ts-node-client 3.0.1 → 3.2.0

package/.editorconfig

@@ -0,0 +1,10 @@
+root = true
+
+[*]
+end_of_line = lf
+insert_final_newline = true
+
+[*.{js,json,yml}]
+charset = utf-8
+indent_style = space
+indent_size = 2

package/.gitattributes

@@ -0,0 +1,4 @@
+/.yarn/**            linguist-vendored
+/.yarn/releases/*    binary
+/.yarn/plugins/**/*  binary
+/.pnp.*              binary linguist-generated

package/.yarnrc.yml

@@ -0,0 +1 @@
+nodeLinker: node-modules

package/CHANGELOG.md

@@ -8,6 +8,24 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 
+## 3.2.0 - 2023-08-01
+
+### Added
+* support package-lock.json v.3
+
+### Changed
+* bump dependencies
+
+
+## 3.1.0 - 2023-04-20
+
+### Added
+* support for yarn v2+ lock files
+  
+### Changed
+* project migrated to yarn 3.5
+
+
 ## 3.0.1 - 2023-02-08
 
 ### Changed

package/README.md

@@ -9,12 +9,21 @@
 
 > TrustSource node client - node module to transfer dependency information to TrustSource server.
 
+## Release 3.2.0
+Package now support package-lock.json v.3
+
+## Release 3.1.0
+Package now support yarn v.2+
+
 ## Release 3.0.0
 Package now is not including `npm` anymore. The addition has been done due to missing programmatic API in npm >= 8.0.0 and in order to skip deprecated dependencies
 
 This change affects the structure of scans slightly, but it heavily improves the scanner.
 
 ## Requirements
+* node >= 12.0.0 use **ts-node-client@3.1.+***
+
+## Older versions
 * node >= 8.9.0
 * npm < 8.0.0 use **ts-node-client@1.***
 * npm >= 8.0.0 use **ts-node-client@2.***

