npq 2.5.2 → 3.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.github/workflows/main.yml +1 -1
- package/.husky/commit-msg +4 -0
- package/.husky/post-merge +4 -0
- package/.husky/pre-commit +4 -0
- package/.husky/pre-push +4 -0
- package/__tests__/__fixtures__/test.marshall.js +7 -7
- package/__tests__/marshalls.classMethods.test.js +9 -9
- package/__tests__/marshalls.provenance.test.js +206 -0
- package/__tests__/marshalls.repo.test.js +4 -7
- package/__tests__/marshalls.signatures.test.js +2 -6
- package/__tests__/marshalls.tasks.test.js +2 -2
- package/__tests__/packageManager.test.js +1 -1
- package/__tests__/packageRepoUtils.test.js +6 -8
- package/lib/cliCommons.js +2 -2
- package/lib/helpers/cliSupportHandler.js +2 -6
- package/lib/helpers/packageRepoUtils.js +9 -10
- package/lib/marshall.js +11 -11
- package/lib/marshalls/age.marshall.js +3 -3
- package/lib/marshalls/author.marshall.js +4 -4
- package/lib/marshalls/baseMarshall.js +7 -7
- package/lib/marshalls/downloads.marshall.js +3 -3
- package/lib/marshalls/expiredDomains.marshall.js +7 -7
- package/lib/marshalls/index.js +11 -21
- package/lib/marshalls/license.marshall.js +3 -3
- package/lib/marshalls/provenance.marshall.js +16 -8
- package/lib/marshalls/readme.marshall.js +3 -3
- package/lib/marshalls/repo.marshall.js +4 -5
- package/lib/marshalls/scripts.marshall.js +5 -5
- package/lib/marshalls/signatures.marshall.js +5 -6
- package/lib/marshalls/snyk.marshall.js +8 -9
- package/lib/packageManager.js +4 -4
- package/package.json +39 -55
- package/scripts/postinstall.js +4 -4
- package/scripts/scriptHelpers.js +3 -2
|
@@ -6,16 +6,16 @@ const MARSHALL_NAME = 'age'
|
|
|
6
6
|
const PACKAGE_AGE_THRESHOLD = 22 // specified in days
|
|
7
7
|
|
|
8
8
|
class Marshall extends BaseMarshall {
|
|
9
|
-
constructor
|
|
9
|
+
constructor(options) {
|
|
10
10
|
super(options)
|
|
11
11
|
this.name = MARSHALL_NAME
|
|
12
12
|
}
|
|
13
13
|
|
|
14
|
-
title
|
|
14
|
+
title() {
|
|
15
15
|
return 'Checking package maturity'
|
|
16
16
|
}
|
|
17
17
|
|
|
18
|
-
validate
|
|
18
|
+
validate(pkg) {
|
|
19
19
|
return this.packageRepoUtils.getPackageInfo(pkg.packageName).then((data) => {
|
|
20
20
|
if (data && data.time && data.time.created) {
|
|
21
21
|
const pkgCreatedDate = data.time.created
|
|
@@ -7,19 +7,19 @@ const Warning = require('../helpers/warning')
|
|
|
7
7
|
const MARSHALL_NAME = 'author'
|
|
8
8
|
|
|
9
9
|
class Marshall extends BaseMarshall {
|
|
10
|
-
constructor
|
|
10
|
+
constructor(options) {
|
|
11
11
|
super(options)
|
|
12
12
|
this.name = MARSHALL_NAME
|
|
13
13
|
}
|
|
14
14
|
|
|
15
|
-
title
|
|
15
|
+
title() {
|
|
16
16
|
return 'Identifying package author...'
