From fa79d322676332720810ef5fadff56118f93073c Mon Sep 17 00:00:00 2001 From: fraxken Date: Wed, 14 Aug 2024 23:33:23 +0200 Subject: [PATCH] refactor: migrate to OpenAlly configs & update dependencies --- .eslintignore | 1 - .eslintrc | 54 -------------- .prettierrc | 6 -- README.md | 4 +- bin/cli.ts | 2 +- eslint.config.mjs | 3 + lib/console-printer/index.ts | 12 ++-- package.json | 28 +++----- src/analysis/extraction/extract.ts | 19 ++--- src/analysis/interpretation/checkable.ts | 6 +- src/analysis/interpretation/interpret.spec.ts | 34 ++++----- src/analysis/interpretation/interpret.ts | 11 ++- .../interpretation/vulnerabilities.ts | 24 ++++--- src/analysis/interpretation/warnings.ts | 47 ++++++------ src/analysis/types/index.ts | 2 +- src/configuration/environment/index.spec.ts | 69 ++++-------------- src/configuration/environment/index.ts | 7 +- src/configuration/external/adapt.ts | 10 +-- src/configuration/external/api/index.ts | 2 +- src/configuration/external/cli/index.ts | 2 +- src/configuration/external/common.ts | 2 +- .../external/nodesecure/ignore-file.ts | 6 +- .../external/nodesecure/index.spec.ts | 14 ++-- .../external/nodesecure/index.ts | 27 ++++--- .../external/standardize.spec.ts | 13 ++-- src/configuration/external/standardize.ts | 9 +-- src/configuration/manage.spec.ts | 71 ++----------------- src/configuration/manage.ts | 4 +- src/configuration/standard/nsci.ts | 7 +- .../reporters/internal/configuration.ts | 7 +- .../reporters/internal/environment.ts | 13 ++-- src/reporting/reporters/internal/scanner.ts | 4 +- .../console/dependency-warnings.ts | 41 +++++------ .../post-pipeline/console/global-warnings.ts | 2 +- .../reporters/post-pipeline/console/index.ts | 4 +- .../post-pipeline/console/outcome.ts | 9 +-- .../reporters/post-pipeline/console/util.ts | 6 +- .../post-pipeline/console/vulnerabilities.ts | 13 ++-- .../reporters/post-pipeline/html/index.ts | 2 +- src/reporting/reporters/reporter.ts | 4 +- src/reporting/reporters/runner.ts | 4 +- src/reporting/run.ts | 17 ++--- src/reporting/status.ts | 2 +- tsconfig.build.json | 11 --- tsconfig.json | 22 +++--- 45 files changed, 239 insertions(+), 418 deletions(-) delete mode 100644 .eslintignore delete mode 100644 .eslintrc delete mode 100644 .prettierrc create mode 100644 eslint.config.mjs delete mode 100644 tsconfig.build.json diff --git a/.eslintignore b/.eslintignore deleted file mode 100644 index 7773828..0000000 --- a/.eslintignore +++ /dev/null @@ -1 +0,0 @@ -dist/ \ No newline at end of file diff --git a/.eslintrc b/.eslintrc deleted file mode 100644 index 50927ec..0000000 --- a/.eslintrc +++ /dev/null @@ -1,54 +0,0 @@ -{ - "env": { - "node": true - }, - "extends": [ - "@nodesecure/eslint-config", - "prettier", - "plugin:import/typescript" - ], - "parser": "@typescript-eslint/parser", - "parserOptions": { - "sourceType": "module", - "project": "./tsconfig.json" - }, - "plugins": ["@typescript-eslint", "prettier", "import"], - "settings": { - "import/parsers": { - "@typescript-eslint/parser": [".ts", ".tsx"] - }, - "import/resolver": { - "typescript": { - "alwaysTryTypes": true, - "project": "tsconfig.json" - } - } - }, - "rules": { - "indent": "off", - "brace-style": "off", - "id-length": "off", - "no-empty": ["error", { "allowEmptyCatch": true }], - "import/order": [ - "error", - { - "newlines-between": "always", - "alphabetize": { - "order": "asc" - } - } - ], - "@typescript-eslint/explicit-function-return-type": ["error"], - "@typescript-eslint/no-unused-vars": [ - "error", - { "varsIgnorePattern": "^_", "argsIgnorePattern": "^_" } - ], - "prettier/prettier": [ - "error", - {}, - { - "usePrettierrc": true - } - ] - } -} diff --git a/.prettierrc b/.prettierrc deleted file mode 100644 index 8bc5084..0000000 --- a/.prettierrc +++ /dev/null @@ -1,6 +0,0 @@ -{ - "printWidth": 80, - "singleQuote": false, - "trailingComma": "none", - "endOfLine": "auto" -} \ No newline at end of file diff --git a/README.md b/README.md index 322073e..ee2f574 100644 --- a/README.md +++ b/README.md @@ -147,7 +147,7 @@ Here is the content of the **.nodesecurerc** file generated by default: { "version": "1.0.0", "i18n": "english", - "strategy": "npm", + "strategy": "github-advisory", "ci": { "reporters": ["console"], "vulnerabilities": { @@ -165,7 +165,7 @@ used by the runner. { "version": "1.0.0", "i18n": "english", - "strategy": "npm", + "strategy": "github-advisory", "ci": { "reporters": ["console"], "vulnerabilities": { diff --git a/bin/cli.ts b/bin/cli.ts index 240ad55..d942ee6 100644 --- a/bin/cli.ts +++ b/bin/cli.ts @@ -42,7 +42,7 @@ program .option( "-s, --strategy", `@nodesecure/vuln vulnerability strategy. Can be '${availableStrategies}'`, - Nsci.vulnStrategy.npm + Nsci.vulnStrategy["github-advisory"] ) .example("cli.js run --strategy=npm") diff --git a/eslint.config.mjs b/eslint.config.mjs new file mode 100644 index 0000000..8a1e9d0 --- /dev/null +++ b/eslint.config.mjs @@ -0,0 +1,3 @@ +import { typescriptConfig } from "@openally/config.eslint"; + +export default typescriptConfig(); diff --git a/lib/console-printer/index.ts b/lib/console-printer/index.ts index e0ce27f..fe7ac16 100644 --- a/lib/console-printer/index.ts +++ b/lib/console-printer/index.ts @@ -77,15 +77,12 @@ function createConsoleMessage(message: string): ConsoleMessage { export const consolePrinter: ConsolePrinter = { font: { standard: (message: string) => createConsoleMessage(kleur.white(message)), - highlight: (message: string) => - createConsoleMessage(kleur.magenta(message)), + highlight: (message: string) => createConsoleMessage(kleur.magenta(message)), info: (message: string) => createConsoleMessage(kleur.yellow(message)), error: (message: string) => createConsoleMessage(kleur.red(message)), success: (message: string) => createConsoleMessage(kleur.green(message)), - highlightedSuccess: (message: string) => - createConsoleMessage(kleur.bgGreen().bold().white(message)), - highlightedError: (message: string) => - createConsoleMessage(kleur.bgRed().bold().white(message)) + highlightedSuccess: (message: string) => createConsoleMessage(kleur.bgGreen().bold().white(message)), + highlightedError: (message: string) => createConsoleMessage(kleur.bgRed().bold().white(message)) }, decoration: { underline: (message: string) => kleur.underline(message), @@ -93,8 +90,7 @@ export const consolePrinter: ConsolePrinter = { bold: (message: string) => kleur.bold(message) }, util: { - concatOutputs: (messages: string[], delimiter = " ") => - createConsoleMessage(messages.join(delimiter)), + concatOutputs: (messages: string[], delimiter = " ") => createConsoleMessage(messages.join(delimiter)), emptyLine: () => console.log() } }; diff --git a/package.json b/package.json index bba5499..c63a880 100644 --- a/package.json +++ b/package.json @@ -55,45 +55,39 @@ "prestart": "npm run build", "prepublishOnly": "npm run test && npm run build", "start": "node dist/bin/cli.js", - "build": "rimraf ./dist && tsc --project tsconfig.build.json", + "build": "rimraf ./dist && tsc", "test": "glob -c \"tsx --test\" \"./src/**/*.spec.ts\"", "lint": "eslint ." }, "devDependencies": { - "@nodesecure/eslint-config": "^1.9.0", + "@openally/config.eslint": "^1.0.0", + "@openally/config.typescript": "^1.0.3", "@types/lodash.set": "^4.3.9", "@types/mock-fs": "^4.13.4", - "@types/node": "^22.1.0", + "@types/node": "^22.3.0", "@types/pluralize": "^0.0.33", "@types/sade": "^1.7.8", - "cross-env": "^7.0.3", - "eslint": "^8.56.0", - "eslint-config-prettier": "^9.1.0", - "eslint-import-resolver-typescript": "^3.6.1", - "eslint-plugin-prettier": "^5.1.3", + "glob": "^11.0.0", "mock-fs": "^5.2.0", - "prettier": "^3.2.4", "rimraf": "^6.0.1", - "ts-node": "^10.9.2", + "tsx": "^4.17.0", "typescript": "^5.0.4" }, "dependencies": { "@nodesecure/i18n": "^4.0.1", "@nodesecure/js-x-ray": "^7.3.0", - "@nodesecure/rc": "^3.0.0", - "@nodesecure/scanner": "^6.0.1", - "@nodesecure/vulnera": "^1.8.0", - "@openally/result": "^1.2.0", + "@nodesecure/rc": "^4.0.0", + "@nodesecure/scanner": "^6.1.0", + "@nodesecure/vulnera": "^2.0.1", + "@openally/result": "^1.3.0", "@slimio/async-cli-spinner": "^0.5.2", "ajv": "^8.12.0", - "glob": "^11.0.0", "kleur": "^4.1.5", "lodash.set": "^4.3.2", "pluralize": "^8.0.0", "pretty-ms": "^9.0.0", "sade": "^1.8.1", "table": "^6.8.1", - "ts-pattern": "^5.0.6", - "tsx": "^4.7.0" + "ts-pattern": "^5.3.1" } } diff --git a/src/analysis/extraction/extract.ts b/src/analysis/extraction/extract.ts index d695e66..50f52b7 100644 --- a/src/analysis/extraction/extract.ts +++ b/src/analysis/extraction/extract.ts @@ -1,9 +1,12 @@ // Import Third-party Dependencies import * as Scanner from "@nodesecure/scanner"; -import { Strategy } from "@nodesecure/vuln"; +import type { + StandardVulnerability, + Severity +} from "@nodesecure/vulnera"; // Import Internal Dependencies -import type { DependencyWarning } from "../types"; +import type { DependencyWarning } from "../types/index.js"; export interface CompactedScannerPayload { warnings: string[]; @@ -13,13 +16,13 @@ export interface CompactedScannerPayload { }; } -export type WorkableVulnerability = Strategy.StandardVulnerability & { - severity: Strategy.Severity; +export type WorkableVulnerability = StandardVulnerability & { + severity: Severity; package: string; }; function keepOnlyWorkableVulns( - vuln: Strategy.StandardVulnerability + vuln: StandardVulnerability ): vuln is WorkableVulnerability { return vuln.severity !== undefined || vuln.package !== undefined; } @@ -48,9 +51,9 @@ function extractDependenciesWarnings( function extractDependenciesVulnsAndWarnings( dependencies: Scanner.Dependencies ): { - warnings: DependencyWarning[]; - vulnerabilities: WorkableVulnerability[]; -} { + warnings: DependencyWarning[]; + vulnerabilities: WorkableVulnerability[]; + } { const warnings = extractDependenciesWarnings(dependencies); const vulnerabilities = extractDependenciesVulns(dependencies); diff --git a/src/analysis/interpretation/checkable.ts b/src/analysis/interpretation/checkable.ts index 6a58022..a825689 100644 --- a/src/analysis/interpretation/checkable.ts +++ b/src/analysis/interpretation/checkable.ts @@ -1,8 +1,8 @@ // Import Third-party Dependencies -import { Strategy } from "@nodesecure/vuln"; +import type { StandardVulnerability } from "@nodesecure/vulnera"; // Import Internal Dependencies -import type { DependencyWarning } from "../types"; +import type { DependencyWarning } from "../types/index.js"; export type CheckResult = "failed" | "passed"; @@ -16,7 +16,7 @@ export type CheckableFunction = { export type PipelineCheckFunctions = Array< () => CheckableFunction< - string | DependencyWarning | Strategy.StandardVulnerability + string | DependencyWarning | StandardVulnerability > >; diff --git a/src/analysis/interpretation/interpret.spec.ts b/src/analysis/interpretation/interpret.spec.ts index f7cd009..d204509 100644 --- a/src/analysis/interpretation/interpret.spec.ts +++ b/src/analysis/interpretation/interpret.spec.ts @@ -5,25 +5,25 @@ import { describe, it } from "node:test"; // Import Third-party Dependencies import * as JSXRay from "@nodesecure/js-x-ray"; import * as Scanner from "@nodesecure/scanner"; -import { Strategy } from "@nodesecure/vuln"; +import type { StandardVulnerability } from "@nodesecure/vulnera"; // Import Internal Dependencies import { IgnorePatterns, - WarningEntries -} from "../../configuration/external/nodesecure/ignore-file"; + type WarningEntries +} from "../../configuration/external/nodesecure/ignore-file.js"; import { Nsci } from "../../configuration/standard/index.js"; -import { WarningMode, Warnings } from "../../configuration/standard/nsci.js"; +import type { WarningMode, Warnings } from "../../configuration/standard/nsci.js"; import * as pipeline from "../../reporting/status.js"; -import { DeepPartialRecord } from "../../types"; +import type { DeepPartialRecord } from "../../types/index.js"; import { runPayloadInterpreter } from "./interpret.js"; -import { DependencyWarningWithMode } from "./warnings.js"; +import type { DependencyWarningWithMode } from "./warnings.js"; // CONSTANTS const kDefaultRuntimeConfiguration: Nsci.Configuration = { rootDir: process.cwd(), - strategy: Nsci.vulnStrategy.npm, + strategy: Nsci.vulnStrategy["github-advisory"], reporters: [Nsci.reporterTarget.CONSOLE], vulnerabilitySeverity: Nsci.vulnSeverity.ALL, warnings: Nsci.warnings.ERROR, @@ -39,7 +39,7 @@ const kDefaultScannerPayload: Scanner.Payload = { contacts: [] }, scannerVersion: "1.0.0", - vulnerabilityStrategy: "npm" + vulnerabilityStrategy: "github-advisory" }; /* eslint-disable max-nested-callbacks */ @@ -392,14 +392,14 @@ describe("Pipeline check workflow", () => { it("should filter unprocessable vulnerabilities", () => { const unprocessableVulnerability = { id: undefined, - origin: "npm", + origin: "github-advisory", package: undefined, title: undefined, url: undefined, severity: undefined, vulnerableRanges: [], vulnerableVersions: [] - } as unknown as Strategy.StandardVulnerability; + } as unknown as StandardVulnerability; const scannerPayload: Scanner.Payload = { ...kDefaultScannerPayload, @@ -429,7 +429,7 @@ describe("Pipeline check workflow", () => { versions: {}, vulnerabilities: [ { - origin: "npm", + origin: "github-advisory", package: "express", title: "Vuln...", cves: [], @@ -497,7 +497,7 @@ describe("Pipeline check workflow", () => { versions: {}, vulnerabilities: [ { - origin: "npm", + origin: "github-advisory", package: "express", title: "Vuln...", cves: [], @@ -534,7 +534,7 @@ describe("Pipeline check workflow", () => { versions: {}, vulnerabilities: [ { - origin: "npm", + origin: "github-advisory", package: "express", title: "Vuln...", cves: [], @@ -554,7 +554,7 @@ describe("Pipeline check workflow", () => { expectNsciPipelineToFail(status); assert.deepEqual(data.dependencies.vulnerabilities[0], { - origin: "npm", + origin: "github-advisory", package: "express", title: "Vuln...", cves: [], @@ -572,7 +572,7 @@ describe("Pipeline check workflow", () => { versions: {}, vulnerabilities: [ { - origin: "npm", + origin: "github-advisory", package: "express", title: "Express vuln that should not be ignored", cves: [], @@ -581,7 +581,7 @@ describe("Pipeline check workflow", () => { vulnerableVersions: [] }, { - origin: "npm", + origin: "github-advisory", package: "marker", title: "Marker vuln that should be ignored", cves: [], @@ -602,7 +602,7 @@ describe("Pipeline check workflow", () => { expectNsciPipelineToFail(status); assert.equal(data.dependencies.vulnerabilities.length, 1); assert.deepEqual(data.dependencies.vulnerabilities[0], { - origin: "npm", + origin: "github-advisory", package: "express", title: "Express vuln that should not be ignored", cves: [], diff --git a/src/analysis/interpretation/interpret.ts b/src/analysis/interpretation/interpret.ts index 7c0c059..3cd6355 100644 --- a/src/analysis/interpretation/interpret.ts +++ b/src/analysis/interpretation/interpret.ts @@ -12,20 +12,20 @@ import { Nsci } from "../../configuration/standard/index.js"; import { pipeline } from "../../reporting/index.js"; import { extractScannerPayload, - WorkableVulnerability + type WorkableVulnerability } from "../extraction/extract.js"; -import type { DependencyWarning } from "../types"; +import type { DependencyWarning } from "../types/index.js"; import { - CheckResult, - PipelineCheckFunctions, + type CheckResult, + type PipelineCheckFunctions, FAILING_CHECK } from "./checkable.js"; import { checkDependenciesVulns } from "./vulnerabilities.js"; import { checkDependenciesWarnings, checkGlobalWarnings, - DependencyWarningWithMode + type DependencyWarningWithMode } from "./warnings.js"; export interface InterpretedScannerPayload { @@ -125,7 +125,6 @@ export function runPayloadInterpreter( rc.ignorePatterns ); - /* eslint-disable @typescript-eslint/explicit-function-return-type */ return interpretPayloadChecks([ () => checkGlobalWarnings(warnings), () => checkDependenciesWarnings(filteredDependencies, rc), diff --git a/src/analysis/interpretation/vulnerabilities.ts b/src/analysis/interpretation/vulnerabilities.ts index 3ad54e7..54ac88f 100644 --- a/src/analysis/interpretation/vulnerabilities.ts +++ b/src/analysis/interpretation/vulnerabilities.ts @@ -1,11 +1,14 @@ // Import Third-party Dependencies -import { Strategy } from "@nodesecure/vuln"; +import type { + StandardVulnerability, + Severity +} from "@nodesecure/vulnera"; // Import Internal Dependencies import { Nsci } from "../../configuration/standard/index.js"; -import { Maybe } from "../../types/index.js"; +import type { Maybe } from "../../types/index.js"; -import { fromBooleanToCheckResult, CheckableFunction } from "./checkable.js"; +import { fromBooleanToCheckResult, type CheckableFunction } from "./checkable.js"; const kSeverities = { critical: 4, @@ -33,10 +36,9 @@ function fromSeverityToNumber( } function compareVulnSeverityWithThreshold( - severityThreshold: Strategy.Severity | "all" + severityThreshold: Severity | "all" ) { - return (vulnerability: Strategy.StandardVulnerability): boolean => - fromSeverityToNumber(vulnerability.severity) >= + return (vulnerability: StandardVulnerability): boolean => fromSeverityToNumber(vulnerability.severity) >= fromSeverityToNumber(severityThreshold); } @@ -45,9 +47,9 @@ function compareVulnSeverityWithThreshold( * the one defined in the runtime configuration is caught. */ function findAllVulnsExceedingSeverityThreshold( - vulnerabilities: Strategy.StandardVulnerability[], - severityThreshold: Strategy.Severity | "all" -): Strategy.StandardVulnerability[] { + vulnerabilities: StandardVulnerability[], + severityThreshold: Severity | "all" +): StandardVulnerability[] { const isVulnExceedingSeverityThreshold = compareVulnSeverityWithThreshold(severityThreshold); @@ -55,9 +57,9 @@ function findAllVulnsExceedingSeverityThreshold( } export function checkDependenciesVulns( - vulnerabilities: Strategy.StandardVulnerability[], + vulnerabilities: StandardVulnerability[], runtimeConfiguration: Nsci.Configuration -): CheckableFunction { +): CheckableFunction { const { vulnerabilitySeverity } = runtimeConfiguration; const vulnsClassifiedBySeverity = findAllVulnsExceedingSeverityThreshold( diff --git a/src/analysis/interpretation/warnings.ts b/src/analysis/interpretation/warnings.ts index b3ecbfb..b2d7431 100644 --- a/src/analysis/interpretation/warnings.ts +++ b/src/analysis/interpretation/warnings.ts @@ -1,13 +1,13 @@ // Import Third-party Dependencies -import { Warning } from "@nodesecure/js-x-ray"; +import type { Warning } from "@nodesecure/js-x-ray"; import { match } from "ts-pattern"; // Import Internal Dependencies import { Nsci } from "../../configuration/standard/index.js"; -import { WarningMode } from "../../configuration/standard/nsci.js"; -import type { DependencyWarning } from "../types"; +import type { WarningMode } from "../../configuration/standard/nsci.js"; +import type { DependencyWarning } from "../types/index.js"; -import { fromBooleanToCheckResult, CheckableFunction } from "./checkable.js"; +import { fromBooleanToCheckResult, type CheckableFunction } from "./checkable.js"; export function checkGlobalWarnings( warnings: string[] @@ -69,9 +69,9 @@ function retrieveAllWarningsWithSharedMode( function groupWarningKindsByWarningMode( warningsWithSpecificMode: Record ): { - allWarningsKindsWithErrorMode: Set; - allWarningsKindsWithWarningMode: Set; -} { + allWarningsKindsWithErrorMode: Set; + allWarningsKindsWithWarningMode: Set; + } { const warningKindsGroupedByWarningMode = Object.entries( warningsWithSpecificMode ).reduce( @@ -174,25 +174,22 @@ export function checkDependenciesWarnings( } }; }) - .with(Nsci.warnings.ERROR, () => - retrieveAllWarningsWithSharedMode( - warnings, - runtimeConfiguration.warnings as Nsci.WarningMode - ) + .with(Nsci.warnings.ERROR, () => retrieveAllWarningsWithSharedMode( + warnings, + runtimeConfiguration.warnings as Nsci.WarningMode ) - .with(Nsci.warnings.WARNING, () => - retrieveAllWarningsWithSharedMode( - warnings, - runtimeConfiguration.warnings as Nsci.WarningMode - ) ) - .otherwise(() => - retrieveAllWarningsWithSpecificMode( - warnings, - runtimeConfiguration.warnings as Record< - Nsci.WarningName, - Nsci.WarningMode - > - ) + .with(Nsci.warnings.WARNING, () => retrieveAllWarningsWithSharedMode( + warnings, + runtimeConfiguration.warnings as Nsci.WarningMode + ) + ) + .otherwise(() => retrieveAllWarningsWithSpecificMode( + warnings, + runtimeConfiguration.warnings as Record< + Nsci.WarningName, + Nsci.WarningMode + > + ) ); } diff --git a/src/analysis/types/index.ts b/src/analysis/types/index.ts index 80f1c0b..aa2183a 100644 --- a/src/analysis/types/index.ts +++ b/src/analysis/types/index.ts @@ -1,5 +1,5 @@ // Import Third-party Dependencies -import { Warning } from "@nodesecure/js-x-ray"; +import type { Warning } from "@nodesecure/js-x-ray"; export type DependencyWarning = { package: string; diff --git a/src/configuration/environment/index.spec.ts b/src/configuration/environment/index.spec.ts index 7154590..6f50dbc 100644 --- a/src/configuration/environment/index.spec.ts +++ b/src/configuration/environment/index.spec.ts @@ -1,6 +1,3 @@ -/* eslint-disable no-sync */ -/* eslint-disable max-nested-callbacks */ - // Import Node.js Dependencies import assert from "node:assert"; import fs from "node:fs"; @@ -50,8 +47,7 @@ function createFixturesFolder(): void { fixtureEnvironment.folderName ); fs.mkdirSync(folderName); - fixtureEnvironment.files.forEach((file) => - fs.writeFileSync(path.join(folderName, file), JSON.stringify({})) + fixtureEnvironment.files.forEach((file) => fs.writeFileSync(path.join(folderName, file), JSON.stringify({})) ); }); } @@ -61,12 +57,12 @@ function deleteFixturesFolder(): void { } describe("Environment data collection", () => { - before(async () => createFixturesFolder()); - after(async () => deleteFixturesFolder()); + before(async() => createFixturesFolder()); + after(async() => deleteFixturesFolder()); describe("When traversing the environment", () => { describe("When dealing with one single lockfile", () => { - it("should find the yarn lockfile at the given location", async () => { + it("should find the yarn lockfile at the given location", async() => { assert.deepEqual( ( await analyzeEnvironmentContext({ @@ -81,7 +77,7 @@ describe("Environment data collection", () => { ); }); - it("should find the shrinkwrap at the given location", async () => { + it("should find the shrinkwrap at the given location", async() => { assert.deepEqual( await analyzeEnvironmentContext({ ...Nsci.defaultNsciRuntimeConfiguration, @@ -94,12 +90,12 @@ describe("Environment data collection", () => { current: "npm-shrinkwrap.json", multiple: false }, - compatibleStrategy: "NPM_AUDIT" + compatibleStrategy: "GITHUB-ADVISORY" } ); }); - it("should find the package-lock lockfile at the given location", async () => { + it("should find the package-lock lockfile at the given location", async() => { assert.deepEqual( ( await analyzeEnvironmentContext({ @@ -116,7 +112,7 @@ describe("Environment data collection", () => { ); }); - it("should fallback to 'none' when no lockfile is found at the given location", async () => { + it("should fallback to 'none' when no lockfile is found at the given location", async() => { assert.deepEqual( ( await analyzeEnvironmentContext({ @@ -135,7 +131,7 @@ describe("Environment data collection", () => { }); describe("When dealing with multiple lockfiles", () => { - it("should keep the package-lock file", async () => { + it("should keep the package-lock file", async() => { assert.deepEqual( await analyzeEnvironmentContext({ ...Nsci.defaultNsciRuntimeConfiguration, @@ -148,7 +144,7 @@ describe("Environment data collection", () => { current: "package-lock.json", multiple: true }, - compatibleStrategy: "NPM_AUDIT" + compatibleStrategy: "GITHUB-ADVISORY" } ); }); @@ -156,11 +152,11 @@ describe("Environment data collection", () => { describe("When providing a strategy not compatible with the environment", () => { describe("When the lockfile is missing or incompatible with the environment", () => { - it("should fallback to 'SONATYPE' strategy", async () => { + it("should fallback to 'SONATYPE' strategy", async() => { assert.deepEqual( await analyzeEnvironmentContext({ ...Nsci.defaultNsciRuntimeConfiguration, - strategy: "NPM_AUDIT", + strategy: "GITHUB-ADVISORY", rootDir: getFixtureFolderPath(kFixtureEnvironment.yarn.folderName) }), { @@ -175,7 +171,7 @@ describe("Environment data collection", () => { assert.deepEqual( await analyzeEnvironmentContext({ ...Nsci.defaultNsciRuntimeConfiguration, - strategy: "NPM_AUDIT", + strategy: "GITHUB-ADVISORY", rootDir: getFixtureFolderPath( kFixtureEnvironment.noLockFile.folderName ) @@ -191,44 +187,5 @@ describe("Environment data collection", () => { }); }); }); - - describe("When providing a strategy compatible with every environment", () => { - it("should not fallback to any strategy", async () => { - const SAME_NODE_STRATEGY = "SECURITY_WG"; - assert.deepEqual( - await analyzeEnvironmentContext({ - ...Nsci.defaultNsciRuntimeConfiguration, - strategy: SAME_NODE_STRATEGY, - rootDir: getFixtureFolderPath( - kFixtureEnvironment.shrinkwrap.folderName - ) - }), - { - lockFile: { - current: "npm-shrinkwrap.json", - multiple: false - }, - compatibleStrategy: SAME_NODE_STRATEGY - } - ); - - const SAME_NONE_STRATEGY = "NONE"; - - assert.deepEqual( - await analyzeEnvironmentContext({ - ...Nsci.defaultNsciRuntimeConfiguration, - strategy: SAME_NONE_STRATEGY, - rootDir: getFixtureFolderPath(kFixtureEnvironment.yarn.folderName) - }), - { - lockFile: { - current: "yarn.lock", - multiple: false - }, - compatibleStrategy: SAME_NONE_STRATEGY - } - ); - }); - }); }); }); diff --git a/src/configuration/environment/index.ts b/src/configuration/environment/index.ts index 740991f..20dafb4 100644 --- a/src/configuration/environment/index.ts +++ b/src/configuration/environment/index.ts @@ -3,7 +3,7 @@ import fs from "fs/promises"; import path from "path"; // Import Internal Dependencies -import { ValueOf } from "../../types"; +import type { ValueOf } from "../../types/index.js"; import { Nsci } from "../standard/index.js"; type LockFile = ValueOf; @@ -66,7 +66,7 @@ export async function analyzeEnvironmentContext({ }: Nsci.Configuration): Promise { try { const collectedLockFiles = await collectLockFiles(rootDir); - const multipleLockFiles = collectedLockFiles.size > 1 ?? false; + const multipleLockFiles = collectedLockFiles.size > 1; const [lockFile] = collectedLockFiles; // package-lock.json is the lockfile with the best compatibility const hasPackageLock = collectedLockFiles.has(kLockFiles.packageLock); @@ -93,7 +93,8 @@ export async function analyzeEnvironmentContext({ }, compatibleStrategy: getFallbackStrategy(strategy) }; - } catch { + } + catch { return kFallbackEnvironmentContext; } } diff --git a/src/configuration/external/adapt.ts b/src/configuration/external/adapt.ts index c963abd..32f8252 100644 --- a/src/configuration/external/adapt.ts +++ b/src/configuration/external/adapt.ts @@ -7,7 +7,7 @@ import { Nsci } from "../standard/index.js"; import { defaultExternalConfigOptions, - ExternalRuntimeConfiguration + type ExternalRuntimeConfiguration } from "./common.js"; function adaptDirectory(directory: string): string { @@ -15,7 +15,8 @@ function adaptDirectory(directory: string): string { accessSync(directory, constants.F_OK); return resolve(directory); - } catch { + } + catch { return Nsci.defaultNsciRuntimeConfiguration.rootDir; } } @@ -61,8 +62,7 @@ function adaptWarnings(warnings: Nsci.Warnings): Nsci.Warnings { const warningsWithValidKindAndMode = Object.fromEntries( Object.entries(warnings).filter( - ([warningType, warningMode]) => - isValidWarningKind(warningType) && isValidWarningMode(warningMode) + ([warningType, warningMode]) => isValidWarningKind(warningType) && isValidWarningMode(warningMode as string) ) ) as Nsci.Warnings; @@ -85,7 +85,7 @@ function adaptStrategy(strategy: Nsci.InputStrategy): Nsci.OutputStrategy { return Nsci.vulnStrategy[strategy]; } - return Nsci.vulnStrategy.npm; + return Nsci.vulnStrategy["github-advisory"]; } function isValidSeverity(threshold: Nsci.Severity): boolean { diff --git a/src/configuration/external/api/index.ts b/src/configuration/external/api/index.ts index 9322729..f56d2f0 100644 --- a/src/configuration/external/api/index.ts +++ b/src/configuration/external/api/index.ts @@ -1,6 +1,6 @@ // Import Internal Dependencies import { Nsci } from "../../standard/index.js"; -import { ExternalConfigAdapter } from "../common.js"; +import type { ExternalConfigAdapter } from "../common.js"; export type ApiConfig = { directory: string; diff --git a/src/configuration/external/cli/index.ts b/src/configuration/external/cli/index.ts index 552203d..2e08885 100644 --- a/src/configuration/external/cli/index.ts +++ b/src/configuration/external/cli/index.ts @@ -1,6 +1,6 @@ // Import Internal Dependencies import { Nsci } from "../../standard/index.js"; -import { ExternalConfigAdapter } from "../common.js"; +import type { ExternalConfigAdapter } from "../common.js"; export type CliConfig = { directory: string; diff --git a/src/configuration/external/common.ts b/src/configuration/external/common.ts index 8c072fb..9b0cc25 100644 --- a/src/configuration/external/common.ts +++ b/src/configuration/external/common.ts @@ -27,7 +27,7 @@ export type ExternalConfigAdapter = { export