Socket
Socket
Sign inDemoInstall

snyk-nuget-plugin

Package Overview
Dependencies
Maintainers
1
Versions
123
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

snyk-nuget-plugin - npm Package Compare versions

Comparing version 1.0.0 to 1.0.1

35

lib/dependency.js

@@ -6,28 +6,23 @@ function Dependency(name, version, targetFramework) {

this.dependencies = {};
this.path = '';
this.versionSpec = 'unknown';
}
Object.defineProperty(Dependency.prototype, 'resolvedName', {
get: function () {
return this.name + '.' + this.version;
},
})
/**
* @argument {Dependency} dep
*/
Dependency.prototype.addDependecy = function addDependecy(dep) {
this.flatDependencyMap[dep.name] =
this.flatDependencyMap[dep.name] ||
new Dependency(dep.name, dep.version, dep.targetFramework);
this.dependencies.push(dep);
Dependency.prototype.cloneShallow = function () {
// clone, without the dependencies
var result = new Dependency(this.name, this.version, this.targetFramework);
result.versionSpec = this.versionSpec;
return result;
};
/**
* @argument {string} name
*/
Dependency.prototype.hasDependency = function hasDependency(name) {
return this.flatDependencyMap[name] !== undefined;
Dependency.from = {
packgesConfigEntry: function (manifest) {
var result = new Dependency(
manifest.$.id,
manifest.$.version,
manifest.$.targetFramework);
result.versionSpec = manifest.$.version;
return result;
},
};
module.exports = Dependency;

111

lib/index.js

@@ -9,3 +9,4 @@ var fs = require('fs');

var dependencyTree = {};
var flattendPackageList = {};
var nuspecResolutions = {};

@@ -28,7 +29,2 @@ function isJSON(content) {

var tree = {
plugin: {
name: 'NuGet',
targetFile: targetFile,
},
package: {
name: projectRootFolder,

@@ -38,6 +34,6 @@ version: null,

dependencies: {},
},
from: null,
};
var chain = new Promise(function (resolve, reject) {
};
var chain = new Promise(function parseFileContents(resolve, reject) {
// Parse the file content
if (contentAsJson) {

@@ -56,11 +52,14 @@ // skip parsing from XML

}).then(function (rawXML) {
var list = [];
// collect installed packages and add to flat list
var installedPackages = [];
if (rawXML === contentAsJson) {
// start parsing JSON data
var rawDependencies = contentAsJson['dependencies'];
if (rawDependencies) {
for (var name in rawDependencies) {
// Array<{ "libraryName": "version" }>
var version = rawDependencies[name];
var newDependency = new Dependecy(name, version, null);
if (newDependency.resolvedName.indexOf('System.') !== 0) {
list.push(newDependency);
if (newDependency.name.indexOf('System.') !== 0) {
installedPackages.push(newDependency);
}

@@ -70,26 +69,24 @@ }

} else {
// start parsing XML data
rawXML.packages.package.forEach(function (node) {
var newDependency =
new Dependecy(node.$.id, node.$.version, node.$.targetFramework);
newDependency.path =
path.resolve(
projectRootFolder,
'packages',
newDependency.resolvedName);
if (newDependency.resolvedName.indexOf('System.') !== 0) {
list.push(newDependency);
if (node.$.id.indexOf('System.') !== 0) {
// include only non-system libraries
var installedDependency = Dependecy.from.packgesConfigEntry(node);
installedPackages.push(installedDependency);
}
});
}
list.forEach(function (entry) {
entry.path = path.resolve(
projectRootFolder,
'packages',
entry.resolvedName);
dependencyTree[entry.resolvedName] = entry;
installedPackages.forEach(function (entry) {
entry.path =
path.resolve(
projectRootFolder,
'packages',
entry.name + '.' + entry.version);
flattendPackageList[entry.name] = entry;
});
}).then(function () {
// initiate collecting information from .nuget files on installed packages
var nuspecParserChain = [];
for (var resolvedName in dependencyTree) {
var dep = dependencyTree[resolvedName];
for (var name in flattendPackageList) {
var dep = flattendPackageList[name];
nuspecParserChain.push(parseNuspec(dep));

@@ -101,18 +98,46 @@ }

if (!resolution) return; // jscs:ignore
var node = dependencyTree[resolution.parent];
resolution.children.forEach(function (childNode) {
var dependency =
dependencyTree[childNode.resolvedName] ||
new Dependecy(
childNode.name,
childNode.version,
childNode.targetFramework);
node.dependencies[dependency.resolvedName] = dependency;
nuspecResolutions[resolution.name] = resolution;
});
}).then(function () {
// .nuget parsing is complete, returned as array of promise resolutions
// now the flat list should be rebuilt as a tree
function buildTree(node, requiredChildren, repository) {
requiredChildren.forEach(function (requiredChild) {
var transitiveDependency;
if (flattendPackageList[requiredChild.name]) {
// fetch from repo
transitiveDependency =
flattendPackageList[requiredChild.name].cloneShallow();
transitiveDependency.versionSpec =
requiredChild.versionSpec || transitiveDependency.versionSpec;
} else {
// create as new (uninstalled)
transitiveDependency = new Dependecy(
requiredChild.name,
requiredChild.version,
requiredChild.targetFramework);
transitiveDependency.versionSpec = requiredChild.version;
}
var transitiveChildren =
(nuspecResolutions[node.name] &&
nuspecResolutions[node.name].children) || [];
buildTree(transitiveDependency, transitiveChildren, repository);
node.dependencies[transitiveDependency.name] = transitiveDependency;
});
});
for (var packageName in dependencyTree) {
if (packageName.indexOf('System.') !== 0) {
tree.package.dependencies[packageName] = dependencyTree[packageName];
}
var _flatKeyCount = Object.keys(flattendPackageList).length;
var _nugtKeyCount = Object.keys(nuspecResolutions).length;
if (_nugtKeyCount >= _flatKeyCount) {
// local folders scanned, build list from .nuspec
for (var key in nuspecResolutions) {
var resolution = nuspecResolutions[key];
var node = flattendPackageList[resolution.name].cloneShallow();
buildTree(node, resolution.children, flattendPackageList);
tree.dependencies[node.name] = node;
}
} else {
tree.dependencies = flattendPackageList;
}
return tree;

@@ -119,0 +144,0 @@ })['catch'](function (err) {

23

lib/nuspec-parser.js

@@ -9,7 +9,7 @@ var zip = require('zip');

function parseNuspec(dependency) {
function parseNuspec(library) {
var P = new Promise(function (resolve, reject) {
var nuspecPath = path.resolve(
dependency.path,
dependency.resolvedName + '.nupkg');
library.path,
library.name + '.' + library.version + '.nupkg');
var rawZipped;

@@ -33,3 +33,3 @@

} else {
var dependencies = [];
var ownDependencies = [];
(result.package.metadata || []).forEach(function (metadata) {

@@ -39,9 +39,12 @@ (metadata.dependencies || []).forEach(function (rawDependency) {

(group.dependency || []).forEach(function (dep) {
dependencies.push(
new Dependency(dep.$.id, dep.$.version, group.$.targetFramework) // jscs:ignore
);
const transitiveDependency = new Dependency(dep.$.id, dep.$.version, group.$.targetFramework) // jscs:ignore
transitiveDependency.versionSpec = dep.$.versionSpec
ownDependencies.push(transitiveDependency);
})
});
(rawDependency.dependency || []).forEach(function (dep) {
dependencies.push(new Dependency(dep.$.id, dep.$.version, null));
const transitiveDependency =
new Dependency(dep.$.id, dep.$.version, null);
transitiveDependency.versionSpec = dep.$.version;
ownDependencies.push(transitiveDependency);
});

@@ -51,4 +54,4 @@ })

resolve({
parent: dependency.resolvedName,
children: dependencies.filter(function (dep) {
name: library.name,
children: ownDependencies.filter(function (dep) {
return dep.name.indexOf('System.') !== 0;

@@ -55,0 +58,0 @@ }),

2

package.json

@@ -1,1 +0,1 @@

{"name":"snyk-nuget-plugin","description":"![logo](https://res.cloudinary.com/snyk/image/upload/v1468845259/logo/snyk-dog.svg) ## Snyk: NuGet Plugin ***","main":"lib/index.js","scripts":{"lint":"jscs `find ./lib -name '*.js'` -v && jscs `find ./test -name '*.js'` -v","test":"npm run unit-test","unit-test":"tap `ls ./test/*.test.js` -R=spec","dev":"nodemon -x 'npm run unit-test'","semantic-release":"semantic-release pre && npm publish && semantic-release post"},"repository":{"type":"git","url":"https://github.com/snyk/snyk-nuget-plugin.git"},"keywords":["snyk","nuget"],"author":"snyk.io","license":"Apache-2.0","bugs":{"url":"https://github.com/snyk/snyk-nuget-plugin/issues"},"homepage":"https://github.com/snyk/snyk-nuget-plugin#readme","dependencies":{"es6-promise":"^4.1.1","xml2js":"^0.4.17","zip":"^1.2.0"},"devDependencies":{"jscs":"^3.0.7","nodemon":"^1.12.1","semantic-release":"^8.2.0","tap":"^10.7.0","tap-only":"0.0.5"},"version":"1.0.0"}
{"name":"snyk-nuget-plugin","description":"![logo](https://res.cloudinary.com/snyk/image/upload/v1468845259/logo/snyk-dog.svg) ## Snyk: NuGet Plugin ***","main":"lib/index.js","scripts":{"lint":"jscs `find ./lib -name '*.js'` -v && jscs `find ./test -name '*.js'` -v","test":"npm run unit-test","unit-test":"tap `ls ./test/*.test.js` -R=spec","dev":"nodemon -x 'npm run unit-test'","semantic-release":"semantic-release pre && npm publish && semantic-release post"},"repository":{"type":"git","url":"https://github.com/snyk/snyk-nuget-plugin.git"},"keywords":["snyk","nuget"],"author":"snyk.io","license":"Apache-2.0","bugs":{"url":"https://github.com/snyk/snyk-nuget-plugin/issues"},"homepage":"https://github.com/snyk/snyk-nuget-plugin#readme","dependencies":{"es6-promise":"^4.1.1","xml2js":"^0.4.17","zip":"^1.2.0"},"devDependencies":{"jscs":"^3.0.7","nodemon":"^1.12.1","semantic-release":"^8.2.0","tap":"^10.7.0","tap-only":"0.0.5"},"version":"1.0.1"}
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc