@snyk/docker-registry-v2-client
Advanced tools
@snyk/docker-registry-v2-client - npm Package Compare versions
Comparing version 2.16.1 to 2.16.4
@@ -5,2 +5,4 @@ "use strict"; | ||
| const registry_call_1 = require("./registry-call"); | ||
| const correlation_1 = require("@snyk/correlation"); | ||
| const log_1 = require("@snyk/log"); | ||
| const contentTypes = require("./content-types"); | ||
@@ -10,2 +12,7 @@ const needle_1 = require("./needle"); | ||
| const crypto_1 = require("crypto"); | ||
| const logger = (0, log_1.configureLogger)({ | ||
| name: "docker-registry-v2-client-get-manifest", | ||
| maxLogDepth: 5, | ||
| level: process.env.SERVICE_ENV === "prod" ? "info" : "debug", | ||
| }, correlation_1.correlationLoggerHook)("log"); | ||
| const digestRegex = /^sha256:[a-f0-9]{64}$/i; | ||
@@ -68,3 +75,7 @@ const referenceType = "vnd.docker.reference.type"; | ||
| indexDigest = computeDigest(manifestResponse.body); | ||
| manifestDigest = manifestDigestExtractor(manifestResponse, platform); | ||
| manifestDigest = manifestDigestExtractor(manifestResponse, platform, { | ||
| imageRegistry: registryBase, | ||
| imageRepository: repo, | ||
| imageReference, | ||
| }); | ||
| // need to call again with actual manifest (and not a list of manifest-lists) | ||
@@ -119,3 +130,3 @@ const endpoint = `/${repo}/manifests/${manifestDigest}`; | ||
| } | ||
| function getManifestDigestByPlatform(manifestResponse, platform) { | ||
| function getManifestDigestByPlatform(manifestResponse, platform, logAttributes) { | ||
| const defaultPlatform = { | ||
@@ -126,2 +137,12 @@ os: "linux", | ||
| const platformFilter = platform ? platform : defaultPlatform; | ||
| try { | ||
| // Log if attestation manifest is available | ||
| const attestationManifestDigest = findAttestationManifest(manifestResponse); | ||
| if (attestationManifestDigest) { | ||
| logger.info(Object.assign({}, logAttributes), "Attestation manifest was seen"); | ||
| } | ||
| } | ||
| catch (err) { | ||
| // Pass | ||
| } | ||
| const manifestList = (0, needle_1.parseResponseBody)(manifestResponse); | ||
@@ -128,0 +149,0 @@ const manifestPlatform = getManifestByOsAndArch(manifestList.manifests, platformFilter.os, platformFilter.architecture, platformFilter.variant); |
@@ -42,2 +42,4 @@ { | ||
| "dependencies": { | ||
| "@snyk/correlation": "^5.6.0", | ||
| "@snyk/log": "^5.3.0", | ||
| "needle": "^3.2.0", | ||
@@ -52,3 +54,3 @@ "parse-link-header": "^2.0.0", | ||
| }, | ||
| "version": "2.16.1" | ||
| "version": "2.16.4" | ||
| } |
Sorry, the diff of this file is not supported yet
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by1.7%
81269
- Lines of code
- increased by2.1%
1021
Worsened metrics
- Dependency count
- increased by66.67%
5
- Number of low supply chain risk alerts
- increased by33.33%
4
Dependency changes
+ Added@snyk/correlation@^5.6.0
+ Added@snyk/log@^5.3.0