UNPKG

@nodesecure/vulnera

Version:

NodeSecure vulnerabilities strategies

47 lines (46 loc) 1.9 kB
import { VULN_MAPPERS } from "./mappers.js"; import { Kind } from "../../constants.js"; export type Severity = "info" | "low" | "medium" | "high" | "critical"; export interface StandardPatch { id: string; comments: string[]; modificationTime: string; urls: string[]; version: string; } export interface StandardVulnerability { /** Unique identifier for the vulnerability **/ id?: string; /** Vulnerability origin, either Snyk, Sonatype, GitHub or NodeSWG **/ origin: Exclude<Kind, "none">; /** Package associated with the vulnerability **/ package: string; /** Vulnerability title **/ title: string; /** Vulnerability description **/ description?: string; /** Vulnerability link references on origin's website **/ url?: string; /** Vulnerability severity levels given the strategy **/ severity?: Severity; /** Common Vulnerabilities and Exposures dictionary */ cves?: string[]; /** * Common Vulnerability Scoring System (CVSS) provides a way to capture the * principal characteristics of a vulnerability, and produce a numerical score reflecting its severity, * as well as a textual representation of that score. * **/ cvssVector?: string; /** CVSS Score **/ cvssScore?: number; /** The range of vulnerable versions provided when too many versions are vulnerables */ vulnerableRanges: string[]; /** The set of versions that are vulnerable **/ vulnerableVersions: string[]; /** The set of versions that are patched **/ patchedVersions?: string; /** Overview of available patches to get rid of listed vulnerabilities **/ patches?: StandardPatch[]; } export type StandardizeKind = keyof typeof VULN_MAPPERS; export declare function standardizeVulnsPayload(useStandardFormat?: boolean): (strategy: StandardizeKind, vulnerabilities: any[]) => any[];