refactor: init workspaces & migrate tarball (#195)

chore: fix TS issue and make all UT greens chore: add squashed deps
NodeSecure · Mar 18, 2024 · 1591f5e · 1591f5e
1 parent 735c071
commit 1591f5e
Show file tree

Hide file tree

Showing 60 changed files with 505 additions and 514 deletions.
diff --git a/.github/workflows/node.js.yml b/.github/workflows/node.js.yml
@@ -28,6 +28,8 @@ jobs:
           node-version: ${{ matrix.node-version }}
       - name: Install dependencies
         run: npm install
+      - name: build dependencies
+        run: npm run build
       - name: Run tests
         run: npm run test:ci
   nsci:

diff --git a/index.d.ts b/index.d.ts
@@ -2,13 +2,11 @@ import Scanner from "./types/scanner.js";
 import { cwd, from, verify, comparePayloads, ScannerLoggerEvents } from "./types/api.js";
 import { depWalker } from "./types/walker.js";
 import { Logger, LoggerEventData } from "./types/logger.js";
-import tarball from "./types/tarball.js";
 
 export {
   cwd, from, verify, comparePayloads, ScannerLoggerEvents,
   Scanner,
   Logger,
   LoggerEventData,
-  tarball,
   depWalker
 }
diff --git a/index.js b/index.js
@@ -7,13 +7,13 @@ import os from "os";
 // Import Third-party Dependencies
 import pacote from "pacote";
 import { getLocalRegistryURL } from "@nodesecure/npm-registry-sdk";
+import * as tarball from "@nodesecure/tarball";
 
 // Import Internal Dependencies
 import { depWalker } from "./src/depWalker.js";
 import { NPM_TOKEN } from "./src/utils/index.js";
 import { ScannerLoggerEvents } from "./src/constants.js";
 import Logger from "./src/class/logger.class.js";
-import * as tarball from "./src/tarball.js";
 import { comparePayloads } from "./src/comparePayloads.js";
 