|
|
17
17
|
}
|
|
18
18
|
|
|
19
|
-
validate
|
|
19
|
+
validate(pkg) {
|
|
20
20
|
return this.packageRepoUtils.getPackageInfo(pkg.packageName).then((data) => {
|
|
21
21
|
const lastVersionData =
|
|
22
|
-
data.versions && data['dist-tags'] && data.versions[data['dist-tags']
|
|
22
|
+
data.versions && data['dist-tags'] && data.versions[data['dist-tags'].latest]
|
|
23
23
|
|
|
24
24
|
const hasAuthorEmail =
|
|
25
25
|
(lastVersionData &&
|
|
@@ -3,11 +3,11 @@
|
|
|
3
3
|
const Warning = require('../helpers/warning')
|
|
4
4
|
|
|
5
5
|
class BaseMarshall {
|
|
6
|
-
constructor
|
|
6
|
+
constructor(options) {
|
|
7
7
|
this.packageRepoUtils = options.packageRepoUtils
|
|
8
8
|
}
|
|
9
9
|
|
|
10
|
-
init
|
|
10
|
+
init(ctx, task) {
|
|
11
11
|
this.ctx = ctx
|
|
12
12
|
this.task = task
|
|
13
13
|
|
|
@@ -19,7 +19,7 @@ class BaseMarshall {
|
|
|
19
19
|
}
|
|
20
20
|
}
|
|
21
21
|
|
|
22
|
-
run
|
|
22
|
+
run(ctx, task) {
|
|
23
23
|
const tasks = ctx.pkgs.reduce((prevPkg, currPkg) => {
|
|
24
24
|
return prevPkg.concat(this.checkPackage(currPkg, ctx, task))
|
|
25
25
|
}, [])
|
|
@@ -27,7 +27,7 @@ class BaseMarshall {
|
|
|
27
27
|
return Promise.all(tasks)
|
|
28
28
|
}
|
|
29
29
|
|
|
30
|
-
checkPackage
|
|
30
|
+
checkPackage(pkg, ctx, task) {
|
|
31
31
|
return this.validate(pkg)
|
|
32
32
|
.then((data) => {
|
|
33
33
|
task.output = `querying ${pkg.packageString}...`
|
|
@@ -47,13 +47,13 @@ class BaseMarshall {
|
|
|
47
47
|
})
|
|
48
48
|
}
|
|
49
49
|
|
|
50
|
-
isEnabled
|
|
50
|
+
isEnabled() {
|
|
51
51
|
const isMarshallSilent = process.env[`MARSHALL_DISABLE_${this.name.toUpperCase()}`] || false
|
|
52
52
|
|
|
53
53
|
return !isMarshallSilent
|
|
54
54
|
}
|
|
55
55
|
|
|
56
|
-
setMessage
|
|
56
|
+
setMessage(msg, isWarning) {
|
|
57
57
|
const messages = isWarning
|
|
58
58
|
? this.ctx.marshalls[this.name].warnings
|
|
59
59
|
: this.ctx.marshalls[this.name].errors
|
|
@@ -64,7 +64,7 @@ class BaseMarshall {
|
|
|
64
64
|
})
|
|
65
65
|
}
|
|
66
66
|
|
|
67
|
-
handleMessages
|
|
67
|
+
handleMessages() {
|
|
68
68
|
const errors = this.ctx.marshalls[this.name].errors
|
|
69
69
|
const warnings = this.ctx.marshalls[this.name].warnings
|
|
70
70
|
if ((errors && errors.length) || (warnings && warnings.length)) {
|
|
@@ -6,16 +6,16 @@ const MARSHALL_NAME = 'downloads'
|
|
|
6
6
|
const DOWNLOAD_COUNT_THRESHOLD = 20 // threshold per month
|
|
7
7
|
|
|
8
8
|
class Marshall extends BaseMarshall {
|
|
9
|
-
constructor
|
|
9
|
+
constructor(options) {
|
|
10
10
|
super(options)
|
|
11
11
|
this.name = MARSHALL_NAME
|
|
12
12
|
}
|
|
13
13
|
|
|
14
|
-
title
|
|
14
|
+
title() {
|
|
15
15
|
return 'Checking package download popularity'
|
|
16
16
|
}
|
|
17
17
|
|
|
18
|
-
validate
|
|
18
|
+
validate(pkg) {
|
|
19
19
|
return this.packageRepoUtils.getDownloadInfo(pkg.packageName).then((downloadCount) => {
|
|
20
20
|
if (downloadCount < DOWNLOAD_COUNT_THRESHOLD) {
|
|
21
21
|
throw new Error(
|
|
@@ -6,25 +6,25 @@ const dns = require('dns').promises
|
|
|
6
6
|
const MARSHALL_NAME = 'maintainers_expired_emails'
|
|
7
7
|
|
|
8
8
|
class Marshall extends BaseMarshall {
|
|
9
|
-
constructor
|
|
9
|
+
constructor(options) {
|
|
10
10
|
super(options)
|
|
11
11
|
this.name = MARSHALL_NAME
|
|
12
12
|
}
|
|
13
13
|
|
|
14
|
-
title
|
|
14
|
+
title() {
|
|
15
15
|
return 'Detecting expired domains for authors account...'
