npm - ts-node-client - Versions diffs - 2.1.3 → 3.0.1 - Mend

ts-node-client 2.1.3 → 3.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -1,14 +1,28 @@
-# ts-node-client
-## Changelog
-All notable changes to this project will be documented in this file.
-The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
-and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
-## 2.1.3 - 2022-12-26
-### Changed
-* Migrate versions of dependencies
+# ts-node-client
+## Changelog
+All notable changes to this project will be documented in this file.
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+## 3.0.1 - 2023-02-08
+### Changed
+* docs updated
+## 3.0.0 - 2023-02-08
+### Changed
+* `npm.ls` cli -> `package-lock.json` or `package.json` or `yarn.lock` parse
+* npm removed
+* updated dependencies
+## 2.1.3 - 2022-12-26
+### Changed
+* Migrate versions of dependencies

package/README.md CHANGED Viewed

@@ -9,6 +9,11 @@
 > TrustSource node client - node module to transfer dependency information to TrustSource server.
+## Release 3.0.0
+Package now is not including `npm` anymore. The addition has been done due to missing programmatic API in npm >= 8.0.0 and in order to skip deprecated dependencies
+This change affects the structure of scans slightly, but it heavily improves the scanner.
 ## Requirements
 * node >= 8.9.0
 * npm < 8.0.0 use **ts-node-client@1.***
@@ -86,7 +91,14 @@ you should add value, for example:
 ####  Error: The programmatic API was removed in npm v8.0.0
 You should upgrade to 2.* versions of ts-node-client
-## Changelog
+## Changelog available inside `CHANGELOG.md`
+## [DEPRECATED] Changelog
+#### 3.0.*
+- `npm.ls` cli -> `package-lock.json` parse
+- npm removed
+- updated dependencies
 #### 2.1.*
 - Migrate 1.6.* - 1.8.* changes to version 2.1