package/bin/ts-node-client.js

@@ -1,196 +1,196 @@
-#!/usr/bin/env node
-
-/* eslint-disable */
-/**************************************************************
- * Copyright (c) 2017. Enterprise Architecture Group, EACG GmbH
- *
- * SPDX-License-Identifier:    Apache-2.0
- *************************************************************/
-/* eslint-enable */
-const fs = require('fs');
-const yargs = require('yargs');
-const pckgJson = require('../package.json');
-
-const URL = 'https://app.trustsource.io';
-const CRED_FILENAME = '/.tsrc.json';
-const FILL = '                      ';
-const execute = require('../lib/cli');
-
-const getOptions = () => {
-    let options = yargs
-        .options({
-            apiKey: {
-                alias: 'k',
-                default: null,
-                describe: 'apiKey'
-            },
-            project: {
-                alias: 'p',
-                default: null,
-                describe: 'Project name'
-            },
-            branch: {
-                alias: 'b',
-                default: null,
-                describe: 'Scan branch'
-            },
-            tag: {
-                alias: 't',
-                default: null,
-                describe: 'Scan tag'
-            },
-            binaryLinks: {
-                default: null,
-                describe: 'Binary links separated by comma'
-            },
-            url: {
-                default: null,
-                describe: 'url'
-            },
-            config: {
-                alias: 'c',
-                default: null,
-                describe: 'Config path'
-            },
-            proxy: {
-                default: null,
-                describe: 'Proxy url like \'https://user:password@host:port\''
-            },
-            saveAs: {
-                alias: 'o',
-                default: null,
-                describe: 'Save as file (file name prefix)'
-            },
-            saveAsFormat: {
-                alias: 'f',
-                default: null,
-                describe: 'Save as format (scan / cydx / spdx)'
-            },
-            debug: {
-                default: null,
-                describe: 'debug'
-            },
-            simulate: {
-                default: null,
-                describe: 'simulate'
-            },
-            meteor: {
-                default: null,
-                describe: 'meteor'
-            },
-            breakOnWarnings: {
-                default: null,
-                describe: 'breakOnWarnings'
-            },
-            breakOnViolations: {
-                default: null,
-                describe: 'breakOnViolations'
-            },
-            includeDevDependencies: {
-                default: null,
-                describe: 'includeDevDependencies'
-            }
-        })
-        .version()
-        .usage(pckgJson.description)
-        .help('help', 'Prints a usage statement')
-        .fail((msg, err, yargsObject) => {
-            if (err) throw err; // preserve stack
-            console.error('Please check', yargsObject.help());
-            process.exit(1);
-        })
-        .argv;
-    if (options.version) {
-        console.info(`${pckgJson.name} version ${pckgJson.version}`);
-        process.exit(0);
-    }
-    options = (({
-        // eslint-disable-next-line max-len
-        apiKey, project, branch, tag, binaryLinks, config, debug, saveAs, saveAsFormat, simulate, meteor, url, proxy, breakOnWarnings, breakOnViolations, includeDevDependencies
-    }) => ({
-        // eslint-disable-next-line max-len
-        apiKey, project, branch, tag, binaryLinks, config, debug, saveAs, saveAsFormat, simulate, scanMeteor: meteor, url, proxy, breakOnWarnings, breakOnViolations, includeDevDependencies
-    }))(options);
-    Object.keys(options).forEach((key) => options[key] === null && delete options[key]);
-    return options;
-};
-
-const loadConfig = (options) => {
-    const values = [
-        options.config ? options.config.replace('~', process.env.HOME) : null,
-        process.cwd(),
-        ((process.env.USERPROFILE || process.env.HOME) + CRED_FILENAME)
-    ].map((value) => {
-        let result = null;
-        if (fs.existsSync(value) && fs.lstatSync(value).isDirectory() && fs.existsSync(`${value}${CRED_FILENAME}`)) {
-            result = `${value}${CRED_FILENAME}`;
-        } else if (fs.existsSync(value) && fs.lstatSync(value).isFile()) {
-            result = value;
-        }
-        return !result || result.match(/^([a-zA-Z]:)?(\/|\\)/) ? result : `../../../${result}`;
-    }).filter((value) => value);
-    /* eslint-disable global-require, import/no-dynamic-require */
-    return values[0] ? require(values[0]) : {};
-    /* eslint-enable global-require, import/no-dynamic-require */
-};
-
-const validateOptions = (options) => {
-    if (!options.apiKey) {
-        throw new Error('Please provide a \'apiKey\' property in credentials file.');
-    }
-
-    if (!options.project) {
-        throw new Error('Please provide a \'project\' property in credentials file.');
-    }
-};
-
-let options = getOptions();
-options = { url: URL, ...loadConfig(options), ...options };
-validateOptions(options);
-
-if (options.debug) {
-    console.log('invoking ts-node-client: ');
-    console.log(`${FILL}debug = %s`, options.debug);
-    console.log(`${FILL}simulate = %s`, options.simulate);
-    console.log(`${FILL}includeDevDependencies = %s`, options.includeDevDependencies);
-    console.log(`${FILL}scanMeteor = %s`, options.scanMeteor);
-    console.log(`${FILL}saveAs = %s`, options.saveAs);
-    console.log(`${FILL}saveAsFormat = %s`, options.saveAsFormat);
-    console.log(`${FILL}breakOnViolations = %s`, options.breakOnViolations);
-    console.log(`${FILL}breakOnWarnings = %s`, options.breakOnWarnings);
-    console.log(`${FILL}apiKey = %s`, options.apiKey);
-    console.log(`${FILL}project = %s`, options.project);
-    console.log(`${FILL}branch = %s`, options.branch);
-    console.log(`${FILL}tag = %s`, options.tag);
-    console.log(`${FILL}binaryLinks = %s`, options.binaryLinks);
-    console.log(`${FILL}url = %s`, options.url);
-    console.log(`${FILL}proxy = %s`, options.proxy);
-}
-
-let exitCode = 0;
-
-process.on('uncaughtException', (err) => {
-    console.error('Oops! Something went wrong! :(', err, options.debug ? err.stack : '');
-    process.exit(1);
-});
-
-process.on('SIGINT', () => {
-    console.error('Oops! SIGINT received! :(    -> exiting...');
-    process.exit(1);
-});
-
-process.on('exit', (code) => {
-    console.log('Exitting normal exitCode=', code || exitCode);
-    process.exit(code || exitCode);
-});
-
-
-try {
-    execute(options, (ok) => {
-        exitCode = ok ? 0 : 1;
-    });
-    console.log('cli.execute()', exitCode);
-} catch (error) {
-    console.error('Error catched by cmdline interface:', error);
