@nodesecure/scanner/dist/registry/PackumentExtractor.js

A package API to run a static analysis of your module's dependencies.

import { packageJSONIntegrityHash } from "@nodesecure/mama";
export class PackumentExtractor {
    #packument;
    #date;
    constructor(packument, options = {}) {
        const { dateProvider = new SystemDateProvider() } = options;
        this.#packument = packument;
        this.#date = dateProvider;
    }
    getMetadata(version) {
        const lastVersion = this.#packument["dist-tags"].latest;
        const lastUpdateAt = new Date(this.#packument.time[lastVersion]);
        const oneYearAgoDate = this.#date.oneYearAgo();
        const { integrity } = packageJSONIntegrityHash(this.#packument.versions[version], { isFromRemoteRegistry: true });
        return {
            homepage: this.#packument.homepage || null,
            publishedCount: Object.values(this.#packument.versions).length,
            lastVersion,
            lastUpdateAt,
            hasReceivedUpdateInOneYear: !(oneYearAgoDate > lastUpdateAt),
            hasChangedAuthor: false,
            integrity: {
                [version]: integrity
            },
            ...this.#extractMaintainers(this.#packument, this.#packument.author?.name ?? null)
        };
    }
    #extractMaintainers(packument, authorName) {
        const publishers = new Set();
        const result = {
            author: packument.author ?? null,
            publishers: [],
            maintainers: packument.maintainers ?? [],
            hasManyPublishers: false
        };
        let searchForMaintainersInVersions = result.maintainers.length === 0;
        for (const ver of Object.values(packument.versions).reverse()) {
            const { _npmUser = null, version, maintainers = [] } = ver;
            if (_npmUser !== null) {
                if (authorName === null) {
                    result.author = _npmUser;
                }
                else if (authorName !== null && _npmUser.name !== authorName) {
                    result.hasManyPublishers = true;
                }
                if (!publishers.has(_npmUser.name)) {
                    publishers.add(_npmUser.name);
                    result.publishers.push({
                        ..._npmUser,
                        version,
                        at: new Date(packument.time[version]).toISOString()
                    });
                }
            }
            if (searchForMaintainersInVersions) {
                result.maintainers.push(...maintainers);
                searchForMaintainersInVersions = false;
            }
        }
        return result;
    }
}
class SystemDateProvider {
    oneYearAgo() {
        const date = new Date();
        date.setFullYear(date.getFullYear() - 1);
        return date;
    }
}
//# sourceMappingURL=PackumentExtractor.js.map