package/lib/npm-scanner.js CHANGED Viewed

@@ -6,7 +6,10 @@
  *********************************************************/
 /* eslint-enable */
-const npm = require('npm');
+const fs = require('fs');
+const path = require('path');
+// eslint-disable-next-line import/no-extraneous-dependencies
+const lockfile = require('@yarnpkg/lockfile');
 const debuglog = (require('debuglog'))('ts-npm-scanner');
 const ScanResult = require('./scanresult');
 const { RestClient } = require('./rest-client');
@@ -19,36 +22,94 @@ function Scanner(options) {
     this.name = 'ts-npm-scanner';
 }
+function getPackageJson(self) {
+    try {
+        const file = path.resolve(process.cwd(), 'package.json');
+        const data = fs.readFileSync(file);
+        if (data && data.code === 'ENOENT') {
+            debuglog('npm.fs.package - error:', data);
+            return null;
+        }
+        const jsonFile = JSON.parse(data);
+        debuglog('Project: ', jsonFile.name, jsonFile.version);
+        const dependencies = self.walkPackage(jsonFile, 0, jsonFile);
+        return { root: jsonFile, dependencies };
+    } catch (e) {
+        debuglog('npm.fs.package - error:', e);
+        return null;
+    }
+}
+function getPackageLockJson(self) {
+    try {
+        const file = path.resolve(process.cwd(), 'package-lock.json');
+        const data = fs.readFileSync(file);
+        if (data && data.code === 'ENOENT') {
+            debuglog('npm.fs.package-lock - error:', data);
+            return null;
+        }
+        const jsonFile = JSON.parse(data);
+        debuglog('Project: ', jsonFile.name, jsonFile.version);
+        const dependencies = self.walk(jsonFile, 0, jsonFile);
+        return { root: jsonFile, dependencies };
+    } catch (e) {
+        debuglog('npm.fs.package-lock - error:', e);
+        return null;
+    }
+}
+function getYarnLock(self, packageData) {
+    try {
+        const file = path.resolve(process.cwd(), 'yarn.lock');
+        const data = fs.readFileSync(file);
+        if (data && data.code === 'ENOENT') {
+            debuglog('npm.fs.yarn-lock - error:', data);
+            return null;
+        }
+        const jsonFile = lockfile.parse(data.toString());
+        if (jsonFile.type === 'success') {
+            const base = {
+                name: (packageData && packageData.root && packageData.root.name) || 'root',
+                version: (packageData && packageData.root && packageData.root.version) || '1',
+                dependencies: jsonFile.object
+            };
+            debuglog('Project: ', base.name, base.version);
+            const dependencies = self.walkYarn(base, 0, base);
+            return { root: jsonFile, dependencies };
+        }
+        debuglog('npm.fs.yarn-lock - error:', jsonFile);
+        return null;
+    } catch (e) {
+        debuglog('npm.fs.yarn-lock - error:', e);
+        return null;
+    }
+}
+function saveResults(cb, options, root, dependencies) {
+    const result = new ScanResult(options.project, root.name, `npm:${root.name}`, dependencies);
+    debuglog('result: ', JSON.stringify(result));
+    cb(undefined, result);
+}
 Scanner.prototype.scan = function scan(cb) {
     const self = this;
     const { options } = this;
-    npm.load({ parseable: true, long: false }, (cberr, cbnpm) => {
-        if (cberr) {
-            debuglog('npm.load - error: ', cberr);
-            cb(cberr);
-        } else {
-            debuglog('npm loaded: prefix = %s', cbnpm.prefix);
-            cbnpm.commands.ls([], true, (err, data) => {
-                if (err) {
-                    debuglog('npm.commands.ls - error:', err);
-                    cb(err);
-                } else {
-                    debuglog('Project: ', data.name, data.version);
-                    const dependency = self.walk(data);
-                    const result = new ScanResult(
-                        options.project,
-                        data.name,
-                        `npm:${data.name}`,
-                        dependency
-                    );
-                    debuglog('result: ', JSON.stringify(result));
-                    cb(undefined, result);
-                }
-            });
-        }
-    });
+    const packageData = getPackageJson(self);
+    const packageLockData = getPackageLockJson(self);
+    const yarnLockData = getYarnLock(self, packageData);
+    if (packageData && yarnLockData) {
+        yarnLockData.root = packageData.root;
+    }
+    const data = packageLockData || yarnLockData || packageData;
+    if (data && data.root) {
+        saveResults(cb, options, data.root, data.dependencies);
+    } else {
+        const err = {
+            status: 404,
+            message: 'No results found in `package-lock.json` or `package.json` or `yarn.lock`'
+        };
+        debuglog('result: ', JSON.stringify(err));
+        cb(err);
+    }
 };
 Scanner.prototype.transfer = function transfer(scan, cb) {
@@ -57,11 +118,49 @@ Scanner.prototype.transfer = function transfer(scan, cb) {
 };
 /* eslint-disable no-underscore-dangle, prefer-rest-params, no-mixed-operators */
-Scanner.prototype.walk = function walk(npmDependency, level) {
+Scanner.prototype.walk = function walk(npmDependency, level, root) {
     const self = this;
     const opts = this.options || {};
     level = level || 0;
+    printDependency(npmDependency, level);
+    if (npmDependency.name) {
+        let pkg = root && root.packages && root.packages[`node_modules/${npmDependency.name}`];
+        if (!pkg) {
+            pkg = root && root.packages && root.packages[''];
+        }
+        let repository = npmDependency.repository && npmDependency.repository.url;
+        if (!repository) {
+            repository = pkg && pkg.repository && pkg.repository.url;
+        }
+        const dependency = new Dependency(
+            npmDependency.name,
+            npmDependency.version,
+            'npm',
+            npmDependency.description,
+            npmDependency.private,
+            npmDependency.licenses || npmDependency.license || (pkg && (pkg.licenses || pkg.license)),
+            npmDependency.homepage || (pkg && pkg.homepage),
+            repository
+        );
+        if (npmDependency.dependencies) {
+            Object.getOwnPropertyNames(npmDependency.dependencies).forEach((val) => {
+                const childDependency = npmDependency.dependencies[val];
+                if (childDependency) {
+                    childDependency.name = val;
+                }
+                checkForChild(self, opts, dependency, childDependency, val, level, root);
+            });
+        }
+        return dependency;
+    }
+    return null;
+};
+function checkForChild(self, opts, dependency, childDependency, val, level, root) {
+    let child = null;
     function log() {
         const args = [].slice.call(arguments, 0);
         if (opts.verbose) {
@@ -70,10 +169,39 @@ Scanner.prototype.walk = function walk(npmDependency, level) {
             debuglog.apply(this, args);
         }
     }
+    // check for errorneous dependencies (e.g a nmp-debug.log file)