-    exitCode = 1;
-}
+#!/usr/bin/env node
+
+/* eslint-disable */
+/**************************************************************
+ * Copyright (c) 2017. Enterprise Architecture Group, EACG GmbH
+ *
+ * SPDX-License-Identifier:    Apache-2.0
+ *************************************************************/
+/* eslint-enable */
+const fs = require('fs');
+const yargs = require('yargs');
+const pckgJson = require('../package.json');
+
+const URL = 'https://app.trustsource.io';
+const CRED_FILENAME = '/.tsrc.json';
+const FILL = '                      ';
+const execute = require('../lib/cli');
+
+const getOptions = () => {
+    let options = yargs
+        .options({
+            apiKey: {
+                alias: 'k',
+                default: null,
+                describe: 'apiKey'
+            },
+            project: {
+                alias: 'p',
+                default: null,
+                describe: 'Project name'
+            },
+            branch: {
+                alias: 'b',
+                default: null,
+                describe: 'Scan branch'
+            },
+            tag: {
+                alias: 't',
+                default: null,
+                describe: 'Scan tag'
+            },
+            binaryLinks: {
+                default: null,
+                describe: 'Binary links separated by comma'
+            },
+            url: {
+                default: null,
+                describe: 'url'
+            },
+            config: {
+                alias: 'c',
+                default: null,
+                describe: 'Config path'
+            },
+            proxy: {
+                default: null,
+                describe: 'Proxy url like \'https://user:password@host:port\''
+            },
+            saveAs: {
+                alias: 'o',
+                default: null,
+                describe: 'Save as file (file name prefix)'
+            },
+            saveAsFormat: {
+                alias: 'f',
+                default: null,
+                describe: 'Save as format (scan / cydx / spdx)'
+            },
+            debug: {
+                default: null,
+                describe: 'debug'
+            },
+            simulate: {
+                default: null,
+                describe: 'simulate'
+            },
+            meteor: {
+                default: null,
+                describe: 'meteor'
+            },
+            breakOnWarnings: {
+                default: null,
+                describe: 'breakOnWarnings'
+            },
+            breakOnViolations: {
+                default: null,
+                describe: 'breakOnViolations'
+            },
+            includeDevDependencies: {
+                default: null,
+                describe: 'includeDevDependencies'
+            }
+        })
+        .version()
+        .usage(pckgJson.description)
+        .help('help', 'Prints a usage statement')
+        .fail((msg, err, yargsObject) => {
+            if (err) throw err; // preserve stack
+            console.error('Please check', yargsObject.help());
+            process.exit(1);
+        })
+        .argv;
+    if (options.version) {
+        console.info(`${pckgJson.name} version ${pckgJson.version}`);
+        process.exit(0);
+    }
+    options = (({
+        // eslint-disable-next-line max-len
+        apiKey, project, branch, tag, binaryLinks, config, debug, saveAs, saveAsFormat, simulate, meteor, url, proxy, breakOnWarnings, breakOnViolations, includeDevDependencies
+    }) => ({
+        // eslint-disable-next-line max-len
+        apiKey, project, branch, tag, binaryLinks, config, debug, saveAs, saveAsFormat, simulate, scanMeteor: meteor, url, proxy, breakOnWarnings, breakOnViolations, includeDevDependencies
+    }))(options);
+    Object.keys(options).forEach((key) => options[key] === null && delete options[key]);
+    return options;
+};
+
+const loadConfig = (options) => {
+    const values = [
+        options.config ? options.config.replace('~', process.env.HOME) : null,
+        process.cwd(),
+        ((process.env.USERPROFILE || process.env.HOME) + CRED_FILENAME)
+    ].map((value) => {
+        let result = null;
+        if (fs.existsSync(value) && fs.lstatSync(value).isDirectory() && fs.existsSync(`${value}${CRED_FILENAME}`)) {
+            result = `${value}${CRED_FILENAME}`;
+        } else if (fs.existsSync(value) && fs.lstatSync(value).isFile()) {
+            result = value;
+        }
+        return !result || result.match(/^([a-zA-Z]:)?(\/|\\)/) ? result : `../../../${result}`;
+    }).filter((value) => value);
+    /* eslint-disable global-require, import/no-dynamic-require */
+    return values[0] ? require(values[0]) : {};
+    /* eslint-enable global-require, import/no-dynamic-require */
+};
+
+const validateOptions = (options) => {
+    if (!options.apiKey) {
+        throw new Error('Please provide a \'apiKey\' property in credentials file.');
+    }
+
+    if (!options.project) {
+        throw new Error('Please provide a \'project\' property in credentials file.');
+    }
+};
+
+let options = getOptions();
+options = { url: URL, ...loadConfig(options), ...options };
+validateOptions(options);
+
+if (options.debug) {
+    console.log('invoking ts-node-client: ');
+    console.log(`${FILL}debug = %s`, options.debug);
+    console.log(`${FILL}simulate = %s`, options.simulate);
+    console.log(`${FILL}includeDevDependencies = %s`, options.includeDevDependencies);
+    console.log(`${FILL}scanMeteor = %s`, options.scanMeteor);
+    console.log(`${FILL}saveAs = %s`, options.saveAs);
+    console.log(`${FILL}saveAsFormat = %s`, options.saveAsFormat);
+    console.log(`${FILL}breakOnViolations = %s`, options.breakOnViolations);
+    console.log(`${FILL}breakOnWarnings = %s`, options.breakOnWarnings);
+    console.log(`${FILL}apiKey = %s`, options.apiKey);
+    console.log(`${FILL}project = %s`, options.project);
+    console.log(`${FILL}branch = %s`, options.branch);
+    console.log(`${FILL}tag = %s`, options.tag);
+    console.log(`${FILL}binaryLinks = %s`, options.binaryLinks);
+    console.log(`${FILL}url = %s`, options.url);
+    console.log(`${FILL}proxy = %s`, options.proxy);
+}
+
+let exitCode = 0;
+
+process.on('uncaughtException', (err) => {
+    console.error('Oops! Something went wrong! :(', err, options.debug ? err.stack : '');
+    process.exit(1);
+});
+
+process.on('SIGINT', () => {
+    console.error('Oops! SIGINT received! :(    -> exiting...');
+    process.exit(1);
+});
+
+process.on('exit', (code) => {
+    console.log('Exitting normal exitCode=', code || exitCode);
+    process.exit(code || exitCode);
+});
+
+
+try {
+    execute(options, (ok) => {
+        exitCode = ok ? 0 : 1;
+    });
+    console.log('cli.execute()', exitCode);
+} catch (error) {
+    console.error('Error catched by cmdline interface:', error);
+    exitCode = 1;
+}

