ts-node-client 3.2.0 → 3.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (26) hide show
  1. package/.editorconfig +10 -10
  2. package/.eslintrc.json +29 -29
  3. package/.gitattributes +4 -4
  4. package/.github/workflows/codeql-analysis.yml +71 -71
  5. package/.github/workflows/publish.yml +32 -0
  6. package/.travis.yml +12 -12
  7. package/CHANGELOG.md +58 -46
  8. package/LICENSE +202 -202
  9. package/README.md +191 -191
  10. package/SECURITY.md +21 -21
  11. package/lib/cli.js +122 -122
  12. package/lib/convertor.js +244 -244
  13. package/lib/dependency.js +169 -169
  14. package/lib/meteor-scanner.js +61 -61
  15. package/lib/npm-scanner.js +334 -334
  16. package/lib/pkg.js +36 -36
  17. package/lib/rest-client.js +129 -129
  18. package/lib/scanresult.js +32 -32
  19. package/package-lock.json +5147 -0
  20. package/package-lock_dev_test.json +47 -0
  21. package/package.json +2 -2
  22. package/test/dependency-test.js +309 -309
  23. package/test/error-test.js +80 -80
  24. package/test/rest-test.js +75 -75
  25. package/test/scanresult-test.js +44 -44
  26. package/.yarnrc.yml +0 -1
package/lib/convertor.js CHANGED
@@ -1,244 +1,244 @@
1
- /* eslint-disable */
2
- /**********************************************************
3
- * Copyright (c) 2017. Enterprise Architecture Group, EACG
4
- *
5
- * SPDX-License-Identifier: Apache-2.0
6
- *********************************************************/
7
- /* eslint-enable */
8
- const PackageURL = require('./pkg');
9
-
10
- const Convertor = {};
11
-
12
- Convertor.scanTo = function scanTo(type, scan) {
13
- if (type.toLowerCase() === 'cydx') {
14
- return Convertor.scanToCydx(scan);
15
- }
16
- if (type.toLowerCase() === 'spdx') {
17
- return Convertor.scanToSpdx(scan);
18
- }
19
- return scan;
20
- };
21
-
22
- function ComponentKey(key, parts) {
23
- if (!key || typeof key.split !== 'function') {
24
- // throw new Error('key must be a string');
25
- } else {
26
- parts = parts || { mgr: true, component: true, version: true };
27
-
28
- const partsCnt = (parts.mgr ? 1 : 0) + (parts.component ? 1 : 0) + (parts.version ? 1 : 0);
29
- const splitParts = key.split(':');
30
- // component may exists of more than one part
31
- if ((parts.component && splitParts.length < partsCnt) || (!parts.component && splitParts.length !== partsCnt)) {
32
- // throw new Error('invalid key format:' + key);
33
- } else {
34
- let compStartIdx = 0; let
35
- compEndIdx = splitParts.length;
36
- if (parts.mgr) {
37
- // eslint-disable-next-line prefer-destructuring
38
- this.manager = splitParts[0];
39
- // eslint-disable-next-line no-plusplus
40
- compStartIdx++;
41
- }
42
- if (parts.version) {
43
- this.version = splitParts[splitParts.length - 1];
44
- // eslint-disable-next-line no-plusplus
45
- compEndIdx--;
46
- }
47
- if (parts.component) {
48
- this.component = '';
49
- // eslint-disable-next-line no-plusplus
50
- for (let i = compStartIdx; i < compEndIdx; i++) {
51
- if (this.component) {
52
- this.component += ':';
53
- }
54
- this.component += splitParts[i];
55
- }
56
- }
57
- }
58
- }
59
- }
60
-
61
- function getPackageUrl(componentKey, version) {
62
- const result = new ComponentKey(componentKey, { mgr: true, component: true });
63
- if (result && result.component && result.manager !== 'im') {
64
- const parts = result.component.split(':');
65
- const org = parts.length > 1 ? parts[0] : null;
66
- const key = parts.length > 1 ? parts[1] : parts[0];
67
- if (key) {
68
- return PackageURL.get(result.manager, org, key, version);
69
- }
70
- return null;
71
- }
72
- return null;
73
- }
74
-
75
- function getSpdxFormattedKey(componentKey) {
76
- return componentKey.split(':').join('-');
77
- }
78
-
79
- function dependencyToCydxComponent(dependency) {
80
- const {
81
- name, key, description, homepageUrl, repoUrl, licenses, versions
82
