scanpack/dist/infrastructure/adapters/npm-registry.adapter.js

Dependency scanner to detect unknown or malicious packages in Node.js and Bun projects

export class NpmRegistryAdapter {
    rateLimiter;
    constructor(rateLimiter) {
        this.rateLimiter = rateLimiter;
    }
    async checkPackage(packageName) {
        // Apply rate limiting if configured
        if (this.rateLimiter) {
            await this.rateLimiter.wait();
        }
        try {
            const response = await fetch(`https://registry.npmjs.org/${packageName}`);
            if (response.ok) {
                const data = await response.json();
                const latestVersion = data['dist-tags']?.latest;
                const isSecurityHolding = latestVersion === '0.0.1-security' || latestVersion?.endsWith('-security');
                return {
                    exists: true,
                    url: `https://www.npmjs.com/package/${packageName}`,
                    isSecurityHolding
                };
            }
            if (response.status === 404) {
                return { exists: false };
            }
            return { exists: false };
        }
        catch (error) {
            return { exists: false };
        }
    }
}
//# sourceMappingURL=npm-registry.adapter.js.map