@security-alert/share 1.2.0 → 1.10.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (22) hide show
  1. package/README.md +2 -2
  2. package/lib/VulnerabilityAlerts.js +48 -45
  3. package/lib/VulnerabilityAlerts.js.map +1 -1
  4. package/lib/fetchPackageDetails.js +16 -17
  5. package/lib/fetchPackageDetails.js.map +1 -1
  6. package/lib/index.js +3 -2
  7. package/lib/index.js.map +1 -1
  8. package/lib/parser/package-lock.json.js +1 -0
  9. package/lib/parser/package-lock.json.js.map +1 -1
  10. package/lib/parser/package.json.js +1 -0
  11. package/lib/parser/package.json.js.map +1 -1
  12. package/lib/parser/yarn-lock.js +2 -1
  13. package/lib/parser/yarn-lock.js.map +1 -1
  14. package/package.json +22 -40
  15. package/src/VulnerabilityAlerts.ts +66 -60
  16. package/src/fetchPackageDetails.ts +36 -33
  17. package/src/index.ts +7 -3
  18. package/src/parser/Details.ts +1 -1
  19. package/src/parser/package-lock.json.ts +8 -4
  20. package/src/parser/package.json.ts +9 -5
  21. package/src/parser/yarn-lock.ts +13 -6
  22. package/CHANGELOG.md +0 -25
package/README.md CHANGED
@@ -10,7 +10,7 @@ Install with [npm](https://www.npmjs.com/):
10
10
 
11
11
  ## Changelog
12
12
 
13
- See [Releases page](https://github.com/azu/create-security-alert-issue/releases).
13
+ See [Releases page](https://github.com/security-alert/create-security-alert-issue/releases).
14
14
 
15
15
  ## Running tests
16
16
 
@@ -22,7 +22,7 @@ Install devDependencies and Run `npm test`:
22
22
 
23
23
  Pull requests and stars are always welcome.
24
24
 
25
- For bugs and feature requests, [please create an issue](https://github.com/azu/create-security-alert-issue/issues).
25
+ For bugs and feature requests, [please create an issue](https://github.com/security-alert/create-security-alert-issue/issues).
26
26
 
