Socket
Socket
Sign inDemoInstall

@nodesecure/scanner

Package Overview
Dependencies
17
Maintainers
5
Versions
32
Alerts
File Explorer

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

@nodesecure/scanner

A package API to run a static analysis of your module's dependencies.


Version published
Maintainers
5
Weekly downloads
54
decreased by-84.66%

Weekly downloads

Readme

Source
# Nodesecure Scanner

version Maintenance OpenSSF
Scorecard mit build

⚡️ Run a static analysis of your module's dependencies.

Requirements

  • Node.js version 18 or higher

Getting Started

This package is available in the Node Package Repository and can be easily installed with npm or yarn.

$ npm i @nodesecure/scanner
# or
$ yarn add @nodesecure/scanner

Usage example

import * as scanner from "@nodesecure/scanner";
import fs from "fs/promises";

// CONSTANTS
const kPackagesToAnalyze = ["mocha", "cacache", "is-wsl"];

const payloads = await Promise.all(
  kPackagesToAnalyze.map((name) => scanner.from(name))
);

const promises = [];
for (let i = 0; i < kPackagesToAnalyze.length; i++) {
  const data = JSON.stringify(payloads[i], null, 2);

  promises.push(fs.writeFile(`${kPackagesToAnalyze[i]}.json`, data));
}
await Promise.allSettled(promises);

API

See types/api.d.ts for a complete TypeScript definition.

function cwd(
  location: string,
  options?: Scanner.Options
): Promise<Scanner.Payload>;
function from(
  packageName: string,
  options?: Omit<Scanner.Options, "includeDevDeps">
): Promise<Scanner.Payload>;
function verify(packageName?: string | null): Promise<Scanner.VerifyPayload>;

Options is described with the following TypeScript interface:

interface Options {
  readonly maxDepth?: number;
  readonly registry?: string | URL;
  readonly usePackageLock?: boolean;
  readonly includeDevDeps?: boolean;
  readonly vulnerabilityStrategy: Strategy.Kind;
  readonly forceRootAnalysis?: boolean;
  readonly fullLockMode?: boolean;
}

Contributors ✨

All Contributors

Thanks goes to these wonderful people (emoji key):

Gentilhomme
Gentilhomme

💻 📖 👀 🛡️ 🐛
Tony Gorez
Tony Gorez

💻 📖 👀 🐛
Haze
Haze

💻
Maksim Balabash
Maksim Balabash

💻
Antoine Coulon
Antoine Coulon

💻 🛡️
Nicolas Hallaert
Nicolas Hallaert

💻
Yefis
Yefis

💻
Franck Hallaert
Franck Hallaert

💻
Ange TEKEU
Ange TEKEU

💻
Vincent Dhennin
Vincent Dhennin

💻
Kouadio Fabrice Nguessan
Kouadio Fabrice Nguessan

🚧
PierreDemailly
PierreDemailly

💻 👀 🐛 ⚠️

License

MIT

Keywords

FAQs

Last updated on 04 Jan 2024

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc