Socket
Socket
Sign inDemoInstall

snyk-nuget-plugin

Package Overview
Dependencies
Maintainers
1
Versions
123
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

snyk-nuget-plugin - npm Package Compare versions

Comparing version 1.0.3 to 1.1.0

16

lib/dependency.js

@@ -26,4 +26,20 @@ function Dependency(name, version, targetFramework) {

},
csprojEntry: function (referenceItem) {
var sep = (
/\//.exec(referenceItem.HintPath[0]) ||
/\\/.exec(referenceItem.HintPath[0]))[0];
var depLocalPath = referenceItem.HintPath[0]
.split(sep).slice(2,3).join(sep);
var versionRef = /(?=\S+)(?=\.{1})((\.\d+)+)/.exec(depLocalPath)[0];
var name = depLocalPath.split(versionRef)[0];
var version = versionRef.slice(1);
var result = new Dependency(
name,
version,
'unknown'
);
return result;
},
};
module.exports = Dependency;

137

lib/index.js

@@ -9,10 +9,16 @@ var fs = require('fs');

var flattendPackageList = {};
var nuspecResolutions = {};
function isJSON(content) {
try {
return JSON.parse(content);
} catch (err) {
return false;
function determineManifestType (filename) {
switch (true) {
case /.json$/.test(filename): {
return 'project.json';
}
case /packages.config$/.test(filename): {
return 'packages.config';
}
case /.csproj$/.test(filename): {
return '.csproj'
}
default: {
throw new Error('Could not determine manifest type for ' + filename);
}
}

@@ -25,2 +31,14 @@ }

inspect: function (root, targetFile, options) {
debugger;
var flattendPackageList = {};
var nuspecResolutions = {};
var manifestType;
var fileContent;
try {
manifestType = determineManifestType(path.basename(targetFile || root));
fileContent = fs.readFileSync(targetFile).toString();
}
catch (error) {
return Promise.reject(error);
}
var projectRootFolder = path.resolve(

@@ -30,4 +48,2 @@ root || '.',

'../../');
var fileContent = fs.readFileSync(targetFile).toString();
var contentAsJson = isJSON(fileContent);
var packageTree = {

@@ -47,43 +63,63 @@ package: {

var tree = packageTree.package;
var chain = new Promise(function parseFileContents(resolve, reject) {
// Parse the file content
if (contentAsJson) {
// skip parsing from XML
return resolve(contentAsJson);
}
// not a JSON, try XML
parseXML(fileContent, function (err, result) {
if (err) {
reject(err);
} else {
resolve(result);
}
})
}).then(function (rawXML) {
// collect installed packages and add to flat list
var installedPackages = [];
if (rawXML === contentAsJson) {
// start parsing JSON data
var rawDependencies = contentAsJson['dependencies'];
if (rawDependencies) {
for (var name in rawDependencies) {
// Array<{ "libraryName": "version" }>
var version = rawDependencies[name];
var newDependency = new Dependecy(name, version, null);
if (newDependency.name.indexOf('System.') !== 0) {
installedPackages.push(newDependency);
switch (manifestType) {
case 'project.json': {
var rawDependencies = JSON.parse(fileContent).dependencies;
if (rawDependencies) {
for (var name in rawDependencies) {
// Array<{ "libraryName": "version" }>
var version = rawDependencies[name];
var newDependency = new Dependecy(name, version, null);
if (newDependency.name.indexOf('System.') !== 0) {
installedPackages.push(newDependency);
}
}
}
resolve(installedPackages);
break;
}
} else {
// start parsing XML data
rawXML.packages.package.forEach(function (node) {
if (node.$.id.indexOf('System.') !== 0) {
// include only non-system libraries
var installedDependency = Dependecy.from.packgesConfigEntry(node);
installedPackages.push(installedDependency);
}
});
case 'packages.config': {
parseXML(fileContent, function scanPackagesConfig(err, result) {
if (err) {
reject(err);
} else {
result.packages.package.forEach(
function scanPackagesConfigNode(node) {
if (node.$.id.indexOf('System.') !== 0) {
// include only non-system libraries
var installedDependency =
Dependecy.from.packgesConfigEntry(node);
installedPackages.push(installedDependency);
}
});
resolve(installedPackages);
}
})
break;
}
case '.csproj': {
parseXML(fileContent, function scanCsprojContent(err, result) {
if (err) {
reject(err);
} else {
(result.Project.ItemGroup || []).forEach(function (itemGroup) {
(itemGroup.Reference || []).forEach(function (referenceItem) {
if (referenceItem.HintPath) {
var installedDependency =
Dependecy.from.csprojEntry(referenceItem);
if (installedDependency.name.indexOf('System.') !== 0) {
installedPackages.push(installedDependency);
}
}
});
});
}
resolve(installedPackages);
});
break;
}
}
}).then(function scanInstalled(installedPackages) {
installedPackages.forEach(function (entry) {