+    if (childDependency.error) {
+        log('Skipping errorneous dependency on level %d: ', level, val);
+        // check for blacklisted dependencies on level 0
+    } else if (level === 0 && (opts.exclude instanceof Array && opts.exclude.indexOf(val) >= 0 || opts.exclude === val)) {
+        log('Skipping level 0 blacklisted dependency: ', val);
+        // include dev dependencies on level 0 if configured
+    } else if (level === 0 && opts.includeDevDependencies && childDependency && childDependency.dev) {
+        log('Adding level 0 devDependency:', val);
+        child = self.walk(childDependency, level + 1, root);
+        // include runtime dependencies
+    } else if (childDependency && !childDependency.dev) {
+        log('Adding dependency on level %d:', level, val);
+        child = self.walk(childDependency, level + 1, root);
+    } else {
+        log('Skipping undeclared dependency on level %d: ', level, val);
+    }
+    if (child) {
+        dependency.addDependency(child);
+    }
+}
+/* eslint-enable no-underscore-dangle, prefer-rest-params, no-mixed-operators */
+// eslint-disable-next-line sonarjs/cognitive-complexity
+Scanner.prototype.walkPackage = function walkPackage(npmDependency, level) {
+    const self = this;
+    const opts = this.options || {};
+    level = level || 0;
     printDependency(npmDependency, level);
     if (npmDependency.name) {
+        const repository = npmDependency.repository && npmDependency.repository.url;
         const dependency = new Dependency(
             npmDependency.name,
             npmDependency.version,
@@ -82,45 +210,82 @@ Scanner.prototype.walk = function walk(npmDependency, level) {
             npmDependency.private,
             npmDependency.licenses || npmDependency.license,
             npmDependency.homepage,
-            npmDependency.repository ? npmDependency.repository.url : undefined
+            repository
         );
+        if (npmDependency.dependencies) {
+            Object.getOwnPropertyNames(npmDependency.dependencies).forEach((val) => {
+                const childDependency = {
+                    name: val,
+                    version: npmDependency.dependencies[val]
+                };
+                checkForChild(self, opts, dependency, childDependency, val, level);
+            });
+            if (opts.includeDevDependencies) {
+                Object.getOwnPropertyNames(npmDependency.devDependencies).forEach((val) => {
+                    const childDependency = {
+                        name: val,
+                        version: npmDependency.devDependencies[val]
+                    };
+                    checkForChild(self, opts, dependency, childDependency, val, level);
+                });
+            }
+        }
+        return dependency;
+    }
+    return null;
+};
+// eslint-disable-next-line sonarjs/cognitive-complexity
+Scanner.prototype.walkYarn = function walkPackage(npmDependency, level) {
+    const self = this;
+    const opts = this.options || {};
+    level = level || 0;
+    printDependency(npmDependency, level);
+    if (npmDependency.name) {
+        const repository = npmDependency.repository && npmDependency.repository.url;
+        const dependency = new Dependency(
+            npmDependency.name,
+            npmDependency.version,
+            'npm',
+            npmDependency.description,
+            npmDependency.private,
+            npmDependency.licenses || npmDependency.license,
+            npmDependency.homepage,
+            repository
+        );
         if (npmDependency.dependencies) {
             Object.getOwnPropertyNames(npmDependency.dependencies).forEach((val) => {
-                const childDependency = npmDependency.dependencies[val];
-                let child = null;
-                // check for errorneous dependencies (e.g a nmp-debug.log file)
-                if (childDependency.error) {
-                    log('Skipping errorneous dependency on level %d: ', level, val);
-                    // check for blacklisted dependencies on level 0
-                } else if (level === 0 && (opts.exclude instanceof Array && opts.exclude.indexOf(val) >= 0 || opts.exclude === val)) {
-                    log('Skipping level 0 blacklisted dependency: ', val);
-                    // include dev dependencies on level 0 if configured
-                } else if (level === 0 && opts.includeDevDependencies
-                    && npmDependency.devDependencies && npmDependency.devDependencies[val]) {
-                    log('Adding level 0 devDependency:', val);
-                    child = self.walk(npmDependency.dependencies[val], level + 1);
-                    // include runtime dependencies
-                } else if (npmDependency._dependencies && npmDependency._dependencies[val]) {
-                    log('Adding dependency on level %d:', level, val);
-                    child = self.walk(npmDependency.dependencies[val], level + 1);
-                } else {
-                    log('Skipping undeclared dependency on level %d: ', level, val);
-                }
-                if (child) {
-                    dependency.addDependency(child);
-                }
+                const name = val.split('@')[0];
+                const depData = npmDependency.dependencies[val];
+                const version = (depData && depData.version) || depData;
+                const childDependency = {
+                    name,
+                    version: version && typeof version === 'string' ? version : null
+                };
+                checkForChild(self, opts, dependency, childDependency, val, level);
             });
+            if (opts.includeDevDependencies) {
+                Object.getOwnPropertyNames(npmDependency.devDependencies).forEach((val) => {
+                    const depData = npmDependency.devDependencies[val];
+                    const version = (depData && depData.version) || depData;
+                    const childDependency = {
+                        name: val,
+                        version: version && typeof version === 'string' ? version : null
+                    };
+                    checkForChild(self, opts, dependency, childDependency, val, level);
+                });
+            }
         }
         return dependency;
     }
     return null;
 };
-/* eslint-enable no-underscore-dangle, prefer-rest-params, no-mixed-operators */
 function printDependency(dep, level) {
     level = level || 0;
@@ -132,8 +297,8 @@ function printDependency(dep, level) {
     debuglog(`${fill}Private: `, dep.private);
     debuglog(`${fill}Description: `, dep.description);
     if (dep.repository) {
-        debuglog(`${fill}Repsitory type:`, dep.repository.type);
-        debuglog(`${fill}Repsitory url:`, dep.repository.url);
+        debuglog(`${fill}Repository type:`, dep.repository.type);
+        debuglog(`${fill}Repository url:`, dep.repository.url);
     }
-    debuglog(`${fill}Homdepage: `, dep.homepage);
+    debuglog(`${fill}Homepage: `, dep.homepage);
 }

