@renovatebot/osv-offline 1.0.0-next.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +18 -0
- package/dist/index.d.ts +2 -0
- package/dist/index.js +7 -0
- package/dist/lib/download.d.ts +2 -0
- package/dist/lib/download.js +45 -0
- package/dist/lib/osv-offline.d.ts +21 -0
- package/dist/lib/osv-offline.js +39 -0
- package/dist/lib/types.d.ts +11 -0
- package/dist/lib/types.js +10 -0
- package/package.json +31 -0
package/LICENSE
ADDED
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
MIT License
|
|
2
|
+
|
|
3
|
+
Copyright (c) 2021 Jamie Magee <jamie.magee@gmail.com>
|
|
4
|
+
|
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
|
7
|
+
in the Software without restriction, including without limitation the rights
|
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
|
10
|
+
furnished to do so, subject to the following conditions:
|
|
11
|
+
|
|
12
|
+
The above copyright notice and this permission notice shall be included in all
|
|
13
|
+
copies or substantial portions of the Software.
|
|
14
|
+
|
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
21
|
+
SOFTWARE.
|
package/README.md
ADDED
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
# osv-offline
|
|
2
|
+
|
|
3
|
+
[](https://www.npmjs.com/package/@renovatebot/osv-offline)
|
|
4
|
+
[](https://github.com/renovatebot/osv-offline/actions/workflows/build.yml)
|
|
5
|
+
[](./LICENSE)
|
|
6
|
+
|
|
7
|
+
## License
|
|
8
|
+
|
|
9
|
+
This package is licensed under [the MIT license](https://opensource.org/licenses/MIT).
|
|
10
|
+
|
|
11
|
+
Vulnerabilities are provided from the following upstream data sources and licenses:
|
|
12
|
+
|
|
13
|
+
- [GitHub Advisory Database](https://github.com/github/advisory-database) ([CC-BY 4.0](https://github.com/github/advisory-database/blob/main/LICENSE.md))
|
|
14
|
+
- [PyPI Advisory Database](https://github.com/pypa/advisory-database) ([CC-BY 4.0](https://github.com/pypa/advisory-database/blob/main/LICENSE))
|
|
15
|
+
- [Go Vulnerability Database](https://github.com/golang/vulndb) ([CC-BY 4.0](https://github.com/golang/vulndb#license))
|
|
16
|
+
- [Rust Advisory Database](https://github.com/RustSec/advisory-db) ([CC0 1.0](https://github.com/rustsec/advisory-db/blob/main/LICENSE.txt))
|
|
17
|
+
- [Global Security Database](https://github.com/cloudsecurityalliance/gsd-database) ([CC0 1.0](https://github.com/cloudsecurityalliance/gsd-database/blob/main/LICENSE))
|
|
18
|
+
- [OSS-Fuzz](https://github.com/google/oss-fuzz-vulns) ([CC-BY 4.0](https://github.com/google/oss-fuzz-vulns/blob/main/LICENSE))
|
package/dist/index.d.ts
ADDED
package/dist/index.js
ADDED
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.OsvOffline = exports.Osv = void 0;
|
|
4
|
+
var osv_offline_db_1 = require("@renovatebot/osv-offline-db");
|
|
5
|
+
Object.defineProperty(exports, "Osv", { enumerable: true, get: function () { return osv_offline_db_1.Osv; } });
|
|
6
|
+
var osv_offline_1 = require("./lib/osv-offline");
|
|
7
|
+
Object.defineProperty(exports, "OsvOffline", { enumerable: true, get: function () { return osv_offline_1.OsvOffline; } });