@@ -97,3 +133,3 @@ entry.path =

});
}).then(function () {
}).then(function fetchNugetInformationFromPackages() {
// initiate collecting information from .nuget files on installed packages

@@ -106,3 +142,3 @@ var nuspecParserChain = [];

return Promise.all(nuspecParserChain);
}).then(function (nuspecResolutionChain) {
}).then(function processNugetInformation(nuspecResolutionChain) {
nuspecResolutionChain.forEach(function (resolution) {

@@ -112,3 +148,3 @@ if (!resolution) return; // jscs:ignore

});
}).then(function () {
}).then(function buildDependencyTree() {
// .nuget parsing is complete, returned as array of promise resolutions

@@ -148,3 +184,6 @@ // now the flat list should be rebuilt as a tree

var _nugtKeyCount = Object.keys(nuspecResolutions).length;
tree.dependencies = flattendPackageList
Object.keys(flattendPackageList).forEach(function (packageName) {
tree.dependencies[packageName] =
flattendPackageList[packageName].cloneShallow()
})
if (_nugtKeyCount > 0) {

@@ -151,0 +190,0 @@ // local folders scanned, build list from .nuspec

2

package.json

@@ -1,1 +0,1 @@

{"name":"snyk-nuget-plugin","description":"![logo](https://res.cloudinary.com/snyk/image/upload/v1468845259/logo/snyk-dog.svg) ## Snyk: NuGet Plugin ***","main":"lib/index.js","scripts":{"lint":"jscs `find ./lib -name '*.js'` -v && jscs `find ./test -name '*.js'` -v","test":"npm run unit-test","unit-test":"tap `ls ./test/*.test.js` -R=spec","dev":"nodemon -x 'npm run unit-test'","semantic-release":"semantic-release pre && npm publish && semantic-release post"},"repository":{"type":"git","url":"https://github.com/snyk/snyk-nuget-plugin.git"},"keywords":["snyk","nuget"],"author":"snyk.io","license":"Apache-2.0","bugs":{"url":"https://github.com/snyk/snyk-nuget-plugin/issues"},"homepage":"https://github.com/snyk/snyk-nuget-plugin#readme","dependencies":{"es6-promise":"^4.1.1","xml2js":"^0.4.17","zip":"^1.2.0"},"devDependencies":{"jscs":"^3.0.7","nodemon":"^1.12.1","semantic-release":"^8.2.0","tap":"^10.7.0","tap-only":"0.0.5"},"version":"1.0.3"}
{"name":"snyk-nuget-plugin","description":"![logo](https://res.cloudinary.com/snyk/image/upload/v1468845259/logo/snyk-dog.svg) ## Snyk: NuGet Plugin ***","main":"lib/index.js","scripts":{"lint":"jscs `find ./lib -name '*.js'` -v && jscs `find ./test -name '*.js'` -v","test":"npm run unit-test","unit-test":"tap `ls ./test/*.test.js` -R=spec","dev":"nodemon -x 'npm run unit-test'","semantic-release":"semantic-release pre && npm publish && semantic-release post"},"repository":{"type":"git","url":"https://github.com/snyk/snyk-nuget-plugin.git"},"keywords":["snyk","nuget"],"author":"snyk.io","license":"Apache-2.0","bugs":{"url":"https://github.com/snyk/snyk-nuget-plugin/issues"},"homepage":"https://github.com/snyk/snyk-nuget-plugin#readme","dependencies":{"es6-promise":"^4.1.1","xml2js":"^0.4.17","zip":"^1.2.0"},"devDependencies":{"jscs":"^3.0.7","nodemon":"^1.12.1","semantic-release":"^8.2.0","tap":"^10.7.0","tap-only":"0.0.5"},"version":"1.1.0"}
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc