Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

pkg-fence

Package Overview
Dependencies
Maintainers
1
Versions
21
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

pkg-fence - npm Package Compare versions

Comparing version 0.6.1 to 0.6.2-rc.1

dist/cli/help.js
dist/cli/parse.js
dist/cli/sniff.js
dist/collect.js
dist/common.js
dist/presets/index.js
dist/presets/lodash.js
dist/presets/nolyfill.js
dist/presets/relief.js
dist/scanner/deno-info.js
dist/scanner/index.js
dist/scanner/npm.js

7

dist/cli/bin.js
#!/usr/bin/env node
import { main } from './main.js';
main();

940

dist/cli/main.js

@@ -1,922 +0,24 @@

// src/cli/main.ts
import { createInterface } from "node:readline";
import { argv, stdin, exit } from "node:process";
// src/scanner/npm.ts
const node_modules = "node_modules/";
const node_modules_len = node_modules.length;
const prefix = ` "${node_modules}`;
async function* transform(source) {
for await (const line of source) {
if (line.startsWith(prefix)) {
const index = line.lastIndexOf(node_modules);
const pkg = line.slice(index + node_modules_len, -4);
yield pkg;
import { createInterface } from 'node:readline';
import { argv, stdin, exit } from 'node:process';
import { collect } from '../collect.js';
import { help_text } from './help.js';
import { sniff } from './sniff.js';
import { parse } from './parse.js';
export async function main({ args = argv.slice(2), input = stdin, lines: optional_lines, print = console.log, quit = exit, } = {}) {
{ // -h, --help
const [cmd] = Array.from(args);
if (cmd == null || cmd === '-h' || cmd === '--help') {
print(help_text);
return quit(0);
}
}
}
}
// src/common.ts
const id = (a) => a;
const always_false = () => false;
function lookup(sample) {
const table = new Set(sample);
return (item) => table.has(item);
}
function starts_with(s) {
return (str) => str.startsWith(s);
}
function includes_with(s) {
return (str) => str.includes(s);
}
function eqeqeq(b) {
return (a) => a === b;
}
const split_by_comma = split_by(",");
function split_by(by, trim = true) {
return function(str) {
return str.split(by).map((s) => trim ? s.trim() : s);
};
}
function and(fst, snd) {
return (a) => fst(a) && snd(a);
}
function or(fst, snd) {
return (a) => fst(a) || snd(a);
}
function not(pred) {
return (a) => !pred(a);
}
function any(xs, x) {
return xs.reduce(or, x);
}
function filter(check3) {
return async function* (source) {
for await (const item of source) {
if (check3(item) === true) {
yield item;
}
const { flags, lines } = await sniff(parse(args), optional_lines ?? createInterface({ input }));
let code = 0;
for await (const pkg of collect({ flags, lines })) {
if (code === 0) {
code = 1;
}
print(pkg);
}
};
quit(code);
}
async function* cons(head, tail) {
yield head;
yield* tail;
}
async function uncons(source) {
const inner = source[Symbol.asyncIterator]();
const next = () => inner.next();
const { done, value: head } = await next();
if (done) {
throw new Error("empty source");
}
const tail = {
[Symbol.asyncIterator]() {
return { next };
}
};
return [head, tail];
}
function make_predicate({ extra, ignore, presets }) {
const not_ignored = not(ignore ?? always_false);
const with_extra = extra ?? always_false;
const arr = Array.from(presets ?? []);
return and(
not_ignored,
