ts-node-client 3.3.3 → 3.4.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.github/workflows/publish.yml +3 -5
- package/.github/workflows/scan.yml +1 -1
- package/.yarnrc.yml +1 -0
- package/CHANGELOG.md +15 -0
- package/README.md +4 -1
- package/bin/ts-node-client.js +1 -1
- package/lib/convertor.js +1 -1
- package/lib/npm-scanner.js +2 -2
- package/lib/rest-client.js +2 -2
- package/package.json +5 -5
- package/test/rest-test.js +2 -2
- package/package-lock.json +0 -5250
|
@@ -7,9 +7,6 @@ on:
|
|
|
7
7
|
push:
|
|
8
8
|
branches:
|
|
9
9
|
- 'main'
|
|
10
|
-
pull_request:
|
|
11
|
-
branches:
|
|
12
|
-
- 'main'
|
|
13
10
|
|
|
14
11
|
jobs:
|
|
15
12
|
publish:
|
|
@@ -29,7 +26,8 @@ jobs:
|
|
|
29
26
|
node-version: ${{ matrix.node-version }}
|
|
30
27
|
registry-url: 'https://registry.npmjs.org'
|
|
31
28
|
- name: Install dependencies
|
|
32
|
-
run:
|
|
33
|
-
-
|
|
29
|
+
run: npm i
|
|
30
|
+
- name: Publish package
|
|
31
|
+
run: npm publish
|
|
34
32
|
env:
|
|
35
33
|
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
|
|
@@ -25,5 +25,5 @@ jobs:
|
|
|
25
25
|
- name: Install dependencies
|
|
26
26
|
run: yarn
|
|
27
27
|
- name: Scan dependencies
|
|
28
|
-
run: yarn node ./bin/ts-node-client.js --branch main --tag $GITHUB_REF_NAME --project Scanner --url https://
|
|
28
|
+
run: yarn node ./bin/ts-node-client.js --branch main --tag $GITHUB_REF_NAME --project Scanner --url https://api.trustsource.io/ --apiKey ${{ secrets.TS_TOKEN }}
|
|
29
29
|
|
package/.yarnrc.yml
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
nodeLinker: node-modules
|
package/CHANGELOG.md
CHANGED
|
@@ -8,6 +8,21 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
|
|
8
8
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
9
9
|
|
|
10
10
|
|
|
11
|
+
## 3.4.1 - 2024-08-13
|
|
12
|
+
|
|
13
|
+
### Fixed
|
|
14
|
+
* axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.
|
|
15
|
+
|
|
16
|
+
### Changed
|
|
17
|
+
* update to cyclonedx version 1.6
|
|
18
|
+
|
|
19
|
+
|
|
20
|
+
## 3.4.0 - 2024-06-18
|
|
21
|
+
|
|
22
|
+
### Changed
|
|
23
|
+
* switch to API v2
|
|
24
|
+
|
|
25
|
+
|
|
11
26
|
## 3.3.3 - 2024-04-01
|
|
12
27
|
|
|
13
28
|
### Fixed
|
package/README.md
CHANGED
|
@@ -9,6 +9,9 @@
|
|
|
9
9
|
|
|
10
10
|
> TrustSource node client - node module to transfer dependency information to TrustSource server.
|
|
11
11
|
|
|
12
|
+
## Release 3.4.0
|
|
13
|
+
Migrated to TrustSource API v2
|
|
14
|
+
|
|
12
15
|
## Release 3.2.0
|
|
13
16
|
Package now support package-lock.json v.3
|
|
14
17
|
|
|
@@ -46,7 +49,7 @@ To store your credentials for automated transfer you may create `.tsrc.json` in
|
|
|
46
49
|
```
|
|
47
50
|
{
|
|
48
51
|
"apiKey": "apiKey",
|
|
49
|
-
"url": "https://
|
|
52
|
+
"url": "https://api.trustsource.io",
|
|
50
53
|
"project": "Project Description"
|
|
51
54
|
}
|
|
52
55
|
|
package/bin/ts-node-client.js
CHANGED
|
@@ -11,7 +11,7 @@ const fs = require('fs');
|
|
|
11
11
|
const yargs = require('yargs');
|
|
12
12
|
const pckgJson = require('../package.json');
|
|
13
13
|
|
|
14
|
-
const URL = 'https://
|
|
14
|
+
const URL = 'https://api.trustsource.io';
|
|
15
15
|
const CRED_FILENAME = '/.tsrc.json';
|
|
16
16
|
const FILL = ' ';
|
|
17
17
|
const execute = require('../lib/cli');
|
package/lib/convertor.js
CHANGED
|
@@ -184,7 +184,7 @@ Convertor.scanToCydx = function scanTo(scan) {
|
|
|
184
184
|
const date = new Date();
|
|
185
185
|
const cydx = {
|
|
186
186
|
bomFormat: 'CycloneDX',
|
|
187
|
-
specVersion: '1.
|
|
187
|
+
specVersion: '1.6',
|
|
188
188
|
serialNumber: 'urn:uuid:ea788421-7eb0-448b-833e-b32dd0f39d0c',
|
|
189
189
|
version: 1,
|
|
190
190
|
metadata: {
|
package/lib/npm-scanner.js
CHANGED
|
@@ -148,7 +148,7 @@ Scanner.prototype.walk = function walk(npmDependency, level, root) {
|
|
|
148
148
|
if (npmDependency.name) {
|
|
149
149
|
let pkg = root && root.packages && root.packages[`node_modules/${npmDependency.fullName || npmDependency.name}`];
|
|
150
150
|
if (!pkg) {
|
|
151
|
-
|
|
151
|
+
pkg = root && root.packages && root.packages[''];
|
|
152
152
|
}
|
|
153
153
|
let repository = npmDependency.repository && npmDependency.repository.url;
|
|
154
154
|
if (!repository) {
|
|
@@ -177,7 +177,7 @@ Scanner.prototype.walk = function walk(npmDependency, level, root) {
|
|
|
177
177
|
const childDependency = npmDependency.packages[val];
|
|
178
178
|
if (childDependency) {
|
|
179
179
|
const parts = val.split('node_modules/');
|
|
180
|
-
childDependency.name = parts.length > 1 ? parts[parts.length-1] : parts[0];
|
|
180
|
+
childDependency.name = parts.length > 1 ? parts[parts.length - 1] : parts[0];
|
|
181
181
|
childDependency.fullName = parts.length > 1 ? parts.slice(1).join('node_modules/') : parts[0];
|
|
182
182
|
}
|
|
183
183
|
checkForChild(self, opts, dependency, childDependency, val, level, root);
|
package/lib/rest-client.js
CHANGED
|
@@ -83,14 +83,14 @@ RestClient.prototype.transfer = function transfer(scan, cb) {
|
|
|
83
83
|
|
|
84
84
|
const reqOpts = options.requestOptions || {};
|
|
85
85
|
reqOpts.method = 'post';
|
|
86
|
-
reqOpts.url = `${options.url}/
|
|
86
|
+
reqOpts.url = `${options.url}/v2/core/scans`;
|
|
87
87
|
if (options.proxy) {
|
|
88
88
|
reqOpts.proxy = options.proxy;
|
|
89
89
|
}
|
|
90
90
|
reqOpts.headers = {
|
|
91
91
|
'Content-Type': 'application/json',
|
|
92
92
|
'User-Agent': `${pckgJson.name}/${pckgJson.version}`,
|
|
93
|
-
'
|
|
93
|
+
'x-api-key': options.apiKey
|
|
94
94
|
};
|
|
95
95
|
reqOpts.json = true;
|
|
96
96
|
reqOpts.data = scan;
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "ts-node-client",
|
|
3
3
|
"description": "npm / node module to transfer dependency information to TrustSource server.",
|
|
4
|
-
"version": "3.
|
|
4
|
+
"version": "3.4.1",
|
|
5
5
|
"homepage": "https://app.trustsource.io/",
|
|
6
6
|
"author": {
|
|
7
7
|
"name": "Oleksandr Dmukhovskyi",
|
|
@@ -28,19 +28,19 @@
|
|
|
28
28
|
},
|
|
29
29
|
"dependencies": {
|
|
30
30
|
"@yarnpkg/lockfile": "1.1.0",
|
|
31
|
-
"axios": "1.
|
|
31
|
+
"axios": "1.7.4",
|
|
32
32
|
"debuglog": "1.0.1",
|
|
33
33
|
"js-yaml": "4.1.0",
|
|
34
34
|
"packageurl-js": "1.2.1",
|
|
35
|
-
"semver": "7.6.
|
|
35
|
+
"semver": "7.6.3",
|
|
36
36
|
"yargs": "17.7.2"
|
|
37
37
|
},
|
|
38
38
|
"devDependencies": {
|
|
39
39
|
"eslint": "8.57.0",
|
|
40
40
|
"eslint-config-airbnb-base": "15.0.0",
|
|
41
41
|
"eslint-plugin-import": "2.29.1",
|
|
42
|
-
"eslint-plugin-sonarjs": "0.
|
|
43
|
-
"mocha": "10.3
|
|
42
|
+
"eslint-plugin-sonarjs": "0.25.1",
|
|
43
|
+
"mocha": "10.7.3",
|
|
44
44
|
"nock": "13.5.4"
|
|
45
45
|
},
|
|
46
46
|
"keywords": [
|
package/test/rest-test.js
CHANGED
|
@@ -47,7 +47,7 @@ describe('RestClient', () => {
|
|
|
47
47
|
reqheaders: {
|
|
48
48
|
'Content-Type': JSON_TYPE
|
|
49
49
|
}
|
|
50
|
-
}).post('/
|
|
50
|
+
}).post('/v2/core/scans').reply(201, 'Test response');
|
|
51
51
|
|
|
52
52
|
restClient.transfer({}, (err, data) => {
|
|
53
53
|
assert.equal(err, null);
|
|
@@ -63,7 +63,7 @@ describe('RestClient', () => {
|
|
|
63
63
|
}
|
|
64
64
|
}).defaultReplyHeaders({
|
|
65
65
|
'Content-Type': JSON_TYPE
|
|
66
|
-
}).post('/
|
|
66
|
+
}).post('/v2/core/scans').reply(201, '{"bli": "blub"}');
|
|
67
67
|
|
|
68
68
|
restClient.transfer({}, (err, data) => {
|
|
69
69
|
assert.equal(err, null);
|