@security-alert/share 1.1.1 → 1.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (22) hide show
  1. package/lib/VulnerabilityAlerts.js +48 -45
  2. package/lib/VulnerabilityAlerts.js.map +1 -1
  3. package/lib/fetchPackageDetails.js +35 -19
  4. package/lib/fetchPackageDetails.js.map +1 -1
  5. package/lib/index.js +3 -2
  6. package/lib/index.js.map +1 -1
  7. package/lib/parser/package-lock.json.js +1 -0
  8. package/lib/parser/package-lock.json.js.map +1 -1
  9. package/lib/parser/package.json.js +1 -0
  10. package/lib/parser/package.json.js.map +1 -1
  11. package/lib/parser/yarn-lock.d.ts +17 -0
  12. package/lib/parser/yarn-lock.js +38 -0
  13. package/lib/parser/yarn-lock.js.map +1 -0
  14. package/package.json +21 -42
  15. package/src/VulnerabilityAlerts.ts +66 -60
  16. package/src/fetchPackageDetails.ts +55 -32
  17. package/src/index.ts +7 -3
  18. package/src/parser/Details.ts +1 -1
  19. package/src/parser/package-lock.json.ts +8 -4
  20. package/src/parser/package.json.ts +9 -5
  21. package/src/parser/yarn-lock.ts +46 -0
  22. package/CHANGELOG.md +0 -8
package/lib/VulnerabilityAlerts.js CHANGED
@@ -1,61 +1,64 @@
1
1
  "use strict";
2
2
  var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
3
+ function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
3
4
  return new (P || (P = Promise))(function (resolve, reject) {
4
5
  function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
5
6
  function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
6
- function step(result) { result.done ? resolve(result.value) : new P(function (resolve) { resolve(result.value); }).then(fulfilled, rejected); }
7
+ function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
7
8
  step((generator = generator.apply(thisArg, _arguments || [])).next());
8
9
  });
9
10
  };
10
11
  Object.defineProperty(exports, "__esModule", { value: true });
11
- const graphql = require("@octokit/graphql");
12
+ exports.fetchVulnerabilityAlerts = void 0;
13
+ const graphql_1 = require("@octokit/graphql");
12
14
  function fetchVulnerabilityAlerts(options) {
13
15
  return __awaiter(this, void 0, void 0, function* () {
14
16
  // https://developer.github.com/v4/object/repository/#connections
15
- const { repository } = yield graphql(`
16
- query vulnerabilityAlerts($owner: String!, $repo: String!) {
17
- repository(owner:$owner, name:$repo) {
18
- vulnerabilityAlerts(first:100) {
19
- edges {
20
- node {
21
- id
22
- vulnerableManifestFilename
23
- vulnerableManifestPath
24
- vulnerableRequirements
25
- dismissReason
26
- dismissedAt
27
- dismisser {
28
- login
29
- }
30
- securityAdvisory {
31
- ghsaId
32
- description
33
- severity
34
- summary
35
- identifiers {
36
- type
37
- value
17
+ const { repository } = yield (0, graphql_1.graphql)(`
18
+ query vulnerabilityAlerts($owner: String!, $repo: String!) {
19
+ repository(owner: $owner, name: $repo) {
20
+ vulnerabilityAlerts(first: 100) {
21
+ edges {
22
+ node {
23
+ id
24
+ vulnerableManifestFilename
25
+ vulnerableManifestPath
26
+ vulnerableRequirements
27
+ dismissReason
28
+ dismissedAt
29
+ dismisser {
30
+ login
31
+ }
32
+ securityAdvisory {
33
+ ghsaId
34
+ description
35
+ severity
36
+ summary
37
+ identifiers {
38
+ type
39
+ value
40
+ }
41
+ references {
42
+ url
43
+ }
44
+ }
45
+ securityVulnerability {
46
+ firstPatchedVersion {
47
+ identifier
48
+ }
49
+ vulnerableVersionRange
50
+ severity
51
+ package {
52
+ name
53
+ ecosystem
54
+ }
55
+ }
56
+ }
57
+ }
58
+ }
59
+ }
38
60
  }
39
- references {
40
- url
41
- }
42
- }
43
- securityVulnerability {
44
- firstPatchedVersion {
45
- identifier
46
- }
47
- vulnerableVersionRange
48
- severity
49
- package {
50
- name
51
- ecosystem
52
- }
53
- }
54
- }
55
- }
56
- }
57
- }
58
- }`, {
61
+ `, {
59
62
  owner: options.owner,
60
63
  repo: options.repo,
61
64
  headers: {
package/lib/VulnerabilityAlerts.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"VulnerabilityAlerts.js","sourceRoot":"","sources":["../src/VulnerabilityAlerts.ts"],"names":[],"mappings":";;;;;;;;;;AAAA,MAAM,OAAO,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;AAuC5C,SAAsB,wBAAwB,CAAC,OAAwC;;QACnF,iEAAiE;QACjE,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,OAAO,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA2CvC,EAAE;YACI,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,OAAO,EAAE;gBACL,aAAa,EAAE,SAAS,OAAO,CAAC,KAAK,EAAE;gBACvC,MAAM,EAAE,2CAA2C;aACtD;SACJ,CAAC,CAAC;QACH,OAAO,UAAU,CAAC,mBAAmB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,IAAS,EAAE,EAAE;YAC1D,OAAO,IAAI,CAAC,IAAI,CAAC;QACrB,CAAC,CAAC,CAAC;IACP,CAAC;CAAA;AAxDD,4DAwDC"}
