UNPKG

@nodesecure/vulnera

Version:

NodeSecure vulnerabilities strategies

42 lines (41 loc) 1.78 kB
import { AuditAdvisory } from "@pnpm/audit"; import type { ExtendedStrategy } from "./types/api.js"; export type NpmAuditAdvisory = { /** The unique cache key for this vuln or metavuln. **/ source: number; /** Same as source (but seems deprecated now) **/ id?: number; /** The name of the package that this vulnerability is about**/ name: string; /** For metavulns, the dependency that causes this package to be have a vulnerability. For advisories, the same as name. **/ dependency: string; /** The text title of the advisory or metavuln **/ title: string; /** The url for the advisory (null for metavulns) **/ url: string; /** Publicly-known vulnerabilities have identification numbers, known as Common Vulnerabilities and Exposures (CVEs) */ cwe?: string[]; /** The Common Vulnerability Scoring System (CVSS) is a method used to supply a qualitative measure of severity. CVSS is not a measure of risk. */ cvss?: { score: number; vectorString: string; }; /** The severity level **/ severity: "info" | "low" | "moderate" | "high" | "critical"; /** The range that is vulnerable **/ range: string; /** The set of versions that are vulnerable **/ vulnerableVersions?: string[]; }; export type PnpmAuditAdvisory = Exclude<AuditAdvisory, "cwe"> & { github_advisory_id: string; npm_advisory_id: null | number; cwe: string | string[]; cvss: { score: number; vectorString: string; }; }; export type GithubVulnerability = PnpmAuditAdvisory | NpmAuditAdvisory; export type GithubAdvisoryStrategyDefinition = ExtendedStrategy<"github-advisory", GithubVulnerability>; export declare function GitHubAdvisoryStrategy(): GithubAdvisoryStrategyDefinition;