 // CONSTANTS

diff --git a/package.json b/package.json
@@ -1,85 +1,93 @@
-{
-  "name": "@nodesecure/scanner",
-  "version": "5.3.0",
-  "description": "A package API to run a static analysis of your module's dependencies.",
-  "exports": "./index.js",
-  "engines": {
-    "node": ">=18"
-  },
-  "scripts": {
-    "lint": "eslint src test",
-    "prepublishOnly": "pkg-ok",
-    "test": "npm run lint && npm run test-only",
-    "test:ci": "node --test test/**.spec.js test/**/*.spec.js",
-    "test-only": "glob -c \"node --test-reporter=spec --test\" \"./test/**/*.spec.js\"",
-    "coverage": "c8 -r html npm run test-only"
-  },
-  "files": [
-    "src",
-    "i18n",
-    "types",
-    "index.js",
-    "index.d.ts"
-  ],
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/NodeSecure/scanner.git"
-  },
-  "keywords": [
-    "node",
-    "nodejs",
-    "security",
-    "cli",
-    "sast",
-    "scanner",
-    "static",
-    "code",
-    "analysis",
-    "node_modules",
-    "tree",
-    "npm",
-    "registry",
-    "graph",
-    "visualization",
-    "dependencies"
-  ],
-  "author": "NodeSecure",
-  "license": "MIT",
-  "bugs": {
-    "url": "https://github.com/NodeSecure/scanner/issues"
-  },
-  "homepage": "https://github.com/NodeSecure/scanner#readme",
-  "devDependencies": {
-    "@nodesecure/eslint-config": "^1.8.0",
-    "@slimio/is": "^2.0.0",
-    "@types/node": "^20.10.0",
-    "c8": "^9.1.0",
-    "dotenv": "^16.3.1",
-    "eslint": "8.57.0",
-    "get-folder-size": "^4.0.0",
-    "glob": "^10.3.10",
-    "pkg-ok": "^3.0.0",
-    "sinon": "^17.0.1",
-    "snap-shot-core": "^10.2.4"
-  },
-  "dependencies": {
-    "@nodesecure/authors": "^1.0.2",
-    "@nodesecure/flags": "^2.4.0",
-    "@nodesecure/fs-walk": "^1.0.0",
-    "@nodesecure/i18n": "^4.0.0",
-    "@nodesecure/js-x-ray": "^6.3.0",
-    "@nodesecure/npm-registry-sdk": "^2.0.0",
-    "@nodesecure/ntlp": "^2.2.1",
-    "@nodesecure/vuln": "^1.7.0",
-    "@npm/types": "^1.0.2",
-    "@npmcli/arborist": "^7.2.1",
-    "@slimio/lock": "^1.0.0",
-    "builtins": "^5.0.1",
-    "combine-async-iterators": "^2.1.0",
-    "itertools": "^2.1.2",
-    "lodash.difference": "^4.5.0",
-    "pacote": "^17.0.4",
-    "semver": "^7.5.4"
-  },
-  "type": "module"
-}
+{
+  "name": "@nodesecure/scanner",
+  "version": "5.3.0",
+  "description": "A package API to run a static analysis of your module's dependencies.",
+  "exports": "./index.js",
+  "engines": {
+    "node": ">=18"
+  },
+  "type": "module",
+  "workspaces": [
+    "workspaces/tarball"
+  ],
+  "scripts": {
+    "build": "tsc -b",
+    "lint": "eslint src test",
+    "prepublishOnly": "pkg-ok",
+    "test": "npm run lint && npm run test-only",
+    "test:ci": "node --test test/**.spec.js test/**/*.spec.js",
+    "test-only": "glob -c \"node --test-reporter=spec --test\" \"./test/**/*.spec.js\"",
+    "coverage": "c8 -r html npm run test-only"
+  },
+  "files": [
+    "src",
+    "i18n",
+    "types",
+    "index.js",
+    "index.d.ts"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/NodeSecure/scanner.git"
+  },
+  "keywords": [
+    "node",
+    "nodejs",
+    "security",
+    "cli",
+    "sast",
+    "scanner",
+    "static",
+    "code",
+    "analysis",
+    "node_modules",
+    "tree",
+    "npm",
+    "registry",
+    "graph",
+    "visualization",
+    "dependencies"
+  ],
+  "author": "NodeSecure",
+  "license": "MIT",
+  "bugs": {
+    "url": "https://github.com/NodeSecure/scanner/issues"
+  },
+  "homepage": "https://github.com/NodeSecure/scanner#readme",
+  "devDependencies": {
+    "@nodesecure/eslint-config": "^1.8.0",
+    "@slimio/is": "^2.0.0",
+    "@types/node": "^20.10.0",
+    "@types/pacote": "^11.1.8",
+    "c8": "^9.1.0",
+    "dotenv": "^16.3.1",
+    "eslint": "8.57.0",
+    "get-folder-size": "^4.0.0",
+    "glob": "^10.3.10",
+    "pkg-ok": "^3.0.0",
+    "sinon": "^17.0.1",
+    "snap-shot-core": "^10.2.4",
+    "tsx": "^4.7.1",
+    "typescript": "^5.4.2"
+  },
+  "dependencies": {
+    "@nodesecure/authors": "^1.0.2",
+    "@nodesecure/flags": "^2.4.0",
+    "@nodesecure/fs-walk": "^2.0.0",
+    "@nodesecure/i18n": "^4.0.0",
+    "@nodesecure/js-x-ray": "^6.3.0",
+    "@nodesecure/npm-registry-sdk": "^2.1.1",
+    "@nodesecure/ntlp": "^3.0.0",
+    "@nodesecure/utils": "^2.0.1",
+    "@nodesecure/vuln": "^1.7.0",
+    "@npm/types": "^1.0.2",
+    "@npmcli/arborist": "^7.2.1",
+    "@slimio/lock": "^1.0.0",
+    "builtins": "^5.0.1",
+    "combine-async-iterators": "^2.1.0",
+    "itertools": "^2.1.2",
+    "lodash.difference": "^4.5.0",
+    "pacote": "^17.0.4",
+    "semver": "^7.5.4"
+  }
+}
diff --git a/src/class/logger.class.js b/src/class/logger.class.js
@@ -1,6 +1,6 @@
 // Import Node.js Dependencies
-import { EventEmitter } from "events";
-import { performance } from "perf_hooks";
+import { EventEmitter } from "node:events";
+import { performance } from "node:perf_hooks";
 
 export default class Logger extends EventEmitter {
   constructor() {

diff --git a/src/depWalker.js b/src/depWalker.js
@@ -1,8 +1,8 @@
 // Import Node.js Dependencies
-import path from "path";
-import { readFileSync, promises as fs } from "fs";
-import timers from "timers/promises";
-import os from "os";
+import path from "node:path";
+import { readFileSync, promises as fs } from "node:fs";
+import timers from "node:timers/promises";
+import os from "node:os";
 