1
+ {"version":3,"file":"VulnerabilityAlerts.js","sourceRoot":"","sources":["../src/VulnerabilityAlerts.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,8CAA2C;AAuC3C,SAAsB,wBAAwB,CAC1C,OAAwC;;QAExC,iEAAiE;QACjE,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,IAAA,iBAAO,EAChC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;SA4CC,EACD;YACI,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,OAAO,EAAE;gBACL,aAAa,EAAE,SAAS,OAAO,CAAC,KAAK,EAAE;gBACvC,MAAM,EAAE,2CAA2C;aACtD;SACJ,CACJ,CAAC;QACF,OAAO,UAAU,CAAC,mBAAmB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,IAAS,EAAE,EAAE;YAC1D,OAAO,IAAI,CAAC,IAAI,CAAC;QACrB,CAAC,CAAC,CAAC;IACP,CAAC;CAAA;AA9DD,4DA8DC"}
package/lib/fetchPackageDetails.js CHANGED
@@ -1,24 +1,25 @@
1
1
  "use strict";
2
2
  var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
3
+ function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
3
4
  return new (P || (P = Promise))(function (resolve, reject) {
4
5
  function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
5
6
  function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
6
- function step(result) { result.done ? resolve(result.value) : new P(function (resolve) { resolve(result.value); }).then(fulfilled, rejected); }
7
+ function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
7
8
  step((generator = generator.apply(thisArg, _arguments || [])).next());
8
9
  });
9
10
  };
10
- var __importDefault = (this && this.__importDefault) || function (mod) {
11
- return (mod && mod.__esModule) ? mod : { "default": mod };
12
- };
13
11
  Object.defineProperty(exports, "__esModule", { value: true });
14
- const rest_1 = __importDefault(require("@octokit/rest"));
12
+ exports.fetchPackageDetails = void 0;
13
+ const rest_1 = require("@octokit/rest");
15
14
  const package_json_1 = require("./parser/package.json");
16
15
  const package_lock_json_1 = require("./parser/package-lock.json");
16
+ const yarn_lock_1 = require("./parser/yarn-lock");
17
+ const lockfile = require("@yarnpkg/lockfile");
17
18
  const cacheMap = new Map();
18
19
  function fetchPackageDetails(options) {
19
20
  return __awaiter(this, void 0, void 0, function* () {
20
21
  const { token } = options;
21
- const octokit = new rest_1.default({
22
+ const octokit = new rest_1.Octokit({
22
23
  auth: token
23
24
  });
24
25
  const cacheKey = `${options.owner}.${options.repo}.${options.packageFilePath}`;
@@ -26,42 +27,57 @@ function fetchPackageDetails(options) {
26
27
  const pkg = cachedValue
27
28
  ? cachedValue
28
29
  : yield octokit.repos
29
- .getContents({
30
+ .getContent({
30
31
  repo: options.repo,
31
32
  owner: options.owner,
32
33
  path: options.packageFilePath
33
34
  })
34
- .then(res => {
35
+ .then((res) => {
35
36
  if (res.data.type !== "file") {
36
37
  throw new Error("This is not file:" + options.packageFilePath);
37
38
  }
38
39
  if (res.data.encoding === "base64") {
39
- const content = JSON.parse(Buffer.from(res.data.content, "base64").toString());
40
+ const content = Buffer.from(res.data.content, "base64").toString();
40
41
  cacheMap.set(cacheKey, {
41
42
  html_url: res.data.html_url,
42
- content
43
+ content: content
43
44
  });
44
45
  return {
45
46
  html_url: res.data.html_url,
46
- content
47
+ content: content
47
48
  };
48
49
  }
49
50
  throw new Error("Unknown file type" + res.data.type + ":" + res.data.encoding);
50
51
  });
51
- if (package_lock_json_1.isPackageLock(options.packageFilePath)) {
52
- return Object.assign({}, package_lock_json_1.lookupPackageLockDetails({
52
+ if ((0, package_lock_json_1.isPackageLock)(options.packageFilePath)) {
53
+ return Object.assign(Object.assign({}, (0, package_lock_json_1.lookupPackageLockDetails)({
53
54
  packageName: options.packageName,
54
55
  packageFilePath: options.packageFilePath,
55
- pkg: pkg.content
56
- }), { packageManifestUrl: pkg.html_url });
56
+ pkg: JSON.parse(pkg.content)
57
+ })), { packageManifestUrl: pkg.html_url });
57
58
  }
58
- else {
59
- return Object.assign({}, package_json_1.lookupPackageDetails({
59
+ else if ((0, package_json_1.isPackage)(options.packageFilePath)) {
60
+ return Object.assign(Object.assign({}, (0, package_json_1.lookupPackageDetails)({
60
61
  packageName: options.packageName,
61
62
  packageFilePath: options.packageFilePath,
62
- pkg: pkg.content
63
- }), { packageManifestUrl: pkg.html_url });
63
+ pkg: JSON.parse(pkg.content)
64
+ })), { packageManifestUrl: pkg.html_url });