package/lib/npm-scanner.js

@@ -10,6 +10,7 @@ const fs = require('fs');
 const path = require('path');
 // eslint-disable-next-line import/no-extraneous-dependencies
 const lockfile = require('@yarnpkg/lockfile');
+const yaml = require('js-yaml');
 const debuglog = (require('debuglog'))('ts-npm-scanner');
 const ScanResult = require('./scanresult');
 const { RestClient } = require('./rest-client');
@@ -64,25 +65,45 @@ function getYarnLock(self, packageData) {
             debuglog('npm.fs.yarn-lock - error:', data);
             return null;
         }
-        const jsonFile = lockfile.parse(data.toString());
-        if (jsonFile.type === 'success') {
-            const base = {
-                name: (packageData && packageData.root && packageData.root.name) || 'root',
-                version: (packageData && packageData.root && packageData.root.version) || '1',
-                dependencies: jsonFile.object
-            };
-            debuglog('Project: ', base.name, base.version);
-            const dependencies = self.walkYarn(base, 0, base);
-            return { root: jsonFile, dependencies };
+        // yarn 1
+        try {
+            const jsonFile = lockfile.parse(data.toString());
+            if (jsonFile && jsonFile.type === 'success') {
+                const dependencies = yarnToResults(self, jsonFile.object, packageData);
+                return { root: jsonFile, dependencies };
+            }
+        } catch (e) {
+            debuglog('npm.fs.yarn-v1-lock - error:', e);
+        }
+        // yarn 2+
+        try {
+            const json = yaml.load(data.toString());
+            // eslint-disable-next-line no-underscore-dangle
+            if (json && json.__metadata) {
+                // eslint-disable-next-line no-underscore-dangle
+                delete json.__metadata;
+                const dependencies = yarnToResults(self, json, packageData);
+                return { root: json, dependencies };
+            }
+        } catch (e) {
+            debuglog('npm.fs.yarn-v2-lock - error:', e);
         }
-        debuglog('npm.fs.yarn-lock - error:', jsonFile);
+        debuglog('npm.fs.yarn-lock - error: Failed to parse file');
         return null;
     } catch (e) {
         debuglog('npm.fs.yarn-lock - error:', e);
         return null;
     }
 }
-
+function yarnToResults(self, json, packageData) {
+    const base = {
+        name: (packageData && packageData.root && packageData.root.name) || 'root',
+        version: (packageData && packageData.root && packageData.root.version) || '1',
+        dependencies: json
+    };
+    debuglog('Project: ', base.name, base.version);
+    return self.walkYarn(base, 0, base);
+}
 function saveResults(cb, options, root, dependencies) {
     const result = new ScanResult(options.project, root.name, `npm:${root.name}`, dependencies);
     debuglog('result: ', JSON.stringify(result));
@@ -152,6 +173,15 @@ Scanner.prototype.walk = function walk(npmDependency, level, root) {
                 }
                 checkForChild(self, opts, dependency, childDependency, val, level, root);
             });
+        } else if (npmDependency.packages) {
+            Object.getOwnPropertyNames(npmDependency.packages).forEach((val) => {
+                const childDependency = npmDependency.packages[val];
+                if (childDependency) {
+                    const parts = val.split('node_modules/');
+                    childDependency.name = parts.length > 1 ? parts.slice(1).join('node_modules/') : parts[0];
+                }
+                checkForChild(self, opts, dependency, childDependency, val, level, root);
+            });
         }
         return dependency;
     }