scanpack
Version:
Dependency scanner to detect unknown or malicious packages in Node.js and Bun projects
55 lines • 2.25 kB
JavaScript
import { readFileSync } from 'node:fs';
import { dirname, join } from 'node:path';
import { fileURLToPath } from 'node:url';
import { MaliciousPackageRepositoryError } from '../../domain/errors.js';
export class MaliciousPackageRepositoryAdapter {
maliciousPackages;
constructor() {
const __filename = fileURLToPath(import.meta.url);
const __dirname = dirname(__filename);
// In dist, malicious-packages.json is in the same directory
const maliciousPackagesPath = join(__dirname, '../../malicious-packages.json');
try {
this.maliciousPackages = JSON.parse(readFileSync(maliciousPackagesPath, 'utf-8'));
}
catch (error) {
// Fallback for dist directory
try {
const distPath = join(__dirname, '../malicious-packages.json');
this.maliciousPackages = JSON.parse(readFileSync(distPath, 'utf-8'));
}
catch (fallbackError) {
const cause = fallbackError instanceof Error
? fallbackError
: error instanceof Error
? error
: undefined;
throw new MaliciousPackageRepositoryError('Failed to load malicious packages list', cause);
}
}
}
isKnownMalicious(packageName) {
// Check in direct list
const maliciousPackage = this.maliciousPackages.packages.find(pkg => pkg.name.toLowerCase() === packageName.toLowerCase());
if (maliciousPackage) {
return {
isMalicious: true,
reason: maliciousPackage.reason,
severity: maliciousPackage.severity
};
}
// Check suspicious patterns
for (const pattern of this.maliciousPackages.patterns) {
const regex = new RegExp(pattern.pattern, 'i');
if (regex.test(packageName)) {
return {
isMalicious: true,
reason: pattern.reason,
severity: pattern.severity
};
}
}
return { isMalicious: false };
}
}
//# sourceMappingURL=malicious-package.repository.adapter.js.map