64
65
  }
66
+ else if ((0, yarn_lock_1.isYarnLock)(options.packageFilePath)) {
67
+ return Object.assign(Object.assign({}, (0, yarn_lock_1.lookupYarnLockDetails)({
68
+ packageName: options.packageName,
69
+ packageFilePath: options.packageFilePath,
70
+ pkg: lockfile.parse(pkg.content)
71
+ })), { packageManifestUrl: pkg.html_url });
72
+ }
73
+ // unknown
74
+ return Promise.resolve({
75
+ name: options.packageName,
76
+ version: "0.0.0",
77
+ packageFilePath: options.packageFilePath,
78
+ dependenciesType: "unknown",
79
+ packageManifestUrl: pkg.html_url
80
+ });
65
81
  });
66
82
  }
67
83
  exports.fetchPackageDetails = fetchPackageDetails;
package/lib/fetchPackageDetails.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"fetchPackageDetails.js","sourceRoot":"","sources":["../src/fetchPackageDetails.ts"],"names":[],"mappings":";;;;;;;;;;;;;AAAA,yDAAoC;AACpC,wDAA6D;AAC7D,kEAAqF;AAWrF,MAAM,QAAQ,GAAG,IAAI,GAAG,EAGpB,CAAC;AAML,SAAsB,mBAAmB,CAAC,OAA4B;;QAClE,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC;QAC1B,MAAM,OAAO,GAAG,IAAI,cAAO,CAAC;YACxB,IAAI,EAAE,KAAK;SACd,CAAC,CAAC;QACH,MAAM,QAAQ,GAAG,GAAG,OAAO,CAAC,KAAK,IAAI,OAAO,CAAC,IAAI,IAAI,OAAO,CAAC,eAAe,EAAE,CAAC;QAC/E,MAAM,WAAW,GAAG,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC3C,MAAM,GAAG,GAAG,WAAW;YACnB,CAAC,CAAC,WAAW;YACb,CAAC,CAAC,MAAM,OAAO,CAAC,KAAK;iBAChB,WAAW,CAAC;gBACT,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,KAAK,EAAE,OAAO,CAAC,KAAK;gBACpB,IAAI,EAAE,OAAO,CAAC,eAAe;aAChC,CAAC;iBACD,IAAI,CAAC,GAAG,CAAC,EAAE;gBACR,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,KAAK,MAAM,EAAE;oBAC1B,MAAM,IAAI,KAAK,CAAC,mBAAmB,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC;iBAClE;gBACD,IAAI,GAAG,CAAC,IAAI,CAAC,QAAQ,KAAK,QAAQ,EAAE;oBAChC,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;oBAC/E,QAAQ,CAAC,GAAG,CAAC,QAAQ,EAAE;wBACnB,QAAQ,EAAE,GAAG,CAAC,IAAI,CAAC,QAAQ;wBAC3B,OAAO;qBACV,CAAC,CAAC;oBACH,OAAO;wBACH,QAAQ,EAAE,GAAG,CAAC,IAAI,CAAC,QAAQ;wBAC3B,OAAO;qBACV,CAAC;iBACL;gBACD,MAAM,IAAI,KAAK,CAAC,mBAAmB,GAAG,GAAG,CAAC,IAAI,CAAC,IAAI,GAAG,GAAG,GAAG,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACnF,CAAC,CAAC,CAAC;QACX,IAAI,iCAAa,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE;YACxC,yBACO,4CAAwB,CAAC;gBACxB,WAAW,EAAE,OAAO,CAAC,WAAW;gBAChC,eAAe,EAAE,OAAO,CAAC,eAAe;gBACxC,GAAG,EAAE,GAAG,CAAC,OAAO;aACnB,CAAC,IACF,kBAAkB,EAAE,GAAG,CAAC,QAAQ,IAClC;SACL;aAAM;YACH,yBACO,mCAAoB,CAAC;gBACpB,WAAW,EAAE,OAAO,CAAC,WAAW;gBAChC,eAAe,EAAE,OAAO,CAAC,eAAe;gBACxC,GAAG,EAAE,GAAG,CAAC,OAAO;aACnB,CAAC,IACF,kBAAkB,EAAE,GAAG,CAAC,QAAQ,IAClC;SACL;IACL,CAAC;CAAA;AAnDD,kDAmDC"}
1
+ {"version":3,"file":"fetchPackageDetails.js","sourceRoot":"","sources":["../src/fetchPackageDetails.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,wCAAwC;AACxC,wDAAwE;AACxE,kEAAqF;AAErF,kDAAuE;AAEvE,MAAM,QAAQ,GAAG,OAAO,CAAC,mBAAmB,CAAC,CAAC;AAU9C,MAAM,QAAQ,GAAG,IAAI,GAAG,EAMrB,CAAC;AAMJ,SAAsB,mBAAmB,CAAC,OAA4B;;QAClE,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC;QAC1B,MAAM,OAAO,GAAG,IAAI,cAAO,CAAC;YACxB,IAAI,EAAE,KAAK;SACd,CAAC,CAAC;QACH,MAAM,QAAQ,GAAG,GAAG,OAAO,CAAC,KAAK,IAAI,OAAO,CAAC,IAAI,IAAI,OAAO,CAAC,eAAe,EAAE,CAAC;QAC/E,MAAM,WAAW,GAAG,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC3C,MAAM,GAAG,GAAG,WAAW;YACnB,CAAC,CAAC,WAAW;YACb,CAAC,CAAC,MAAM,OAAO,CAAC,KAAK;iBACd,UAAU,CAAC;gBACR,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,KAAK,EAAE,OAAO,CAAC,KAAK;gBACpB,IAAI,EAAE,OAAO,CAAC,eAAe;aAChC,CAAC;iBACD,IAAI,CAAC,CAAC,GAAQ,EAAO,EAAE;gBACpB,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,KAAK,MAAM,EAAE;oBAC1B,MAAM,IAAI,KAAK,CAAC,mBAAmB,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC;iBAClE;gBACD,IAAI,GAAG,CAAC,IAAI,CAAC,QAAQ,KAAK,QAAQ,EAAE;oBAChC,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC;oBACnE,QAAQ,CAAC,GAAG,CAAC,QAAQ,EAAE;wBACnB,QAAQ,EAAE,GAAG,CAAC,IAAI,CAAC,QAAQ;wBAC3B,OAAO,EAAE,OAAO;qBACnB,CAAC,CAAC;oBACH,OAAO;wBACH,QAAQ,EAAE,GAAG,CAAC,IAAI,CAAC,QAAQ;wBAC3B,OAAO,EAAE,OAAO;qBACnB,CAAC;iBACL;gBACD,MAAM,IAAI,KAAK,CAAC,mBAAmB,GAAG,GAAG,CAAC,IAAI,CAAC,IAAI,GAAG,GAAG,GAAG,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACnF,CAAC,CAAC,CAAC;QACb,IAAI,IAAA,iCAAa,EAAC,OAAO,CAAC,eAAe,CAAC,EAAE;YACxC,uCACO,IAAA,4CAAwB,EAAC;gBACxB,WAAW,EAAE,OAAO,CAAC,WAAW;gBAChC,eAAe,EAAE,OAAO,CAAC,eAAe;gBACxC,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC;aAC/B,CAAC,KACF,kBAAkB,EAAE,GAAG,CAAC,QAAQ,IAClC;SACL;aAAM,IAAI,IAAA,wBAAS,EAAC,OAAO,CAAC,eAAe,CAAC,EAAE;YAC3C,uCACO,IAAA,mCAAoB,EAAC;gBACpB,WAAW,EAAE,OAAO,CAAC,WAAW;gBAChC,eAAe,EAAE,OAAO,CAAC,eAAe;gBACxC,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC;aAC/B,CAAC,KACF,kBAAkB,EAAE,GAAG,CAAC,QAAQ,IAClC;SACL;aAAM,IAAI,IAAA,sBAAU,EAAC,OAAO,CAAC,eAAe,CAAC,EAAE;YAC5C,uCACO,IAAA,iCAAqB,EAAC;gBACrB,WAAW,EAAE,OAAO,CAAC,WAAW;gBAChC,eAAe,EAAE,OAAO,CAAC,eAAe;gBACxC,GAAG,EAAE,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC;aACnC,CAAC,KACF,kBAAkB,EAAE,GAAG,CAAC,QAAQ,IAClC;SACL;QACD,UAAU;QACV,OAAO,OAAO,CAAC,OAAO,CAAC;YACnB,IAAI,EAAE,OAAO,CAAC,WAAW;YACzB,OAAO,EAAE,OAAO;YAChB,eAAe,EAAE,OAAO,CAAC,eAAe;YACxC,gBAAgB,EAAE,SAAS;YAC3B,kBAAkB,EAAE,GAAG,CAAC,QAAQ;SACnC,CAAC,CAAC;IACP,CAAC;CAAA;AApED,kDAoEC"}
