC;qBAAA;iBACJ,CAAC;YACN,CAAC;YAED,OAAO,IAAI,KAAM,SAAQ,kBAA6B;gBAClC,aAAa,CAAC,GAAkB,EAAE,IAAsB;;wBACpE,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;4BAC3C,OAAO,GAAG,CAAC;wBACf,CAAC;wBAED,MAAM,SAAS,GAAG,GAAG,CAAC,kBAAkB,CAAC,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;wBAC7D,IAAI,CAAC,SAAS,IAAI,SAAS,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;4BACrC,OAAO,GAAG,CAAC;wBACf,CAAC;wBAED,MAAM,OAAO,GAAG,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;wBACjD,IAAI,CAAC,OAAO,EAAE,CAAC;4BACX,OAAO,GAAG,CAAC;wBACf,CAAC;wBAGD,MAAM,eAAe,GAAG,IAAA,2CAA0B,EAC9C,OAAO,CAAC,mBAAmB,EAC3B,OAAO,CAAC,cAAc,EACtB,SAAS,CACZ,CAAC;wBAGF,MAAM,MAAM,GAAG,MAAM,IAAI,iBAAU,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC;4BAC7C,IAAI,EAAE,eAAe;4BACrB,UAAU,EAAE,GAAG,CAAC,UAAU;yBAC7B,CAAkB,CAAC;wBAEpB,OAAO,gCACA,GAAG,KACN,KAAK,EAAE,MAAM,CAAC,KAAK,EACnB,GAAG,EAAE,MAAM,CAAC,GAAG,GACD,CAAC;oBACvB,CAAC;iBAAA;aACJ,CAAC;QACN,CAAC;KAAA;IASa,sBAAsB,CAAC,OAAoB;;YACrD,MAAM,SAAS,GAAG,IAAI,GAAG,EAAU,CAAC;YAEpC,IAAI,OAAO,CAAC,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACjC,OAAO,SAAS,CAAC;YACrB,CAAC;YAED,IAAI,CAAC;gBAED,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;gBAC5D,KAAK,MAAM,QAAQ,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;oBACvC,IAAA,yCAAwB,EAAC,WAAW,EAAE,OAAO,CAAC,cAAc,EAAE,QAAQ,CAAC,GAAG,CAAC,CAAC;gBAChF,CAAC;gBACD,MAAM,mBAAmB,GAAG,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;gBAGjE,MAAM,MAAM,GAAG,MAAM,IAAA,gCAAmB,EACpC,OAAO,CAAC,cAAc,EACtB,mBAAmB,EACnB;oBACI,WAAW,EAAE,OAAO,CAAC,WAAW;oBAChC,QAAQ,EAAE,IAAI;iBACjB,CACJ,CAAC;gBAEF,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,CAAC,MAAM,CAAC,eAAe,EAAE,CAAC;oBAE7C,OAAO,SAAS,CAAC;gBACrB,CAAC;gBAGD,KAAK,MAAM,QAAQ,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;oBACvC,MAAM,WAAW,GAAG,IAAI,CAAC,8BAA8B,CACnD,QAAQ,EACR,MAAM,CAAC,eAAe,EACtB,OAAO,CAAC,cAAc,CACzB,CAAC;oBACF,IAAI,WAAW,EAAE,CAAC;wBACd,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;oBAChC,CAAC;gBACL,CAAC;YACL,CAAC;YAAC,WAAM,CAAC;YAET,CAAC;YAED,OAAO,SAAS,CAAC;QACrB,CAAC;KAAA;IAKO,8BAA8B,CAClC,QAAsB,EACtB,eAAuB,EACvB,cAA8B;QAG9B,MAAM,eAAe,GAAG,IAAA,sCAA0B,EAC9C,eAAe,EACf,QAAQ,CAAC,WAAW,EACpB,cAAc,CACjB,CAAC;QAEF,IAAI,CAAC,eAAe,EAAE,CAAC;YAGnB,OAAO,IAAI,CAAC;QAChB,CAAC;QAID,IAAI,CAAC;YACD,IAAI,MAAM,CAAC,GAAG,CAAC,eAAe,EAAE,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;gBAChD,OAAO,IAAI,CAAC;YAChB,CAAC;YAGD,IAAI,MAAM,CAAC,SAAS,CAAC,eAAe,EAAE,KAAK,QAAQ,CAAC,OAAO,EAAE,CAAC,EAAE,CAAC;gBAC7D,OAAO,IAAI,CAAC;YAChB,CAAC;QACL,CAAC;QAAC,WAAM,CAAC;YAEL,OAAO,KAAK,CAAC;QACjB,CAAC;QAED,OAAO,KAAK,CAAC;IACjB,CAAC;CACJ;AA/OD,4DA+OC;AAnOG;IANC,IAAA,gBAAM,EAAC;QACJ,WAAW,EAAE,SAAS;QACtB,WAAW,EAAE,2EAA2E;QACxF,QAAQ,EAAE,KAAK;QACf,OAAO,EAAE,MAAM;KAClB,CAAC;wDACe"}
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
import { DependencyScope, PackageManager, ResolvedDependency } from "@openrewrite/rewrite/javascript";
|
|
2
|
+
import { Vulnerability } from "./vulnerability";
|
|
3
|
+
export declare const ALL_DEPENDENCY_SCOPES: DependencyScope[];
|
|
4
|
+
export type TransitiveFixStrategy = 'report' | 'override' | 'lock-file';
|
|
5
|
+
export interface PathSegment {
|
|
6
|
+
name: string;
|
|
7
|
+
version: string;
|
|
8
|
+
}
|
|
9
|
+
export interface VulnerableDependency {
|
|
10
|
+
resolved: ResolvedDependency;
|
|
11
|
+
vulnerability: Vulnerability;
|
|
12
|
+
depth: number;
|
|
13
|
+
isDirect: boolean;
|
|
14
|
+
scope?: DependencyScope;
|
|
15
|
+
path: PathSegment[];
|
|
16
|
+
}
|
|
17
|
+
export interface VulnerabilityFix {
|
|
18
|
+
packageName: string;
|
|
19
|
+
newVersion: string;
|
|
20
|
+
isTransitive: boolean;
|
|
21
|
+
cves: string[];
|
|
22
|
+
cveSummaries: Map<string, string>;
|
|
23
|
+
scope?: DependencyScope;
|
|
24
|
+
originalMajorVersion?: number;
|
|
25
|
+
directDepInfos?: {
|
|
26
|
+
name: string;
|
|
27
|
+
version: string;
|
|
28
|
+
scope: DependencyScope;
|
|
29
|
+
}[];
|
|
30
|
+
fixViaDirectUpgrades?: {
|
|
31
|
+
directDepName: string;
|
|
32
|
+
directDepVersion: string;
|
|
33
|
+
directDepScope: DependencyScope;
|
|
34
|
+
}[];
|
|
35
|
+
}
|
|
36
|
+
export interface ProjectUpdateInfo {
|
|
37
|
+
packageJsonPath: string;
|
|
38
|
+
originalPackageJson: string;
|
|
39
|
+
packageManager: PackageManager;
|
|
40
|
+
configFiles?: Record<string, string>;
|
|
41
|
+
}
|
|
42
|
+
//# sourceMappingURL=types.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/security/types.ts"],"names":[],"mappings":"AAMA,OAAO,EAAC,eAAe,EAAE,cAAc,EAAE,kBAAkB,EAAC,MAAM,iCAAiC,CAAC;AACpG,OAAO,EAAC,aAAa,EAAC,MAAM,iBAAiB,CAAC;AAK9C,eAAO,MAAM,qBAAqB,EAAE,eAAe,EAElD,CAAC;AAgBF,MAAM,MAAM,qBAAqB,GAAG,QAAQ,GAAG,UAAU,GAAG,WAAW,CAAC;AAKxE,MAAM,WAAW,WAAW;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;CACnB;AAKD,MAAM,WAAW,oBAAoB;IAEjC,QAAQ,EAAE,kBAAkB,CAAC;IAE7B,aAAa,EAAE,aAAa,CAAC;IAE7B,KAAK,EAAE,MAAM,CAAC;IAEd,QAAQ,EAAE,OAAO,CAAC;IAElB,KAAK,CAAC,EAAE,eAAe,CAAC;IAExB,IAAI,EAAE,WAAW,EAAE,CAAC;CACvB;AAKD,MAAM,WAAW,gBAAgB;IAE7B,WAAW,EAAE,MAAM,CAAC;IAEpB,UAAU,EAAE,MAAM,CAAC;IAEnB,YAAY,EAAE,OAAO,CAAC;IAEtB,IAAI,EAAE,MAAM,EAAE,CAAC;IAEf,YAAY,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAElC,KAAK,CAAC,EAAE,eAAe,CAAC;IAExB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAM9B,cAAc,CAAC,EAAE;QACb,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,EAAE,MAAM,CAAC;QAChB,KAAK,EAAE,eAAe,CAAC;KAC1B,EAAE,CAAC;IAOJ,oBAAoB,CAAC,EAAE;QAEnB,aAAa,EAAE,MAAM,CAAC;QAEtB,gBAAgB,EAAE,MAAM,CAAC;QAEzB,cAAc,EAAE,eAAe,CAAC;KACnC,EAAE,CAAC;CACP;AAKD,MAAM,WAAW,iBAAiB;IAE9B,eAAe,EAAE,MAAM,CAAC;IAExB,mBAAmB,EAAE,MAAM,CAAC;IAE5B,cAAc,EAAE,cAAc,CAAC;IAE/B,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACxC"}
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.ALL_DEPENDENCY_SCOPES = void 0;
|
|
4
|
+
exports.ALL_DEPENDENCY_SCOPES = [
|
|
5
|
+
'dependencies', 'devDependencies', 'peerDependencies', 'optionalDependencies'
|
|
6
|
+
];
|
|
7
|
+
//# sourceMappingURL=types.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/security/types.ts"],"names":[],"mappings":";;;AAYa,QAAA,qBAAqB,GAAsB;IACpD,cAAc,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,sBAAsB;CAChF,CAAC"}
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
import { Vulnerability } from "./vulnerability";
|
|
2
|
+
export type UpgradeDelta = 'none' | 'patch' | 'minor' | 'major';
|
|
3
|
+
export declare function extractVersionPrefix(versionString: string): {
|
|
4
|
+
prefix: string;
|
|
5
|
+
version: string;
|
|
6
|
+
};
|
|
7
|
+
export declare function applyVersionPrefix(originalVersion: string, newVersion: string): string;
|
|
8
|
+
export declare function extractMinimumVersion(constraint: string): string | undefined;
|
|
9
|
+
export declare function isVersionWithinDelta(originalVersion: string, targetVersion: string, delta: UpgradeDelta): boolean;
|
|
10
|
+
export declare function isVersionAffected(version: string, vulnerability: Vulnerability): boolean;
|
|
11
|
+
export declare function isUpgradeableWithinDelta(currentVersion: string, vulnerability: Vulnerability, delta: UpgradeDelta): boolean;
|
|
12
|
+
export declare function getUpgradeVersion(vulnerability: Vulnerability): string | undefined;
|
|
13
|
+
//# sourceMappingURL=version-utils.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"version-utils.d.ts","sourceRoot":"","sources":["../../src/security/version-utils.ts"],"names":[],"mappings":"AAOA,OAAO,EAAC,aAAa,EAAC,MAAM,iBAAiB,CAAC;AAK9C,MAAM,MAAM,YAAY,GAAG,MAAM,GAAG,OAAO,GAAG,OAAO,GAAG,OAAO,CAAC;AAMhE,wBAAgB,oBAAoB,CAAC,aAAa,EAAE,MAAM,GAAG;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAS/F;AAKD,wBAAgB,kBAAkB,CAAC,eAAe,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,MAAM,CAGtF;AAMD,wBAAgB,qBAAqB,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAiB5E;AAKD,wBAAgB,oBAAoB,CAChC,eAAe,EAAE,MAAM,EACvB,aAAa,EAAE,MAAM,EACrB,KAAK,EAAE,YAAY,GACpB,OAAO,CAuBT;AAKD,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,aAAa,GAAG,OAAO,CAmCxF;AAKD,wBAAgB,wBAAwB,CACpC,cAAc,EAAE,MAAM,EACtB,aAAa,EAAE,aAAa,EAC5B,KAAK,EAAE,YAAY,GACpB,OAAO,CA6CT;AAKD,wBAAgB,iBAAiB,CAAC,aAAa,EAAE,aAAa,GAAG,MAAM,GAAG,SAAS,CAQlF"}
|