is-my-node-supply-chain-secure
Version:
Scans your computer for node modules that are potentially vulnerable to supply chain attacks. You still need to review the code of modules that are not vulnerable, but this helps.
69 lines (60 loc) • 1.93 kB
JavaScript
import fs from 'fs';
import Is from 'strong-type';
import {color,background,style,resetAllColors} from 'nozaki-colors';
const is=new Is(false);
async function read(path,type){
var rawdata = '';
try{
rawdata=fs.readFileSync(path,'utf8');
}catch(err){
(type=='JSON')? rawdata={}:null;
return rawdata;
}
var parsedData=null;
switch(type){
case 'JSON' :
try{
parsedData = JSON.parse(rawdata);
if(!parsedData.dependencies||!parsedData.devDependencies){
//maybe safe...
return;
}
let vulnerabilityCount=0;
for(const version of Object.values(parsedData.dependencies)){
try{
if(
!is.NaN(
Number(version[0])
)
){
//maybe safe...
continue;
}
}catch(err){
console.log(`ERR: ${err}`);
continue;
}
vulnerabilityCount++;
}
if(vulnerabilityCount>0){
console.log(`${style.underlineOn}${path}${style.underlineOff}
${background.red}has ${color.magenta}${vulnerabilityCount}${color.end} vulnerabilities.${color.resetAllColors}
`)
}
}catch(err){
//weird JSON
parsedData={}
}
break;
case 'HTML' :
parsedData=rawdata;
break;
default :
parsedData=rawdata;
}
return parsedData;
}
export {
read as default,
read
}