UNPKG

bun-types

Version:

Type definitions and documentation for Bun, an incredibly fast JavaScript runtime

bun.com

oven-sh/bun

102 lines (92 loc) 3.18 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
declare module "bun" { /** * `bun install` security related declarations */ export namespace Security { export interface Package { /** * The name of the package */ name: string; /** * The resolved version to be installed that matches the requested range. * * This is the exact version string, **not** a range. */ version: string; /** * The URL of the tgz of this package that Bun will download */ tarball: string; /** * The range that was requested by the command * * This could be a tag like `beta` or a semver range like `>=4.0.0` */ requestedRange: string; } /** * Advisory represents the result of a security scan result of a package */ export interface Advisory { /** * Level represents the degree of danger for a security advisory * * Bun behaves differently depending on the values returned from the * {@link Scanner.scan `scan()`} hook: * * > In any case, Bun *always* pretty prints *all* the advisories, * > but... * > * > → if any **fatal**, Bun will immediately cancel the installation * > and quit with a non-zero exit code * > * > → else if any **warn**, Bun will either ask the user if they'd like * > to continue with the install if in a TTY environment, or * > immediately exit if not. */ level: "fatal" | "warn"; /** * The name of the package attempting to be installed. */ package: string; /** * If available, this is a url linking to a CVE or report online so * users can learn more about the advisory. */ url: string | null; /** * If available, this is a brief description of the advisory that Bun * will print to the user. */ description: string | null; } export interface Scanner { /** * This is the version of the scanner implementation. It may change in * future versions, so we will use this version to discriminate between * such versions. It's entirely possible this API changes in the future * so much that version 1 would no longer be supported. * * The version is required because third-party scanner package versions * are inherently unrelated to Bun versions */ version: "1"; /** * Perform an advisory check when a user ran `bun add <package> * [...packages]` or other related/similar commands. * * If this function throws an error, Bun will immediately stop the * install process and print the error to the user. * * @param info An object containing an array of packages to be added. * The package array will contain all proposed dependencies, including * transitive ones. More simply, that means it will include dependencies * of the packages the user wants to add. * * @returns A list of advisories. */ scan: (info: { packages: Package[] }) => Promise<Advisory[]>; } } }