27
27
  1. Fork it!
28
28
  2. Create your feature branch: `git checkout -b my-new-feature`
package/lib/VulnerabilityAlerts.js CHANGED
@@ -1,61 +1,64 @@
1
1
  "use strict";
2
2
  var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
3
+ function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
3
4
  return new (P || (P = Promise))(function (resolve, reject) {
4
5
  function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
5
6
  function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
6
- function step(result) { result.done ? resolve(result.value) : new P(function (resolve) { resolve(result.value); }).then(fulfilled, rejected); }
7
+ function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
7
8
  step((generator = generator.apply(thisArg, _arguments || [])).next());
8
9
  });
9
10
  };
10
11
  Object.defineProperty(exports, "__esModule", { value: true });
11
- const graphql = require("@octokit/graphql");
12
+ exports.fetchVulnerabilityAlerts = void 0;
13
+ const graphql_1 = require("@octokit/graphql");
12
14
  function fetchVulnerabilityAlerts(options) {
13
15
  return __awaiter(this, void 0, void 0, function* () {
14
16
  // https://developer.github.com/v4/object/repository/#connections
15
- const { repository } = yield graphql(`
16
- query vulnerabilityAlerts($owner: String!, $repo: String!) {
17
- repository(owner:$owner, name:$repo) {
18
- vulnerabilityAlerts(first:100) {
19
- edges {
20
- node {
21
- id
22
- vulnerableManifestFilename
23
- vulnerableManifestPath
24
- vulnerableRequirements
25
- dismissReason
26
- dismissedAt
27
- dismisser {
28
- login
29
- }
30
- securityAdvisory {
31
- ghsaId
32
- description
33
- severity
34
- summary
35
- identifiers {
36
- type
37
- value
17
+ const { repository } = yield (0, graphql_1.graphql)(`
18
+ query vulnerabilityAlerts($owner: String!, $repo: String!) {
19
+ repository(owner: $owner, name: $repo) {
20
+ vulnerabilityAlerts(first: 100) {
21
+ edges {
22
+ node {
23
+ id
24
+ vulnerableManifestFilename
25
+ vulnerableManifestPath
26
+ vulnerableRequirements
27
+ dismissReason
28
+ dismissedAt
29
+ dismisser {
30
+ login
31
+ }
32
+ securityAdvisory {
33
+ ghsaId
34
+ description
35
+ severity
36
+ summary
37
+ identifiers {
38
+ type
39
+ value
40
+ }
41
+ references {
42
+ url
43
+ }
44
+ }
45
+ securityVulnerability {
46
+ firstPatchedVersion {
47
+ identifier
48
+ }
49
+ vulnerableVersionRange
50
+ severity
51
+ package {
52
+ name
53
+ ecosystem
54
+ }
55
+ }
56
+ }
57
+ }
58
+ }
59
+ }
38
60
  }
39
- references {
40
- url
41
- }
42
- }
43
- securityVulnerability {
44
- firstPatchedVersion {
45
- identifier
46
- }
47
- vulnerableVersionRange
48
- severity
49
- package {
50
- name
51
- ecosystem
52
- }
53
- }
54
- }
55
- }
56
- }
57
- }
58
- }`, {
61
+ `, {
59
62
  owner: options.owner,
60
63
  repo: options.repo,
61
64
  headers: {
package/lib/VulnerabilityAlerts.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"VulnerabilityAlerts.js","sourceRoot":"","sources":["../src/VulnerabilityAlerts.ts"],"names":[],"mappings":";;;;;;;;;;AAAA,MAAM,OAAO,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;AAuC5C,SAAsB,wBAAwB,CAAC,OAAwC;;QACnF,iEAAiE;QACjE,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,OAAO,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA2CvC,EAAE;YACI,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,OAAO,EAAE;gBACL,aAAa,EAAE,SAAS,OAAO,CAAC,KAAK,EAAE;gBACvC,MAAM,EAAE,2CAA2C;aACtD;SACJ,CAAC,CAAC;QACH,OAAO,UAAU,CAAC,mBAAmB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,IAAS,EAAE,EAAE;YAC1D,OAAO,IAAI,CAAC,IAAI,CAAC;QACrB,CAAC,CAAC,CAAC;IACP,CAAC;CAAA;AAxDD,4DAwDC"}
1
+ {"version":3,"file":"VulnerabilityAlerts.js","sourceRoot":"","sources":["../src/VulnerabilityAlerts.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,8CAA2C;AAuC3C,SAAsB,wBAAwB,CAC1C,OAAwC;;QAExC,iEAAiE;QACjE,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,IAAA,iBAAO,EAChC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;SA4CC,EACD;YACI,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,OAAO,EAAE;gBACL,aAAa,EAAE,SAAS,OAAO,CAAC,KAAK,EAAE;gBACvC,MAAM,EAAE,2CAA2C;aACtD;SACJ,CACJ,CAAC;QACF,OAAO,UAAU,CAAC,mBAAmB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,IAAS,EAAE,EAAE;YAC1D,OAAO,IAAI,CAAC,IAAI,CAAC;QACrB,CAAC,CAAC,CAAC;IACP,CAAC;CAAA;AA9DD,4DA8DC"}
package/lib/fetchPackageDetails.js CHANGED
@@ -1,17 +1,16 @@
1
1
  "use strict";
2
2
  var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
3
+ function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
3
4
  return new (P || (P = Promise))(function (resolve, reject) {
4
5
  function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
5
6
  function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
6
- function step(result) { result.done ? resolve(result.value) : new P(function (resolve) { resolve(result.value); }).then(fulfilled, rejected); }
7
+ function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
7
8
  step((generator = generator.apply(thisArg, _arguments || [])).next());
8
9
  });
9
10
  };
10
- var __importDefault = (this && this.__importDefault) || function (mod) {
11
- return (mod && mod.__esModule) ? mod : { "default": mod };
12
- };
13
11
  Object.defineProperty(exports, "__esModule", { value: true });
14
- const rest_1 = __importDefault(require("@octokit/rest"));
12
+ exports.fetchPackageDetails = void 0;
13
+ const rest_1 = require("@octokit/rest");
15
14
  const package_json_1 = require("./parser/package.json");
16
15
  const package_lock_json_1 = require("./parser/package-lock.json");
17
16
  const yarn_lock_1 = require("./parser/yarn-lock");
@@ -20,7 +19,7 @@ const cacheMap = new Map();
20
19
  function fetchPackageDetails(options) {
21
20
  return __awaiter(this, void 0, void 0, function* () {
22
21
  const { token } = options;
23
- const octokit = new rest_1.default({
22
+ const octokit = new rest_1.Octokit({
24
23
  auth: token
25
24
  });
26
25
  const cacheKey = `${options.owner}.${options.repo}.${options.packageFilePath}`;
@@ -28,12 +27,12 @@ function fetchPackageDetails(options) {
28
27
  const pkg = cachedValue
29
28
  ? cachedValue
30
29
  : yield octokit.repos
31
- .getContents({
30
+ .getContent({
32
31
  repo: options.repo,
33
32
  owner: options.owner,
34
33
  path: options.packageFilePath
35
34
  })
36
- .then(res => {
35
+ .then((res) => {
37
36
  if (res.data.type !== "file") {
38
37
  throw new Error("This is not file:" + options.packageFilePath);
39
38
  }
@@ -50,26 +49,26 @@ function fetchPackageDetails(options) {
50
49
  }
51
50
  throw new Error("Unknown file type" + res.data.type + ":" + res.data.encoding);
52
51
  });
53
- if (package_lock_json_1.isPackageLock(options.packageFilePath)) {
54
- return Object.assign({}, package_lock_json_1.lookupPackageLockDetails({
52
+ if ((0, package_lock_json_1.isPackageLock)(options.packageFilePath)) {
53
+ return Object.assign(Object.assign({}, (0, package_lock_json_1.lookupPackageLockDetails)({
55
54
  packageName: options.packageName,
56
55
  packageFilePath: options.packageFilePath,
57
56
  pkg: JSON.parse(pkg.content)
58
- }), { packageManifestUrl: pkg.html_url });
57
+ })), { packageManifestUrl: pkg.html_url });
59
58
  }
60
- else if (package_json_1.isPackage(options.packageFilePath)) {
61
- return Object.assign({}, package_json_1.lookupPackageDetails({
59
+ else if ((0, package_json_1.isPackage)(options.packageFilePath)) {
60
+ return Object.assign(Object.assign({}, (0, package_json_1.lookupPackageDetails)({
62
61
  packageName: options.packageName,
63
62
  packageFilePath: options.packageFilePath,
64
63
  pkg: JSON.parse(pkg.content)
65
- }), { packageManifestUrl: pkg.html_url });
64
+ })), { packageManifestUrl: pkg.html_url });
66
65
  }
67
- else if (yarn_lock_1.isYarnLock(options.packageFilePath)) {
68
- return Object.assign({}, yarn_lock_1.lookupYarnLockDetails({
66
+ else if ((0, yarn_lock_1.isYarnLock)(options.packageFilePath)) {
67
+ return Object.assign(Object.assign({}, (0, yarn_lock_1.lookupYarnLockDetails)({
69
68
  packageName: options.packageName,
70
69
  packageFilePath: options.packageFilePath,
71
70
  pkg: lockfile.parse(pkg.content)
72
- }), { packageManifestUrl: pkg.html_url });
71
+ })), { packageManifestUrl: pkg.html_url });
73
72
  }
74
73
  // unknown
75
74
  return Promise.resolve({
package/lib/fetchPackageDetails.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"fetchPackageDetails.js","sourceRoot":"","sources":["../src/fetchPackageDetails.ts"],"names":[],"mappings":";;;;;;;;;;;;;AAAA,yDAAoC;AACpC,wDAAsE;AACtE,kEAAmF;AAEnF,kDAAqE;AAErE,MAAM,QAAQ,GAAG,OAAO,CAAC,mBAAmB,CAAC,CAAC;AAU9C,MAAM,QAAQ,GAAG,IAAI,GAAG,EAGpB,CAAC;AAML,SAAsB,mBAAmB,CAAC,OAA4B;;QAClE,MAAM,EAAC,KAAK,EAAC,GAAG,OAAO,CAAC;QACxB,MAAM,OAAO,GAAG,IAAI,cAAO,CAAC;YACxB,IAAI,EAAE,KAAK;SACd,CAAC,CAAC;QACH,MAAM,QAAQ,GAAG,GAAG,OAAO,CAAC,KAAK,IAAI,OAAO,CAAC,IAAI,IAAI,OAAO,CAAC,eAAe,EAAE,CAAC;QAC/E,MAAM,WAAW,GAAG,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC3C,MAAM,GAAG,GAAG,WAAW;YACnB,CAAC,CAAC,WAAW;YACb,CAAC,CAAC,MAAM,OAAO,CAAC,KAAK;iBAChB,WAAW,CAAC;gBACT,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,KAAK,EAAE,OAAO,CAAC,KAAK;gBACpB,IAAI,EAAE,OAAO,CAAC,eAAe;aAChC,CAAC;iBACD,IAAI,CAAC,GAAG,CAAC,EAAE;gBACR,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,KAAK,MAAM,EAAE;oBAC1B,MAAM,IAAI,KAAK,CAAC,mBAAmB,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC;iBAClE;gBACD,IAAI,GAAG,CAAC,IAAI,CAAC,QAAQ,KAAK,QAAQ,EAAE;oBAChC,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC;oBACnE,QAAQ,CAAC,GAAG,CAAC,QAAQ,EAAE;wBACnB,QAAQ,EAAE,GAAG,CAAC,IAAI,CAAC,QAAQ;wBAC3B,OAAO,EAAE,OAAO;qBACnB,CAAC,CAAC;oBACH,OAAO;wBACH,QAAQ,EAAE,GAAG,CAAC,IAAI,CAAC,QAAQ;wBAC3B,OAAO,EAAE,OAAO;qBACnB,CAAC;iBACL;gBACD,MAAM,IAAI,KAAK,CAAC,mBAAmB,GAAG,GAAG,CAAC,IAAI,CAAC,IAAI,GAAG,GAAG,GAAG,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACnF,CAAC,CAAC,CAAC;QACX,IAAI,iCAAa,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE;YACxC,yBACO,4CAAwB,CAAC;gBACxB,WAAW,EAAE,OAAO,CAAC,WAAW;gBAChC,eAAe,EAAE,OAAO,CAAC,eAAe;gBACxC,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC;aAC/B,CAAC,IACF,kBAAkB,EAAE,GAAG,CAAC,QAAQ,IAClC;SACL;aAAM,IAAI,wBAAS,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE;YAC3C,yBACO,mCAAoB,CAAC;gBACpB,WAAW,EAAE,OAAO,CAAC,WAAW;gBAChC,eAAe,EAAE,OAAO,CAAC,eAAe;gBACxC,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC;aAC/B,CAAC,IACF,kBAAkB,EAAE,GAAG,CAAC,QAAQ,IAClC;SACL;aAAM,IAAI,sBAAU,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE;YAC5C,yBACO,iCAAqB,CAAC;gBACrB,WAAW,EAAE,OAAO,CAAC,WAAW;gBAChC,eAAe,EAAE,OAAO,CAAC,eAAe;gBACxC,GAAG,EAAE,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC;aACnC,CAAC,IACF,kBAAkB,EAAE,GAAG,CAAC,QAAQ,IAClC;SACL;QACD,UAAU;QACV,OAAO,OAAO,CAAC,OAAO,CAAC;YACnB,IAAI,EAAE,OAAO,CAAC,WAAW;YACzB,OAAO,EAAE,OAAO;YAChB,eAAe,EAAE,OAAO,CAAC,eAAe;YACxC,gBAAgB,EAAE,SAAS;YAC3B,kBAAkB,EAAE,GAAG,CAAC,QAAQ;SACnC,CAAC,CAAC;IACP,CAAC;CAAA;AApED,kDAoEC"}
1
+ {"version":3,"file":"fetchPackageDetails.js","sourceRoot":"","sources":["../src/fetchPackageDetails.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,wCAAwC;AACxC,wDAAwE;AACxE,kEAAqF;AAErF,kDAAuE;AAEvE,MAAM,QAAQ,GAAG,OAAO,CAAC,mBAAmB,CAAC,CAAC;AAU9C,MAAM,QAAQ,GAAG,IAAI,GAAG,EAMrB,CAAC;AAMJ,SAAsB,mBAAmB,CAAC,OAA4B;;QAClE,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC;QAC1B,MAAM,OAAO,GAAG,IAAI,cAAO,CAAC;YACxB,IAAI,EAAE,KAAK;SACd,CAAC,CAAC;QACH,MAAM,QAAQ,GAAG,GAAG,OAAO,CAAC,KAAK,IAAI,OAAO,CAAC,IAAI,IAAI,OAAO,CAAC,eAAe,EAAE,CAAC;QAC/E,MAAM,WAAW,GAAG,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC3C,MAAM,GAAG,GAAG,WAAW;YACnB,CAAC,CAAC,WAAW;YACb,CAAC,CAAC,MAAM,OAAO,CAAC,KAAK;iBACd,UAAU,CAAC;gBACR,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,KAAK,EAAE,OAAO,CAAC,KAAK;gBACpB,IAAI,EAAE,OAAO,CAAC,eAAe;aAChC,CAAC;iBACD,IAAI,CAAC,CAAC,GAAQ,EAAO,EAAE;gBACpB,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,KAAK,MAAM,EAAE;oBAC1B,MAAM,IAAI,KAAK,CAAC,mBAAmB,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC;iBAClE;gBACD,IAAI,GAAG,CAAC,IAAI,CAAC,QAAQ,KAAK,QAAQ,EAAE;oBAChC,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC;oBACnE,QAAQ,CAAC,GAAG,CAAC,QAAQ,EAAE;wBACnB,QAAQ,EAAE,GAAG,CAAC,IAAI,CAAC,QAAQ;wBAC3B,OAAO,EAAE,OAAO;qBACnB,CAAC,CAAC;oBACH,OAAO;wBACH,QAAQ,EAAE,GAAG,CAAC,IAAI,CAAC,QAAQ;wBAC3B,OAAO,EAAE,OAAO;qBACnB,CAAC;iBACL;gBACD,MAAM,IAAI,KAAK,CAAC,mBAAmB,GAAG,GAAG,CAAC,IAAI,CAAC,IAAI,GAAG,GAAG,GAAG,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACnF,CAAC,CAAC,CAAC;QACb,IAAI,IAAA,iCAAa,EAAC,OAAO,CAAC,eAAe,CAAC,EAAE;YACxC,uCACO,IAAA,4CAAwB,EAAC;gBACxB,WAAW,EAAE,OAAO,CAAC,WAAW;gBAChC,eAAe,EAAE,OAAO,CAAC,eAAe;gBACxC,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC;aAC/B,CAAC,KACF,kBAAkB,EAAE,GAAG,CAAC,QAAQ,IAClC;SACL;aAAM,IAAI,IAAA,wBAAS,EAAC,OAAO,CAAC,eAAe,CAAC,EAAE;YAC3C,uCACO,IAAA,mCAAoB,EAAC;gBACpB,WAAW,EAAE,OAAO,CAAC,WAAW;gBAChC,eAAe,EAAE,OAAO,CAAC,eAAe;gBACxC,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC;aAC/B,CAAC,KACF,kBAAkB,EAAE,GAAG,CAAC,QAAQ,IAClC;SACL;aAAM,IAAI,IAAA,sBAAU,EAAC,OAAO,CAAC,eAAe,CAAC,EAAE;YAC5C,uCACO,IAAA,iCAAqB,EAAC;gBACrB,WAAW,EAAE,OAAO,CAAC,WAAW;gBAChC,eAAe,EAAE,OAAO,CAAC,eAAe;gBACxC,GAAG,EAAE,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC;aACnC,CAAC,KACF,kBAAkB,EAAE,GAAG,CAAC,QAAQ,IAClC;SACL;QACD,UAAU;QACV,OAAO,OAAO,CAAC,OAAO,CAAC;YACnB,IAAI,EAAE,OAAO,CAAC,WAAW;YACzB,OAAO,EAAE,OAAO;YAChB,eAAe,EAAE,OAAO,CAAC,eAAe;YACxC,gBAAgB,EAAE,SAAS;YAC3B,kBAAkB,EAAE,GAAG,CAAC,QAAQ;SACnC,CAAC,CAAC;IACP,CAAC;CAAA;AApED,kDAoEC"}
package/lib/index.js CHANGED
@@ -1,7 +1,8 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.fetchVulnerabilityAlerts = exports.fetchPackageDetails = void 0;
3
4
  var fetchPackageDetails_1 = require("./fetchPackageDetails");
4
- exports.fetchPackageDetails = fetchPackageDetails_1.fetchPackageDetails;
5
+ Object.defineProperty(exports, "fetchPackageDetails", { enumerable: true, get: function () { return fetchPackageDetails_1.fetchPackageDetails; } });
5
6
  var VulnerabilityAlerts_1 = require("./VulnerabilityAlerts");
6
- exports.fetchVulnerabilityAlerts = VulnerabilityAlerts_1.fetchVulnerabilityAlerts;
7
+ Object.defineProperty(exports, "fetchVulnerabilityAlerts", { enumerable: true, get: function () { return VulnerabilityAlerts_1.fetchVulnerabilityAlerts; } });
7
8
  //# sourceMappingURL=index.js.map
package/lib/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;AAAA,6DAA+E;AAAlD,oDAAA,mBAAmB,CAAA;AAChD,6DAAwH;AAA/E,yDAAA,wBAAwB,CAAA"}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AAAA,6DAAiF;AAAnD,0HAAA,mBAAmB,OAAA;AACjD,6DAI+B;AAF3B,+HAAA,wBAAwB,OAAA"}
package/lib/parser/package-lock.json.js CHANGED
@@ -1,5 +1,6 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.lookupPackageLockDetails = exports.isPackageLock = void 0;
3
4
  function isPackageLock(packageFilePath) {
4
5
  return /package-lock.json$/.test(packageFilePath);
5
6
  }
package/lib/parser/package-lock.json.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"package-lock.json.js","sourceRoot":"","sources":["../../src/parser/package-lock.json.ts"],"names":[],"mappings":";;AAGA,SAAgB,aAAa,CAAC,eAAuB;IACjD,OAAO,oBAAoB,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;AACtD,CAAC;AAFD,sCAEC;AAED,SAAgB,wBAAwB,CAAC,EAAE,WAAW,EAAE,eAAe,EAAE,GAAG,EAI3E;IACG,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE;QACnB,OAAO;YACH,IAAI,EAAE,WAAW;YACjB,eAAe;YACf,OAAO,EAAE,OAAO;YAChB,gBAAgB,EAAE,SAAS;SAC9B,CAAC;KACL;IACD,MAAM,UAAU,GAAG,GAAG,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC;IACjD,IAAI,CAAC,UAAU,EAAE;QACb,OAAO;YACH,IAAI,EAAE,WAAW;YACjB,eAAe;YACf,OAAO,EAAE,OAAO;YAChB,gBAAgB,EAAE,SAAS;SAC9B,CAAC;KACL;IACD,MAAM,IAAI,GAAqB,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,cAAc,CAAC;IACnF,OAAO;QACH,IAAI,EAAE,WAAW;QACjB,eAAe;QACf,OAAO,EAAE,UAAU,CAAC,OAAO;QAC3B,gBAAgB,EAAE,IAAI;KACzB,CAAC;AACN,CAAC;AA7BD,4DA6BC"}
1
+ {"version":3,"file":"package-lock.json.js","sourceRoot":"","sources":["../../src/parser/package-lock.json.ts"],"names":[],"mappings":";;;AAGA,SAAgB,aAAa,CAAC,eAAuB;IACjD,OAAO,oBAAoB,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;AACtD,CAAC;AAFD,sCAEC;AAED,SAAgB,wBAAwB,CAAC,EACrC,WAAW,EACX,eAAe,EACf,GAAG,EAKN;IACG,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE;QACnB,OAAO;YACH,IAAI,EAAE,WAAW;YACjB,eAAe;YACf,OAAO,EAAE,OAAO;YAChB,gBAAgB,EAAE,SAAS;SAC9B,CAAC;KACL;IACD,MAAM,UAAU,GAAG,GAAG,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC;IACjD,IAAI,CAAC,UAAU,EAAE;QACb,OAAO;YACH,IAAI,EAAE,WAAW;YACjB,eAAe;YACf,OAAO,EAAE,OAAO;YAChB,gBAAgB,EAAE,SAAS;SAC9B,CAAC;KACL;IACD,MAAM,IAAI,GAAqB,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,cAAc,CAAC;IACnF,OAAO;QACH,IAAI,EAAE,WAAW;QACjB,eAAe;QACf,OAAO,EAAE,UAAU,CAAC,OAAO;QAC3B,gBAAgB,EAAE,IAAI;KACzB,CAAC;AACN,CAAC;AAjCD,4DAiCC"}
package/lib/parser/package.json.js CHANGED
@@ -1,5 +1,6 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.lookupPackageDetails = exports.isPackage = void 0;
3
4
  function isPackage(packageFilePath) {
4
5
  return /pacakge.json$/.test(packageFilePath);
5
6
  }
package/lib/parser/package.json.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"package.json.js","sourceRoot":"","sources":["../../src/parser/package.json.ts"],"names":[],"mappings":";;AAGA,SAAgB,SAAS,CAAC,eAAuB;IAC7C,OAAO,eAAe,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;AACjD,CAAC;AAFD,8BAEC;AAED,SAAgB,oBAAoB,CAAC,EAAE,WAAW,EAAE,eAAe,EAAE,GAAG,EAIvE;IACG,4CAA4C;IAC5C,MAAM,YAAY,GAAI,GAAW,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC;IACxD,MAAM,eAAe,GAAG,GAAG,CAAC,iBAAiB,CAAC,IAAI,EAAE,CAAC;IACrD,MAAM,MAAM,GAAG,CAAC,GAA4D,EAAE;QAC1E,IAAI,YAAY,CAAC,cAAc,CAAC,WAAW,CAAC,EAAE;YAC1C,OAAO;gBACH,gBAAgB,EAAE,cAAc;gBAChC,OAAO,EAAE,YAAY,CAAC,WAAW,CAAC;aACrC,CAAC;SACL;QACD,IAAI,eAAe,CAAC,cAAc,CAAC,WAAW,CAAC,EAAE;YAC7C,OAAO;gBACH,gBAAgB,EAAE,iBAAiB;gBACnC,OAAO,EAAE,eAAe,CAAC,WAAW,CAAC;aACxC,CAAC;SACL;QACD,OAAO;YACH,gBAAgB,EAAE,SAAS;YAC3B,OAAO,EAAE,OAAO;SACnB,CAAC;IACN,CAAC,CAAC,EAAE,CAAC;IACL,OAAO;QACH,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,eAAe;QACf,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;KAC5C,CAAC;AACN,CAAC;AAhCD,oDAgCC"}
1
