@npmcli/metavuln-calculator
Advanced tools
Comparing version 1.0.2 to 1.1.0
@@ -38,7 +38,11 @@ const hash = require('./hash.js') | ||
this.severity = source.severity | ||
this.severity = source.severity || 'high' | ||
this.versions = [] | ||
this.vulnerableVersions = [] | ||
// advisories have the range, metavulns do not | ||
this.range = source.vulnerable_versions || null | ||
// if an advisory doesn't specify range, assume all are vulnerable | ||
this.range = this.type === 'advisory' ? source.vulnerable_versions || '*' | ||
: null | ||
this.id = hash(this) | ||
@@ -70,8 +74,8 @@ | ||
// basic data integrity gutcheck | ||
if (!cached || typeof cached !== 'object') { | ||
if (!cached || typeof cached !== 'object') | ||
throw new TypeError('invalid cached data, expected object') | ||
} | ||
if (!packument || typeof packument !== 'object') { | ||
if (!packument || typeof packument !== 'object') | ||
throw new TypeError('invalid packument data, expected object') | ||
} | ||
if (cached.id && cached.id !== this.id) { | ||
@@ -108,5 +112,4 @@ throw Object.assign(new Error('loading from incorrect cache entry'), { | ||
this.versions.push(v) | ||
} else if (!pakuVersions.includes(v)) { | ||
} else if (!pakuVersions.includes(v)) | ||
versionsRemoved.push(v) | ||
} | ||
} | ||
@@ -255,5 +258,4 @@ | ||
if (bundled) { | ||
if (bundled) | ||
return semver.intersects(spec, avoid, semverOpt) | ||
} | ||
@@ -268,5 +270,4 @@ return this[_source].testSpec(spec) | ||
const memo = this[_specVulnMemo] | ||
if (memo.has(spec)) { | ||
if (memo.has(spec)) | ||
return memo.get(spec) | ||
} | ||
@@ -387,3 +388,3 @@ const res = this[_testSpec](spec) | ||
const midVuln = this.testVersion(pre[pre.length - 1]) | ||
while (/-/.test(String(pre[pre.length-1]))) { | ||
while (/-/.test(String(pre[pre.length - 1]))) { | ||
const v = pre.pop() | ||
@@ -395,3 +396,3 @@ if (midVuln) | ||
if (!/-/.test(String(post[post.length-1]))) { | ||
if (!/-/.test(String(post[post.length - 1]))) { | ||
const midVuln = this.testVersion(post[0]) | ||
@@ -398,0 +399,0 @@ while (/-/.test(String(post[0]))) { |
@@ -5,10 +5,12 @@ module.exports = (mani, name) => { | ||
// with multiple versions anyway. | ||
return mani.dependencies && typeof mani.dependencies[name] === 'string' | ||
? mani.dependencies[name] | ||
: mani.optionalDependencies && typeof mani.optionalDependencies[name] === 'string' | ||
? mani.optionalDependencies[name] | ||
: mani.peerDependencies && typeof mani.peerDependencies[name] === 'string' | ||
? mani.peerDependencies[name] | ||
const { | ||
dependencies: deps = {}, | ||
optionalDependencies: optDeps = {}, | ||
peerDependencies: peerDeps = {}, | ||
} = mani | ||
return typeof deps[name] === 'string' ? deps[name] | ||
: typeof optDeps[name] === 'string' ? optDeps[name] | ||
: typeof peerDeps[name] === 'string' ? peerDeps[name] | ||
: null | ||
} | ||
@@ -56,3 +56,3 @@ // this is the public class that is used by consumers. | ||
this[_cacheGet](advisory), | ||
this[_packument](name) | ||
this[_packument](name), | ||
]) | ||
@@ -59,0 +59,0 @@ process.emit('time', `metavuln:load:${k}`) |
{ | ||
"name": "@npmcli/metavuln-calculator", | ||
"version": "1.0.2", | ||
"version": "1.1.0", | ||
"main": "lib/index.js", | ||
@@ -14,6 +14,11 @@ "files": [ | ||
"test": "tap", | ||
"posttest": "npm run lint", | ||
"snap": "tap", | ||
"postsnap": "npm run lint", | ||
"preversion": "npm test", | ||
"postversion": "npm publish", | ||
"prepublishOnly": "git push origin --follow-tags" | ||
"prepublishOnly": "git push origin --follow-tags", | ||
"eslint": "eslint", | ||
"lint": "npm run eslint -- \"lib/**/*.js\" \"test/**/*.js\"", | ||
"lintfix": "npm run lint -- --fix" | ||
}, | ||
@@ -25,10 +30,15 @@ "tap": { | ||
"devDependencies": { | ||
"tap": "^14.10.8", | ||
"require-inject": "^1.4.4" | ||
"eslint": "^7.20.0", | ||
"eslint-plugin-import": "^2.22.1", | ||
"eslint-plugin-node": "^11.1.0", | ||
"eslint-plugin-promise": "^4.3.1", | ||
"eslint-plugin-standard": "^4.1.0", | ||
"require-inject": "^1.4.4", | ||
"tap": "^14.10.8" | ||
}, | ||
"dependencies": { | ||
"cacache": "^15.0.5", | ||
"pacote": "^11.1.11", | ||
"cacache": "^15.0.5", | ||
"semver": "^7.3.2" | ||
} | ||
} |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
29745
7
477