const defaultExternalConfigOptions: ExternalRuntimeConfiguration = { vulnerabilities: Nsci.vulnSeverity.MEDIUM, directory: process.cwd(), - strategy: "npm", + strategy: "github-advisory", warnings: Nsci.warnings.ERROR, reporters: [Nsci.reporterTarget.CONSOLE] }; diff --git a/src/configuration/external/nodesecure/ignore-file.ts b/src/configuration/external/nodesecure/ignore-file.ts index f42b2d0..1cd0016 100644 --- a/src/configuration/external/nodesecure/ignore-file.ts +++ b/src/configuration/external/nodesecure/ignore-file.ts @@ -1,6 +1,6 @@ // Import Third-party dependencies -import JSXray from "@nodesecure/js-x-ray"; -import Validator from "ajv"; +import * as JSXray from "@nodesecure/js-x-ray"; +import { Ajv } from "ajv"; export class IgnorePatterns { public warnings: IgnoreWarningsPatterns; @@ -52,7 +52,7 @@ export function validateIgnoreFile(ignoreFile: string): { isValid: boolean; error?: string; } { - const validator = new Validator(); + const validator = new Ajv(); const validate = validator.compile(kIgnoreFileSchema); const isValid = validate(ignoreFile); diff --git a/src/configuration/external/nodesecure/index.spec.ts b/src/configuration/external/nodesecure/index.spec.ts index c80fde6..c6e27be 100644 --- a/src/configuration/external/nodesecure/index.spec.ts +++ b/src/configuration/external/nodesecure/index.spec.ts @@ -6,20 +6,20 @@ import { describe, it } from "node:test"; import mock from "mock-fs"; // Internal Dependencies -import { IgnorePatterns, IgnoreWarningsPatterns } from "./ignore-file"; +import { IgnorePatterns, IgnoreWarningsPatterns } from "./ignore-file.js"; -import { getIgnoreFile, kIgnoreFilePath } from "./index"; +import { getIgnoreFile, kIgnoreFilePath } from "./index.js"; describe("getIgnoreFile", () => { const kDefaultIgnoreFileContent = IgnorePatterns.default(); - it("should return empty object if file doen't exist", async () => { + it("should return empty object if file doen't exist", async() => { const result = await getIgnoreFile(); assert.deepEqual(result, kDefaultIgnoreFileContent); }); - it("should return empty object if file format is invalid", async () => { + it("should return empty object if file format is invalid", async() => { const invalidIgnoreFile = { foo: "bar" }; createFakeIgnoreFile(JSON.stringify(invalidIgnoreFile)); @@ -29,7 +29,7 @@ describe("getIgnoreFile", () => { mock.restore(); }); - it("should return the ignore file if it's valid", async () => { + it("should return the ignore file if it's valid", async() => { const validIgnoreFile = { warnings: { "unsafe-regex": ["negotiator"] @@ -44,7 +44,7 @@ describe("getIgnoreFile", () => { mock.restore(); }); - it("should return an IgnorePatterns warnings property", async () => { + it("should return an IgnorePatterns warnings property", async() => { const validIgnoreFile = { warnings: { "unsafe-regex": ["negotiator"] @@ -58,7 +58,7 @@ describe("getIgnoreFile", () => { mock.restore(); }); - it("should return an helper to check if a warning exist for a given pkg", async () => { + it("should return an helper to check if a warning exist for a given pkg", async() => { const validIgnoreFile = { warnings: { "unsafe-regex": ["negotiator"] diff --git a/src/configuration/external/nodesecure/index.ts b/src/configuration/external/nodesecure/index.ts index e925e3f..5fcedcc 100644 --- a/src/configuration/external/nodesecure/index.ts +++ b/src/configuration/external/nodesecure/index.ts @@ -3,17 +3,17 @@ import { readFile } from "fs/promises"; import { join } from "path"; // Import Third-party Dependencies -import { RC as NodeSecureRuntimeConfig, read } from "@nodesecure/rc"; +import { type RC as NodeSecureRuntimeConfig, read } from "@nodesecure/rc"; import type { Result } from "@openally/result"; import { match } from "ts-pattern"; // Import Internal Dependencies import { consolePrinter } from "../../../../lib/console-printer/index.js"; -import { Maybe } from "../../../types/index.js"; +import type { Maybe } from "../../../types/index.js"; import { defaultExternalConfigOptions, - ExternalConfigAdapter, - ExternalRuntimeConfiguration + type ExternalConfigAdapter, + type ExternalRuntimeConfiguration } from "../common.js"; import { @@ -60,15 +60,13 @@ function interpretNodeSecureConfigResult( .with({ ok: true }, (result) => result.val) .with( { ok: false }, - // eslint-disable-next-line handle-callback-err - (_err) => - /** - * For now, no difference is made between an ENOENT or an invalid file. - * We could process a pattern matching on the callback err provided - * to differentiate ENOENT or and exceptions thrown (e.g: AJV when invalid - * properties) which would then be reported. - */ - undefined + /** + * For now, no difference is made between an ENOENT or an invalid file. + * We could process a pattern matching on the callback err provided + * to differentiate ENOENT or and exceptions thrown (e.g: AJV when invalid + * properties) which would then be reported. + */ + (_err) => undefined ) .exhaustive(); } @@ -108,7 +106,8 @@ export async function getIgnoreFile(): Promise { logger.info(`${highlightedFilename} file successfully loaded.`); return new IgnorePatterns(ignoreObject.warnings); - } catch (error: any) { + } + catch (error: any) { if (error.code === "ENOENT") { logger.info( `${highlightedFilename} file not found. Nothing will be ignored.` diff --git a/src/configuration/external/standardize.spec.ts b/src/configuration/external/standardize.spec.ts index 4b75930..c0ffec7 100644 --- a/src/configuration/external/standardize.spec.ts +++ b/src/configuration/external/standardize.spec.ts @@ -4,13 +4,13 @@ import path from "node:path"; import { describe, it } from "node:test"; // Import Third-party Dependencies -import { RC as NodeSecureRuntimeConfig } from "@nodesecure/rc"; +import type { RC as NodeSecureRuntimeConfig } from "@nodesecure/rc"; // Import Internal Dependencies -import { IgnorePatterns } from "../../configuration/external/nodesecure/ignore-file"; +import { IgnorePatterns } from "../../configuration/external/nodesecure/ignore-file.js"; import { Nsci } from "../standard/index.js"; -import { ExternalRuntimeConfiguration } from "./common.js"; +import type { ExternalRuntimeConfiguration } from "./common.js"; import { standardizeAllApisOptions, standardizeExternalConfiguration @@ -23,7 +23,7 @@ describe("Standardize CLI/API configuration to Nsci runtime configuration", () = const externalOptions = { directory: "src", - strategy: "npm", + strategy: "github-advisory", vulnerabilities: "all", warnings: "", reporters: "console, html" @@ -31,7 +31,7 @@ describe("Standardize CLI/API configuration to Nsci runtime configuration", () = const finalConfig = { rootDir: path.join(cwd, "src"), - strategy: "NPM_AUDIT", + strategy: "GITHUB-ADVISORY", reporters: ["console", "html"], vulnerabilitySeverity: "all", warnings: "error", @@ -95,7 +95,6 @@ describe("Standardize CLI/API configuration to Nsci runtime configuration", () = it("should only keep valid options from partial config to allow correct merging with default RC", () => { partialOrInvalidConfigThatShouldFallbackToDefaultRC.forEach( - // eslint-disable-next-line max-nested-callbacks (partialConfig) => { assert.deepEqual( standardizeExternalConfiguration( @@ -109,7 +108,7 @@ describe("Standardize CLI/API configuration to Nsci runtime configuration", () = }); }); -it("should standardize