diff --git a/is-vulnerable.js b/is-vulnerable.js index 6ad092a..df4511a 100644 --- a/is-vulnerable.js +++ b/is-vulnerable.js @@ -1,13 +1,10 @@ const { danger, allGood, bold, vulnerableWarning, separator } = require('./ascii') -const { request, stream, setGlobalDispatcher, Agent } = require('undici') -const EE = require('events') +const { request } = require('https') const fs = require('fs') const path = require('path') const satisfies = require('semver/functions/satisfies') const nv = require('@pkgjs/nv') -setGlobalDispatcher(new Agent({ connections: 20 })) - const CORE_RAW_URL = 'https://raw.githubusercontent.com/nodejs/security-wg/main/vuln/core/index.json' let lastETagValue @@ -38,28 +35,57 @@ function updateLastETag (etag) { } async function fetchCoreIndex () { - const abortRequest = new EE() - await stream(CORE_RAW_URL, { signal: abortRequest }, ({ statusCode }) => { - if (statusCode !== 200) { - console.error('Request to Github failed. Aborting...') - abortRequest.emit('abort') + await new Promise((resolve) => { + request(CORE_RAW_URL, (res) => { + if (res.statusCode !== 200) { + console.error(`Request to Github returned http status ${res.statusCode}. Aborting...`) + process.nextTick(() => { process.exit(1) }) + } + + const fileStream = fs.createWriteStream(coreLocalFile) + res.pipe(fileStream) + + fileStream.on('finish', () => { + fileStream.close() + resolve() + }) + + fileStream.on('error', (err) => { + console.error(`Error ${err.message} while writing to '${coreLocalFile}'. Aborting...`) + process.nextTick(() => { process.exit(1) }) + }) + }).on('error', (err) => { + console.error(`Request to Github returned error ${err.message}. Aborting...`) process.nextTick(() => { process.exit(1) }) - } - return fs.createWriteStream(coreLocalFile, { flags: 'w', autoClose: true }) + }).end() }) return readLocal(coreLocalFile) } async function getCoreIndex () { - const { headers } = await request(CORE_RAW_URL, { method: 'HEAD' }) - if (!lastETagValue || lastETagValue !== headers.etag || !fs.existsSync(coreLocalFile)) { - updateLastETag(headers.etag) - debug('Creating local core.json') - return fetchCoreIndex() - } else { - debug(`No updates from upstream. Getting a cached version: ${coreLocalFile}`) - return readLocal(coreLocalFile) - } + return new Promise((resolve) => { + request(CORE_RAW_URL, { method: 'HEAD' }, (res) => { + if (res.statusCode !== 200) { + console.error(`Request to Github returned http status ${res.statusCode}. Aborting...`) + process.nextTick(() => { process.exit(1) }) + } + + res.on('data', () => {}) + + const { etag } = res.headers + if (!lastETagValue || lastETagValue !== etag || !fs.existsSync(coreLocalFile)) { + updateLastETag(etag) + debug('Creating local core.json') + resolve(fetchCoreIndex()) + } else { + debug(`No updates from upstream. Getting a cached version: ${coreLocalFile}`) + resolve(readLocal(coreLocalFile)) + } + }).on('error', (err) => { + console.error(`Request to Github returned error ${err.message}. Aborting...`) + process.nextTick(() => { process.exit(1) }) + }).end() + }) } const checkPlatform = platform => { diff --git a/package-lock.json b/package-lock.json index dfa7314..e2178ef 100644 --- a/package-lock.json +++ b/package-lock.json @@ -11,8 +11,7 @@ "dependencies": { "@actions/core": "^1.10.0", "@pkgjs/nv": "^0.2.1", - "semver": "^7.3.8", - "undici": "^5.15.1" + "semver": "^7.3.8" }, "bin": { "is-my-node-vulnerable": "index.js" @@ -387,17 +386,6 @@ "semver": "^7.0.0" } }, - "node_modules/busboy": { - "version": "1.6.0", - "resolved": "https://registry.npmjs.org/busboy/-/busboy-1.6.0.tgz", - "integrity": "sha512-8SFQbg/0hQ9xy3UNTB0YEnsNBbWfhf7RtnzpL7TkBiTBRfrQ9Fxcnz7VJsleJpyp6rVLvXiuORqjlHi5q+PYuA==", - "dependencies": { - "streamsearch": "^1.1.0" - }, - "engines": { - "node": ">=10.16.0" - } - }, "node_modules/cacheable-lookup": { "version": "5.0.4", "resolved": "https://registry.npmjs.org/cacheable-lookup/-/cacheable-lookup-5.0.4.tgz", @@ -522,7 +510,6 @@ "version": "4.3.4", "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz", "integrity": "sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ==", - "dev": true, "dependencies": { "ms": "2.1.2" }, @@ -2108,8 +2095,7 @@ "node_modules/ms": { "version": "2.1.2", "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", - "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==", - "dev": true + "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==" }, "node_modules/natural-compare": { "version": "1.4.0", @@ -2777,14 +2763,6 @@ "node": "^12.22.0 || ^14.17.0 || >=16.0.0" } }, - "node_modules/streamsearch": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/streamsearch/-/streamsearch-1.1.0.tgz", - "integrity": "sha512-Mcc5wHehp9aXz1ax6bZUyY5afg9u2rv5cqQI3mRrYkGC8rW2hM02jWuwjtL++LS5qinSyhj2QfLyNsuc+VsExg==", - "engines": { - "node": ">=10.0.0" - } - }, "node_modules/string-width": { "version": "4.2.3", "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", @@ -2980,17 +2958,6 @@ "url": "https://github.com/sponsors/ljharb" } }, - "node_modules/undici": { - "version": "5.16.0", - "resolved": "https://registry.npmjs.org/undici/-/undici-5.16.0.tgz", - "integrity": "sha512-KWBOXNv6VX+oJQhchXieUznEmnJMqgXMbs0xxH2t8q/FUAWSJvOSr/rMaZKnX5RIVq7JDn0JbP4BOnKG2SGXLQ==", - "dependencies": { - "busboy": "^1.6.0" - }, - "engines": { - "node": ">=12.18" - } - }, "node_modules/uri-js": { "version": "4.4.1", "resolved": "https://registry.npmjs.org/uri-js/-/uri-js-4.4.1.tgz", diff --git a/package.json b/package.json index 99c03d1..31c5546 100644 --- a/package.json +++ b/package.json @@ -30,8 +30,7 @@ "dependencies": { "@actions/core": "^1.10.0", "@pkgjs/nv": "^0.2.1", - "semver": "^7.3.8", - "undici": "^5.15.1" + "semver": "^7.3.8" }, "devDependencies": { "standard": "^17.0.0",