- } = dependency;
83
- const version = versions && versions[0];
84
- const purl = getPackageUrl(key, version);
85
- const comp = {
86
- type: 'library',
87
- 'bom-ref': purl,
88
- name,
89
- version,
90
- description,
91
- purl,
92
- externalReferences: []
93
- };
94
- if (licenses && licenses[0] && licenses[0].name) {
95
- comp.licenses = [
96
- {
97
- license: {
98
- id: licenses[0].name
99
- }
100
- }
101
- ];
102
- }
103
- if (repoUrl) {
104
- comp.externalReferences.push({
105
- type: 'vcs',
106
- url: repoUrl
107
- });
108
- }
109
- if (homepageUrl) {
110
- comp.externalReferences.push({
111
- type: 'website',
112
- url: homepageUrl
113
- });
114
- }
115
- return comp;
116
- }
117
-
118
- function dependencyToSpdxComponent(dependency) {
119
- const {
120
- name, key, homepageUrl, repoUrl, licenses, versions
121
- } = dependency;
122
- const version = versions && versions[0];
123
- const comp = {
124
- SPDXID: `SPDXRef-${getSpdxFormattedKey(key)}`,
125
- // TODO implement Copyright meta
126
- copyrightText: '',
127
- filesAnalyzed: false,
128
- name,
129
- versionInfo: version
130
- };
131
- if (licenses && licenses[0] && licenses[0].name) {
132
- comp.licenseConcluded = licenses[0].name;
133
- comp.licenseDeclared = licenses[0].name;
134
- comp.licenseInfoFromFiles = [licenses[0].name];
135
- }
136
- if (repoUrl) {
137
- comp.downloadLocation = repoUrl;
138
- }
139
- if (homepageUrl) {
140
- comp.homepage = homepageUrl;
141
- }
142
- return comp;
143
- }
144
-
145
- function handleDependency(list, dependency, type, relationships, parent) {
146
- let component;
147
- if (type === 'cydx') {
148
- component = dependencyToCydxComponent(dependency);
149
- } else if (type === 'spdx') {
150
- component = dependencyToSpdxComponent(dependency);
151
- } else {
152
- component = dependency;
153
- }
154
- if (component) {
155
- const hasComponent = list.find((item) => (item.SPDXID && item.SPDXID === component.SPDXID)
156
- || (item['bom-ref'] && item['bom-ref'] === component['bom-ref']));
157
- if (!hasComponent) {
158
- list.push(component);
159
- }
160
- }
161
- if (relationships && parent) {
162
- if (parent.creationInfo) {
163
- relationships.push({
164
- spdxElementId: parent.SPDXID,
165
- relatedSpdxElement: component.SPDXID,
166
- relationshipType: 'DESCRIBES'
167
- });
168
- }
169
- relationships.push({
170
- spdxElementId: parent.SPDXID,
171
- relatedSpdxElement: component.SPDXID,
172
- relationshipType: 'CONTAINS'
173
- });
174
- }
175
- if (dependency.dependencies) {
176
- dependency.dependencies.forEach((child) => {
177
- handleDependency(list, child, type, relationships, component);
178
- });
179
- }
180
- }
181
-
182
- Convertor.scanToCydx = function scanTo(scan) {
183
- const date = new Date();
184
- const cydx = {
185
- bomFormat: 'CycloneDX',
186
- specVersion: '1.3',
187
- serialNumber: 'urn:uuid:ea788421-7eb0-448b-833e-b32dd0f39d0c',
188
- version: 1,
189
- metadata: {
190
- timestamp: date.toISOString(),
191
- tools: [
192
- {
193
- vendor: 'CycloneDX',
194
- name: 'Node.js module',
195
- version: '3.6.0'
196
- }
197
- ]
198
- },
199
- components: []
200
- };
201
- if (scan.dependencies && scan.dependencies[0]) {
202
- cydx.components = [];
203
- handleDependency(cydx.components, scan.dependencies[0], 'cydx');
204
- if (cydx.components.length > 0) {
205
- // eslint-disable-next-line prefer-destructuring
206
- cydx.metadata.component = cydx.components[0];
207
- cydx.components.shift();
208
- }
209
- }
210
- return cydx;
211
- };
212
-
213
- Convertor.scanToSpdx = function scanTo(scan) {
214
- const date = new Date();
215
- const spdx = {
216
- SPDXID: 'SPDXRef-DOCUMENT',
217
- spdxVersion: 'SPDX-2.0',
218
- creationInfo: {
219
- created: date.toISOString(),
220
- creators: [
221
- 'Tool: ts-node-client > 1.8.1',
222
- 'Organization: TrustSource'
223
- ],
224
- licenseListVersion: '2.5'
