UNPKG

retire

Version:

Retire is a tool for detecting use of vulnerable libraries

github.com/RetireJS/retire.js

RetireJS/retire.js

87 lines (86 loc) 3.41 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
"use strict"; var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { if (k2 === undefined) k2 = k; var desc = Object.getOwnPropertyDescriptor(m, k); if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) { desc = { enumerable: true, get: function() { return m[k]; } }; } Object.defineProperty(o, k2, desc); }) : (function(o, m, k, k2) { if (k2 === undefined) k2 = k; o[k2] = m[k]; })); var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) { Object.defineProperty(o, "default", { enumerable: true, value: v }); }) : function(o, v) { o["default"] = v; }); var __importStar = (this && this.__importStar) || (function () { var ownKeys = function(o) { ownKeys = Object.getOwnPropertyNames || function (o) { var ar = []; for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k; return ar; }; return ownKeys(o); }; return function (mod) { if (mod && mod.__esModule) return mod; var result = {}; if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]); __setModuleDefault(result, mod); return result; }; })(); Object.defineProperty(exports, "__esModule", { value: true }); const retire = __importStar(require("../retire")); const utils = __importStar(require("../utils")); function printResults(logger, finding, config) { if (finding.results && finding.results.length > 0) { const logFunc = retire.isVulnerable(finding.results) ? logger.warn : logger.info; const printed = new Set(); finding.results.forEach((elm) => { if (!config.verbose && !retire.isVulnerable([elm])) return; const key = `${elm.component} ${elm.version}`; logFunc(finding.file); logFunc(` ${String.fromCharCode(8627)} ${key}`); if (printed.has(key)) return; if (retire.isVulnerable([elm])) { logFunc(`${key} has known vulnerabilities:${printVulnerability(elm, config)}`); } printed.add(key); }); } } function printVulnerability(component, config) { let string = ''; component.vulnerabilities?.forEach((vulnerability) => { string += config.outputformat === 'clean' ? '\n ' : ' '; if (vulnerability.severity) { string += `severity: ${vulnerability.severity}; `; } if (vulnerability.identifiers) { string += Object.entries(vulnerability.identifiers) .map(([name, id]) => { return `${name}: ${utils.flatten([Array.isArray(id) ? id : [id]]).join(' ')}`; }) .join(', ') + '; '; } string += vulnerability.info.join(config.outputformat === 'clean' ? '\n' : ' '); }); return string; } exports.default = { configure: (logger, _, config) => { logger.logDependency = (finding) => { if (config.verbose) printResults(logger, finding, config); }; logger.logVulnerableDependency = (component) => { printResults(logger, component, config); }; }, };