From 3136a5273fa51e9d308f4250abc8a7e93b1b6811 Mon Sep 17 00:00:00 2001 From: fraxken Date: Fri, 24 Oct 2025 13:08:02 +0200 Subject: [PATCH] chore: update @nodesecure/scanner to v7.x --- package.json | 4 +- src/commands/report.js | 4 +- src/commands/scanner.js | 47 +++++++++++++++---- workspaces/documentation-ui/package.json | 2 +- .../server/src/websocket/commands/search.ts | 4 +- workspaces/vis-network/package.json | 6 +-- workspaces/vis-network/src/dataset.js | 5 +- 7 files changed, 52 insertions(+), 20 deletions(-) diff --git a/package.json b/package.json index dbda0cde..eff4cd66 100644 --- a/package.json +++ b/package.json @@ -94,11 +94,11 @@ "@nodesecure/i18n": "^4.0.2", "@nodesecure/js-x-ray": "^9.2.0", "@nodesecure/licenses-conformance": "^2.1.0", - "@nodesecure/npm-registry-sdk": "^3.0.0", + "@nodesecure/npm-registry-sdk": "^4.4.0", "@nodesecure/ossf-scorecard-sdk": "^3.2.1", "@nodesecure/rc": "^5.0.0", "@nodesecure/report": "^3.0.0", - "@nodesecure/scanner": "^6.12.0", + "@nodesecure/scanner": "^7.1.0", "@nodesecure/utils": "^2.2.0", "@nodesecure/vulnera": "^2.0.1", "@openally/result": "^1.3.0", diff --git a/src/commands/report.js b/src/commands/report.js index 8486b8c1..f3822c02 100644 --- a/src/commands/report.js +++ b/src/commands/report.js @@ -1,6 +1,6 @@ // Import Third-party Dependencies import { report } from "@nodesecure/report"; -import * as Scanner from "@nodesecure/scanner"; +import * as scanner from "@nodesecure/scanner"; // CONSTANTS const kSupportedReporters = new Set(["html", "pdf"]); @@ -62,7 +62,7 @@ export async function main(repository, options) { reporters: [...formattedReporters], saveOnDisk: true }; - const scannerPayload = await Scanner.from(repository); + const scannerPayload = await scanner.from(repository); const reportPath = await report( includesAllDeps ? scannerPayload.dependencies : { [repository]: scannerPayload.dependencies[repository] }, diff --git a/src/commands/scanner.js b/src/commands/scanner.js index aba8f2b2..f91a1d1e 100644 --- a/src/commands/scanner.js +++ b/src/commands/scanner.js @@ -5,11 +5,12 @@ import events from "node:events"; // Import Third-party Dependencies import kleur from "kleur"; +import semver from "semver"; import filenamify from "filenamify"; import { Spinner } from "@topcli/spinner"; import ms from "ms"; import * as i18n from "@nodesecure/i18n"; -import * as Scanner from "@nodesecure/scanner"; +import * as scanner from "@nodesecure/scanner"; import { appCache } from "@nodesecure/cache"; // Import Internal Dependencies @@ -67,7 +68,7 @@ export async function cwd(options) { contacts } = options; - const payload = await Scanner.cwd( + const payload = await scanner.cwd( process.cwd(), { maxDepth, usePackageLock: !nolock, fullLockMode: full, vulnerabilityStrategy, highlight: { contacts: parseContacts(contacts) } }, @@ -80,7 +81,7 @@ export async function cwd(options) { export async function from(spec, options) { const { depth: maxDepth = Infinity, output, silent, contacts, vulnerabilityStrategy } = options; - const payload = await Scanner.from( + const payload = await scanner.from( spec, { maxDepth, @@ -121,7 +122,7 @@ function initLogger(spec, verbose = true) { } }; - const logger = new Scanner.Logger(); + const logger = new scanner.Logger(); logger.on("start", (eventName) => { if (!