NodeSecure runtime configuration to Nsci runtime configuration", async () => { +it("should standardize NodeSecure runtime configuration to Nsci runtime configuration", async() => { const partialCfg: NodeSecureRuntimeConfig = { version: "1.0", strategy: "snyk", diff --git a/src/configuration/external/standardize.ts b/src/configuration/external/standardize.ts index d25b7c8..a4a3bff 100644 --- a/src/configuration/external/standardize.ts +++ b/src/configuration/external/standardize.ts @@ -1,14 +1,15 @@ // Import Third-party Dependencies -import { RC as NodeSecureRuntimeConfig } from "@nodesecure/rc"; +// Import Third-party Dependencies +import type { RC as NodeSecureRuntimeConfig } from "@nodesecure/rc"; // Import Internal Dependencies import { IgnorePatterns } from "../../configuration/external/nodesecure/ignore-file.js"; import { Nsci } from "../standard/index.js"; import { adaptExternalToStandardConfiguration } from "./adapt.js"; -import { ApiConfig } from "./api/index.js"; -import { CliConfig, CliConfigAdapter } from "./cli/index.js"; -import { ExternalRuntimeConfiguration } from "./common.js"; +import type { ApiConfig } from "./api/index.js"; +import { type CliConfig, CliConfigAdapter } from "./cli/index.js"; +import type { ExternalRuntimeConfiguration } from "./common.js"; import { NodeSecureConfigAdapter } from "./nodesecure/index.js"; function isInvalidConfigOption(value: T): boolean { diff --git a/src/configuration/manage.spec.ts b/src/configuration/manage.spec.ts index bd63654..1b5fb86 100644 --- a/src/configuration/manage.spec.ts +++ b/src/configuration/manage.spec.ts @@ -1,26 +1,19 @@ // Import Node.js Dependencies import assert from "node:assert"; -import { unlinkSync } from "node:fs"; -import path from "node:path"; import { describe, it } from "node:test"; -// Import Third-party Dependencies -import { write } from "@nodesecure/rc"; - // Import Internal Dependencies import { - ApiConfig, - generateDefaultNodeSecureConfig, - CliConfig + type ApiConfig, + type CliConfig } from "./external/index.js"; -import { selectRuntimeConfig } from "./manage"; -import { Nsci } from "./standard"; +import { selectRuntimeConfig } from "./manage.js"; +import { Nsci } from "./standard/index.js"; -/* eslint-disable max-nested-callbacks */ describe("When managing the runtime configuration", () => { describe("When there is no .nodesecurerc file", () => { describe("When providing no options from the CLI or API", () => { - it("should fallback to the default Nsci configuration options", async () => { + it("should fallback to the default Nsci configuration options", async() => { const optionsFromCliOrApi: ApiConfig | CliConfig = {} as unknown as ApiConfig; @@ -32,7 +25,7 @@ describe("When managing the runtime configuration", () => { }); }); describe("When providing options from the CLI or API", () => { - it("should use the configuration provided from function arguments (i.e: coming from either API or CLI)", async () => { + it("should use the configuration provided from function arguments (i.e: coming from either API or CLI)", async() => { const optionsFromCliOrApi: ApiConfig | CliConfig = { directory: process.cwd(), vulnerabilities: "all", @@ -62,56 +55,4 @@ describe("When managing the runtime configuration", () => { }); }); }); - - describe("When there is a .nodesecurerc file", () => { - it("should use the configuration provided from the file and ignore function arguments (i.e: coming from either API or CLI)", async () => { - /** - * We voluntarily provide Api and Cli options to be sure that they - * are ignored in favor of options defined in .nodesecurerc - */ - const optionsFromCliOrApi: ApiConfig | CliConfig = { - strategy: "snyk", - reporters: ["console"] - } as unknown as ApiConfig; - - await generateDefaultNodeSecureConfig(); - - /** - * Here, we emulate a change within the runtime config file which would - * be done by the user of the library. - */ - await write(process.cwd(), { - payload: { - strategy: "node", - ci: { - vulnerabilities: { - severity: "all" - }, - reporters: ["html"], - warnings: "warning" - } - }, - partialUpdate: true - }); - - const { configMode, runtimeConfig } = - await selectRuntimeConfig(optionsFromCliOrApi); - - assert.deepEqual(configMode, "file"); - assert.deepEqual(runtimeConfig, { - // Starting from the default config - ...Nsci.defaultNsciRuntimeConfiguration, - /** - * But then we expect custom config defined in the RC file to be reflected - * in the runtime config which will be used during the analysis - */ - strategy: "SECURITY_WG", - vulnerabilitySeverity: "all", - reporters: ["html"], - warnings: "warning" - }); - - unlinkSync(path.join(process.cwd(), ".nodesecurerc")); - }); - }); }); diff --git a/src/configuration/manage.ts b/src/configuration/manage.ts index 6ce777f..4bfa028 100644 --- a/src/configuration/manage.ts +++ b/src/configuration/manage.ts @@ -7,8 +7,8 @@ import { getNodeSecureConfig, standardizeRuntimeConfig, getIgnoreFile, - ApiConfig, - CliConfig + type ApiConfig, + type CliConfig } from "./external/index.js"; import { Nsci } from "./standard/index.js"; diff --git a/src/configuration/standard/nsci.ts b/src/configuration/standard/nsci.ts index 0b823b2..0334e72 100644 --- a/src/configuration/standard/nsci.ts +++ b/src/configuration/standard/nsci.ts @@ -2,12 +2,11 @@ import * as jsxray from "@nodesecure/js-x-ray"; // Import Internal Dependencies -import { ValueOf } from "../../types"; +import type { ValueOf } from "../../types/index.js"; import { IgnorePatterns } from "../external/nodesecure/ignore-file.js"; export const vulnStrategy = { - npm: "NPM_AUDIT", - node: "SECURITY_WG", + "github-advisory": "GITHUB-ADVISORY", snyk: "SNYK", sonatype: "SONATYPE", none: "NONE" @@ -55,7 +54,7 @@ export type Configuration = { function generateDefaultRC(): Configuration { return { rootDir: process.cwd(), - strategy: vulnStrategy.npm, + strategy: vulnStrategy["github-advisory"], reporters: [reporterTarget.CONSOLE], vulnerabilitySeverity: vulnSeverity.MEDIUM, warnings: warnings.ERROR, diff --git a/src/reporting/reporters/internal/configuration.ts b/src/reporting/reporters/internal/configuration.ts index 14d5d70..1772cf2 100644 --- a/src/reporting/reporters/internal/configuration.ts +++ b/src/reporting/reporters/internal/configuration.ts @@ -1,8 +1,8 @@ // Import Internal Dependencies import { consolePrinter } from "../../../../lib/console-printer/index.js"; -import { SelectedRuntimeConfig } from "../../../configuration/manage.js"; +import type { SelectedRuntimeConfig } from "../../../configuration/manage.js"; import { Nsci } from "../../../configuration/standard/index.js"; -import { Reporter } from "../reporter.js"; +import type { Reporter } from "../reporter.js"; import { invertRecord } from "./util.js"; @@ -43,7 +43,8 @@ function printSelectedRuntimeConfiguration({ .printWithEmptyLine(); dumpInputCommand(runtimeConfig); - } else { + } + else { consolePrinter.font .standard("was found") .prefix(consolePrinter.font.highlight(".nodesecurerc").message) diff --git a/src/reporting/reporters/internal/environment.ts b/src/reporting/reporters/internal/environment.ts index 5b449f7..2aa1601 100644 --- a/src/reporting/reporters/internal/environment.ts +++ b/src/reporting/reporters/internal/environment.ts @@ -3,9 +3,9 @@ import { consolePrinter, removeWhiteSpaces } from "../../../../lib/console-printer/index.js"; -import { EnvironmentContext } from "../../../configuration/environment"; +import type { EnvironmentContext } from "../../../configuration/environment/index.js"; import { Nsci } from "../../../configuration/standard/index.js"; -import { Reporter } from "../reporter.js"; +import type { Reporter } from "../reporter.js"; import { invertRecord } from "./util.js"; @@ -20,7 +20,8 @@ function reportLockFileContext( .standard(`No lockfile could be found in ${rc.rootDir}`) .prefix(consolePrinter.font.info("info").message) .printWithEmptyLine(); - } else { + } + else { consolePrinter.util .concatOutputs([ consolePrinter.font.highlight(env.lockFile.current).message, @@ -34,9 +35,9 @@ function reportLockFileContext( consolePrinter.font .standard( removeWhiteSpaces( - `Your project contains more than one lock file. - It is advised not to mix package managers in order to - avoid resolution inconsistencies caused by unsynchronized + `Your project contains more than one lock file. + It is advised not to mix package managers in order to + avoid resolution inconsistencies caused by unsynchronized lock files` ) ) diff --git a/src/reporting/reporters/internal/scanner.ts b/src/reporting/reporters/internal/scanner.ts index b9e86ab..04b60b3 100644 --- a/src/reporting/reporters/internal/scanner.ts +++ b/src/reporting/reporters/internal/scanner.ts @@ -1,5 +1,5 @@ // Import Third-party Dependencies -import { Logger, Payload, ScannerLoggerEvents } from "@nodesecure/scanner"; +import { Logger, type Payload, ScannerLoggerEvents } from "@nodesecure/scanner"; import Spinner from "@slimio/async-cli-spinner"; import pluralize from "pluralize"; import ms from "pretty-ms"; @@ -7,7 +7,7 @@ import ms from "pretty-ms"; // Import Internal Dependencies import { consolePrinter } from "../../../../lib/console-printer/index.js"; import { Nsci } from "../../../configuration/standard/index.js"; -import { Reporter } from "../reporter.js"; +import type { Reporter } from "../reporter.js"; /** * This report has nothing to do with console or html reporters. This function diff --git a/src/reporting/reporters/post-pipeline/console/dependency-warnings.ts b/src/reporting/reporters/post-pipeline/console/dependency-warnings.ts index 4530b76..9a05ee6 100644 --- a/src/reporting/reporters/post-pipeline/console/dependency-warnings.ts +++ b/src/reporting/reporters/post-pipeline/console/dependency-warnings.ts @@ -4,10 +4,10 @@ import { match } from "ts-pattern"; // Import Internal Dependencies import { - ConsoleMessage, + type ConsoleMessage, consolePrinter } from "../../../../../lib/console-printer/index.js"; -import { DependencyWarningWithMode } from "../../../../analysis/interpretation/warnings.js"; +import type { DependencyWarningWithMode } from "../../../../analysis/interpretation/warnings.js"; import { Nsci } from "../../../../configuration/index.js"; import { @@ -37,7 +37,8 @@ function collectDependencyWarningsConsoleMessages( */ if (warning.mode === Nsci.warnings.ERROR) { warningsWithErrorMode.push(dependencyWarning); - } else { + } + else { warningsWithWarningMode.push(dependencyWarning); } @@ -84,8 +85,7 @@ export function reportDependencyWarnings( warningsMode: Nsci.Warnings ): void { const numberOfDependencyWarnings = warnings.reduce( - (accumulatedNumberOfWarnings, dependencyWarning) => - accumulatedNumberOfWarnings + dependencyWarning.warnings.length, + (accumulatedNumberOfWarnings, dependencyWarning) => accumulatedNumberOfWarnings + dependencyWarning.warnings.length, 0 ); const { warningsWithErrorMode, printAllWarnings } = @@ -161,9 +161,9 @@ function collectNumberOfWarningsWithError( function collectDependencyWarningsStats( warnings: DependencyWarningWithMode[] ): { - allWarnings: number; - warningsWithError: number; -} { + allWarnings: number; + warningsWithError: number; + } { const dependencyWarningsStats = warnings.reduce( (accumulatedWarningsStats, dependencyWarning) => { return { @@ -189,25 +189,20 @@ export function buildDependenciesWarningsOutcomeMessage( collectDependencyWarningsStats(warnings); return match(warningsMode) - .with(Nsci.warnings.OFF, () => - consolePrinter.font.info("⚠ dependency warnings skipped") + .with(Nsci.warnings.OFF, () => consolePrinter.font.info("⚠ dependency warnings skipped") ) - .with(Nsci.warnings.ERROR, () => - buildOutcomeStatsConsoleMessage(allWarnings, Nsci.warnings.ERROR) + .with(Nsci.warnings.ERROR, () => buildOutcomeStatsConsoleMessage(allWarnings, Nsci.warnings.ERROR) ) - .with(Nsci.warnings.WARNING, () => - buildOutcomeStatsConsoleMessage(allWarnings, Nsci.warnings.WARNING) + .with(Nsci.warnings.WARNING, () => buildOutcomeStatsConsoleMessage(allWarnings, Nsci.warnings.WARNING) ) - .otherwise(() => - buildOutcomeStatsConsoleMessage( - allWarnings, - /* eslint-disable no-nested-ternary */ - /* eslint-disable prettier/prettier */ - warningsWithError > 0 - ? Nsci.warnings.ERROR - : allWarnings > 0 + .otherwise(() => buildOutcomeStatsConsoleMessage( + allWarnings, + /* eslint-disable no-nested-ternary */ + warningsWithError > 0 + ? Nsci.warnings.ERROR + : allWarnings > 0 ? Nsci.warnings.WARNING : Nsci.warnings.OFF - ) + ) ); } diff --git a/src/reporting/reporters/post-pipeline/console/global-warnings.ts b/src/reporting/reporters/post-pipeline/console/global-warnings.ts index 4897988..590b27f 100644 --- a/src/reporting/reporters/post-pipeline/console/global-warnings.ts +++ b/src/reporting/reporters/post-pipeline/console/global-warnings.ts @@ -3,7 +3,7 @@ import pluralize from "pluralize"; // Import Internal Dependencies import { - ConsoleMessage, + type ConsoleMessage, consolePrinter } from "../../../../../lib/console-printer/index.js"; import { Nsci } from "../../../../configuration/index.js"; diff --git a/src/reporting/reporters/post-pipeline/console/index.ts b/src/reporting/reporters/post-pipeline/console/index.ts index aad41a5..9a07620 100644 --- a/src/reporting/reporters/post-pipeline/console/index.ts +++ b/src/reporting/reporters/post-pipeline/console/index.ts @@ -6,9 +6,9 @@ import ms from "pretty-ms"; // Import Internal Dependencies import { consolePrinter } from "../../../../../lib/console-printer/index.js"; -import { OutcomePayloadFromPipelineChecks } from "../../../../analysis/interpretation/interpret.js"; +import type { OutcomePayloadFromPipelineChecks } from "../../../../analysis/interpretation/interpret.js"; import { Nsci } from "../../../../configuration/standard/index.js"; -import { Reporter } from "../../reporter.js"; +import type { Reporter } from "../../reporter.js"; import { reportDependencyWarnings } from "./dependency-warnings.js"; import { reportGlobalWarnings } from "./global-warnings.js"; diff --git a/src/reporting/reporters/post-pipeline/console/outcome.ts b/src/reporting/reporters/post-pipeline/console/outcome.ts index ceb8d02..929506f 100644 --- a/src/reporting/reporters/post-pipeline/console/outcome.ts +++ b/src/reporting/reporters/post-pipeline/console/outcome.ts @@ -1,10 +1,10 @@ // Import Third-party Dependencies -import { table, TableUserConfig } from "table"; +import { table, type TableUserConfig } from "table"; // Import Internal Dependencies import { consolePrinter } from "../../../../../lib/console-printer/index.js"; -import type { InterpretedScannerPayload } from "../../../../analysis"; -import { Warnings } from "../../../../configuration/standard/nsci.js"; +import