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "ts-node-client",
   "description": "npm / node module to transfer dependency information to TrustSource server.",
-  "version": "2.1.3",
+  "version": "3.0.1",
   "private": false,
   "homepage": "https://app.trustsource.io/",
   "author": {
@@ -21,28 +21,28 @@
     "ts-node-client": "./bin/ts-node-client.js"
   },
   "scripts": {
-    "scan": "node ./bin/ts-node-client.js",
+    "scan": "node ./bin/ts-node-client.js --debug true",
     "scan-with-brakes": "node ./bin/ts-node-client.js --breakOnViolations true --breakOnWarnings false",
-    "scan-to-file": "node ./bin/ts-node-client.js --saveAs test --saveAsFormat cydx",
+    "scan-to-file": "node ./bin/ts-node-client.js --saveAs test --saveAsFormat scan",
     "lint": "eslint bin lib test",
     "lint-fix": "eslint bin lib test --fix",
     "test": "mocha test",
     "precommit": "npm run lint && npm run test"
   },
   "dependencies": {
-    "npm": "6.14.18",
-    "axios": "1.2.1",
+    "@yarnpkg/lockfile": "^1.1.0",
+    "axios": "1.2.6",
     "debuglog": "1.0.1",
     "semver": "7.3.8",
     "yargs": "17.6.2"
   },
   "devDependencies": {
-    "eslint": "8.30.0",
+    "eslint": "8.33.0",
     "eslint-config-airbnb-base": "15.0.0",
-    "eslint-plugin-import": "2.26.0",
-    "eslint-plugin-sonarjs": "0.17.0",
+    "eslint-plugin-import": "2.27.5",
+    "eslint-plugin-sonarjs": "0.18.0",
     "mocha": "10.2.0",
-    "nock": "13.2.9"
+    "nock": "13.3.0"
   },
   "keywords": [
     "node",

package/test/error-test.js CHANGED Viewed

@@ -9,7 +9,7 @@
 const assert = require('assert');
-const util = require('util');
+const util = require('util');
 const SHOULD_CONTAIN = 'should contain \'name\' and \'message\' fields';