package/lib/index.js CHANGED
@@ -1,7 +1,8 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.fetchVulnerabilityAlerts = exports.fetchPackageDetails = void 0;
3
4
  var fetchPackageDetails_1 = require("./fetchPackageDetails");
4
- exports.fetchPackageDetails = fetchPackageDetails_1.fetchPackageDetails;
5
+ Object.defineProperty(exports, "fetchPackageDetails", { enumerable: true, get: function () { return fetchPackageDetails_1.fetchPackageDetails; } });
5
6
  var VulnerabilityAlerts_1 = require("./VulnerabilityAlerts");
6
- exports.fetchVulnerabilityAlerts = VulnerabilityAlerts_1.fetchVulnerabilityAlerts;
7
+ Object.defineProperty(exports, "fetchVulnerabilityAlerts", { enumerable: true, get: function () { return VulnerabilityAlerts_1.fetchVulnerabilityAlerts; } });
7
8
  //# sourceMappingURL=index.js.map
package/lib/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;AAAA,6DAA+E;AAAlD,oDAAA,mBAAmB,CAAA;AAChD,6DAAwH;AAA/E,yDAAA,wBAAwB,CAAA"}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AAAA,6DAAiF;AAAnD,0HAAA,mBAAmB,OAAA;AACjD,6DAI+B;AAF3B,+HAAA,wBAAwB,OAAA"}
package/lib/parser/package-lock.json.js CHANGED
@@ -1,5 +1,6 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.lookupPackageLockDetails = exports.isPackageLock = void 0;
3
4
  function isPackageLock(packageFilePath) {
4
5
  return /package-lock.json$/.test(packageFilePath);
5
6
  }
package/lib/parser/package-lock.json.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"package-lock.json.js","sourceRoot":"","sources":["../../src/parser/package-lock.json.ts"],"names":[],"mappings":";;AAGA,SAAgB,aAAa,CAAC,eAAuB;IACjD,OAAO,oBAAoB,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;AACtD,CAAC;AAFD,sCAEC;AAED,SAAgB,wBAAwB,CAAC,EAAE,WAAW,EAAE,eAAe,EAAE,GAAG,EAI3E;IACG,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE;QACnB,OAAO;YACH,IAAI,EAAE,WAAW;YACjB,eAAe;YACf,OAAO,EAAE,OAAO;YAChB,gBAAgB,EAAE,SAAS;SAC9B,CAAC;KACL;IACD,MAAM,UAAU,GAAG,GAAG,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC;IACjD,IAAI,CAAC,UAAU,EAAE;QACb,OAAO;YACH,IAAI,EAAE,WAAW;YACjB,eAAe;YACf,OAAO,EAAE,OAAO;YAChB,gBAAgB,EAAE,SAAS;SAC9B,CAAC;KACL;IACD,MAAM,IAAI,GAAqB,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,cAAc,CAAC;IACnF,OAAO;QACH,IAAI,EAAE,WAAW;QACjB,eAAe;QACf,OAAO,EAAE,UAAU,CAAC,OAAO;QAC3B,gBAAgB,EAAE,IAAI;KACzB,CAAC;AACN,CAAC;AA7BD,4DA6BC"}
1
+ {"version":3,"file":"package-lock.json.js","sourceRoot":"","sources":["../../src/parser/package-lock.json.ts"],"names":[],"mappings":";;;AAGA,SAAgB,aAAa,CAAC,eAAuB;IACjD,OAAO,oBAAoB,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;AACtD,CAAC;AAFD,sCAEC;AAED,SAAgB,wBAAwB,CAAC,EACrC,WAAW,EACX,eAAe,EACf,GAAG,EAKN;IACG,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE;QACnB,OAAO;YACH,IAAI,EAAE,WAAW;YACjB,eAAe;YACf,OAAO,EAAE,OAAO;YAChB,gBAAgB,EAAE,SAAS;SAC9B,CAAC;KACL;IACD,MAAM,UAAU,GAAG,GAAG,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC;IACjD,IAAI,CAAC,UAAU,EAAE;QACb,OAAO;YACH,IAAI,EAAE,WAAW;YACjB,eAAe;YACf,OAAO,EAAE,OAAO;YAChB,gBAAgB,EAAE,SAAS;SAC9B,CAAC;KACL;IACD,MAAM,IAAI,GAAqB,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,cAAc,CAAC;IACnF,OAAO;QACH,IAAI,EAAE,WAAW;QACjB,eAAe;QACf,OAAO,EAAE,UAAU,CAAC,OAAO;QAC3B,gBAAgB,EAAE,IAAI;KACzB,CAAC;AACN,CAAC;AAjCD,4DAiCC"}
package/lib/parser/package.json.js CHANGED
@@ -1,5 +1,6 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.lookupPackageDetails = exports.isPackage = void 0;
3
4
  function isPackage(packageFilePath) {
4
5
  return /pacakge.json$/.test(packageFilePath);
5
6
  }
