mobbdev 0.0.9 → 0.0.10

package/index.mjs

@@ -5,7 +5,7 @@ const tmpObj = tmp.dirSync({
     unsafeCleanup: true,
 });
 
-main(tmpObj.name, process.argv.at(2))
+main(tmpObj.name, process.argv[2])
     .catch((err) => {
         console.error(
             'Something went wrong, please try again or contact support if issue persists.'

package/package.json

@@ -1,8 +1,8 @@
 {
     "name": "mobbdev",
-    "version": "0.0.9",
+    "version": "0.0.10",
     "description": "Automated secure code remediation tool",
-    "main": "index.js",
+    "main": "index.mjs",
     "scripts": {
         "lint": "prettier --check . && eslint **/*.mjs",
         "lint:fix": "prettier --write . && eslint --fix **/*.mjs",
@@ -19,9 +19,9 @@
         "configstore": "6.0.0",
         "dotenv": "16.0.3",
         "extract-zip": "2.0.1",
-        "form-data": "4.0.0",
-        "got": "12.6.0",
+        "node-fetch": "3.3.1",
         "open": "8.4.2",
+        "semver": "7.5.0",
         "snyk": "1.1118.0",
         "tmp": "0.2.1",
         "zod": "3.21.4"
@@ -33,12 +33,12 @@
         "prettier": "2.8.4"
     },
     "engines": {
-        "node": ">=8.5.0"
+        "node": ">=12.20.0"
     },
+    "type": "module",
     "files": [
         "bin",
         "src",
-        "index.mjs",
         ".env",
         "README.md",
         "LICENSE",

package/src/github.mjs

@@ -1,9 +1,9 @@
-import got from 'got';
 import fs from 'node:fs';
-import { promisify } from 'node:util';
 import stream from 'node:stream';
-import extract from 'extract-zip';
 import path from 'node:path';
+import { promisify } from 'node:util';
+import fetch from 'node-fetch';
+import extract from 'extract-zip';
 
 const pipeline = promisify(stream.pipeline);
 
@@ -18,44 +18,37 @@ export async function getDefaultBranch(repoUrl) {
         slug = slug.substring(0, slug.length - '.git'.length);
     }
 
-    try {
-        const repoInfo = await got(`https://api.github.com/repos/${slug}`, {
-            method: 'GET',
-            headers: {
-                Accept: 'application/vnd.github+json',
-                'X-GitHub-Api-Version': '2022-11-28',
-            },
-        }).json();
-
-        return repoInfo.default_branch;
-    } catch (e) {
+    const response = await fetch(`https://api.github.com/repos/${slug}`, {
+        method: 'GET',
+        headers: {
+            Accept: 'application/vnd.github+json',
+            'X-GitHub-Api-Version': '2022-11-28',
+        },
+    });
+
+    if (!response.ok) {
         throw new Error(
             `Can't get default branch, make sure the repository is public: ${repoUrl}.`
         );
     }
+
+    const repoInfo = await response.json();
+
+    return repoInfo.default_branch;
 }
 
 export async function downloadRepo(repoUrl, reference, dirname) {
     const zipFilePath = path.join(dirname, 'repo.zip');
-    const downloadStream = got.stream(`${repoUrl}/zipball/${reference}`);
+    const response = await fetch(`${repoUrl}/zipball/${reference}`);
     const fileWriterStream = fs.createWriteStream(zipFilePath);
 
-    downloadStream.on('downloadProgress', ({ transferred, percent }) => {
-        if (transferred > 0) {
-            console.log(
-                `Progress: ${transferred} (${Math.round(percent * 100)}%) ...`
-            );
-        }
-    });
-
-    await pipeline(downloadStream, fileWriterStream);
+    await pipeline(response.body, fileWriterStream);
     await extract(zipFilePath, { dir: dirname });
 
     const repoRoot = fs
         .readdirSync(dirname, { withFileTypes: true })
         .filter((dirent) => dirent.isDirectory())
-        .map((dirent) => dirent.name)
-        .at(0);
+        .map((dirent) => dirent.name)[0];
 
     return path.join(dirname, repoRoot);
 }

package/src/gql.mjs

@@ -1,4 +1,4 @@
-import got from 'got';
+import fetch from 'node-fetch';
 import { API_URL } from './constants.mjs';
 
 const ME = `
@@ -48,40 +48,44 @@ mutation SubmitVulnerabilityReport($vulnerabilityReportFileName: String!, $fixRe
 `;
 
 export class GQLClient {
-    #token;
-
     constructor(token) {
-        this.#token = token;
+        this._token = token;
     }
 