|
|
@@ -0,0 +1,45 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
5
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
exports.tryDownloadDb = tryDownloadDb;
|
|
7
|
+
const fs_extra_1 = __importDefault(require("fs-extra"));
|
|
8
|
+
const got_1 = __importDefault(require("got"));
|
|
9
|
+
const promises_1 = require("node:stream/promises");
|
|
10
|
+
const osv_offline_db_1 = require("@renovatebot/osv-offline-db");
|
|
11
|
+
const path_1 = __importDefault(require("path"));
|
|
12
|
+
const luxon_1 = require("luxon");
|
|
13
|
+
const adm_zip_1 = __importDefault(require("adm-zip"));
|
|
14
|
+
const types_1 = require("./types");
|
|
15
|
+
async function tryDownloadDb() {
|
|
16
|
+
await fs_extra_1.default.ensureDir(osv_offline_db_1.OsvOfflineDb.rootDirectory);
|
|
17
|
+
if (process.env.OSV_OFFLINE_DISABLE_DOWNLOAD?.toLowerCase() === 'true') {
|
|
18
|
+
return (0, types_1.success)();
|
|
19
|
+
}
|
|
20
|
+
// if local database exists and is less than a day old, don't do any network requests
|
|
21
|
+
let stats;
|
|
22
|
+
try {
|
|
23
|
+
stats = await fs_extra_1.default.stat(path_1.default.join(osv_offline_db_1.OsvOfflineDb.rootDirectory, `osv-offline.zip`));
|
|
24
|
+
}
|
|
25
|
+
catch {
|
|
26
|
+
// ignored
|
|
27
|
+
}
|
|
28
|
+
if (stats !== undefined &&
|
|
29
|
+
luxon_1.DateTime.utc().diff(luxon_1.DateTime.fromJSDate(stats.mtime)).as('days') < 1) {
|
|
30
|
+
return (0, types_1.success)();
|
|
31
|
+
}
|
|
32
|
+
// only download databases if local databases are missing or remote is newer
|
|
33
|
+
try {
|
|
34
|
+
const stream = got_1.default.stream('https://github.com/renovatebot/osv-offline/releases/latest/download/osv-offline.zip');
|
|
35
|
+
const zipPath = path_1.default.join(osv_offline_db_1.OsvOfflineDb.rootDirectory, 'osv-offline.zip');
|
|
36
|
+
const writeStream = fs_extra_1.default.createWriteStream(zipPath);
|
|
37
|
+
await (0, promises_1.pipeline)(stream, writeStream);
|
|
38
|
+
const zip = new adm_zip_1.default(zipPath);
|
|
39
|
+
zip.extractAllTo(osv_offline_db_1.OsvOfflineDb.rootDirectory);
|
|
40
|
+
}
|
|
41
|
+
catch (err) {
|
|
42
|
+
return (0, types_1.failure)(err);
|
|
43
|
+
}
|
|
44
|
+
return (0, types_1.success)();
|
|
45
|
+
}
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
import { Ecosystem, Osv } from '@renovatebot/osv-offline-db';
|
|
2
|
+
export declare class OsvOffline {
|
|
3
|
+
private osvOfflineDb;
|
|
4
|
+
protected constructor();
|
|
5
|
+
/**
|
|
6
|
+
* Asynchronous code required as part of class instantiation
|
|
7
|
+
*/
|
|
8
|
+
private initialize;
|
|
9
|
+
/**
|
|
10
|
+
* Asynchronously creates a new instance of {@link OsvOffline}
|
|
11
|
+
* @returns A new instance of {@link OsvOffline}
|
|
12
|
+
*/
|
|
13
|
+
static create(): Promise<OsvOffline>;
|
|
14
|
+
/**
|
|
15
|
+
* Query the local database for any package vulnerabilities
|
|
16
|
+
* @param ecosystem The package ecosystem
|
|
17
|
+
* @param packageName The package name
|
|
18
|
+
* @returns An array of {@link Osv.Vulnerability} or an empty array if none are found
