@contrast/library-analysis - npm Package Compare versions

Comparing version 1.3.0 to 1.4.0

lib/install/library-reporting/index.js

		@@ -23,2 +23,4 @@ /*

		/** @typedef {listInstalled.Result} Result */

		/**
		@@ -28,10 +30,10 @@ * Filters out the agent as a dependency, formats libraries, and keeps track of
		*
		* @param {{ [key: string]: Result \| string }} deps collection of dependencies from app root
		* @param {Map<string, Set<string>} requiredByMap
		* @param {Record<string, Result \| string>} deps collection of dependencies from app root
		* @param {Map<string, Set<string>>} requiredByMap
		* @param {string} parent the name of the module requiring the current when nested
		* @return {{ [key: string]: Result }} formatted object
		* @return {Record<string, Result>} formatted object
		*/
		const formatDependencies = (deps, requiredByMap, parent) =>
		Object.entries(deps \|\| {}).reduce((result, [key, val]) => {
		if (key.startsWith('@contrast')) {
		if (key.startsWith('@contrast') \|\| val.missing) {
		return result;
		@@ -41,4 +43,3 @@ }
		if (parent) {
		const set = requiredByMap.has(key) ? requiredByMap.get(key) : new Set();

		const set = requiredByMap.get(key) ?? new Set();
		set.add(parent);
		@@ -45,0 +46,0 @@ requiredByMap.set(key, set);

lib/install/library-reporting/list-installed.js

		@@ -28,5 +28,6 @@ /*
		* @property {string} name
		* @property {string} path
		* @property {string} version
		* @property {{ [key: string]: Result \| string }} dependencies
		* @property {{ [key: string]: Result \| string }} devDependencies
		* @property {Record<string, Result \| string>} dependencies
		* @property {Record<string, Result \| string>} devDependencies
		*/
		@@ -36,7 +37,8 @@
		* @param {string} cwd directory in which we want to execute `npm ls`
		* @param {*} logger
		* @param {import('@contrast/logger').Logger} logger
		* @param {string} npmVersionRange
		* @returns {Promise<Result>}
		*/
		// eslint-disable-next-line complexity
		module.exports = async function listInstalled(cwd, logger, SUPPORTED_NPM_VERSIONS) {
		module.exports = async function listInstalled(cwd, logger, npmVersionRange) {
		const execFileOpts = {
		@@ -54,7 +56,7 @@ cwd,
		} catch (err) {
		logger.trace('`npm help` returned an error: %o', err);
		logger.trace({ err }, '`npm help` returned an error');
		// If npm encounters any errors whatsoever it will return with a non-zero
		// exit code but still output the relevant information to stdout.
		// If an even worse error occurs, we may not be able to parse stdout.
		stdout = err.stdout \|\| '';
		stdout = err.stdout ?? '{}';
		}
		@@ -73,3 +75,3 @@
		if (semver.gte(version, '8.0.0')) lsArgs.push('--all');
		if (!semver.satisfies(version, SUPPORTED_NPM_VERSIONS))
		if (!semver.satisfies(version, npmVersionRange))
		logger.warn(
		@@ -79,3 +81,3 @@ 'The installed version of npm (%s at %s) can cause unexpected behavior. Please install a version that satisfies %s',
		location,
		SUPPORTED_NPM_VERSIONS
		npmVersionRange
		);
		@@ -87,4 +89,4 @@
		} catch (err) {
		logger.trace('`npm ls` returned an error: %o', err);
		stdout = err.stdout \|\| '';
		logger.trace({ err }, '`npm ls` returned an error');
		stdout = err.stdout ?? '{}';
		}
		@@ -95,3 +97,3 @@
		} catch (err) {
		logger.trace('parsing the output of `npm ls` failed: %o', err);
		logger.trace({ err }, 'parsing the output of `npm ls` failed');
		throw new Error(
		@@ -98,0 +100,0 @@ '`npm ls` failed to provide a list of installed dependencies. Please enable trace level logs for more information.'

lib/install/library-usage/index.js

		@@ -32,3 +32,3 @@ /*

		function registerCodeEvent({ script, func }) {
		function registerCodeEvent({ script }) {
		const nmIndex = script.lastIndexOf('node_modules');
		@@ -43,2 +43,3 @@ const nodeModulesPath = script.substring(0, nmIndex + 13);
		const installPath = path.join(nodeModulesPath, libName);
		const fileName = script.substr(installPath.length + 1);

		@@ -58,7 +59,7 @@ let updated = false;
		updated = true;
		} else if (!info.names.has(func)) {
		} else if (!info.names.has(fileName)) {
		updated = true;
		}

		info.names.add(func);
		info.names.add(fileName);

		@@ -82,3 +83,3 @@ return { info, updated };
		messages.emit(Event.LIBRARY_USAGE, {
		hash: info.hash,
		id: info.hash,
		names: Array.from(info.names),
		@@ -85,0 +86,0 @@ });

lib/util.js

		@@ -15,2 +15,3 @@ /*
		*/

		'use strict';
		@@ -26,3 +27,3 @@
		hash: buildLibraryHash(data),
		url: data.homepage,
		url: data.homepage \|\| data.resolved \|\| data._resolved,
		tags,
		@@ -38,13 +39,11 @@ loc: data.loc \|\| 0,
		function buildLibraryHash(data) {
		let shasum;
		if (data._shasum) {
		shasum = data._shasum;
		} else if (data.dist) {
		({ shasum } = data.dist);
		} else {
		const { name, version } = data;
		shasum = `${name}:${name}:${version}`;
		return data._shasum;
		}

		return shasum;
		if (data.dist) {
		return data.dist.shasum;
		}

		return `${data.name}:${data.name}:${data.version}`;
		}
		@@ -78,9 +77,11 @@

		const date = Date.now();
		return {
		externalDate: date,
		internalDate: date,
		version: library.version,
		hash: library.hash,
		file: library.file,
		file: `${library.name}-${library.version}`,
		url: library.url,
		manifest,
		usedClassCount: 0,
		tags: library.tags
		@@ -87,0 +88,0 @@ };

package.json

		{
		"name": "@contrast/library-analysis",
		"version": "1.3.0",
		"version": "1.4.0",
		"description": "",
		@@ -19,3 +19,3 @@ "author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",
		"dependencies": {
		"@contrast/common": "1.7.0",
		"@contrast/common": "1.8.0",
		"@contrast/fn-inspect": "3.3.0",
		@@ -22,0 +22,0 @@ "semver": "^7.3.8"

@contrast/library-analysis - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Dependency changes