@contrast/library-analysis
Advanced tools
Comparing version 1.3.0 to 1.4.0
@@ -23,2 +23,4 @@ /* | ||
/** @typedef {listInstalled.Result} Result */ | ||
/** | ||
@@ -28,10 +30,10 @@ * Filters out the agent as a dependency, formats libraries, and keeps track of | ||
* | ||
* @param {{ [key: string]: Result | string }} deps collection of dependencies from app root | ||
* @param {Map<string, Set<string>} requiredByMap | ||
* @param {Record<string, Result | string>} deps collection of dependencies from app root | ||
* @param {Map<string, Set<string>>} requiredByMap | ||
* @param {string} parent the name of the module requiring the current when nested | ||
* @return {{ [key: string]: Result }} formatted object | ||
* @return {Record<string, Result>} formatted object | ||
*/ | ||
const formatDependencies = (deps, requiredByMap, parent) => | ||
Object.entries(deps || {}).reduce((result, [key, val]) => { | ||
if (key.startsWith('@contrast')) { | ||
if (key.startsWith('@contrast') || val.missing) { | ||
return result; | ||
@@ -41,4 +43,3 @@ } | ||
if (parent) { | ||
const set = requiredByMap.has(key) ? requiredByMap.get(key) : new Set(); | ||
const set = requiredByMap.get(key) ?? new Set(); | ||
set.add(parent); | ||
@@ -45,0 +46,0 @@ requiredByMap.set(key, set); |
@@ -28,5 +28,6 @@ /* | ||
* @property {string} name | ||
* @property {string} path | ||
* @property {string} version | ||
* @property {{ [key: string]: Result | string }} dependencies | ||
* @property {{ [key: string]: Result | string }} devDependencies | ||
* @property {Record<string, Result | string>} dependencies | ||
* @property {Record<string, Result | string>} devDependencies | ||
*/ | ||
@@ -36,7 +37,8 @@ | ||
* @param {string} cwd directory in which we want to execute `npm ls` | ||
* @param {*} logger | ||
* @param {import('@contrast/logger').Logger} logger | ||
* @param {string} npmVersionRange | ||
* @returns {Promise<Result>} | ||
*/ | ||
// eslint-disable-next-line complexity | ||
module.exports = async function listInstalled(cwd, logger, SUPPORTED_NPM_VERSIONS) { | ||
module.exports = async function listInstalled(cwd, logger, npmVersionRange) { | ||
const execFileOpts = { | ||
@@ -54,7 +56,7 @@ cwd, | ||
} catch (err) { | ||
logger.trace('`npm help` returned an error: %o', err); | ||
logger.trace({ err }, '`npm help` returned an error'); | ||
// If npm encounters any errors whatsoever it will return with a non-zero | ||
// exit code but still output the relevant information to stdout. | ||
// If an even worse error occurs, we may not be able to parse stdout. | ||
stdout = err.stdout || ''; | ||
stdout = err.stdout ?? '{}'; | ||
} | ||
@@ -73,3 +75,3 @@ | ||
if (semver.gte(version, '8.0.0')) lsArgs.push('--all'); | ||
if (!semver.satisfies(version, SUPPORTED_NPM_VERSIONS)) | ||
if (!semver.satisfies(version, npmVersionRange)) | ||
logger.warn( | ||
@@ -79,3 +81,3 @@ 'The installed version of npm (%s at %s) can cause unexpected behavior. Please install a version that satisfies %s', | ||
location, | ||
SUPPORTED_NPM_VERSIONS | ||
npmVersionRange | ||
); | ||
@@ -87,4 +89,4 @@ | ||
} catch (err) { | ||
logger.trace('`npm ls` returned an error: %o', err); | ||
stdout = err.stdout || ''; | ||
logger.trace({ err }, '`npm ls` returned an error'); | ||
stdout = err.stdout ?? '{}'; | ||
} | ||
@@ -95,3 +97,3 @@ | ||
} catch (err) { | ||
logger.trace('parsing the output of `npm ls` failed: %o', err); | ||
logger.trace({ err }, 'parsing the output of `npm ls` failed'); | ||
throw new Error( | ||
@@ -98,0 +100,0 @@ '`npm ls` failed to provide a list of installed dependencies. Please enable trace level logs for more information.' |
@@ -32,3 +32,3 @@ /* | ||
function registerCodeEvent({ script, func }) { | ||
function registerCodeEvent({ script }) { | ||
const nmIndex = script.lastIndexOf('node_modules'); | ||
@@ -43,2 +43,3 @@ const nodeModulesPath = script.substring(0, nmIndex + 13); | ||
const installPath = path.join(nodeModulesPath, libName); | ||
const fileName = script.substr(installPath.length + 1); | ||
@@ -58,7 +59,7 @@ let updated = false; | ||
updated = true; | ||
} else if (!info.names.has(func)) { | ||
} else if (!info.names.has(fileName)) { | ||
updated = true; | ||
} | ||
info.names.add(func); | ||
info.names.add(fileName); | ||
@@ -82,3 +83,3 @@ return { info, updated }; | ||
messages.emit(Event.LIBRARY_USAGE, { | ||
hash: info.hash, | ||
id: info.hash, | ||
names: Array.from(info.names), | ||
@@ -85,0 +86,0 @@ }); |
@@ -15,2 +15,3 @@ /* | ||
*/ | ||
'use strict'; | ||
@@ -26,3 +27,3 @@ | ||
hash: buildLibraryHash(data), | ||
url: data.homepage, | ||
url: data.homepage || data.resolved || data._resolved, | ||
tags, | ||
@@ -38,13 +39,11 @@ loc: data.loc || 0, | ||
function buildLibraryHash(data) { | ||
let shasum; | ||
if (data._shasum) { | ||
shasum = data._shasum; | ||
} else if (data.dist) { | ||
({ shasum } = data.dist); | ||
} else { | ||
const { name, version } = data; | ||
shasum = `${name}:${name}:${version}`; | ||
return data._shasum; | ||
} | ||
return shasum; | ||
if (data.dist) { | ||
return data.dist.shasum; | ||
} | ||
return `${data.name}:${data.name}:${data.version}`; | ||
} | ||
@@ -78,9 +77,11 @@ | ||
const date = Date.now(); | ||
return { | ||
externalDate: date, | ||
internalDate: date, | ||
version: library.version, | ||
hash: library.hash, | ||
file: library.file, | ||
file: `${library.name}-${library.version}`, | ||
url: library.url, | ||
manifest, | ||
usedClassCount: 0, | ||
tags: library.tags | ||
@@ -87,0 +88,0 @@ }; |
{ | ||
"name": "@contrast/library-analysis", | ||
"version": "1.3.0", | ||
"version": "1.4.0", | ||
"description": "", | ||
@@ -19,3 +19,3 @@ "author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)", | ||
"dependencies": { | ||
"@contrast/common": "1.7.0", | ||
"@contrast/common": "1.8.0", | ||
"@contrast/fn-inspect": "3.3.0", | ||
@@ -22,0 +22,0 @@ "semver": "^7.3.8" |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
15286
378
+ Added@contrast/common@1.8.0(transitive)
- Removed@contrast/common@1.7.0(transitive)
Updated@contrast/common@1.8.0