|
|
16
16
|
}
|
|
17
17
|
|
|
18
|
-
validate
|
|
18
|
+
validate(pkg) {
|
|
19
19
|
return this.packageRepoUtils
|
|
20
20
|
.getPackageInfo(pkg.packageName)
|
|
21
21
|
.then((data) => {
|
|
22
22
|
const lastVersionData =
|
|
23
|
-
data.versions && data['dist-tags'] && data.versions[data['dist-tags']
|
|
23
|
+
data.versions && data['dist-tags'] && data.versions[data['dist-tags'].latest]
|
|
24
24
|
|
|
25
|
-
|
|
25
|
+
const maintainersAccounts = lastVersionData && lastVersionData.maintainers
|
|
26
26
|
|
|
27
|
-
|
|
27
|
+
const testEmails = []
|
|
28
28
|
for (const maintainerInfo of maintainersAccounts) {
|
|
29
29
|
const maintainerEmail = maintainerInfo.email
|
|
30
30
|
const emailDomain = maintainerEmail.split('@')[1]
|
|
@@ -34,7 +34,7 @@ class Marshall extends BaseMarshall {
|
|
|
34
34
|
return Promise.all(testEmails)
|
|
35
35
|
})
|
|
36
36
|
.catch((error) => {
|
|
37
|
-
|
|
37
|
+
const emailHostname = error.hostname ? error.hostname : '<unknown>'
|
|
38
38
|
throw new Error(
|
|
39
39
|
'Unable to resolve domain for maintainer e-mail, could be an expired account: ' +
|
|
40
40
|
emailHostname
|
package/lib/marshalls/index.js
CHANGED
|
@@ -1,29 +1,19 @@
|
|
|
1
1
|
'use strict'
|
|
2
2
|
|
|
3
3
|
const Listr = require('listr')
|
|
4
|
-
const glob = require('glob')
|
|
4
|
+
const { glob } = require('glob')
|
|
5
5
|
|
|
6
6
|
class Marshalls {
|
|
7
|
-
static collectMarshalls
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
{
|
|
12
|
-
cwd: __dirname,
|
|
13
|
-
absolute: true
|
|
14
|
-
},
|
|
15
|
-
(err, files) => {
|
|
16
|
-
if (err) {
|
|
17
|
-
reject(err)
|
|
18
|
-
}
|
|
19
|
-
|
|
20
|
-
resolve(files)
|
|
21
|
-
}
|
|
22
|
-
)
|
|
7
|
+
static async collectMarshalls() {
|
|
8
|
+
const files = await glob(this.GLOB_MARSHALLS, {
|
|
9
|
+
cwd: __dirname,
|
|
10
|
+
absolute: true
|
|
23
11
|
})
|
|
12
|
+
|
|
13
|
+
return files
|
|
24
14
|
}
|
|
25
15
|
|
|
26
|
-
static buildMarshallTasks
|
|
16
|
+
static buildMarshallTasks(marshalls, config) {
|
|
27
17
|
if (!marshalls || !Array.isArray(marshalls) || marshalls.length === 0) {
|
|
28
18
|
return Promise.reject(new Error('unable to collect marshalls, or no marshalls found'))
|
|
29
19
|
}
|
|
@@ -46,7 +36,7 @@ class Marshalls {
|
|
|
46
36
|
return new Listr(marshallTasks, { exitOnError: false, concurrent: true })
|
|
47
37
|
}
|
|
48
38
|
|
|
49
|
-
static tasks
|
|
39
|
+
static tasks(options) {
|
|
50
40
|
return Marshalls.warmUpPackagesCache(options)
|
|
51
41
|
.then(() => Marshalls.collectMarshalls())
|
|
52
42
|
.then((marshalls) => {
|
|
@@ -59,7 +49,7 @@ class Marshalls {
|
|
|
59
49
|
})
|
|
60
50
|
}
|
|
61
51
|
|
|
62
|
-
static warmUpPackagesCache
|
|
52
|
+
static warmUpPackagesCache(options) {
|
|
63
53
|
const fetchPackagesInfoPromises = []
|
|
64
54
|