225
- },
226
- dataLicense: 'CC0-1.0'
227
- };
228
- if (scan.dependencies && scan.dependencies[0]) {
229
- spdx.packages = [];
230
- spdx.relationships = [];
231
- handleDependency(spdx.packages, scan.dependencies[0], 'spdx', spdx.relationships, spdx);
232
- if (spdx.packages.length > 0) {
233
- const first = spdx.packages[0];
234
- spdx.name = first.name;
235
- spdx.documentDescribes = [first.SPDXID];
236
- spdx.documentNamespace = `https://app.trustsource.io/spdx/${spdx.name}`;
237
- }
238
- }
239
- return spdx;
240
- };
241
-
242
-
243
- module.exports = Convertor;
244
-
1
+ /* eslint-disable */
2
+ /**********************************************************
3
+ * Copyright (c) 2017. Enterprise Architecture Group, EACG
4
+ *
5
+ * SPDX-License-Identifier: Apache-2.0
6
+ *********************************************************/
7
+ /* eslint-enable */
8
+ const PackageURL = require('./pkg');
9
+
10
+ const Convertor = {};
11
+
12
+ Convertor.scanTo = function scanTo(type, scan) {
13
+ if (type.toLowerCase() === 'cydx') {
14
+ return Convertor.scanToCydx(scan);
15
+ }
16
+ if (type.toLowerCase() === 'spdx') {
17
+ return Convertor.scanToSpdx(scan);
18
+ }
19
+ return scan;
20
+ };
21
+
22
+ function ComponentKey(key, parts) {
23
+ if (!key || typeof key.split !== 'function') {
24
+ // throw new Error('key must be a string');
25
+ } else {
26
+ parts = parts || { mgr: true, component: true, version: true };
27
+
28
+ const partsCnt = (parts.mgr ? 1 : 0) + (parts.component ? 1 : 0) + (parts.version ? 1 : 0);
29
+ const splitParts = key.split(':');
30
+ // component may exists of more than one part
31
+ if ((parts.component && splitParts.length < partsCnt) || (!parts.component && splitParts.length !== partsCnt)) {
32
+ // throw new Error('invalid key format:' + key);
33
+ } else {
34
+ let compStartIdx = 0; let
35
+ compEndIdx = splitParts.length;
36
+ if (parts.mgr) {
37
+ // eslint-disable-next-line prefer-destructuring
38
+ this.manager = splitParts[0];
39
+ // eslint-disable-next-line no-plusplus
40
+ compStartIdx++;
41
+ }
42
+ if (parts.version) {
43
+ this.version = splitParts[splitParts.length - 1];
44
+ // eslint-disable-next-line no-plusplus
45
+ compEndIdx--;
46
+ }
47
+ if (parts.component) {
48
+ this.component = '';
49
+ // eslint-disable-next-line no-plusplus
50
+ for (let i = compStartIdx; i < compEndIdx; i++) {
51
+ if (this.component) {
52
+ this.component += ':';
53
+ }
54
+ this.component += splitParts[i];
55
+ }
56
+ }
57
+ }
58
+ }
59
+ }
60
+
61
+ function getPackageUrl(componentKey, version) {
62
+ const result = new ComponentKey(componentKey, { mgr: true, component: true });
63
+ if (result && result.component && result.manager !== 'im') {
64
+ const parts = result.component.split(':');
65
+ const org = parts.length > 1 ? parts[0] : null;
66
+ const key = parts.length > 1 ? parts[1] : parts[0];
67
+ if (key) {
68
+ return PackageURL.get(result.manager, org, key, version);
69
+ }
70
+ return null;
71
+ }
72
+ return null;
73
+ }
74
+
75
+ function getSpdxFormattedKey(componentKey) {
76
+ return componentKey.split(':').join('-');
77
+ }
78
+
79
+ function dependencyToCydxComponent(dependency) {
80
+ const {
81
+ name, key, description, homepageUrl, repoUrl, licenses, versions
82
+ } = dependency;
83
+ const version = versions && versions[0];
84
+ const purl = getPackageUrl(key, version);
85
+ const comp = {
86
+ type: 'library',
87
+ 'bom-ref': purl,
88
+ name,
89
+ version,
90
+ description,
91
+ purl,
92
+ externalReferences: []
93
+ };
94
+ if (licenses && licenses[0] && licenses[0].name) {
95
+ comp.licenses = [
96
+ {
97
+ license: {
98
+ id: licenses[0].name
99
+ }
100
+ }
101
+ ];
102
+ }
103
+ if (repoUrl) {
104
+ comp.externalReferences.push({
105
+ type: 'vcs',
106
+ url: repoUrl
107
+ });
108
+ }
109
+ if (homepageUrl) {
110
+ comp.externalReferences.push({