 // Import Third-party Dependencies
 import combineAsyncIterators from "combine-async-iterators";
@@ -13,12 +13,14 @@ import Lock from "@slimio/lock";
 import * as vuln from "@nodesecure/vuln";
 import { ScannerLoggerEvents } from "./constants.js";
 
+// Import Workspaces Dependencies
+import { scanDirOrArchive } from "@nodesecure/tarball";
+
 // Import Internal Dependencies
 import {
   mergeDependencies, getCleanDependencyName, getDependenciesWarnings, addMissingVersionFlags, isGitDependency,
   NPM_TOKEN
 } from "./utils/index.js";
-import { scanDirOrArchive } from "./tarball.js";
 import { packageMetadata, manifestMetadata } from "./npmRegistry.js";
 import Dependency from "./class/dependency.class.js";
 import Logger from "./class/logger.class.js";
@@ -98,7 +100,7 @@ export async function* deepReadEdges(currentPackageName, options) {
   current.dev = to.dev;
 
   if (fullLockMode && !includeDevDeps) {
-    const { deprecated, _integrity, ...pkg } = await pacote.manifest(`${currentPackageName}@${updatedVersion}`, {
+    const { _integrity, ...pkg } = await pacote.manifest(`${currentPackageName}@${updatedVersion}`, {
       ...NPM_TOKEN,
       registry,
       cache: `${os.homedir()}/.npm`

diff --git a/src/npmRegistry.js b/src/npmRegistry.js
@@ -3,10 +3,15 @@ import crypto from "node:crypto";
 
 // Import Third-party Dependencies
 import semver from "semver";
-import { packument, packumentVersion, user as npmUserProfile } from "@nodesecure/npm-registry-sdk";
+import { parseAuthor } from "@nodesecure/utils";
+import {
+  packument,
+  packumentVersion,
+  user as npmUserProfile
+} from "@nodesecure/npm-registry-sdk";
 
 // Import Internal Dependencies
-import { parseAuthor, getLinks } from "./utils/index.js";
+import { getLinks } from "./utils/index.js";
 
 export async function manifestMetadata(
   name,

diff --git a/src/utils/dirname.js b/src/utils/dirname.js
@@ -1,6 +1,6 @@
 // Import Node.js Dependencies
-import { fileURLToPath } from "url";
-import { dirname } from "path";
+import { fileURLToPath } from "node:url";
+import { dirname } from "node:path";
 
 export function getDirNameFromUrl(url) {
   const __filename = fileURLToPath(url);

diff --git a/src/utils/index.js b/src/utils/index.js
@@ -1,16 +1,9 @@
-export * from "./getTarballComposition.js";
-export * from "./isSensitiveFile.js";
 export * from "./isGitDependency.js";
-export * from "./getPackageName.js";
 export * from "./mergeDependencies.js";
 export * from "./semver.js";
 export * from "./dirname.js";
 export * from "./warnings.js";
-export * from "./filterDependencyKind.js";
-export * from "./analyzeDependencies.js";
-export * from "./booleanToFlags.js";
 export * from "./addMissingVersionFlags.js";
-export * from "./parseManifestAuthor.js";
 export * from "./getLinks.js";
 
 export const NPM_TOKEN = typeof process.env.NODE_SECURE_TOKEN === "string" ?

diff --git a/src/utils/parseManifestAuthor.js b/src/utils/parseManifestAuthor.js
diff --git a/src/utils/semver.js b/src/utils/semver.js
@@ -47,16 +47,3 @@ export async function getCleanDependencyName([depName, range]) {
 
   return [`${depName}@${range}`, `${depName}@${depVer}`, isLatest];
 }
-
-export function getSemVerWarning(value) {
-  return {
-    kind: "zero-semver",
-    file: "package.json",
-    value,
-    location: null,
-    i18n: "sast_warnings.zeroSemVer",
-    severity: "Information",
-    source: "Scanner",
-    experimental: false
-  };
-}
diff --git a/test/fixtures/depWalker/slimio.is-result.json b/test/fixtures/depWalker/slimio.is-result.json
@@ -50,6 +50,7 @@
           "uniqueLicenseIds": [
             "MIT"
           ],
+          "invalidLicenseIds": [],
           "hasMultipleLicenses": false,
           "licenses": [
             {