options.pkgs.forEach((packageMeta) => {
|
|
65
55
|
fetchPackagesInfoPromises.push(
|
|
@@ -70,7 +60,7 @@ class Marshalls {
|
|
|
70
60
|
return Promise.all(fetchPackagesInfoPromises)
|
|
71
61
|
}
|
|
72
62
|
|
|
73
|
-
static runTasks
|
|
63
|
+
static runTasks(tasks, options) {
|
|
74
64
|
return tasks.run({
|
|
75
65
|
pkgs: options.pkgs,
|
|
76
66
|
marshalls: {}
|
|
@@ -5,16 +5,16 @@ const BaseMarshall = require('./baseMarshall')
|
|
|
5
5
|
const MARSHALL_NAME = 'license'
|
|
6
6
|
|
|
7
7
|
class Marshall extends BaseMarshall {
|
|
8
|
-
constructor
|
|
8
|
+
constructor(options) {
|
|
9
9
|
super(options)
|
|
10
10
|
this.name = MARSHALL_NAME
|
|
11
11
|
}
|
|
12
12
|
|
|
13
|
-
title
|
|
13
|
+
title() {
|
|
14
14
|
return 'Checking availability of a LICENSE'
|
|
15
15
|
}
|
|
16
16
|
|
|
17
|
-
validate
|
|
17
|
+
validate(pkg) {
|
|
18
18
|
return this.packageRepoUtils.getLicenseInfo(pkg.packageName).then((licenseContents) => {
|
|
19
19
|
if (!licenseContents || licenseContents === 'ERROR: No LICENSE data found!') {
|
|
20
20
|
throw new Error('package has no LICENSE file available')
|
|
@@ -1,22 +1,22 @@
|
|
|
1
1
|
'use strict'
|
|
2
2
|
|
|
3
3
|
const BaseMarshall = require('./baseMarshall')
|
|
4
|
-
const fetch = require('node-fetch')
|
|
5
4
|
const pacote = require('pacote')
|
|
5
|
+
const Warning = require('../helpers/warning')
|
|
6
6
|
|
|
7
7
|
const MARSHALL_NAME = 'provenance'
|
|
8
8
|
|
|
9
9
|
class Marshall extends BaseMarshall {
|
|
10
|
-
constructor
|
|
10
|
+
constructor(options) {
|
|
11
11
|
super(options)
|
|
12
12
|
this.name = MARSHALL_NAME
|
|
13
13
|
}
|
|
14
14
|
|
|
15
|
-
title
|
|
15
|
+
title() {
|
|
16
16
|
return 'Verifying package provenance'
|
|
17
17
|
}
|
|
18
18
|
|
|
19
|
-
validate
|
|
19
|
+
validate(pkg) {
|
|
20
20
|
const validationMetadata = {}
|
|
21
21
|
|
|
22
22
|
return this.packageRepoUtils
|
|
@@ -25,7 +25,7 @@ class Marshall extends BaseMarshall {
|
|
|
25
25
|
const packageName = packageInfo.name
|
|
26
26
|
const packageVersion =
|
|
27
27
|
pkg.packageVersion === 'latest'
|
|
28
|
-
? packageInfo['dist-tags'] && packageInfo['dist-tags']
|
|
28
|
+
? packageInfo['dist-tags'] && packageInfo['dist-tags'].latest
|
|
29
29
|
: this.packageRepoUtils.parsePackageVersion(pkg.packageVersion).version
|
|
30
30
|
|
|
31
31
|
validationMetadata.name = packageName
|
|
@@ -41,15 +41,23 @@ class Marshall extends BaseMarshall {
|
|
|
41
41
|
verifyAttestations: true,
|
|
42
42
|
registry: 'https://registry.npmjs.org',
|
|
43
43
|
|
|
44
|
-
|
|
44
|
+
'//registry.npmjs.org/:_keys': keys
|
|
45
45
|
})
|
|
46
46
|
})
|
|
47
47
|
.then((metadata) => {
|
|
48
|
-
|
|
48
|
+
if (!metadata || !metadata._attestations) {
|
|
49
|
+
throw new Warning(
|
|
50
|
+
'the package was published without any attestations. Proceed with care.'