package/lib/parser/package.json.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"package.json.js","sourceRoot":"","sources":["../../src/parser/package.json.ts"],"names":[],"mappings":";;AAGA,SAAgB,SAAS,CAAC,eAAuB;IAC7C,OAAO,eAAe,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;AACjD,CAAC;AAFD,8BAEC;AAED,SAAgB,oBAAoB,CAAC,EAAE,WAAW,EAAE,eAAe,EAAE,GAAG,EAIvE;IACG,4CAA4C;IAC5C,MAAM,YAAY,GAAI,GAAW,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC;IACxD,MAAM,eAAe,GAAG,GAAG,CAAC,iBAAiB,CAAC,IAAI,EAAE,CAAC;IACrD,MAAM,MAAM,GAAG,CAAC,GAA4D,EAAE;QAC1E,IAAI,YAAY,CAAC,cAAc,CAAC,WAAW,CAAC,EAAE;YAC1C,OAAO;gBACH,gBAAgB,EAAE,cAAc;gBAChC,OAAO,EAAE,YAAY,CAAC,WAAW,CAAC;aACrC,CAAC;SACL;QACD,IAAI,eAAe,CAAC,cAAc,CAAC,WAAW,CAAC,EAAE;YAC7C,OAAO;gBACH,gBAAgB,EAAE,iBAAiB;gBACnC,OAAO,EAAE,eAAe,CAAC,WAAW,CAAC;aACxC,CAAC;SACL;QACD,OAAO;YACH,gBAAgB,EAAE,SAAS;YAC3B,OAAO,EAAE,OAAO;SACnB,CAAC;IACN,CAAC,CAAC,EAAE,CAAC;IACL,OAAO;QACH,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,eAAe;QACf,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;KAC5C,CAAC;AACN,CAAC;AAhCD,oDAgCC"}
1
+ {"version":3,"file":"package.json.js","sourceRoot":"","sources":["../../src/parser/package.json.ts"],"names":[],"mappings":";;;AAGA,SAAgB,SAAS,CAAC,eAAuB;IAC7C,OAAO,eAAe,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;AACjD,CAAC;AAFD,8BAEC;AAED,SAAgB,oBAAoB,CAAC,EACjC,WAAW,EACX,eAAe,EACf,GAAG,EAKN;IACG,4CAA4C;IAC5C,MAAM,YAAY,GAAI,GAAW,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC;IACxD,MAAM,eAAe,GAAG,GAAG,CAAC,iBAAiB,CAAC,IAAI,EAAE,CAAC;IACrD,MAAM,MAAM,GAAG,CAAC,GAA4D,EAAE;QAC1E,IAAI,YAAY,CAAC,cAAc,CAAC,WAAW,CAAC,EAAE;YAC1C,OAAO;gBACH,gBAAgB,EAAE,cAAc;gBAChC,OAAO,EAAE,YAAY,CAAC,WAAW,CAAC;aACrC,CAAC;SACL;QACD,IAAI,eAAe,CAAC,cAAc,CAAC,WAAW,CAAC,EAAE;YAC7C,OAAO;gBACH,gBAAgB,EAAE,iBAAiB;gBACnC,OAAO,EAAE,eAAe,CAAC,WAAW,CAAC;aACxC,CAAC;SACL;QACD,OAAO;YACH,gBAAgB,EAAE,SAAS;YAC3B,OAAO,EAAE,OAAO;SACnB,CAAC;IACN,CAAC,CAAC,EAAE,CAAC;IACL,OAAO;QACH,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,eAAe;QACf,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;KAC5C,CAAC;AACN,CAAC;AApCD,oDAoCC"}
package/lib/parser/yarn-lock.d.ts ADDED
@@ -0,0 +1,17 @@
1
+ import { PackageDetails } from "./Details";
2
+ export declare function isYarnLock(packageFilePath: string): boolean;
3
+ export declare function lookupYarnLockDetails({ packageName, packageFilePath, pkg }: {
4
+ packageName: string;
5
+ packageFilePath: string;
6
+ pkg: {
7
+ type: string;
8
+ object: {
9
+ [index: string]: {
10
+ version: string;
11
+ resolve: string;
12
+ integrity: string;
13
+ dependencies: object;
14
+ };
15
+ };
16
+ };
17
+ }): PackageDetails;
package/lib/parser/yarn-lock.js ADDED
@@ -0,0 +1,38 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.lookupYarnLockDetails = exports.isYarnLock = void 0;
4
+ function isYarnLock(packageFilePath) {
5
+ return /yarn.lock$/.test(packageFilePath);
6
+ }
7
+ exports.isYarnLock = isYarnLock;
8
+ function lookupYarnLockDetails({ packageName, packageFilePath, pkg }) {
9
+ if (pkg.type !== "success") {
10
+ return {
11
+ name: packageName,
12
+ packageFilePath,
13
+ version: "0.0.0",
14
+ dependenciesType: "unknown"
15
+ };
16
+ }
17
+ const matchKey = Object.keys(pkg.object).find((key) => {
18
+ const keyName = key.slice(0, key.lastIndexOf("@"));
19
+ return keyName === packageName;
20
+ });
21
+ if (!matchKey) {
22
+ return {
23
+ name: packageName,
24
+ packageFilePath,
25
+ version: "0.0.0",
26
+ dependenciesType: "unknown"
27
+ };
28
+ }
29
+ const dep = pkg.object[matchKey];
30
+ return {
31
+ name: packageName,
32
+ packageFilePath,
33
+ version: dep.version,
34
+ dependenciesType: "unknown"
35
+ };
36
+ }
37
+ exports.lookupYarnLockDetails = lookupYarnLockDetails;
38
+ //# sourceMappingURL=yarn-lock.js.map
package/lib/parser/yarn-lock.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"yarn-lock.js","sourceRoot":"","sources":["../../src/parser/yarn-lock.ts"],"names":[],"mappings":";;;AAEA,SAAgB,UAAU,CAAC,eAAuB;IAC9C,OAAO,YAAY,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;AAC9C,CAAC;AAFD,gCAEC;AAED,SAAgB,qBAAqB,CAAC,EAClC,WAAW,EACX,eAAe,EACf,GAAG,EAQN;IACG,IAAI,GAAG,CAAC,IAAI,KAAK,SAAS,EAAE;QACxB,OAAO;YACH,IAAI,EAAE,WAAW;YACjB,eAAe;YACf,OAAO,EAAE,OAAO;YAChB,gBAAgB,EAAE,SAAS;SAC9B,CAAC;KACL;IACD,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE;QAClD,MAAM,OAAO,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC;QACnD,OAAO,OAAO,KAAK,WAAW,CAAC;IACnC,CAAC,CAAC,CAAC;IACH,IAAI,CAAC,QAAQ,EAAE;QACX,OAAO;YACH,IAAI,EAAE,WAAW;YACjB,eAAe;YACf,OAAO,EAAE,OAAO;YAChB,gBAAgB,EAAE,SAAS;SAC9B,CAAC;KACL;IACD,MAAM,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACjC,OAAO;QACH,IAAI,EAAE,WAAW;QACjB,eAAe;QACf,OAAO,EAAE,GAAG,CAAC,OAAO;QACpB,gBAAgB,EAAE,SAAS;KAC9B,CAAC;AACN,CAAC;AAvCD,sDAuCC"}
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@security-alert/share",
3
- "version": "1.1.1",
4
- "description": "[GitHub] Create an issue from security alert's url.",
3
+ "version": "1.6.0",
4
