UNPKG

@nodesecure/scanner

Version:

A package API to run a static analysis of your module's dependencies.

github.com/NodeSecure/tree/master/workspaces/scanner

NodeSecure/scanner

66 lines 2.63 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
// Import Node.js Dependencies import path from "node:path"; import fs from "node:fs/promises"; import os from "node:os"; // Import Third-party Dependencies import pacote from "pacote"; import { getLocalRegistryURL } from "@nodesecure/npm-registry-sdk"; import * as tarball from "@nodesecure/tarball"; // Import Internal Dependencies import { depWalker } from "./depWalker.js"; import { NPM_TOKEN, urlToString } from "./utils/index.js"; import { Logger, ScannerLoggerEvents } from "./class/logger.class.js"; import { TempDirectory } from "./class/TempDirectory.class.js"; import { comparePayloads } from "./comparePayloads.js"; // CONSTANTS const kDefaultWorkingDirOptions = { forceRootAnalysis: true, includeDevDeps: false }; export * from "./types.js"; export * from "./extractors/index.js"; export async function workingDir(location = process.cwd(), options = {}, logger = new Logger()) { const registry = options.registry ? urlToString(options.registry) : getLocalRegistryURL(); const packageLock = options.packageLock ?? { location }; const finalizedOptions = Object.assign({ location }, kDefaultWorkingDirOptions, { ...options, packageLock, registry }); logger.start(ScannerLoggerEvents.manifest.read); const packagePath = path.join(location, "package.json"); const str = await fs.readFile(packagePath, "utf-8"); logger.end(ScannerLoggerEvents.manifest.read); return depWalker(JSON.parse(str), finalizedOptions, logger); } export async function from(packageName, options = {}, logger = new Logger()) { const registry = options.registry ? urlToString(options.registry) : getLocalRegistryURL(); logger.start(ScannerLoggerEvents.manifest.fetch); const manifest = await pacote.manifest(packageName, { ...NPM_TOKEN, registry, cache: `${os.homedir()}/.npm` }); logger.end(ScannerLoggerEvents.manifest.fetch); return depWalker( // FIX: find a way to merge pacote & registry interfaces manifest, Object.assign(options, { registry }), logger); } export async function verify(packageName) { if (typeof packageName === "undefined") { return tarball.scanPackage(process.cwd()); } await using tempDir = await TempDirectory.create(); const mama = await tarball.extractAndResolve(tempDir.location, { spec: packageName, registry: getLocalRegistryURL() }); const scanResult = await tarball.scanPackage(mama); return scanResult; } export { depWalker, tarball, comparePayloads, Logger, ScannerLoggerEvents }; //# sourceMappingURL=index.js.map