|
|
51
|
+
)
|
|
52
|
+
}
|
|
53
|
+
|
|
54
|
+
const attestations = metadata._attestations
|
|
55
|
+
|
|
56
|
+
return attestations
|
|
49
57
|
})
|
|
50
58
|
}
|
|
51
59
|
|
|
52
|
-
fetchRegistryKeys
|
|
60
|
+
fetchRegistryKeys() {
|
|
53
61
|
const registryHost = 'https://registry.npmjs.org'
|
|
54
62
|
const registryKeysEndpoint = '/-/npm/v1/keys'
|
|
55
63
|
|
|
@@ -5,16 +5,16 @@ const BaseMarshall = require('./baseMarshall')
|
|
|
5
5
|
const MARSHALL_NAME = 'readme'
|
|
6
6
|
|
|
7
7
|
class Marshall extends BaseMarshall {
|
|
8
|
-
constructor
|
|
8
|
+
constructor(options) {
|
|
9
9
|
super(options)
|
|
10
10
|
this.name = MARSHALL_NAME
|
|
11
11
|
}
|
|
12
12
|
|
|
13
|
-
title
|
|
13
|
+
title() {
|
|
14
14
|
return 'Checking availability of a README'
|
|
15
15
|
}
|
|
16
16
|
|
|
17
|
-
validate
|
|
17
|
+
validate(pkg) {
|
|
18
18
|
return this.packageRepoUtils.getReadmeInfo(pkg.packageName).then((readmeContents) => {
|
|
19
19
|
if (!readmeContents || readmeContents === 'ERROR: No README data found!') {
|
|
20
20
|
throw new Error('package has no README file available')
|
|
@@ -1,21 +1,20 @@
|
|
|
1
1
|
'use strict'
|
|
2
2
|
|
|
3
3
|
const BaseMarshall = require('./baseMarshall')
|
|
4
|
-
const fetch = require('node-fetch')
|
|
5
4
|
const URL = require('url').URL
|
|
6
5
|
const MARSHALL_NAME = 'repo'
|
|
7
6
|
|
|
8
7
|
class Marshall extends BaseMarshall {
|
|
9
|
-
constructor
|
|
8
|
+
constructor(options) {
|
|
10
9
|
super(options)
|
|
11
10
|
this.name = MARSHALL_NAME
|
|
12
11
|
}
|
|
13
12
|
|
|
14
|
-
title
|
|
13
|
+
title() {
|
|
15
14
|
return 'Identifying package repository...'
|
|
16
15
|
}
|
|
17
16
|
|
|
18
|
-
validate
|
|
17
|
+
validate(pkg) {
|
|
19
18
|
return this.packageRepoUtils.getPackageInfo(pkg.packageName).then((data) => {
|
|
20
19
|
const lastVersionData =
|
|
21
20
|
(data.versions &&
|
|
@@ -29,7 +28,7 @@ class Marshall extends BaseMarshall {
|
|
|
29
28
|
urlStructure = new URL(lastVersionData.repository.url)
|
|
30
29
|
urlOfGitRepository = new URL(`https://${urlStructure.host}${urlStructure.pathname}`)
|
|
31
30
|
} catch (error) {
|
|
32
|
-
throw new Error(
|
|
31
|
+
throw new Error('no valid repository is associated with the package')
|
|
33
32
|
}
|
|
34
33
|
return fetch(urlOfGitRepository.href).catch(() => {
|
|
35
34
|
throw new Error(
|
|
@@ -5,20 +5,20 @@ const BaseMarshall = require('./baseMarshall')
|
|
|
5
5
|
const MARSHALL_NAME = 'scripts'
|
|
6
6
|
|
|
7
7
|
class Marshall extends BaseMarshall {
|
|
8
|
-
constructor
|
|
8
|
+
constructor(options) {
|
|
9
9
|
super(options)
|
|
10
10
|
this.name = MARSHALL_NAME
|
|
11
11
|
}
|
|
12
12
|
|
|
13
|
-
title
|
|
13
|
+
title() {
|
|
14
14
|
return 'Checking package for pre/post install scripts'
|
|
15
15
|
}
|
|
16
16
|
|
|
17
|
-
validate
|
|
17
|
+
validate(pkg) {
|
|
18
18
|
return this.packageRepoUtils.getPackageInfo(pkg.packageName).then((data) => {
|
|
19
19
|
const packageVersion =
|
|
20
20
|
pkg.packageVersion === 'latest'