111
+ type: 'website',
112
+ url: homepageUrl
113
+ });
114
+ }
115
+ return comp;
116
+ }
117
+
118
+ function dependencyToSpdxComponent(dependency) {
119
+ const {
120
+ name, key, homepageUrl, repoUrl, licenses, versions
121
+ } = dependency;
122
+ const version = versions && versions[0];
123
+ const comp = {
124
+ SPDXID: `SPDXRef-${getSpdxFormattedKey(key)}`,
125
+ // TODO implement Copyright meta
126
+ copyrightText: '',
127
+ filesAnalyzed: false,
128
+ name,
129
+ versionInfo: version
130
+ };
131
+ if (licenses && licenses[0] && licenses[0].name) {
132
+ comp.licenseConcluded = licenses[0].name;
133
+ comp.licenseDeclared = licenses[0].name;
134
+ comp.licenseInfoFromFiles = [licenses[0].name];
135
+ }
136
+ if (repoUrl) {
137
+ comp.downloadLocation = repoUrl;
138
+ }
139
+ if (homepageUrl) {
140
+ comp.homepage = homepageUrl;
141
+ }
142
+ return comp;
143
+ }
144
+
145
+ function handleDependency(list, dependency, type, relationships, parent) {
146
+ let component;
147
+ if (type === 'cydx') {
148
+ component = dependencyToCydxComponent(dependency);
149
+ } else if (type === 'spdx') {
150
+ component = dependencyToSpdxComponent(dependency);
151
+ } else {
152
+ component = dependency;
153
+ }
154
+ if (component) {
155
+ const hasComponent = list.find((item) => (item.SPDXID && item.SPDXID === component.SPDXID)
156
+ || (item['bom-ref'] && item['bom-ref'] === component['bom-ref']));
157
+ if (!hasComponent) {
158
+ list.push(component);
159
+ }
160
+ }
161
+ if (relationships && parent) {
162
+ if (parent.creationInfo) {
163
+ relationships.push({
164
+ spdxElementId: parent.SPDXID,
165
+ relatedSpdxElement: component.SPDXID,
166
+ relationshipType: 'DESCRIBES'
167
+ });
168
+ }
169
+ relationships.push({
170
+ spdxElementId: parent.SPDXID,
171
+ relatedSpdxElement: component.SPDXID,
172
+ relationshipType: 'CONTAINS'
173
+ });
174
+ }
175
+ if (dependency.dependencies) {
176
+ dependency.dependencies.forEach((child) => {
177
+ handleDependency(list, child, type, relationships, component);
178
+ });
179
+ }
180
+ }
181
+
182
+ Convertor.scanToCydx = function scanTo(scan) {
183
+ const date = new Date();
184
+ const cydx = {
185
+ bomFormat: 'CycloneDX',
186
+ specVersion: '1.3',
187
+ serialNumber: 'urn:uuid:ea788421-7eb0-448b-833e-b32dd0f39d0c',
188
+ version: 1,
189
+ metadata: {
190
+ timestamp: date.toISOString(),
191
+ tools: [
192
+ {
193
+ vendor: 'CycloneDX',
194
+ name: 'Node.js module',
195
+ version: '3.6.0'
196
+ }
197
+ ]
198
+ },
199
+ components: []
200
+ };
201
+ if (scan.dependencies && scan.dependencies[0]) {
202
+ cydx.components = [];
203
+ handleDependency(cydx.components, scan.dependencies[0], 'cydx');
204
+ if (cydx.components.length > 0) {
205
+ // eslint-disable-next-line prefer-destructuring
206
+ cydx.metadata.component = cydx.components[0];
207
+ cydx.components.shift();
208
+ }
209
+ }
210
+ return cydx;
211
+ };
212
+
213
+ Convertor.scanToSpdx = function scanTo(scan) {
214
+ const date = new Date();
215
+ const spdx = {
216
+ SPDXID: 'SPDXRef-DOCUMENT',
217
+ spdxVersion: 'SPDX-2.0',
218
+ creationInfo: {
219
+ created: date.toISOString(),
220
+ creators: [
221
+ 'Tool: ts-node-client > 1.8.1',
222
+ 'Organization: TrustSource'
223
+ ],
224
+ licenseListVersion: '2.5'
225
+ },
226
+ dataLicense: 'CC0-1.0'
227
+ };
228
+ if (scan.dependencies && scan.dependencies[0]) {
229
+ spdx.packages = [];
230
+ spdx.relationships = [];
231
+ handleDependency(spdx.packages, scan.dependencies[0], 'spdx', spdx.relationships, spdx);
232
+ if (spdx.packages.length > 0) {
233
+ const first = spdx.packages[0];
234
+ spdx.name = first.name;
235
+ spdx.documentDescribes = [first.SPDXID];
236
+ spdx.documentNamespace = `https://app.trustsource.io/spdx/${spdx.name}`;
237
+ }
238
+ }
239
+ return spdx;
240
+ };
241
+
242
+
243
+ module.exports = Convertor;
244
+