@nodesecure/vulnera
Version:
NodeSecure vulnerabilities strategies
42 lines (41 loc) • 1.78 kB
TypeScript
import { AuditAdvisory } from "@pnpm/audit";
import type { ExtendedStrategy } from "./types/api.js";
export type NpmAuditAdvisory = {
/** The unique cache key for this vuln or metavuln. **/
source: number;
/** Same as source (but seems deprecated now) **/
id?: number;
/** The name of the package that this vulnerability is about**/
name: string;
/** For metavulns, the dependency that causes this package to be have a vulnerability. For advisories, the same as name. **/
dependency: string;
/** The text title of the advisory or metavuln **/
title: string;
/** The url for the advisory (null for metavulns) **/
url: string;
/** Publicly-known vulnerabilities have identification numbers, known as Common Vulnerabilities and Exposures (CVEs) */
cwe?: string[];
/** The Common Vulnerability Scoring System (CVSS) is a method used to supply a qualitative measure of severity. CVSS is not a measure of risk. */
cvss?: {
score: number;
vectorString: string;
};
/** The severity level **/
severity: "info" | "low" | "moderate" | "high" | "critical";
/** The range that is vulnerable **/
range: string;
/** The set of versions that are vulnerable **/
vulnerableVersions?: string[];
};
export type PnpmAuditAdvisory = Exclude<AuditAdvisory, "cwe"> & {
github_advisory_id: string;
npm_advisory_id: null | number;
cwe: string | string[];
cvss: {
score: number;
vectorString: string;
};
};
export type GithubVulnerability = PnpmAuditAdvisory | NpmAuditAdvisory;
export type GithubAdvisoryStrategyDefinition = ExtendedStrategy<"github-advisory", GithubVulnerability>;
export declare function GitHubAdvisoryStrategy(): GithubAdvisoryStrategyDefinition;