Vulnerabilities strategies
NodeSecure vulnerabilities strategies built for NodeSecure scanner.
Requirements
Getting Started
This package is available in the Node Package Repository and can be easily installed with npm or yarn.
$ npm i @nodesecure/vuln
$ yarn add @nodesecure/vuln
Usage example
import * as vuln from "@nodesecure/vuln";
await vuln.setStrategy(vuln.strategies.NPM_AUDIT);
const definition = await vuln.getStrategy();
console.log(definition.strategy);
await definition.hydratePayloadDependencies(new Map());
Available strategy
The default strategy is NONE which mean no strategy at all (we execute nothing).
Those strategies are described as "string" type with the following TypeScript definition:
type Kind = "npm" | "node" | "snyk" | "none";
To add a strategy or better understand how the code works, please consult the following guide.
API
See types/api.d.ts
for a complete TypeScript definition.
function setStrategy(name?: Strategy.Kind, options?: Strategy.Options): Promise<Strategy.Definition>;
function getStrategy(): Promise<Strategy.Definition>;
const strategies: {
SECURITY_WG: "node";
NPM_AUDIT: "npm";
SNYK: "snyk";
NONE: "none";
};
const defaultStrategyName: string;
Strategy Kind
, HydratePayloadDependenciesOptions
, Options
are described by the following interfaces:
export interface Options {
hydrateDatabase?: boolean;
}
export interface HydratePayloadDependenciesOptions {
path?: string;
}
export interface Definition {
strategy: Kind;
hydratePayloadDependencies: (
dependencies: Dependencies,
options?: HydratePayloadDependenciesOptions
) => Promise<void>;
hydrateDatabase?: () => Promise<void>;
deleteDatabase?: () => Promise<void>;
}
Where dependencies
is the dependencies Map() object of the scanner.
Note: the option hydrateDatabase is only useful for some of the strategy (like Node.js Security WG).
Contributors ✨
Thanks goes to these wonderful people (emoji key):
License
MIT