mobbdev 0.0.8 → 0.0.10

package/index.mjs

@@ -5,7 +5,7 @@ const tmpObj = tmp.dirSync({
     unsafeCleanup: true,
 });
 
-main(tmpObj.name, process.argv.at(2))
+main(tmpObj.name, process.argv[2])
     .catch((err) => {
         console.error(
             'Something went wrong, please try again or contact support if issue persists.'

package/package.json

@@ -1,46 +1,47 @@
 {
-  "name": "mobbdev",
-  "version": "0.0.8",
-  "description": "Automated secure code remediation tool",
-  "main": "index.js",
-  "bin": {
-    "mobbdev": "bin/cli.mjs"
-  },
-  "author": "",
-  "license": "MIT",
-  "dependencies": {
-    "colors": "1.4.0",
-    "configstore": "6.0.0",
-    "dotenv": "16.0.3",
-    "extract-zip": "2.0.1",
-    "form-data": "4.0.0",
-    "got": "12.6.0",
-    "open": "8.4.2",
-    "snyk": "1.1118.0",
-    "tmp": "0.2.1",
-    "zod": "3.21.4"
-  },
-  "devDependencies": {
-    "@jest/globals": "29.5.0",
-    "eslint": "8.36.0",
-    "jest": "29.5.0",
-    "prettier": "2.8.4"
-  },
-  "engines": {
-    "node": ">=8.5.0"
-  },
-  "files": [
-    "bin",
-    "src",
-    "index.mjs",
-    ".env",
-    "README.md",
-    "LICENSE",
-    "package.json"
-  ],
-  "scripts": {
-    "lint": "prettier --check . && eslint **/*.mjs",
-    "lint:fix": "prettier --write . && eslint --fix **/*.mjs",
-    "test": "DOTENV_ME=${ENV_VAULT_CLI} dotenv-vault pull development .env && TOKEN=$(../../scripts/login_auth0.sh) NODE_OPTIONS=--experimental-vm-modules jest"
-  }
-}
+    "name": "mobbdev",
+    "version": "0.0.10",
+    "description": "Automated secure code remediation tool",
+    "main": "index.mjs",
+    "scripts": {
+        "lint": "prettier --check . && eslint **/*.mjs",
+        "lint:fix": "prettier --write . && eslint --fix **/*.mjs",
+        "test": "DOTENV_ME=${ENV_VAULT_CLI} dotenv-vault pull development .env && TOKEN=$(../../scripts/login_auth0.sh) NODE_OPTIONS=--experimental-vm-modules jest",
+        "prepack": "dotenv-vault pull production .env"
+    },
+    "bin": {
+        "mobbdev": "bin/cli.mjs"
+    },
+    "author": "",
+    "license": "MIT",
+    "dependencies": {
+        "colors": "1.4.0",
+        "configstore": "6.0.0",
+        "dotenv": "16.0.3",
+        "extract-zip": "2.0.1",
+        "node-fetch": "3.3.1",
+        "open": "8.4.2",
+        "semver": "7.5.0",
+        "snyk": "1.1118.0",
+        "tmp": "0.2.1",
+        "zod": "3.21.4"
+    },
+    "devDependencies": {
+        "@jest/globals": "29.5.0",
+        "eslint": "8.36.0",
+        "jest": "29.5.0",
+        "prettier": "2.8.4"
+    },
+    "engines": {
+        "node": ">=12.20.0"
+    },
+    "type": "module",
+    "files": [
+        "bin",
+        "src",
+        ".env",
+        "README.md",
+        "LICENSE",
+        "package.json"
+    ]
+}

package/src/github.mjs

@@ -1,9 +1,9 @@
-import got from 'got';
 import fs from 'node:fs';
-import { promisify } from 'node:util';
 import stream from 'node:stream';
-import extract from 'extract-zip';
 import path from 'node:path';
+import { promisify } from 'node:util';
+import fetch from 'node-fetch';
+import extract from 'extract-zip';
 
 const pipeline = promisify(stream.pipeline);
 
@@ -18,44 +18,37 @@ export async function getDefaultBranch(repoUrl) {
         slug = slug.substring(0, slug.length - '.git'.length);
     }
 
-    try {
-        const repoInfo = await got(`https://api.github.com/repos/${slug}`, {
-            method: 'GET',
-            headers: {
-                Accept: 'application/vnd.github+json',
-                'X-GitHub-Api-Version': '2022-11-28',
-            },
-        }).json();
-
-        return repoInfo.default_branch;
-    } catch (e) {
+    const response = await fetch(`https://api.github.com/repos/${slug}`, {
+        method: 'GET',
+        headers: {
+            Accept: 'application/vnd.github+json',
+            'X-GitHub-Api-Version': '2022-11-28',
+        },
+    });
+
+    if (!response.ok) {
         throw new Error(
             `Can't get default branch, make sure the repository is public: ${repoUrl}.`
         );
     }
+
+    const repoInfo = await response.json();
+
+    return repoInfo.default_branch;
 }
 
 export async function downloadRepo(repoUrl, reference, dirname) {
     const zipFilePath = path.join(dirname, 'repo.zip');
-    const downloadStream = got.stream(`${repoUrl}/zipball/${reference}`);
+    const response = await fetch(`${repoUrl}/zipball/${reference}`);
     const fileWriterStream = fs.createWriteStream(zipFilePath);
 