|
|
21
|
-
? data['dist-tags'] && data['dist-tags']
|
|
21
|
+
? data['dist-tags'] && data['dist-tags'].latest
|
|
22
22
|
: this.packageRepoUtils.parsePackageVersion(pkg.packageVersion).version
|
|
23
23
|
|
|
24
24
|
if (!packageVersion) {
|
|
@@ -29,7 +29,7 @@ class Marshall extends BaseMarshall {
|
|
|
29
29
|
data &&
|
|
30
30
|
data.versions &&
|
|
31
31
|
data.versions[packageVersion] &&
|
|
32
|
-
data.versions[packageVersion]
|
|
32
|
+
data.versions[packageVersion].scripts
|
|
33
33
|
|
|
34
34
|
// blacklisted scripts due to possible malicious intent:
|
|
35
35
|
const blacklistScripts = ['install', 'preinstall', 'postinstall']
|
|
@@ -1,22 +1,21 @@
|
|
|
1
1
|
'use strict'
|
|
2
2
|
|
|
3
3
|
const BaseMarshall = require('./baseMarshall')
|
|
4
|
-
const fetch = require('node-fetch')
|
|
5
4
|
const pacote = require('pacote')
|
|
6
5
|
|
|
7
6
|
const MARSHALL_NAME = 'signatures'
|
|
8
7
|
|
|
9
8
|
class Marshall extends BaseMarshall {
|
|
10
|
-
constructor
|
|
9
|
+
constructor(options) {
|
|
11
10
|
super(options)
|
|
12
11
|
this.name = MARSHALL_NAME
|
|
13
12
|
}
|
|
14
13
|
|
|
15
|
-
title
|
|
14
|
+
title() {
|
|
16
15
|
return 'Verifying registry signatures for package'
|
|
17
16
|
}
|
|
18
17
|
|
|
19
|
-
validate
|
|
18
|
+
validate(pkg) {
|
|
20
19
|
// @TODO currently we're hardcoding the official npm registry
|
|
21
20
|
// this should however allow for local proxies and other registries
|
|
22
21
|
return this.fetchRegistryKeys()
|
|
@@ -25,7 +24,7 @@ class Marshall extends BaseMarshall {
|
|
|
25
24
|
verifySignatures: true,
|
|
26
25
|
registry: 'https://registry.npmjs.org',
|
|
27
26
|
|
|
28
|
-
|
|
27
|
+
'//registry.npmjs.org/:_keys': keys
|
|
29
28
|
})
|
|
30
29
|
})
|
|
31
30
|
.then((metadata) => {
|
|
@@ -33,7 +32,7 @@ class Marshall extends BaseMarshall {
|
|
|
33
32
|
})
|
|
34
33
|
}
|
|
35
34
|
|
|
36
|
-
fetchRegistryKeys
|
|
35
|
+
fetchRegistryKeys() {
|
|
37
36
|
const registryHost = 'https://registry.npmjs.org'
|
|
38
37
|
const registryKeysEndpoint = '/-/npm/v1/keys'
|
|
39
38
|
|
|
@@ -3,7 +3,6 @@
|
|
|
3
3
|
const fs = require('fs')
|
|
4
4
|
const os = require('os')
|
|
5
5
|
const path = require('path')
|
|
6
|
-
const fetch = require('node-fetch')
|
|
7
6
|
const BaseMarshall = require('./baseMarshall')
|
|
8
7
|
|
|
9
8
|
const MARSHALL_NAME = 'snyk'
|
|
@@ -14,18 +13,18 @@ const SNYK_API_TOKEN = process.env.SNYK_TOKEN
|
|
|
14
13
|
const SNYK_CONFIG_FILE = '.config/configstore/snyk.json'
|
|
15
14
|
|
|
16
15
|
class Marshall extends BaseMarshall {
|
|
17
|
-
constructor
|
|
16
|
+
constructor(options) {
|
|
18
17
|
super(options)
|
|
19
18
|
this.name = MARSHALL_NAME
|
|
20
19
|
|
|
21
20
|
this.snykApiToken = this.getSnykToken()
|
|
22
21
|
}
|
|
23
22
|
|
|
24
|
-
title
|
|
23
|
+
title() {
|
|
25
24
|
return 'Checking for known vulnerabilities'
|
|
26
25
|
}
|
|
27
26
|
|
|
28
|
-
run
|
|
27
|
+
run(ctx, task) {
|
|
29
28
|
const tasks = ctx.pkgs.reduce((prevPkg, currPkg) => {
|
|