|
|
19
|
+
*/
|
|
20
|
+
getVulnerabilities(ecosystem: Ecosystem, packageName: string): Promise<Osv.Vulnerability[]>;
|
|
21
|
+
}
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.OsvOffline = void 0;
|
|
4
|
+
const osv_offline_db_1 = require("@renovatebot/osv-offline-db");
|
|
5
|
+
const download_1 = require("./download");
|
|
6
|
+
class OsvOffline {
|
|
7
|
+
osvOfflineDb;
|
|
8
|
+
// eslint-disable-next-line @typescript-eslint/no-empty-function
|
|
9
|
+
constructor() { }
|
|
10
|
+
/**
|
|
11
|
+
* Asynchronous code required as part of class instantiation
|
|
12
|
+
*/
|
|
13
|
+
async initialize() {
|
|
14
|
+
const result = await (0, download_1.tryDownloadDb)();
|
|
15
|
+
if (!result.success) {
|
|
16
|
+
throw result.error;
|
|
17
|
+
}
|
|
18
|
+
this.osvOfflineDb = await osv_offline_db_1.OsvOfflineDb.create();
|
|
19
|
+
}
|
|
20
|
+
/**
|
|
21
|
+
* Asynchronously creates a new instance of {@link OsvOffline}
|
|
22
|
+
* @returns A new instance of {@link OsvOffline}
|
|
23
|
+
*/
|
|
24
|
+
static async create() {
|
|
25
|
+
const instance = new OsvOffline();
|
|
26
|
+
await instance.initialize();
|
|
27
|
+
return instance;
|
|
28
|
+
}
|
|
29
|
+
/**
|
|
30
|
+
* Query the local database for any package vulnerabilities
|
|
31
|
+
* @param ecosystem The package ecosystem
|
|
32
|
+
* @param packageName The package name
|
|
33
|
+
* @returns An array of {@link Osv.Vulnerability} or an empty array if none are found
|
|
34
|
+
*/
|
|
35
|
+
async getVulnerabilities(ecosystem, packageName) {
|
|
36
|
+
return this.osvOfflineDb.query(ecosystem, packageName);
|
|
37
|
+
}
|
|
38
|
+
}
|
|
39
|
+
exports.OsvOffline = OsvOffline;
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
interface Success {
|
|
2
|
+
success: true;
|
|
3
|
+
}
|
|
4
|
+
interface Failure {
|
|
5
|
+
success: false;
|
|
6
|
+
error: Error;
|
|
7
|
+
}
|
|
8
|
+
export type Result = Success | Failure;
|
|
9
|
+
export declare function success(): Success;
|
|
10
|
+
export declare function failure(error: Error): Failure;
|
|
11
|
+
export {};
|
package/package.json
ADDED
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "@renovatebot/osv-offline",
|
|
3
|
+
"version": "1.0.0-next.1",
|
|
4
|
+
"main": "dist/index.js",
|
|
5
|
+
"types": "dist/index.d.ts",
|
|
6
|
+
"license": "MIT",
|
|
7
|
+
"type": "commonjs",
|
|
8
|
+
"publishConfig": {
|
|
9
|
+
"access": "public"
|
|
10
|
+
},
|
|
11
|
+
"repository": {
|
|
12
|
+
"type": "git",
|
|
13
|
+
"url": "https://github.com/renovatebot/osv-offline.git"
|
|
14
|
+
},
|
|
15
|
+
"dependencies": {
|
|
16
|
+
"adm-zip": "~0.5.16",
|
|
17
|
+
"fs-extra": "^11.3.2",
|
|
18
|
+
"got": "^11.8.6",
|
|
19
|
+
"luxon": "^3.7.2",
|
|
20
|
+
"@renovatebot/osv-offline-db": "1.0.0-next.1"
|
|
21
|
+
},
|
|
22
|
+
"devDependencies": {
|
|
23
|
+
"@types/adm-zip": "0.5.7",
|
|
24
|
+
"@types/fs-extra": "11.0.4",
|
|
25
|
+
"@types/luxon": "3.7.1",
|
|
26
|
+
"@types/node": "18.19.129"
|
|
27
|
+
},
|
|
28
|
+
"engines": {
|
|
29
|
+
"node": ">=18.12.0"
|
|
30
|
+
}
|
|
31
|
+
}
|