-    downloadStream.on('downloadProgress', ({ transferred, percent }) => {
-        if (transferred > 0) {
-            console.log(
-                `Progress: ${transferred} (${Math.round(percent * 100)}%) ...`
-            );
-        }
-    });
-
-    await pipeline(downloadStream, fileWriterStream);
+    await pipeline(response.body, fileWriterStream);
     await extract(zipFilePath, { dir: dirname });
 
     const repoRoot = fs
         .readdirSync(dirname, { withFileTypes: true })
         .filter((dirent) => dirent.isDirectory())
-        .map((dirent) => dirent.name)
-        .at(0);
+        .map((dirent) => dirent.name)[0];
 
     return path.join(dirname, repoRoot);
 }

package/src/gql.mjs

@@ -1,4 +1,4 @@
-import got from 'got';
+import fetch from 'node-fetch';
 import { API_URL } from './constants.mjs';
 
 const ME = `
@@ -48,40 +48,44 @@ mutation SubmitVulnerabilityReport($vulnerabilityReportFileName: String!, $fixRe
 `;
 
 export class GQLClient {
-    #token;
-
     constructor(token) {
-        this.#token = token;
+        this._token = token;
     }
 
-    async #apiCall(query, variables = {}) {
-        const response = await got(API_URL, {
+    async _apiCall(query, variables = {}) {
+        const response = await fetch(API_URL, {
             method: 'POST',
             headers: {
-                authorization: `Bearer ${this.#token}`,
+                authorization: `Bearer ${this._token}`,
             },
             body: JSON.stringify({
                 query,
                 variables,
             }),
-        }).json();
+        });
+
+        if (!response.ok) {
+            throw new Error(`API call failed: ${response.status}`);
+        }
+
+        const data = await response.json();
 
-        if (response.errors) {
+        if (data.errors) {
             throw new Error(`API error: ${response.errors[0].message}`);
         }
 
-        if (!response.data) {
+        if (!data.data) {
             throw new Error('No data returned for the API query.');
         }
 
-        return response.data;
+        return data.data;
     }
 
     async verifyToken() {
         await this.createCommunityUser();
 
         try {
-            await this.#apiCall(ME);
+            await this._apiCall(ME);
         } catch (e) {
             return false;
         }
@@ -90,14 +94,14 @@ export class GQLClient {
 
     async createCommunityUser() {
         try {
-            await this.#apiCall(CREATE_COMMUNITY_USER);
+            await this._apiCall(CREATE_COMMUNITY_USER);
         } catch (e) {
             // Ignore errors
         }
     }
 
     async uploadS3BucketInfo() {
-        const data = await this.#apiCall(UPLOAD_S3_BUCKET_INFO, {
+        const data = await this._apiCall(UPLOAD_S3_BUCKET_INFO, {
             fileName: 'report.json',
         });
 
@@ -112,7 +116,7 @@ export class GQLClient {
     }
 
     async submitVulnerabilityReport(fixReportId, repoUrl, reference) {
-        await this.#apiCall(SUBMIT_VULNERABILITY_REPORT, {
+        await this._apiCall(SUBMIT_VULNERABILITY_REPORT, {
             fixReportId,
             repoUrl,
             reference,

package/src/index.mjs

@@ -1,6 +1,7 @@
 import { fileURLToPath } from 'node:url';
 import fs from 'node:fs';
 import path from 'node:path';
+import semver from 'semver';
 import open from 'open';
 import Configstore from 'configstore';
 import { GQLClient } from './gql.mjs';
@@ -14,6 +15,14 @@ const __dirname = path.dirname(fileURLToPath(import.meta.url));
 const packageJson = JSON.parse(
     fs.readFileSync(path.join(__dirname, '../package.json'), 'utf8')
 );
+
+if (!semver.satisfies(process.version, packageJson.engines.node)) {
+    console.error(
+        `${packageJson.name} requires node version ${packageJson.engines.node}, but running ${process.version}.`
+    );
+    process.exit(1);
+}
+
 const config = new Configstore(packageJson.name, { token: '' });
 
 export async function main(dirname, repoUrl) {
@@ -54,11 +63,6 @@ export async function main(dirname, repoUrl) {
 
     const report = JSON.parse(fs.readFileSync(reportPath, 'utf8'));
 
-    if ((report.runs?.at(0)?.results?.length ?? 0) === 0) {
-        console.log('Snyk has not found any vulnerabilities — nothing to fix.');
-        return;
-    }
-
     await uploadFile(
         reportPath,
         uploadData.url,
@@ -71,8 +75,13 @@ export async function main(dirname, repoUrl) {
         reference
     );
 
-    console.log(
-        'You will be redirected to our report page, please wait until the analysis is finished and enjoy your fixes.'
-    );
-    await open(`${WEB_REPORT_URL}${uploadData.fixReportId}`);
+    const results = ((report.runs || [])[0] || {}).results || [];
+    if (results.length === 0) {
+        console.log('Snyk has not found any vulnerabilities — nothing to fix.');
+    } else {
+        console.log(
+            'You will be redirected to our report page, please wait until the analysis is finished and enjoy your fixes.'
+        );
+        await open(`${WEB_REPORT_URL}${uploadData.fixReportId}`);
+    }
 }

package/src/upload-file.mjs

@@ -1,6 +1,4 @@
-import FormData from 'form-data';
-import fs from 'node:fs';
-import got from 'got';
+import fetch, { FormData, fileFrom } from 'node-fetch';
 
 export async function uploadFile(reportPath, url, uploadKey, uploadFields) {
     const form = new FormData();
@@ -10,10 +8,14 @@ export async function uploadFile(reportPath, url, uploadKey, uploadFields) {
     }
 
     form.append('key', uploadKey);
-    form.append('file', fs.createReadStream(reportPath));
+    form.append('file', await fileFrom(reportPath));
 
-    await got(url, {
+    const response = await fetch(url, {
         method: 'POST',
         body: form,
     });
+
+    if (!response.ok) {
+        throw new Error(`Failed to upload the report: ${response.status}`);
+    }
 }