UNPKG

@nodesecure/scanner

Version:

A package API to run a static analysis of your module's dependencies.

github.com/NodeSecure/tree/master/workspaces/scanner

NodeSecure/scanner

127 lines 5.28 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
var __addDisposableResource = (this && this.__addDisposableResource) || function (env, value, async) { if (value !== null && value !== void 0) { if (typeof value !== "object" && typeof value !== "function") throw new TypeError("Object expected."); var dispose, inner; if (async) { if (!Symbol.asyncDispose) throw new TypeError("Symbol.asyncDispose is not defined."); dispose = value[Symbol.asyncDispose]; } if (dispose === void 0) { if (!Symbol.dispose) throw new TypeError("Symbol.dispose is not defined."); dispose = value[Symbol.dispose]; if (async) inner = dispose; } if (typeof dispose !== "function") throw new TypeError("Object not disposable."); if (inner) dispose = function() { try { inner.call(this); } catch (e) { return Promise.reject(e); } }; env.stack.push({ value: value, dispose: dispose, async: async }); } else if (async) { env.stack.push({ async: true }); } return value; }; var __disposeResources = (this && this.__disposeResources) || (function (SuppressedError) { return function (env) { function fail(e) { env.error = env.hasError ? new SuppressedError(e, env.error, "An error was suppressed during disposal.") : e; env.hasError = true; } var r, s = 0; function next() { while (r = env.stack.pop()) { try { if (!r.async && s === 1) return s = 0, env.stack.push(r), Promise.resolve().then(next); if (r.dispose) { var result = r.dispose.call(r.value); if (r.async) return s |= 2, Promise.resolve(result).then(next, function(e) { fail(e); return next(); }); } else s |= 1; } catch (e) { fail(e); } } if (s === 1) return env.hasError ? Promise.reject(env.error) : Promise.resolve(); if (env.hasError) throw env.error; } return next(); }; })(typeof SuppressedError === "function" ? SuppressedError : function (error, suppressed, message) { var e = new Error(message); return e.name = "SuppressedError", e.error = error, e.suppressed = suppressed, e; }); // Import Node.js Dependencies import path from "node:path"; import fs from "node:fs/promises"; import os from "node:os"; // Import Third-party Dependencies import pacote from "pacote"; import { getLocalRegistryURL } from "@nodesecure/npm-registry-sdk"; import * as tarball from "@nodesecure/tarball"; // Import Internal Dependencies import { depWalker } from "./depWalker.js"; import { NPM_TOKEN, urlToString } from "./utils/index.js"; import { Logger, ScannerLoggerEvents } from "./class/logger.class.js"; import { TempDirectory } from "./class/TempDirectory.class.js"; import { comparePayloads } from "./comparePayloads.js"; // CONSTANTS const kDefaultCwdOptions = { forceRootAnalysis: true, usePackageLock: true, includeDevDeps: false }; export * from "./types.js"; export * from "./extractors/index.js"; export async function cwd(location = process.cwd(), options = {}, logger = new Logger()) { const registry = options.registry ? urlToString(options.registry) : getLocalRegistryURL(); const finalizedOptions = Object.assign({ location }, kDefaultCwdOptions, { ...options, registry }); logger.start(ScannerLoggerEvents.manifest.read); const packagePath = path.join(location, "package.json"); const str = await fs.readFile(packagePath, "utf-8"); logger.end(ScannerLoggerEvents.manifest.read); return depWalker(JSON.parse(str), finalizedOptions, logger); } export async function from(packageName, options = {}, logger = new Logger()) { const registry = options.registry ? urlToString(options.registry) : getLocalRegistryURL(); logger.start(ScannerLoggerEvents.manifest.fetch); const manifest = await pacote.manifest(packageName, { ...NPM_TOKEN, registry, cache: `${os.homedir()}/.npm` }); logger.end(ScannerLoggerEvents.manifest.fetch); return depWalker( // FIX: find a way to merge pacote & registry interfaces manifest, Object.assign(options, { registry }), logger); } export async function verify(packageName) { const env_1 = { stack: [], error: void 0, hasError: false }; try { if (typeof packageName === "undefined") { return tarball.scanPackage(process.cwd()); } const tempDir = __addDisposableResource(env_1, await TempDirectory.create(), true); const mama = await tarball.extractAndResolve(tempDir.location, { spec: packageName, registry: getLocalRegistryURL() }); const scanResult = await tarball.scanPackage(mama); return scanResult; } catch (e_1) { env_1.error = e_1; env_1.hasError = true; } finally { const result_1 = __disposeResources(env_1); if (result_1) await result_1; } } export { depWalker, tarball, comparePayloads, Logger, ScannerLoggerEvents }; //# sourceMappingURL=index.js.map