any(arr, with_extra)
);
}
// src/scanner/deno-info.ts
const prefix2 = " npm:/";
const prefix_len = prefix2.length;
const not_includes_with_star_AND_includes_with_prefix = and(
not(includes_with("*")),
includes_with(prefix2)
);
const valid = filter(not_includes_with_star_AND_includes_with_prefix);
async function* transform2(source) {
for await (const line of valid(source)) {
const index = prefix_len + line.indexOf(prefix2);
const pkg = line.slice(index, line.lastIndexOf("@"));
yield pkg;
}
}
// src/scanner/index.ts
function make_scanner(format) {
if (format == null) {
return id;
}
if (format === "npm") {
return transform;
}
if (format === "deno-info") {
return transform2;
}
throw new Error(`unknown format - ${format}`);
}
// src/presets/lodash.ts
const check = or(starts_with("lodash."), eqeqeq("lodash"));
// src/presets/nolyfill.ts
const list = [
"abab",
"array-buffer-byte-length",
"array-includes",
"array.from",
"array.of",
"array.prototype.at",
"array.prototype.every",
"array.prototype.find",
"array.prototype.findlast",
"array.prototype.findlastindex",
"array.prototype.flat",
"array.prototype.flatmap",
"array.prototype.flatmap",
"array.prototype.foreach",
"array.prototype.reduce",
"array.prototype.toreversed",
"array.prototype.tosorted",
"arraybuffer.prototype.slice",
"assert",
"asynciterator.prototype",
"available-typed-arrays",
"deep-equal",
"deep-equal-json",
"define-properties",
"es-aggregate-error",
"es-iterator-helpers",
"es-set-tostringtag",
"es6-object-assign",
"function-bind",
"function.prototype.name",
"get-symbol-description",
"globalthis",
"gopd",
"harmony-reflect",
"has",
"has-property-descriptors",
"has-proto",
"has-symbols",
"has-tostringtag",
"hasown",
"internal-slot",
"is-arguments",
"is-array-buffer",
"is-core-module",
"is-date-object",
"is-generator-function",
"is-nan",
"is-regex",
"is-shared-array-buffer",
"is-string",
"is-symbol",
"is-typed-array",
"is-weakref",
"isarray",
"iterator.prototype",
"json-stable-stringify",
"jsonify",
"object-is",
"object-keys",
"object.assign",
"object.entries",
"object.fromentries",
"object.getownpropertydescriptors",
"object.groupby",
"object.hasown",
"object.values",
"promise.allsettled",
"promise.any",
"reflect.getprototypeof",
"reflect.ownkeys",
"regexp.prototype.flags",
"safe-array-concat",
"safe-regex-test",
"set-function-length",
"side-channel",
"string.prototype.at",
"string.prototype.codepointat",
"string.prototype.includes",
"string.prototype.matchall",
"string.prototype.padend",
"string.prototype.padstart",
"string.prototype.repeat",
"string.prototype.replaceall",
"string.prototype.split",
"string.prototype.startswith",
"string.prototype.trim",
"string.prototype.trimend",
"string.prototype.trimleft",
"string.prototype.trimright",
"string.prototype.trimstart",
"typed-array-buffer",
"typed-array-byte-length",
"typed-array-byte-offset",
"typed-array-length",
"typedarray",
"typedarray.prototype.slice",
"unbox-primitive",
"util.promisify",
"which-boxed-primitive",
"which-typed-array"
];
const check2 = lookup(list);
// src/presets/relief.ts
const native_list = [
// -native
"date",
"for-each",
"iterate-iterator",
"iterate-value",
"array-includes",
"array.prototype.at",
"array.prototype.concat",
"array.prototype.copywithin",
"array.prototype.entries",
