You're Invited:Meet the Socket Team at BlackHat and DEF CON in Las Vegas, Aug 4-6.RSVP →
fabric8-analytics-lsp-server
Advanced tools
fabric8-analytics-lsp-server - npm Package Compare versions
Comparing version 0.4.3 to 0.4.4
@@ -12,2 +12,3 @@ /* -------------------------------------------------------------------------------------------- | ||
| const utils_1 = require("./utils"); | ||
| const config_1 = require("./config"); | ||
| const child_process_1 = require("child_process"); | ||
@@ -128,5 +129,5 @@ /* Please note :: There was issue with semverRegex usage in the code. During run time, it extracts | ||
| const vscodeRootpath = this.manifestFile.replace("file://", "").replace("/go.mod", ""); | ||
| child_process_1.exec(`go list -f '{{ join .Imports "\\n" }}' ./...`, { cwd: vscodeRootpath, maxBuffer: 1024 * 1200 }, (error, stdout, stderr) => { | ||
| child_process_1.exec(`${config_1.config.golang_executable} list -f '{{ join .Imports "\\n" }}' ./...`, { cwd: vscodeRootpath, maxBuffer: 1024 * 1200 }, (error, stdout, stderr) => { | ||
| if (error) { | ||
| reject(`'go list' command failed with error :: ${stderr}`); | ||
| reject(`'${config_1.config.golang_executable} list' command failed with error :: ${stderr}`); | ||
| } | ||
@@ -133,0 +134,0 @@ else { |
| { | ||
| "name": "fabric8-analytics-lsp-server", | ||
| "description": "LSP Server for Dependency Analytics", | ||
| "version": "0.4.3", | ||
| "version": "0.4.4", | ||
| "author": "Pavel Odvody", | ||
@@ -6,0 +6,0 @@ "contributors": [ |
@@ -14,2 +14,3 @@ /* -------------------------------------------------------------------------------------------- | ||
| const vulnerability_1 = require("./vulnerability"); | ||
| const config_1 = require("./config"); | ||
| const node_fetch_1 = require("node-fetch"); | ||
@@ -106,24 +107,9 @@ const url = require('url'); | ||
| ; | ||
| class AnalysisConfig { | ||
| constructor() { | ||
| // TODO: this needs to be configurable | ||
| this.server_url = process.env.RECOMMENDER_API_URL || "api-url-not-available-in-lsp"; | ||
| this.api_token = process.env.RECOMMENDER_API_TOKEN || "token-not-available-in-lsp"; | ||
| this.three_scale_user_token = process.env.THREE_SCALE_USER_TOKEN || ""; | ||
| this.provide_fullstack_action = (process.env.PROVIDE_FULLSTACK_ACTION || "") === "true"; | ||
| this.forbidden_licenses = []; | ||
| this.no_crypto = false; | ||
| this.home_dir = process.env[(process.platform == 'win32') ? 'USERPROFILE' : 'HOME']; | ||
| this.uuid = process.env.UUID || ""; | ||
| } | ||
| } | ||
| ; | ||
| let config = new AnalysisConfig(); | ||
| let files = new AnalysisFiles(); | ||
| let server = new AnalysisLSPServer(connection, files); | ||
| let rc_file = path.join(config.home_dir, '.analysis_rc'); | ||
| let rc_file = path.join(config_1.config.home_dir, '.analysis_rc'); | ||
| if (fs.existsSync(rc_file)) { | ||
| let rc = JSON.parse(fs.readFileSync(rc_file, 'utf8')); | ||
| if ('server' in rc) { | ||
| config.server_url = `${rc.server}/api/v2`; | ||
| config_1.config.server_url = `${rc.server}/api/v2`; | ||
| } | ||
@@ -161,5 +147,5 @@ } | ||
| const fetchVulnerabilities = async (reqData) => { | ||
| let url = config.server_url; | ||
| if (config.three_scale_user_token) { | ||
| url += `/component-analyses/?user_key=${config.three_scale_user_token}`; | ||
| let url = config_1.config.server_url; | ||
| if (config_1.config.three_scale_user_token) { | ||
| url += `/component-analyses/?user_key=${config_1.config.three_scale_user_token}`; | ||
| } | ||
@@ -171,6 +157,6 @@ else { | ||
| 'Content-Type': 'application/json', | ||
| 'Authorization': 'Bearer ' + config.api_token, | ||
| 'Authorization': 'Bearer ' + config_1.config.api_token, | ||
| }; | ||
| if (config.uuid) { | ||
| headers['uuid'] = config.uuid; | ||
| if (config_1.config.uuid) { | ||
| headers['uuid'] = config_1.config.uuid; | ||
| } | ||
@@ -210,3 +196,3 @@ try { | ||
| const dependency = dependencyMap.get(r.package + r.version); | ||
| let pipeline = new consumers_1.DiagnosticsPipeline(DiagnosticsEngines, dependency, config, diagnostics, packageAggregator, diagnosticFilePath); | ||
| let pipeline = new consumers_1.DiagnosticsPipeline(DiagnosticsEngines, dependency, config_1.config, diagnostics, packageAggregator, diagnosticFilePath); | ||
| pipeline.run(r); | ||
@@ -244,3 +230,3 @@ for (const item of pipeline.items) { | ||
| console.error("Command execution failed, something wrong with manifest file go.mod\n%s", error); | ||
| connection.sendNotification('caError', { 'data': 'Unable to execute `go list` command, run `go mod tidy` to resolve dependencies issues' }); | ||
| connection.sendNotification('caError', { 'data': `Unable to execute '${config_1.config.golang_executable} list' command, run '${config_1.config.golang_executable} mod tidy' to resolve dependencies issues` }); | ||
| return; | ||
@@ -280,2 +266,3 @@ } | ||
| files.on(EventStream.Diagnostics, "^go\\.mod$", (uri, name, contents) => { | ||
| connection.console.log("Using golang executable: " + config_1.config.golang_executable); | ||
| sendDiagnostics('golang', uri, contents, new collector_1.GomodDependencyCollector(uri)); | ||
@@ -312,3 +299,3 @@ }); | ||
| } | ||
| if (config.provide_fullstack_action && hasAnalyticsDiagonostic) { | ||
| if (config_1.config.provide_fullstack_action && hasAnalyticsDiagonostic) { | ||
| codeActions.push(fullStackReportAction); | ||
@@ -315,0 +302,0 @@ } |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Fixed alerts
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 6 instances in 1 package
Improved metrics
- Total package byte prevSize
88881
1.55%- Number of package files
20
11.11%- Lines of code
932
1.41%- Number of low supply chain risk alerts
1
-85.71%No dependency changes