npm-api-analyzer
Version:
CLI tool to analyze npm packages for network API usage, prototype pollution, and security vulnerabilities
110 lines (109 loc) ā¢ 3.93 kB
JavaScript
;
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
var desc = Object.getOwnPropertyDescriptor(m, k);
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
desc = { enumerable: true, get: function() { return m[k]; } };
}
Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
o["default"] = v;
});
var __importStar = (this && this.__importStar) || (function () {
var ownKeys = function(o) {
ownKeys = Object.getOwnPropertyNames || function (o) {
var ar = [];
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
return ar;
};
return ownKeys(o);
};
return function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
__setModuleDefault(result, mod);
return result;
};
})();
Object.defineProperty(exports, "__esModule", { value: true });
const analyzer_1 = require("./analyzer");
const reporter_1 = require("./reporter");
const fs = __importStar(require("fs"));
function parseArgs() {
const args = process.argv.slice(2);
if (args.length < 2) {
console.error('Usage: npm-security-analyzer <package-name> <version> [--output <file>] [--format <text|json|markdown>]');
console.error('Example: npm-security-analyzer lodash 4.17.21 --format markdown --output report.md');
process.exit(1);
}
const options = {
packageName: args[0],
version: args[1],
format: 'text'
};
for (let i = 2; i < args.length; i++) {
if (args[i] === '--output' && i + 1 < args.length) {
options.output = args[i + 1];
i++;
}
else if (args[i] === '--format' && i + 1 < args.length) {
const format = args[i + 1];
if (format === 'text' || format === 'json' || format === 'markdown') {
options.format = format;
}
i++;
}
}
return options;
}
async function main() {
const options = parseArgs();
const analyzer = new analyzer_1.NPMSecurityAnalyzer();
try {
console.log(`š Starting analysis of ${options.packageName}@${options.version}...`);
const result = await analyzer.analyzePackage(options.packageName, options.version);
let report;
if (options.format === 'json') {
report = reporter_1.Reporter.generateJSONReport(result);
}
else if (options.format === 'markdown') {
report = reporter_1.Reporter.generateMarkdownReport(result);
}
else {
report = reporter_1.Reporter.generateReport(result);
}
if (options.output) {
fs.writeFileSync(options.output, report);
console.log(`š Report saved to: ${options.output}`);
}
else {
console.log(report);
}
// Exit with appropriate code based on risk level
const exitCode = result.summary.riskLevel === 'high' ? 1 : 0;
process.exit(exitCode);
}
catch (error) {
console.error('ā Analysis failed:', error);
process.exit(1);
}
finally {
analyzer.cleanup();
}
}
// Handle cleanup on exit
process.on('SIGINT', () => {
console.log('\nā ļø Process interrupted, cleaning up...');
process.exit(0);
});
if (require.main === module) {
main();
}