+ "description": "security alert shared lib",
5
5
  "keywords": [
6
6
  "cli",
7
7
  "console",
@@ -34,55 +34,34 @@
34
34
  "scripts": {
35
35
  "build": "cross-env NODE_ENV=production tsc -p .",
36
36
  "clean": "rimraf lib/",
37
- "prettier": "prettier --write \"**/*.{js,jsx,ts,tsx,css}\"",
38
37
  "prepublish": "npm run --if-present build",
39
- "test": "# jest",
40
- "test:watch": "jest --watch --notify --notifyMode=change --coverage",
38
+ "test": "mocha \"test/**/*.ts\"",
41
39
  "watch": "tsc -p . --watch"
42
40
  },
43
- "jest": {
44
- "testEnvironment": "node"
45
- },
46
- "husky": {
47
- "hooks": {
48
- "precommit": "lint-staged"
49
- }
50
- },
51
- "lint-staged": {
52
- "*.{js,jsx,ts,tsx,css}": [
53
- "prettier --write",
54
- "git add"
55
- ]
56
- },
57
- "prettier": {
58
- "printWidth": 120,
59
- "singleQuote": false,
60
- "tabWidth": 4
61
- },
62
41
  "devDependencies": {
63
- "@types/jest": "^24.0.0",
64
- "@types/lodash": "^4.14.134",
42
+ "@types/lodash": "^4.14.158",
65
43
  "@types/meow": "^5.0.0",
66
- "@types/nock": "^10.0.3",
67
- "@types/node": "^12.0.10",
68
- "cross-env": "^5.2.0",
69
- "husky": "^2.5.0",
70
- "jest": "^24.0.0",
71
- "lint-staged": "^8.2.1",
72
- "nock": "^10.0.6",
73
- "prettier": "^1.18.2",
74
- "rimraf": "^2.6.3",
75
- "ts-node": "^8.3.0",
76
- "ts-node-test-register": "^8.0.1",
77
- "typescript": "^3.5.2"
44
+ "@types/mocha": "^8.0.1",
45
+ "@types/nock": "^11.1.0",
46
+ "@types/node": "^14.18.12",
47
+ "cross-env": "^7.0.2",
48
+ "husky": "^4.2.5",
49
+ "mocha": "^9.2.2",
50
+ "nock": "^13.0.3",
51
+ "rimraf": "^3.0.2",
52
+ "ts-node": "^10.7.0",
53
+ "ts-node-test-register": "^10.0.0",
54
+ "typescript": "^4.6.3"
78
55
  },
79
56
  "dependencies": {
80
57
  "@npm/types": "^1.0.1",
81
- "@octokit/graphql": "^2.1.2",
82
- "@octokit/rest": "^16.28.2",
83
- "meow": "^5.0.0"
58
+ "@octokit/graphql": "^4.5.3",
59
+ "@octokit/rest": "^18.0.3",
60
+ "@octokit/types": "^6.34.0",
61
+ "@yarnpkg/lockfile": "^1.0.0",
62
+ "meow": "^7.0.1"
84
63
  },
85
- "gitHead": "0534d414d1a2e5919bc67002bc6a44c384bccbf1",
64
+ "gitHead": "6788f5c379dc9daa8cfeb6556d1cce93401df21e",
86
65
  "publishConfig": {
87
66
  "access": "public"
88
67
  }
package/src/VulnerabilityAlerts.ts CHANGED
@@ -1,14 +1,14 @@
1
- const graphql = require("@octokit/graphql");
1
+ import { graphql } from "@octokit/graphql";
2
2
 
3
3
  export type fetchVulnerabilityAlertsOptions = {
4
4
  token: string;
5
5
  owner: string;
6
6
  repo: string;
7
- }
7
+ };
8
8
 
9
9
  export type VulnerabilityAlertNode = {
10
10
  id: string;
11
- vulnerableManifestFilename: string
11
+ vulnerableManifestFilename: string;
12
12
  vulnerableManifestPath: string;
13
13
  vulnerableRequirements: string;
14
14
  dismissReason: string | null;
@@ -20,10 +20,10 @@ export type VulnerabilityAlertNode = {
20
20
  description: string;
21
21
  ghsaId: string;
22
22
  severity: string;
23
- summary: string
24
- identifiers: { id: string; value: string; }[]
25
- references: { url: string }[]
26
- }
23
+ summary: string;
24
+ identifiers: { id: string; value: string }[];
25
+ references: { url: string }[];
26
+ };
27
27
  securityVulnerability: {
28
28
  firstPatchedVersion?: {
29
29
  identifier: string;
@@ -32,64 +32,70 @@ export type VulnerabilityAlertNode = {
32
32
  severity: string;
33
33
  package: {
34
34
  name: string;
35
- ecosystem: string
36
- }
37
- }
38
- }
35
+ ecosystem: string;
36
+ };
37
+ };
38
+ };
39
39
 
40
- export async function fetchVulnerabilityAlerts(options: fetchVulnerabilityAlertsOptions): Promise<VulnerabilityAlertNode[]> {
40
+ export async function fetchVulnerabilityAlerts(
41
+ options: fetchVulnerabilityAlertsOptions
42
+ ): Promise<VulnerabilityAlertNode[]> {
41
43
  // https://developer.github.com/v4/object/repository/#connections
42
- const { repository } = await graphql(`
43
- query vulnerabilityAlerts($owner: String!, $repo: String!) {
44
- repository(owner:$owner, name:$repo) {
45
- vulnerabilityAlerts(first:100) {
46
- edges {
47
- node {
48
- id
49
- vulnerableManifestFilename
50
- vulnerableManifestPath
51
- vulnerableRequirements
52
- dismissReason
53
- dismissedAt
54
- dismisser {
55
- login
56
- }
57
- securityAdvisory {
58
- ghsaId
59
- description
60
- severity
61
- summary
62
- identifiers {
63
- type
64
- value
44
+ const { repository } = await graphql(
45
+ `
46
+ query vulnerabilityAlerts($owner: String!, $repo: String!) {
47
+ repository(owner: $owner, name: $repo) {
48
+ vulnerabilityAlerts(first: 100) {
49
+ edges {
50
+ node {
51
+ id
52