+ {"version":3,"file":"package.json.js","sourceRoot":"","sources":["../../src/parser/package.json.ts"],"names":[],"mappings":";;;AAGA,SAAgB,SAAS,CAAC,eAAuB;IAC7C,OAAO,eAAe,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;AACjD,CAAC;AAFD,8BAEC;AAED,SAAgB,oBAAoB,CAAC,EACjC,WAAW,EACX,eAAe,EACf,GAAG,EAKN;IACG,4CAA4C;IAC5C,MAAM,YAAY,GAAI,GAAW,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC;IACxD,MAAM,eAAe,GAAG,GAAG,CAAC,iBAAiB,CAAC,IAAI,EAAE,CAAC;IACrD,MAAM,MAAM,GAAG,CAAC,GAA4D,EAAE;QAC1E,IAAI,YAAY,CAAC,cAAc,CAAC,WAAW,CAAC,EAAE;YAC1C,OAAO;gBACH,gBAAgB,EAAE,cAAc;gBAChC,OAAO,EAAE,YAAY,CAAC,WAAW,CAAC;aACrC,CAAC;SACL;QACD,IAAI,eAAe,CAAC,cAAc,CAAC,WAAW,CAAC,EAAE;YAC7C,OAAO;gBACH,gBAAgB,EAAE,iBAAiB;gBACnC,OAAO,EAAE,eAAe,CAAC,WAAW,CAAC;aACxC,CAAC;SACL;QACD,OAAO;YACH,gBAAgB,EAAE,SAAS;YAC3B,OAAO,EAAE,OAAO;SACnB,CAAC;IACN,CAAC,CAAC,EAAE,CAAC;IACL,OAAO;QACH,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,eAAe;QACf,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;KAC5C,CAAC;AACN,CAAC;AApCD,oDAoCC"}
package/lib/parser/yarn-lock.js CHANGED
@@ -1,5 +1,6 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.lookupYarnLockDetails = exports.isYarnLock = void 0;
3
4
  function isYarnLock(packageFilePath) {
4
5
  return /yarn.lock$/.test(packageFilePath);
5
6
  }
@@ -13,7 +14,7 @@ function lookupYarnLockDetails({ packageName, packageFilePath, pkg }) {
13
14
  dependenciesType: "unknown"
14
15
  };
15
16
  }
16
- const matchKey = Object.keys(pkg.object).find(key => {
17
+ const matchKey = Object.keys(pkg.object).find((key) => {
17
18
  const keyName = key.slice(0, key.lastIndexOf("@"));
18
19
  return keyName === packageName;
19
20
  });
package/lib/parser/yarn-lock.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"yarn-lock.js","sourceRoot":"","sources":["../../src/parser/yarn-lock.ts"],"names":[],"mappings":";;AAEA,SAAgB,UAAU,CAAC,eAAuB;IAC9C,OAAO,YAAY,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;AAC9C,CAAC;AAFD,gCAEC;AAED,SAAgB,qBAAqB,CAAC,EAAC,WAAW,EAAE,eAAe,EAAE,GAAG,EAIvE;IACG,IAAI,GAAG,CAAC,IAAI,KAAK,SAAS,EAAE;QACxB,OAAO;YACH,IAAI,EAAE,WAAW;YACjB,eAAe;YACf,OAAO,EAAE,OAAO;YAChB,gBAAgB,EAAE,SAAS;SAC9B,CAAC;KACL;IACD,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;QAChD,MAAM,OAAO,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC;QACnD,OAAO,OAAO,KAAK,WAAW,CAAC;IACnC,CAAC,CAAC,CAAC;IACH,IAAI,CAAC,QAAQ,EAAE;QACX,OAAO;YACH,IAAI,EAAE,WAAW;YACjB,eAAe;YACf,OAAO,EAAE,OAAO;YAChB,gBAAgB,EAAE,SAAS;SAC9B,CAAC;KACL;IACD,MAAM,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACjC,OAAO;QACH,IAAI,EAAE,WAAW;QACjB,eAAe;QACf,OAAO,EAAE,GAAG,CAAC,OAAO;QACpB,gBAAgB,EAAE,SAAS;KAC9B,CAAC;AACN,CAAC;AAhCD,sDAgCC"}
1
+ {"version":3,"file":"yarn-lock.js","sourceRoot":"","sources":["../../src/parser/yarn-lock.ts"],"names":[],"mappings":";;;AAEA,SAAgB,UAAU,CAAC,eAAuB;IAC9C,OAAO,YAAY,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;AAC9C,CAAC;AAFD,gCAEC;AAED,SAAgB,qBAAqB,CAAC,EAClC,WAAW,EACX,eAAe,EACf,GAAG,EAQN;IACG,IAAI,GAAG,CAAC,IAAI,KAAK,SAAS,EAAE;QACxB,OAAO;YACH,IAAI,EAAE,WAAW;YACjB,eAAe;YACf,OAAO,EAAE,OAAO;YAChB,gBAAgB,EAAE,SAAS;SAC9B,CAAC;KACL;IACD,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE;QAClD,MAAM,OAAO,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC;QACnD,OAAO,OAAO,KAAK,WAAW,CAAC;IACnC,CAAC,CAAC,CAAC;IACH,IAAI,CAAC,QAAQ,EAAE;QACX,OAAO;YACH,IAAI,EAAE,WAAW;YACjB,eAAe;YACf,OAAO,EAAE,OAAO;YAChB,gBAAgB,EAAE,SAAS;SAC9B,CAAC;KACL;IACD,MAAM,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACjC,OAAO;QACH,IAAI,EAAE,WAAW;QACjB,eAAe;QACf,OAAO,EAAE,GAAG,CAAC,OAAO;QACpB,gBAAgB,EAAE,SAAS;KAC9B,CAAC;AACN,CAAC;AAvCD,sDAuCC"}
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@security-alert/share",
3
- "version": "1.2.0",
4
- "description": "[GitHub] Create an issue from security alert's url.",
3
+ "version": "1.10.4",
4
+ "description": "security alert shared lib",
5
5
  "keywords": [
6
6
  "cli",
7
7
  "console",
@@ -10,13 +10,13 @@
10
10
  "security",
11
11
  "tool"
12
12
  ],
13
- "homepage": "https://github.com/azu/security-alert",
13
+ "homepage": "https://github.com/security-alert/security-alert",
14
14
  "bugs": {
15
- "url": "https://github.com/azu/security-alert/issues"
15
+ "url": "https://github.com/security-alert/security-alert/issues"
16
16
  },
17
17
  "repository": {
18
18
  "type": "git",
19
- "url": "https://github.com/azu/security-alert.git"
19
+ "url": "https://github.com/security-alert/security-alert.git"
20
20
  },
21
21
  "license": "MIT",
22
22
  "author": "azu",
@@ -34,52 +34,34 @@
34
34
  "scripts": {
35
35
  "build": "cross-env NODE_ENV=production tsc -p .",
36
36
  "clean": "rimraf lib/",
37
- "prettier": "prettier --write \"**/*.{js,jsx,ts,tsx,css}\"",
38
37
  "prepublish": "npm run --if-present build",
39
38
  "test": "mocha \"test/**/*.ts\"",
40
39
  "watch": "tsc -p . --watch"
41
40
  },
42
- "husky": {
43
- "hooks": {
44
- "precommit": "lint-staged"
45
- }
46
- },
47
- "lint-staged": {
48
- "*.{js,jsx,ts,tsx,css}": [
49
- "prettier --write",
50
- "git add"
51
- ]
52
- },
53
- "prettier": {
54
- "printWidth": 120,
55
- "singleQuote": false,
56
- "tabWidth": 4
57
- },
58
41
  "devDependencies": {
59
- "@types/lodash": "^4.14.134",
42
+ "@types/lodash": "^4.14.158",
60
43
  "@types/meow": "^5.0.0",
61
- "@types/mocha": "^5.2.7",
62
- "@types/nock": "^10.0.3",
63
- "@types/node": "^12.0.10",
64
- "cross-env": "^5.2.0",
65
- "husky": "^2.5.0",
66
- "lint-staged": "^8.2.1",
67
- "mocha": "^6.2.0",
68
- "nock": "^10.0.6",
69
- "prettier": "^1.18.2",
70
- "rimraf": "^2.6.3",
71
- "ts-node": "^8.3.0",
72
- "ts-node-test-register": "^8.0.1",
73
- "typescript": "^3.5.2"
44
+ "@types/mocha": "^8.0.1",
45
+ "@types/nock": "^11.1.0",
46
+ "@types/node": "^14.18.12",
47
+ "cross-env": "^7.0.2",
48
+ "husky": "^4.2.5",
49
+ "mocha": "^9.2.2",
50
+ "nock": "^13.0.3",
51
+ "rimraf": "^3.0.2",
52
+ "ts-node": "^10.7.0",
53
+ "ts-node-test-register": "^10.0.0",
54
+ "typescript": "^4.6.3"
74
55
  },
75
56
  "dependencies": {
76
57
  "@npm/types": "^1.0.1",
77
- "@octokit/graphql": "^2.1.2",
78
- "@octokit/rest": "^16.28.2",
58
+ "@octokit/graphql": "^4.5.3",
59
+ "@octokit/rest": "^18.0.3",
60
+ "@octokit/types": "^6.34.0",
79
61
  "@yarnpkg/lockfile": "^1.0.0",
80
- "meow": "^5.0.0"
62
+ "meow": "^7.0.1"
81
63
  },
82
- "gitHead": "879124d0c5f67a8267b0a9f0dd243b172624e5e8",
64
+ "gitHead": "c362df11d1023f31c0a4342df87226e6fadf61e3",
83
65
  "publishConfig": {
84
66
  "access": "public"
85
67
  }
package/src/VulnerabilityAlerts.ts CHANGED
@@ -1,14 +1,14 @@
1
- const graphql = require("@octokit/graphql");
1
+ import { graphql } from "@octokit/graphql";
2
2
 
3
3
  export type fetchVulnerabilityAlertsOptions = {
4
4
  token: string;
5
5
  owner: string;
6
6
  repo: string;
7
- }
7
+ };
8
8
 
9
9
  export type VulnerabilityAlertNode = {
10
10
  id: string;
11
- vulnerableManifestFilename: string
11
+ vulnerableManifestFilename: string;
12
12
  vulnerableManifestPath: string;
13
13
  vulnerableRequirements: string;
14
14
  dismissReason: string | null;
@@ -20,10 +20,10 @@ export type VulnerabilityAlertNode = {
20
20
  description: string;
21
21
  ghsaId: string;
22
22
  severity: string;
23
- summary: string
24
- identifiers: { id: string; value: string; }[]
25
- references: { url: string }[]
26
- }
23
+ summary: string;
24
+ identifiers: { id: string; value: string }[];
25
+ references: { url: string }[];
26
+ };
27
27
  securityVulnerability: {
28
28
  firstPatchedVersion?: {
29
29
  identifier: string;
@@ -32,64 +32,70 @@ export type VulnerabilityAlertNode = {
32
32
  severity: string;
33
33
  package: {
34
34
  name: string;
35
- ecosystem: string
36
- }
37
- }
38
- }
35
+ ecosystem: string;
36
+ };
37
+ };
38
+ };
39
39
 
40
- export async function fetchVulnerabilityAlerts(options: fetchVulnerabilityAlertsOptions): Promise<VulnerabilityAlertNode[]> {
40
+ export async function fetchVulnerabilityAlerts(
41
+ options: fetchVulnerabilityAlertsOptions
42
+ ): Promise<VulnerabilityAlertNode[]> {
41
43
  // https://developer.github.com/v4/object/repository/#connections
42
- const { repository } = await graphql(`
43
- query vulnerabilityAlerts($owner: String!, $repo: String!) {
44
- repository(owner:$owner, name:$repo) {
45
- vulnerabilityAlerts(first:100) {
46
- edges {
47
- node {
48
- id
49
- vulnerableManifestFilename
50
- vulnerableManifestPath
51
- vulnerableRequirements
52
- dismissReason
53
- dismissedAt
54
- dismisser {
55
- login
56
- }
57
- securityAdvisory {
58
- ghsaId
59
- description
60
- severity
61
- summary
62
- identifiers {
63
- type
64
- value
44
+ const { repository } = await graphql(
45
+ `
46
+ query vulnerabilityAlerts($owner: String!, $repo: String!) {
47
+ repository(owner: $owner, name: $repo) {
48
+ vulnerabilityAlerts(first: 100) {
49
+ edges {
50
+ node {
51
+ id
52
+ vulnerableManifestFilename
53
+ vulnerableManifestPath
54
+ vulnerableRequirements
55
+ dismissReason
56
+ dismissedAt
57
+ dismisser {
58
+ login
59
+ }
60
+ securityAdvisory {
61
+ ghsaId
62
+ description
63
+ severity
64
+ summary
65
+ identifiers {
66
+ type
67
+ value
68
+ }
69
+ references {
70
+ url
71
+ }
72
+ }
73
+ securityVulnerability {
74
+ firstPatchedVersion {
75
+ identifier
76
+ }
77
+ vulnerableVersionRange
78
+ severity
79
+ package {
80
+ name
81
+ ecosystem
82
+ }
83
+ }
84
+ }
85
+ }
86
+ }
87
+ }
65
88
  }
66
- references {
67
- url
89
+ `,
90
+ {
91
+ owner: options.owner,
92
+ repo: options.repo,
93
+ headers: {
94
+ authorization: `token ${options.token}`,
95
+ accept: "application/vnd.github.vixen-preview+json"
68
96
  }
69
- }
70
- securityVulnerability {
71
- firstPatchedVersion {
72
- identifier
73
- }
74
- vulnerableVersionRange
75
- severity
76
- package {
77
- name
78
- ecosystem
79
- }
80
- }
81
97
  }
82
- }
83
- }
84
- }
85
- }`, {
86
- owner: options.owner,
87
- repo: options.repo,
88
- headers: {
89
- authorization: `token ${options.token}`,
90
- accept: "application/vnd.github.vixen-preview+json"
91
- }
92
- });
98
+ );
93
99
  return repository.vulnerabilityAlerts.edges.map((edge: any) => {
94
100
  return edge.node;
95
101
  });
package/src/fetchPackageDetails.ts CHANGED
@@ -1,8 +1,8 @@
1
- import Octokit from "@octokit/rest";
2
- import {isPackage, lookupPackageDetails} from "./parser/package.json";
3
- import {isPackageLock, lookupPackageLockDetails} from "./parser/package-lock.json";
4
- import {PackageDetails} from "./parser/Details";
5
- import {isYarnLock, lookupYarnLockDetails} from "./parser/yarn-lock";
1
+ import { Octokit } from "@octokit/rest";
2
+ import { isPackage, lookupPackageDetails } from "./parser/package.json";
3
+ import { isPackageLock, lookupPackageLockDetails } from "./parser/package-lock.json";
4
+ import { PackageDetails } from "./parser/Details";
5
+ import { isYarnLock, lookupYarnLockDetails } from "./parser/yarn-lock";
6
6
 
7
7
  const lockfile = require("@yarnpkg/lockfile");
8
8
 
@@ -14,17 +14,20 @@ export type fetchPackageOptions = {
14
14
  packageFilePath: string;
15
15
  };
16
16
 
17
- const cacheMap = new Map<string, {
18
- html_url: string,
19
- content: string,
20
- }>();
17
+ const cacheMap = new Map<
18
+ string,
19
+ {
20
+ html_url: string;
21
+ content: string;
22
+ }
23
+ >();
21
24
 
22
25
  export type fetchPackageDetails = PackageDetails & {
23
26
  packageManifestUrl: string;
24
- }
27
+ };
25
28
 
26
29
  export async function fetchPackageDetails(options: fetchPackageOptions): Promise<fetchPackageDetails> {
27
- const {token} = options;
30
+ const { token } = options;
28
31
  const octokit = new Octokit({
29
32
  auth: token
30
33
  });
@@ -33,28 +36,28 @@ export async function fetchPackageDetails(options: fetchPackageOptions): Promise
33
36
  const pkg = cachedValue
34
37
  ? cachedValue
35
38
  : await octokit.repos
36
- .getContents({
37
- repo: options.repo,
38
- owner: options.owner,
39
- path: options.packageFilePath
40
- })
41
- .then(res => {
42
- if (res.data.type !== "file") {
43
- throw new Error("This is not file:" + options.packageFilePath);
44
- }
45
- if (res.data.encoding === "base64") {
46
- const content = Buffer.from(res.data.content, "base64").toString();
47
- cacheMap.set(cacheKey, {
48
- html_url: res.data.html_url,
49
- content: content
50
- });
51
- return {
52
- html_url: res.data.html_url,
53
- content: content
54
- };
55
- }
56
- throw new Error("Unknown file type" + res.data.type + ":" + res.data.encoding);
57
- });
39
+ .getContent({
40
+ repo: options.repo,
41
+ owner: options.owner,
42
+ path: options.packageFilePath
43
+ })
44
+ .then((res: any): any => {
45
+ if (res.data.type !== "file") {
46
+ throw new Error("This is not file:" + options.packageFilePath);
47
+ }
48
+ if (res.data.encoding === "base64") {
49
+ const content = Buffer.from(res.data.content, "base64").toString();
50
+ cacheMap.set(cacheKey, {
51
+ html_url: res.data.html_url,
52
+ content: content
53
+ });
54
+ return {
55
+ html_url: res.data.html_url,
56
+ content: content
57
+ };
58
+ }
59
+ throw new Error("Unknown file type" + res.data.type + ":" + res.data.encoding);
60
+ });
58
61
  if (isPackageLock(options.packageFilePath)) {
59
62
  return {
60
63
  ...lookupPackageLockDetails({
package/src/index.ts CHANGED
@@ -1,3 +1,7 @@
1
- export {fetchPackageOptions, fetchPackageDetails} from "./fetchPackageDetails";
2
- export {fetchVulnerabilityAlertsOptions, fetchVulnerabilityAlerts, VulnerabilityAlertNode} from "./VulnerabilityAlerts";
3
- export {PackageDetails} from "./parser/Details";
1
+ export { fetchPackageOptions, fetchPackageDetails } from "./fetchPackageDetails";
2
+ export {
3
+ fetchVulnerabilityAlertsOptions,
4
+ fetchVulnerabilityAlerts,
5
+ VulnerabilityAlertNode
6
+ } from "./VulnerabilityAlerts";
7
+ export { PackageDetails } from "./parser/Details";
package/src/parser/Details.ts CHANGED
@@ -4,4 +4,4 @@ export type PackageDetails = {
4
4
  version: string;
5
5
  packageFilePath: string;
6
6
  dependenciesType: DependenciesType;
7
- }
7
+ };
package/src/parser/package-lock.json.ts CHANGED
@@ -5,10 +5,14 @@ export function isPackageLock(packageFilePath: string) {
5
5
  return /package-lock.json$/.test(packageFilePath);
6
6
  }
7
7
 
8
- export function lookupPackageLockDetails({ packageName, packageFilePath, pkg }: {
9
- packageName: string,
10
- packageFilePath: string,
11
- pkg: PackageLock
8
+ export function lookupPackageLockDetails({
9
+ packageName,
10
+ packageFilePath,
11
+ pkg
12
+ }: {
13
+ packageName: string;
14
+ packageFilePath: string;
15
+ pkg: PackageLock;
12
16
  }): PackageDetails {
13
17
  if (!pkg.dependencies) {
14
18
  return {
package/src/parser/package.json.ts CHANGED
@@ -5,15 +5,19 @@ export function isPackage(packageFilePath: string) {
5
5
  return /pacakge.json$/.test(packageFilePath);
6
6
  }
7
7
 
8
- export function lookupPackageDetails({ packageName, packageFilePath, pkg }: {
9
- packageName: string,
10
- packageFilePath: string,
11
- pkg: PackageJson
8
+ export function lookupPackageDetails({
9
+ packageName,
10
+ packageFilePath,
11
+ pkg
12
+ }: {
13
+ packageName: string;
14
+ packageFilePath: string;
15
+ pkg: PackageJson;
12
16
  }): PackageDetails {
13
17
  // TODO: https://github.com/npm/types/pull/2
14
18
  const dependencies = (pkg as any)["dependencies"] || {};
15
19
  const devDependencies = pkg["devDependencies"] || {};
16
- const target = ((): { dependenciesType: DependenciesType, version: string } => {
20
+ const target = ((): { dependenciesType: DependenciesType; version: string } => {
17
21
  if (dependencies.hasOwnProperty(packageName)) {
18
22
  return {
19
23
  dependenciesType: "dependencies",
package/src/parser/yarn-lock.ts CHANGED
@@ -1,13 +1,20 @@
1
- import {PackageDetails} from "./Details";
1
+ import { PackageDetails } from "./Details";
2
2
 
3
3
  export function isYarnLock(packageFilePath: string) {
4
4
  return /yarn.lock$/.test(packageFilePath);
5
5
  }
6
6
 
7
- export function lookupYarnLockDetails({packageName, packageFilePath, pkg}: {
8
- packageName: string,
9
- packageFilePath: string,
10
- pkg: { type: string, object: { [index: string]: { version: string, resolve: string, integrity: string, dependencies: object } } }
7
+ export function lookupYarnLockDetails({
8
+ packageName,
9
+ packageFilePath,
10
+ pkg
11
+ }: {
12
+ packageName: string;
13
+ packageFilePath: string;
14
+ pkg: {
15
+ type: string;
16
+ object: { [index: string]: { version: string; resolve: string; integrity: string; dependencies: object } };
17
+ };
11
18
  }): PackageDetails {
12
19
  if (pkg.type !== "success") {
13
20
  return {
@@ -17,7 +24,7 @@ export function lookupYarnLockDetails({packageName, packageFilePath, pkg}: {
17
24
  dependenciesType: "unknown"
18
25
  };
19
26
  }
20
- const matchKey = Object.keys(pkg.object).find(key => {
27
+ const matchKey = Object.keys(pkg.object).find((key) => {
21
28
  const keyName = key.slice(0, key.lastIndexOf("@"));
22
29
  return keyName === packageName;
23
30
  });
package/CHANGELOG.md DELETED
@@ -1,25 +0,0 @@
1
- # Change Log
2
-
3
- All notable changes to this project will be documented in this file.
4
- See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
5
-
6
- # [1.2.0](https://github.com/azu/security-alert/compare/v1.1.1...v1.2.0) (2019-07-19)
7
-
8
-
9
- ### Bug Fixes
10
-
11
- * **package:** add publishConfig ([0534d41](https://github.com/azu/security-alert/commit/0534d41))
12
- * lockfile ([76d7f95](https://github.com/azu/security-alert/commit/76d7f95))
13
-
14
-
15
- ### Features
16
-
17
- * **create-issue:** support yarn.lock ([5857f2c](https://github.com/azu/security-alert/commit/5857f2c))
18
-
19
-
20
-
21
-
22
-
23
- ## 1.1.1 (2019-07-05)
24
-
25
- **Note:** Version bump only for package @security-alert/share