UNPKG

npm-audit

Version:

Audit your NPM dependencies for malicious packages

github.com/jshanson7/npm-audit

jshanson7/npm-audit

113 lines (90 loc) 2.5 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
const chalk = require('chalk'); const fs = require('fs'); const path = require('path'); const blacklist = require('./blacklist.json'); const DEPENDENCY_FIELDS = [ 'dependencies', 'devDependencies', 'peerDependencies', 'optionalDependencies' ]; module.exports = audit; function audit() { const packages = getPackages(); packages.forEach(auditPackage); console.log( chalk.dim('audited ') + chalk.bold.green(packages.length) + chalk.dim(' packages') ); } function auditPackage(pkg) { DEPENDENCY_FIELDS.forEach(function (field) { const dependencies = pkg.content[field]; if (!dependencies) { return; } blacklist.forEach(function (dependency) { if (Object.prototype.hasOwnProperty.call(dependencies, dependency)) { console.log( chalk.bold.red('Malicious dependency detected') + '\n Package: ' + chalk.bold.red(dependency) + '\n File: ' + chalk.yellow(pkg.file) + '\n For more information, visit ' + chalk.underline.cyan('https://github.com/jshanson7/npm-audit') ); } }); }); } function getPackages(fromDir) { if (!fromDir) { fromDir = __dirname; } if (fromDir === '/') { return []; } const nodeModulesPackages = getPackagesDownward(path.join(fromDir, 'node_modules')); const nextPackagesAbove = getPackages(path.dirname(fromDir)); const nextPackages = nodeModulesPackages.concat(nextPackagesAbove); const pkg = readPackage(path.join(fromDir, 'package.json')); if (pkg) { return [pkg].concat(nextPackages); } return nextPackages; } function getPackagesDownward(fromDir) { const isDirectory = ( fs.existsSync(fromDir) && fs.statSync(fromDir).isDirectory() ); if (!isDirectory) { return []; } const children = fs.readdirSync(fromDir); const childPaths = children.map(function (child) { return path.join(fromDir, child); }); const packagesByChild = childPaths.map(getPackagesDownward); const childPackages = Array.prototype.concat.apply([], packagesByChild); const pkg = readPackage(path.join(fromDir, 'package.json')); if (pkg) { return [pkg].concat(childPackages); } return childPackages; } function readPackage(packageFile) { let packageContent; try { packageContent = require(packageFile); } catch (error) {} if (packageContent) { return { content: packageContent, file: packageFile }; } return null; }