NodeSecure Scanner
⚡️ Run a static analysis of your module's dependencies.
Requirements
Getting Started
This package is available in the Node Package Repository and can be easily installed with npm or yarn.
$ npm i @nodesecure/scanner
$ yarn add @nodesecure/scanner
Usage example
import * as scanner from "@nodesecure/scanner";
import fs from "fs/promises";
const kPackagesToAnalyze = ["mocha", "cacache", "is-wsl"];
const payloads = await Promise.all(
kPackagesToAnalyze.map((name) => scanner.from(name))
);
const promises = [];
for (let i = 0; i < kPackagesToAnalyze.length; i++) {
const data = JSON.stringify(payloads[i], null, 2);
promises.push(fs.writeFile(`${kPackagesToAnalyze[i]}.json`, data));
}
await Promise.allSettled(promises);
API
See types/api.d.ts
for a complete TypeScript definition.
function cwd(location: string, options?: Scanner.Options): Promise<Scanner.Payload>;
function from(packageName: string, options?: Omit<Scanner.Options, "includeDevDeps">): Promise<Scanner.Payload>;
function verify(packageName?: string | null): Promise<Scanner.VerifyPayload>;
Options
is described with the following TypeScript interface:
interface Options {
readonly maxDepth?: number;
readonly registry?: string | URL;
readonly usePackageLock?: boolean;
readonly includeDevDeps?: boolean;
readonly vulnerabilityStrategy: Strategy.Kind;
readonly forceRootAnalysis?: boolean;
readonly fullLockMode?: boolean;
}
Contributors ✨
Thanks goes to these wonderful people (emoji key):
License
MIT