UNPKG

@nodesecure/tree-walker

Version:

NodeSecure tree walker

github.com/NodeSecure/tree/master/workspaces/tree-walker

NodeSecure/scanner

128 lines (100 loc) 3.08 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
<p align="center"><h1 align="center"> @nodesecure/tree-walker </h1> <p align="center"> Fetch and walk the dependency tree of a given manifest </p> ## Requirements - [Node.js](https://nodejs.org/en/) v20 or higher ## Getting Started This package is available in the Node Package Repository and can be easily installed with [npm](https://docs.npmjs.com/getting-started/what-is-npm) or [yarn](https://yarnpkg.com). ```bash $ npm i @nodesecure/tree-walker # or $ yarn add @nodesecure/tree-walker ``` ## Usage example ```ts import os from "node:os"; import pacote from "pacote"; import { npm } from "@nodesecure/tree-walker"; const manifest = await pacote.manifest("some-package@1.0.0", { cache: `${os.homedir()}/.npm` }); const treeWalker = new npm.TreeWalker(); for await (const dependency of treeWalker.walk(manifest)) { console.log(dependency); } ``` > [!NOTE] > This package has been designed to be used by the Scanner package/workspace. ## API ### npm.TreeWalker #### constructor(options?: TreeWalkerOptions) ```ts import pacote from "pacote"; import Arborist from "@npmcli/arborist"; interface LocalDependencyTreeLoaderProvider { load( location: string, registry?: string ): Promise<Arborist.Node>; } interface PacoteProviderApi { manifest( spec: string, opts?: pacote.Options ): Promise<pacote.AbbreviatedManifest & pacote.ManifestResult>; } interface TreeWalkerOptions { registry?: string; providers?: { pacote?: PacoteProviderApi; localTreeLoader?: LocalDependencyTreeLoaderProvider; } } ``` #### *walk(manifest: PackageJSON | ManifestVersion, options: WalkOptions): AsyncIterableIterator< DependencyJSON > The `walk` method processes package metadata from a given **package.json file** or a **Manifest** result from the [pacote](https://www.npmjs.com/package/pacote) library. The `options` parameter is described by the following TypeScript interface: ```ts interface WalkOptions { /** * Specifies the maximum depth to traverse for each root dependency. * For example, a value of 2 would mean only traversing dependencies and their immediate dependencies. * * @default Infinity */ maxDepth?: number; /** * Includes development dependencies in the walk. * Note that enabling this option can significantly increase processing time. * * @default false */ includeDevDeps?: boolean; /** * Enables the use of Arborist for rapidly walking over the dependency tree. * When enabled, it triggers different methods based on the presence of `node_modules`: * - `loadActual()` if `node_modules` is available. * - `loadVirtual()` otherwise. * * When disabled, it will iterate on all dependencies by using pacote */ packageLock?: { /** * Fetches all manifests for additional metadata. * * @default false */ fetchManifest?: boolean; /** * Specifies the location of the manifest file for Arborist. * This is typically the path to the `package.json` file. */ location: string; }; } ``` ## License MIT