UNPKG

@nodesecure/scanner

Version:

A package API to run a static analysis of your module's dependencies.

32 lines 1.36 kB
// Import Node.js Dependencies import path from "node:path"; import fs from "node:fs/promises"; // Import Third-party Dependencies import { distance } from "fastest-levenshtein"; /** * This implementation take inspiration from npq * @see https://github.com/lirantal/npq/blob/c11e5425707ae992fcd6fb0878abe01ccd77399b/lib/marshalls/typosquatting.marshall.js#L23 */ export class TopPackages { #packages = []; async loadJSON() { const rawPackageStr = await fs.readFile(path.join(import.meta.dirname, "..", "data", "top-packages.json"), "utf-8"); this.#packages = JSON.parse(rawPackageStr); } getSimilarPackages(packageName) { const similarPackages = []; for (const popularPackageNameInRepository of this.#packages) { // If the package to be installed is itself found within the Top Packages dataset // then we don't report on it if (packageName === popularPackageNameInRepository) { return []; } const levenshteinDistance = distance(packageName, popularPackageNameInRepository); if (levenshteinDistance > 0 && levenshteinDistance < 3) { similarPackages.push(popularPackageNameInRepository); } } return [...new Set(similarPackages)]; } } //# sourceMappingURL=TopPackages.class.js.map