30
29
|
return prevPkg.concat(this.checkPackage(currPkg, ctx, task))
|
|
31
30
|
}, [])
|
|
@@ -33,7 +32,7 @@ class Marshall extends BaseMarshall {
|
|
|
33
32
|
return Promise.all(tasks)
|
|
34
33
|
}
|
|
35
34
|
|
|
36
|
-
validate
|
|
35
|
+
validate(pkg) {
|
|
37
36
|
return Promise.resolve()
|
|
38
37
|
.then(() => {
|
|
39
38
|
if (!pkg.packageVersion || pkg.packageVersion === 'latest') {
|
|
@@ -60,7 +59,7 @@ class Marshall extends BaseMarshall {
|
|
|
60
59
|
})
|
|
61
60
|
}
|
|
62
61
|
|
|
63
|
-
getSnykVulnInfoUnauthenticated
|
|
62
|
+
getSnykVulnInfoUnauthenticated({ packageName, packageVersion }) {
|
|
64
63
|
const url = encodeURI(`${SNYK_TEST_URL}/${packageName}/${packageVersion}?type=json`)
|
|
65
64
|
|
|
66
65
|
return fetch(url)
|
|
@@ -77,7 +76,7 @@ class Marshall extends BaseMarshall {
|
|
|
77
76
|
.catch(() => false)
|
|
78
77
|
}
|
|
79
78
|
|
|
80
|
-
getSnykVulnInfo
|
|
79
|
+
getSnykVulnInfo({ packageName, packageVersion } = {}) {
|
|
81
80
|
if (!this.snykApiToken) {
|
|
82
81
|
return this.getSnykVulnInfoUnauthenticated({ packageName, packageVersion })
|
|
83
82
|
}
|
|
@@ -102,7 +101,7 @@ class Marshall extends BaseMarshall {
|
|
|
102
101
|
.catch(() => false)
|
|
103
102
|
}
|
|
104
103
|
|
|
105
|
-
getSnykToken
|
|
104
|
+
getSnykToken() {
|
|
106
105
|
if (SNYK_API_TOKEN) {
|
|
107
106
|
return SNYK_API_TOKEN
|
|
108
107
|
}
|
|
@@ -111,7 +110,7 @@ class Marshall extends BaseMarshall {
|
|
|
111
110
|
|
|
112
111
|
try {
|
|
113
112
|
if (fs.statSync(snykConfigPath)) {
|
|
114
|
-
|
|
113
|
+
const snykConfig = require(snykConfigPath)
|
|
115
114
|
if (snykConfig && snykConfig.api) {
|
|
116
115
|
return snykConfig.api
|
|
117
116
|
}
|
package/lib/packageManager.js
CHANGED
|
@@ -5,12 +5,12 @@ const childProcess = require('child_process')
|
|
|
5
5
|
const DEFAULT_PKGMGR = 'npm'
|
|
6
6
|
|
|
7
7
|
class packageManager {
|
|
8
|
-
static process
|
|
8
|
+
static process(packageManagerOption) {
|
|
9
9
|
const detectedPackageManager = packageManager.validatePackageManager(packageManagerOption)
|
|
10
10
|
return packageManager.spawnPackageManager(detectedPackageManager)
|
|
11
11
|
}
|
|
12
12
|
|
|
13
|
-
static spawnPackageManager
|
|
13
|
+
static spawnPackageManager(packageManagerOption) {
|
|
14
14
|
let args = []
|
|
15
15
|
|
|
16
16
|
args = args.concat(process.argv.slice(2)).filter((item) => {
|
|
@@ -32,7 +32,7 @@ class packageManager {
|
|
|
32
32
|
return Promise.resolve(child)
|
|
33
33
|
}
|
|
34
34
|
|
|
35
|
-
static validatePackageManager
|
|
35
|
+
static validatePackageManager(packageManagerOption) {
|
|
36
36
|
if (!packageManagerOption) {
|
|
37
37
|
packageManagerOption = packageManager.getDefaultPackageManager()
|
|
38
38
|
}
|
|
@@ -44,7 +44,7 @@ class packageManager {
|
|
|
44
44
|
return packageManagerOption
|
|
45
45
|
}
|
|
46
46
|
|
|
47
|
-
static getDefaultPackageManager
|
|
47
|
+
static getDefaultPackageManager() {
|
|
48
48
|
return DEFAULT_PKGMGR
|
|
49
49
|
}
|
|
50
50
|
}
|