(eventName in spinner)) { return; @@ -174,7 +175,12 @@ function initLogger(spec, verbose = true) { return logger; } -async function logAndWrite(payload, output = "nsecure-result", options = {}) { +async function logAndWrite( + /** @type {import("@nodesecure/scanner").Payload} */ + payload, + output = "nsecure-result", + options = {} +) { const { local = false } = options; if (payload === null) { @@ -184,10 +190,12 @@ async function logAndWrite(payload, output = "nsecure-result", options = {}) { } if (payload.warnings.length > 0) { - console.log(`\n ${kleur.yellow().underline().bold("Global Warning:")}\n`); - for (const warning of payload.warnings) { - console.log(kleur.red().bold(warning)); - } + console.log(`\n ${kleur.yellow().bold("Global Warning:")}\n`); + const logFn = semver.satisfies(payload.scannerVersion, ">=7.0.0") ? + logGlobalWarningsV7 : + logGlobalWarningsV6; + logFn(payload.warnings); + console.log(""); } const ret = JSON.stringify(payload, null, 2); @@ -211,3 +219,24 @@ async function logAndWrite(payload, output = "nsecure-result", options = {}) { return filePath; } + +function logGlobalWarningsV7( + /** @type {import("@nodesecure/scanner").GlobalWarning[]} */ + warnings +) { + for (const warning of warnings) { + const isTypoSquatting = warning.type === "typo-squatting"; + + const type = kleur[isTypoSquatting ? "cyan" : "yellow"]().bold(`${warning.type}`); + console.log(kleur.gray().bold(`[${type}] ${warning.message}`)); + } +} + +function logGlobalWarningsV6( + /** @type {string[]} */ + warnings +) { + for (const warning of warnings) { + console.log(kleur.yellow().bold(warning)); + } +} diff --git a/workspaces/documentation-ui/package.json b/workspaces/documentation-ui/package.json index 76db7f8f..41be5e33 100644 --- a/workspaces/documentation-ui/package.json +++ b/workspaces/documentation-ui/package.json @@ -25,7 +25,7 @@ "author": "GENTILHOMME Thomas ", "license": "MIT", "dependencies": { - "@nodesecure/flags": "^2.4.0", + "@nodesecure/flags": "^3.0.3", "@nodesecure/js-x-ray": "^9.2.0", "highlight.js": "^11.10.0", "markdown-it": "^14.1.0" diff --git a/workspaces/server/src/websocket/commands/search.ts b/workspaces/server/src/websocket/commands/search.ts index d5b8c0f0..be605f8d 100644 --- a/workspaces/server/src/websocket/commands/search.ts +++ b/workspaces/server/src/websocket/commands/search.ts @@ -1,5 +1,5 @@ // Import Third-party Dependencies -import * as Scanner from "@nodesecure/scanner"; +import * as scanner from "@nodesecure/scanner"; import type { PayloadsList } from "@nodesecure/cache"; // Import Internal Dependencies @@ -63,7 +63,7 @@ export async function* search( logger.info(`[ws|search](scan ${pkg} in progress)`); yield { status: "SCAN" as const, pkg }; - const payload = await Scanner.from(pkg, { maxDepth: 4 }); + const payload = await scanner.from(pkg, { maxDepth: 4 }); const name = payload.rootDependencyName; const version = Object.keys(payload.dependencies[name].versions)[0]; diff --git a/workspaces/vis-network/package.json b/workspaces/vis-network/package.json index 210f9853..a11db658 100644 --- a/workspaces/vis-network/package.json +++ b/workspaces/vis-network/package.json @@ -29,7 +29,7 @@ "vis-network": "^9.1.9" }, "devDependencies": { - "@nodesecure/flags": "^2.4.0", - "@nodesecure/scanner": "^6.0.2" + "@nodesecure/flags": "^3.0.3", + "@nodesecure/scanner": "^7.1.0" } -} \ No newline at end of file +} diff --git a/workspaces/vis-network/src/dataset.js b/workspaces/vis-network/src/dataset.js index 33e080a6..1d9dc8a1 100644 --- a/workspaces/vis-network/src/dataset.js +++ b/workspaces/vis-network/src/dataset.js @@ -56,6 +56,7 @@ export default class NodeSecureDataSet extends EventTarget { ) { console.log("[NodeSecureDataSet] Initialization started..."); let FLAGS; + /** @type {import("@nodesecure/scanner").Payload | null} */ let data; this.reset(); @@ -76,7 +77,9 @@ export default class NodeSecureDataSet extends EventTarget { return; } - this.warnings = data.warnings; + this.warnings = data.warnings.map( + (warning) => (typeof warning === "string" ? warning : warning.message) + ); this.#highligthedContacts = data.highlighted.contacts .reduce((acc, { name, email }) => {