"array.prototype.every",
"array.prototype.filter",
"array.prototype.find",
"array.prototype.findindex",
"array.prototype.flat",
"array.prototype.flatmap",
"array.prototype.foreach",
"array.from",
"array.prototype.indexof",
"array.prototype.join",
"array.prototype.keys",
"array.prototype.lastindexof",
"array.prototype.map",
"array.of",
"array.prototype.push",
"array.prototype.reduce",
"array.prototype.reduceright",
"array.prototype.slice",
"array.prototype.some",
"array.prototype.splice",
"array.prototype.unshift",
"array.prototype.values",
"array-buffer-byte-length",
"arraybuffer.prototype.slice",
"data-view-buffer",
"concat-map",
"data-view-byte-length",
"data-view-byte-offset",
"define-accessor-property",
"define-data-property",
"es-aggregate-error",
"error-cause",
"es-create-array-iterator",
"es-define-property",
"es-errors",
"es-shim-unscopables",
"es-string-html-methods",
"functions-have-names",
"function.prototype.name",
"global",
"get-symbol-description",
"globalthis",
"gopd",
"has-proto",
"has-symbols",
"has-tostringtag",
"math.acosh",
"math.atanh",
"math.cbrt",
"math.clz32",
"math.f16round",
"math.fround",
"math.imul",
"math.log10",
"math.log1p",
"math.sign",
"math.sinh",
"number.isfinite",
"number.isinteger",
"number.isnan",
"number.issafeinteger",
"number.parsefloat",
"number.parseint",
"number.prototype.exponential",
"object-is",
"object.assign",
"object-assign",
"object.defineproperties",
"object.entries",
"object.fromentries",
"object.getownpropertydescriptors",
"object.getprototypeof",
"object.hasown",
"object-keys",
"object.keys",
"object.values",
"parseint",
"promise.allsettled",
"promise.any",
"promise.prototype.finally",
"reflect.getprototypeof",
"reflect.ownkeys",
"string.prototype.at",
"string.prototype.lastindexof",
"string.prototype.matchall",
"string.prototype.padend",
"string.prototype.padleft",
"string.prototype.padright",
"string.prototype.padstart",
"string.prototype.replaceall",
"string.prototype.split",
"string.prototype.substr",
"string.prototype.trim",
"string.prototype.trimend",
"string.prototype.trimleft",
"string.prototype.trimright",
"string.prototype.trimStart",
"string.raw",
"symbol.prototype.description",
"typed-array-buffer",
"typed-array-byte-length",
"typed-array-byte-offset",
"typed-array-length",
"typedarray.prototype.slice",
"has",
"hasown",
"has-own-prop",
"array-map",
"is-nan",
"node.extend",
"extend-shallow",
"xtend",
"defaults",
"function-bind",
"regexp.prototype.flags",
"define-properties",
"left-pad",
"pad-left",
"filter-array",
"array-every",
"index-of",
"last-index-of"
];
const native_check = lookup(native_list);
const micro_list = [
// -micro
"call-bind",
"es-get-iterator",
"es-set-tostringtag",
"is-array-buffer",
"is-boolean-object",
"is-date-object",
"is-negative-zero",
"is-number",
"is-number-object",
"is-plain-object",
"is-primitve",
"is-regexp",
"is-string",
"is-travis",
"is-npm",
"clone-regexp",
"split-lines",
"is-windows",
"is-whitespace",
"is-string",
"is-odd",
"is-even"
];
const micro_check = lookup(micro_list);
const preferred_list = [
// -preferred
"bluebird",
"cpx",
"deep-equal",
"eslint-plugin-es",
"eslint-plugin-react",
"eslint-plugin-eslint-comments",
"eslint-plugin-import",
"eslint-plugin-node",
"is-builtin-module",
"builtin-modules",
"jquery",
"lodash",
"lodash.add",
"lodash.after",
"lodash.ary",
"lodash.assign",
"lodash.assignin",
"lodash.assigninwith",
"lodash.assignwith",
"lodash.at",
"lodash.attempt",
"lodash.before",
"lodash.bind",
"lodash.bindall",
"lodash.bindkey",
"lodash.callback",
"lodash.camelcase",
"lodash.capitalize",
"lodash.castarray",
"lodash.ceil",
"lodash.chunk",
"lodash.clamp",
"lodash.clone",
"lodash.clonedeep",
"lodash.clonedeepwith",
"lodash.clonewith",
"lodash.compact",
"lodash.compose",
"lodash.concat",
"lodash.cond",
"lodash.conforms",
"lodash.conformsto",
"lodash.constant",
"lodash.contains",
"lodash.countby",
"lodash.create",
"lodash.createcallback",
"lodash.curry",
"lodash.curryright",
"lodash.debounce",
"lodash.deburr",
"lodash.defaults",
"lodash.defaultto",
"lodash.defaultsdeep",
"lodash.defer",
"lodash.delay",
"lodash.difference",
"lodash.differenceby",
"lodash.differencewith",
"lodash.divide",
"lodash.drop",
"lodash.dropright",
"lodash.droprightwhile",
"lodash.dropwhile",
"lodash.endswith",
"lodash.eq",
"lodash.escape",
"lodash.escaperegexp",
"lodash.every",
"lodash.fill",
"lodash.filter",
"lodash.find",
"lodash.findindex",
"lodash.findkey",
"lodash.findlast",
"lodash.findlastindex",
"lodash.findlastkey",
"lodash.findwhere",
"lodash.first",
"lodash.flatmap",
"lodash.flatmapdeep",
"lodash.flatmapdepth",
"lodash.flatten",
"lodash.flattendepth",
"lodash.flattendeep",
"lodash.flip",
"lodash.floor",
"lodash.flow",
"lodash.flowright",
"lodash.foreach",
"lodash.forin",
"lodash.foreachright",
"lodash.forinright",
"lodash.forown",
"lodash.forownright",
"lodash.frompairs",
"lodash.functions",
"lodash.functionsin",
"lodash.get",
"lodash.groupby",
"lodash.gt",
"lodash.gte",
"lodash.has",
"lodash.hasin",
"lodash.head",
"lodash.identity",
"lodash.includes",
"lodash.indexby",
"lodash.indexof",
"lodash.initial",
"lodash.inrange",
"lodash.intersection",
"lodash.intersectionby",
"lodash.intersectionwith",
"lodash.invert",
"lodash.invertby",
"lodash.invoke",
"lodash.invokemap",
"lodash.isarguments",
"lodash.isarray",
"lodash.isarraybuffer",
"lodash.isarraylike",
"lodash.isarraylikeobject",
"lodash.isboolean",
"lodash.isbuffer",
"lodash.isdate",
"lodash.iselement",
"lodash.isempty",
"lodash.isequal",
"lodash.isequalwith",
"lodash.iserror",
"lodash.isfinite",
"lodash.isfunction",
"lodash.isinteger",
"lodash.islength",
"lodash.ismap",
"lodash.ismatch",
"lodash.ismatchwith",
"lodash.isnan",
"lodash.isnative",
"lodash.isnil",
"lodash.isnull",
"lodash.isnumber",
"lodash.isobject",
"lodash.isobjectlike",
"lodash.isplainobject",
"lodash.isregexp",
"lodash.issafeinteger",
"lodash.isset",
"lodash.isstring",
"lodash.issymbol",
"lodash.istypedarray",
"lodash.isundefined",
"lodash.isweakmap",
"lodash.isweakset",
"lodash.iteratee",
"lodash.join",
"lodash.kebabcase",
"lodash.keyby",
"lodash.keys",
"lodash.keysin",
"lodash.last",
"lodash.lastindexof",
"lodash.lowercase",
"lodash.lowerfirst",
"lodash.lt",
"lodash.lte",
"lodash.map",
"lodash.mapkeys",
"lodash.mapvalues",
"lodash.matches",
"lodash.matchesproperty",
"lodash.max",
"lodash.maxby",
"lodash.mean",
"lodash.meanby",
"lodash.memoize",
"lodash.merge",
"lodash.mergewith",
"lodash.method",
"lodash.methodof",
"lodash.min",
"lodash.minby",
"lodash.mixin",
"lodash.modargs",
"lodash.multiply",
"lodash.negate",
"lodash.noop",
"lodash.now",
"lodash.nth",
"lodash.ntharg",
"lodash.omit",
"lodash.omitby",
"lodash.once",
"lodash.orderby",
"lodash.over",
"lodash.overargs",
"lodash.overevery",
"lodash.oversome",
"lodash.pad",
"lodash.padend",
"lodash.padleft",
"lodash.padright",
"lodash.padstart",
"lodash.pairs",
"lodash.parseint",
"lodash.partial",
"lodash.partialright",
"lodash.partition",
"lodash.pick",
"lodash.pickby",
"lodash.pluck",
"lodash.property",
"lodash.propertyof",
"lodash.pull",
"lodash.pullall",
"lodash.pullallwith",
"lodash.pullby",
"lodash.pullat",
"lodash.random",
"lodash.range",
"lodash.rangeright",
"lodash.rearg",
"lodash.reduce",
"lodash.reduceright",
"lodash.reescape",
"lodash.reevaluate",
"lodash.reinterpolate",
"lodash.reject",
"lodash.remove",
"lodash.repeat",
"lodash.replace",
"lodash.rest",
"lodash.restparam",
"lodash.result",
"lodash.reverse",
"lodash.round",
"lodash.sample",
"lodash.samplesize",
"lodash.set",
"lodash.setwith",
"lodash.shuffle",
"lodash.size",
"lodash.slice",
"lodash.snakecase",
"lodash.some",
"lodash.sortby",
"lodash.sortbyall",
"lodash.sortbyorder",
"lodash.sortedindex",
"lodash.sortedindexby",
"lodash.sortedindexof",
"lodash.sortedlastindex",
"lodash.sortedlastindexby",
"lodash.sortedlastindexof",
"lodash.sorteduniq",
"lodash.sorteduniqby",
"lodash.split",
"lodash.spread",
"lodash.startcase",
"lodash.startswith",
"lodash.stubarray",
"lodash.stubfalse",
"lodash.stubobject",
"lodash.stubstring",
"lodash.stubtrue",
"lodash.subtract",
"lodash.sum",
"lodash.sumby",
"lodash.support",
"lodash.tail",
"lodash.take",
"lodash.takeright",
"lodash.takerightwhile",
"lodash.takewhile",
"lodash.template",
"lodash.templatesettings",
"lodash.throttle",
"lodash.times",
"lodash.toarray",
"lodash.tofinite",
"lodash.tointeger",
"lodash.tolength",
"lodash.tolower",
"lodash.tonumber",
"lodash.topairs",
"lodash.topairsin",
"lodash.topath",
"lodash.toplainobject",
"lodash.tosafeinteger",
"lodash.tostring",
"lodash.toupper",
"lodash.transform",
"lodash.trim",
"lodash.trimend",
"lodash.trimleft",
"lodash.trimright",
"lodash.trimstart",
"lodash.trunc",
"lodash.truncate",
"lodash.unary",
"lodash.unescape",
"lodash.union",
"lodash.unionby",
"lodash.unionwith",
"lodash.uniqby",
"lodash.unique",
"lodash.uniqueid",
"lodash.uniqwith",
"lodash.unset",
"lodash.unzip",
"lodash.unzipwith",
"lodash.update",
"lodash.updatewith",
"lodash.uppercase",
"lodash.upperfirst",
"lodash.values",
"lodash.valuesin",
"lodash.where",
"lodash.without",
"lodash.words",
"lodash.wrap",
"lodash.xor",
"lodash.xorby",
"lodash.xorwith",
"lodash.zip",
"lodash.zipwith",
"lodash.zipobject",
"lodash.zipobjectdeep",
"lodash-amd",
"lodash-compat",
"lodash-es",
"lodash-fp",
"lodash-node",
"npm-run-all",
"qs",
"tempy",
"rimraf",
"make-dir",
"mkdirp",
"moment",
"q",
"sort-object",
"underscore",
"uri-js",
"readable-stream"
];
const preferred_check = lookup(preferred_list);
// src/presets/index.ts
function* gen_presets(param) {
if (param.lodash === true) {
yield check;
}
if (param.nolyfill === true) {
yield check2;
}
if (param.relief === true) {
yield* [
native_check,
micro_check,
preferred_check
];
} else {
if (param["relief-native"] === true) {
yield native_check;
}
if (param["relief-micro"] === true) {
yield micro_check;
}
if (param["relief-preferred"] === true) {
yield preferred_check;
}
}
}
// src/collect.ts
function collect({ flags, lines }) {
const { format, extra = [], ignore = [], invert, ...rest } = flags;
const refine = invert ? not : id;
const pred = refine(make_predicate({
extra: lookup(extra.flatMap(split_by_comma)),
ignore: lookup(ignore.flatMap(split_by_comma)),
presets: gen_presets(rest)
}));
const result = filter(pred)(
make_scanner(format)(
lines
)
);
return result;
}
// src/cli/help.ts
const help_text = `
pkg-fence
Exit code: 0 for empty results, 1 for anything matched.
Usage:
cat package-lock.json | pkg-fence <cmd>
cat npm-shrinkwrap.json | pkg-fence <cmd>
deno info npm:<pkg name> | pkg-fence <cmd>
Builtin Presets:
--lodash
--nolyfill (via SukkaW/nolyfill v1.0.34)
--relief (via es-tooling/module-replacements v2.2.0)
--relief-native
--relief-micro
--relief-preferred
Options:
--extra foo --extra bar --extra=abc,def
--ignore foo --ignore bar --ignore=abc,def
-v, --invert
`;
// src/cli/sniff.ts
async function sniff(flags, lines) {
const { format, ...rest } = flags;
if (format != null) {
return { flags, lines };
}
const [head, tail] = await uncons(lines);
const format_from = (confirmed) => ({
lines: tail,
flags: { ...rest, format: confirmed }
});
if (head.includes("unique") && head.includes("dependencies:")) {
return format_from("deno-info");
}
if (head === "{") {
return format_from("npm");
}
return {
lines: cons(head, tail),
flags: rest
};
}
// src/cli/parse.ts
import { parseArgs } from "node:util";
function parse(args) {
const { values } = parseArgs({
args: Array.from(args),
options: {
format: {
type: "string"
},
extra: {
type: "string",
multiple: true
},
ignore: {
type: "string",
multiple: true
},
invert: {
type: "boolean",
short: "v"
},
// presets
lodash: {
type: "boolean"
},
nolyfill: {
type: "boolean"
},
"relief": { type: "boolean" },
"relief-native": { type: "boolean" },
"relief-micro": { type: "boolean" },
"relief-preferred": { type: "boolean" }
}
});
const { format, ...rest } = values;
if (format === "npm" || format === "deno-info") {
return { ...rest, format };
} else if (format != null) {
throw new Error(`unknown format - ${format}`);
}
return rest;
}
// src/cli/main.ts
async function main({
args = argv.slice(2),
input = stdin,
lines: optional_lines,
print = console.log,
quit = exit
} = {}) {
{
const [cmd] = Array.from(args);
if (cmd == null || cmd === "-h" || cmd === "--help") {
print(help_text);
return quit(0);
}
}
const { flags, lines } = await sniff(
parse(args),
optional_lines ?? createInterface({ input })
);
let code = 0;
for await (const pkg of collect({ flags, lines })) {
if (code === 0) {
code = 1;
}
print(pkg);
}
quit(code);
}
export {
main
};

8

package.json
{
"name": "pkg-fence",
"version": "0.6.1",
"version": "0.6.2-rc.1",
"description": "A command line tool that glance over package dependencies.",

@@ -12,7 +12,9 @@ "license": "AGPL-3.0-only",

"exports": {
"./presets": "./dist/presets/index.js",
"./scanner": "./dist/scanner/index.js",
"./collect": "./dist/collect.js",
"./main": "./dist/cli/main.js"
},
"files": [
"./dist/cli/bin.js",
"./dist/cli/main.js",
"./dist",
"./LICENSE.txt",

@@ -19,0 +21,0 @@ "./CHANGELOG.md",

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc