UNPKG

@nodesecure/vulnera

Version:

NodeSecure vulnerabilities strategies

44 lines 1.46 kB
// Import Node.js Dependencies import fs from "node:fs/promises"; import nodePath from "node:path"; // Import Third-party Dependencies import Arborist from "@npmcli/arborist"; // Import Internal Dependencies import { NPM_TOKEN } from "../constants.js"; /** * Extracts npm package dependencies from a local project using Arborist. * Tries to load from `node_modules` first (`loadActual`), then falls back * to the lockfile (`loadVirtual`) when `node_modules` is absent. */ export class NodeDependencyExtractor { async extract(projectPath) { const arborist = new Arborist({ ...NPM_TOKEN, path: projectPath }); let root; try { await fs.access(nodePath.join(projectPath, "node_modules")); root = await arborist.loadActual(); } catch { root = await arborist.loadVirtual(); } return Array.from(collectFromTree(root)); } } function* collectFromTree(root) { const seen = new Set(); const queue = [root]; while (queue.length > 0) { const node = queue.shift(); for (const [, child] of node.children) { if (seen.has(child)) { continue; } seen.add(child); if (!child.isRoot && !child.isWorkspace && child.version) { yield { name: child.name, version: child.version }; } queue.push(child); } } } //# sourceMappingURL=index.js.map