+ vulnerableManifestFilename
53
+ vulnerableManifestPath
54
+ vulnerableRequirements
55
+ dismissReason
56
+ dismissedAt
57
+ dismisser {
58
+ login
59
+ }
60
+ securityAdvisory {
61
+ ghsaId
62
+ description
63
+ severity
64
+ summary
65
+ identifiers {
66
+ type
67
+ value
68
+ }
69
+ references {
70
+ url
71
+ }
72
+ }
73
+ securityVulnerability {
74
+ firstPatchedVersion {
75
+ identifier
76
+ }
77
+ vulnerableVersionRange
78
+ severity
79
+ package {
80
+ name
81
+ ecosystem
82
+ }
83
+ }
84
+ }
85
+ }
86
+ }
87
+ }
65
88
  }
66
- references {
67
- url
89
+ `,
90
+ {
91
+ owner: options.owner,
92
+ repo: options.repo,
93
+ headers: {
94
+ authorization: `token ${options.token}`,
95
+ accept: "application/vnd.github.vixen-preview+json"
68
96
  }
69
- }
70
- securityVulnerability {
71
- firstPatchedVersion {
72
- identifier
73
- }
74
- vulnerableVersionRange
75
- severity
76
- package {
77
- name
78
- ecosystem
79
- }
80
- }
81
97
  }
82
- }
83
- }
84
- }
85
- }`, {
86
- owner: options.owner,
87
- repo: options.repo,
88
- headers: {
89
- authorization: `token ${options.token}`,
90
- accept: "application/vnd.github.vixen-preview+json"
91
- }
92
- });
98
+ );
93
99
  return repository.vulnerabilityAlerts.edges.map((edge: any) => {
94
100
  return edge.node;
95
101
  });
package/src/fetchPackageDetails.ts CHANGED
@@ -1,7 +1,10 @@
1
- import Octokit from "@octokit/rest";
2
- import { lookupPackageDetails } from "./parser/package.json";
1
+ import { Octokit } from "@octokit/rest";
2
+ import { isPackage, lookupPackageDetails } from "./parser/package.json";
3
3
  import { isPackageLock, lookupPackageLockDetails } from "./parser/package-lock.json";
4
4
  import { PackageDetails } from "./parser/Details";
5
+ import { isYarnLock, lookupYarnLockDetails } from "./parser/yarn-lock";
6
+
7
+ const lockfile = require("@yarnpkg/lockfile");
5
8
 
6
9
  export type fetchPackageOptions = {
7
10
  token: string;
@@ -11,14 +14,17 @@ export type fetchPackageOptions = {
11
14
  packageFilePath: string;
12
15
  };
13
16
 
14
- const cacheMap = new Map<string, {
15
- html_url: string,
16
- content: object,
17
- }>();
17
+ const cacheMap = new Map<
18
+ string,
19
+ {
20
+ html_url: string;
21
+ content: string;
22
+ }
23
+ >();
18
24
 
19
25
  export type fetchPackageDetails = PackageDetails & {
20
26
  packageManifestUrl: string;
21
- }
27
+ };
22
28
 
23
29
  export async function fetchPackageDetails(options: fetchPackageOptions): Promise<fetchPackageDetails> {
24
30
  const { token } = options;
@@ -30,45 +36,62 @@ export async function fetchPackageDetails(options: fetchPackageOptions): Promise
30
36
  const pkg = cachedValue
31
37
  ? cachedValue
32
38
  : await octokit.repos
33
- .getContents({
34
- repo: options.repo,
35
- owner: options.owner,
36
- path: options.packageFilePath
37
- })
38
- .then(res => {
39
- if (res.data.type !== "file") {
40
- throw new Error("This is not file:" + options.packageFilePath);
41
- }
42
- if (res.data.encoding === "base64") {
43
- const content = JSON.parse(Buffer.from(res.data.content, "base64").toString());
44
- cacheMap.set(cacheKey, {
45
- html_url: res.data.html_url,
46
- content
47
- });
48
- return {
49
- html_url: res.data.html_url,
50
- content
51
- };
52
- }
53
- throw new Error("Unknown file type" + res.data.type + ":" + res.data.encoding);
54
- });
39
+ .getContent({
40
+ repo: options.repo,
41
+ owner: options.owner,
42
+ path: options.packageFilePath
43
+ })
44
+ .then((res: any): any => {
45
+ if (res.data.type !== "file") {
46
+ throw new Error("This is not file:" + options.packageFilePath);
47
+ }
48
+ if (res.data.encoding === "base64") {
49
+ const content = Buffer.from(res.data.content, "base64").toString();
50
+ cacheMap.set(cacheKey, {
51
+ html_url: res.data.html_url,
52
+ content: content
53
+ });
54
+ return {
55
+ html_url: res.data.html_url,
56
+ content: content
57
+ };
58
+ }
59
+ throw new Error("Unknown file type" + res.data.type + ":" + res.data.encoding);
60
+ });
55
61
  if (isPackageLock(options.packageFilePath)) {
56
62
  return {
57
63
  ...lookupPackageLockDetails({
58
64
  packageName: options.packageName,
59
65
  packageFilePath: options.packageFilePath,
60
- pkg: pkg.content
66
+ pkg: JSON.parse(pkg.content)
61
67
  }),
62
68
  packageManifestUrl: pkg.html_url
63
69
  };
64
- } else {
70
+ } else if (isPackage(options.packageFilePath)) {
65
71
  return {
66
72
  ...lookupPackageDetails({
67
73
  packageName: options.packageName,
68
74
  packageFilePath: options.packageFilePath,
69
- pkg: pkg.content
75
