npm-api-analyzer
Version:
CLI tool to analyze npm packages for network API usage, prototype pollution, and security vulnerabilities
94 lines (93 loc) • 3.63 kB
JavaScript
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
var desc = Object.getOwnPropertyDescriptor(m, k);
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
desc = { enumerable: true, get: function() { return m[k]; } };
}
Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
o["default"] = v;
});
var __importStar = (this && this.__importStar) || (function () {
var ownKeys = function(o) {
ownKeys = Object.getOwnPropertyNames || function (o) {
var ar = [];
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
return ar;
};
return ownKeys(o);
};
return function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
__setModuleDefault(result, mod);
return result;
};
})();
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.PackageDownloader = void 0;
const node_fetch_1 = __importDefault(require("node-fetch"));
const tar = __importStar(require("tar"));
const fs = __importStar(require("fs"));
const path = __importStar(require("path"));
class PackageDownloader {
constructor(tempDir = './temp') {
this.tempDir = tempDir;
this.ensureTempDir();
}
ensureTempDir() {
if (!fs.existsSync(this.tempDir)) {
fs.mkdirSync(this.tempDir, { recursive: true });
}
}
async getPackageInfo(packageName, version) {
const registryUrl = `https://registry.npmjs.org/${packageName}/${version}`;
const response = await (0, node_fetch_1.default)(registryUrl);
if (!response.ok) {
throw new Error(`Failed to fetch package info: ${response.statusText}`);
}
const packageData = await response.json();
return {
name: packageName,
version: version,
tarballUrl: packageData.dist.tarball
};
}
async downloadPackage(packageInfo) {
const packageDir = path.join(this.tempDir, `${packageInfo.name}-${packageInfo.version}`);
// Clean up existing directory
if (fs.existsSync(packageDir)) {
fs.rmSync(packageDir, { recursive: true, force: true });
}
fs.mkdirSync(packageDir, { recursive: true });
const response = await (0, node_fetch_1.default)(packageInfo.tarballUrl);
if (!response.ok) {
throw new Error(`Failed to download package: ${response.statusText}`);
}
// Extract tarball
await new Promise((resolve, reject) => {
response.body
.pipe(tar.x({ cwd: packageDir, strip: 1 }))
.on('error', reject)
.on('end', resolve);
});
return packageDir;
}
cleanup() {
if (fs.existsSync(this.tempDir)) {
fs.rmSync(this.tempDir, { recursive: true, force: true });
}
}
}
exports.PackageDownloader = PackageDownloader;
;