type { InterpretedScannerPayload } from "../../../../analysis/index.js"; +import type { Warnings } from "../../../../configuration/standard/nsci.js"; import { pipeline } from "../../../index.js"; import { buildDependenciesWarningsOutcomeMessage } from "./dependency-warnings.js"; @@ -65,7 +65,8 @@ export function printPipelineOutcome( .highlightedSuccess("✓ [SUCCESS] Pipeline successful ") .bold() .print(); - } else { + } + else { consolePrinter.font .highlightedError("✖ [FAILURE] Pipeline failed") .print(); diff --git a/src/reporting/reporters/post-pipeline/console/util.ts b/src/reporting/reporters/post-pipeline/console/util.ts index 30937fc..9ec8ad1 100644 --- a/src/reporting/reporters/post-pipeline/console/util.ts +++ b/src/reporting/reporters/post-pipeline/console/util.ts @@ -2,12 +2,12 @@ import { match } from "ts-pattern"; import { - ConsoleMessage, - ConsoleOutput, + type ConsoleMessage, + type ConsoleOutput, consolePrinter } from "../../../../../lib/console-printer/index.js"; import { Nsci } from "../../../../configuration/index.js"; -import { Warnings } from "../../../../configuration/standard/nsci"; +import type { Warnings } from "../../../../configuration/standard/nsci.js"; export function getOutcomeEmoji(warningsMode: Warnings): string { return match(warningsMode) diff --git a/src/reporting/reporters/post-pipeline/console/vulnerabilities.ts b/src/reporting/reporters/post-pipeline/console/vulnerabilities.ts index 479728e..6d2c885 100644 --- a/src/reporting/reporters/post-pipeline/console/vulnerabilities.ts +++ b/src/reporting/reporters/post-pipeline/console/vulnerabilities.ts @@ -1,17 +1,19 @@ // Import Third-party Dependencies -import { Strategy } from "@nodesecure/vuln"; +import type { + Severity +} from "@nodesecure/vulnera"; import pluralize from "pluralize"; // Import Internal Dependencies import { - ConsoleMessage, + type ConsoleMessage, consolePrinter } from "../../../../../lib/console-printer/index.js"; -import type { WorkableVulnerability } from "../../../../analysis"; +import type { WorkableVulnerability } from "../../../../analysis/index.js"; import { buildOutcomeStatsConsoleMessage } from "./util.js"; -function getColorBySeverity(severity: Strategy.Severity): ConsoleMessage { +function getColorBySeverity(severity: Severity): ConsoleMessage { switch (severity) { case "critical": return consolePrinter.font.highlight(severity); @@ -54,7 +56,8 @@ export function reportDependencyVulns( ]) .printWithEmptyLine(); } - } else { + } + else { consolePrinter.font .success("✓ 0 vulnerabilities detected in the dependency tree") .bold() diff --git a/src/reporting/reporters/post-pipeline/html/index.ts b/src/reporting/reporters/post-pipeline/html/index.ts index bcb5a53..4137e93 100644 --- a/src/reporting/reporters/post-pipeline/html/index.ts +++ b/src/reporting/reporters/post-pipeline/html/index.ts @@ -1,6 +1,6 @@ // Import Internal Dependencies import { reporterTarget } from "../../../../configuration/standard/nsci.js"; -import { Reporter } from "../../reporter.js"; +import type { Reporter } from "../../reporter.js"; export const htmlReporter: Reporter = { type: reporterTarget.HTML, diff --git a/src/reporting/reporters/reporter.ts b/src/reporting/reporters/reporter.ts index fb88ddc..f4a9af3 100644 --- a/src/reporting/reporters/reporter.ts +++ b/src/reporting/reporters/reporter.ts @@ -1,6 +1,6 @@ // Import Internal Dependencies -import { OutcomePayloadFromPipelineChecks } from "../../analysis/index.js"; -import { ReporterTarget } from "../../configuration/standard/nsci.js"; +import type { OutcomePayloadFromPipelineChecks } from "../../analysis/index.js"; +import type { ReporterTarget } from "../../configuration/standard/nsci.js"; export type Reporter = { type: ReporterTarget; diff --git a/src/reporting/reporters/runner.ts b/src/reporting/reporters/runner.ts index 68f5072..f71dac6 100644 --- a/src/reporting/reporters/runner.ts +++ b/src/reporting/reporters/runner.ts @@ -2,11 +2,11 @@ import { match } from "ts-pattern"; // Import Internal Dependencies -import type { OutcomePayloadFromPipelineChecks } from "../../analysis"; +import type { OutcomePayloadFromPipelineChecks } from "../../analysis/index.js"; import { Nsci } from "../../configuration/standard/index.js"; import * as postPipelineReporting from "./post-pipeline/index.js"; -import { Reporter } from "./reporter"; +import type { Reporter } from "./reporter.js"; function initializeReporter( reporter: Nsci.ReporterTarget diff --git a/src/reporting/run.ts b/src/reporting/run.ts index 540a059..3378d18 100644 --- a/src/reporting/run.ts +++ b/src/reporting/run.ts @@ -1,21 +1,21 @@ // Import Third-party Dependencies import * as Scanner from "@nodesecure/scanner"; -import * as vuln from "@nodesecure/vuln"; +import * as Vulnera from "@nodesecure/vulnera"; // Import Internal Dependencies import { consolePrinter } from "../../lib/console-printer/index.js"; import { - OutcomePayloadFromPipelineChecks, + type OutcomePayloadFromPipelineChecks, runPayloadInterpreter } from "../analysis/index.js"; import { - ApiConfig, - CliConfig, + type ApiConfig, + type CliConfig, defaultExternalConfigOptions, useRuntimeConfig, Nsci } from "../configuration/index.js"; -import { Maybe } from "../types/index.js"; +import type { Maybe } from "../types/index.js"; import { scannerReporter, runReporting } from "./reporters/index.js"; import { status } from "./status.js"; @@ -23,8 +23,8 @@ import { status } from "./status.js"; async function runScannerAnalysis( runtimeConfig: Nsci.Configuration ): Promise { - const { strategy } = await vuln.setStrategy( - vuln.strategies[runtimeConfig.strategy] + const { strategy } = await Vulnera.setStrategy( + Vulnera.strategies[runtimeConfig.strategy] ); /** @@ -109,7 +109,8 @@ export async function runPipeline( runtimeConfig, defaultAutoExitAfterFailure ); - } catch (uncaughtError: any) { + } + catch (uncaughtError: any) { consolePrinter.font .standard(uncaughtError.message) .prefix(consolePrinter.font.highlightedError("error").message) diff --git a/src/reporting/status.ts b/src/reporting/status.ts index 50b37be..ba5bb97 100644 --- a/src/reporting/status.ts +++ b/src/reporting/status.ts @@ -1,5 +1,5 @@ // Import Internal Dependencies -import type { ValueOf } from "../types"; +import type { ValueOf } from "../types/index.js"; export const status = { SUCCESS: "success", diff --git a/tsconfig.build.json b/tsconfig.build.json deleted file mode 100644 index 96e1084..0000000 --- a/tsconfig.build.json +++ /dev/null @@ -1,11 +0,0 @@ -{ - "extends": "./tsconfig.json", - "compilerOptions": { - "outDir": "dist", - "declaration": true, - "sourceMap": true, - }, - "exclude": [ - "src/**/*.spec.ts" - ] -} \ No newline at end of file diff --git a/tsconfig.json b/tsconfig.json index f54e98e..6ba92dc 100644 --- a/tsconfig.json +++ b/tsconfig.json @@ -1,15 +1,15 @@ { + "extends": "@openally/config.typescript", "compilerOptions": { - "target": "es2020", - "lib": ["es2020"], - "module": "es2020", - "moduleResolution": "Node", - "esModuleInterop": true, - "forceConsistentCasingInFileNames": true, - "strict": true, - "skipLibCheck": true, - "allowSyntheticDefaultImports": true + "outDir": "dist" }, - "include": ["src", "bin", "lib"], - "exclude": ["node_modules", "dist"] + "include": [ + "src", + "bin", + "lib" + ], + "exclude": [ + "node_modules", + "dist" + ] }