+ pkg: JSON.parse(pkg.content)
76
+ }),
77
+ packageManifestUrl: pkg.html_url
78
+ };
79
+ } else if (isYarnLock(options.packageFilePath)) {
80
+ return {
81
+ ...lookupYarnLockDetails({
82
+ packageName: options.packageName,
83
+ packageFilePath: options.packageFilePath,
84
+ pkg: lockfile.parse(pkg.content)
70
85
  }),
71
86
  packageManifestUrl: pkg.html_url
72
87
  };
73
88
  }
89
+ // unknown
90
+ return Promise.resolve({
91
+ name: options.packageName,
92
+ version: "0.0.0",
93
+ packageFilePath: options.packageFilePath,
94
+ dependenciesType: "unknown",
95
+ packageManifestUrl: pkg.html_url
96
+ });
74
97
  }
package/src/index.ts CHANGED
@@ -1,3 +1,7 @@
1
- export {fetchPackageOptions, fetchPackageDetails} from "./fetchPackageDetails";
2
- export {fetchVulnerabilityAlertsOptions, fetchVulnerabilityAlerts, VulnerabilityAlertNode} from "./VulnerabilityAlerts";
3
- export {PackageDetails} from "./parser/Details";
1
+ export { fetchPackageOptions, fetchPackageDetails } from "./fetchPackageDetails";
2
+ export {
3
+ fetchVulnerabilityAlertsOptions,
4
+ fetchVulnerabilityAlerts,
5
+ VulnerabilityAlertNode
6
+ } from "./VulnerabilityAlerts";
7
+ export { PackageDetails } from "./parser/Details";
package/src/parser/Details.ts CHANGED
@@ -4,4 +4,4 @@ export type PackageDetails = {
4
4
  version: string;
5
5
  packageFilePath: string;
6
6
  dependenciesType: DependenciesType;
7
- }
7
+ };
package/src/parser/package-lock.json.ts CHANGED
@@ -5,10 +5,14 @@ export function isPackageLock(packageFilePath: string) {
5
5
  return /package-lock.json$/.test(packageFilePath);
6
6
  }
7
7
 
8
- export function lookupPackageLockDetails({ packageName, packageFilePath, pkg }: {
9
- packageName: string,
10
- packageFilePath: string,
11
- pkg: PackageLock
8
+ export function lookupPackageLockDetails({
9
+ packageName,
10
+ packageFilePath,
11
+ pkg
12
+ }: {
13
+ packageName: string;
14
+ packageFilePath: string;
15
+ pkg: PackageLock;
12
16
  }): PackageDetails {
13
17
  if (!pkg.dependencies) {
14
18
  return {
package/src/parser/package.json.ts CHANGED
@@ -5,15 +5,19 @@ export function isPackage(packageFilePath: string) {
5
5
  return /pacakge.json$/.test(packageFilePath);
6
6
  }
7
7
 
8
- export function lookupPackageDetails({ packageName, packageFilePath, pkg }: {
9
- packageName: string,
10
- packageFilePath: string,
11
- pkg: PackageJson
8
+ export function lookupPackageDetails({
9
+ packageName,
10
+ packageFilePath,
11
+ pkg
12
+ }: {
13
+ packageName: string;
14
+ packageFilePath: string;
15
+ pkg: PackageJson;
12
16
  }): PackageDetails {
13
17
  // TODO: https://github.com/npm/types/pull/2
14
18
  const dependencies = (pkg as any)["dependencies"] || {};
15
19
  const devDependencies = pkg["devDependencies"] || {};
16
- const target = ((): { dependenciesType: DependenciesType, version: string } => {
20
+ const target = ((): { dependenciesType: DependenciesType; version: string } => {
17
21
  if (dependencies.hasOwnProperty(packageName)) {
18
22
  return {
19
23
  dependenciesType: "dependencies",
package/src/parser/yarn-lock.ts ADDED
@@ -0,0 +1,46 @@
1
+ import { PackageDetails } from "./Details";
2
+
3
+ export function isYarnLock(packageFilePath: string) {
4
+ return /yarn.lock$/.test(packageFilePath);
5
+ }
6
+
7
+ export function lookupYarnLockDetails({
8
+ packageName,
9
+ packageFilePath,
10
+ pkg
11
+ }: {
12
+ packageName: string;
13
+ packageFilePath: string;
14
+ pkg: {
15
+ type: string;
16
+ object: { [index: string]: { version: string; resolve: string; integrity: string; dependencies: object } };
17
+ };
18
+ }): PackageDetails {
19
+ if (pkg.type !== "success") {
20
+ return {
21
+ name: packageName,
22
+ packageFilePath,
23
+ version: "0.0.0",
24
+ dependenciesType: "unknown"
25
+ };
26
+ }
27
+ const matchKey = Object.keys(pkg.object).find((key) => {
28
+ const keyName = key.slice(0, key.lastIndexOf("@"));
29
+ return keyName === packageName;
30
+ });
31
+ if (!matchKey) {
32
+ return {
33
+ name: packageName,
34
+ packageFilePath,
35
+ version: "0.0.0",
36
+ dependenciesType: "unknown"
37
+ };
38
+ }
39
+ const dep = pkg.object[matchKey];
40
+ return {
41
+ name: packageName,
42
+ packageFilePath,
43
+ version: dep.version,
44
+ dependenciesType: "unknown"
45
+ };
46
+ }
package/CHANGELOG.md DELETED
@@ -1,8 +0,0 @@
1
- # Change Log
2
-
3
- All notable changes to this project will be documented in this file.
4
- See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
5
-
6
- ## 1.1.1 (2019-07-05)
7
-
8
- **Note:** Version bump only for package @security-alert/share