Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

@nodesecure/scanner

Package Overview
Dependencies
Maintainers
3
Versions
36
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@nodesecure/scanner

A package API to run a static analysis of your module's dependencies.

  • 2.0.0
  • Source
  • npm
  • Socket score

Version published
Weekly downloads
59
decreased by-28.92%
Maintainers
3
Weekly downloads
 
Created
Source

NodeSecure Scanner

version Maintenance Security Responsible Disclosure mit build

⚡️ Run a static analysis of your module's dependencies.

Requirements

  • Node.js version 16 or higher

Getting Started

This package is available in the Node Package Repository and can be easily installed with npm or yarn.

$ npm i @nodesecure/scanner
# or
$ yarn add @nodesecure/scanner

Usage example

import * as scanner from "@nodesecure/scanner";
import fs from "fs/promises";

// CONSTANTS
const kPackagesToAnalyze = ["mocha", "cacache", "is-wsl"];

const payloads = await Promise.all(
  kPackagesToAnalyze.map((name) => scanner.from(name))
);

const promises = [];
for (let i = 0; i < kPackagesToAnalyze.length; i++) {
  const data = JSON.stringify(payloads[i], null, 2);

  promises.push(fs.writeFile(`${kPackagesToAnalyze[i]}.json`, data));
}
await Promise.allSettled(promises);

API

See types/api.d.ts for a complete TypeScript definition.

function cwd(path: string, options?: Scanner.Options): Promise<Scanner.Payload>;
function from(packageName: string, options?: Scanner.Options): Promise<Scanner.Payload>;
function verify(packageName: string): Promise<Scanner.VerifyPayload>;

Options is described with the following TypeScript interface:

interface Options {
  readonly maxDepth?: number;
  readonly usePackageLock?: boolean;
  readonly vulnerabilityStrategy: Strategy.Kind;
  readonly forceRootAnalysis?: boolean;
  readonly fullLockMode?: boolean;
}

Contributors ✨

All Contributors

Thanks goes to these wonderful people (emoji key):


Gentilhomme

💻 📖 👀 🛡️ 🐛

Tony Gorez

💻 📖 👀 🐛

Haze

💻

License

MIT

Keywords

FAQs

Package last updated on 07 Nov 2021

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc