Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

detective

Package Overview
Dependencies
Maintainers
1
Versions
41
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

detective - npm Package Compare versions

Comparing version 0.1.1 to 0.2.0

index.js_

76

index.js

@@ -1,14 +0,15 @@

var uglify = require('uglify-js');
var esprima = require('esprima');
var traverse = function (node, cb, parent, grandparent) {
// Call cb on all good AST nodes.
if (Array.isArray(node) && node[0]
&& typeof node[0] === 'object' && node[0].name) {
cb({ name : node[0].name, value : node.slice(1) , grandparent: grandparent});
var traverse = function (node, cb) {
if (Array.isArray(node)) {
node.forEach(function (x) {
traverse(x, cb);
});
}
// Traverse down the tree on arrays and objects.
if (Array.isArray(node)
|| Object.prototype.toString.call(node) === "[object Object]") {
for (var key in node) traverse(node[key], cb, node, parent);
else if (node && typeof node === 'object') {
cb(node);
Object.keys(node).forEach(function (key) {
traverse(node[key], cb);
});
}

@@ -18,8 +19,9 @@ };

var walk = function (src, cb) {
var ast = uglify.parser.parse(src.toString(), false, true);
traverse(ast, cb);
var ast = esprima.parse(src);
traverse(ast, cb);
};
var deparse = function (ast) {
return uglify.uglify.gen_code(ast);
var walkSlow = function (src, cb) {
var ast = esprima.parse(src, { range : true });
traverse(ast, cb);
};

@@ -34,25 +36,41 @@

var word = opts.word === undefined ? 'require' : opts.word;
if (typeof src !== 'string') src = String(src);
function isRequire (node) {
return node.type === 'CallExpression'
&& node.callee.type === 'Identifier'
&& node.callee.name === word
;
}
var modules = { strings : [], expressions : [] };
if (src.toString().indexOf(word) == -1) return modules;
if (src.indexOf(word) == -1) return modules;
var slowPass = false;
walk(src, function (node) {
var gp = node.grandparent;
var isRequire = Array.isArray(gp)
&& gp[0]
&& (gp[0] === 'call' || gp[0].name === 'call')
&& gp[1][0] === 'name'
&& gp[1][1] === word
;
if(isRequire) {
if(node.name === 'string') {
modules.strings.push(node.value[0]);
} else {
modules.expressions.push(deparse(gp[2][0]));
}
if (!isRequire(node)) return;
if (node.arguments.length
&& node.arguments[0].type === 'Literal') {
modules.strings.push(node.arguments[0].value);
}
else {
slowPass = true;
}
});
if (slowPass) {
walkSlow(src, function (node) {
if (!isRequire(node)) return;
if (!node.arguments.length
|| node.arguments[0].type !== 'Literal') {
var r = node.arguments[0].range;
var s = src.slice(r[0], r[1] + 1);
modules.expressions.push(s);
}
});
}
return modules;
};

8

package.json
{
"name" : "detective",
"description" : "Find all calls to require() no matter how crazily nested using a proper walk of the AST",
"version" : "0.1.1",
"version" : "0.2.0",
"repository" : {

@@ -25,9 +25,9 @@ "type" : "git",

"dependencies" : {
"uglify-js" : "~1.2.5"
"esprima" : "~0.9.9"
},
"devDependencies" : {
"tap" : "~0.2.3"
"tap" : "~0.2.6"
},
"engines" : {
"node" : ">=0.4.0"
"node" : ">=0.6.0"
},

@@ -34,0 +34,0 @@ "license" : "MIT",

2

test/both.js

@@ -9,4 +9,4 @@ var test = require('tap').test;

t.deepEqual(modules.strings, [ 'a', 'b' ]);
t.deepEqual(modules.expressions, [ '"c"+x', '"d"+y' ]);
t.deepEqual(modules.expressions, [ "'c'+x", "'d'+y" ]);
t.end();
});
.travis.yml

Sorry, the diff of this file is not supported yet

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc