@westbayberry/dg 1.0.20 → 1.0.22
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.mjs +24 -5
- package/package.json +1 -1
package/dist/index.mjs
CHANGED
|
@@ -41143,21 +41143,35 @@ async function scanProjects(projects, config, dispatch) {
|
|
|
41143
41143
|
try {
|
|
41144
41144
|
const npmProjects = projects.filter((p) => p.ecosystem === "npm");
|
|
41145
41145
|
const pypiProjects = projects.filter((p) => p.ecosystem === "pypi");
|
|
41146
|
+
const fullScanConfig = { ...config, scanAll: true };
|
|
41146
41147
|
const npmPackages = [];
|
|
41147
41148
|
const pypiPackages = [];
|
|
41149
|
+
const seenNpm = /* @__PURE__ */ new Set();
|
|
41150
|
+
const seenPypi = /* @__PURE__ */ new Set();
|
|
41148
41151
|
for (const proj of npmProjects) {
|
|
41149
41152
|
try {
|
|
41150
|
-
const discovery = discoverChanges(proj.path,
|
|
41153
|
+
const discovery = discoverChanges(proj.path, fullScanConfig);
|
|
41151
41154
|
for (const pkg of discovery.packages) {
|
|
41152
|
-
|
|
41155
|
+
const key = `${pkg.name}@${pkg.version}`;
|
|
41156
|
+
if (!config.allowlist.includes(pkg.name) && !seenNpm.has(key)) {
|
|
41157
|
+
seenNpm.add(key);
|
|
41158
|
+
npmPackages.push(pkg);
|
|
41159
|
+
}
|
|
41153
41160
|
}
|
|
41154
41161
|
} catch {
|
|
41155
41162
|
}
|
|
41156
41163
|
}
|
|
41157
41164
|
for (const proj of pypiProjects) {
|
|
41158
|
-
|
|
41159
|
-
|
|
41160
|
-
|
|
41165
|
+
try {
|
|
41166
|
+
const packages = parsePythonDepFile(proj.path, proj.depFile);
|
|
41167
|
+
for (const pkg of packages) {
|
|
41168
|
+
const key = `${pkg.name}@${pkg.version}`;
|
|
41169
|
+
if (!config.allowlist.includes(pkg.name) && !seenPypi.has(key)) {
|
|
41170
|
+
seenPypi.add(key);
|
|
41171
|
+
pypiPackages.push(pkg);
|
|
41172
|
+
}
|
|
41173
|
+
}
|
|
41174
|
+
} catch {
|
|
41161
41175
|
}
|
|
41162
41176
|
}
|
|
41163
41177
|
const totalPackages = npmPackages.length + pypiPackages.length;
|
|
@@ -41930,16 +41944,21 @@ var init_App2 = __esm({
|
|
|
41930
41944
|
(0, import_react32.useEffect)(() => {
|
|
41931
41945
|
if (state.phase === "empty") {
|
|
41932
41946
|
process.exitCode = 0;
|
|
41947
|
+
process.stderr.write(`${state.message}
|
|
41948
|
+
`);
|
|
41933
41949
|
const timer = setTimeout(() => exit(), 0);
|
|
41934
41950
|
return () => clearTimeout(timer);
|
|
41935
41951
|
}
|
|
41936
41952
|
if (state.phase === "error") {
|
|
41937
41953
|
process.exitCode = 3;
|
|
41954
|
+
process.stderr.write(`Error: ${state.error.message}
|
|
41955
|
+
`);
|
|
41938
41956
|
const timer = setTimeout(() => exit(), 0);
|
|
41939
41957
|
return () => clearTimeout(timer);
|
|
41940
41958
|
}
|
|
41941
41959
|
if (state.phase === "trial_exhausted") {
|
|
41942
41960
|
process.exitCode = 1;
|
|
41961
|
+
process.stderr.write("Free trial scans used up. Run `dg login` to create a free account and continue scanning.\n");
|
|
41943
41962
|
const timer = setTimeout(() => exit(), 0);
|
|
41944
41963
|
return () => clearTimeout(timer);
|
|
41945
41964
|
}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@westbayberry/dg",
|
|
3
|
-
"version": "1.0.
|
|
3
|
+
"version": "1.0.22",
|
|
4
4
|
"description": "Supply chain security scanner for npm and Python dependencies — detects malicious packages, typosquatting, dependency confusion, and 26+ attack patterns",
|
|
5
5
|
"bin": {
|
|
6
6
|
"dependency-guardian": "dist/index.mjs",
|