-    async #apiCall(query, variables = {}) {
-        const response = await got(API_URL, {
+    async _apiCall(query, variables = {}) {
+        const response = await fetch(API_URL, {
             method: 'POST',
             headers: {
-                authorization: `Bearer ${this.#token}`,
+                authorization: `Bearer ${this._token}`,
             },
             body: JSON.stringify({
                 query,
                 variables,
             }),
-        }).json();
+        });
+
+        if (!response.ok) {
+            throw new Error(`API call failed: ${response.status}`);
+        }
+
+        const data = await response.json();
 
-        if (response.errors) {
+        if (data.errors) {
             throw new Error(`API error: ${response.errors[0].message}`);
         }
 
-        if (!response.data) {
+        if (!data.data) {
             throw new Error('No data returned for the API query.');
         }
 
-        return response.data;
+        return data.data;
     }
 
     async verifyToken() {
         await this.createCommunityUser();
 
         try {
-            await this.#apiCall(ME);
+            await this._apiCall(ME);
         } catch (e) {
             return false;
         }
@@ -90,14 +94,14 @@ export class GQLClient {
 
     async createCommunityUser() {
         try {
-            await this.#apiCall(CREATE_COMMUNITY_USER);
+            await this._apiCall(CREATE_COMMUNITY_USER);
         } catch (e) {
             // Ignore errors
         }
     }
 
     async uploadS3BucketInfo() {
-        const data = await this.#apiCall(UPLOAD_S3_BUCKET_INFO, {
+        const data = await this._apiCall(UPLOAD_S3_BUCKET_INFO, {
             fileName: 'report.json',
         });
 
@@ -112,7 +116,7 @@ export class GQLClient {
     }
 
     async submitVulnerabilityReport(fixReportId, repoUrl, reference) {
-        await this.#apiCall(SUBMIT_VULNERABILITY_REPORT, {
+        await this._apiCall(SUBMIT_VULNERABILITY_REPORT, {
             fixReportId,
             repoUrl,
             reference,

package/src/index.mjs

@@ -1,6 +1,7 @@
 import { fileURLToPath } from 'node:url';
 import fs from 'node:fs';
 import path from 'node:path';
+import semver from 'semver';
 import open from 'open';
 import Configstore from 'configstore';
 import { GQLClient } from './gql.mjs';
@@ -14,6 +15,14 @@ const __dirname = path.dirname(fileURLToPath(import.meta.url));
 const packageJson = JSON.parse(
     fs.readFileSync(path.join(__dirname, '../package.json'), 'utf8')
 );
+
+if (!semver.satisfies(process.version, packageJson.engines.node)) {
+    console.error(
+        `${packageJson.name} requires node version ${packageJson.engines.node}, but running ${process.version}.`
+    );
+    process.exit(1);
+}
+
 const config = new Configstore(packageJson.name, { token: '' });
 
 export async function main(dirname, repoUrl) {
@@ -66,7 +75,8 @@ export async function main(dirname, repoUrl) {
         reference
     );
 
-    if ((report.runs?.at(0)?.results?.length ?? 0) === 0) {
+    const results = ((report.runs || [])[0] || {}).results || [];
+    if (results.length === 0) {
         console.log('Snyk has not found any vulnerabilities — nothing to fix.');
     } else {
         console.log(

package/src/upload-file.mjs

@@ -1,6 +1,4 @@
-import FormData from 'form-data';
-import fs from 'node:fs';
-import got from 'got';
+import fetch, { FormData, fileFrom } from 'node-fetch';
 
 export async function uploadFile(reportPath, url, uploadKey, uploadFields) {
     const form = new FormData();
@@ -10,10 +8,14 @@ export async function uploadFile(reportPath, url, uploadKey, uploadFields) {
     }
 
     form.append('key', uploadKey);
-    form.append('file', fs.createReadStream(reportPath));
+    form.append('file', await fileFrom(reportPath));
 
-    await got(url, {
+    const response = await fetch(url, {
         method: 'POST',
         body: form,
     });
+
+    if (!response.ok) {
+        throw new Error(`Failed to upload the report: ${response.status}`);
+    }
 }