@victor-software-house/is-node-vulnerable 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +113 -0
- package/data/schedule.json +153 -0
- package/data/security.json +1582 -0
- package/dist/index.d.mts +98 -0
- package/dist/index.d.mts.map +1 -0
- package/dist/index.mjs +1972 -0
- package/dist/index.mjs.map +1 -0
- package/package.json +82 -0
package/dist/index.d.mts
ADDED
|
@@ -0,0 +1,98 @@
|
|
|
1
|
+
#!/usr/bin/env node
|
|
2
|
+
import { z } from "zod";
|
|
3
|
+
import * as z4 from "zod/v4/core";
|
|
4
|
+
|
|
5
|
+
//#region schedule.d.ts
|
|
6
|
+
/**
|
|
7
|
+
* Node.js release schedule checking
|
|
8
|
+
*/
|
|
9
|
+
/**
|
|
10
|
+
* Check if a Node.js version is end-of-life
|
|
11
|
+
*
|
|
12
|
+
* @param version - Node.js version (e.g., "v20.10.0", "18.0.0")
|
|
13
|
+
* @returns True if the version is end-of-life, false otherwise
|
|
14
|
+
* @throws Error if version information cannot be loaded
|
|
15
|
+
*
|
|
16
|
+
* @example
|
|
17
|
+
* ```typescript
|
|
18
|
+
* const isEOL = isNodeEOL('v16.0.0');
|
|
19
|
+
* console.log(isEOL); // true
|
|
20
|
+
* ```
|
|
21
|
+
*/
|
|
22
|
+
declare function isNodeEOL(version: string): boolean;
|
|
23
|
+
//#endregion
|
|
24
|
+
//#region schemas.d.ts
|
|
25
|
+
declare const vulnerabilityEntrySchema: z.ZodObject<{
|
|
26
|
+
affectedEnvironments: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
27
|
+
cve: z.ZodArray<z.ZodString>;
|
|
28
|
+
description: z.ZodOptional<z.ZodString>;
|
|
29
|
+
overview: z.ZodOptional<z.ZodString>;
|
|
30
|
+
patched: z.ZodString;
|
|
31
|
+
ref: z.ZodOptional<z.ZodString>;
|
|
32
|
+
severity: z.ZodEnum<{
|
|
33
|
+
unknown: "unknown";
|
|
34
|
+
critical: "critical";
|
|
35
|
+
high: "high";
|
|
36
|
+
low: "low";
|
|
37
|
+
medium: "medium";
|
|
38
|
+
}>;
|
|
39
|
+
vulnerable: z.ZodString;
|
|
40
|
+
}, z.core.$strip>;
|
|
41
|
+
declare const securityDatabaseSchema: z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
42
|
+
affectedEnvironments: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
43
|
+
cve: z.ZodArray<z.ZodString>;
|
|
44
|
+
description: z.ZodOptional<z.ZodString>;
|
|
45
|
+
overview: z.ZodOptional<z.ZodString>;
|
|
46
|
+
patched: z.ZodString;
|
|
47
|
+
ref: z.ZodOptional<z.ZodString>;
|
|
48
|
+
severity: z.ZodEnum<{
|
|
49
|
+
unknown: "unknown";
|
|
50
|
+
critical: "critical";
|
|
51
|
+
high: "high";
|
|
52
|
+
low: "low";
|
|
53
|
+
medium: "medium";
|
|
54
|
+
}>;
|
|
55
|
+
vulnerable: z.ZodString;
|
|
56
|
+
}, z.core.$strip>>;
|
|
57
|
+
declare const releaseScheduleEntrySchema: z.ZodObject<{
|
|
58
|
+
codename: z.ZodOptional<z.ZodString>;
|
|
59
|
+
end: z.ZodOptional<z.ZodString>;
|
|
60
|
+
lts: z.ZodOptional<z.ZodString>;
|
|
61
|
+
maintenance: z.ZodOptional<z.ZodString>;
|
|
62
|
+
start: z.ZodString;
|
|
63
|
+
}, z.core.$strip>;
|
|
64
|
+
declare const releaseScheduleSchema: z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
65
|
+
codename: z.ZodOptional<z.ZodString>;
|
|
66
|
+
end: z.ZodOptional<z.ZodString>;
|
|
67
|
+
lts: z.ZodOptional<z.ZodString>;
|
|
68
|
+
maintenance: z.ZodOptional<z.ZodString>;
|
|
69
|
+
start: z.ZodString;
|
|
70
|
+
}, z.core.$strip>>;
|
|
71
|
+
//#endregion
|
|
72
|
+
//#region types.d.ts
|
|
73
|
+
type ReleaseSchedule = z4.output<typeof releaseScheduleSchema>;
|
|
74
|
+
type ReleaseScheduleEntry = z4.output<typeof releaseScheduleEntrySchema>;
|
|
75
|
+
type SecurityDatabase = z4.output<typeof securityDatabaseSchema>;
|
|
76
|
+
type VulnerabilityEntry = z4.output<typeof vulnerabilityEntrySchema>;
|
|
77
|
+
declare const PLATFORMS: readonly ["aix", "android", "darwin", "freebsd", "linux", "openbsd", "sunos", "win32"];
|
|
78
|
+
type Platform = (typeof PLATFORMS)[number];
|
|
79
|
+
//#endregion
|
|
80
|
+
//#region vulnerability.d.ts
|
|
81
|
+
/**
|
|
82
|
+
* Check if a Node.js version is vulnerable to known CVEs
|
|
83
|
+
*
|
|
84
|
+
* @param version - Node.js version (e.g., "v20.10.0", "18.0.0")
|
|
85
|
+
* @param platform - Optional platform (darwin, linux, win32, etc.)
|
|
86
|
+
* @returns True if vulnerable or end-of-life, false otherwise
|
|
87
|
+
* @throws Error if version or platform is invalid
|
|
88
|
+
*
|
|
89
|
+
* @example
|
|
90
|
+
* ```typescript
|
|
91
|
+
* const vulnerable = isNodeVulnerable('v20.10.0', 'darwin');
|
|
92
|
+
* console.log(vulnerable); // false
|
|
93
|
+
* ```
|
|
94
|
+
*/
|
|
95
|
+
declare function isNodeVulnerable(platform?: Platform, version?: string): boolean;
|
|
96
|
+
//#endregion
|
|
97
|
+
export { type Platform, type ReleaseSchedule, type ReleaseScheduleEntry, type SecurityDatabase, type VulnerabilityEntry, isNodeEOL, isNodeVulnerable };
|
|
98
|
+
//# sourceMappingURL=index.d.mts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.mts","names":[],"sources":["../schedule.ts","../schemas.ts","../types.ts","../vulnerability.ts"],"mappings":";;;;;;AAyBA;;;AAAA;;;;ACnBA;;;;;;;;iBDmBgB,SAAA,CAAA,OAAA;;;cCnBH,wBAAA,EAAwB,CAAA,CAAA,SAAA;EAAA,oBAAA;;;;;;;;;;;;;;;cAWxB,sBAAA,EAAsB,CAAA,CAAA,SAAA,CAAA,CAAA,CAAA,SAAA,EAAA,CAAA,CAAA,SAAA;EAAA,oBAAA;;;;;;;;;;;;;;;cAKtB,0BAAA,EAA0B,CAAA,CAAA,SAAA;EAAA,QAAA;;;;;;cAQ1B,qBAAA,EAAqB,CAAA,CAAA,SAAA,CAAA,CAAA,CAAA,SAAA,EAAA,CAAA,CAAA,SAAA;EAAA,QAAA;;;;;;;;KCjBtB,eAAA,GAAkB,EAAA,CAAG,MAAA,QAAc,qBAAA;AAAA,KACnC,oBAAA,GAAuB,EAAA,CAAG,MAAA,QAAc,0BAAA;AAAA,KACxC,gBAAA,GAAmB,EAAA,CAAG,MAAA,QAAc,sBAAA;AAAA,KACpC,kBAAA,GAAqB,EAAA,CAAG,MAAA,QAAc,wBAAA;AAAA,cAErC,SAAA;AAAA,KAWD,QAAA,WAAmB,SAAA;;;;AC2C/B;;;;;;;;;;;;;iBAAgB,gBAAA,CAAA,QAAA,GACJ,QAAA,EAAA,OAAA"}
|